Wireless HART Communication

Protocol Overview
As the need for additional process measurements increases, users seek
a simple, reliable, secure and cost-effective method to deliver new
measurement values to control systems without the need to run more
wires. With process improvements, plant expansions, regulatory
requirements and safety levels demands for additional measurements,
users are looking to wireless technology for that solution.

With approximately 30 million HART devices installed and in service

worldwide, HART technology is the most widely used field
communication protocol for intelligent process instrumentation. With
the additional capability of wireless communication, the legacy of
benefits this powerful technology provides continues to deliver the
operational insight users need to remain competitive.

Wireless HART
Backed by the Power of HART

 Built on proven industry standards

 Created by industry and technology experts
 Multi-vendor support and interoperable devices

 Uses existing devices, tools and knowledge

Flexible Applications

 Reduced installation costs – no wires!

 Process monitoring, control and asset management
 Health, safety and environmental compliance monitoring
Supports All Phases of the Plant Life Cycle

 Fast engineering, deployment and commissioning

 Cost-effective move from scheduled to predictive maintenance
 Easy diagnosing and troubleshooting
Simple. Reliable. Secure.
Even though millions of HART devices are installed worldwide, in most
cases the valuable information they can provide is stranded in the
devices. An estimated 85% of all installed HART devices are not being
accessed to deliver device diagnostics information with only the
Process Variable data communicated via the 4-20mA analog signal.
This is often due to the cost and the difficulty of accessing the HART
information.

WirelessHART technology allows users to access the vast amount of

unused information stranded in these installed HART smart devices—
85% of the installed HART devices. It also provides a simple,
reliable and secure way to deploy new points of measurement and
control without the wiring costs.

1. Simple
WirelessHART is a robust technology that is simple to implement. It
enables users to quickly and easily gain the benefits of wireless
technology while maintaining compatibility with existing HART
devices, tools and systems.

Easy Installation and Commissioning

 Familiar tools, work flow and procedures

 Multiple power options
 Reduced installation and wiring costs
 Coexistence with other wireless networks
 Supports both star and mesh topologies
 Add devices one at a time
Automatic Network Features

 Self-organizing and self-healing

 Always-on security
 Adjusts as new instruments are added
  Adjusts to changes in plant infrastructure
2.Reliable
Industrial facilities with dense infrastructures, frequent movement of
large equipment, changing conditions, or numerous sources of radio-
frequency and electromagnetic interference may have communication
challenges. WirelessHART includes several features to provide built-in
99.9% end-to-end reliability in all industrial environments.

Standard Radio with Channel Hopping

 Radios comply with IEEE 802.15.4-2006

 2.4GHz license free frequency band
 “Hops” across channels to avoid interference
 Delivers high reliability in challenging radio environments
Coexistence with Other Wireless Networks

 Clear Channel Assessments tests for available channels

 Blacklisting avoids frequently used channels
 Optimizes bandwidth and radio time
 Time synchronization for on-time messaging
Self-Healing Network

 Adjusts communication paths for optimal performance

 Monitors paths for degradation and repairs itself
 Finds alternate paths around obstructions
 Mesh network and multiple access points
3.Secure
WirelessHART employs robust security measures to protect the
network and secure the data at all times. These measures include the
latest security techniques to provide the highest levels of protection
available.
Protects Valuable Information

 Robust, multi-tiered, always-on security

 Industry standard 128-bit AES encryption
 Unique encryption key for each message
 Data integrity and device authentication
 Rotate encryption keys used to join the network
Protects Wireless Network

 Channel hopping
 Adjustable transmit power
 levels
 Multiple levels of security keys for access
 Indication of failed access attempts
 Reports message integrity failures
 Reports authentication failures
 Safe from Wi-Fi type Internet attacks
WirelessHART – How it works
WirelessHART is a wireless mesh network communications protocol for
process automation applications. It adds wireless capabilities to the
HART Protocol while maintaining compatibility with existing HART
devices, commands, and tools.

