Whoami?
TroyMartin
Designed,installedandsupported:• “Carriergrade”networks• “Enterprisegrade”networks• “Industrialgrade”networks
@troymart
WirelessHART Standards&Features
• DefinedbyHARTfoundation• IEC62591• BasedonIEEE802.15.4• 2.4GHzISMDSS(2400– 2483.5MHz)
• Utilizes15channels(11– 25)• All15channelscanbeusedatthesametime• Abilitytoblacklistchannels
• Lowpower(batteryorscavengerpowered)• Spatial,SpectralandTemporaldiversity
WirelessHART Devices
• WirelessFieldDevices• WirelessHART Adapters• Gateway/AccessPoints• NetworkManagement• WirelessHandhelds
Operatesinthe2.4GHzISMband
IEEE802.11
IEEE802.15.4
CentreChannel(MHz) 26
248011
240512
241013
241514
242025
247524
247023
246522
246021
245520
245019
244518
244017
243516
243015
2425
12412
62437
112462
142484
2 3 4 5 7 8 9 10 12 13
5MHz22 MHz
5 MHz 2 MHz
Notgloballysupported
DatalinkPacketDataUnit(DLPDU)• 4typesofMACframe• Beaconframe• Dataframe• Acknowledgementframe• MACcommandframe
• PHYPacketFields• Preamble(32bits)– synchronization• StartofFrameDelimiter(8bits)• PSDUlength(8bits)• PSDU(0to1016bits)– Datafield
Preamble LengthSFD PSDU
0 x 41 Sequence Number
Address Specifier
Network ID CRCDLPDU
SpecifierSource Address
Destination Address MIC
DLL Payload
4
114
2 or 8211 2 or 8
2
1
Max 133 bytes
BeaconFrame
PHY Header
Frame Control
AddrSpecifier
Seq number
Network ID
Dest Addr
Src Addr
DLPDU Specifier CRCMIC
ASN Join Control
Channel Map
Channel Map Size
Graph ID
Number of Superframes
Super frame details
242 or 8216 2 or 8 111
215 Var1 Var1
0x41
DataFrame
AcknowledgementFrame• DataframesACK’d within10msslottimes
PHY Header
Frame Control
AddrSpecifier
Seq number
Network ID
Dest Addr
Src Addr
DLPDU Specifier CRCMIC
2 or 8216 2 or 8 111 24
Payload
0x41
PHY Header
Frame Control
AddrSpecifier
Seq number
Network ID
Dest Addr
Src Addr
DLPDU Specifier CRCMIC
2 or 8216 2 or 8 111 2
1
4
2
Status Time Adj
0x41 0x88
MACCommandFrame
• CommandFrameTypes• Associationrequest• Associationresponse• Disassociationnotification• Datarequest• PANIDconflictnotification
• OrphanNotification• Beaconrequest• Coordinatorrealignment• GTSrequest
Frame control
Data sequence number
Command type
Frame check
sequenceAddress
information Command payload
24 or 20 1 variable 2 1
MAC header MAC payload MAC footer
SuperFrame(optional)
Network Beacon - Transmitted by the network coordinator. Contains network information. frame structure and notification of pending node messagesBeacon Extension Period - Space reserved for beacon growth due to pending node messages
Contention Period - Access by any node using CSMA-CAGuaranteed Time Slot using TDMA - Reserved for nodes requiring guaranteed bandwidth [n = 0]
Contention Free PeriodContention access
WirelessHART Modifications• 2.4GHzPHY(IEEE)
• 250kb/s(4bits/symbol,62.5kBaud)• Datamodulationis16-aryOQPSKmodulation
• 16symbolsare~orthogonalsetof32-chipPNcodes
• ChipmodulationisMSKat2.0Mchips/s
• WirelessHART modification• MaxLayer2payloadis127bytes(DLPDU)• TDMA• Slottimesfixedat10ms• All15channelscouldbeusedsimultaneously• SamechannelisNOTusedconsecutively
• 802.15.4PHY(IEEE)• Alsosupports900MHz,justnotusedwithWirelessHART
ConstellationChartsQPSK
Q
Itime
time
Symbol Boundaries
Q
I
• Orthogonal–QPSK– attemptstopreventsignaltransitionsthrough’zero’
• Constantswitchingthrough‘zero’athighratescancausespectralregrowthatpoweramplifieroutput
OQPSKQ
Itime
time
Symbol Boundaries
Q
I
DesignBestPractices(viaEmerson)
• 100DevicesperGateway,nomorethan7-hopsfromGateway• RuleofFiveMinimum• 5deviceswithin1-hopfromGateway
• RuleofThree• Withinrangeof3neighbours
• RuleofPercentages• Place25% ofdeviceswithin1-hop ofGateway• Note:if>20%deviceshaveupdaterates<2s,setRuleofPercentages=50%
• RuleofMaximumDistance• Devicewithupdaterates<2seconds,shouldbe<=2-hops fromGateway
Source:http://www2.emersonprocess.com/siteadmincenter/PM%20Central%20Web%20Documents/EMR_WirelessHART_SysEngGuide.pdf
Security• NetworkID(‘think’SSID)
• Integerbetween0and65535• JoinKey(‘think’PSK)
• Globaloruniqueperdevice• SessionKey(‘think’SSL)– encryptbetweenendpoints• ASN – AbsoluteSlotNumber– (240 – 1)–timeslotcount
BestPractices• Neverusedefaultkeys• Userobustkeymanagement• Practicephysicalsecurity
AES128
WirelessHART - PacketCapturing
Wi-Analys• Captureall16channelssimultaneously• Windowsbasedsoftware
RzRaven• ZigBeesniffer(potentialtomodifyfirmwaretocaptureWirelessHART• Requires16units• Linuxbasedsoftware
AdditionalWirelessHART Resources• WirelessHART - definedbyHARTCommunicationFoundation(nowcalledFieldComm Group- https://fieldcommgroup.org/
• EmersonDesignGuidehttp://www2.emersonprocess.com/siteadmincenter/PM%20Central%20Web%20Documents/EMR_WirelessHART_SysEngGuide.pdf
• IEEE802.15.4-2006specificationhttp://standards.ieee.org/getieee802/download/802.15.4-2006.pdf
• IEC62591https://webstore.ansi.org/RecordDetail.aspx?sku=IEC+62591+Ed.+2.0+b%3a2016
• WirelessHART(TM):Real-TimeMeshNetworkforIndustrialAutomation
Recommended