Efficient integration of secure and safety critical industrial wireless sensor networks
© Åkerberg et al; licensee Springer. 2011
Received: 12 January 2011
Accepted: 18 September 2011
Published: 18 September 2011
Wireless communication has gained more interest in industrial automation due to flexibility, mobility, and cost reduction. Wireless systems, in general, require additional and different engineering and maintenance tasks, for example cryptographic key management. This is an important aspect that needs to be addressed before wireless systems can be deployed and maintained efficiently in the industry.
In this paper, we take an holistic approach that addresses safety and security regardless of the underlying media. In our proposed framework we introduce security modules which can be retrofitted to provide end-to-end integrity and authentication measures by utilizing the black channel concept. With the proposed approach, we can extend and provide end-to-end security as well as functional safety using existing automation equipment and standards, such as Profisafe, Profinet IO, and WirelessHART. Furthermore, we improve the WirelessHART standard with periodic and deterministic downlink transmissions to enable efficient usage of wireless actuators, as well as improving the performance of functional safety protocols.
Recently the automation industry has shown a strong interest in migrating substantial parts of the traditionally wired industrial infrastructure to wireless technologies to improve flexibility, scalability, and efficiency, with a significant cost reduction. The main concerns about reliability, security, integration, along with the lack of device interoperability, have hampered the deployment rate. To address these concerns, WirelessHART , the first open and interoperable wireless communication standard especially designed for real-world industrial applications, was approved and released in 2007. ISA 100.11a is becoming a standard for process automation and factory automation . Many automatic meter reading, automatic metering infrastructure systems are being installed with ZigBee  or various proprietary solutions [4, 5].
Even though wireless communications offer many benefits, some wired fieldbuses will still remain within industrial communications. Therefore it is necessary to integrate these two technologies such that they interoperate seamlessly. The main problem to solve before wireless communication can be used and deployed efficiently is to develop an efficient and adequate solution for integrating wireless communication with existing fieldbuses and emerging field networks while supporting functional safety and security. This would enable an expansion of the communication effectively into areas where wired communication has challenges with respect to cost, mobility, or mechanical wear.
Most of the research work done in the field of wireless extension to traditional fieldbus communication lack in giving a complete solution to efficient integration. This article proposes a complete framework for providing secure and safe communication in wireless/wired networks. On top of that, we present a solution: periodic and deterministic transmissions from gateway to actuators in a WirelessHART network, which has never been shown before.
Related work: Industrial communication has progressed enormously in the last decade with the replacement of the traditional one-to-one connections between sensors/actuators and controllers by networked connections. In wired fieldbus communication, functional safety, security, and integration have been addressed with respect to Profibus and Profinet [, and the references therein]. In , Dzung et al. present a detailed survey about the security situation in the automation domain. In , Jasperneite and Feld describe Profinet and the usage in automation, which serves as a good introduction to the area. In addition, they propose two different approaches for tight integration of Profibus and Interbus using Profinet IO.
Wireless extensions of automation networks and fieldbuses have been researched in different forms. Willig et al. discuss many issues and solutions related to wireless fieldbus systems . In , Gungor and Hancke present the state-of-the-art of industrial wireless sensor networks and open research issues. In , Vitturi et al. present results from an experimental evaluation using experimental industrial application layer protocol on wireless systems. In , Ishii presents results on multiple backbone routers to enhance reliability on wireless systems for industrial automation. In , Miorandi and Vitturi analyzed the possibilities of implementing Profibus DP on hybrid wired/wireless networks, based on Ethernet and Bluetooth, respectively. In , Sousa and Ferreira discussed and described the role of simulation tools in order to validate wireless extensions of the Profibus protocol. Other related research work on wireless extensions for traditional Profibus can be found in [15–22].
Recently, WirelessHART has received a lot of attention in both academia and industrial automation. In , Lennvall et al. presented a performance comparison between the WirelessHART and ZigBee standards. Their conclusion was that ZigBee is not suitable for wireless industrial applications due to poor performance, and security is optional while in the WirelessHART standard it is mandatory. Security in industrial wireless sensor networks have been heavily discussed and in , Raza et al. presented a security analysis of the WirelessHART protocol against well known threats in the wireless media. WirelessHART has also been considered for control applications in process automation . In , Nixon et al. presented an approach to meet the control performance requirements using a wireless mesh network (e.g., WirelessHART). Their main conclusion was that device and network operation must be synchronized.
