Secure wireless networks for industrial applications
THE number of industrial applications for wireless networks will certainly grow dramatically in the near future but automation engineers - who are naturally cautious people - always like to know where they are going to put their feet.
The IEEE 802.11 standard originally specified one diffused infrared (already forgotten by most of us) and two radio technologies (DSSS and FHSS).The wireless versions operating in the 2.4 GHz frequency band presently lead the market. Each variation has its own particularities regarding network security and reliability. [By convenience, everybody talks about the “2.4 GHz band”. This band goes from 2.4000 to 2.4835 GHz. It is also known as an “ISM band” (Industry, Science and Medicine). It is licence-free, which means that there is no need to ask for authorisation nor declaration for private applications.] We shall focus here on FHSS.
Reliability of data transfer is almost a knee-jerk conversation topic for network and automation managers; the very nature of wireless exacerbates apprehension. It prompts the usual questions:
If the connection protocol is standard will anyone be able to connect to my network?
Is my data, transferred by radio waves, accessible to anyone close to my site?
Will my network be protected against (internal or external) malicious damage?
Will my production data be protected against hackers, competitors, vendors, customers …?
How is my application protected against loss of data?
For sure, wireless is more fragile than communication over wire. A link working at 2.4 GHz may be immune to some types electromagnetic radiation (speed drives, motors, etc.) but possibly not so impervious to quite a few others. Top offenders include microwave ovens, microwave comms and radar systems, electrical welding machines, walkie-talkies, mobile phones other wireless datacomms systems, etc.
It might seem reasonable to assume that such interference might cause loss of data packets or a slowing down of transfer speed. After all, we have all experienced loss of mobile phone connection quality by just moving a few centimetres. It seems reasonable to expect the same problems occurring with industrial wireless networks. However FHSS technology can deal with this sort of thing. But first, what is hidden behind the acronym?
Frequency Hopping Spread Spectrum
AS A reminder about radio transmission, a carrier frequency is modulated either in amplitude, phase and/or frequency shift (or a combination) to impress the data information onto the carrier wave.
If one can transmit the data over many carrier waves in parallel, it becomes possible increase the data throughput. This hallmarks the advantage of the spread spectrum technologies. The data signals are diffused over many carriers instead of impressing the data within the sidebands of a single carrier wave. Such DSSS (Direct Signal Spread Spectrum) technologies use relatively wide bandwidths.
In contrast frequency-hopping technologies use narrower bandwidths and “hop” (or “jump”) from one discrete frequency to another. These are the FHSS technologies (Frequency Hopping Spread Spectrum). DSSS and FHSS appeared many years ago for military applications where FHSS signals showed themselves to be more difficult to intercept or jam than DSSS ones.
DSSS technologies (Direct Signal Spread Spectrum) work in 22 MHz- wide bands (IEEE 802.11b). This provides three non-overlapping 22 MHz channels over the band 2.400 to 2.483 GHz.
FHSS technologies (Frequency Hopping Spread Spectrum) use narrow bands (less than 1 MHz), and hop successively from one to the other at regular time intervals (...t-2, t-1, t, t+1, t+2 ...) in pseudo-random sequences synchronised at both ends of the link
For present day civil and, in particular, industrial applications, the total frequency band covers 2.4000 GHz to 2.4835 GHz.
For the industrial applications we are considering here, this bandwidth is divided into 75 narrow bands with a maximum sub-channel width of 1 MHz. The data are split into smaller packets for transmission and sent one after the other. Each of these transfers uses one of the sub-channels, and corresponds to a “frequency hop”.
The data transfer uses each of the sub-channels successively, and hops from one to another according to a predefined order known by both the transmitter and the receiver. This process is driven by a particular algorithm.
In short, the algorithm chains the sub-bands together in a pseudo-arbitrary way. Thus FHSS technology works by using a narrow band which moves about in a pseudo-random way between 2.4000 GHz and 2.4835 GHz.
Natural assets
FHSS technology has immediate advantages in terms of security, immunity to electromagnetic interference, robustness, and network reliability.
