Embracing WLANs in the industrial market

By Mukesh Lulla TeamF1, Inc

By Ron Fredericks Embedded Components, Inc.

Industrial networks differ in some key characteristics from their enterprise counterparts, particularly in the area of security. This article discusses the trends toward use of wireless local area networks (WLANs) in an industrial context. It gives a perspective on some of the issues surrounding industrial protocols and focuses on new specifications related to IEEE 802.11 to improve security.

The realization of wireless networking as a mainstream technology is now clear as a result of a myriad of products available today that satisfy the demand driven by consumer and office applications. However, the adoption of this technology by industrial device manufacturers has been limited thanks to some significant challenges and security concerns involved in deploying the technology in industrial environments such as the plant floor.

In spite of this, there is no getting around the fact that significant interest in the industrial use of wireless technologies continues to be driven by its staggering advantages over cabled systems in harsh industrial environments and its use in difficult-to-wire equipment, such as those with moving parts or distributed over large areas. This, coupled with the fact that yesterday’s proprietary, closed control systems are giving way to open network architectures such as Ethernet, we see a WLAN future hurtling toward the industrial world at an incredible speed.

A quick WLAN primer
Before exploring the applicability of wireless local area networks (WLANs) to the industrial domain, let’s start by introducing some of the standards that are relevant to this technology. While wireless networks can include wide area cellular networks (including the newer 3G data/voice variants) and the varied technologies geared toward local area network (LAN) use, the most predominant WLAN technology is 802.11 networking — named after the IEEE 802.11 committee that defined the standards for it. The IEEE 802.11 specifications define a wireless LAN that operates in the 2.4-5 GHz range and currently provides data transmission rates of 1 Mbps – 54 Mbps, using various modulation techniques. The Wi-Fi Alliance industry group further evangelized 802.11 networking by helping promote interoperability standards and certification procedures required of 802.11 devices to be Wi-Fi compliant. Unlike some of the earlier wireless LAN technologies that sputtered before gaining momentum, adoption of 802.11/Wi-Fi standards for home and enterprise networks has proceeded at a breakneck pace. With the tremendous popularity of this technology, cost of Wi-Fi components has also come down drastically while quality, reliability, and security have improved as the alphabet soup of 802.11 standards have evolved. A natural outcome of this has been that these technologies are now ripe for uses beyond the standard home/office network setup.

Typical industrial network topology
To recognize the role of traditional industrial networks, it is helpful to visualize the various computer and device systems used in an industrial or manufacturing facility as being divided into three types of networks as shown in Figure 1.

Figure 1

Office networks in an industrial facility mimic that of any typical office, supporting common functions such as database services, desktop computing, e-mail, intranet, Internet, and other communication/data services. However, the office network in this case is also connected to the rest of the plant for such purposes as sales, inventory, and maintenance operations.

Operations personnel such as plant operation engineers, production managers, and batch operators use control networks for performing batch and process monitoring/control typically in areas of real-time control, which can be vital to a plant’s operation. Systems on a control network may also include SCADA (System Control and Data Acquisition, Supervisory Control and Data Acquisition, Security, Control and Data Acquisition) and M2M (Man to Machine) interfaces. In some cases, they may include many of the same computer systems found in the office and embedded devices such as redundant Ethernet switches, real-time monitoring systems with special control panels, and display devices, although the applications are different from those in an office network.

Device networks are the most diverse and the most automated of the three networks, and include different specialized embedded and electrical systems such as programmable logic controllers (PLCs), fieldbus-enabled equipment for measuring flows, temperatures, vibrations, liquid and gas volumes, sensor panels, motion control, pressure, fluid, gas, and heat controllers. Several of the common open fieldbus standards, such as PROFIBUS, Modbus, DeviceNet, and CANopen have traditionally been used in industrial device networks.

Trend toward standards
The trend toward open standards for industrial networks has been underway for many years now. Ethernet has emerged as the de facto hardware standard and the adoption of TCP/IP for use in industrial networks has also recently gained ground. Examples include PROFIBUS now offering ProfiNet and Modbus now offering Modbus TCP. Control networks now use real-time extensions unique to a particular standard over Ethernet as a common hardware transport. Upper layers of the network stack typically use the ubiquitous TCP/IP or a more recent real-time control standard called EtherNet/IP, which uses UDP packets in addition to TCP/IP to add improved real-time control. Ethernet is thus emerging as a clear and pervasive standard for control networks, making it convenient to connect to office networks as well for improved cost efficiencies.

