INTRODUCTION
KEYING IN WIRELESSHART
3.1.1 Join Key: This is the first and the basic key needed by any device in a
The WirelessHART network facilitates device connectivity through a secure process involving a unique join key, which is entered using a handheld device while disconnected from the network This join key serves as an ID number, ensuring that it remains confidential and is not shared with other devices or network managers It establishes end-to-end security between the device and the network manager Upon first connection, the network manager authenticates the device using its join key and subsequently writes the network key and session key to the device Additionally, the network manager has the authority to change the device's join key once it is integrated into the network.
3.1.2 Session Key: Session keys are used to provide end-to-end security between devices in a network Four session keys are required to establish: i) A unicast session between the gateway and the device ii) A unicast session between network manager and the device iii) Broadcast session from the gateway to all the devices iv) Broadcast session from the network manager to all the devices
After a device verifies itself using its join key, both the session key and network key are written into the device During this process, the device is exclusively connected to the network manager, and it can only start communicating with other devices once it receives the gateway session key With the session key, the device can communicate through the gateway or network manager, which decrypts the key to identify the destination device and then re-encrypts the data for transmission The destination device, having its own session key, decrypts the information sent by the gateway/network manager to access the data successfully.
3.1.3 Network Key: WirelessHART secures the transactions between two devices by providing Per-hop security The data on its journey towards the destination passes through many hops, as all the devices in the network act as a router The medium of communication in a wireless network is air and a network key secures the air interference There is a single network key that is used by all the devices in the network that protects the Data-link layer PDU Network manager is the one that has the capability to initiate the network key write command to a device and the network key is provided to a device only after it successfully joins the network Network manager can later manage the network key by using the required commands.
3.1.4 Handheld Key: The handheld devices behave just like any other device in a
WirelessHART networks utilize handheld devices for installation and maintenance tasks These devices connect to field devices via maintenance ports, serving as input mediums for device upkeep However, when a handheld device connects to a field device, it does not automatically gain access to the network; it must use a join key to successfully join the network.
A handheld key is assigned to a handheld device when it connects directly to a specific field device without the need for an intermediate gateway, establishing a peer-to-peer connection To initiate this communication, the handheld device requests a session from the network manager, who issues the handheld key after the device joins the network using a join key Additionally, a handheld superframe is necessary for maintaining the connection between the wireless devices.
3.1.5 Well-known Key: A 128-bit key generated by automatic encryption standard
AES is utilized to secure both the Network layer and Data-link layer Protocol Data Units (PDUs) When a device attempts to connect to a WirelessHART network, it employs a join key to gain access, which safeguards the Network layer PDU However, at the time of joining, the device lacks a network key essential for protecting the Data-link layer PDU; therefore, a Well-Known key serves as the network key during this initial phase.
The decision to use (7777 772E 6861 72 636F 6D6D 2E6F 7267) is determined by the specifier bit, specifically the third bit in the Data-link layer Protocol Data Unit (PDU) If this bit is not activated, the Well-Known key will be utilized instead.
In a WirelessHART network, keys are essential for ensuring security, with key management overseen by the security manager The distribution and assignment of these keys are handled by the network manager Below, we explore the key management techniques and their associated limitations.
3.2.1 Key Generation: There are no specific requirements for key generation in
WirelessHART specifies that the security manager is tasked with key generation, while the network manager supplies the password for verification Key generation utilizes AES, and the methodology for creating different keys may vary based on the required security level.
