1. Introduction
Until a few years ago, the main areas of research related to power electronic devices (PEDs) were mainly in a few standard areas/topics such as proposing new circuit schematics of different types of power converters, using new elements in the fabrication of power semiconductors, and using different methods, techniques, and circuit schematics to increase the efficiency of power converters. Now, with the rapid development of IP networks and their penetration into all areas of life, a new topic of research has been added to the above-mentioned main areas of research related to PEDs. This topic concerns studies related to the cyber security of PEDs, as well as studies related to the characterization of the communication traffic that PEDs generate. These studies can be grouped together under the most general heading of “network studies”. Research in this new topic is growing, and the results of this research are beginning to be a very important part of the characteristics and capabilities of a network capable PED (the ability to connect to communication networks, in part to IP networks).
Power electronic devices (PEDs), as well as energy storage systems, have long been able to connect to communication networks, in particular to IP networks and mainly to the Internet. Thanks to this functionality, these devices can be monitored remotely from great distances, as well as controlled remotely. This is a great convenience in today’s world. As a convenience, this functionality appears to be a vulnerability and a great danger for these devices. In the modern world, any device that is connected to the Internet can be a victim of some form of cyberattack. The result of the attack can be anything from simply making the device unavailable for a period of time, to the much more dangerous options of having the device controlled and monitored by individuals who have no right to do so (i.e., being hacked). The hacked PED could be part of some critical network/infrastructure and the breach could render the entire critical infrastructure inoperable. It is therefore necessary to test and study whether the data exchange between the PED and the monitoring and control center is secure before installing a PED in such critical infrastructure.
The study of whether the exchanged information is secure or not can be most easily and quickly accomplished by using IP network modeling platforms. Thanks to these platforms, models of IP networks composed of multiple and different network devices can be created [
1,
2,
3]. This can create a miniature model of the real IP network to which a PED would connect and subject it to tests to verify the security of information exchange. Furthermore, through this model of an experimental IP network, different methods, techniques, and technologies can be applied to secure the information transmitted by the PED. Thanks to these platforms, one can trace and monitor in real time what is happening in the modeled IP network when using the corresponding technique or technology to secure the data exchange. Thus, after the end of the study, it can be stated with certainty whether the information generated by the studied PED is secure or, if it is not secure, whether the techniques, methods, and technologies applied have resulted in ensuring the security of the data generated by the PED.
This work will demonstrate the capability of the GNS3 IP network modeling platform to be used to study whether data exchange between a PED and a workstation (control center) is secure. If the information exchange is not secure, then again using GNS3, ways to secure the information exchange will be demonstrated.
This work is indirectly related to energy efficiency management in computer and communication networks. The commonality between the presented research and energy efficiency management in computer and communication networks is the cyber security of PEDs that are used to power network devices and servers in critical infrastructures. If a PED is compromised (hacked), it can have consequences for the proper operation of the PED. For example, the code/program that causes the PED to operate at a very high efficiency could be changed so as not to be close to 100% (or more) efficiency. An example of such a PED is an MPPT (Maximum Power Point Tracking) solar controller. It has some algorithm/program/code in it, by which it continuously searches for the maximum power delivery point. If that PED is hacked, the algorithm can be changed and so the output power will be changed, resulting in its energy efficiency being drastically reduced. It is therefore necessary to carry out research on any PED that has the capability of connecting to a communication network to verify that the information exchange is secured. The proposed work addresses exactly this aspect—how to simply and easily model some IP network to study whether the information exchange is secure, and if not, how it can be secured.
2. Article Structure
This article has the following structure:
Section 1—Introduction. Here is presented a brief description of the state of the problem under consideration.
Section 3—Related work. Here is presented a review of various works related, or very close to, the problem discussed in this article.
Section 4—Used platform, tools, and research methodology. Here are explained the choice to use the GNS3 platform and the monitoring and measurement tools used during the study.
Section 5—Experimental setup. Here the experimental setup is shown and explained.
Section 6—Results. Here are presented the obtained results from the study.
Section 7—Discussion and analysis of the obtained results.
Section 8—Future work. Future plans for further development of the work are presented and discussed.
3. Related Work
In [
4], the authors review the cyber dangers to which electric vehicles may be exposed. Several examples of realized cyber-attacks against EVs (Electric Vehicles) and the outcome of these attacks are discussed. Additionally, the authors verify their research in which they model a cyber-attack against an electric vehicle while it is charging (data exchange mode with the charging network). Finally, a model developed by the authors for an innovative system to protect electric vehicles from cyber-attacks is presented.
