Wireless is a hot topic and is being discussed in forums, in print and in day-to-day conversations around the globe. In each of these discussions the security of a wireless network is the main topic of concern.
This is unfortunate and almost completely unfounded as the correct wireless system is ideally suited to many industrial situations, especially in areas where hard-wired connections are expensive or impractical due to distance, access or physical hazards.
Most of us have come into the industrial wireless world via our use of wireless for home and office applications. We have seen that security on these types of networks was initially poor or lacking.
Due to these past experiences, everyone is now wary of wireless communications, especially when we start looking at employing it in industrial process and production plants.
In reality, industrial wireless systems are purpose-built to address these security issues in the same way internet banking has been securely deployed around the world. However, of the two common standards, ISA100.11a and WirelessHART, one is claimed to be easier to secure than the other due to its additional in-built safety protocols.
Robust security features are built into the standards and the devices in each of the systems and these cannot be disabled. The two standards have been designed to ensure data and system integrity as well as ensuring they still remain easy to use and employ.
Encryption
The protection of data is one of the main features of the industrial wireless standards. Data security is implemented from the device to gateway utilising Advanced Encryption Standard (AES) 128 bit encryption.
Wireless messages are enciphered such that only the final destination can decipher and utilise the data. AES is based on a design principle known as a substitution-permutation network.
The AES-128 encryption method is extremely secure. All known attacks on AES are computationally infeasible which is why it is used in applications such as internet banking.
This is further demonstrated by the fact that the US government previously announced that the design and strength of all key lengths of the AES algorithm are sufficient to protect classified information up to the "secret" level.
For AES-128 bit, the key can be recovered with a computational complexity of 2126.1.
To further ensure security on an industrial wireless network, a security join key is also employed. The join key serves as authentication to the network security manager that the device should be allowed onto the network.
There are several technologies to minimise interference.
If a device does not broadcast the correct join key it is not permitted to enter the wireless network or to send any data on it, effectively preventing rogue devices from compromising the network.
Potential security risk
For a WirelessHART network, a HART communicator is employed to manually enter the join key into each field device. A common join key (like a physical 'master key') can be used across multiple devices making set-up easy, but this also means that security could potentially be compromised.
ISA100.11a wireless devices take join keys one step further. For these devices infrared (IR) communication is used to ensure a secure and short range connection to a PC.
Authorised software on the PC then provides a fully encrypted join key which is unique to each individual field device and cannot be copied or compromised.
That way, only a properly authenticated device is permitted to join the network. This is an important safeguard for industrial wireless users.
Interference
Apart from data integrity, the wireless network must also be secure against interference - another key concern among those yet to make the step to industrial wireless. The ISA100.11a and WirelessHART standards employ a 2.4GHz frequency for data transmission.
This frequency is within the Industrial Scientific and Medical (ISM) band which is open world wide and hence is used by many other wireless technologies as well, such a Wi-Fi and Bluetooth.
The wireless network must be secure against interference.
It is essential that the industrial wireless standards can co-exist with these other technologies and hence they have a number of in-built features to ensure this is successful.
There are several technologies employed in the ISA100.11a and WirelessHART standards to minimise interference, which include:
-
Frequency / Channel Hopping. The 2.4GHz frequency is divided into 16 non-overlapping channels. Devices employ a channel hopping sequence to enable them to reduce the chances of interference with other networks. The ISA100.11a or WirelessHART network manager allocates the frequencies and hopping sequence to be employed automatically without any user intervention being required.
-
Channel Blacklisting. The wireless network can be manually configured to avoid one or more frequency channels. If there are specific frequencies that are highly utilised by other networks, the ISA100.11a or WirelessHART network can avoid operating on these channels and hence reduce the potential of interference.
-
Direct Sequence Spread Spectrum (DSSS). This technology allows the wireless transmission to be spread over the entire frequency channel. Devices with the correct decoding information receive the data while for other devices it appears as noise and is disregarded.
-
Low Duty Cycle Operation. Employing Time Division Multiple Access (TDMA) means the network can be divided into configurable length timeslots, typically between 10-14msec. Wireless transmissions then occur at precise, pre-determined times and hence limit the network loading and chances of collisions.
The industrial wireless standards, ISA100.11a and WirelessHART, have been designed with security in mind. By employing AES-128 bit encryption and secure join keys, data security is ensured.
Numerous methods to minimise interference are also built into the standards to ensure they can co-exist with other technologies.
With all these features we can now see that the industrial wireless standards are robust and secure enough to provide a valid solution for any industrial process application.
[Simon Lillie is Product Specialist, Field Instruments, Yokogawa Australia.]