wireless v

30.04.2013

Lukas Krammer

Institute of Automation

Automation Systems Group

Vienna University of Technology

Vienna, Austria

https://www.auto.tuwien.ac.at

Wireless in Automation WirelessHART, ISA100

Wireless in Automation Wireless in Automation

WirelessHART

ISA 100

ISA 100.11a

Outline


Role of WirelessHART

Application layer

…

Network layer

Data link layer

Physical layer

6LoWPAN

Today Today!


Idea of HART

Extending the analogue 4-20mA current loops with a digital interface

Backward-compatible to analogue signal exchange

WirelessHART adds additional Physical Layer (PHY) and Data Link Layer (DLL) to the HART communication stack

Transport Layer and Application Layer (AL) are compatible to both media

AL based on HART Commands (Master-Slave)

WirelessHART


Highway Addressable Remote Transducer (HART) developed in the 1980ies

First standard specified in 1989 by the HART Communication Foundation (HCF)

Since 2007 part of IEC 61158 (Fieldbus)

HART was extended by a wireless interface in 2007

In 2010 WirelessHART was standardized by the International Electrotechnical Commision (IEC) IEC 62591

WirelessHART: History


Reliability

Channel hopping (16 channels)

Blacklisting of (bad) frequencies

Time synchronization (via ACK packets)

TDMA medium access

Mesh networking

Frequent route changes of packets

Security

“Always-on” Encryption, verification, authentication

AES 128-based

Key hierarchies and key management by security manager

WirelessHART: Design Goals


Wireless protocol for industrial automation

Extension to wired HART protocol

Partially based on IEEE 802.15.4-2006 (PHY)

Deterministic communication ( TDMA)

Maintained by the HART Communication Foundation

Important product manufacturer

ABB

Siemens

Emerson

WirelessHART: Features


WirelessHART: Network Elements I

Field Devices

Routing capabilities mandatory

Send and receive data

Adapter

Connection to an existing wired HART network

Gateway

Connects HART network to the plant automation network

Depends on the specific protocol (e.g., Industrial Ethernet)

Not necessarily wireless

Unique clock source


WirelessHART: Network Elements II

Access Points

Provide access to the wireless network

Connected with the Gateway

Not necessarily by WirelessHART (e.g., Ethernet, WiFi)

Network Manager

Exactly one Network Manager in the network

Network configuration

Scheduling, Routing

Security Manager

Management and distribution of keys

Handheld


Only mesh topology

Gateway, Network Manager and Security Manager possibly in one device

WirelessHART: Topology


Wireless HART: Protocol Stack


Partially based on IEEE 802.15.4-2006

Only 2.4GHz frequency band (15 channels)

Transmit power up to 10dBm (10mW)

Channel hopping

Physical channel is changed for each transmission

Clear channel assessment

Checks if the channel is “free” before sending

WirelessHART: Physical Layer


Time diversity

Time Division Multiple Access (TDMA)

Fixed timeslots

Deterministic communication

Frequency diversity

Channel hopping

Channel blacklisting

Based on Superframes

Increases Availability and Reliability

WirelessHART: DLL: Medium Access Control


Channel selection based on

Absolute Slot Number (ASN)

Unique, monotonically increasing slot number

Number of active channels

Blacklisting #active channels <= #physical channels

Channel offset

Logical channel number

Active Channel = (ChannelOffset + ASN) mod #active channels



Superframes and Slots

Each slot has a fixed length of 10 ms

Each superframe has a predefined length

Multiple distinct superframes possible

All superframes are repeated periodically

Slot_number = ASN mod #slots_in_superframe

Communication links

Tupel: (superframe, slot #, channel offset)

Distinction between broadcast, join, discovery




Channel

Time

11

12

26

Superframe x Superframe y

...

... ...

...