In device networks, there still exist competing technologies including some of those used in control networks. Table 1 lists common fieldbus technologies and networks they are used in, each with its unique cabling requirements and competing open standards or organizations representing the standards. A significant issue in industrial networks used to be the connectivity between one fieldbus network standard to the next and then back to the control network, requiring the use of converters and adapters, which Ethernet has served to alleviate to a large extent as well.

Table 1
Industrial Protocol Standards

Why industrial WLANs?
While not without its practical difficulties, the migration to Ethernet and TCP/IP for industrial protocols makes the transition to WLANs an almost obvious next step since it complements the use of TCP/IP. Furthermore, 802.11/Wi-Fi WLANs are based on similar principles as Ethernet – in fact, they were for the longest time referred to as Wireless Ethernet. The typical Wi-Fi server (an access point or wireless router) can offer a wired (Ethernet) point of connection to an existing network and a radio antenna or air interface to bring wireless devices to bear on the factory’s control or device network using radio waves.

There are many good reasons to consider WLANs for the control network on the factory floor. In addition to the basic mobility aspects of WLANs that are such an asset to office networks, the control floor also has some unique safety issues that WLANs can help address. For example, WLANs may be used to seek out current operational data and manage a controlled shutdown procedure remotely and allow the proliferation of control points such as safety shutoff valves and other mechanisms much more conveniently than a wired network. Furthermore, the controlled equipment may also be installed near wet, moist, or corrosive materials that could damage physical wires and plugs.

On device networks, too, WLANs present several unique advantages beyond those in office networks. Remote device maintenance and monitoring becomes quite convenient if a device is networked wirelessly. This is especially true for devices that are not easily reached because of their physical location in the plant (such as dangerous or harsh operating environments, or restricted areas in the plant). In addition to maintenance, basic wireless connectivity of devices located on moving parts such as in a wind tunnel, robotic, or motor-controlled system is optimal compared to physically wiring a system that can be problematic, especially in corrosive or harsh environments. In other words, WLANs can be used to untether difficult connections and allow for measurements at the source without passing through various intermediate connector devices. Last, but not the least, WLANs make it easier to come up with proof-of-concept networked systems in an industrial environment without expensive prototyping.

Moving Wi-Fi to the industrial environment
So, with all the advantages that wireless technologies bring to an industrial network, is now the time to embrace Wi-Fi WLANs? Challenges specific to the use of WLANs in industrial applications may go beyond those of adapting WLANs to the enterprise. For example, extensions for real-time response on industrial Ethernet networks have to be in place before adopting Wi-Fi. Furthermore, radio interference caused by or affecting Wi-Fi networks are important factors to be considered, especially in electrically noisy industrial environments since noise can degrade the performance and predictability of a Wi-Fi network that relies on unregulated radio frequency bands for its transport. Another key factor to consider is the fast-moving world of Wi-Fi standards, which, for all its evolving benefits, may involve constantly changing technologies that are anathema to robust, minimal downtime industrial networks that favor consistent functionality over frequent upgrade cycles. Lastly, the security of such networks needs to be industrial-strength and should not rely on patch-management as a security policy, as enterprise networks have grown used to. The ability to support different generations of 802.11 security and networking standards concurrently is a big plus to engender graceful obsolescence and incremental upgrades.

The wireless security problem
While initial concerns about the use of WLANs may have been grounded in fact, recent advances in the areas of security have addressed the most insidious of the problems holding back acceptance of WLANs in industrial systems. New standards address many link security concerns while still maintaining and, in fact, enhancing the mobility and untethered aspects of a wireless LAN that are key to its acceptance in industrial networks.

