WirelessHART employs robust security measures to protect the network and secure data at all times. These measures include the latest security techniques to provide the highest levels of protection available.
Security is built in and cannot be disabled. Security is implemented with end-to-end sessions utilizing industry standard AES-128-bit encryption – approved by the National Security Agency (NSA) for top secret information. These sessions ensure that messages are enciphered such that only the final destination can decipher and use the payload created by a source device.
To be a credible threat, an attacker must possess access, knowledge, and motivation. The WirelessHART technology Security architecture helps users address all three of these areas:
Wireless Sensor Network Security can be broken down into two main categories:
Security features associated with privacy aim to prevent eavesdropping by unauthorized devices inside or outside the network. A WirelessHART sensor network provides end-to-end CCM mode 128-bit AES encryption at the network/transport layer for every message in the network. In addition to individual session keys, a common network key is shared among all devices on a network to facilitate broadcast activity as needed. Encryption keys can be rotated as dictated by plant security policy to provide an even higher level of protection.A separate 128-bit join encryption key is used to keep data private that is sent and received during the joining process.
|
|
Data Security features associated with integrity ensures that data sent over the wireless sensor network has not been tampered with or falsified.
![]() |
|
Data Integrity also involves verifying that the packet has come from the correct source. The network/transport layer message integrity check field, the information used to generate the check field, and the sender/receiver unique session key that codes and decodes the data are tools that can be used to verify the source.
A wireless sensor network also needs tools to protect it against attacks. These attacks can attempt to compromise the network by inserting trojan horse devices, impersonating networks to get sensitive data from legitimate devices, and disrupting the network to deny service. Attacks can be launched from outside or inside the company by external people or employees. Successful network security depends upon techniques to support authentication, authorization and attack detection.
![]() |
|
Denial of service attacks are aimed at impairing the proper operation of the system by interfering with communications within the wireless sensor network. These attacks may try to jam the radio or they may try to overload a process like packet acknowledgments.
![]() |
|
![]() |
Join, network and session keys must be provided to the WirelessHART Network Manager…and join keys must be provided to Network Devices. These keys are used for device authentication and encryption of data in the network. The WirelessHART Security Manager is responsible for the generation, storage, and management of these keys. There is one Security Manager associated with each WirelessHART Network. The Security Manager may be a centralized function in some plant automation networks, servicing more than just one WirelessHART Network and in some cases other networks and applications. |
Learn more about WirelessHART security: