WirelessHART: Applying Wireless Technology in Real-Time Industrial Process Control

Jianping Song, Song Han, Al Mok University of Texas at Austin

Deji Chen, Mike Lucas, Mark Nixon Emerson Process Management

Wally Pratt HART Communication Foundation

Outline

Background

Introduction to WirelessHART

Development Challenges and Solutions

WirelessHART Demonstration

Summary

Future Wireless Plant

WirelessHART: History

HART (Highway Addressable Remote Transducer)

Bi-directional industrial field communication protocol

Used to communicate between field devices and host systems

The global installed base of HART-enabled devices is more than 20

million

WirelessHART

Wireless extension of HART

Released in 09/2007

WirelessHART: Designed for Wireless Plant Solutions

Real-Time

TDMA technology

Centralized Network Management

Reliability

Channel Hopping and Channel Blacklisting

Mesh Networking

Security

Data Integrity on MAC layer

Data Confidentiality on the Network layer

Alternative Wireless Standards: Not Suitable for Process Control

Zigbee

No Channel Hopping or Channel Blacklisting

Problem with persistent noises

Bluetooth

Only supports star type network topology

Not scalable for large industrial control systems

Wi-Fi

No Channel Hopping

Power Consumption

ISA SP100

Not available yet

Outline

Background

Introduction to WirelessHART

Development Challenges and Solutions

WirelessHART Demonstration

Summary

WirelessHART Architecture

WirelessHART Architecture

Physical Layer (IEEE 802.15.4)

Data Link Layer

Network Layer and Transport Layer

Security

Network Manager

Data Link Layer

Timer Module

Time is sliced into time slots (starting from 0)

Time intervals in a time slot

Clock synchronization is critical

Links and Superframes

Link: activity in a time slot

Neighbor

Send/Receive

Communication channel

Superframe: a group of links

Defined by network manager

Repeat itself infinitely

A device can support several superframes

Data Link Layer State Machine

Each run of the state machine

1. Call the link scheduler to determine the next slot to be serviced

2. On receiving the ”time slot start” event, increment the ASN (Absolute Slot Number) by 1

3. When it is time to service the given time slot derived in step 1), execute the associated transaction (SEND/RECV)

WirelessHART Architecture

Physical Layer (IEEE 802.15.4)

Data Link Layer

Network Layer and Transport Layer

Security

Network Manager

Security

Data Link Layer

Hop-to-hop data integrity

CCM* (Counter with CBC-MAC) mode with AES-128 to generate the MIC

Network Layer

Public keys: used to generate MICs on MAC layer by joining devices

Network keys: used by existing devices in the network to generate MAC MIC’s

Join keys: used during the joining process to authenticate the joining device

Session keys: unique for each end-to-end connection between two network devices

Network Keying Model

WirelessHART Architecture

Physical Layer (IEEE 802.15.4)

Data Link Layer

Network Layer and Transport Layer

Security

Network Manager

Functions of Network Manager

Support devices joining/leaving the network

Create routes

Schedule communications

Adapt the schedule upon network changes

Outline

Background

Introduction to WirelessHART

Development Challenges and Solutions

WirelessHART Demonstration

Summary

Hardware Platform

MC1321x Evaluation Kit by Freescale

One 1321x-NCB board, two 1321x-SRB boards

40 MHz 8-bit HCS08 MCU

2.4 GHz 802.15.4 Transceiver

Programmable 60 KB Flash and 4KB RAM

Multiple 16-bit timers

4 LEDs for demonstrations and monitoring

A simple IEEE 802.15.4 Physical Layer Library

Challenge 1: Timer Design

Challenge

Stringent timing requirements – a 10ms time slot further sliced into several time intervals

Some tasks are time consuming and may exceed allocated time

Solution

Use a separate hardware timer for WirelessHART

The caller informs the timer module current slot type

The timer generates required timer events accordingly

Challenge 1: Timer Design

Challenge 2: Time Synchronization

Challenge

Synchronize the nodes in a network

A new node should derive current time during the joining process

Solution

A node records the time when the first bit of a frame arrives

The receiver calculates the clock drift TsError

The receiver includes the drift in the time adjustment field of the corresponding ACK frame

When a node receives an ACK from its time source, it will adjust its clock

Challenge 3: Speed Up Security Calculations

Challenge

The receiver must run CCM* on the received frame and the corresponding ACK frame within TsTxAckDelay (1ms)

The lower power HCS08 MCU can not meet the requirement

Solution

Upon request, Freescale is developing a new chipset with hardware encryption accelerator

We propose to execute CCM* as soon as every 16 bytes are received

A WirelessHART demonstration

One gateway and two devices: Device 1 and Device 2

The gateway and Device 2 exchange values through Device 1 and show the received values on the LEDs

All frames are captured by a sniffer

Time slot configuration

A WirelessHART Demonstration

A device can synchronize to its time source within 3 time slots

A data frame is always ACKed in the same time slot

Device 1 acts as a router for the Gateway and Device 2

Summary

Conclusions

Introduction of the WirelessHART architecture

Discussion of the challenges and solutions

Demonstration of a prototype WirelessHART network

Future Works

Full-featured WirelessHART prototype

Network Manager

Co-existence with ZigBee and Bluetooth

Thank you!

Comments?