In [
5], the authors make a thorough review of possible vulnerabilities and attacks against an AC (alternating current) smart grid-tied voltage-source-converter system. They extensively consider what would happen to any single PED in such a grid. Additionally, ways to mitigate the damage from cyber-attacks are discussed. Finally, future trends and challenges related to cyber security of smart grid applications are discussed.
In [
6], the authors survey the vulnerabilities that are specific to a Smart Grid. The vulnerabilities are divided by sectors—security of control systems; smart meters security; security of state estimation; security of the communications network. For each of these Smart Grid sectors, an overview of the vulnerabilities that are unique to that sector is provided.
In [
7], the authors propose the use of neural network multilayer long short-term memory networks (MLSTM) to detect data integrity attacks (DIA). These are cyber-attacks whose goal is to insert false data or replace part of the exchanged data to make the attacked system make wrong decisions. To repel this type of attack, the authors propose the use of only one voltage sensor and only one current sensor, whereby the information from these sensors is transmitted to the artificial neural network, which will process the information and make decisions about the presence of attacks.
In [
8], the authors consider the possibility of “infecting” an EV charging network by using an infected EV plugged in to charge. Due to the possibility of “infecting” an EV while it is charging, the authors propose a method that they developed to secure the battery management systems (BMS) of the EV by using Moving Target Defense (MTD) technology. This is an automated cyber defense against multiple cyber-attacks. It is a technology that prevents or stops entirely multiple memory impacting attacks.
In [
9], the authors consider the possibility and propose to use software-defined networks to control Microgrids in order to regulate the frequency and voltage of Microgrids that are connected to communication networks. In addition to control, software-defined networks can also be used to enhance the protection of Microgrids against potential cyber-attacks. To validate the feasibility of their proposal, multiple simulations were conducted using Matlab/Simulink and GNS3.
In [
10], the authors review the different types of cyber-attacks that battery energy storage systems (BESSs) can be subjected to. In order to prevent or minimize the probability of any cyber-attack being deployed against BESSs, the authors propose the use of blockchain technology combined with artificial intelligence and machine learning to detect false data injection attacks during the operation of BESSs.
In [
11], the authors review a microgrid and some of its security vulnerabilities. They also discuss the technologies SOAR (Security Orchestration, Automation, and Response), ML/AI (Machine Learning/Artificial Intelligence), and Blockchain technology, and how these technologies can provide a microgrid with a security solution against cyber-attacks.
In [
12], the authors consider what would be the outcome of a cyber-attack with malware in Cyber-Physical Power Systems (CPPSs). Additionally, the authors address how the timing of the malware attack is of particular importance. Until this time X occurs (time X is the point when enough hosts are infected), the malware is in hibernation/incubation mode (in this mode, the malware only infects hosts without attacking the system). Thus, the authors have found that malware running in this manner inflicts the most damage on the attacked system.
In [
13], the authors develop a hybrid cyber-attack model in which integrity attack and availability attack are combined. Thus, the control center will be confused and will not be able to detect this attack, resulting in potential damage to the attacked system. The results show that the hybrid attack confuses the control center by manipulating the integrity of the data obtained from the continuous measurements in the system. The model developed by the authors can be used as an effective tool in the study of complex Cyber-Physical Power Systems (CPPSs), including, for example, in the evaluation of different attack strategies.
In [
14], the authors propose an optimized approach for active attack detection in constrained Cyber-Physical Systems (CPS). Their research mainly focuses on a specific type of DoS (Denial of Service) attack called the Prevented Actuation Attack and how to identify it. During this attack, the attacker prevents the exchange of information between a control station and actuators. To detect the attack, the authors propose the use of parallel detectors based on a multiple-model adaptive estimation approach to detect the attack and identify which actuator is under attack.
In [
15], the authors consider the possibility of wind generators being the target of a distributed denial-of-service (DDoS) attack. The objective of their work is to verify whether IP network modeling platforms are effective in creating a fault-tolerant system to provide information about cybersecurity in the context of wind power. The platform used is GNS3. Using it, the authors will develop a new fault-tolerant system.
In [
16], the authors make an in-depth review of vulnerabilities in an inverter-based power system. Additionally, a review of possible ways to detect an attack as well as mitigate the impact of the attack on the system is conducted. A review of various modeling and simulation platforms for different scenarios related to cyber security research on power electronic devices is presented. A further comparison is made for which cyber-attacks are possible for which type of grid, and with which simulation tool different cyber-attacks can be simulated.