The inherent link security problem in a WLAN stems from its very strength — its wirelessness. Since wireless technologies make use of a shared medium, in other words, airwaves, with no well-defined physical boundary that can be protected, the link is not as secure against eavesdropping as a wired one, and it is also difficult to restrict network access to a set of authorized users. The security mechanism proposed in the initial 802.11 standards was, in a moment of misplaced bluster, named Wired Equivalent Privacy (WEP) but it turned out to be flawed. Newer industry standards such as Wireless Protected Access (WPA) provide important fixes for issues that plagued the legacy WEP and at the same time maintain legacy compatibility with WEP encryption hardware. WPA2 and the recently ratified IEEE 802.11i standard add further security enhancements to WPA, including use of the Advanced Encryption Standard (AES) block cipher in the form of Counter Mode CBC-MAC Protocol (CCMP) and stronger integrity check mechanisms. Table 2 outlines the significant differences between various generations of Wi-Fi security technologies.

Table 2
Wireless Security Comparison

In the presence of strong link security, privacy and integrity of network data are maintained, but there still exists the possibility of other attacks that may allow an intruder to act as a valid client connecting to the network, or as an evil twin access point masquerading as a valid access point to hijack client credentials (or worse). Other means of defending against attacks such as MAC filtering, which inventories valid client MAC addresses that can connect to the WLAN and denies access to all others, and access control/blocking of network nodes are required to reduce the chances of unintentional or casual access to the wireless network. Mechanisms that monitor for rogue access points are also an integral part of industrial WLAN security.

Finally, secure management of devices that form the industrial WLAN and LAN infrastructure is a frequently overlooked item that can turn out to be the Achilles heel of an industrial network. Management capabilities allowing for remotely controlling the configuration, upgrades, and provisioning of the network infrastructure devices in all three types of industrial networks need to be upgraded to secure versions of protocols such as:

• SSH (a secure replacement for Telnet)
• HTTPS (HTTP over secure sockets using SSL/TLS)
• SNMPv3 (a secure version of SNMP)
• SFTP/SCP (a secure replacement for FTP) to ensure security in a wireless environment where perimeter firewalls alone cannot be relied upon to create private networks.

In many applications, strong user or device authentication requirements may necessitate the use of independent authentication mechanisms such as Kerberos or embedded digital certificates for cryptographically secure access mechanisms.

The new factory floor
Over the past decade, WLANs have revolutionized networks in the enterprise and at home. Industrial WLANs can help take this further and allow for integrated information flow, optimize production processes, increase automation capabilities, and reduce hazardous conditions. Network enabling process control equipment or devices does not need to be an expensive, time-consuming effort any longer. With concerns about wireless technologies out of the way, factories can lower their production costs by freeing themselves from wiring constraints and taking advantage of full electrical isolation, convenient maintenance, and reduced installation by leveraging a cable-free environment. New mobile device policies can now be implemented for maintenance workers and emergency crews that improve plant operational safety and costs. The use of Wi-Fi in the plant does not have to stop at making existing networks safer, cheaper, and more reliable. Driven by its growing acceptance, industrial networks that once were segmented into distinct proprietary pieces can now be collapsed cost-effectively into one without significant intrusion on the current physical infrastructure. Added intelligence can now be stuffed into wireless-enabled devices with secure embedded middleware that will lead to efficiencies of cost and scale never before thought possible.

. . . . .

Mukesh Lulla is the president and co-founder of TeamF1, Inc., an embedded software company specializing in security software for wireless applications. TeamF1’s portfolio of wireless products range from an out-of-the-box secure AP middleware package (Air Secure Access Point) for use in industrial embedded applications that require AP functionality, to turnkey packages for wireless switches.

To learn more, contact Mukesh at:

TeamF1, Inc.
39159 Paseo Padre Parkway #121
Fremont, CA 94538
Tel: 510-505-9931
E-mail: Mukesh.ies0510@TeamF1.com
Website: www.TeamF1.com

Ron Fredericks is the president of Embedded Components, Inc., Sunnyvale, California. Ron is the architect of a web and consulting service offering called Cycles of Efficiency (CoE) that helps engineering teams and device manufacturers seek out and integrate embedded components and tools more effectively from their vendors.

To learn more, contact Ron at:

Embedded Components, Inc.
233-i East Red Oak Drive
Sunnyvale, CA 94086
Tel: 408-390-1895
E-mail: ronf@embeddedcomponents.com
Website: www.EmbeddedComponents.com