关于PLC的英文文献Word版

RelaysThe Programmable Logic ControllerEarly machines were controlled by mechanical means using cams, gears, levers and other basic mechanical devices. As the complexity grew, so did the need for a more sophisticated control system. This system contained wired relay and switch control elements. These elements were wired as required to provide the control logic necessary for the particular type of machine operation. This was acceptable for a machine that never needed to be changed or modified, but as manufacturing techniques improved and plant changeover to new products became more desirable and necessary, a more versatile means of controlling this equipment had to be developed. Hardwired relay and switch logic was cumbersome and time consuming to modify. Wiring had to be removed and replaced to provide for the new control scheme required. This modification was difficult and time consuming to design and install and any small "bug" in the design could be a major problem to correct since that also required rewiring of the system. A new means to modify control circuitry was needed. The development and testing ground for this new means was the U.S. auto industry. The time period was the late 1960's and early 1970's and the result was the programmable logic controller, or PLC. Automotive plants were confronted with a change in manufacturing techniques every time a model changed and, in some cases, for changes on the same model if improvements had to be made during the model year. The PLC provided an easy way to reprogram the wiring rather than actually rewiring the control system.The PLC that was developed during this time was not very easy to program. The language was cumbersome to write and required highly trained programmers. These early devices were merely relay replacements and could do very little else. The PLC has at first gradually, and in recent years rapidly developed into a sophisticated and highly versatile control system component. Units today are capable of performing complex math functions including numerical integration and differentiation and operate at the fast microprocessor speeds now available. Older PLCs were capable of only handling discrete inputs and outputs (that is, on-off type signals), while today's systems can accept and generate analog voltagesand currents as well as a wide range of voltage levels and pulsed signals. PLCs are also designed to be rugged. Unlike their personal computer cousin, they can typically withstand vibration, shock, elevated temperatures, and electrical noise to which manufacturing equipment is exposed.As more manufacturers become involved in PLC production and development, and PLC capabilities expand, the programming language is also expanding. This is necessary to allow the programming of these advanced capabilities. Also, manufacturers tend to develop their own versions of ladder logic language (the language used to program PLCs). This complicates learning to program PLC's in general since one language cannot be learned that is applicable to all types. However, as with other computer languages, once the basics of PLC operation and programming in ladder logic are learned, adapting to the various manufacturers’ devices is not a complicated process. Most system designers eventually settle on one particular manufacturer that produces a PLC that is personally comfortable to program and has the capabilities suited to his or her area of applications.It should be noted that in usage, a programmable logic controller is generally referred to as a “PLC” or “programmable controller”. Although the term “programmable controller” is generally accepted, it is not abbreviated “PC” because the abbreviation “PC” is usually used in reference to a personal computer. As we will see in this chapter, a PLC is by no means a personal computer.Programmable controllers (the shortened name used for programmable logic controllers) are much like personal computers in that the user can be overwhelmed by the vast array of options and configurations available. Also, like personal computers, the best teacher of which one to select is experience. As one gains experience with the various options and configurations available, it becomes less confusing to be able to select the unit that will best perform in a particular application.The typical system components for a modularized PLC are:1. Processor.The processor (sometimes call a CPU), as in the self contained units, is generally specified according to memory required for the program to beimplemented. In themodularized versions, capability can also be a factor. This includes features such as higher math functions, PID control loops and optional programming commands. The processor consists of the microprocessor, system memory, serial communication ports for printer, PLC LAN link and external programming device and, in some cases, the system power supply to power the processor and I/O modules.2. Mounting rack.3. Input and output modules.Input and output (I/O) modules are specified according to the input and output signals associated with the particular application. These modules fall into the categories of discrete, analog, high speed counter or register types.Discrete I/O modules are generally capable of handling 8 or 16 and, in some cases 32, on-off type inputs or outputs per module. Modules are specified as input or output but generally not both although some manufacturers now offer modules that can be configured with both input and output points in the same unit. The module can be specified as AC only, DC only or AC/DC along with the voltage values for which it is designed.Analog input and output modules are available and are specified according to the desired resolution and voltage or current range. As with discrete modules, these are generally input or output; however some manufacturers provide analog input and output in the same module. Analog modules are also available which can directly accept thermocouple inputs for temperature measurement and monitoring by the PLC.Pulsed inputs to the PLC can be accepted using a high speed countermodule. This module can be capable of measuring the frequency of an inputsignal from a tachometer or other frequency generating device. These modules can also count the incoming pulses if desired. Generally, both frequency and count are available from the same module at the same time if both are required in the application.Register input and output modules transfer 8 or 16 bit words of information to and from the PLC. These words are generally numbers (BCD or Binary) which are generated from thumbwheel switches or encoder systems for input or data to be output to a display device by the PLC.Other types of modules may be available depending upon the manufacturer of the PLC and it's capabilities. These include specialized communication modules to allow for the transfer of information from one controller to another. One new development is an I/O Module which allows the serial transfer of information to remote I/O units that can be as far as 12,000 feet away.4. Power supply.The power supply specified depends upon the manufacturer's PLC being utilized in the application. As stated above, in some cases a power supply capable of delivering all required power for the system is furnished as part of the processor module. If the power supply is a separate module, it must be capable of delivering a current greater than the sum of all the currents needed by the other modules. For systems with the power supply inside the CPU module, there may be some modules in the system which require excessive power not available from the processor either because of voltage or current requirements that can only be achieved through the addition of a second power source. This is generally true if analog or external communication modules are present since these require ± DC supplies which, in the case of analog modules, must be well regulated.5. Programming unit.The programming unit allows the engineer or technician to enter and edit the program to be executed. In it's simplest form it can be a hand held device with a keypad for program entry and a display device (LED or LCD) for viewing program steps or functions, as shown. More advanced systems employ a separate personal computer which allows the programmer to write, view, edit and download the program to the PLC. This is accomplished with proprietary software available from the PLC manufacturer. This software also allows the programmer or engineer to monitor the PLC as it is running the program. With this monitoring system, such things as internal coils, registers, timers and other items not visible externally can be monitored to determine proper operation. Also, internal register data can be altered if required to fine tune program operation. This can be advantageous when debugging the program. Communication with the programmable controller with this system is via a cable connected to a special programming port on the controller. Connection to the personalcomputer can be through a serial port or from a dedicated card installed in the computer.A Programmable Controller is a specialized computer. Since it is a computer, it has all the basic component parts that any other computer has; a Central Processing Unit, Memory, Input Interfacing and Output Interfacing.The Central Processing Unit (CPU) is the control portion of the PLC. It interprets the program commands retrieved from memory and acts on those commands. In present day PLC's this unit is a microprocessor based system. The CPU is housed in the processor module of modularized systems.Memory in the system is generally of two types; ROM and RAM. The ROM memory contains the program information that allows the CPU to interpret and act on the Ladder Logic program stored in the RAM memory. RAM memory is generally kept alive with an on-board battery so that ladder programming is not lost when the system power is removed. This battery can be a standard dry cell or rechargeable nickel-cadmium type. Newer PLC units are now available with Electrically Erasable Programmable Read Only Memory (EEPROM) which does not require a battery. Memory is also housed in the processor module in modular systems.Input units can be any of several different types depending on input signals expected as described above. The input section can accept discrete or analog signals of various voltage and current levels. Present day controllers offer discrete signal inputs of both AC and DC voltages from TTL to 250 VDC and from 5 to 250 V AC. Analog input units can accept input levels such as ±10 VDC, ±5 VDC and 4-20 ma. current loop values. Discrete input units present each input to the CPU as a single 1 or 0 while analog input units contain analog to digital conversion circuitry and present the input voltage to the CPU as binary number normalized to the maximum count available from the unit. The number of bits representing the input voltage or current depends upon the resolution of the unit. This number generally contains a defined number of magnitude bits and a sign bit. Register input units present the word input to the CPU as it is received (Binary or BCD).Output units operate much the same as the input units with the exception that the unit is either sinking (supplying a ground) or sourcing (providing a voltage) discrete voltages orsourcing analog voltage or current. These output signals are presented as directed by the CPU. The output circuit of discrete units can be transistors for TTL and higher DC voltage or Triacs for AC voltage outputs. For higher current applications and situations where a physical contact closure is required, mechanical relay contacts are available. These higher currents, however, are generally limited to about 2-3 amperes. The analog output units have internal circuitry which performs the digital to analog conversion and generates the variable voltage or current output.The first thing the PLC does when it begins to function is update I/O. This means that all discrete input states are recorded from the input unit and all discrete states to be output are transferred to the output unit. Register data generally has specific addresses associated with it for both input and output data referred to as input and output registers. These registers are available to the input and output modules requiring them and are updated with the discrete data. Since this is input/output updating, it is referred to as I/O Update. The updating of discrete input and output information is accomplished with the use of input and output image registers set aside in the PLC memory. Each discrete input point has associated with it one bit of an input image register. Likewise, each discrete output point has one bit of an output image register associated with it. When I/O updating occurs, each input point that is ON at that time will cause a 1 to be set at the bit address associated with that particular input. If the input is off, a 0 will be set into the bit address. Memory in today's PLC's is generally configured in 16 bit words. This means that one word of memory can store the states of 16 discrete input points. Therefore, there may be a number of words of memory set aside as the input and output image registers. At I/O update, the status of the input image register is set according to the state of all discrete inputs and the status of the output image register is transferred to the output unit. This transfer of information typically only occurs at I/O update. It may be forced to occur at other times in PLC's which have an Immediate I/O Update command. This command will force the PLC to update the I/O at other times although this would be a special case.Before a study of PLC programming can begin, it is important to gain a fundamental understanding of the various types of PLCs available, the advantages and disadvantages ofeach, and the way in which a PLC executes a program. The open frame, shoebox, and modular PLCs are each best suited to specific types of applications based on the environmental conditions, number of inputs and outputs, ease of expansion, and method of entering and monitoring the program. Additionally, programming requires a prior knowledge of the manner in which a PLC receives input information, executes a program, and sends output information. With this information, we are now prepared to begin a study of PLC programming techniques.When writing programs for PLCs, it is beneficial to have a background in ladder diagramming for machine controls. This is basically the material that was covered in Chapter 1 of this text. The reason for this is that at a fundamental level, ladder logic programs for PLCs are very similar to electrical ladder diagrams. This is no coincidence.The engineers that developed the PLC programming language were sensitive to the fact that most engineers, technicians and electricians who work with electrical machines on a day-to-day basis will be familiar with this method of representing control logic. This would allow someone new to PLCs, but familiar with control diagrams, to be able to adapt very quickly to the programming language. It is likely that PLC programming language is one of the easiest programming languages to learn.可编程序控制器早期的机器用机械的方法采用凸轮控制、齿轮、杠杆和其他基本机械设备。

本文部分内容来自网络，本司不为其真实性负责，如有异议请及时联系，本司将予以删除== 本文为word格式，简单修改即可使用，推荐下载！ ==plc英文参考文献a water pumping control system with a programmablelogic controller (plc) and industrial wireless modules for industrial plants—an experimental setupisa transactions, in press, corrected proof, available online 3 december XXramazan bayindir, yucel cetince《电气控制与plc》参考文献参考文献[1] 张凤珊.电气控制及可编程序控制器.2版 [m].北京: 中国轻工业出版社，XX.[2] 《工厂常用电气设备手册》编写组.工厂常用电气设备手册.2版 [m].北京: 中国电力出版社，1998.[3] 马志溪.电气工程设计 [m].北京: 机械工业出版社，XX.[4] 刘增良，刘国亭.电气工程cad [m].北京: 中国水利水电出版社，XX.[5] 齐占庆，王振臣.电气控制技术 [m].北京: 机械工业出版社，XX.[6] 史国生.电气控制与可编程控制器技术 [m].北京: 化学工业出版社，XX.[7] 郁汉琪.电气控制与可编程序控制器应用技术 [m].南京: 东南大学出版社，XX.[8] 张万忠.可编程控制器应用技术 [m].北京: 化学工业出版社，XX.[9] 王兆义.小型可编程控制器实用技术 [m].北京: 机械工业出版社，XX.[10] 三菱微型可编程控制器手册 [m].mitsubishi socio-tech，XX.[11] 吴晓君，杨向明.电气控制与可编程控制器应用 [m].北京: 中国建材工业出版社，XX.[12] 李道霖.电气控制与plc原理及应用 [m].北京: 电子工业出版社，XX.[13] s7-200 cn可编程序控制器手册 [m].西门子(中国)有限公司自动化与驱动集团，XX.[14] siemens wincc手册 [m].西门子(中国)有限公司自动化与驱动集团，XX.[15] 魏艳君.多功能屋面sp板切割机 [j].机电一体化，XX，(4)：47-48.以下文字仅用于测试排版效果, 请使用时删除！“山不在高，有仙则灵。

Programmable Logic ControllersProgrammable logic controller (plc) is a solid-state device used to control machine motion or process operation by means of a stored program. The PLC sends output control signals and receives input signals through input/output (I/O) devices. A PLC controls outputs in response to stimuli at the inputs according to the logic prescribed by the stored program. The inputs are made up of limit switches, pushbuttons, thunbwheels. Switches, pulses, analog signals, ASCLL serial data, and binary or BCD data from absolute position encoders. The outputs are voltage or current levels to drive end devices such as solenoids, motor starters, relays, lights, and so on. Other output devices include analog devices, digital BCD displays, ASCII compatible devices, servo variable-speed drives, and even computers.Programmable controllers were developed (circa in 1968) when General Motors Corp, and other automobile manufacturers were experimenting to see if there might be an alternative to scrapping all their hardwired control panels of machine tools and other production equipment during a model changeover. This annual tradition was necessary because rewiring of the panels was more expensive than buying new ones.The automotive companies approached a number of control equipment manufacturers and asked them to develop a control system that would have a longer productive life without major rewiring, but would still be understandable to and repairable by plant personnel. The new product was named a “pr ogrammable controller”.The processor part of the PLC contains a central processing unit and memory。

ONE、PLC overviewProgrammable controller is the first in the late 1960s in the United States， then called PLC programmable logic controller （Programmable Logic Controller) is used to replace relays。

For the implementation of the logical judgment, timing, sequence number, and other control functions. The concept is presented PLC General Motors Corporation. PLC and the basic design is the computer functional improvements，flexible, generic and other advantages and relay control system simple and easy to operate, such as the advantages of cheap prices combined controller hardware is standard and overall。

According to the practical application of target software in order to control the content of the user procedures memory controller, the controller and connecting the accused convenient target。

In the mid-1970s，the PLC has been widely used as a central processing unit microprocessor， import export module and the external circuits are used, large-scale integrated circuits even when the PLC is no longer the only logical (IC) judgment functions also have data processing， PID conditioning and data communications functions. International Electro technical Commission （IEC） standards promulgated programmable controller for programmable controller draft made the following definition ： programmable controller is a digital electronic computers operating system， specifically for applications in the industrial design environment。