Functional safety and communication in open transmission systems have been laid down in IEC 62280-2 , and Deuter et al. address this in their work with Virtual Automation Networks (VAN) . In , Trikaliotis and Gnad evaluate different mapping solutions for WirelessHART integration. However, their work has not considered how to deal with WirelessHART specific functionality, engineering efficiency, or secure and safety-critical communication. There are ongoing standardization activities for integrating WirelessHART devices into Profibus/Profinet networks within Profibus International and wireless cooperation team. However, the main difference is that we take a holistic approach including safety and security that is not considered for standardization so far.
Contributions: Our detailed contributions in this paper can be summarized as follows:
We propose and demonstrate a framework for wired and wireless communication addressing both functional safety and security. The framework is based on the black channel  concept and provides end-to-end security using security modules and existing functional safety protocols.
We demonstrate the proposed framework with a proof-of-concept implementation using Profisafe, Profinet IO, and WirelessHART using an industrial control system. The integration method allows security and safety-related configuration to be engineered and downloaded to the WirelessHART network. This approach is novel as previous work has not considered security nor safety.
We propose a new service called periodic downlink transmission for WirelessHART, that enables periodic and deterministic transmissions from gateway to WirelessHART actuators. This service enables the use of wireless actuators to be part of a control loop, or actuators with timing constraints. In addition, the service improves the safety function response time with a factor of 8, when using Profisafe on WirelessHART.
Outline: The reminder of the paper is organized as follows. In Section 2 the basics of the most important technologies used in this paper are introduced. In Section 3 we present a framework for safe and secure communication. In Section 4 we use the proposed framework, to realize and evaluate safe and secure communication using Profinet IO, WirelessHART, and Profisafe. Then, in Section 6 we propose an improvement for WirelessHART to enable periodic and deterministic data transfer to actuators, which is of importance for wireless control. Finally, in Section 7 we conclude the paper.
In this section we will present the basics of the technologies used in this paper. We start with the industrial Ethernet protocol Profinet IO, then we present the WirelessHART technology. Finally we introduce the safety protocol Profisafe.
A. Profinet IO
Profinet IO is one of the Ethernet-based fieldbus protocols from the IEC 61784 standard and is the successor of Profibus. Profinet IO uses switched 100 Mbit/s networks to transmit both real-time and non real-time data. For non real-time communication, Remote Procedure Calls (RPC) are used on top of UDP/IP. For real-time data, a dedicated layer is defined on top of Ethernet. The application layer can either communicate via RPCs or directly on the real-time channel [31–33].
Profinet IO uses virtual local area network (VLAN)  on top of the Ethernet layer to be able to prioritize real-time frames over non-real-time frames in the switches. The Profinet IO real-time protocol resides on top of the VLAN layer. The Profinet IO Payload Data Unit can carry at most 1412 bytes I/O data including IO Producer Status (IOPS) and IO Consumer Status (IOCS) . The upper restriction in I/O length is due to the fact that a Profinet IO real-time frame must fit into one Ethernet frame to avoid fragmentation of messages.
WirelessHART is a reliable and secure mesh networking technology designed for process measurement, control, and asset management applications. It operates in the 2.4 GHz ISM band, utilizing IEEE 802.15.4 compatible direct sequence spread spectrum (DSSS) radios, channel hopping, and time division multiple access (TDMA). All devices are time synchronized and communicate in pre-scheduled fixed length time-slots. Time slots are grouped together into superframes which are repeated according to a specified rate.
WirelessHART is a robust network technology which provides 99.9% end-to-end reliability in industrial process environments . This is achieved through the use of channel hopping and self-healing capabilities of the mesh network. When paths deteriorate or become obstructed the self-healing property of the network ensures it will repair itself and find alternate paths around obstructions.
A gateway: It connects the control system to the wireless network.
An access point: Is usually part of the gateway and acts as the radio interface, and multiple AP's are making it possible to communicate on different channels in parallel.
A network manager: Is normally part of the gateway and is responsible for managing the wireless network.
A security manager: Manages and distributes security encryption keys, and also holds the list of devices authorized to join the network.
Field devices: These are devices directly connected to the process (measurement and control), or equipment (asset monitoring) or adapters which connects wired HART devices to the wireless network (retrofit).
WirelessHART is a secure and reliable protocol, which uses the advanced encryption standard (AES) with 128 bit block ciphers. A counter with Cipher block chaining message authentication code mode (CCM) is used to encrypt messages and calculate the message integrity code (MIC). The standard supports end-to-end, per-hop, and peer-to-peer security. End-to-end security is provided on the network layer, while the data link layer provides per-hop security between the two neighboring devices. Peer-to-peer security is provided for secure one-to-one sessions between field devices and handhelds during configuration. WirelessHART devices need a join key to join the network securely. The join key can be individual, or the same for the complete network. When a device joins the network for the first time, the join key needs to be programmed via a local port.
C. Black channel and Profisafe
3. Proposed framework for safe and secure communication
As in the case of safety protocols, our approach adds more or less redundancy in certain layers depending on the functionality provided by the black channel. The advantage of our proposed framework is that the underlying technologies and standards belonging to the black channel do not have to provide specific functionality, as the upper layers do not rely on them. To exemplify, if a security layer is added, there will in some cases be a redundancy in the wireless segment, but the wired segment will be protected. The trade-off for end-to-end security could be partially overlapping security measures. However, end-to-end security is achieved even if there is partial security in a subsystem. Nevertheless, a certain degree of redundancy with respect to security is desired. For example, security measures in the wireless segments need a secure mechanism for joining the network for authorized access. Secondly, a common term in the context of security is defense-in-depth, i.e., several layers of security mechanisms are deployed to make it more difficult to bypass the security measures. Therefore, redundancy with respect to security, or in other words, defense-in-depth, has advantages. In summary, our proposed framework is based on the black channel and provides a general solution for end-to-end security and safety in wired/wireless networks and is transparent to the underlying transmission media.
4. Seamless integration of safe and secure wired/wireless communication
In this section we demonstrate our proposed framework using existing automation equipment and standards, addressing safety and security, using Profinet IO, Profisafe, and WirelessHART. In order to retrofit security in Profinet IO we introduce a concept called security modules. In this work, we have chosen the aforementioned technologies, but other technologies can also be used, since our proposed framework is technology independent. Different technologies (ISA100.11a, IEEE 802.15.4) will most likely achieve a different level of integration, engineering efficiency, and run-time performance, but still achieve safe and secure end-to-end communication.
It is not sufficient today in the industry only to provide gateway (GW) functionality, since that introduces a set of challenges for the end-users during the complete life-cycle. When new technologies are introduced, either as replacement or as a complement to existing technologies, it is expected that the new technologies and solutions are equivalent to or better than existing technologies and solutions. Therefore we start by presenting an integration method, which allows seamless integration of WirelessHART in automation systems using Profinet IO.
A. Communication model
From the Profinet IO device model, illustrated in Figure 1, it can be seen that a subslot (instance of a submodule) allows for example both IO Data and Record Data, where the former is used to transport process values from and to the devices, and the latter to transport device configuration data. It is also possible for subslots to transfer diagnostic data, such as process or device alarms. Hence, the concept of subslots (submodules) is central in modeling Profinet IO devices. The concept of a slot (instance of a module), will be treated as a container grouping subslots into physical or logical units.
The last submodules represent different HART Commands that have IO Data and Record Data, i.e. burst rate, burst mode, burst message, and safety related configuration, that the DCS will download to the WirelessHART device. In this way, all WirelessHART devices and HART Commands can be modeled, and most important be configured and maintained in a central engineering system.
The main advantage of our proposed integration method is that the already existing engineering tools in the DCS can be used to engineer and maintain the WirelessHART networks at a central location, in the same way as existing field devices. In addition, engineering and maintenance of the WirelessHART devices is simplified, as the configuration will be automatically downloaded after replacement of faulty components, thus reducing the down time. Moreover, the separation of HART commands, physical and logical units in the model simplifies both the design of the gateway and most important the usage of the gateway when considering safety and security. Other existing integration work or methods can be used as well, but will most probably not be beneficial to use with respect to safety, end-to-end security, as well as engineering and maintenance efforts of the latter.