3.2.2 Key Storage: The security manager is responsible for the storage of all the keys safely All the keys are stored in safe storages that are protected by storage level passwords and the security administrator is responsible for the storage of these passwords Network manager or security manager manages the passwords in the storage, who manages the passwords depends on the level of trust amongst them The security manager stores the following information for every key that is generated:
3.2.3 Key Distribution: The network manager is responsible for the distribution of keys to the devices and it should be the only one to provide keys to wireless network The table below shows the commands used to manage the keys:
Session Key Command 963 (write session)
Network Key Command 961 (Write network key)
Handheld Key Command823 (Request session)
Join key Command 768 (Write join key)
3.2.4 Key Renewal: Key renewal is very important part in key management since any key’s security can be breached over time or brute-force attack So the keys should be changed frequently and the changes should be automatic to avoid possible errors made by humans The commands used to change the keys are shown in table 4.1; these commands will override the existing keys Drawback in key renewal is that the join key is used to change the session key and the unicast key changes the join key, both being interdependent can be revealed when either one of them is compromised.
3.2.5 Key Revocation: The process of deactivating or removing or deleting a key from a device is called key revocation This is necessary because when a device is no longer part of a particular network it should not have any secrets or information related to that network Except for the network key all the other keys are device specific When a device is disconnected or captured legally or illegally the device should have a capability to self-destruct [8] itself or all the data in it should be blanked automatically to keep the network away from threats The only information a device carries before joining a network is its join key and the other keys are given to it only after that, so when the device leaves the network its join key should automatically be invalidated to secure the network.
3.2.6 Key Vetting: Key vetting is a process that verifies and authenticates the keys This concept is similar to authenticating the certificates but here the device status is checked and reported to the main control system.
ADVANCED ENCRYPTION STANDARD
In our WirelessHART project, we utilize the Advanced Encryption Standard (AES) for data security, as it is a widely recognized algorithm among various encryption methods, including the Data Encryption Standard (DES) and RSA algorithms.
1) It has strong resistance against all known attacks as it uses a minimum of 10 rounds for generating cipher text The number of rounds is not fixed; they are varied according to the security level and size of the key.
2) As it is symmetric algorithm the operation is faster compared to other cryptography algorithms The round transformation is parallel by design; this makes all the round calculations faster, which generates output block.
3) Compared to other cryptographic algorithms the AES algorithm has a simple design.
4) It is hard to crack AES because it uses different steps like shifting, mixing and adding schedule keys.
5) Guarantees high diffusion over multiple rounds.
6) Corresponds to the parallel application of S-boxes that have optimum worst-case non-linearity properties.
7) Finally the AES is well suited to be implemented efficiently on a wide range of processors and in dedicated hardware typical for a PC.
The decryption algorithm implementation starts when the data to be decrypted is received by the device in the network The received data is divided into equal blocks of 128,192 or
In our project, we utilize a 128-bit key size, which divides the received data into a 4x4 matrix, with each element consisting of 8 bits The first column of the matrix contains the initial 32 bits of the data The data block length (Nb) is defined as the number of 32-bit words per block, set at 4 for 128-bit data The key length (Nk) corresponds to the number of 32-bit words in the key, with values of 4, 6, and 8 for key lengths of 128, 192, and 256 bits, respectively The number of decryption iterations increases with the key length, requiring 10 rounds for 128 bits, 12 rounds for 192 bits, and 14 rounds for 256 bits.
INVERSE SUB-BYTE INVERSE SHIFT ROWS
The decryption of encrypted data at the destination device occurs by reversing the encryption process This reverse transformation involves four essential steps to accurately retrieve the original information.
4) Inverse Add round key transform.
4.3.1 Inverse Shift Rows Transform: In this transform the rows in the data matrix are shifted right in the circular shift method The rows in the matrix are shifted such that the first row is not shifted; the second row is shifted right by one element, third row by two and fourth row by three elements The inverse shift rows transform is best illustrated by figure 4.2. xxxv
Figure 4.2 Inverse Shift Rows Transform Circular Right Shift [12]
4.3.2 Inverse Sub-bytes Transform: In the inverse sub-byte transformation each element of the matrix obtained from the inverse shift-row transform step is replaced by a corresponding element from the inverse sub-byte substitution table provided by the AES in figure 4.3.