PLC及变频器技术中英文资料对照外文翻译文献综述PLC and inverter technology trends1. The development trend of the programmable controller“PLC is one kind specially for the digital operation operation electronic installation which applies under the industry environment designs. It uses may the coding memory, uses for in its internal memory operation and so on actuating logic operation, sequence operation, time, counting and arithmetic operation instructions, and can through digital or the simulation-like input and the output, controls each type the machinery or the production process. PLC and the related auxiliary equipment should according to form a whole easy with the industrial control system, easy to expand its function the principle to design.”In the 21st century, PLC will have a bigger development. Technologically speaking, computer technology's new achievement more will apply in the programmable controller's design and the manufacture, will have the operating speed to be quicker, the storage capacity to be bigger, an intelligent stronger variety to appear; Looked from the product scale that further develops to subminiature and the ultra-large direction; Looked from the product overcoatability that the product variety will be richer, the specification to be more complete, the perfect man-machine contact surface, the complete communication facility will adapt each industrial control situation demand well; Looked from the market that various countries will produce the multi-variety product the situation to break respectively along with the international competition aggravating, will present the minority several brand monopoly international market the aspect, will present the international general programming language; Looking from the network state of play, the programmable controller and other industrial control computer networkconstitution large-scale control system is the programmable controller technology development direction. Present computer collection and distribution control system DCS (Distributed Control System) had the massive programmable controller application. Is following computer network's development, the programmable controller takes the automation directed net and the international universal network important component, outside industry and industry numerous domain display more and more major function.2. Inverter technology development trendsInverter into the practical phase of more than 1 / 4 century during this period, the frequency converter technology as the basis of power electronics technology and microelectronics technology manager of a leap in the development, as the new power electronic devices and high-performance microprocessor The application of control technology and the development of increasingly high cost performance of the inverter, more and more small size, but manufacturers are still in constant frequency converter to achieve the further miniaturization and doing new efforts. From a technical point of view, with the frequency converter to further expand the market of the future, with the converter and inverter technology will be on the development of technologies in the following areas further development:(1) large capacity and small size;(2) high-performance and multi-function;(3) enhance the ease-of-use;(4) increase in life expectancy and reliability;(5) of pollution-free.Large capacity and small size of the power semiconductor devices will be with the development of continuous development. In recent years, driven by a voltage power semiconductor devices IGBT (Isolated Gate Bipolar Transistor, isolation gate bipolar transistors) has developed very rapidly and quickly into the traditional use of BJT (bipolar power transistor) and power MOSFET (FET) The various fields. In addition, the IGBT switching device for the IPM (Intelligent Power Module, IPM) and Monolithic Power IC chip will power switching devices and driving circuit, such as the protection of integrated circuits in the same package, with high performance andreliability The merits, with their high current and high pressure of the development of small and medium-sized converter will certainly be more widely used.With micro-electronics technology and semiconductor technology development, for Inverter CPU and semiconductor devices and a variety of sensors of getting higher and higher. With the frequency converter technology and the development of the growing maturity of the exchange governor, modern control theory are constantly new applications. These have further improved the performance of inverter provided the conditions. In addition, with the frequency converter to further promote the use and support are also constantly made new demands, the frequency converter manufacturers to continuously improve the performance and frequency converter functions in Inverter new efforts to meet user And the need for the fierce competition in the market in an invincible position.With the frequency converter market continues to expand, how to further enhance the ease-of-use inverter, so that the technical staff and even ordinary non-technical staff can quickly master the use of frequency converter technology has become manufacturers must consider the issue. Because only easy-to-use products can continue to acquire new customers and further expand the market, so the future of the new converter will be more easy to operate.With the development of semiconductor technology and the development of power electronics technology, the frequency converter used in the various components of the life and reliability are constantly improving, they will make their own life and the frequency converter to further increase reliability.In recent years, people have attached great importance to environmental issues, and thus a "green products" name. Therefore, the inverter, must also consider its impact on the surrounding environment.Promote the use of the frequency converter in the early stages of the noise problem was once a big problem. With the low-noise converter IGBT the emergence of this issue has basically been resolved. However, with the noise problem to solve, people's looks and a converter to the surrounding environment and the impact of other continuously explore new solutions. For example, the use of a diode-voltage converter and PWMinverter circuit converter, the frequency converter itself the high harmonics will bring supply voltage and current distortion, and at the same power to affect the other equipment. However, through the use of the frequency converter Rectifier circuit PWM, we can basically solve the problem. Although because of price and control technology and other aspects of the reasons for the current PWM converter has not been promoting the inverter, but, with the frequency converter technology development and the people of the importance of environmental issues.PLC及变频器技术的发展趋势1．可编程控制器的发展趋势可编程控制器是一种数字运算操作的电子系统，专为在工业环境下应用而设计。

【推荐下载】plc英文参考文献-易修改word版
本文部分内容来自网络，本司不为其真实性负责，如有异议或侵权请及时联系，本司将予以删除！
== 本文为word格式，下载后可随意编辑修改！ ==
plc英文参考文献
a water pumping control system with a programmable
logic controller (plc) and industrial wireless modules for industrial plants —an experimental setup
isa transactions, in press, corrected proof, available online 3 december XX
ramazan bayindir, yucel cetince
《电气控制与plc》参考文献
参考文献
[1] 张凤珊.电气控制及可编程序控制器.2版 [m].北京: 中国轻工业出版社，XX.
[2] 《工厂常用电气设备手册》编写组.工厂常用电气设备手册.2版 [m].北京: 中国电力出版社，1998.
[3] 马志溪.电气工程设计 [m].北京: 机械工业出版社，XX.
[4] 刘增良，刘国亭.电气工程cad [m].北京: 中国水利水电出版社，XX.
[5] 齐占庆，王振臣.电气控制技术 [m].北京: 机械工业出版社，XX.
[6] 史国生.电气控制与可编程控制器技术 [m].北京: 化学工业出版社，XX.。

Programmable logic controllerA programmable logic controller (PLC) or programmable controller is a digital computer used for automation of electromechanical processes,such as control of machinery on factory assembly lines, amusement rides, or lighting fixtures. PLCs are used in many industries and machines. Unlike general-purpose computers, the PLC is designed for multiple inputs and output arrangements, extended temperature ranges, immunity to electrical noise, and resistance to vibration and impact. Programs to control machine operation are typically stored in battery-backed or non-volatile memory. A PLC is an example of a real time system since output results must be produced in response to input conditions within a bounded time, otherwise unintended operation will result.1.HistoryThe PLC was invented in response to the needs of the American automotive manufacturing industry. Programmable logic controllers were initially adopted by the automotive industry where software revision replaced the re-wiring of hard-wired control panels when production models changed.Before the PLC, control, sequencing, and safety interlock logic for manufacturing automobiles was accomplished using hundreds or thousands of relays, cam timers, and drum sequencers and dedicated closed-loop controllers. The process for updating such facilities for the yearly model change-over was very time consuming and expensive, as electricians needed to individually rewire each and every relay.In 1968 GM Hydramatic (the automatic transmission division of General Motors) issued a request for proposal for an electronic replacement for hard-wired relay systems. The winning proposal came from Bedford Associates of Bedford, Massachusetts. The first PLC, designated the 084 because it was Bedford Associates' eighty-fourth project, was the result. Bedford Associates started a new company dedicated to developing, manufacturing, selling, and servicing this new product: Modicon, which stood for MOdular DIgital CONtroller. One of the people who worked on that project was Dick Morley, who is considered to be the "father" of the PLC. The Modicon brand was sold in 1977 to Gould Electronics, and later acquired by German Company AEG and then by French Schneider Electric, the current owner.One of the very first 084 models built is now on display at Modicon's headquarters in North Andover, Massachusetts. It was presented to Modicon by GM, when the unit was retired after nearly twenty years of uninterrupted service. Modicon used the 84 moniker at the end of its product range until the 984 made its appearance.The automotive industry is still one of the largest users of PLCs.2.DevelopmentEarly PLCs were designed to replace relay logic systems. These PLCs were programmed in "ladder logic", which strongly resembles a schematic diagram of relay logic. This program notation was chosen to reduce training demands for the existing technicians. Other early PLCs used a form of instruction list programming, based on a stack-based logic solver.Modern PLCs can be programmed in a variety of ways, from ladder logic to more traditional programming languages such as BASIC and C. Another method is State Logic, a very high-level programming language designed to program PLCs based on state transition diagrams.Many early PLCs did not have accompanying programming terminals that were capable of graphical representation of the logic, and so the logic was instead represented as a series of logic expressions in some version of Boolean format, similar to Boolean algebra. As programming terminals evolved, it became more common for ladder logic to be used, for the aforementioned reasons. Newer formats such as State Logic and Function Block (which is similar to the way logic is depicted when using digital integrated logic circuits) exist, but they are still not as popular as ladder logic. A primary reason for this is that PLCs solve the logic in a predictable and repeating sequence, and ladder logic allows the programmer (the person writing the logic) to see any issues with the timing of the logic sequence more easily than would be possible in other formats.2.1ProgrammingEarly PLCs, up to the mid-1980s, were programmed using proprietary programming panels or special-purpose programming terminals, which often had dedicated function keys representing the various logical elements of PLC programs. Programs were stored on cassette tape cartridges. Facilities for printing and documentation were very minimal due to lack of memory capacity. The very oldest PLCs used non-volatile magnetic core memory.More recently, PLCs are programmed using application software on personal computers. The computer is connected to the PLC through Ethernet, RS-232, RS-485 or RS-422 cabling. The programming software allows entry and editing of the ladderstyle logic. Generally the software provides functions for debugging and troubleshooting the PLC software, for example, by highlighting portions of the logic to show current status during operation or via simulation. The software will upload and download the PLC program, for backup and restoration purposes. In some models of programmable controller, the program is transferred from a personal computer to the PLC though a programming board which writes the program into a removable chip such as an EEPROM or EPROM.3.FunctionalityThe functionality of the PLC has evolved over the years to include sequential relay control, motion control, process control, distributed control systems and networking. The data handling, storage, processing power and communication capabilities of some modern PLCs are approximately equivalent to desktop computers. PLC-like programming combined with remote I/O hardware, allow a general-purpose desktop computer to overlap some PLCs in certain applications. Regarding the practicality of these desktop computer based logic controllers, it is important to note that they have not been generally accepted in heavy industry because the desktop computers run on less stable operating systems than do PLCs, and because the desktop computer hardware is typically not designed to the same levels of tolerance to temperature, humidity, vibration, and longevity as the processors used in PLCs. In addition to the hardware limitations of desktop based logic, operating systems such as Windows do not lend themselves to deterministic logic execution, with the result that the logic may not always respond to changes in logic state or input status with the extreme consistency in timing as is expected from PLCs. Still, such desktop logic applications find use in less critical situations, such as laboratory automation and use in small facilities where the application is less demanding and critical, because they are generally much less expensive than PLCs.In more recent years, small products called PLRs (programmable logic relays), and also by similar names, have become more common and accepted. These are very much like PLCs, and are used in light industry where only a few points of I/O (i.e. a few signals coming in from the real world and a few going out) are involved, and low cost is desired. These small devices are typically made in a common physical size and shape by several manufacturers, and branded by the makers of larger PLCs to fill out their low end product range. Popular names include PICO Controller, NANO PLC, and other names implying very small controllers. Most of these have between 8 and 12 digital inputs, 4 and 8 digital outputs, and up to 2 analog inputs. Size is usually about 4" wide, 3" high, and 3" deep. Most such devices include a tiny postage stamp sized LCD screen for viewing simplified ladder logic (only a very small portion of the program being visible at a given time) and status of I/O points, and typically these screens are accompanied by a 4-way rocker push-button plus four more separate pushbuttons, similar to the key buttons on a VCR remote control, and used to navigate and edit the logic. Most have a small plug for connecting via RS-232 or RS-485 to a personal computer so that programmers can use simple Windows applications for programming instead of being forced to use the tiny LCD and push-button set for this purpose. Unlike regular PLCs that are usuallymodular and greatly expandable, the PLRs are usually not modular or expandable, but their price can be two orders of magnitude less than a PLC and they still offer robust design and deterministic execution of the logic.4.PLC Topics4.1.FeaturesThe main difference from other computers is that PLCs are armored for severe conditions (such as dust, moisture, heat, cold) and have the facility for extensive input/output (I/O) arrangements.These connect the PLC to sensors and actuators. PLCs read limit switches, analog process variables (such as temperature and pressure), and the positions of complex positioning systems. Some use machine vision. On the actuator side, PLCs operate electric motors, pneumatic or hydraulic cylinders, magnetic relays, solenoids, or analog outputs. The input/output arrangements may be built into a simple PLC, or the PLC may have external I/O modules attached to a computer network that plugs into the PLC.4.2System scaleA small PLC will have a fixed number of connections built in for inputs and outputs. Typically, expansions are available if the base model has insufficient I/O. Modular PLCs have a chassis (also called a rack) into which are placed modules with different functions. The processor and selection of I/O modules is customised for the particular application. Several racks can be administered by a single processor, and may have thousands of inputs and outputs. A special high speed serial I/O link is used so that racks can be distributed away from the processor, reducing the wiring costs for large plants.4.3User interfacePLCs may need to interact with people for the purpose of configuration, alarm reporting or everyday control.A simple system may use buttons and lights to interact with the user. Text displays are available as well as graphical touch screens. More complex systems use a programming and monitoring software installed on a computer, with the PLC connected via a communication interface.4.4CommunicationsPLCs have built in communications ports, usually 9-pin RS-232, but optionally EIA-485 or Ethernet. Modbus, BACnet or DF1 is usually included as one of the communications protocols. Other options include various fieldbuses such as DeviceNet or Profibus. Other communications protocols that may be used are listed in the List of automation protocols.Most modern PLCs can communicate over a network to some other system, such as acomputer running a SCADA (Supervisory Control And Data Acquisition) system or web browser.PLCs used in larger I/O systems may have peer-to-peer (P2P) communication between processors. This allows separate parts of a complex process to have individual control while allowing the subsystems to co-ordinate over the communication link. These communication links are also often used for HMI devices such as keypads or PC-type workstations.4.5ProgrammingPLC programs are typically written in a special application on a personal computer, then downloaded by a direct-connection cable or over a network to the PLC. The program is stored in the PLC either in battery-backed-up RAM or some other nonvolatile flash memory. Often, a single PLC can be programmed to replace thousands of relays.Under the IEC 61131-3 standard, PLCs can be programmed using standards-based programming languages. A graphical programming notation called Sequential Function Charts is available on certain programmable controllers. Initially most PLCs utilized Ladder Logic Diagram Programming, a model which emulated electromechanical control panel devices (such as the contact and coils of relays) which PLCs replaced. This model remains common today.IEC 61131-3 currently defines five programming languages for programmable control systems: FBD (Function block diagram), LD (Ladder diagram), ST (Structured text, similar to the Pascal programming language), IL (Instruction list, similar to assembly language) and SFC (Sequential function chart). These techniques emphasize logical organization of operations.While the fundamental concepts of PLC programming are common to all manufacturers, differences in I/O addressing, memory organization and instruction sets mean that PLC programs are never perfectly interchangeable between different makers. Even within the same product line of a single manufacturer, different models may not be directly compatible.5.PLC compared with other control systemsPLCs are well-adapted to a range of automation tasks. These are typically industrial processes in manufacturing where the cost of developing and maintaining the automation system is high relative to the total cost of the automation, and where changesto the system would be expected during its operational life. PLCs contain input and output devices compatible with industrial pilot devices and controls; little electrical design is required, and the design problem centers on expressing the desired sequence of operations. PLC applications are typically highly customized systems so the cost of a packaged PLC is low compared to the cost of a specific custom-built controller design. On the other hand, in thecase of mass-produced goods, customized control systems are economic due to the lower cost of the components, which can be optimally chosen instead of a "generic" solution, and where the non-recurring engineering charges are spread over thousands or millions of units.For high volume or very simple fixed automation tasks, different techniques are used. For example, a consumer dishwasher would be controlled by an electromechanical cam timer costing only a few dollars in production quantities.A microcontroller-based design would be appropriate where hundreds or thousands of units will be produced and so the development cost (design of power supplies, input/output hardware and necessary testing and certification) can be spread over many sales, and where the end-user would not need to alter the control. Automotive applications are an example; millions of units are built each year, and very few endusers alter the programming of these controllers. However, some specialty vehicles such as transit busseseconomically use PLCs instead of custom-designedcontrols, because the volumes are low and the development cost would be uneconomic.Very complex process control, such as used in the chemical industry, may require algorithms and performance beyond the capability of even high-performance PLCs. Very high-speed or precision controls may also require customized solutions; forexample, aircraft flight controls.Programmable controllers are widely used in motion control, positioning control and torque control. Some manufacturers produce motion control units to be integrated with PLC so that G-code (involving a CNC machine) can be used to instruct machine movements.PLCs may include logic for single-variable feedback analog control loop, a "proportional, integral, derivative" or "PID controller". A PID loop could be used to control the temperature of a manufacturing process, for example. Historically PLCs were usually configured with only a few analog control loops; where processes required hundreds or thousands of loops, a distributed control system (DCS) would instead be used. As PLCs have become more powerful, the boundary between DCS and PLC applications has become less distinct.PLCs have similar functionality as Remote Terminal Units. An RTU, however, usually does not support control algorithms or control loops. As hardware rapidly becomes more powerful and cheaper, RTUs, PLCs and DCSs are increasingly beginning to overlap in responsibilities, and many vendors sell RTUs with PLC-like features and vice versa. The industry has standardized on the IEC 61131-3 functional block language for creating programs to run on RTUs and PLCs, although nearly all vendors also offer proprietary alternatives and associated development environments.6.Digital and analog signalsDigital or discrete signals behave as binary switches, yielding simply an On or Off signal (1 or 0, True or False, respectively). Push buttons, limit switches, and photoelectric sensors are examples of devices providing a discrete signal. Discrete signals are sent using either voltage or current, where a specific range is designated as On and another as Off. For example, a PLC might use 24 V DC I/O, with values above 22 V DC representing On, values below 2VDC representing Off, and intermediate values undefined. Initially, PLCs had only discrete I/O.Analog signals are like volume controls, with a range of values between zero and full-scale. These are typically interpreted as integer values (counts) by the PLC, with various ranges of accuracy depending on the device and the number of bits available to store the data. As PLCs typically use 16-bit signed binary processors, the integer values are limited between -32,768 and +32,767. Pressure, temperature, flow, and weight are often representedby analog signals. Analog signals can use voltage or current with a magnitude proportional to the value of the process signal. For example, an analog 0 - 10 V input or 4-20 mA would be converted into an integer value of 0 - 32767.。

PLC technique discussion and future developmentT.J.byersElectronic Test Equipment-principles and ApplicationsPrinceton University .AmericaAlong with the development of the ages, the technique that is nowadays is also gradually perfect, the competition plays more strong; the operation that list depends the artificial has already can't satisfied with the current manufacturing industry foreground, also can't guarantee the request of the higher quantity and high new the image of the technique business enterprise.The people see in produce practice, automate brought the tremendous convenience and the product quantities for people up of assurance, also eased the personnel's labor strength, reduce the establishment on the personnel. The target control of the hard realization in many complicated production lines, whole and excellent turn, the best decision etc, well-trained operation work, technical personnel or expert, governor but can judge and operate easily, can acquire the satisfied result. The research target of the artificial intelligence makes use of the calculator exactly to carry out, imitate these intelligences behavior, moderating the work through person's brain and calculators, with the mode that person's machine combine, for resolve the very complicated problem to look for the best path.We come in sight of the control that links after the electric appliances in various situation, that is already the that time generation past, now of after use in the mold a perhaps simple equipments of grass-roots control that the electric appliances can do for the low level only; And the PLC emergence also became the epoch-making topic, adding the vivid software control through a very and stable hardware, making the automation head for the new high tide.The PLC biggest characteristics lie in: The electrical engineering teacher already no longer electric hardware up too many calculations of cost, as long as order the importation that the button switch or the importation of the sensors order to link the PLC up can solve problem, pass to output to order the conjunction contact machine or control the start equipments of the big power after the electric appliances, but the exportation equipmentsdirect conjunction of the small power can.PLC internal containment have the CPU of the CPU, and take to have an I/ O for expand of exterior to connect a people's address and saving machine three big pieces to constitute, CPU core is from an or many is tired to add the machine to constitute, mathematics that they have the logic operation ability, and can read the procedure save the contents of the machine to drive the homologous saving machine and I/ Os to connect after pass the calculation; The I/ O add inner part is tired the input and output system of the machine and exterior link, and deposit the related data into the procedure saving machine or data saving machine; The saving machine can deposit the data that the I/ O input in the saving machine, and in work adjusting to become tired to add the machine and I/ Os to connect, saving machine separately saving machine RAM of the procedure saving machine ROM and dates, the ROM can do deposit of the data permanence in the saving machine, but RAM only for the CPU computes the temporary calculation usage of hour of buffer space.The PLC anti- interference is very and excellent, our root need not concern its service life and the work situation bad, these all problems have already no longer become the topic that we fail, but stay to our is a concern to come to internal resources of make use of the PLC to strengthen the control ability of the equipments for us, make our equipments more gentle.PLC language is not we imagine of edit collected materials the language or language of Cs to carry on weaving the distance, but the trapezoid diagram that the adoption is original after the electric appliances to control, make the electrical engineering teacher while weaving to write the procedure very easy comprehended the PLC language, and a lot of non- electricity professional also very quickly know and go deep into to the PLC.Is PLC one of the advantage above and only, this is also one part that the people comprehend more and easily, in a lot of equipments, the people have already no longer hoped to see too many control buttons, they damage not only and easily and produce the artificial error easiest, small is not a main error perhaps you can still accept; But lead even is a fatal error greatly is what we can't is tolerant of. New technique always for bringing more safe and convenient operation for us, make we a lot of problems for face on sweep but light, do you understand the HMI? Says the HMI here you basically not clear what it is, also have no interest understanding, change one inside text explains it into the touch to hold orman-machine interface you knew, it combines with the PLC to our larger space.HMI the control not only is reduced the control press button, increase the vivid of the control, more main of it is can sequence of, and at can the change data input to output the feedback with data, control in the temperature curve of imitate but also can keep the manifestation of view to come out. And can write the function help procedure through a plait to provide the help of various what lies in one's power, the one who make operate reduces the otiose error. Currently the HMI factory is also more and more, the function is also more and more strong, the price is also more and more low, and the noodles of the usage are wide more and more. The HMI foreground can say that think to be good.At a lot of situations, the list is a smooth movement that can't guarantee the equipments by the control of the single machine, but pass the information exchanges of the equipments and equipments to attain the result that we want. For example fore pack and the examination of the empress work preface, we will arrive wrapping information feedback to examine the place, and examine the information of the place to also want the feedback to packing. Pass the information share thus to make both the chain connect, becoming a total body, the match of your that thus make is more close, at each other attain to reflect the result that mutually flick.The PLC correspondence has already come more body now its value, at the PLC and correspondence between Places, can pass the communication of the information and the share of the data’s to guarantee that of the equipments moderates mutually, the result that arrive already to repair with each other. Data conversion the adoption RS232 between PLC connect to come to the transmission data, but the RS232 pick up a people and can guarantee 10 meters only of deliver the distance, if in the distance of 1000 meters we can pass the RS485 to carry on the correspondence, the longer distance can pass the MODEL only to carry on deliver.The PLC data transmission is just to be called a form to it in a piece of and continuous address that the data of the inner part delivers the other party, we, the PLC of the other party passes to read data in the watch to carry on the operation. If the data that data in the watch is a to establish generally, that is just the general data transmission, for example today of oil price rise, I want to deliver the price of the oil price to lose the oil ally on board, that is the share of the data; But take data in the watch for an instruction procedure that controls the PLC, that had the difficulty very much, for example you have to control one pedestal robot to pressthe action work that you imagine, you will draw up for it the form that a procedure combine with the data sends out to pass by.The form that information transport contain single work, the half a work and the difference of a workers .The meaning of the single work also is to say both, a can send out only, but a can receive only, for example a spy he can receive the designation of the superior only, but can't give the superior reply; A work of half is also 2 and can send out similar to accept the data, but can't send out and accept at the same time, for example when you make a phone call is to can't answer the phone, the other party also; But whole pair works is both can send out and accept the data, and can send out and accept at the same time. Be like the Internet is a typical example.The process that information transport also has synchronous and different step cent: The data line and the clock lines are synchronous when synchronous meaning lie in sending out the data, is also the data signal and the clock signals to be carry on by the CPU to send out at the same time, this needs to all want the specialized clock signal each other to carry on the transmission and connect to send, and is constrained, the characteristics of this kind of method lies in its speed very quick, but correspond work time of take up the CPU and also want to be long oppositely, at the same time the technique difficulty also very big. Its request lies in canting have an error margins in a dates deliver, otherwise the whole piece according to compare the occurrence mistake, this on the hardware is a bigger difficulty. Applied more and more extensive in some appropriative equipments, be like the appropriative medical treatment equipments, the numerical signal equipments...etc., in compare the one data deliver, its result is very good.And the different step is an application the most extensive, this receive benefit in it of technique difficulty is opposite and want to be small, at the same time not need to prepare the specialized clock signal, its characteristics to lie in, its data is partition, the long-lost send out and accept, be the CPU is too busy of time can grind to a stop sex to work, also reduced the difficulty on the hardware, the data throw to lose at the same time opposite want to be little, we can pass the examination of the data to observe whether the data that we send out has the mistake or not, be like strange accidentally the method, tired addition and eight efficacies method etc, can use to helps whether the data that we examine to send out have or not themistake occurrence, pass the feedback to carry on the discriminator.A line of transmission of the information contains a string of and combines the cent of: The usual PLC is 8 machines, certainly also having 16 machines. We can be at the time of sending out the data a send out to the other party, also can be 88 send out the data to the other party, and 8 differentiations are also the as that we say to send out the data and combine sends out the data. A speed is more and slowly, but as long as 2 or three lines can solve problem, and can use the telephone line to carry on the long range control. But combine the ocular transmission speed is very quick of, it is a string of ocular of 25600%, occupy the advantage in the short distance, the in view of the fact TTL electricity is even, being limited by the scope of one meter generally, it combine unwell used for the data transmission of the long pull, thus the cost is too expensive.Under a lot of circumstances we are total to like to adopt the string to combine the conversion chip to carry on deliver, under this kind of circumstance not need us to carry on to deposited the machine to establish too and complicatedly, but carry on the data exchanges through the data transmission instruction directly, but is not a very viable way in the correspondence, because the PLC of the other party must has been wait for your data exportation at the time of sending out the data, it can't do other works.When you are reading the book, you hear someone knock on door, you stop to start up of affair, open the door and combine to continue with the one who knock on door a dialogue, the telephone of this time rang, you signal hint to connect a telephone, after connecting the telephone through, return overdo come together knock on door to have a conversation, after dialogue complete, you continue again to see your book, this kind of circumstance we are called the interruption to it, it has the authority, also having sex of have the initiative, the PLC had such function .Its characteristics lie in us and may meet the urgently abrupt affairs in the operation process of the equipments, we want to stop to start immediately up of work, the whereabouts manages the more important affair, this kind of circumstance is we usually meet of, PLC while carry out urgent mission, total will keep the current appearance first, for example the address of the procedure, CPU of tired add the machine data etc., be like to stick down which the book that we see is when we open the door the page or simply make a mark, because we treat and would still need to continue immediately after book of see the behind.The CPU always does the affair that should do according to our will, but your mistake of give it an affair, it also would be same to do, this we must notice.The interruption is not only a, sometimes existing jointly with the hour several inside break, break off to have the preferred Class, they will carry out the interruption of the higher Class according to person's request. This kind of breaks off the medium interruption to also became to break off the set. The Class that certainly breaks off is relevant according to various resources of CPU with internal PLC; also following a heap of capacity size of also relevant fasten.The contents that break off has a lot of kinds, for example the exterior break off, correspondence in of send out and accept the interruption and settle and the clock that count break off, still have the WDT to reset the interruption etc., they enriched the CPU to respond to the category while handle various business. Speak thus perhaps you can't comprehend the internal structure and operation orders of the interruption completely also, we do a very small example to explain.Each equipment always will not forget a button, it also is at we meet the urgent circumstance use of that is nasty to stop the button. When we meet the Human body trouble and surprised circumstances we as long as press it, the machine stops all operations immediately, and wait for processing the over surprised empress recover the operation again. Nasty stop the internal I/ O of the internal CPU of the button conjunction PLC to connect up, be to press button an exterior to trigger signal for CPU, the CPU carries on to the I/ O to examine again, being to confirm to have the exterior to trigger the signal, CPU protection the spot breaks off procedure counts the machine turn the homologous exterior I/ O automatically in the procedure to go to also, be exterior interruption procedure processing complete, the procedure counts the machine to return the main procedure to continue to work. Have 1:00 can what to explain is we generally would nasty stop the button of exterior break off to rise to the tallest Class, thus guarantee the safety.When we are work a work piece, giving the PLC a signal, counting PLC inner part the machine add 1 to compute us for a day of workload, a count the machine and can solve problem in brief, certainly they also can keep the data under the condition of dropping the electricity, urging the data not to throw to lose, this is also what we hope earnestly.The PLC still has the function that the high class counts the machine, being us while accept some dates of high speed, the high speed that here say is the data of the in all aspects tiny second class, for example the bar code scanner is scanning the data continuously, calculating high-speed signal of the data processor DSP etc., we will adopt the high class to count the machine to help we carry on count. It at the PLC carries out the procedure once discover that the high class counts the machine to should of interruption, will let go of the work on the hand immediately. The trapezoid diagram procedure that passes by to weave the distance again explains the high class for us to carry out procedure to count machine would automatic performance to should of work, thus rise the Class that the high class counts the machine to high one Class.You heard too many this phrases perhaps:" crash", the meaning that is mostly is a workload of CPU to lead greatly, the internal resources shortage etc. the circumstance can't result in procedure circulate. The PLC also has the similar circumstance, there is a watchdog WDT in the inner part of PLC, we can establish time that a procedure of WDT circulate, being to appear the procedure to jump to turn the mistake in the procedure movement process or the procedure is busy, movement time of the procedure exceeds WDT constitution time, the CPU turn but the WDT reset the appearance. The procedure restarts the movement, but will not carry on the breakage to the interruption.The PLC development has already entered for network ages of correspondence from the mode of the one, and together other works control the net plank and I/ O card planks to carry on the share easily. A state software can pass all se hardwires link, more animation picture of keep the view to carries on the control, and cans pass the Internet to carry on the control in the foreign land, the blast-off that is like the absolute being boat No.5 is to adopt this kind of way to make airship go up the sky.The development of the higher layer needs our continuous effort to obtain. The PLC emergence has already affected a few persons fully, we also obtained more knowledge and precepts from the top one experience of the generation, coming to the continuous development PLC technique, push it toward higher wave tide.可编程控制器技术讨论与未来发展T.J.拜尔斯（电子测试设备原理及应用普林斯顿大学）随着时代的发展，当今的技术也日趋完善、竞争愈演愈烈；单靠人工的操作已不能满足于目前的制造业前景，也无法保证更高质量的要求和高新技术企业的形象。