In [
17], the authors discuss the vulnerabilities in a battery management system (BMS) and which cyber-attacks can exploit these vulnerabilities. In order to secure such a system from cyber-attacks, the authors propose the use of blockchain technology. The authors propose the use of a blockchain and their proposal as a basic reference for BMS system developers. Thus, future BMS systems will be protected from cyber-attacks.
In [
18], the authors consider the probability that one charging station out of all of them will be compromised. In this work, the authors consider the impact of a false data injection (FDI) attack, as well as hijacking attacks. The authors have simulated hijacking of a subscriber’s phone as well as an FDI attack against a charging station. The results of the simulation show significant malicious consequences when only one of the charging stations is compromised.
Additional research on this topic can be found in [
19,
20,
21,
22,
23,
24,
25,
26,
27,
28,
29,
30].
In summary, the following can be stated: PEDs and the systems in which PEDs are used, such as microgrids, energy storage systems, electric vehicles, and many others can now be considered as end devices/hosts of communication networks, and in particular, the IP network. As such, they are already subject to, and can fall victim to, various cyber-attacks, as shown by the carried-out literature review. Therefore, research in this area of power electronics is now of paramount importance, as well as the standard research in power electronics such as power converter energy efficiency, new circuit designs for converters, etc. The main tools that are used for the performed studies from the authors above are the network simulation platforms. This shows that these modeling platforms are perfect for these kinds of cyber security studies. These platforms are suitable for studying the effects of cyber-attacks, the execution of a cyber-attack itself, and possible methods, techniques, and technologies for detecting or preventing cyber-attacks. Without these platforms, these kinds of studies will be difficult to perform.
4. Used Platform, Tools, and Research Methodology
4.1. GNS3
For the purpose of this work, the GNS3 IP network modeling platform [
31] will be used. Why this platform? There are several specific reasons for its use, which are related to specific capabilities that are unique to this platform:
Working with disk images of real operating systems of real network devices, such as routers, switches, and more. IP network models built in this way are as close as possible to real IP networks that are built from such network devices.
Ability to connect the developed models to real IP networks or to the Internet.
Completely free.
These capabilities make GNS3 ideal for studying IP networks by creating models of IP networks made from disk images of real network devices. The platform enables the construction of all kinds of IP network models, from very simple to very complex. The platform can also be used in the study of PEDs, and for the study of Cyber-Physical Power Systems (CPPSs).
4.2. Used Tools
For the purpose of this study, the following tools are used:
The used network protocol analyzer is Wireshark [
32]. Its packet capturing and unpacking capabilities are ideal for the process of testing whether a data exchange between a PED and a control center is secure. This includes testing how information is transmitted (encrypted or not), how user data (username and password) is exchanged, and many other capabilities.
The used network analyzer is Capsa Free [
33]. For this study, the capabilities of this tool will be used in the monitoring of IP networks. Due to the capabilities of this tool for monitoring certain parameters such as generated traffic, traffic generated by protocols, and protocols used, among others, it will be possible to characterize the traffic generated by a PED.
Mathematical approximations can be used as additional tools that can be used to characterize the generated traffic by a PED [
34,
35]. The most appropriate parameter that can be represented by approximations is the distribution of the size of the generated packets. This will give a very good visual representation of what the packet size distribution constitutes, and it will show what kind of packets the studied PED generates.
4.3. Methodology of the Research
This study is conventionally divided into two parts. In the first part, a power distribution unit (PDU) is studied, and in the second part, a double-conversion UPS is studied.
The GNS3 platform is used in both parts of this study. By using it, an IP network is modeled which acts as a “WAN” (Wide Area Network). The generated traffic from the studied PEDs passes through the network devices in the modeled network until it reaches the control center. All nodes in this modeled “WAN” network are monitored by Wireshark. This simulates passive eavesdropping whereby the exchanged information is captured by Wireshark and then written to a file.
In parallel, Capsa Free continuously monitors the traffic that is generated by the studied PEDs to provide a brief characterization of the generated traffic. The monitored parameters are generated traffic and traffic generated per port.
5. Experimental Setup
Figure 1 conceptually represents the experimental network topology. The modeled “WAN” represents the modeled IP network, going through the GNS3 platform, wherein the WAN Router is the router through which the modeled network accesses the Internet. To this router, the studied PEDs (PDU or the UPS) are connected. Through the thus made experimental setup, the data exchange between the control center (virtual machine connected in the modeled “WAN” network) and the studied PED is simulated and observed.