B. On-demand configuration data
Our solution transmits the keys on-demand in plain text from the engineering station to the WirelessHART gateway, by using the Discovery and Configuration Protocol (DCP) provided by Profinet IO. The keys are programmed in non-volatile memory in the WirelessHART gateway by using write-only Manufacturer Specific Parameters, and are distributed by the WirelessHART gateway in ciphertext to the WirelessHART devices. Doing it in this way, the cryptographic keys are assigned in the same way, using the same engineering tool, as IP-addresses for Profinet IO field devices without any changes in the Profinet IO standard. security modules use the same concept , and this enables a simple key distribution mechanism for Profinet IO and WirelessHART. Distribution of security-relevant data should in general be transmitted with additional protection compared to for example IP-addresses. However, this additional protection, e.g., encryption, needs major changes in the Profinet IO standard and has therefore neither been further investigated nor implemented. This approach supports the process of automatic key updates, by replacing the manual process with an automatic service that updates the keys on a regular basis. The join key and the Network ID of the WirelessHART Device must initially be configured via some local port for security reasons; otherwise the WirelessHART Device cannot join the network and create a secure channel for key updates. Key distribution is mostly the weakest link, even in this case, and is a general and known problem within the area of automation. Our proposed solution is to be treated as an intermediate solution for key distribution until a proper standard suiting the needs of automation is developed. Nevertheless, our proposed solution bridges an important gap towards security for automation equipment at field level.
C. Communication with security modules
Security for industrial field networks is also important when deploying a defense-in-depth strategy. security modules is a concept that makes it possible to retrofit a security layer on top of Profinet IO, without changing the underlying transmission system or standards. By using security modules on top of Profinet IO, end-to-end network security can be achieved and ensure authentication, integrity and confidentiality for real-time communication. security modules are modeled in the GSD file in addition to the already existing modules. In this way, depending on the actual security risk assessment, security modules or standard modules can be instantiated and coexist. The security modules extend the I/O data with a security layer, mainly to protect the integrity and authentication of the I/O data in Profinet IO. The cryptographic keys to be used with security modules are distributed using the same method as described in Section 4-B. Thus, the concept of security modules fits nicely together with the WirelessHART integration using Profinet IO. By combining security modules with the proposed WirelessHART integration, we consider security both for wired and wireless fieldbus communication, using the principle of the black channel.
D. Safety function response time
One of the most important metrics for safety-critical applications is the time between a detected error and the transition to a safe state. In Profisafe, the Safety Function Response Time (SFRT ) specifies the worst-case time before a safe state is achieved in the presence of errors or failures in the safety function . Depending on the application, the requirements of SFRT range from milliseconds to seconds. The SFRT for our approach can be described and derived, using the same notation as in IEC 61784-3-3, as follows.
where Tcy P N I O is the period time of Profinet IO, and Tcy W H is the period time of WirelessHART, and finally WCDT GW is the worst case delay time of the Profinet IO/WirelessHART gateway.
where defines the total worst case delay time and maxi = 1,2,..., n(WDTime i - WCDT i ) adds the maximum difference between an entity's watchdog timeout and worst case delay time. Thus, the SFRT is the sum of all worst case delays and the largest watchdog margin to avoid spurious failsafe trips.
5. Implementation and performance evaluation
Values used for the calculations of the safety function response time (SFRT )1.
One fault delay time
Device acknowledgment time
Host acknowledgment time
Period time of DCS
Period time of Profinet IO
Period time of WirelessHART
Worse case delay time of DCS
Worse case delay time of GW
6. Periodic downlink transmission in WirelessHART
Based on the observations from the proof-of-concept implementation, we extend WirelessHART services in this section to support deterministic and periodic downlink transmissions to allow actuators and safety protocols more efficiently.
The WirelessHART standard targets industrial control system applications, thus we need to include actuators as a part of WirelessHART, to enable it to be used in representative industrial applications. Typically actuators require deterministic communication, thus best-effort communication is not sufficient in most cases.
