This is our first attempt to explore the world of WirelessHART, to have a clearer perspective of what it is and how it works with a focus on data integrity and security. We also examine this protocol with reference to Wi-Fi alliances latest standards for security; WPA3 even with Emerson\u2019s bold statement that WirelessHART is not Wi-Fi. We take a dive into some of the concerns stakeholders have and how the HART foundation has addressed them.<\/p>\n\n\n\n Highway Addressable Remote Transducer \u2013 Wirelessly <\/strong> <\/p>\n\n\n\n WirelessHART is a wireless field device communication protocol that is part of the Highway Addressable Remote Transducer. It is a wireless mesh network communications protocol for process automation applications. WirelessHART was released in September 2007 as part of the HART 7 Specification. WirelessHART technology was designed to enable secure industrial wireless sensor network communications while ensuring ease-of-use was not compromised. The built-in security cannot be disabled. It uses Advanced Encryption Standard (AES) 128-bit encryption, which is implemented end-to-end. These sessions ensured that messages were enciphered in a way that only the destination could decipher and utilize the payload created by the source device. It adds wireless capabilities to the HART protocol while maintaining compatibility with existing HART devices, commands, and tools. <\/p>\n\n\n\n WirelessHART\u2019s security architecture helps owners and operators address all three of these areas: [3] <\/p>\n\n\n\n Each WirelessHART network includes three main elements: <\/p>\n\n\n\n The network uses the IEEE 802.15.4 radio operating at 2.4 GHz. The radios employ direct-sequence spread spectrum (DSSS) technology and channel hoping for communication security and reliability, and time division multiple access (TDMA) to ensure latency-controlled communications between devices on the network. <\/p>\n\n\n\n Major security features of the WirelessHART protocol are: <\/strong>[4] <\/p>\n\n\n\n The WirelessHART protocol has been specifically designed to provide the highest level of data security to industrial process automation applications. Combining the designed-in security features of WirelessHART with both operational technology (OT) and information technology (IT), network best practices will produce a high-performance wireless field device network that maximizes data availability, confidentiality, and integrity while dependably delivering industrial process data. <\/p>\n\n\n\n WPA3 \u2013 an Alternative to WirelessHART<\/strong> <\/p>\n\n\n\n WPA, or Wi-Fi Protected Access, was a work in progress over many years and is now on its 3rd<\/sup> iteration. Since the dawn of commercial Wi-Fi, the Wi-Fi Alliance has struggled to keep up with the evolving attacks on WEP and WPA. When the first Wired Equivalent Privacy (WEP) standard was released in 1997, with only a 64-bit key, its longevity as a secure protocol was already off to a rocky start and its encryption was quickly broken.[1] The stop gap measure of WPA helped to solve the issue but was replaced with the now dominate standard of WPA2 and was secure until 2018 when the new standard WPA3 was made mandatory for all new Wi-Fi devices. [1] <\/p>\n\n\n\n WPA3: The following is a brief list of improvements on WPA2. [2] <\/p>\n\n\n\n Major security features of the wireless WPA3 protocol. [2] <\/p>\n\n\n\n WPA3 specifications may seem like it is stepping in the right direction to get ahead of the curve for data security. However, they have already suffered setbacks due to side-channel attacks, downgrade attacks, denial of service attacks, and the aptly named Dragon’s Blood Attacks that include a suite of all the previously mentioned attacks. While some devices were fixed with vendor patches, the biggest flaw with WPA3 is the mass of non-upgradable WPA2 devices in the wild. [1] Since WPA2 had a 14-year reign as the leading protocol, billions of devices lack support for the WPA3 standard and are now left vulnerable. <\/p>\n\n\n\n Comparing WPA3 vs WirelessHART<\/strong>\u00a0<\/p>\n\n\n\n Since early 2015 the FieldComm Group has been working with leading process end users, manufacturers, universities and research organizations to direct the development, incorporation, implementation and set the standard for communication technologies such as HART and Foundation Fieldbus for the process industries.<\/p>\n\n\n\n The security standard for Wi-Fi products and implementation building on the IEEE 802.11 architecture is set by Wi-Fi Alliance\u00ae, a worldwide network of companies that lead and develop industry-agreed standards for Wi-Fi\u00ae.<\/p>\n\n\n\n For starters, WirelessHART operates with an 802.15.4 radio while Wi-Fi uses an 802.11 radio. The 802.15.4 architecture supports low power short range wireless implementation, while the 802.11 supports wider range wireless solutions.<\/p>\n\n\n\n The WirelessHART uses enterprise WPA2 with Extensible Authentication Protocols to authenticate users. Whereas WPA3 uses Simultaneous Authentication of Equals (SAE) to provide stronger defenses against password guessing. SAE is a well-known secure key establishment protocol.