Maintaining security by changing network keys in WirelessHART

Security is built in to all WirelessHART transmissions. All data is encrypted at both the data link layer and the transport layer. Using 126-bit AES encryption at multiple layers and routinely changing the keys makes a WirelessHART network a tough nut to crack.

Data Link Encryption

The network key is used at the data link layer. To keep it secure, it must be protected from unauthorized devices trying to join the network. All broadcast advertisements to join a network and all requests to join are transmitted using the well-known key identical for all WirelessHART devices. (This key is 7777 772E 6861 7274 636F 6D6D2E6F 7267 hexadecimal. This is the HART Foundation’s 16 character web address www.hartcomm.org in ASCII.)

The only part of the data link protocol data unit (DLPDU) encrypted is a 4-byte Message Integrity Code (MIC). Using the CCM* algorithm, the MIC is generated from the well-know key until devices join the network. Once a device is authenticated and allowed to join the network, the network manager sends the network key to the new device.

Transport Layer

For a new device requesting to join the network, the transport layer is encrypted with a join key which is either unique to the network or to the device. The join key is what allows the network manager to authenticate the new device. It also keeps any other device from being able to decipher the request to join or the network manager’s reply.

Just as the well-known key is replaced by the network key, the join key is replaced by a unique session key. Since session keys are unique for any transmission between two devices in a WirelessHART network, only the sender and receiver are able to decode the session data.

Changing the network key

The security manager is responsible for creating and storing the keys used in the network. The security manager works with the network manager in a server-client architecture. They must be joined by a secure connection. The security manager may be connected to several WirelessHART networks or even a variety of networks utilized for plant automation.

The security manager may be programmed to change the network key on a regular basis or may receive external instructions to do so. It will create a new key which it transmits to the network manager. The network manager then sends a broadcast to all the devices on the network to update the network key. Each device must send an acknowledgement to the network manager.

Like a fraternity

It’s like joining a fraternity. You first have to be invited, and someone has to tell where to go and the password to enter. If you don’t know where to go (well-known key), or the password (join key), you can’t get in.

Once you are accepted, you get a key to the frat house. Every now and then, it becomes necessary to change the locks and issue all the brothers a new key. The secretary of the fraternity (security manager) tracks who has a key and when the locks need to be changed. The fraternity president (network manager) issues the keys.

This entry was posted in Security:, WirelessHART Blog. Bookmark the permalink.