Figure 2 represents the topology of the modeled WAN. It is composed of a set of six routers (R1 to R6) and five switches (Switch One to Three and ESW One and Two). R1 to R6 are emulations of real routers. They have all of the capabilities and features of the real routers they are emulating. Switch One to Switch Three are simulations of network IP switches. These switches are layer two and are unmanaged. ESW One and Two are emulations of real managed layer three switches. On these layer three switches, nothing is configured (like out of the box), and they are working like ordinary unmanaged layer two switches. Access to the real networks and the Internet is achieved using the pfSense software firewall. The pfSense firewall is used as a border router. It is free and has a lot of capabilities and features to secure the network from inside and outside [
36]. In the modeled network, the MPLS (Multiprotocol Label Switching) technology is used along with EIGRP (Enhanced Interior Gateway Routing Protocol). No other configuration such as QoS (Quality of Service) or load balancing are made in the modeled network. The studied PEDs are accessed from the control center, which is a virtual machine connected to the modeled IP network. The control center accesses only the studied PEDs. User_X is some user in the modeled WAN that represents another virtual machine that accesses any resources on the Internet. The idea of this User_ X is to simulate other users in the modeled network accessing different resources on the Internet.
6. Results
6.1. Results from Studying the PDU
For the purpose of this study, a PDU was used, which is used by some of the ISPs (Internet Service Providers) in Bulgaria. It is used for power management of various network devices and to monitor the availability of power supply voltage. Apart from this, the studied PDU can also monitor various atmospheric parameters in the rooms where these network devices are located such as temperature, humidity, etc.
6.1.1. Characterization of the Generated Traffic
The Capsa free network analyzer was used to characterize the traffic generated [
37,
38] by the studied PDU. All of the obtained results are from this tool.
Figure 3 shows what is the traffic generated by the tested PDU at every ten-second interval. As can be seen, the traffic is minimal, at times even missing, because at these times, the PDU is not accessed.
Figure 4 represents the generated traffic for the entire study period. As can be seen from the results, the total generated traffic from the PDU study is very small. These results from
Figure 3 and
Figure 4 show that the studied PDU can be connected to any kind of IP network, and even to an IP network with a meter connection called a cellular network.
Figure 5 shows which ports generate the most traffic. This is TCP (Transmission Control Protocol) port 80, because the PDU is only accessible through a web browser. The other ports are used by the operating system of the virtual machine working as a control center to access specific servers of the OS (Operation System) developers, through which it continuously exchanges some service data. This information is important because the network administrator can leave the used ports from the PDU open. This information is of great importance for the cyber security of the network.
6.1.2. Data Exchange Security Study
To verify that the data exchange between the control center and the PDU is secure, the capabilities of the Wireshark network protocol analyzer are used. All subsequent results are obtained from it.
Figure 6 shows that the username and password are exchanged in plain text. Exchanging user information in this way is very dangerous because it can easily be intercepted. This is a major drawback of the studied PDU. If someone is nonstop “sniffing” the traffic in a network (there are many persons of this kind), they can easily capture this information and use it to hack the device (for fun or for something else). As a result, the PDU will be compromised and misused.
Figure 7 shows that in addition to the username and password, other important information is exchanged in plain text. This is the menu information for changing the password of the user account to access the device. This way of exchanging information is unacceptable.
Figure 8 shows the code that is exchanged between the PDU and the control center to control the power contacts of the PDU. The information is again in plain text and can be manipulated very easily.
6.2. Results from Studying the UPS
Double conversion UPS was used for the purpose of this study. This type of UPS is the most used UPS for powering the communication equipment installed in various critical infrastructures. This is the most used type of UPS due to the fact that at the output of the UPS, in battery mode (mains power failure) the voltage is sinusoidal (ideal sine wave). The UPS under study is one of the most used brands for providing uninterruptible power supply to various forms of communication equipment. For the normal and trouble-free operation of expensive communication equipment, the AC power must be with an ideal sine wave. Such an AC voltage is characterized by only one spectral component, the first harmonic, with the other harmonics being absent. This is not the case with the other two UPS types (line interactive and passive (stand by)). In these types of UPSs, the output voltage is not sinusoidal but is rather a modified sine wave, which is characterized by a rich harmonic composition. Such a voltage can cause the expensive communication equipment to be defective or to not function properly.
6.2.1. Characterization of the Generated Traffic
The results were again obtained from the Capsa Free network analyzer.