Anti-intrusion. A potential eavesdropper sees FHSS communication changing its frequency band in a random way. For example, Prosoft Technology’s own RadioLinx system hops in frequency 80 times per second. It would take some fairly specialised interception equipment to mirror the frequency changes uninvited; the frequency sequence must be known to recover the data buried in the signal. Each radio in the network of course knows which sub-band to work at each instant, how to synchronise with the network and avoid collisions. Most systems also add encryption to data transferred over air -WEP CR4 with an encryption key of 40 bits, and up to 128 bits with our own implementation.
Automatic retransmission. Each hop corresponds to an emitted packet of data. If interference occurs during transmission causing data loss on a particular sub-band, the same data packet will be retransmitted again immediately in the next scheduled sub-band hop.
Interference rejection. From the radio frequency point of view, the FHSS transmission system works in a narrow band e.g. 300 kHz. Up to 5 MHz is allowed in the US, versus 22 MHz for DSSS as specified by IEEE 802.11b. This enables FHSS radios to use narrower filters so improving signal to noise ratios - which links directly to the ability to reject interference. Note that 1 MHz was historically the maximum FHSS bandwidth. From a practical view, many manufacturers used narrower sub-channels to allow more simultaneous hopping patterns or for narrower filters to obtain longer range at lower data rates. In North America, new FCC rules allow up to 5 MHz per channel with 15 hops overall.
Sensitivity. From the radio frequency point of view, the essentially narrow band FHSS reception circuits offer good sensitivity - which means that operation with input signals as low as -96 dBm may be possible. This can equate to improved range (compared to wide- band systems) or better link quality over the same distance. The inherent system sensitivity allows other trade-offs for range. Operation with low gain antennas may be possible for example. Our own set can operate up to five kilometres or more using 100 mW EIRP transmit power. Some countries allow use of greater power and thus greater link distance.
Use of two antennas per node (one antenna for emission with limited gain in accordance to the law in some countries, and one antenna for reception with larger gain) may considerably extend reliable link operating range.
Network robustness. The operational network environment is rarely optimum with industrial applications. It is not just external interference sources. Radio waves are reflected from the numerous metal objects on the plant floor: tanks, pipes, cable paths, girders, walls, etc. Each reflected wave travels over a longer path than the direct signal, and so reaches the receiver with a small delay. The resulting signal comprising direct and reflected waves can disturb link quality. Since interference patterns are by their nature frequency related, the relative narrowness of the FHSS sub-band can offer significant rejection characteristics to multi- path interference. Diversity reception using two antennas may also improve link quality
And what of collisions? Signals from hidden nodes can occur very easily with radios: Radio B may hear both Radio A and Radio C but Radio A cannot hear Radio C - Radio A and Radio C may start talking at the same time … unless CSMA/CA (Carrier Sense Multiple Access/Collision Avoidance) or similar scheme is employed. This is another important point to take into account when planning industrial applications.
All radios which use the same network are configured at the same time. All radios know which sub-band segment to use at each time interval, and how to synchronise with the whole network. Prosoft’s own system can link up to 1,000 radios and 73 repeaters within a single network. Note that repeaters also serve as connection nodes to the wireless network.
What about DSSS?
THE robustness of FHSS network technology comes at the expense of speed.
The IEEE 802.11 standard limited the maximum data throughput to 2 Mbps, mainly due to bandwidth limitations for the sub-channels and the necessity to synchronise radios from within the same network. A RadioLinx network, for example, offers 250 Kbps usable data throughput. In practical terms this largely supports the maximum 115 Kbps full duplex offered by classical industrial networks such as Modbus. Yes, Profibus can work up to 12 Mbps For such high speeds, the wireless solution has to be handled rather differently.
For all that, the DSSS technologies have not yet reached their limit for dealing with security and reliability issues. They can achieve much higher data rates over link distances of a few tens of metres. There are also other advantages in permissible error correction strategies.
* Bruno Forgue is European marketing manager, Prosoft Technology
24-May-2004