View online magazine
Security of wireless networks … don’t think, protect it!
Some automation engineers are still wondering about security, which is especially important when preparing an industrial application. This article, will give an overview of how direct sequence spread spectrum (DSSS) and frequency hopping spread spectrum (FHSS) technologies respond to this concern.
Originally, the IEEE 802.11 standard specified one diffused infrared (does anyone of us remember this?) and two radio methods (DSSS and FHSS) for contact-less communications.
Today, DSSS largely dominates in terms of volume. The reason: it allows high speed wireless solutions for the IT and home applications: a considerable business supported and sponsored by the Wi-Fi Alliance.
Control and monitoring
Automation engineers have found great control and monitoring applications for this DSSS technology, but some also had bad experiences in industrial environment, mostly due to unseen RF aspects. DSSS solutions are still being implemented in industrial environments for very specific types of applications which will be elaborated on later.
Today, 58percent of the wireless industrial automation applications are using proprietary technology, and the trend indicates longevity with this movement according to recent survey from Venture Development Corporation (VDC).
A large part of this movement can be attributed to FHSS technology. FHSS is an appealing option because security and reliability are handled ‘physically’. This article highlights the different security benefits for both DSSS and FHSS technologies.
Spread spectrum
As a reminder, for radio transmission a carrier frequency is modulated (amplitude, phase and/or frequency shift) and the data is ‘carried’ by this modulation.
Transmitting over many parallel carriers increases data throughput. One advantage of the ‘spread spectrum’ solutions. The ‘direct’ spread spectrum solutions operate in relatively wide bandwidths, while the ‘frequency hopping’ methods using narrow bandwidths and ‘hop’ (‘jump’) from one to another.
Originally, DSSS and FHSS appeared in the middle of last century for military applications, FHSS rapidly showing itself more difficult to trap than DSSS. In today's world, the frequency band going from 2.400,000 to 2.483,500GHz is now open to civil and in particular industrial applications.
Direct sequence
Direct Sequence is the method used by all popular open Wi-Fi standards today including IEEE802.11b, 802.11g (both transmitting in the 2.4GHz band) and 802.11a (transmitting in the 5.8GHz band). While the wide band modulation offers high speed, it also makes the RF system more prone to noise problems when multiple systems are operating in close proximity.
For example, IEEE802.11b has 13 available channels (only 11 channels in some countries), but only three channels do not overlap.
Keeping intruders out
When considering security, the goal is to keep intruders out of one’s network, stop others from ‘sniffing’ your data, minimise detection of the network, and detect ‘rogue’ access points.
To create this secure atmosphere using DSSS, a user will need to authenticate users, encrypt data, turn off network identifiers, define appropriate antenna coverage, and use wireless network maintenance software.
WPA2, or Wi-Fi ProtectedAccess2, is a well-known security encryption based on the IEEE802.11i amendment to the 802.11 standard. WPA2 provides a high level of security by implementing a strong encryption algorithm with 128-bit keys and dynamic session keys, and by giving access only to authorised users.
Authentification protocol
In short, implementing an extensible authentication protocol (EAP) mechanism and a MAC ID white list checking procedure prevents unsolicited equipment from entering the network. A user can create conditions where a network is invisible to unknown equipment by turning off the SSID beacon (network identifier).
Another security option involves selecting the appropriate antenna by paying attention to the limit range of the emitted power so as to avoid emitting a signal farther than is necessary for the application.
The struggle to provide secure wireless networks, while also maintaining an open standard, is a conundrum, and can be seen as a weakness by industrial automation engineers. None the less, this is a constant effort for the Wi-Fi Alliance and their promoters.
Frequency hopping
The FHSS method is inherently more secure than the DSSS, but to understand, one must see what is hidden behind the acronym.
The total used spectrum is divided into sub-channels. The data to be transmitted are split in small packets which are emitted one after the other. Each of these transfers uses one of the sub-channels, and corresponds to a ‘frequency hop’. The hops are sequenced according to a predefined order known only by the emitter(s) and the receiver(s).
In the brief limits of this article, consider for a moment that FHSS consists of using a narrow band which moves by hopping in a pseudo-random way between 2.400,000GHz and 2.483,500GHz.
The hopping method has key features which bring value to applications from the reliability perspective of the communication network.
Error correction techniques, immediate retransmission of a corrupted packet on the next hop, excellent interference rejection due to narrow width of each individual sub-band, higher sensitivity.
All these benefits translate into a better solution for applications which require protection from interference and reflection, network security, and longer transmission distances (700–800metres indoor, and up to 5–10kilometres – in Europe – or more, according to country regulation and environment).
Encrytption
Perhaps most important to security is the fact that
FHSS inherently offers anti-intrusion, though data is usually sent over the air with the added safety of encryption.
The FHSS frequency band is also regularly changing in a pseudo-random way. An observer from outside of the network will not be able to join in the dance.
Only equipment which is integrated into the network during its configuration will be recognised and will know on which sub-band to work at each instant, how to synchronise with the network, and to avoid collisions.
With FHSS, production managers may see an option for operating their automation wireless network separate from the company IT department.
Avoiding Ethernet collisions
Commonly, in order to avoid Ethernet collisions which can have dramatic consequences on the production side, a separate (wired) Ethernet network is used for production and enterprise activities. A frequency hopping spread spectrum network can bring the same on the wireless side – with the innate security advantages that accompany this technology.
ProSoft Technology specialises in the development of communication solutions compatible with the large automation suppliers’ controllers such as Rockwell Automation and Schneider Electric.
Enter 31 or at www.engineerlive.com/epe
Bruno Forgue is with ProSoft Technology – Europe, Blagnac, France. www.prosoft-technology.com
"