A PLC programming environment based on a virtual plantSang C. Park & Chang Mok Park & Gi-Nam WangAbstract This paper proposes the architecture of a PLC programming environment that enables a visual verification of PLC programs that integrates a PLC program with a corresponding plant model, so that users can intuitively verify the PLC program in a 3D graphic environment. The plant model includes all manufacturing devices of a production system as well as corresponding device programs to perform their tasks in the production system, and a PLC program contains the control logic for the plant model. For the implementation of the proposed PLC programming environment, it is essential to develop an efficient methodology to construct a virtual device model as well as a virtual plant model. The proposed PLC programming environment provides an efficient construction method for a plant model based on the DEVS (Discrete Event Systems Specifications) formalism, which supports the specification of discrete event models in a hierarchical, modular manner.Keywords PLC verification . Plant model . Virtual device model . Virtual factory simulation1 IntroductionGenerally, industrial production lines are dynamic systems whose states change according to the occurrence of variousevents, and thus exhibit the characteristics of a discrete event system. If manufacturers are to remain competitive in a continuously changing marketplace, they must not only continue to improve their products but also strive to improve production systems continuously [10]. Thus, an efficient prototyping environment for production systems is crucial. A modern production line is a highly integrated system composed of automated workstations such as robots with tool-changing capabilities, a hardware handling system and storage system, and a computer control system that controls the operations of the entire system. The implementation of a production line requires much investment, and decisions at the design stage have to be made very carefully in order to ensure that a highly automated manufacturing system will successfully achieve the intended benefits. Simulation is an essential tool in the design and analysis of complex systems that cannot be easilydescribed by analytical or mathematical models [5, 6]. It is useful for calculating utilization statistics, finding bottlenecks, pointing out scheduling errors and even for creating manufacturing schedules. Traditionally, various simulation languages, including ARENA® and Auto- Mod®, are used for the simulation of manufacturing systems [14]. Those simulation languages have been widely accepted both in industry and in academia; however, they remain as analysis tools for the rough design stage of a production line, because their simulation models are not realistic enough to be utilized for a detailed design or for implementation purposes. For example, real production lines are usually controlled by PLC (ProgrammableLogic Controller) programs [3], as shown in Fig. 1, but conventional simulation languages roughly describe the control logic with independent entity flows (job flows) between processes.Fig. 1 Production system controlled by a PLC programFor a detailed design (virtual prototyping) of a production line, it is necessary to create a much more detailed simulation model that can forecast not only the production capability of the system but also the physical validity and efficiency of co-working machines and control programs. As shown in Fig. 1, various machines that operate simultaneously in an industrial manufacturing system are usually controlled by PLCs, currently the most suitable and widely employed industrial control technology [1–4]. A PLC (Programmable Logic Controller) emulates the behavior of an electric ladder diagram. As they are sequential machines, to emulate the workings of parallel circuits that respond instantaneously, PLCs use an input/ output image table and a scanning cycle. When a program is being run in a PLC, it is continuously executing a scanning cycle. The program scan solves the Boolean logic related to the information in the input table with that in output and internal relay tables. In addition, the information in the output and internal relay tables is updated during the program scan. In a PLC, this Boolean logic is typically represented using a graphical language known as a ladder diagram [3]. Previous approaches on PLC programs can be categorized into two groups; (1) Verification of a given PLC program [18, 19], and (2) Generation of a dependable PLC program [15–17]. In the first group, various software tools have been developed for the verification of PLCbased systems via the use of timed automata, such asUPPAAL2k, KRONOS, Supremica and HyTech, mainly for programs written in a statement list language also termed Boolean [2]. These software tools verify PLC programs to a certain extent; however, they remain limited. Since they are mainly focusing on the checking of theoretical attributes (safety, liveness, and reachability), it is not easy for users to determine whether the PLC programs actually achieve the intended control objectives. In the second group, many researchers have focused on the automatic generation of PLC programs from various formalisms including state diagrams, Petri nets and IDEF0. These formalisms can help the design process of control logics, however, it is still difficult to find hidden errors, which are the most difficult part of the verification of a control program. To cope with the problem, we need a more transparent PLC programming environment helping users to recognize hidden errors. The objective ofthis paper is to propose the architecture of a PLC programming environment that enables the visual validation of a PLC program. The proposed PLC programming environment employs a virtual plant model consisting of virtual devices, so that users can easily verify the PLC program. The overall structure of the paper is as follows. Section 2 illustrates the architecture of the proposed PLC programming environment, while Section 3 describes an efficient construction methodology for a plant model, which can be synchronized with a PLC program. Section 4 shows an example and illustrations. Finally, concluding remarks are given in Section 5.2 Visual validation of PLC programsTo design the architecture of the PLC programming environment, it is important to understand the basic procedure used to construct a PLC program (ladder diagram). Chuang et al. [1] proposed a procedure for the development of an industrial automated production system that consists of nine steps. They are: (1) Define the process to be controlled; (2) Make a sketch of the process operation; (3) Create a written sequence listing of the process step by step; (4) On the sketch, add the sensors needed to carry out the control sequence; (5) Add the manual controls needed for the process-setup or for operational checks; (6) Consider the safety of the operating personnel and make additions and adjustments as needed; (7) Add the master stop switches required for a safe shutdown; (8) Create a ladder logic diagram that will be used as a basis for the PLC program; and (9) Consider the possible points where the process-sequence may go astray. The most time-consuming task for the control logic designers is the 8-th step, which is usually done by the repetitive method of ‘Code writing, testing and debugging’ until the control objectives are achieved [2]. The bottleneck of the 8-th step is that the conventional PLC programming environments are not especially intuitive, particularly for the testing and debugging of a PLC program, as they show only the status of a PLC without providing any links to the target system (production line). For the validation of a PLC program, engineers need to imagine the state changes of a production line from the input and output ports of a PLC. That is the reason conventional PLC programming environments are often inefficient and prone to human error. As the configurations of production lines and their control programsbecome more complicated, there is a strong need for a more intuitive PLC programming environment. It is hoped that this paper will take positive steps in this direction. Figure 2 shows the architecture of the proposed PLC programming environment. It consists of two layers, a model layer and an application layer. The model layer has three models, a plant model (virtual factory model), a PLC program (control model) and an I/O mapping model. The plant model includes all manufacturing devices of the production system as well as the corresponding device programs to perform their tasks in the production system, and the PLC program contains the control logic for the plant model. For the integration of the plant model and the PLC program, it is necessary to define the mapping between the plant model and the PLC program, which is described by the I/O mapping model. The application layer simultaneously provides two interfaces to users. The ‘PLCsimulator’ performs the simulation of the control program, and the ‘plant model visualizer’ shows the corresponding plant model (3D graphic models) reflecting the changing states of the production system during the PLC simulation. Thus, it becomes much easier for users to verify the PLC program through the plant model visualizer.。

本文部分内容来自网络，本司不为其真实性负责，如有异议请及时联系，本司将予以删除== 本文为word格式，简单修改即可使用，推荐下载！ ==plc英文参考文献a water pumping control system with a programmablelogic controller (plc) and industrial wireless modules for industrial plants—an experimental setupisa transactions, in press, corrected proof, available online 3 december XXramazan bayindir, yucel cetince《电气控制与plc》参考文献参考文献[1] 张凤珊.电气控制及可编程序控制器.2版 [m].北京: 中国轻工业出版社，XX.[2] 《工厂常用电气设备手册》编写组.工厂常用电气设备手册.2版 [m].北京: 中国电力出版社，1998.[3] 马志溪.电气工程设计 [m].北京: 机械工业出版社，XX.[4] 刘增良，刘国亭.电气工程cad [m].北京: 中国水利水电出版社，XX.[5] 齐占庆，王振臣.电气控制技术 [m].北京: 机械工业出版社，XX.[6] 史国生.电气控制与可编程控制器技术 [m].北京: 化学工业出版社，XX.[7] 郁汉琪.电气控制与可编程序控制器应用技术 [m].南京: 东南大学出版社，XX.[8] 张万忠.可编程控制器应用技术 [m].北京: 化学工业出版社，XX.[9] 王兆义.小型可编程控制器实用技术 [m].北京: 机械工业出版社，XX.[10] 三菱微型可编程控制器手册 [m].mitsubishi socio-tech，XX.[11] 吴晓君，杨向明.电气控制与可编程控制器应用 [m].北京: 中国建材工业出版社，XX.[12] 李道霖.电气控制与plc原理及应用 [m].北京: 电子工业出版社，XX.[13] s7-200 cn可编程序控制器手册 [m].西门子(中国)有限公司自动化与驱动集团，XX.[14] siemens wincc手册 [m].西门子(中国)有限公司自动化与驱动集团，XX.[15] 魏艳君.多功能屋面sp板切割机 [j].机电一体化，XX，(4)：47-48.以下文字仅用于测试排版效果, 请使用时删除！“山不在高，有仙则灵。

Programmable logic controllerA programmable logic controller (PLC) or programmable controller is a digital computer used for automation of electromechanical processes, such as control of machinery on factory assembly lines, amusement rides， or lighting fixtures. PLCs are used in many industries and machines。

Unlike general—purpose computers，the PLC is designed for multiple inputs and output arrangements, extended temperature ranges, immunity to electrical noise, and resistance to vibration and impact. Programs to control machine operation are typically stored in battery—backed or non-volatile memory. A PLC is an example of a real time system since output results must be produced in response to input conditions within a bounded time， otherwise unintended operation will result。

1。

HistoryThe PLC was invented in response to the needs of the American automotive manufacturing industry。

