Security in the WirelessHART networking stack

The WirelessHART™ standard (While considered inferior to the ISA100.11a standard, due to the more user-centric design of the latter alternative) provides a robust wireless protocol.

This page is an on-going effort to collect information about security mechanisms at different layers of the WirelessHART networking stack. Most of what you read below is copy-paste from referenced documents.

From ”HART Communication Foundation“

The industry leaders who developed WirelessHART designed it to meet the unique requirements of wireless networks operating in process plants. Key capabilities include:

• Reliability even in the presence of interference, thanks to technology like mesh networking, channel hopping, and time-synchronized messaging. WirelessHART coexistence with other wireless networks is assured.

• Security and privacy for network communications through encryption, verification, authentication, key management, and other open industry-standard best practices.

• Effective power management through Smart Data Publishing and other techniques that make batteries, solar and other low-power options practical for wireless devices.

From ”WirelessHART: Applying Wireless Technology in Real-Time Industrial Process Control“

WirelessHART is a secure network system. Both the MAC layer and network layer provide security services. The MAC layer provides hop-to-hop data integrity by using MIC. Both the sender and receiver use the CCM* mode together with AES-128 as the underlying block cypher to generate and compare the MIC.

The network layer employs various keys to provide confidentiality and data integrity for end-to-end connections. Four types of keys are defined in the security architecture:

• Public Keys which are used to generate MICs on the MAC layer by the joining devices.

• NetworkKeys which are shared by all network devices and used by existing devices in the network to generate MAC MICs.

• Join Keys that are unique to each network device and is used during the joining process to authenticate the joining device with the network manager.

• Session Keys that are generated by the network manager and are unique for each end-to-end connection between two network devices. It provides end-to-end confidentiality and data integrity.

From ” A comparison of WirelessHART and ZigBee for industrial applications“

A new device is provisioned with a Join key before it attempts to join the wireless network. The Join key is used to authenticate the device for a specific WirelessHART network. Once the device has successfully joined the network, the Network manager will provide it with proper Session and Network keys for further communication.

The actual key generation and management is handled by a plant wide Security manager, which is not specified by WirelessHART, but the keys are distributed to the Network devices by the Network manager. A Session key is used by the Network layer to authenticate the end-to-end communication between two devices (e.g., a Field device and the Gateway). Different Session keys are used for each pairwise communication (e.g., Field device to Gateway, Field device to Network manager, etc).

The Data Link layer uses a Network key to authenticate messages on a one-hop basis. A well known Network key is used when a device attempts to join the network, i.e., it before it has received a proper Network key. Keys are rotated based on the security procedures of the process automation plant.

When HART goes wireless: Understanding and implementing the WirelessHART standard

Labels: wireless, security