A. Distributed control systems and WirelessHART
Traditionally, DCS periodically acquire data from sensors, execute a control application, and finally set the output values for the actuators. Typical period times for DCS's in process automation range from 250ms to 1s; however both faster (10 ms) and slower (5 s) period times exist. In the case where the period time is in the range of 10 ms WirelessHART is not the technology to be used. In that case, WISA can be used that is designed for update rates down to 10 ms.
Using best-effort communication for distributing set-points for actuators in industrial control systems is far from optimal. To achieve good results from a control perspective, jitter and delays should be reduced as far as possible. All the set-points for the actuators need to be distributed back to the devices within the same cycle.
B. Proposed downlink transmission
We propose a novel solution where the WirelessHART Network Manager can schedule several outgoing slots (downlink transmission) from the gateway to the devices within the same cycle.
The proposed solution includes a new WirelessHART command that the control application can use to request periodic transmissions to be set up to the actuators (outgoing slots). A new WirelessHART command is necessary, as existing commands to initiate periodic transmissions assume that the network manager is the data sink. Since the typical period WirelessHART period is 250 ms - 1 s and a WirelessHART slot is 10 ms one can easily deduce that the maximum number of successive slots for an access point ranges from 25 to 100 slots if all nodes have a direct link to the network manager, and use only one channel at a time given the radio constraints. If a DCS serves as many sensors as actuators, there will only fit 12 incoming slots for sensor data, and 12 slots for actuator data, given a period time of 250 ms. This is because we only have 25 slots available in 250 ms, if all nodes have a direct link to the network manager. The WirelessHART standard communicate on 15 channels, hence, theoretically, adding 14 access points could increase the number of available slots 15 times, if the access points are scheduled to communicate simultaneously on different channels in parallel. Adding several access points make it possible to scale up the number of available slots from 375 to 1500, depending on the assumed period time of 250 ms to 1 s.
The packet in the WirelessHART standard can only travel one hop per slot. This introduces delays for devices which are several hops away from the gateway. Another issue is that a device usually either only can listen for a packet, or send a packet simultaneously. Relaying other devices' data will decrease the number of available slots, and could even increase the minimum allowed DCS period. Clustering the network is a solution which could reduce delays by creating simple one-hop clusters around several gateways, or Access Points if several are used. However, in order to create good network clustering proper planning of the architecture is important.
Thus we can significantly improve the SFRT by 4(3400 - 250) = 12600 ms and reach a SFRT of 1.9 s, by implementing the improved WirelessHART functionality, as proposed in this paper. The proposed method improves the SFRT by almost a factor 8. In practice the improvement will be much better, since the problem is the downstream data from the WirelessHART GW to the WirelessHART device, which takes approximately 3.4 s, which is used for Tcy W H in Table 1. This figure is an average, as the data is transmitted in a best effort manner and the jitter is very high. Thus the proposed improvement will not only contribute to the SFRT, but also minimize nuisance trips, as the jitter will be dramatically improved. The improvement in jitter is expected to be in the same range as shown in the upper graphs of Figure 9 as downlink slots are allocated in advance.
Today the wired fieldbuses are complemented with wireless devices and are moving towards the use of wireless infrastructures. Using wireless infrastructures within automation demands solutions with the same properties, such as safety and security, which exist today in the wired case. Today there exists no solution that considers functional safety for wireless sensor networks and the wired fieldbuses lack security extensions within the context of industrial automation. The lack of these features will become a severe problem since scalable and modular solutions cannot be provided when integrating new wired/wireless devices into existing automation systems.
In this paper we have taken an holistic approach to wireless sensor networks in automation, and propose an integration framework of wireless sensor networks. Our proposal is based upon the principle of the black channel and security modules where safety and security measures can be deployed and co-exist depending of current requirements. security modules is a concept where a security layer, providing measures for end-to-end integrity and authentication that can be retrofitted on existing automation systems. We demonstrate that the proposed framework can be applied on a industrial automation system using Profisafe, Profinet IO, and WirelessHART.
Our performance measurements clearly indicate that periodic and deterministic downlink transmissions from the WirelessHART gateway to the WirelessHART devices are needed. Therefore, we extend WirelessHART with periodic and deterministic downlink transmissions, to deal with this problem. In addition, we also solve the general problem of using WirelessHART for control applications, enabling the usage of WirelessHART actuators that require periodic and deterministic transfer of set-points for successful operation.