Security in OPERA Specification based PLC SystemsGuiomar Corral, Josep M. Selga, AgustínZaballos, David González-TarragóEnginyeria i Arquitectura La Salle-Universitat RamonLlull (URL)Barcelona-Spain{jmselga, guiomar, zaballos, dgonzalez}@Luis M. TorresDesign of Systems on Silicon (DS2) SAValencia, SpainBerthold HaberlerLinz Strom GmbhLinz, AustriaAbstract— Power Line Communication (PLC) is a broadband telecommunication technology that enables the use of the existing electricity networks for high speed data transmission purposes. European project OPERA (Open PLC European Research Alliance) is a project whose strategic objective is to push PLC technology in all the different and relevant aspects. Within this framework, security is an important aspect thatshould be taken into account and integrated into thespecifications from the very beginning. The project was scheduled in two phases with a duration of two years each. Phase1 produced a first PLC specification, including security.Phase2 produced an improved specification which was submitted to the IEEE as the OPERA PLC proposal within thecontest organized by WG P1901. The paper presents the studies related to security in the PLC access technology made within this process that led to the second security specification of OPERA. Finally, an analysis of this specification isperformed.Keywords- access technologies; PLC; communications network security;OPERA project.I. INTRODUCTIONPower Line Communication (PLC) is a broadband telecommunication technology able to use the existing electricity networks for data transmission purposes, allowing any user connected to the power grid to benefit from Information Technology based services easily. The strategic objective of project OPERA (Open PLC European Research Alliance) [1] is to push PLC technology in all the different and relevant aspects (standardization, technology improvement, installation tools and processes, telecom services, dissemination,..) so as to allow the technology to become a competitive alternative to offer broadband access service to all European citizens using the most ubiquitous infrastructure, the electrical grid, which covers not only the last mile but also in-building and in-home spaces.Security has been sometimes neglected when defining standards. In fact, the initial specifications of many existing standards in related areas such as wireless [2] have been shown to have many vulnerabilities that have had to be fixedin further specifications, not without trouble for the market. Unfortunately OPERA is not different. The specification produced in OPERA Phase1 [1][3] presented also several vulnerabilities that have been fixed in OPERA Phase2 specification [4]. The writing of this second specification by OPERA was inscribed in some way in the process created by the IEEE WG P1901 with the intention of producing an IEEE standard for PLC access and in-home networks. In fact, deliverable D27 [4] is the proposal submitted by OPERA to the IEEE within the mentioned process.The presentation of the OPERA Phase2 specification and the related security analysis are the objectives of this paper.The contents of the present paper is organized as follows. Section II introduces the security requirements to be complied by the specification; Section III succinctly describes the OPERA Phase1 specification; Section IV analyzes the level of compliance of this specification; Section V outlines the basic ideas forcreating a new specification; Section VI contains a security analysis of the new specification and, finally, there is a conclusions section.II. SECURITY REQUIREMENTSThe basic objectives of any security specification are to achieve confidentiality, integrity, mutual authentication and availability. These objectives can be threatened by a series of attacks.Confidentiality is interpreted as the privacy of transactions between two nodes from all other nodes. It is made possible by the techniques of cryptography. The most relevant known attacks against confidentiality are [5]: brute force attack, dictionary attack, eavesdropping attack and precomputation attack.Data integrity refers to ensuring that data has not been altered during the transmission process. Malicious manipulation and forging of messages are different attacks against data integrity. It can be prevented by the use of Message Integrity Checks (MIC).The function of admission control is to guarantee that network resources are only accessed by authorized devices which are who claim to be. Thus, it contains two aspects, one is authentication of the stations and the other is authorization to access the resources. Normally both functions are combined in a single access protocol. Different attacks against admission control are the following: identity usurpation, replay attacks, man-in-the-middle attacks, hijack of MAC addresses, session hijacking, masquerading, malicious device and message interception. Availability refers to the prevention from accessing and using the network by some unauthorized party. Attacks to availability are called Denial of Service (DoS) attacks. The security requirement demands that the specificationmust be robust against these attacks as well as to any other possible attack.III. SUCCINCT DESCRIPTION OF OPERA PHASE 1 SECURITY SPECIFICATION OPERA1 Specification [2][3] is aimed for PLC access networks and defines three types of devices, Head-End (HE), Repeaters (TDR, Time Division Repeaters) and Customer Premises Equipment (CPE). They typically form amulti-hop system like the one depicted in Figure 1.Confidentiality in OPERA1 is achieved by the use of DES[6] and 3DES[7] encryption systems. The admission control process involves three messages: an Access Frame that invites nodes to join the network, a contention Access Reply Frame that is an answer to the Access Frame and arequest to join the network and, finally, an Access Protocol Packet that basically informs about the success or failure of the admission control process. It is, thus, a 3-wayhandshake.The MAC layer is based on token passing controlled by the HE. The HE organizes and controls the downlink data frame for all data transmission from the HE to the CPEs. It also assigns the access duration for each CPE, which allows the uplink transmissions from the CPEs to the HE [2][8].The data frame structure used in the uplink and downlink transmissions is illustrated in Figure 2 [8]. Each frame begins with a “token announce” (TA). The TA is broadcasted in the clear over the network to inform the other stations about the upcoming transmission. The TA is followed by a number of bursts, each one addressing a specific CPE. Each burst consists of a burst header followed by several OPERA packets (basically similar to Ethernet packets). An interpacket header is inserted to separate two continuous packets or fragments of packets in a burst. The last symbol of the data frame carries a “Data Token” (DT).IV. OPERA PHASE 1 SPECIFICATION SECURITY ANALYSISThe most relevant vulnerabilities of OPERA Phase1 specification that have been detected are the following:Vulnerability 1: It uses DES [6] with a 56/64 bit key which has been reported to be breakable. It has even been phased out by FIPS (Federal Information Processing Standards). Brute force attacks as well as other attacks are feasible. Vulnerability 2: Admission control is only based on MAC addresses. Since these addresses are necessarily sent in the clear over the PLC channel, they can be supplanted. Hijacking and identity usurpation are easy to deploy.Vulnerability 3: There is no mutual authentication. There is no provision to authenticate masters. A malicious masterand man-in-the-middle attacks are possible.Vulnerability 4: The OPERA1 proposal does not contain any security Message Integrity Check (MIC) that could preserve data against tampering. Vulnerability 5: Channel Estimation MPDUs are never encrypted and include no MIC. Thus they can be manipulated to cause a DoS attack.Vulnerability 6: Another possible data integrity attack is just to change the position of different blocks in the payload. This would be unnoticed due to the independent ciphering of each block. It is a permutation attack.Vulnerability 7: It uses Diffie-Hellman algorithm without any protection against Man-in-the Middle attack. Although this may seem a big number of vulnerabilities of the OPERA Phase1 specification, the situation is common with other technologies, the most relevant of them being the early IEEE802.11 security specification [1].V. OUTLINE FOR A NEW OPERA SECURITY SPECIFICATIONUpon the view of the previous vulnerabilities it was clear that a new specification was needed and that it should provide stronger encryption,stronger integrity and a new admission control method really securing authentication and authorization.A- Stronger encryption.It can be obtained by the use of AES [9] or 3DES [7] ciphering algorithms. Neither of both has been reported to be cracked until today. For the new security specification the option chosen has been AES. The reason is that upon a careful comparison with 3DES it was clear that under many scenarios AES is less costly than 3DES. Another fact is that AES is recommended by IEEE and that it is believed to be more robust than 3DES.AES is a block cipher. To achieve confidentiality in messages of arbitrary length there are five options [10] called modes of operation. From these possible modes of operation the one chosen was the CTR mode because it can be performed in parallel (CFM and OFM modes do not allow this). Also it avoids some problems from the simpler ECB mode, it is well known and trusted (it has been used for more than 20 years) and does not raise Intellectual Property Rights (IPR) concerns as OCB does.B- Stronger integrity.From the variety of mechanisms generating a Message Integrity Check (MIC) the ones that support integrated confidentiality and integrity are specially interesting because they use one algorithm for both functions, thing that may avoid hardware and software costs. So the decision was to use AES for both functions: confidentiality and MIC generation. The chosen method to performintegrated encryption and authentication was CCM (Counter with CBCMAC) as defined in RFC 3610 [11]. CCM combines CTR mode of encryption with the CBC-MAC mode of authentication. CCM has been used and studied for a longtime and has well-understood cryptographic properties. CCM uses the same encryption key for both processes but, in conjunction with other parameters, it leads to two separated keys.The chosen values of the M and L parameters of CCM are:M = 8; indicating that the MIC is 8 octets long.L = 2; indicating that the length field is 2 octets.The length of the MIC was chosen to be 64 bits since this is the minimum length recommended by [11]. Figure 3: Construction of an Encrypted Burst The previous selections are coincident with those made in standardIEEE802.11i [12] for Wireless LANs. The main difference is that encryption and integrity are not applied over the same message. Encryption is performed over data bursts, which may contain several OPERA packets, while a MIC is generated for each OPERA packet (see Figure 3). The Burst header is authenticated but not encrypted. The OPERA packet header is authenticated and encrypted. This is done to improve efficiency in the very noisy environments typical to PLC channels. In case of error it is not necessary to retransmit the whole burst but only one packet. Another difference with [12] is that the OPERA specification does not support non robust options such as WEP or TKIP. This is possible because OPERA does not have to take into account IEEE802.11 legacy systems. C-Admission controlWith respect to admission control, the open possibilities were to define a specific protocol for OPERA or to use an existing standard. If such a standard existed it seems wiser the option to use it. Fortunately this standard exists and is IEEE 802.1X [13], an IEEE standard for port-based Network Access Control in LAN, based on the EAP (Extensible Authentication Protocol) [14], that has been adapted to be used in other environments such as wireless and which today is part of IEEE802.11i. Due to the adequacy and long time experience of thisstandard the decision was to make use of it in OPERA.IEEE 802.1X defines three entities, Supplicant, Authenticator and Authentication Sever (AS) and allows foran authentication dialog after the two opening messages (EAP-Request and EAP-Response) and before the closing message (EAP-Success or Failure). The three messages of the three-way handshake of OPERA Phase1 commented in Section III have similar functionality to the three EAP messages just mentioned. The approach taken in the new OPERA specification has been to keep the three messagesas defined in OPERA Phase1 for backwards compatibility.The Authenticator is in charge of converting betweenboth formats. The process has been represented in Figure 4. The Authenticator translates messages B and D into the corresponding Radius over EAP messages anddecapsulates/encapsulates messages C, those belonging to the authentication protocol of choice.A much major difference is that the Authenticator in IEEE802.11i is the Access Point while in OPERA can be the HE but also a Repeater.This creates the difference that in OPERA the communication between the Authenticator, when it is a Repeater, and the Authentication Server (Which can be located at the HE or beyond it) is also transmitted over the PLC channel. This fact implies the need to send the messages encrypted, protected with a MIC, with the same rules as in the dialog between Supplicant and Authenticator, and encapsulated into OPERA packets.Another difference is that the Supplicant can be a CPE or Repeater. So, aRepeater can be first a Supplicant and later Authenticator. A smaller difference is that the Access Protocol Packet may convey not only success or failure information but also indication of a failed dialog. The authentication dialog allowed by IEEE802.1X/EAP allows for the use of both shared secrets and certificates. This solves the problem of OPERA1 Phase1 of authenticating only on a MAC address basis.The new specification of OPERA is quite similar to the IEEE 802.11i and it complies with the RSNA (Robust Secure Network Association) defined in it. Nevertheless, the multihop nature of PLC, as shown in Figure 1, is a major difference with respect to wireless. In fact IEEE802.11i does not take into account the possible existence of repeaters.What the OPERA specification does, is to apply recursively the dialog between Supplicant and Authenticator.A node is first Supplicant and, once admitted into the network, may become Authenticator for another Supplicant. This creates a chain of trust among devices onto which security relies upon. What happens is that the messages sent by the Authenticator to the AS are transmitted over the PLC network and, thus, should be protected with encryption and integrity mechanisms as well as the data messages.In agreement with IEEE802.11i, OPERA Phase 2 uses the EAPOL 4-way handshake for key management. The objective of this handshake is to prove mutual knowledge of the PMK (Pairwise Master Key). But prior to this handshake, the PMK has to be transferred to the Authenticator and this again has to be done by means of the secure channel formed by the mentioned chain of trust.VI. SECURITY ANALYSIS OF THE NEW SPECIFICATIONThe new OPERA security specification is quite similar to IEEE 802.11i. Although this standard was developed to overcome vulnerabilities of previous standards, it has still potential vulnerabilities [15]. A first vulnerability is the so called rollback attack, an attack that does not seem possible in the newspecification because it does not include the WEP and TKIP options ofIEEE802.11i. The reflection attack described in the same reference is also not possible because it is not allowed for a device to have simultaneously both roles supplicant and authenticator.The previously mentioned chain of trust should not be subject of concern because there is a chain of trust from the source authority to the supplicant and chains are of limited length. Nevertheless it is reasonable to think that there would be some slight degradation of security in very long chains. Another possible source of vulnerabilities in chains could come in relation to the rerouting of messages due to failures or transient situations but we have not been able to find any.Still there remain some possible DoS attacks in layer 2. Forging of management messages is possible. The solution is to authenticate management frames but here there is atrade-off between security and efficiency. Access Request and Access Reply Frames cannot be authenticated but OPERA is not vulnerable to attacks such as flooding of requests because the access process in OPERA is completely controlled by the Authenticator. A special DoS attack for OPERA Phase1 is forging bit loading messages which in the current specification are sent unencrypted. The proposal is to also encrypt these messages.Also the DoS attacks against the 4-way handshake indicated in [15] are also worth considering. Another possible attack in PLC comes from the manipulation of the impedance of the electrical line or the line itself. This may cause lead to message deletion or, worse, message interception. The implementation of suchan attack seems difficult and requires specific topologies that do not seem to be common. In any case the attack would be a Man in the Middle attackfrom which the specification is already protected because it provides for mutual authentication. Another aspect being improved is the computation burden created by the need to change the key at every hop. One mechanism to improve this aspect is to use a single key to manage the HE and the Repeaters. Another is to define a protocol to agree a single key for transmission between pairs of CPE. VII. CONCLUSIONSThe earlier OPERA Phase1 PLC specification has been detected to be vulnerable to many known security attacks.This led to the definition of a new OPERA PLC specification able to overcome the known attacks. This new OPERA specification was submitted to the IEEE as the proposal of the OPERA consortium for the IEEE standard on PLC access systems. The proposal is based on the principles of standard IEEE802.11i. This is good for many reasons. One is compatibility with wireless in hybrid systems and devices. Another is to use known and proved standards. Nevertheless there are several differences to adapt the specification to the nature of PLC. The main ones are the following:-Instead of applying Encryption and MIC computation to the same block of data, Encryption is applied to Bursts while the MIC is appended to OPERA packets. This makes the system stronger against the very noisy PLC channels.-Admission control protocol is based on IEEE 802.1X except for three messages (Access Frame, Access Reply Frame and Access Protocol Packet) which have a different format but the same functionality.-The multihop nature of PLC is a major difference. IEEE802.11i does not take into account the possible existence of repeaters while OPERA do take them into account. It applies the dialog between Supplicant and Authenticator recursively so as to create a chain of trust among devices. Messages sent by the Authenticator to the Authentication Server may have to be transmitted over the PLC network and, in this case, they are to be protected following the same mechanisms as for the rest of messages. Finally aspects that deserve moreattention have been identified and several new vulnerabilities have been taken into account to provide ideas for a refined version of the OPERA specification. ACKNOWLEDGMENTThis work is supported by FP6 project OPERA (Open PLC European Research Alliance), and by “Enginyeria I Arquitectura La Salle”, DS2 and Linz Strom Gmbh. REFERENCES[1] OPERA Specification-Part 1-Technology-Version 1.0; 31/01/2006./_files/whitepapers/opera_wp2.pdf.. . Last access: 22/02/2010 [2] Todor Cooklev, “Wireless Communication Standards”, IEEE Standards Wireless Networks Series; IEEE, 2004.[3] OPERA Specification Part 2-System-Version 1.0, 31/01/2006./_files/whitepapers/opera_wp2.pdf. Last access: 22/02/2010. [4] OPERA Deliverable D27: OPERA Specification Version 2, 2007. . Last access: 21/02/2010[5] Jon Edney and William A. Arbaugh, “Real 802.11 Security Wi-Fi Protected Access and 802.11i”, Addison-Wesley, 2004.[6] FIPS 46-3, Data Encryption Standard (DES), October, 1999.[7] NIST SP 800-67, “Triple Data Encryption Algorithm (TDEA), including its primary component cryptographic engine, the Data Encryption Algorithm (DEA)”.[8] Le Phu Do, Halid Hrasnica and Ralf Lehnert, “Performance Evaluation of the PLC-MAC Protocol in Accordance with the OPERA Specification”. Proceedings of ISPLC07, pp 447-452, Pisa, Italy, 2007.[9] Federal Information Processing Standards Publication 197:Specification for the Advanced Encryption Standard (AES) -November 26, 2001 (FIPS-97 (2002)).[10] National Institute of Standards and Technology Special Publication 800-38A, December, 2001 Edition: Recommendation for Block Cipher Modes of Operation, Methods and Techniques.[11] IETF, Request for Comments: 3610, “Counter with CBC-MAC (CCM)”,September 2003[12] IEEE P802.11i/D10.0. Medium Access Control (MAC) Security Enhancements, Amendment 6 to IEEE Standard for Information technology – Telecommunications and information exchange between systems – Local and metropolitan area networks – Specific requirements – Part 11: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications. April, 2004. [13] IEEE Standard 802.1X-2001. IEEE Standard for Local andmetropolitan area networks – Port-Based Network Access [14] IETF, Request for Comments: 3748. Extensible Authentication Protocol (EAP), June 2004.[15] Changhua He and John C Mitchell, “Security Analysis and Improvements fro IEEE 802.11i”. The 12th Annual Network and Distributed System Security Symposium (NDSS'05), pages 90-110. Feb. 2005. 4778。