Figure 4.3 AES Specified Inverse Substitution Matrix [12]
4.3.3 Inverse Mix-column Transform: The inverse mix-column transform is simply the inverse of the mix-column transform performed in the encryption of data This transform is performed on each column of the matrix obtained from the previous transform step separately In this transformation step the matrix obtained after the inverse sub-bytes transformation is multiplied by a standard matrix (in fig 4.4) provided by AES All the other operations are performed similar to the mix-column transform step in the encryption of data xxxvii
Figure 4.4 AES Standard Matrix for Inverse Mix-Column Transforms [12]
4.3.4 Inverse Add Round Key Transform: The inverse add round key transform is performed by inversing the round key matrix obtained from add round key transform of encryption And XOR this matrix with the matrix obtained from the inverse-mix column transform Some of the transformation steps in both the encryption and decryption of the data can be interchanged with respect to their order The sub-byte transformation and matrix-row shift transform can be interchanged in the encryption This can also be done for Inverse sub-byte and inverse shift-row transform in decryption.
DESIGN AND IMPLEMENTATION
WirelessHART, standardized in 2007, is rapidly emerging as a key network technology, with over 30 companies actively developing related products The industry faces challenges such as enhancing speed and reducing the production costs of firmware, radios, gateways, and adapters Our research indicates that WirelessHART operates as a layered protocol, with the Data Link Layer playing a crucial role This project aims to design a security system within the Data Link Layer, enabling the integration of this design logic into chips, including ASICs and FPGAs.
1) 128-bit inverse key is used for decryption to generate plain text from cipher text.
2) The data input which comes from the test bench is considered as four words in size so that decryption is performed correctly.
3) The inverse sub-byte matrix which is used in decryption is generated from Verilog test bench and is not used for synthesis.
4) Xilinx Virtex FPGA (Model: XC5VLX30-1FF324C) is used for implementation
5) The cipher text is assumed as serial data input for our design. xxxix
5.2 Tools, Languages and Environments Used:
1) Modelsim XE III 6.4b is used for simulation of our design Modelsim is an RTL design and simulation tool developed by Mentor Graphics.
2) VCS Synopsys is used for synthesis of our design after simulation is done and the design is optimized.
3) Virtex board comes with a mounted FPGA on the board This FPGA is used to dump the RTL code
4) ISE Project Navigator is used for configuring the FPGA on virtex board ISE project navigator is developed by Xilinx.
5) The programming language used for RTL design is Verilog HDL.
6) TCL is used for writing and running scripts.
7) Windows and UNIX operating systems are used in various phases of our project.
We used a Virtex-5 FPGA for our project The features are as follows:
1 It has five platforms LX, LXT, SXT, TXT, and FXT.
2 It is cross-platform compatible.
3 Power clock management tile (CMT) clocking.
5 High-performance parallel select IO technology.
8 System monitoring capability on all devices.
9 Integrated endpoint blocks for PCI express designs.
10 Tri-mode 10/100/1000 Mb/s Ethernet MACs.
11 Rocket IO GTP transceivers 100 Mb/s to 3.75 GB/s and 150 Mb/s to 6.5 Gb/s.
13 65-nm copper CMOS process technology. xli
14 High signal-integrity flip-chip packaging available in standard or Pb-free package options.
There are five phases in our project, they are:
5.4.1 Block Diagram: The block diagram (Figure 5.2) shows how the data is decrypted in the message handling module The data comes into the DUT from the test bench in the form of 32-bit data blocks These 32-bit chunks are passed to the inverse mix column module After the inverse mix column transform is performed the resulting data is transferred to inverse shift rows block The data is then transferred to inverse sub-byte block where each 8-bit is replaced by the values from inverse sub-byte table as shown in figure 4.3 Then the inverse add round key module performs the generation and addition of inverse key This process is continued for ten rounds in the top module and the resulting data is the original transmitted data after ten rounds of transforms
Figure 5.2 Block Diagram for Decryption xliii
5.4.2 Finite State Machine (FSM) for Data Decryption: The operation of the FSM for data decryption has the same number of states as that of encryption In S1 ciphertext is XORed with key schedule bytes which are generated using test bench In S2 inverse sub- byte matrix is generated from inverse substitution matrix In S3 inverse row-shift operation takes place and in S4 plain text is generated when round key reaches ten
Figure 5.3 Finite State Machine for Decryption
5.4.3 Simulation: Simulation of a design is performed after the RTL coding is done in
Verilog is utilized to verify logic designs, with Modelsim serving as the simulation tool A test bench is created to ensure the logical behavior of the design is accurate Modelsim offers capabilities to generate simulation results in a Word file and visualize waveforms using the DVE command The waveforms for the inverse sub-byte matrix, decryption finite state machine, and inverse substitution matrix are illustrated in Figures 5.4, 5.5, and 5.6, respectively.
Figure 5.4 Output of Inverse Sub-byte Matrix xlv
5.4.4 Synthesis: The process of optimizing and converting the required logic behavior of the design into logic gates is termed as logic synthesis Synthesis enables us to take the design from RTL level to chip level A design can be dumped into the FPGA after it is simulated and synthesized In our project Synopsys VCS is used to perform synthesis of our design. xlvii
Figure 5.7 Script for Importing Synopsys Libraries
Figure 5.7 illustrates the process of a TCL script that imports the symbol library, target library, and link library to synthesize RTL code into a gate-level design The synthesizer utilizes gate delays and gate sizes from the symbol library to generate the gate circuit effectively.
The figures 5.8 and 5.9 are the synthesized outputs generated by the VCS Synopsys tool using the above script The timing, area and attribute reports are included in the appendixA.
Figure 5.8 Synthesized Gate Level Output
Figure 5.9 Synthesized Gate Level Output (zoomed) xlix
5.4.5 Configuration: In this phase we have dumped the synthesized code in to the
FPGA using Xilinx ISE Project Navigator
The Virtex-5 FPGA, as illustrated in Figure 5.10, features 220 I/O pins and is equipped with 4,800 configurable logic blocks (CLBs), along with 16.4 Mbits of integrated block memory The tools utilized for synthesis, simulation, and design enhance its performance and versatility.
A robust security system has been developed to safeguard the WirelessHART network, leveraging extensive research on the HART protocol and wireless HART implementation The project involved the application of various algorithms and key management techniques, with the AES algorithm being a focal point We utilized Verilog programming within the Modelsim IDE to implement the AES algorithm, which serves both to encrypt and decrypt data By integrating key management strategies with the AES algorithm, we significantly enhanced security and ensured safer transactions at the Data-link layer of the WirelessHART network.
Numerous attempts to decrypt the received data faced challenges, particularly with the inverse mix-column operation After overcoming this hurdle, we encountered another issue related to the configuration of the FPGA used in our project Subsequently, we addressed bugs in the algorithms implemented, which were resolved over time Representing the data bits in matrix form proved beneficial, as matrix manipulation offers various methods and simplifies operations.
Our successful implementation of a WirelessHART network was largely due to our early decision to use Verilog HDL for the AES algorithm This choice simplified the simulation process, allowing us to easily identify and rectify any errors in our program Unlike previous attempts that utilized various algorithms and programming languages for data encryption, our approach stands out for its ease of implementation and maintenance The WirelessHART network's control system effectively manages these algorithms, enhancing both efficiency and reliability.
This initiative aims to enhance the security of WirelessHART communication networks By focusing on the implementation of the AES algorithm through Verilog, we strive to make WirelessHART a more reliable and efficient networking solution.
APPENDIX A Simulation Results Inverse Shift Row Results
Compiler version Y-2006.06-SP1; Runtime version Y-2006.06-SP1; May 5 10:23 2010
Inverse shift row Values after First Round
VCD+ Writer Y-2006.06-SP1 Copyright 2005 Synopsys Inc.