- Hart 7 specification2010. [http://www.hartcomm.org/]
- Isa 100: wireless systems for automation.2010. [http://www.isa.org/isa100]Google Scholar
- Zigbee alliance2010. [http://www.zigbee.org]
- Hardy L, Gafen M: A new highly-synchronized wireless mesh network model in use by the electric company to switch to automatic meter reading, Case study. 5th International Conference on Networked Sensing Systems, 2008. INSS 2008 2008, 31-34.Google Scholar
- Zhong T, Peng Z, Haibin Y, Hong W: Zigbee-based wireless extension of foundation fieldbus. 6th IEEE International Conference on Industrial Informatics 2008, 661-666.Google Scholar
- Åkerberg J: On security in safety-critical process control, Licentiate thesis, November 2009.[http://www.iss.mdh.se/index.php?choice=publications&id=2081]Google Scholar
- Dzung D, Naedele M, Von Hoff T, Crevatin M: Security for industrial communication systems. Proc IEEE 2005, 93(6):1152-1177.View ArticleGoogle Scholar
- Jasperneite J, Feld J: Profinet: An integration platform for heterogeneous industrial communication systems. IEEE Conference on Emerging Technologies and Factory Automation 2005, 1: 815-822.View ArticleGoogle Scholar
- Willig A, Matheus K, Wolisz A: Wireless technology in industrial networks. Proc IEEE 2005, 93(6):1130-1151.View ArticleGoogle Scholar
- Gungor V, Hancke G: Industrial wireless sensor networks: Challenges, design principles, and technical approaches. IEEE Trans Ind Elec 2009, 56(10):4258-4265.View ArticleGoogle Scholar
- Vitturi S, Carreras I, Miorandi D, Schenato L, Sona A: Experimental evaluation of an industrial application layer protocol over wireless systems. IEEE Trans Ind Inf 2007, 3(4):275-288.View ArticleGoogle Scholar
- Ishii Y: Exploiting backbone routing redundancy in industrial wireless systems. IEEE Trans Ind Elec 2009, 56(10):4288-4295.View ArticleGoogle Scholar
- Miorandi D, Vitturi S: A wireless extension of profibus dp based on the bluetooth system. Comput Commun 2004, 27(10):946-960. 10.1016/j.comcom.2002.01.001View ArticleGoogle Scholar
- Sousa PB, Ferreira LL: Hybrid wired/wireless profibus architectures: Performance study based on simulation models. EURASIP J Wireless Commun Netw 2010, 2010(Article ID 845792):25 pages.Google Scholar
- Lee KC, Lee S: Integrated network of profibus-dp and ieee 802.11 wireless lan with hard real-time requirement. IEEE International Symposium on Industrial Electronics 3(2001):1484-1489.Google Scholar
- Rauchhaupt L: System and device architecture of a radio based fieldbus-the rfieldbus system. 4th IEEE International Workshop on Factory Communication Systems 2002, 185-192.View ArticleGoogle Scholar
- Willig A: Polling-based mac protocols for improving real-time performance in a wireless profibus. IEEE Trans Ind Elec 2003, 50(4):806-817. 10.1109/TIE.2003.814992View ArticleGoogle Scholar
- Koulamas C, Koubias S, Papadopoulos G: Using cut-through forwarding to retain the real-time properties of profibus over hybrid wired/wireless architectures. IEEE Trans Ind Elec 2004, 51(6):1208-1217. 10.1109/TIE.2004.839429View ArticleGoogle Scholar
- Decotignie J-D: Interconnection of Wireline and Wireless Fieldbusses. In Industrial Electronics Series, The Industrial Information Technology Handbook. Edited by: R Zurawski. CRC Press, Boca Raton, FL; 2005.Google Scholar
- Alves M, Tovar E: Engineering profibus networks with heterogeneous transmission media. Comput Commun 2006, 30(1):17-32. 10.1016/j.comcom.2006.07.011View ArticleGoogle Scholar
- Korber H-J, Wattar H, Scholl G: Modular wireless real-time sensor/actuator network for factory automation applications. IEEE Trans Ind Inf 2007, 3(2):111-119.View ArticleGoogle Scholar
- Kjellsson J, Vallestad A, Steigmann R, Dzung D: Integration of a wireless I/O interface for profibus and profinet for factory automation. IEEE Trans Ind Elec 2009, 56(10):4279-4287.View ArticleGoogle Scholar