Link: (superframe, slot-number, channel-offset)


Slots and superframes are assigned by the Network Manager

Slots can be shared channel access via CSMA/CA is used

Slots at the same time possible slot with the lowest ID is elected

Designated superframes

Management superframe (6400 slot)

Slots for keep-alive

Slots for join request/response

Slots for ad-hoc request/response

Specical purpose slots (e.g., blocktransfers, handhelds)

Gateway superframe (40 slots)

WirelessHART: DLL: Scheduling


Distinction between two types of traffic

Periodic transfer

Sporadic transfer

A data transfer requires

One slot for the first transmission

One slot for a possible retry (different channel)

One slot on another path for a second retry

WirelessHART: DLL: Data Transfer


Similar to IEEE 802.15.4

Unique 64 Bit IEEE extended address (IEEE EUI 64)

2 Byte short address (unique within the network)

2 Byte network ID

WirelessHART: DLL: Addressing


Data receive service

Indication

Data transfer service

Request, indication, confirmation

Event service

Connect, disconnect

Management service

Set, Get parameters

Security

Only Authentication (no encryption)

QoS Priorites

WirelessHART: DLL: Services


Discovery

Advertisement

Keep-alive

Also used for time synchronization

Time synchronization

Gateway acts as ultimate time source

Gateway synchronizes with Access Point(s)

Not specified in the standard

Difficult if APs are not directly reachable

Tree based clock adjustment

Time difference between keep alive message and ackn.

WirelessHART: DLL: Maintenance


NL Responsible for

Routing

Block data transfer

Acknowledged Broadcasts

End-to-end acknowledgement

End-to-end security

TL Point of convergence between HART and WirelessHART

WirelessHART: Network and Transport Layer


Defined by Network Manager

Different routing mechanisms

Source routing

Route is determined in the data packet

Used to exchange data between Field Devices

Exceptional case

If a node on the route fails message is lost

WirelessHART: NL/TL: Routing I


Graph routing

Normal routing technique

Only for hierarchical data exchange

Gateway Field Device, Field Device Gateway

Field Device Field Device

Network Manager defines graphs

Graphs uniquely identified by Graph ID

Redundant paths

Multiple graphs in a network

One graph per final destination

Each node has its local view of the graph (final destination, outgoing edges)

WirelessHART: NL/TL: Routing II


Superframe routing

Similar to graph routing

Superframes defined by the network manager

Destination address belongs to a specific superframe

Membership of a node to a specific superframe is defined by the network manager

If a node receivers a message in the specific superframe message is forwarded in the same superframe

Implicit graph routing

Superframe ID instead of Graph ID

WirelessHART: NL/TL: Routing III


Proxy routing

Neighbors are used as proxy for routing

Messages are routed from/to the proxy by graph or source routing

Additional field in the packet header specifies real originator/receiver

Used for advertisement messages of new devices

Broadcast routing

Special graph

One source

At least one path from the source to any other node

WirelessHART: NL/TL: Routing IV


Compliant with wired HART (HART command structure)

Different categories

Universal commands (mandatory)

Every HART/WirelessHART device must support these commands

Wireless commands (mandatory for wireless devices)

Specific commands for managing wireless networks

Common practice commands (optional)

Standardized device-independent commands

Device family commands

Device-specific commands (outside HART spec.)

WirelessHART: Application Layer


Security is mandatory

Uses CCM* mode in combination with AES-128 (similar to ZigBee)

End-to-end security and/or hop-to-hop security

Key generation and management by “plant wide” security manager

Not defined by specification

Key distribution by security manager

WirelessHART: Security


Join key

Used to join a WirelessHART network

Initial secret i.e., distributed during configuration

Session key

Used for end-to-end communication between two devices

Network key

Used for hop-to-hop security

WirelessHART: Security


WirelessHART: An Example

Set network ID

Set network password

Set security level

define join process

define network and session security

Enter Join password

Enter Network ID

Update rate

Configure as needed

NM

In the Shop

System



NM

System

Initiate Join

Request



NM

System



NM

System

Point to Point Topology

The Network Manager provides new schedule and routing information to

all devices as new devices join the network



NM

System

The Network Manager provides new schedule

and routing information to all devices as new

devices join the network

Mesh Topology Point to Point Topology


Role of ISA 100

Application layer

…

Network layer

Data link layer

Physical layer

6LoWPAN

ISA100.11a


International Society of Automation (ISA)

ISA 100 committee

400+ automation professionals

250+ companies

Goal: Establish standards and related information for wireless industrial systems

Family of several complementary standards

ISA 100


Single application layer for tunneling and native ISA

Support of multiple existing application protocols

HART, Fieldbus Foundation, Devicenet, Profibus, ...