20subin=9ff59f, inverseshiftrows =ca4ea7 inverseshiftrows Values after Second Round
60subin11702f, inverseshiftrows bb9aa1 inverseshiftrows Values after Third Round
100subin70495, inverseshiftrows 8bfc0 inverseshiftrows Values after Fourth Round
140subin_15554c, inverseshiftrows _998a4c inverseshiftrows Values after Fifth Round
180subin7dd4f, inverseshiftrows 7d490 inverseshiftrows Values after Sixth Round
220subin06d23, inverseshiftrows c3950 inverseshiftrows Values after Seventh Round
260subin[fb12c7, inverseshiftrows [36e3f0 inverseshiftrows Values after Eighth Round
280subin4fb73, inverseshiftrows 90ee0 290subinW67cbe0, inverseshiftrows W74222d 300subin90e2d, inverseshiftrows 7fb68 inverseshiftrows Values after Ninth Round
310subinbe1a69, inverseshiftrows 61ca9b 320subinad739b, inverseshiftrows be8b45 330subin9ca45, inverseshiftrows d1a61 340subin618b61, inverseshiftrows c97369 inverseshiftrows Values after Final Round
350subinc53e08c, inverseshiftrows ccab704 360subin 60e104, inverseshiftrows 53d051 370subin0b751, inverseshiftrows 0e0e7 380subincad0e7, inverseshiftrows 70e18c
CPU Time: 0.020 seconds; Data structure size: 0.0Mb Wed May 5 10:23:01 2010 lv
Compiler version Y-2006.06-SP1; Runtime version Y-2006.06-SP1; May 5 03:09 2010
InverseSubbyte Values after First Round
VCD+ Writer Y-2006.06-SP1 Copyright 2005 Synopsys Inc.
InverseSubbyte Values after Second Round
InverseSubbyte Values after Third Round
InverseSubbyte Values after Fourth Round
InverseSubbyte Values after Fifth Round
InverseSubbyte Values after Sixth Round
InverseSubbyte Values after Seventh Round
InverseSubbyte Values after Eighth Round
InverseSubbyte Values after Ninth Round
InverseSubbyte Values after Final Round
CPU Time: 0.020 seconds; Data structure size: 0.0Mb Wed May 5 03:09:12 2010 lvii
[1] HART Communication Foundation http://www.hartcomm.org/ (2010-03-17)
[2] W Simpson, “PPP in HDLC Framing” Network Working Group, Request for Comments (RFC): 1549; December 1993
[3] Morris Dworkin, “Recommendation for Block Cipher Modes of Operation: The
CCM Mode for Authentication and Confidentiality” NIST Special Publication 800-
38C; NIST Technology Administration, US Department of Defense.
[4] Frequency Hopping Spread Spectrum (FHSS) http://en.wikipedia.org/wiki/Frequency- hopping_spread_spectrum (2010-03-04)
[5] Jianping Song, et al., “WirelessHART: Applying Wireless Technology in Real-Time
Industrial Process Control” IEEE Real-Time and Embedded Technology and
[6] Yih-Chun Hu, et al., “Wormhole Attacks in Wireless Networks” IEEE JOURNAL
ON SELECTED AREAS IN COMMUNICATIONS, VOL 24, NO 2, FEBRUARY 2006.
[7] Christopher Alberts, at al., “Managing Information Security Risks: The OCTAVE
Approach”., Addison Wesley July 09, 2002 (ISBN: 0-321-11886-3)
[8] Hiran Kumar, et al., “Security Threats in Wireless Sensor Networks” IEEE A&E Systems Magazine, June 2008.
[9] William Stallings, Data and Computer Communications, 8th Edition Page 713
[10] Leung C, “Evaluation of the Undetected Error Probability of Single Parity-Check