附录外文资料PLC technique discussion and future developmentAlong with the development of the ages, the technique that is nowadays is also gradually perfect, the competition plays more strong; the operation that list depends the artificial has already can't satisfied with the current manufacturing industry foreground, also can't guarantee the request of the higher quantity and high new the image of the technique business enterprise.The people see in produce practice, automate brought the tremendous convenience and the product quantities for people up of assurance, also eased the personnel's labor strength, reduce the establishment on the personnel. The target control of the hard realization in many complicated production lines, whole and excellent turn, the best decision etc., well-trained operation work, technical personnel or expert, governor but can judge and operate easily, can acquire the satisfied result. The research target of the artificial intelligence makes use of the calculator exactly to carry out, imitate these intelligences behavior, moderating the work through person's brain and calculators, with the mode that person's machine combine, for resolve the very complicated problem to look for the best pathWe come in sight of the control that links after the electric appliances in various situation, that is already the that time generation past, now of after use in the mold a perhaps simple equipments of grass-roots control that the electric appliances can do for the low level only; And the PLC emergence also became the epoch-making topic, adding the vivid software control through a very and stable hardware, making the automation head for the new high tide.The PLC biggest characteristics lie in: The electrical engineering teacher already no longer electric hardware up too many calculations of cost, as long as order the importation that the button switch or the importation of the sensors order to link the PLC up can solve problem, pass to output to order the conjunction contact machine or control the start equipments of the big power after the electric appliances, but the exportation equipments direct conjunction of the small power can.PLC internal containment have the CPU of the CPU, and take to have an I/ O for expand of exterior to connect a people's address and saving machine three big pieces to constitute, CPU core is from an or many is tired to add the machine to constitute, mathematics that they have the logic operation ability, and can read the procedure save the contents of the machine to drive the homologous saving machine and I/ Os to connect after pass the calculation; The I/ O add inner part is tired the input and output system of the machine and exterior link, and deposit the related data into the procedure saving machine or data saving machine; The saving machine can deposit the data that the I/ O input in the saving machine, and in work adjusting to becometired to add the machine and I/ Os to connect, saving machine separately saving machine RAM of the procedure saving machine ROM and dates, the ROM can do deposit of the data permanence in the saving machine, but RAM only for the CPU computes the temporary calculation usage of hour of buffer space.The PLC anti- interference is very and excellent, our root need not concern its service life and the work situation bad, these all problems have already no longer become the topic that we fail, but stay to our is a concern to come to internal resources of make use of the PLC to strengthen the control ability of the equipments for us, make our equipments more gentle.PLC language is not we imagine of edit collected materials the language or language of Cs to carry on weaving the distance, but the trapezoid diagram that the adoption is original after the electric appliances to control, make the electrical engineering teacher while weaving to write the procedure very easy comprehended the PLC language, and a lot of non- electricity professional also very quickly know and go deep into to the PLC.Is PLC one of the advantage above and only, this is also one part that the people comprehend more and easily, in a lot of equipments, the people have already no longer hoped to see too many control buttons, they damage not only and easily and produce the artificial error easiest, small is not a main error perhaps you can still accept; But lead even is a fatal error greatly is what we can't is tolerant of. New technique always for bringing more safe and convenient operation for us, make we a lot of problems for face on sweep but light, do you understand the HMI? Says the HMI here you basically not clear what it is, also have no interest understanding, change one inside text explains it into the touch to hold or man-machine interface you knew, and it combines with the PLC to our larger space.HMI the control not only is reduced the control press button, increase the vivid of the control, more main of it is can sequence of, and at can the change data input to output the feedback with data, control in the temperature curve of imitate but also can keep the manifestation of view to come out. And can write the function help procedure through a plait to provide the help of various what lies in one's power, the one who make operate reduces the otiose error. Currently the HMI factory is also more and more, the function is also more and more strong, the price is also more and more low, and the noodles of the usage are wide more and more. The HMI foreground can say that think ° to be good very.At a lot of situations, the list is a smooth movement that can't guarantee the equipments by the control of the single machine, but pass the information exchanges of the equipments and equipments to attain the result that we want. For example fore pack and the examination of the empress work preface, we will arrive wrapping information feedback to examine the place, and examine the information of the place to also want the feedback to packing. Pass the information share thus to make both the chain connect, becoming a total body, the match of your that thus make is more close,at each other attain to reflect the result that mutually flick.The PLC correspondence has already come more body now its value, at the PLC and correspondence between PLCs, can pass the communication of the information and the share of the dates to guarantee that of the equipments moderates mutually, the result that arrive already to repair with each other. Data conversion the adoption RS232 between PLC connect to come to the transmission data, but the RS232 pick up a people and can guarantee 10 meters only of deliver the distance, if in the distance of 1000 meters we can pass the RS485 to carry on the correspondence, the longer distance can pass the MODEL only to carry on deliver.The PLC data transmission is just to be called a form to it in a piece of and continuous address that the data of the inner part delivers the other party, we, the PLC of the other party passes to read data in the watch to carry on the operation. If the data that data in the watch is a to establish generally, that is just the general data transmission, for example today of oil price rise, I want to deliver the price of the oil price to lose the oil ally on board, that is the share of the data; But take data in the watch for an instruction procedure that controls the PLC, that had the difficulty very much, for example you have to control one pedestal robot to press the action work that you imagine, you will draw up for it the form that a procedure combine with the data sends out to pass by.The form that information transport contain single work, the half a work and the difference of a workers .The meaning of the single work also is to say both, a can send out only, but a can receive only, for example a spy he can receive the designation of the superior only, but can't give the superior reply; A work of half is also 2 and can send out similar to accept the data, but can't send out and accept at the same time, for example when you make a phone call is to can't answer the phone, the other party also; But whole pair works is both can send out and accept the data, and can send out and accept at the same time. Be like the Internet is a typical example.The process that information transport also has synchronous and different step cent: The data line and the clock lines are synchronous when synchronous meaning lie in sending out the data, is also the data signal and the clock signals to be carry on by the CPU to send out at the same time, this needs to all want the specialized clock signal each other to carry on the transmission and connect to send, and is constrained, the characteristics of this kind of method lies in its speed very quick, but correspond work time of take up the CPU and also want to be long oppositely, at the same time the technique difficulty also very big. Its request lies in canting have an error margins in a dates deliver, otherwise the whole piece according to compare the occurrence mistake, this on the hardware is a bigger difficulty. Applied more and more extensive in some appropriative equipments, be like the appropriative medical treatment equipments, the numerical signal equipments...etc., in compare the one data deliver, its result is very good.And the different step is an application the most extensive, this receive benefit init of technique difficulty is opposite and want to be small, at the same time not need to prepare the specialized clock signal, its characteristics to lie in, its data is partition, the long-lost send out and accept, be the CPU is too busy of time can grind to a stop sex to work, also reduced the difficulty on the hardware, the data throw to lose at the same time opposite want to be little, we can pass the examination of the data to observe whether the data that we send out has the mistake or not, be like strange accidentally the method, tired addition and eight efficacies method etc., can use to helps whether the data that we examine to send out have or not the mistake occurrence, pass the feedback to carry on the discriminator.A line of transmission of the information contains a string of and combine the cent of: The usual PLC is 8 machines, certainly also having 16 machines. We can be an at the time of sending out the data a send out to the other party, also can be 88 send out the data to the other party, an and 8 differentiations are also the as that we say to send out the data and combine sends out the data. A speed is more and slowly, but as long as 2 or three lines can solve problem, and can use the telephone line to carry on the long range control. But combine the ocular transmission speed is very quick of, it is a string of ocular of 25600%, occupy the advantage in the short distance, the in view of the fact TTL electricity is even, being limited by the scope of one meter generally, it combine unwell used for the data transmission of the long pull, thus the cost is too expensive.Under a lot of circumstances we are total to like to adopt the string to combine the conversion chip to carry on deliver, under this kind of circumstance not need us to carry on to deposited the machine to establish too and complicatedly, but carry on the data exchanges through the data transmission instruction directly, but is not a very viable way in the correspondence, because the PLC of the other party must has been wait for your data exportation at the time of sending out the data, it can't do other works.When you are reading the book, you hear someone knock on door, you stop to start up of affair, open the door and combine to continue with the one who knock on door a dialogue, the telephone of this time rang, you signal hint to connect a telephone, after connecting the telephone through, return overdo come together knock on door to have a conversation, after dialogue complete, you continue again to see your book, this kind of circumstance we are called the interruption to it, it has the authority, also having sex of have the initiative, the PLC had such function .Its characteristics lie in us and may meet the urgently abrupt affairs in the operation process of the equipments, we want to stop to start immediately up of work, the whereabouts manages the more important affair, this kind of circumstance is we usually meet of, PLC while carry out urgent mission, total will keep the current appearance first, for example the address of the procedure, CPU of tired add the machine data etc., be like to stick down which the book that we see is when we open the door the page or simply make a mark, because we treat and would still need to continue immediately after book of see the behind. The CPU always does the affair that should do according to our will, but your mistake of give it an affair, it also would be same to do, this we must notice.The interruption is not only a, sometimes existing jointly with the hour several inside break, break off to have the preferred Class, they will carry out the interruption of the higher Class according to person's request. This kind of breaks off the medium interruption to also became to break off the set. The Class that certainly break off is relevant according to various resources of CPU with internal PLC, also following a heap of capacity size of also relevant fasten.The contents that break off has a lot of kinds, for example the exterior break off, correspondence in of send out and accept the interruption and settle and the clock that count break off, still have the WDT to reset the interruption etc., they enriched the CPU to respond to the category while handle various business. Speak thus perhaps you can't comprehend the internal structure and operation orders of the interruption completely also, we do a very small example to explain.Each equipment always will not forget a button, it also is at we meet the urgent circumstance use of, which is nasty to stop the button. When we meet the Human body trouble and surprised circumstances we as long as press it, the machine stops all operations immediately, and wait for processing the over surprised empress recover the operation again. Nasty stop the internal I/ O of the internal CPU of the button conjunction PLC to connect up, be to press button an exterior to trigger signal for CPU, the CPU carries on to the I/ O to examine again, being to confirm to have the exterior to trigger the signal, CPU protection the spot breaks off procedure counts the machine turn the homologous exterior I/ O automatically in the procedure to go to also, be exterior interruption procedure processing complete, the procedure counts the machine to return the main procedure to continue to work. Have 1:00 can what to explain is we generally would nasty stop the button of exterior break off to rise to the tallest Class, thus guarantee the safety.When we are work a work piece, giving the PLC a signal, counting PLC inner part the machine add 1 to compute us for a day of workload, a count the machine and can solve problem in brief, certainly they also can keep the data under the condition of dropping the electricity, urging the data not to throw to lose, this is also what we hope earnestly.The PLC still has the function that the high class counts the machine, being us while accept some dates of high speed, the high speed that here say is the data of the in all aspects tiny second class, for example the bar code scanner is scanning the data continuously, calculating high-speed signal of the data processor DSP etc., we will adopt the high class to count the machine to help we carry on count. It at the PLC carries out the procedure once discover that the high class counts the machine to should of interruption, will let go of the work on the hand immediately. The trapezoid diagram procedure that passes by to weave the distance again explains the high class for us to carry out procedure to count machine would automatic performance to should of work, thus rise the Class that the high class counts the machine to high one Class.You heard too many this phrases perhaps:" crash", the meaning that is mostly is a workload of CPU to lead greatly, the internal resources shortage etc. the circumstance can't result in procedure circulate. The PLC also has the similar circumstance, there is a watchdog WDT in the inner part of PLC, we can establish time that a procedure of WDT circulate, being to appear the procedure to jump to turn the mistake in the procedure movement process or the procedure is busy, movement time of the procedure exceeds WDT constitution time, the CPU turn but the WDT reset the appearance. The procedure restarts the movement, but will not carry on the breakage to the interruption.The PLC development has already entered for network ages of correspondence from the mode of the one, and together other works control the net plank and I/ O card planks to carry on the share easily. A state software can pass all se hardwires link, more animation picture of keep the view to carries on the control, and cans pass the Internet to carry on the control in the foreign land, the blast-off that is like the absolute being boat No.5 is to adopt this kind of way to make airship go up the sky.The development of the higher layer needs our continuous effort to obtain. The PLC emergence has already affected a few persons fully, we also obtained more knowledge and precepts from the top one experience of the generation, coming to the continuous development PLC technique, push it toward higher wave tide.Knowing the available PLC network options and their best applications will ensure an efficient and flexible control system design.The programmable logic controller's (PLC's) ability to support a range of communication methods makes it an ideal control and data acquisition device for a wide variety of industrial automation and facility control applications. However, there is some confusion because so many possibilities exist. To help eliminate this confusion, let's list what communications are available and when they would be best applied.To understand the PLC's communications versatility, let's first define the terms used in describing the various systems.ASCII: This stands for "American Standard Code for Information Interchange." As shown in Fig. 1, when the letter "A" is transmitted, for instance, it's automatically coded as "65" by the sending equipment. The receiving equipment translates the "65" back to the letter "A." Thus, different devices can communicate with each other as long as both use ASCII code.ASCII module: This intelligent PLC module is used for connecting PLCs to other devices also capable of communicating using ASCII code as a vehicle.Bus topology: This is a linear local area network (LAN) arrangement, as shown in Fig. 2A, in which individual nodes are tapped into a main communications cable at a single point and broadcast messages. These messages travel in both directions on thebus from the point of connection until they are dissipated by terminators at each end of the bus.CPU: This stands for "central processing unit," which actually is that part of a computer, PLC, or other intelligent device where arithmetic and logical operations are performed and instructions are decoded and executed.Daisy chain: This is a description of the connection of individual devices in a PLC network, where, as shown in Fig. 3, each device is connected to the next and communications signals pass from one unit to the next in a sequential fashion.Distributed control: This is an automation concept in which portions of an automated system are controlled by separate controllers, which are located in close proximity to their area of direct control (control is decentralized and spread out over the system).Host computer: This is a computer that's used to transfer data to, or receive data from, a PLC in a PLC/computer network.Intelligent device: This term describes any device equipped with its own CPU.I/O: This stands for "inputs and outputs," which are modules that handle data to the PLC (inputs) or signals from the PLC (outputs) to an external device.Kbps: This stands for "thousand bits per second," which is a rate of measure for electronic data transfer.Mbps: This stands for "million bits per second."Node: This term is applied to any one of the positions or stations in a network. Each node incorporates a device that can communicate with all other devices on the network.Protocol: The definition of how data is arranged and coded for transmission on a network.Ring topology. This is a LAN arrangement, as shown in Fig. 2C, in which each node is connected to two other nodes, resulting in a continuous, closed, circular path or loop for messages to circulate, usually in one direction. Some ring topologies have a special "loop back" feature that allows them to continue functioning even if the main cable is severed.RS232. This is an IEEE standard for serial communications that describes specific wiring connections, voltage levels, and other operating parameters for electronic data communications. There also are several other RS standards defined.Serial: This is an electronic data transfer scheme in which information istransmitted one bit at a time.Serial port: This the communications access point on a device that is set up for serial communications.Star topology. This is a LAN arrangement in which, as shown in Fig. 2B, nodes are connected to one another through a central hub, which can be active or passive. An active hub performs network duties such as message routing and maintenance. A passive central hub simply passes the message along to all the nodes connected to it.Topology: This relates to a specific arrangement of nodes in a LAN in relation to one another.Transparent: This term describes automatic events or processes built into a system that require no special programming or prompting from an operator.Now that we're familiar with these terms, let's see how they are used in describing the available PLC network options.PLC network optionsPLC networks provide you with a variety of networking options to meet specific control and communications requirements. Typical options include remote I/O, peer-to-peer, and host computer communications, as well as LANs. These networks can provide reliable and cost-effective communications between as few as two or as many as several hundred PLCs, computers, and other intelligent devices.Many PLC vendors offer proprietary networking systems that are unique and will not communicate with another make of PLC. This is because of the different communications protocols, command sequences, error-checking schemes, and communications media used by each manufacturer.However, it is possible to make different PLCs "talk" to one another; what's required is an ASCII interface for the connection(s), along with considerable work with software.Remote I/0 systemsA remote I/O configuration, as shown in Fig. 4A, has the actual inputs and outputs at some distance from the controller and CPU. This type of system, which can be described as a "master-and-slave" configuration, allows many distant digital and analog points to be controlled by a single PLC. Typically, remote I/Os are connected to the CPU via twisted pair or fiber optic cables.Remote I/O configurations can be extremely cost-effective control solutions where only a few I/O points are needed in widely separated areas. In this situation, it's not always necessary, or practical for that matter, to have a controller at each site. Noris it practical to individually hard wire each I/O point over long distances back to the CPU. For example, remote I/O systems can be used in acquiring data from remote plant or facility locations. Information such as cycle times, counts, duration or events, etc. then can be sent back to the PLC for maintenance and management reporting.In a remote I/O configuration, the master controller polls the slaved I/O for its current I/O status. The remote I/O system responds, and the master PLC then signals the remote I/O to change the state of outputs as dictated by the control program in the PLC's memory. This entire cycle occurs hundreds of times per second.Peer-to-peer networksPeer-to-peer networks, as shown in Fig. 4B, enhance reliability by decentralizing the control functions without sacrificing coordinated control. In this type of network, numerous PLCs are connected to one another in a daisy-chain fashion, and a common memory table is duplicated in the memory of each. In this way, when any PLC writes data to this memory area, the information is automatically transferred to all other PLCs in the network. They then can use this information in their own operating programs.With peer-to-peer networks, each PLC in the network is responsible for its own control site and only needs to be programmed for its own area of responsibility. This aspect of the network significantly reduces programming and debugging complexity; because all communications occur transparently to the user, communications programming is reduced to simple read-and-write statements.In a peer-to-peer system, there's no master PLC. However, it's possible to designate one of the PLCs as a master for use as a type of group controller. This PLC then can be used to accept input information from an operator input terminal, for example, sending all the necessary parameters to other PLCs and coordinating the sequencing of various events.Host computer linksPLCs also can be connected with computers or other intelligent devices. In fact, most PLCs, from the small to the very large, can be directly connected to a computer or part of a multi drop host computer network via RS232C or RS422 ports. This combination of computer and controller maximizes the capabilities of the PLC, for control and data acquisition, as well as the computer, for data processing, documentation, and operator interface.In a PLC/computer network, as shown in Fig. 4C, all communications are initiated by the host computer, which is connected to all the PLCs in a daisy-chain fashion. This computer individually addresses each of its networked PLCs and asks for specific information. The addressed PLC then sends this information to the computer for storage and further analysis. This cycle occurs hundreds of times per second.Host computers also can aid in programming PLCs; powerful programming and documentation software is available for program development. Programs then can be written on the computer in relay ladder logic and downloaded into the PLC. In this way, you can create, modify, debug, and monitor PLC programs via a computer terminal.In addition to host computers, PLCs often must interface with other devices, such as operator interface terminals for large security and building management systems. Although many intelligent devices can communicate directly with PLCs via conventional RS232C ports and serial ASCII code, some don't have the software ability to interface with individual PLC models. Instead, they typically send and receive data in fixed formats. It's the PLC programmer's responsibility to provide the necessary software interface.The easiest way to provide such an interface to fixed-format intelligent devices is to use an ASCII/BASIC module on the PLC. This module is essentially a small computer that plugs into the bus of the PLC. Equipped with RS232 ports and programmed in BASIC, the module easily can handle ASCII communications with peripheral devices, data acquisition functions, programming sequences, "number crunching," report and display generation, and other requirements.Access, protocol, and modulation functions of LANsBy using standard interfaces and protocols, LANs allow a mix of devices (PLCs, PCs, mainframe computers, operator interface terminals, etc.) from many different vendors to communicate with others on the network.Access: A LAN's access method prevents the occurrence of more than one message on the network at a time. There are two common access methods.Collision detection is where the nodes "listen" to the network and transmit only if there are no other messages on the network. If two nodes transmit simultaneously, the collision is detected and both nodes retransmit until their messages get through properly.Token passing allows each node to transmit only if it's in possession of a special electronic message called a token. The token is passed from node to node, allowing each an opportunity to transmit without interference. Tokens usually have a time limit to prevent a single node from tying up the token for a long period of time.Protocol: Network protocols define the way messages are arranged and coded for transmission on the LAN. The following are two common types.Proprietary protocols are unique message arrangements and coding developed by a specific vendor for use with that vendor's product only.Open protocols are based on industry standards such as TCP/IP or ISO/OSI。

