WirelessHART: Applying Wireless Technology
in Real-Time Industrial Process Control
Jianping Song, Song Han, Al Mok
University of Texas at Austin
Deji Chen, Mike Lucas, Mark Nixon
Emerson Process Management
Wally Pratt
HART Communication Foundation
Outline

Background

Introduction to WirelessHART

Development Challenges and Solutions

WirelessHART Demonstration

Summary
Future Wireless Plant
WirelessHART: History


HART (Highway Addressable Remote Transducer)

Bi-directional industrial field communication protocol

Used to communicate between field devices and host systems

The global installed base of HART-enabled devices is more than 20
million
WirelessHART

Wireless extension of HART

Released in 09/2007
WirelessHART: Designed for Wireless Plant Solutions



Real-Time

TDMA technology

Centralized Network Management
Reliability

Channel Hopping and Channel Blacklisting

Mesh Networking
Security

Data Integrity on MAC layer

Data Confidentiality on the Network layer
Alternative Wireless Standards: Not Suitable for
Process Control




Zigbee

No Channel Hopping or Channel Blacklisting

Problem with persistent noises
Bluetooth

Only supports star type network topology

Not scalable for large industrial control systems
Wi-Fi

No Channel Hopping

Power Consumption
ISA SP100

Not available yet
Outline

Background

Introduction to WirelessHART

Development Challenges and Solutions

WirelessHART Demonstration

Summary
WirelessHART Architecture
WirelessHART Architecture
 Physical Layer (IEEE 802.15.4)
 Data Link Layer
 Network Layer and Transport Layer
 Security
 Network Manager
Data Link Layer
Timer Module
 Time is sliced into time slots (starting from 0)
 Time intervals in a time slot
 Clock synchronization is critical
Links and Superframes


Link: activity in a time slot

Neighbor

Send/Receive

Communication channel
Superframe: a group of links

Defined by network manager

Repeat itself infinitely

A device can support several superframes
Data Link Layer State Machine

Each run of the state machine
1. Call the link scheduler to determine the next slot to be
serviced
2. On receiving the ”time slot start” event, increment the
ASN (Absolute Slot Number) by 1
3. When it is time to service the given time slot derived
in step 1), execute the associated transaction
(SEND/RECV)
WirelessHART Architecture
 Physical Layer (IEEE 802.15.4)
 Data Link Layer
 Network Layer and Transport Layer
 Security
 Network Manager
Security


Data Link Layer

Hop-to-hop data integrity

CCM* (Counter with CBC-MAC) mode with AES-128 to generate
the MIC
Network Layer

Public keys: used to generate MICs on MAC layer by joining
devices

Network keys: used by existing devices in the network to
generate MAC MIC’s

Join keys: used during the joining process to authenticate the
joining device

Session keys: unique for each end-to-end connection between
two network devices
Network Keying Model
WirelessHART Architecture
 Physical Layer (IEEE 802.15.4)
 Data Link Layer
 Network Layer and Transport Layer
 Security
 Network Manager
Functions of Network Manager
 Support devices joining/leaving the network
 Create routes
 Schedule communications
 Adapt the schedule upon network changes
Outline

Background

Introduction to WirelessHART

Development Challenges and Solutions

WirelessHART Demonstration

Summary
Hardware Platform
 MC1321x Evaluation Kit by Freescale

One 1321x-NCB board, two 1321x-SRB boards

40 MHz 8-bit HCS08 MCU

2.4 GHz 802.15.4 Transceiver

Programmable 60 KB Flash and 4KB RAM

Multiple 16-bit timers

4 LEDs for demonstrations and monitoring
 A simple IEEE 802.15.4 Physical Layer Library
Challenge 1: Timer Design


Challenge

Stringent timing requirements – a 10ms time slot further sliced
into several time intervals

Some tasks are time consuming and may exceed allocated time
Solution

Use a separate hardware timer for WirelessHART

The caller informs the timer module current slot type

The timer generates required timer events accordingly
Challenge 1: Timer Design
Challenge 2: Time Synchronization


Challenge

Synchronize the nodes in a network

A new node should derive current time during the joining
process
Solution

A node records the time when the first bit of a frame arrives

The receiver calculates the clock drift TsError

The receiver includes the drift in the time adjustment field of the
corresponding ACK frame

When a node receives an ACK from its time source, it will adjust
its clock
Challenge 3: Speed Up Security Calculations


Challenge

The receiver must run CCM* on the received frame
and the corresponding ACK frame within
TsTxAckDelay (1ms)

The lower power HCS08 MCU can not meet the
requirement
Solution

Upon request, Freescale is developing a new chipset
with hardware encryption accelerator

We propose to execute CCM* as soon as every 16
bytes are received
A WirelessHART demonstration
 One gateway and two devices: Device 1 and
Device 2

The gateway and Device 2 exchange values through Device 1
and show the received values on the LEDs

All frames are captured by a sniffer
 Time slot configuration
A WirelessHART Demonstration

A device can synchronize to its time source within 3 time slots

A data frame is always ACKed in the same time slot

Device 1 acts as a router for the Gateway and Device 2
Summary
 Conclusions

Introduction of the WirelessHART architecture

Discussion of the challenges and solutions

Demonstration of a prototype WirelessHART network
 Future Works

Full-featured WirelessHART prototype

Network Manager

Co-existence with ZigBee and Bluetooth
Thank you!
Comments?