WirelessHART, RFID, WiFi 802.11, UWB, ...

ISA 100.15


Wireless sensor network for industrial applications

Similar to WirelessHART (concurrent technologies)

Based on IEEE 802.15.4-2006 (partially)

Supports deterministic communication (TDMA)

ISA 100.11a: Overview


Input/Output device

Acts as sensor or actuator

No routing capabilities

Router

Capable for routing

Not necessarily equipped with I/Os

Backbone router

Routing to the backbone network

Gateway

Connection to the plant automation network

ISA 100.11a: Network Elements I


System Manager

Controls the whole network

Manages network devices and communications

Security Manager

Provides secure operation

Manages key exchange and distribution

System Time Source

Acts as master clock

Every device has to be synchronized

ISA 100.11a: Network Elements II


ISA 100.11a: Topology

Different topologies possible

Star, mesh, star-mesh

Gateway, System Manager and Security manager possibly in one device


ISA 100.11a: Protocol Stack

Routing at data link layer (within the mesh)

Network layer influenced by 6loWPAN (IPv6)


Partially based on IEEE 802.15.4-2006

Similar to WirelessHART

Only 2.4GHz frequency band (15 channels)

Channel hopping

Two different mechanisms

Clear channel assessment

Checks if the channel is “free” before sending

ISA 100.11a: Physical Layer


Time diversity

Time Division Multiple Access (TDMA)

Timeslots with variable length

Deterministic communication possible

Frequency diversity

Channel hopping

Fixed channel patterns (e.g., 19, 12,20,24…)

Based on Superframes

Variable length of slots and superframes

ISA 100.11a: Data Link Layer


Different types of channel hopping

Slotted hopping: one message per slot deterministic

Slow hopping: slot shared among a group of devices CSMA/CA channel access

Hybrid forms possible

ISA 100.11a: DLL: Channel Hopping


Routing at DDL (!)

Only inside the mesh

Graph routing

Based on health reports of all devices

Managed by the System Manager

Redundant paths possible

Source routing

Routing mechanisms similar to WirelessHART

ISA 100.11a: DLL: Routing


Influenced by the Internet Engineering Task Force (IETF) 6LoWPAN specification (RFC 4944)

Different addressing modes

128 Bit long address (IPv6)

16 Bit short address

NL handles translation between different addresses

Responsible for fragmenting and reassembling of packets

Routing to the backbone network (IPv6) is maintained at NL

Inter-networking routing (mesh-to-mesh routing)

ISA 100.11a: Network Layer


Transparent transfer of data between end systems or hosts

Responsible for end-to-end error recovery

The functions offered by the transport layer

Reliable/unacknowledged service

Enhanced-secure/basic-secure service

Flow control

Segmentation / Reassembly

Management topics

Uses connectionless User Datagram Protocol (UDP)

Extended with optional compression

ISA 100.11a: Transport Layer


Based on CCM* in conjunction with AES-128

Asymmetric encryption possible

Many security features are optional

Security at different levels

One-hop security at DDL

End-to-end security at NL

Advanced security mechanisms above IP-level

Keys managed by the Security Manager

ISA 100.11a: Security


Different types of keys

Data link key

Used for message authentication (MAC/MIC) at DDL

No payload encryption

Master key

Shared between Security Manager and device

Session key

Used for normal data transmissions

ISA 100.11a: Security: Keys


Next week

RFID, WISA, Z-Wave, EnOcean KNX-RF

Outlook

wireless v

Documents