<\/p>\n\n\n\n The encryption algorithm used in WirelssHART is AES with a 128-bit key length (16-bytes). The AES algorithm encrypts information and validates the data sent. This concept is called Data Integrity and is achieved using a Message Integrity Code (MIC), also named Message Authentication Code (MAC), that is appended to the message. This code ensures integrity of the MAC header and payload data attached. It is created encrypting parts of the IEEE MAC frame using the key to the network, so if we receive a message from a non-trusted node, we will see that the MAC generated for the sent message does not correspond to the one that would be generated using the message with the current secret key, so we can discard this message. The MAC has a length of 128-bits; however, it is always created using the 128-bit AES algorithm. Its size is just the bits length which is attached to each frame. The larger the more secure it is, although the message can take less payload. Data Security is performed encrypting the data payload field with the 128-bit key. Whereas the WPA3 Standard allows for up to 192-bit cryptographic strength (AES-256 in GCM mode with SHA-384 as HMAC) preventing unauthorized eavesdropping or data manipulation of any of the communications.<\/p>\n\n\n\n WirelessHART is a low-power wireless protocol used to transmit relatively small amounts of data while Wi-Fi can be used to transfer large amounts of data, including video streams and large file transfers. Another major area where WirelessHART differs from Wi-Fi is the fact that the security mechanisms cannot be disabled in WirelessHART. In Wi-Fi, although not advised, a user could disable security features and operate without any encryption or authentication whatsoever.<\/p>\n\n\n\n Concerns<\/strong><\/p>\n\n\n\n According to the technical note 00840-0300-6129, Rev AA published by Emerson in October 2017, to clear the air on the WPA2 vulnerability. Emerson tried to differentiate the WirelessHART from the Wi-Fi in its defense mechanism for WPA2 vulnerability to Key Reinstallation Attack (KRAK) which are Wi-Fi vulnerabilities discovered by two Belgian researchers. This vulnerability abuses design or implementation flaws in WPA2 cryptographic scheme which is also used by HART to reinstall an already-in-use or predictable key. Depending on the specific vulnerabilities that are exploited, an attacker can decrypt network information allowing the attacker to read contents of messages, inject malicious content, pose as a legitimate access point, or perform other nefarious activities. [5].<\/p>\n\n\n\n In defense, Emerson also encourages a good patch and update management program for end-users. The provided patches prevent key reuse and will be backwards-compatible. This means patched clients can communicate with unpatched access points and vice-versa, however both the client and access points have to be patched to prevent against the attacks.<\/p>\n\n\n\n Emerson has also advised the use of other encrypted protocols, such as Hyper Text Transfer Protocol Secure (HTTPS), as an added layer of protection. HTTPS was designed to work over an untrusted channel with no encryption and should be used when possible. Also, using a Virtual Private Network (VPN) can offer additional protection against these attacks. Finally, using a wired connection for sensitive traffic eliminates these concerns.<\/p>\n\n\n\n Conclusion and Recommendation<\/strong><\/p>\n\n\n\n Our research is currently ongoing. We will present our conclusion and recommendations in a final presentation.<\/p>\n\n\n\n References<\/strong> <\/p>\n\n\n\n 1. Sagers, G. (2021). Wpa3: The greatest security protocol that may never be. 2021 International Conference on Computational Science and Computational Intelligence (CSCI), 1360\u20131364. https:\/\/doi.org\/10.1109\/CSCI54926.2021.00273<\/a> <\/p>\n\n\n\n 2. Fi Alliance File Download<\/em>. Wi. (n.d.). Retrieved January 25, 2023, from https:\/\/www.wi-fi.org\/downloads-public\/WPA3%2BSpecification%2Bv3.1.pdf\/35332<\/a> <\/p>\n\n\n\n 3. Wirelesshart Security Overview – Emerson Electric<\/em>. (n.d.). Retrieved January 26, 2023, from https:\/\/www.emerson.com\/documents\/automation\/white-paper-wirelesshart-security-overview-by-hcf-en-42578.pdf<\/a> <\/p>\n\n\n\n 4. Wirelesshart unaffected by recent WPA2 vulnerabilities – emerson<\/em>. (n.d.). Retrieved January 27, 2023, from https:\/\/www.emerson.com\/documents\/automation\/security-notification-wirelesshart-unaffected-by-recent-wpa2-vulnerabilities-techical-note-en-1730306.pdf<\/a>\u00a0<\/p>\n\n\n\n 5. Wirelesshart unaffected by recent WPA2 vulnerabilities – emerson<\/em>. (n.d.). Retrieved January 28, 2023, from https:\/\/www.emerson.com\/documents\/automation\/security-notification-wirelesshart-unaffected-by-recent-wpa2-vulnerabilities-techical-note-en-1730306.pdf<\/a> \u00a0<\/p>\n","protected":false},"excerpt":{"rendered":" by Stephen Penner, Ben Etukudoh, Oluchi Henry-Ucheonwu, Julie Stiehl (edited) Introduction This is our first attempt to explore the world of WirelessHART, to have a clearer perspective of what it is and how it works with a focus on data integrity and security. We also examine this protocol with reference to Wi-Fi alliances latest standards … <\/p>\n![\"\"](\"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-content\/uploads\/sites\/119\/2023\/01\/wireless-hart-5.png\")
<\/figure>\n<\/figure>\n\n\n\n![\"\"](\"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-content\/uploads\/sites\/119\/2023\/01\/wireless-hart-1-1.png\")
<\/figure>\n<\/figure>\n\n\n\n\n
\n
\n
\n
![\"\"](\"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-content\/uploads\/sites\/119\/2023\/01\/wireless-hart-2.png\")
<\/figure>\n\n\n\n\n
\n