Figure 9 presents the traffic generated at every ten-second interval. As can be seen from the obtained results, they are analogous to the same results obtained for the PDU. Here again, at the times when the UPS is not accessed, no traffic is generated.
Figure 10 presents the results for the generated traffic for the entire study period. The difference to the results obtained for the PDU is that here the total traffic generated at around one MB is much less than the traffic generated by the PDU.
Figure 11 shows which ports generate the most traffic. As can be seen, the results are similar to the same ones obtained for the PDU. This is because the UPS is also only accessed through a web browser, so TCP port 80 has generated the most traffic. UDP (User Datagram Protocol) port 5355 is used for LLMNR (Link-Local Multicast Name Resolution) device discovery for SNMP (Simple Network Management Protocol), UDP port 53 is used for domain name resolution, and UDP port 137 is a NETBIOS Name Service. The difference with the results for the PDU is due to the fact that a different operating system was used for the UPS study, which generates traffic on these ports. The other TCP ports are again for data exchange with the OS developer’s servers.
6.2.2. Data Exchange Security Study
The results are again obtained from the Wireshark network protocol analyzer.
Figure 12 shows how user information is exchanged between the UPS and the control center. Again, this information is exchanged in plain text. Thus, this UPS can be easily hacked and manipulated.
Figure 13 represents the code that is sent to visualize the different parameters that are measured by the UPS. From the figure, it can be seen that these are the different parameters that are monitored for the battery status and these parameters are related to the output voltage such as current, voltage, frequency, power consumption, and many more. Thus transmitted, this data can be modified and can be subject to data integrity attacks.
Figure 14 shows the code that is sent when the UPS shutdown methods menu is selected. As can be seen from the results here too, the information is exchanged between the UPS and the control center in plain text. In this case, it can be seen that the “safe power down and reboot” shutdown mode is selected.
6.3. Security of Data Exchange
As seen from the presented results, the data exchange between the two studied PEDs and the control center is not secure. Important and critical information is exchanged in plain text. Thus, it can be easily intercepted and subsequently modified. Therefore, the information exchange needs to be secured.
In this work, I propose the VPN technology to be used as the easiest and fastest way to secure the exchanged information. The results from implementing the VPN technology are shown in
Figure 15.
In the modeled “WAN” network (from
Figure 2), a tunnel is created between R1 and R4 that passes through R1, R2, R3, R4, and vice versa.
Figure 15 shows the results of the data exchange between the PDU and the control center. The results when accessing the UPS are exactly the same and therefore will not be shown. Note that 10.0.5.2 is the IP address of the interface g1/0 of R4 and 10.0.1.1 is the IP address of the g1/0 interface of R1. These two interfaces are the input and output of the tunnel. If the incoming data meets certain conditions that are configured in both routers, this data is encrypted and sent over the tunnel. As can be seen from the results, the information is encrypted and cannot be read by Wireshark. Note that 192.168.50.2 is the IP address of User_X. As can be seen, it is accessing different content on the Internet that goes along with the encrypted data in the tunnel. Other ways to implement secure data exchange are presented in [
39,
40].
7. Discussion
7.1. Discussion of the Results from Section 6.1
From the results for the characterization of traffic generated by the PDU, expected results were obtained. The traffic generated was small, and at times nothing was generated. This result is expected since for the PEDs that have network functionalities (i.e., can be controlled and monitored remotely), the generated traffic is only from sending statistics (measured values of various parameters) and control commands.
Regarding the security of the exchanged data, whose study is the main task of this work, the studied PDU does not offer any security for the exchanged information. As can be seen from the obtained results, absolutely all of the exchanged information between the PDU and the control center is transmitted in plain text. The user data (username and password), the code used to display the menu, and the password change process itself are transmitted in plain text. In addition, the commands for controlling the power outputs to which the network devices are connected are also transmitted in plain text. Such a PDU, which is used by ISPs, is unacceptable for the modern reality because it would be very easy “prey” for hackers. Thus, network equipment becomes very easy to manipulate. It can be permanently rebooted, or in the worst case, permanently shut down. As a result of this action, the device will have to be manually switched on due to the inability to be switched on remotely. This process may be repeated many times until the cause of this permanent reboot or shutdown of network devices is determined, which may take a long time to establish. There is even the possibility of not being able to enter the PDU management menu because the username and the password may be changed. This device will then be unusable and the only remaining useful move is to substitute the PDU with another one. Of course, there is the possibility that everything described until now will be repeated again and again until the problem is finally solved. All of this will lead to the eventual compromise of part of the ISP’s network and ensuing user dissatisfaction.