Security in OPERA Specification based PLC SystemsGuiomar Corral, Josep M. Selga, AgustínZaballos, David González-TarragóEnginyeria i Arquitectura La Salle-Universitat RamonLlull (URL)Barcelona-Spain{jmselga, guiomar, zaballos, dgonzalez}@Luis M. TorresDesign of Systems on Silicon (DS2) SAValencia, SpainBerthold HaberlerLinz Strom GmbhLinz, AustriaAbstract— Power Line Communication (PLC) is a broadband telecommunication technology that enables the use of the existing electricity networks for high speed data transmission purposes. European project OPERA (Open PLC European Research Alliance) is a project whose strategic objective is to push PLC technology in all the different and relevant aspects. Within this framework, security is an important aspect thatshould be taken into account and integrated into thespecifications from the very beginning. The project was scheduled in two phases with a duration of two years each. Phase1 produced a first PLC specification, including security.Phase2 produced an improved specification which was submitted to the IEEE as the OPERA PLC proposal within thecontest organized by WG P1901. The paper presents the studies related to security in the PLC access technology made within this process that led to the second security specification of OPERA. Finally, an analysis of this specification isperformed.Keywords- access technologies; PLC; communications network security;OPERA project.I. INTRODUCTIONPower Line Communication (PLC) is a broadband telecommunication technology able to use the existing electricity networks for data transmission purposes, allowing any user connected to the power grid to benefit from Information Technology based services easily. The strategic objective of project OPERA (Open PLC European Research Alliance) [1] is to push PLC technology in all the different and relevant aspects (standardization, technology improvement, installation tools and processes, telecom services, dissemination,..) so as to allow the technology to become a competitive alternative to offer broadband access service to all European citizens using the most ubiquitous infrastructure, the electrical grid, which covers not only the last mile but also in-building andin-home spaces.Security has been sometimes neglected when defining standards. In fact, the initial specifications of many existing standards in related areas such as wireless [2] have been shown to have many vulnerabilities that have had to be fixedin further specifications, not without trouble for the market. Unfortunately OPERA is not different. The specification produced in OPERA Phase1 [1][3] presented also several vulnerabilities that have been fixed in OPERA Phase2 specification [4]. The writing of this second specification by OPERA was inscribed in some way in the process created by the IEEE WG P1901 with the intention of producing an IEEE standard for PLC access and in-home networks. In fact, deliverable D27 [4] is the proposal submitted by OPERA to the IEEE within the mentioned process.The presentation of the OPERA Phase2 specification and the related security analysis are the objectives of this paper.The contents of the present paper is organized as follows. Section II introduces the security requirements to be complied by the specification; Section III succinctly describes the OPERA Phase1 specification; Section IV analyzes the level of compliance of this specification; Section V outlines the basic ideas forcreating a new specification; Section VI contains a security analysis of the new specification and, finally, there is a conclusions section.II. SECURITY REQUIREMENTSThe basic objectives of any security specification are to achieve confidentiality, integrity, mutual authentication and availability. These objectives can be threatened by a series of attacks.Confidentiality is interpreted as the privacy of transactions between two nodes from all other nodes. It is made possible by the techniques of cryptography. The most relevant known attacks against confidentiality are [5]: brute force attack, dictionary attack, eavesdropping attack and precomputation attack.Data integrity refers to ensuring that data has not been altered during the transmission process. Malicious manipulation and forging of messages are different attacks against data integrity. It can be prevented by the use of Message Integrity Checks (MIC).The function of admission control is to guarantee that network resources are only accessed by authorized devices which are who claim to be. Thus, it contains two aspects, one is authentication of the stations and the other is authorizationto access the resources. Normally both functions are combined in a single access protocol. Different attacks against admission control are the following: identity usurpation, replay attacks, man-in-the-middle attacks, hijack of MAC addresses, session hijacking, masquerading, malicious device and message interception. Availability refers to the prevention from accessing and using the network by some unauthorized party. Attacks to availability are called Denial of Service (DoS) attacks. The security requirement demands that the specificationmust be robust against these attacks as well as to any other possible attack.III. SUCCINCT DESCRIPTION OF OPERA PHASE 1 SECURITY SPECIFICATION OPERA1 Specification [2][3] is aimed for PLC access networks and defines three types of devices, Head-End (HE), Repeaters (TDR, Time Division Repeaters) and Customer Premises Equipment (CPE). They typically form a multi-hopsystem like the one depicted in Figure 1.Confidentiality in OPERA1 is achieved by the use of DES[6] and 3DES[7] encryption systems. The admission control process involves three messages: an Access Frame that invites nodes to join the network, a contention Access Reply Frame that is an answer to the Access Frame and arequest to join the network and, finally, an Access Protocol Packet that basically informs about the success or failure of the admission control process. It is, thus, a 3-wayhandshake.The MAC layer is based on token passing controlled by the HE. The HE organizes and controls the downlink data frame for all data transmission from the HE to the CPEs. It also assigns the access duration for each CPE, which allows the uplink transmissions from the CPEs to the HE [2][8].The data frame structure used in the uplink and downlink transmissions is illustrated in Figure 2 [8]. Each frame begins with a “token announce” (TA). The TA is broadcasted in the clear over the network to inform the other stations about the upcoming transmission. The TA is followed by a number of bursts, each one addressing a specific CPE. Each burst consists of a burst header followed by several OPERA packets (basically similar to Ethernet packets). An interpacket header is inserted to separate two continuous packets or fragments of packets in a burst. The last symbol of the data frame carries a “Data Token” (DT).IV. OPERA PHASE 1 SPECIFICATION SECURITY ANALYSISThe most relevant vulnerabilities of OPERA Phase1 specification that have been detected are the following:Vulnerability 1: It uses DES [6] with a 56/64 bit key which has been reported to be breakable. It has even been phased out by FIPS (Federal Information Processing Standards). Brute force attacks as well as other attacks are feasible. Vulnerability 2: Admission control is only based on MAC addresses. Since these addresses are necessarily sent in the clear over the PLC channel, they can be supplanted. Hijacking and identity usurpation are easy to deploy.Vulnerability 3: There is no mutual authentication. There is no provision to authenticate masters. A malicious masterand man-in-the-middle attacks are possible.Vulnerability 4: The OPERA1 proposal does not contain any security Message Integrity Check (MIC) that could preserve data against tampering. Vulnerability 5: Channel Estimation MPDUs are never encrypted and include no MIC. Thus they can be manipulated to cause a DoS attack.Vulnerability 6: Another possible data integrity attack is just to change the position of different blocks in the payload. This would be unnoticed due to the independent ciphering of each block. It is a permutation attack.Vulnerability 7: It uses Diffie-Hellman algorithm without any protection against Man-in-the Middle attack. Although this may seem a big number of vulnerabilities of the OPERA Phase1 specification, the situation is common with other technologies, the most relevant of them being the early IEEE802.11 security specification [1].V. OUTLINE FOR A NEW OPERA SECURITY SPECIFICATIONUpon the view of the previous vulnerabilities it was clear that a new specification was needed and that it should provide stronger encryption,stronger integrity and a new admission control method really securing authentication and authorization.A- Stronger encryption.It can be obtained by the use of AES [9] or 3DES [7] ciphering algorithms. Neither of both has been reported to be cracked until today. For the new security specification the option chosen has been AES. The reason is that upon a careful comparison with 3DES it was clear that under many scenarios AES is less costly than 3DES. Another fact is that AES is recommended by IEEE and that it is believed to be more robust than 3DES.AES is a block cipher. To achieve confidentiality in messages of arbitrary length there are five options [10] called modes of operation. From these possible modes of operation the one chosen was the CTR mode because it can be performed in parallel (CFM and OFM modes do not allow this). Also it avoids some problems from the simpler ECB mode, it is well known and trusted (it has been used for more than 20 years) and does not raise Intellectual Property Rights (IPR) concerns as OCB does.B- Stronger integrity.From the variety of mechanisms generating a Message Integrity Check (MIC) the ones that support integrated confidentiality and integrity are specially interesting because they use one algorithm for both functions, thing that may avoid hardware and software costs. So the decision was to use AES for both functions: confidentiality and MIC generation. The chosen method to performintegrated encryption and authentication was CCM (Counter with CBCMAC) as defined in RFC 3610 [11]. CCM combines CTR mode of encryption with the CBC-MAC mode of authentication. CCM has been used and studied for a long time and has well-understood cryptographic properties. CCM uses the same encryption key for both processes but, in conjunction with other parameters, it leads to two separated keys.The chosen values of the M and L parameters of CCM are:M = 8; indicating that the MIC is 8 octets long.L = 2; indicating that the length field is 2 octets.The length of the MIC was chosen to be 64 bits since this is the minimum length recommended by [11]. Figure 3: Construction of an Encrypted BurstThe previous selections are coincident with those made in standardIEEE802.11i [12] for Wireless LANs. The main difference is that encryption and integrity are not applied over the same message. Encryption is performed over data bursts, which may contain several OPERA packets, while a MIC is generated for each OPERA packet (see Figure 3). The Burst header is authenticated but not encrypted. The OPERA packet header is authenticated and encrypted. This is done to improve efficiency in the very noisy environments typical to PLC channels. In case of error it is not necessary to retransmit the whole burst but only one packet. Another difference with [12] is that the OPERA specification does not support non robust options such as WEP or TKIP. This is possible because OPERA does not have to take into account IEEE802.11 legacy systems. C-Admission controlWith respect to admission control, the open possibilities were to define a specific protocol for OPERA or to use an existing standard. If such a standard existed it seems wiser the option to use it. Fortunately this standard exists and is IEEE 802.1X [13], an IEEE standard for port-based Network Access Control in LAN, based on the EAP (Extensible Authentication Protocol) [14], that has been adapted to be used in other environments such as wireless and which today is part of IEEE802.11i. Due to the adequacy and long time experience of thisstandard the decision was to make use of it in OPERA.IEEE 802.1X defines three entities, Supplicant, Authenticator and Authentication Sever (AS) and allows foran authentication dialog after the two opening messages (EAP-Request and EAP-Response) and before the closing message (EAP-Success or Failure). The three messages of the three-way handshake of OPERA Phase1 commented in Section III have similar functionality to the three EAP messages just mentioned. The approach taken in the new OPERA specification has been to keep the three messagesas defined in OPERA Phase1 for backwards compatibility.The Authenticator is in charge of converting betweenboth formats. The process has been represented in Figure 4. The Authenticator translates messages B and D into the corresponding Radius over EAP messages anddecapsulates/encapsulates messages C, those belonging to the authentication protocol of choice.A much major difference is that the Authenticator in IEEE802.11i is the Access Point while in OPERA can be the HE but also a Repeater.This creates the difference that in OPERA the communication between the Authenticator, when it is a Repeater, and the Authentication Server (Which can be located at the HE or beyond it) is also transmitted over the PLC channel. This fact implies the need to send the messages encrypted, protected with a MIC, with the same rules as in the dialog between Supplicant and Authenticator, and encapsulated into OPERA packets.Another difference is that the Supplicant can be a CPE or Repeater. So, aRepeater can be first a Supplicant and later Authenticator. A smaller difference is that the Access Protocol Packet may convey not only success or failure information but also indication of a failed dialog. The authentication dialog allowed by IEEE802.1X/EAP allows for the use of both shared secrets and certificates. This solves the problem of OPERA1 Phase1 of authenticating only on a MAC address basis.The new specification of OPERA is quite similar to the IEEE 802.11i and it complies with the RSNA (Robust Secure Network Association) defined in it. Nevertheless, the multihop nature of PLC, as shown in Figure 1, is a major difference with respect to wireless. In fact IEEE802.11i does not take into account the possible existence of repeaters.What the OPERA specification does, is to apply recursively the dialog between Supplicant and Authenticator.A node is first Supplicant and, once admitted into the network, may become Authenticator for another Supplicant. This creates a chain of trust among devices onto which security relies upon. What happens is that the messages sent by the Authenticator to the AS are transmitted over the PLC network and, thus, should be protected with encryption and integrity mechanisms as well as the data messages.In agreement with IEEE802.11i, OPERA Phase 2 uses the EAPOL 4-way handshake for key management. The objective of this handshake is to prove mutual knowledge of the PMK (Pairwise Master Key). But prior to this handshake, the PMK has to be transferred to the Authenticator and this again has to be done by means of the secure channel formed by the mentioned chain of trust.VI. SECURITY ANALYSIS OF THE NEW SPECIFICATIONThe new OPERA security specification is quite similar to IEEE 802.11i. Although this standard was developed to overcome vulnerabilities of previous standards, it has still potential vulnerabilities [15]. A first vulnerability is the so called rollback attack, an attack that does not seem possible in the newspecification because it does not include the WEP and TKIP options ofIEEE802.11i. The reflection attack described in the same reference is also not possible because it is not allowed for a device to have simultaneously both roles supplicant and authenticator.The previously mentioned chain of trust should not be subject of concern because there is a chain of trust from the source authority to the supplicant and chains are of limited length. Nevertheless it is reasonable to think that there would be some slight degradation of security in very long chains. Another possible source of vulnerabilities in chains could come in relation to the rerouting of messages due to failures or transient situations but we have not been able to find any.Still there remain some possible DoS attacks in layer 2. Forging of management messages is possible. The solution is to authenticate management frames but here there is atrade-off between security and efficiency. Access Request and Access Reply Frames cannot be authenticated but OPERA is not vulnerable to attacks such as flooding of requests because the access process in OPERA is completely controlled by the Authenticator. A special DoS attack for OPERA Phase1 is forging bit loading messages which in the current specification are sent unencrypted. The proposal is to also encrypt these messages.Also the DoS attacks against the 4-way handshake indicated in [15] are also worth considering. Another possible attack in PLC comes from the manipulation of the impedance of the electrical line or the line itself. This may cause lead to message deletion or, worse, message interception. The implementation of suchan attack seems difficult and requires specific topologies that do not seem to be common. In any case the attack would be a Man in the Middle attackfrom which the specification is already protected because it provides for mutual authentication. Another aspect being improved is the computation burden created by the need to change the key at every hop. One mechanism to improve this aspect is to use a single key to manage the HE and the Repeaters. Another is to define a protocol to agree a single key for transmission between pairs of CPE. VII. CONCLUSIONSThe earlier OPERA Phase1 PLC specification has been detected to be vulnerable to many known security attacks.This led to the definition of a new OPERA PLC specification able to overcome the known attacks. This new OPERA specification was submitted to the IEEE as the proposal of the OPERA consortium for the IEEE standard on PLC access systems. The proposal is based on the principles of standard IEEE802.11i. This is good for many reasons. One is compatibility with wireless in hybrid systems and devices. Another is to use known and proved standards. Nevertheless there are several differences to adapt the specification to the nature of PLC. The main ones are the following:-Instead of applying Encryption and MIC computation to the same block of data, Encryption is applied to Bursts while the MIC is appended to OPERA packets. This makes the system stronger against the very noisy PLC channels.-Admission control protocol is based on IEEE 802.1X except for three messages (Access Frame, Access Reply Frame and Access Protocol Packet) which have a different format but the same functionality.-The multihop nature of PLC is a major difference. IEEE802.11i does not take into account the possible existence of repeaters while OPERA do take them into account. It applies the dialog between Supplicant and Authenticator recursively so as to create a chain of trust among devices. Messages sent by the Authenticator to the Authentication Server may have to be transmitted over the PLC network and, in this case, they are to be protected following the same mechanisms as for the rest of messages. Finally aspects that deserve moreattention have been identified and several new vulnerabilities have been taken into account to provide ideas for a refined version of the OPERA specification. ACKNOWLEDGMENTThis work is supported by FP6 project OPERA (Open PLC European Research Alliance), and by “Enginyeria I Arquitectura La Salle”, DS2 and Linz Strom Gmbh. REFERENCES[1] OPERA Specification-Part 1-Technology-Version 1.0; 31/01/2006./_files/whitepapers/opera_wp2.pdf.. . Last access: 22/02/2010 [2] Todor Cooklev, “Wireless Communication Standards”, IEEE Standards Wireless Networks Series; IEEE, 2004.[3] OPERA Specification Part 2-System-Version 1.0, 31/01/2006./_files/whitepapers/opera_wp2.pdf. Last access: 22/02/2010.[4] OPERA Deliverable D27: OPERA Specification Version 2, 2007.. Last access: 21/02/2010[5] Jon Edney and William A. Arbaugh, “Rea l 802.11 Security Wi-Fi Protected Access and 802.11i”, Addison-Wesley, 2004.[6] FIPS 46-3, Data Encryption Standard (DES), October, 1999.[7] NIST SP 800-67, “Triple Data Encryption Algorithm (TDEA), including its primary component cryptographic engine, the Data Encryption Algorithm (DEA)”.[8] Le Phu Do, Halid Hrasnica and Ralf Lehnert, “Performance Evaluation of the PLC-MAC Protocol in Accordance with the OPERA Specification”. Proceedings of ISPLC07, pp 447-452, Pisa, Italy, 2007.[9] Federal Information Processing Standards Publication 197:Specification for the Advanced Encryption Standard (AES) -November 26, 2001 (FIPS-97 (2002)).[10] National Institute of Standards and Technology Special Publication 800-38A, December, 2001 Edition: Recommendation for Block Cipher Modes of Operation, Methods and Techniques.[11] IETF, Request for Comments: 3610, “Counter with CBC-MAC (CCM)”,September 2003[12] IEEE P802.11i/D10.0. Medium Access Control (MAC) Security Enhancements, Amendment 6 to IEEE Standard for Information technology –Telecommunications and information exchange between systems – Local and metropolitan area networks – Specific requirements – Part 11: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications. April, 2004. [13] IEEE Standard 802.1X-2001. IEEE Standard for Local andmetropolitan area networks – Port-Based Network Access [14] IETF, Request for Comments: 3748. Extensible Authentication Protocol (EAP), June 2004.[15] Changhua He and John C Mitchell, “Security Analysis and Improvements fro IEEE 802.11i”. The 12th Annual Network and Distributed System Security Symposium (NDSS'05), pages 90-110. Feb. 2005. 4778。

