Wireless network considerations

23 October 2018

Ross Yu explains the importance of data reliability and network security in IIoT applications, examines real-life case studies, and discusses key considerations when selecting an IIoT wireless solution.

Wireless nodes must perform reliably even when located among metal equipment and gas distribution pipes.
Wireless nodes must perform reliably even when located among metal equipment and gas distribution pipes.

The Industrial Internet of Things (IIoT) calls for the use of wireless sensing and control nodes in a wide range of applications where they are expected to operate for many years, often in harsh RF environments and extreme atmospheric conditions. 

In OnWorld’s global survey of industrial wireless sensor network (WSN) users, reliability and security were the two most important concerns cited. This is not surprising if you consider that a company’s profitability, the quality and efficiency with which it produces goods, and worker safety often rely on these networks. 

A single missing data point can result in a factory shutdown or safety issues. In the broader set of industrial applications, although the intermittent loss of data packets may be tolerated, extended periods of communications outage are not acceptable. Even a 1% data failure rate is too high, since it translates to 3.65 days per year of unscheduled downtime. Industrial applications demand >99.999% data reliability to overcome the variety of RF problems that are likely to be experienced over years of operation.

For a wireless network to run virtually maintenance-free for many years, it must be architected with multiple means of overcoming problems. One general principle in designing a network for reliability is redundancy, where failover mechanisms for likely problems enable systems to recover without data loss. 

In a wireless sensor network, there are two basic opportunities to harness this redundancy. First is the concept of spatial redundancy, where every wireless node has at least two other nodes with which it can communicate, and a routing scheme that allows data to be relayed to either node, but still reach the intended final destination. A properly formed mesh network – one in which every node can communicate with two or more adjacent nodes – enjoys higher reliability than a point-to-point network by automatically sending data on an alternate path if the first path is unavailable. 

The second level of redundancy can be achieved by using multiple channels available in the RF spectrum. The concept of channel hopping ensures that pairs of nodes can change channels on every transmission, thereby averting temporary issues with any given channel in the ever changing and harsh RF environment typical of industrial applications. Within the IEEE 802.15.4 2.4GHz standard, there are 15 spread spectrum channels available for hopping, affording channel hopping systems much more resilience than non-hopping (single channel) systems. 

There are several wireless mesh networking standards that include this dual spatial and channel redundancy known as Time Slotted Channel Hopping (TSCH), including IEC62591 (WirelessHART) and the forthcoming IETF 6TiSCH standard. These mesh networking standards, which utilise radios in the globally available unlicensed 2.4GHz spectrum, evolved out of work by Analog Devices’ Power by Linear, Dust Networks group, which pioneered the use of TSCH protocols on low power, resource-constrained devices starting in 2002 with SmartMesh products.

While TSCH is an essential building block for data reliability in harsh RF environments, the creation and maintenance of the mesh network is key for continuous, problem-free multi-year operation. Over its lifetime, an industrial wireless network will be subject to different RF challenges and data transmission requirements. The final ingredient required for wire-like reliability is intelligent network management software that dynamically optimises the network topology, continuously monitoring link quality to maximise throughput despite interference or changes to the RF environment. 

Security is key
Security is another critical attribute of industrial wireless sensor networks. The primary goals for security within a WSN are: 

• Confidentiality: Data transported in the network cannot be read by anyone but the intended recipient.
• Integrity: Any message received is confirmed to be exactly the message that was sent, without additions, deletions or modifications of the content. 
• Authenticity: A message that claims to be from a given source is, in fact, from that source. If time is used as part of the authentication scheme, authenticity also protects a message from being recorded and replayed. 

Confidentiality is required, not only for security-related applications, but also for everyday applications. For example, sensor information regarding production levels or equipment status may have some competitive sensitivity – for example the National Security Agency (NSA) doesn’t publish the power consumption of their data centers because this data might be used to estimate computing resources.

Sensor data should be encrypted so that only the intended recipient can use it. Both sensing and command information needs to arrive intact. If a sensor says ‘the tank level is 72cm’ or the controller says ‘turn the valve to 90 degrees,’ it could be very bad to lose one of the digits in either one of those numbers.

The critical security technologies that must be incorporated into a WSN include strong encryption (such as AES128) with robust keys and key management, cryptographic-quality random number generators to deter replay attacks, message integrity checks (MIC) in each message, and access control lists (ACL) to explicitly permit or deny access to specific devices. These wireless security technologies can be readily incorporated in many of the devices used in today’s WSNs, but not all WSN products and protocols incorporate all measures. Note that connecting a secure WSN to an insecure gateway is another point of vulnerability, and end-to-end security must be considered in system design.

In industrial process automation, the consequences of an attack could be dire. With faulty process control information being delivered to the control system, an attacker could cause physical damage. For example, a sensor feeding data to a motor or valve controller saying that the motor speed or tank level is too low could result in a catastrophic failure, similar to what happened to the nuclear-enrichment program centrifuges in the Stuxnet attack. On a purely practical level, even a failed attack or an academic revelation of a potential weakness is likely to lead to a loss of sales, urgent engineering effort, and a major public relations challenge.

Highly reliability and network security are critical requirements, not only for security-related applications and industrial process settings, but for all IIoT applications. Luckily, field-proven WSN solutions are available, enabling IIoT solution providers to deliver systems that work smoothly and reliably in challenging environments for many years.

Ross Yu is product marketing manager, Dust Networks Products, Power by Linear Group at Analog Devices Inc.

Contact Details and Archive...

Print this page | E-mail this page