There are many different solutions to this problem. The easiest and quickest solution is to use VPN technology. As can be seen from the results in
Section 6.3, the information is already encrypted, and it is not transmitted in plain text. The data exchange is secure. The PDU can no longer be hacked so easily; it is even kind of “hidden”, so its existence is not known, thanks to the working principle of VPN technology. The use of this technology secures the data exchange and even part of the ISP’s communication network.
7.2. Discussion of the Results from Section 6.2
The results for the traffic characterization are similar to those for the PDU. The generated traffic is again minimal, with no traffic at times when the UPS is not accessed. Everything discussed for the studied PDU also applies to the studied UPS.
Here again it was found that the data exchange is not secure. All important information is transmitted in plain text, including the user information, the measured parameter values, and the UPS shutdown commands. The UPS can very easily be hacked, or to say much more “culturally”, the UPS can be manipulated remotely by others to sabotage the operation of devices that are powered by it, or just for fun. This is also true for the PDU under study. The potential consequences of cyber-attacks over the studied UPS are the same, similar to the ones discussed in the above section (for the PDU).
To secure the data exchange between the UPS and the control center, again it is proposed to use VPN technology as the easiest to implement. Again, the data is encrypted, and the UPS is hidden.
8. Future Work
In this work, a small part of the cyber security topic of power electronic devices is discussed. The main focus of this work is the applicability of the GNS3 platform to detect cyber vulnerabilities in the studied power electronic devices and how these vulnerabilities can be removed. Therefore, the most commonly used cyber-attack—the DoS attack—is not considered and discussed in this work. Subsequent development of this work will involve modeling of an IP network to which a PED is connected. A DoS attack will be performed on this modeled network. A characterization of the traffic in the network under attack will be made. This characterization will present what is happening in such a network. Various methods, techniques, and technologies will be tested to prevent the effect of this attack on the PED. A comparison will be made between the tested methods, techniques, and technologies which will present the pros and cons for each of them.
9. Conclusions
The possibility of using IP network modeling platforms to study whether data exchange is secure or not is explored. It is proposed to use the GNS3 platform.
The proposed method for carrying out the study is simple and easy to implement. A popular and world-famous tool for monitoring IP networks—the Wireshark network protocol analyzer—is used to check whether the data exchange is secure or not.
The applicability of the GNS3 for studying/verifying whether the information exchanged between the PED and the control center is secure or not is confirmed with the obtained results. From the carried-out study, it was found that the PEDs under study do not offer any security for the exchanged data.
The use of VPN technology to secure the data exchange has been proposed. From the obtained results, it is seen that the data exchange is secure, it is already encrypted, and the studied PEDs are “hidden”.
The carried-out research confirms that the GNS3 platform can be used for studying whether the data exchange between the PED and the control center is secure. By using GNS3, different methods, techniques, and technologies can be studied and verified by which the exchange can be secured and thus the most appropriate technology for a specific PED can be selected.
This study shows that GNS3 can be used for the characterization of the generated traffic from the PEDs. The results show and confirm the opinion that PEDs do not generate much traffic. There are even moments when the studied PEDs do not even generate traffic. This mean that PEDs can be connected to almost any kind of IP network, without fearing that the generated traffic from the PEDs will lead to some kind of traffic problem such as congestion of the network. Another useful piece of information from the characterization of the generated traffic is the used ports or the ports that generate the most traffic. This information is useful for the cyber security of the network because the administrator of the network will know which ports to leave open.
A disadvantage of the GNS3 that can be mentioned, as of all IP network modeling platforms, is the requirement for high computational capabilities of the workstation that will be used to model the networks. In order for the modeled networks to run smoothly and seamlessly, the computing power requirement needs to be met.
The main contribution of this work and its novelty is the demonstration of the ability to use the GNS3 platform to study whether the generated and exchanged communication traffic between a power electronic device and a control center is secure. Thanks to the capabilities of GNS3 and Wireshark, any power electronic device that has the ability to be remotely managed and monitored over an IP network can be examined to see if the information exchanged with it is secure. If it is not secure, any methods, techniques, and technologies to secure the information exchange can be examined using the GNS3 capabilities. The most suitable technology/technique can then be applied in the real/physical network. The creation of IP network models in the platform is relatively easy, which makes uncomplicated the process of studying whether the information exchange is secure. All of the above is confirmed by the results of this research.