在写作plc论文时，参考文献是必不可少的，作者在选取参考文献时，应兼顾中文文献和英文文献的比例，本文整理了几十个最新的"plc英文参考文献范例"，以供参考。

plc英文参考文献范例一：[1]LIANG Ning.Development of Automatic Sorting Device for Dried Jujube Appearance Quality Based on Machine Vision [D].Yangling:Northwest A & F University,2019.[2]ZHANG Pengpeng,ZHOU Min.Design of Handling Control System for LCD Substrate Production Line [J].Combined Machine Tool and Automatic Machining Technology,2019,（9）：111-113,123.[3]CHEN Xing.Design of the Appearance Detection System of Electrolytic Capacitor Based on Machine Vision [J].Manufacturing Technology & Machine Tools,2018,674（8）：153-157.[4]SU Chaoyang.Research and Development on Capacitor Appearance Defects Based on Image Processing Technology [D].Nanjing:Nanjing University of Aeronautics and Astronautics,2018.[5]HUANG Xinbing,LIU Xiaojuan.Design of Pneumatic Household Elevator Based on PLC Control [J].Chinese Hydraulics & Pneumatics,2019,（10）：129-134.[6]WU Hanjiang,ZHANG Fengshou,ZHANG Jiaqi.Design of Honey Pomelo Sorting System Based on PLC [J].Packaging and Food Machinery,2019,37（4）：28-30.[7]LIN Zhongxing,ZENG Xianjie,ZHANG Zongshuo.Design of Automatic Pad Printing Machine for Lamp Cap Logo Based on Pneumatic Transmission [J].Chinese Hydraulics & Pneumatics,2019,（1）：117-121.[8]LI Yingjue,WEI Kexiang.Design of Automatic Measuring Machine for Wall-thickness of Flange Parts [J].Machine Tool & Hydraulics,2019,（17）：93-97.[9]LI Jibo,HUANG Yuanzheng,XUN Jiyong.The Design of Cigarette Box Appearance Detecting System Based on Machine Vision [J].China Instrumentation,2018,（6）：68-71.[10]WANG Tao,GUO Jinliang.Design and Implementation of Robot Precise Grasp Based on Image Processing [J].Manufacturing Technology and Machine Tools,2018,（12）：47-51.[11]TAO Wencai.Design of Vision Inspection System for Mobile Shell Surface Defects [D].Shenyang:Shenyang University of Technology,2018.[12]JIA Zhenzhen,ZHANG Tao,CAO Xingqiang,et al.Design and Realization of theFood Inner Packaging Detection Device Based on the Machine Vision [J].Food & Machinery,2018,34（7）：111-114.[13]LU Minzhi,WANG Zhiwei,WANG Wei.Control System Design of Automatic Laminator Based on Machine Vision Locating [J].Machine Tool & Hydraulics,2017,45（11）：59-63.[14]ZHANG Shuzhen.PLC Control in the Implementation of Surface Defect Detection Experiment Device [D].Hefei:Hefei University of Technology,2017.[15]LIU Yunjun,LIU Jinguo,LI Yangmin.Design of Automatic Docking Gripper for Pipe Joints Based on PLC Control [J].Chinese Hydraulics & Pneumatics,2018,（9）：44-48.plc英文参考文献范例二：[16]ROMIJNDERS L N G.The development of a new segmented deepwater wave generator[C]// Fourth International Symposium on Ocean Wave Measurement and Analysis.San Francisco,US:ASCE,2002:1209-1217.DOI:10.1061/40604（273）122.[17] HMIDA U B, HAMDI U, MOUNIR S. Design of wireless power and data transmission circuits for im-Plantablc biomicrosystcm[J].Biotechnology, 2007,6（2）：153-164.[18] STRASSNER B, CHANU K. Microwave power trans-mission: historical milestones and system components[J].Proceedings of the IEEE, 2013,101（6）：1379-1396.[19]WANG Y Z,GONG W,CHI L H.Numerical simulation on oscillation-sliding-uplift rock coupled motion of caisson breakwater under wave excition [J].China Ocean Engineering,2010,24（2）：207-218.[20]NOHARA B T,YAMAMOTO I,MATSUURA M.The organized motion control of multi-directional wave maker[C]//Proceedings of 4th IEEE International Workshop on Advanced Motion Control.Mie,Japan:IEEE,1996:470-475.DOI:10.1109/AMC.1996.509294.[21] Chu Liang,Chao Libo,Ou Yang,et al.Hardware-in-the-loop simulation of traction control algorithm based on fuzzy PID[J].Energy Procedia,2012,16（3）：1685.[22]LAOUAR A,GUERZIZ A,BOUSSAHA A.Calculation of eigenvalues of Sturm-Liouville equation for simulating hydrodynamic soliton generated by a piston wave maker [J].Springer Plus,2016:1369-1385.DOI:10.1186/s40064-016-2911-0.[23]Cheded.Al-Mulla. Control of a four-level elevator system using a programmable logic controller. International Journal of Electrical Engineering Education.,2003[24]Matsushita Electric Works Ltd., Automation Control Group. FPO programming manual [EB/OL]. （2004-10-05）[2008-09-10][25]He yong yi. A Control System of Material Handling in FMS. Journal of shanghai university. Vol.1.No.1.1997[26]Ren Sheng-le. Development of PLC-based Tension Control System.Chinese Journal of Aeronautics20 （2007） 266-271[27]M. Paredes, M. Sartor, C. Masclet. An optimization process for extension spring design. Computer Methods in Applied Mechanics and Engineering. 2001, 191（8）： 783-797[28]Siemens AG.Working with STEP7 V5.2 Getting Started.2002[29]Michel Gilles.Programmabe Logic Controllers:Architecture and Application Wiley.1990.[30]G.L.Batten. Programmabe Controllers:hardware.software and ApplicationNew York:MC Graw-Hill.1994.。