- Lennvall T, Svensson S, Hekland F: A comparison of wirelesshart and zigbee for industrial applications. IEEE International Workshop on Factory Communication Systems 2008, 85-88.Google Scholar
- Raza S, Slabbert A, Voigt T, Landernäs K: Security considerations for the wirelesshart protocol. 14th International IEEE Conference on Emerging Technologies and Factory Automation 2009, 1-8.Google Scholar
- Song J, Han S, Mok A, Chen D, Lucas M, Nixon M: Wirelesshart: Applying wireless technology in real-time industrial process control. IEEE Real-Time and Embedded Technology and Applications Symposium 2008, 377-386.Google Scholar
- Nixon M, Chen D, Blevins T, Mok A: Meeting control performance over a wireless mesh network. IEEE International Conference on Automation Science and Engineering (CASE) 2008, 540-547.Google Scholar
- IEC 62280-2: Railway applications--Communication, signaling and processing systems--Part 2: Safety-related communication in open transmission systems. International Electrotechnical Commission 2002.Google Scholar
- Deuter A, Horn S, Wolframm M, Adamczyk H: Safety-related data transfer in secure virtual automation networks. SICE Annual Conference 2008, 2208-2214.Google Scholar
- Trikaliotis S, Gnad A: Mapping wirelesshart into profinet and profibus fieldbusses. 14th International IEEE Conference on Emerging Technologies and Factory Automation 2009, 1-4.Google Scholar
- Åkerberg J, Reichenbach F, Björkman M: Enabling safety-critical wireless communication using wirelesshart and profisafe. IEEE Conference on Emerging Technologies and Factory Automation (ETFA) 2010, 1-8.Google Scholar
- IEC 61158-5-10: Industrial communication networks--Fieldbus specifications--Part 5-10: Application layer service definition--Type 10 elements. International Electrotechnical Commission 2007.Google Scholar
- IEC 61158-6-10: Industrial communication networks--Fieldbus specifications--Part 6-10: Application layer protocol specification--Type 10 elements. International Electrotechnical Commission 2007.Google Scholar
- Kleines H, Detert S, Drochner M, Suxdorf F: Performance aspects of profinet IO. IEEE Trans Nucl Sci 2008, 55(1):290-294.View ArticleGoogle Scholar
- GSDML Specification for PROFINET IO. Version 2.20 PROFIBUS Neutzerorganisation e.V., Germany; 2008.Google Scholar
- McPherson D, Dykes B: VLAN Aggregation for Efficient IP Address Allocation. RFC 3069. Amber Networks, Inc., Milpitas, CA; 2001.Google Scholar
- IEC 61784-3: Industrial communication networks--Profiles--Part 3: Functional safety fieldbuses--General rules and profile definitions. International Electrotechnical Commission 2007.Google Scholar
- IEC 62280-1: Railway applications--Communication, signaling and processing systems--Part 1: Safety-related communication in closed transmission systems. International Electrotechnical Commission 2002.Google Scholar
- IEC 61784-3-3: Industrial communication networks--Profiles-Part 3-3: Functional safety fieldbuses--Additional specifications for CPF 3. International Electrotechnical Commission 2007.Google Scholar
- Åkerberg J, Björkman M: Exploring network security in profisafe. In Proceedings of the 28th International Conference on Computer Safety, Reliability, and Security (SAFECOMP '09). Berlin, Heidelberg, Springer, September; 2009:67-80.View ArticleGoogle Scholar
- Miihlhause M, Diedrich C, Riedl M, Schmidt D: Formalised specification of a test tool for safety related communication. IEEE Conference on Emerging Technologies and Factory Automation, 2007 2007, 38-44.View ArticleGoogle Scholar
- Åkerberg J, Björkman M: Introducing security modules in profinetio. 14th International IEEE Conference on Emerging Technologies and Factory Automation 2009, 1-8.Google Scholar
This article is published under license to BioMed Central Ltd. This is an Open Access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/2.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.