Each WirelessHART network includes three main elements:

 Wireless field devices connected to process or plant

equipment. This device could be a device with WirelessHART
built in or an existing installed HART enabled device with
a WirelessHART adapter attached to it.
 Gateways enable communication between these devices and
host applications connected to a high-speed backbone or other
existing plant communications network.
 A Network Manager is responsible for configuring the network,
scheduling communications between devices, managing
message routes, and monitoring network health. The Network
 Manager can be integrated into the gateway, host application, or
process automation controller.
The network uses IEEE 802.15.4 compatible radios operating in the
2.4GHz Industrial, Scientific, and Medical radio band. The radios
employ direct-sequence spread spectrum technology and channel
hopping for communication security and reliability, as well as TDMA
synchronized, latency-controlled communications between devices on
the network. This technology has been proven in field trials and real
plant installations across a broad range of process control industries.

Each device in the mesh network can serve as a router for messages
from other devices. In other words, a device doesn’t have to
communicate directly to a gateway, but just forward its message to
the next closest device. This extends the range of the network and
provides redundant communication routes to increase reliability.

The Network Manager determines the redundant routes based on

latency, efficiency and reliability. To ensure the redundant routes
remain open and unobstructed, messages continuously alternate
between the redundant paths. Consequently, like the Internet, if a
message is unable to reach its destination by one path, it is
automatically re-routed to follow a known-good, redundant path with
no loss of data.

The mesh design also makes adding or moving devices easy. As long
as a device is within range of others in the network, it can
communicate.

For flexibility to meet different application requirements,

the WirelessHART standard supports multiple messaging modes
including one-way publishing of process and control values,
spontaneous notification by exception, ad-hoc request/response, and
auto-segmented block transfers of large data sets. These capabilities
allow communications to be tailored to application requirements
thereby reducing power usage and overhead.
Components of WirelessHART technology
A Gateway provides the connection to the host
network. WirelessHART and then the main host interfaces such as
Modbus – Profibus – Ethernet. The Gateway also provides the network
manager and security manager (these functions can also exist at the
host level – however initially they will be in the gateway)

The Network manager builds and maintains the MESH network. It

identifies the best paths and manages distribution of slot time access
(WirelessHART divides each second into 10msec slots) Slot access
depends upon the required process value refresh rate and other
access (alarm reporting – configuration changes) The Security
manager manages and distributes security encryption keys. It also
holds the list of authorized devices to join the network.

The Process includes measuring devices – the HART-enabled

instrumentation.

A Repeater is a device which routes WirelessHART messages but may

have no process connection of its own. Its main use would be to
extend the range of aWirelessHART network or help “go around” an
existing or new obstacle (New process vessel). All instruments in
a WirelessHART network have routing capability which simplifies
planning and implementation of a wireless network.

The Adapter is a device which plugs into an existing HART-enabled

instrument to pass the instrument data through a WirelessHART
network to the host. The adapter could be located anywhere along the
instrument 4-20mA cable; it could be battery powered or obtain its
power from the 4-20Ma cable. Some adapters will be battery powered
and use the same battery to power the instrument as well – in this
case there will be no 4-20mA signal to the host – all process data will
be reported via WirelessHART

A Handheld Terminal may come in two versions. In the first case, the
handheld will be a standard HART FSK configuration unit (just add new
device DDs or DOF files), just like the one used for everyday tasks such
as routine maintenance and calibration checks. In the case of wireless
support, the handheld is used to join a new instrument to an
existing WirelessHART network.

In the second case the handheld has a WirelessHART connection to

the gateway and then down to an instrument and could be used for
reading PV or diagnostics.

WirelessHART Security
WirelessHART employs robust Security measures to protect the
network and secure the data at all times. These measures include the
latest security techniques to provide the highest levels of protection
available.

Protects Valuable Information – It’s Automatic

 Robust, multi-tiered, always-on security

 Industry standard 128-bit AES encryption
 Unique encryption key for each message
 Data integrity and device authentication
 Rotate encryption keys used to join the network – automatic or
on-demand
Protects Wireless Network

 Channel hopping for security protection and co-existence

 Multiple levels of security keys for access
 Indication of failed access attempts – a rogue device
 Reports message integrity and authentication failures
 Safe from Wi-Fi type Internet attacks
WirelessHART technology was designed to enable secure industrial
wireless sensor network communications while ensuring ease-of-use is
not compromised.

Security is built in and cannot be disabled. Security is implemented

with end-to-end sessions utilizing industry standard AES-128- bit
encryption – approved by the National Security Agency (NSA) for top
secret information. These sessions ensure that messages are
enciphered such that only the final destination can decipher and utilize
the payload created by a source device.

This means that no one can spy on your plant operations or inject “bad”
or misleading process information.

Risk Assessment / Reduction To be a credible threat, an attacker

must possess access, knowledge, and motivation. The WirelessHART
technology Security architecture helps users address all three of these
areas:

• Minimize, control, and audit access • Require high levels of technical

expertise to subverted • Reduce the consequences (span and duration) of
any individual security breach

Wireless Sensor Network Security can be broken down into two

main categories:

 Data Security or Confidentiality deals with maintaining the

Privacy and Integrity of the information being passed over the
network.
 Network Security or Availability deals with maintaining the
functionality of the network in the face of internal and/or
external attacks (intentional or unintentional).
Data Security
Security features associated with privacy aim to prevent eaves
dropping by unauthorized devices inside or outside the network. A
WirelessHART sensor network provides end-to-end CCM mode 128-bit
AES encryption at the network/transport layer from the data source to
the data consumer – the Gateway.
WirelessHART Data Security
In addition to individual session keys, a common network encryption
key is shared among all devices on a network to facilitate broadcast
activity as needed. Encryption keys can be rotated as dictated by plant
security policy to provide an even higher level of protection.

A separate 128-bit join encryption key is used to keep data private

that is sent and received during the joining process.

 The join key serves as authentication to the Security Manager

that the device belongs to this network.
 The join key is treated separately from the other keys to enhance
Security.
 Join keys can either be unique to each device, or be common to
a given WirelessHART network based on the user security
policies.
 Join keys can be changed after the device joins the network to
further increase security.
Data Security features associated with Integrity ensures that data sent
over the wireless sensor network has not been tampered with or
falsified.

 WirelessHART uses a Message Integrity Check Field that is added

to each packet.
 The receiving device uses this Field along with the protected data

to confirm that the contents of the packet have not been altered.
 This Field protects the network routing information preventing
attacks that attempt to change the packet’s network/transport
layer information.
Data Integrity also involves verifying that the packet has come from
the correct source. The network/transport layer message integrity
check field, the information used to generate the check field, and the
sender/receiver unique session key that codes and decodes the data
are tools that can be used to verify the source.
Network Security
A wireless sensor network also needs tools to protect it against
attacks. These attacks can attempt to compromise the network by
inserting Trojan horse devices, impersonating networks to get
sensitive data from legitimate devices, and disrupting the network to
deny service. Attacks can be launched from outside or inside the
company by external people or employees.

Network Security depends upon techniques to support

Authentication, Authorization and Attack Detection.

WirelessHART Network Security

A WirelessHART Gateway and the wireless sensors joining the network
must be configured to control which devices are allowed to access the
network. The network will only be secure if all the devices in the
wireless network maintain security.

 A WirelessHART Gateway has a secure authentication

process which it uses to negotiate with all joining devices to
ensure they are legitimate.
 As with all other network communications, all join
negotiation traffic is encrypted end-to-end.
Denial of service attacks are aimed at impairing the proper operation
of the system by interfering with communications within the wireless
sensor network. These attacks may try to jam the radio or they may try
to overload a process like packet acknowledgments.

 WirelessHART devices can report anomalous conditions that

might signal a denial of service attack, such as traffic counters,
retransmissions, etc.
 WirelessHART devices can be network routers or just data
sources – user configurable – but only messages that
authenticate are routed onward and discarded if it fails the
security checks.
  WirelessHART devices are not authorized to be network key
servers or wireless network managers.
An important point to know is that a WirelessHART sensor network does
NOT implement the TCP/IP (Internet) communications stack, and thus is
explicitly safe from many typical hacker attacks.

Join, network and session keys must be provided to the WirelessHART

Network Manager…and join keys must be provided to Network
Devices. These keys are used for device authentication and encryption
of data in the network.

The WirelessHART Security Manager is responsible for the

generation, storage, and management of these keys.

There is one Security Manager associated with each WirelessHART

Network. The Security Manager may be a centralized function in some
plant automation networks, servicing more than just
one WirelessHART Network and in some cases other networks and
applications.