Đăng ký
  1. Trang chủ
  2. » Kỹ Thuật - Công Nghệ

Iec pas 62948 2015

184 0 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

I E C P AS 62 48 ® Edition 201 5-04 P U B LI C LY AVAI LAB LE S P E C I F I C ATI ON P RE -S TAN D ARD colour i n sid e I n d u s tri al n etworks – Wi rel ess com m u n i cati on n etwork an d com m u n i cati on IEC PAS 62948:201 5-04(en) profi l es – WI A-F A T H I S P U B L I C AT I O N I S C O P YRI G H T P RO T E C T E D C o p yri g h t © I E C , G e n e v a , S wi tz e rl a n d All rights reserved Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either IEC or IEC's member National Committee in the country of the requester If you have any questions about I EC copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or your local I EC member National Committee for further information IEC Central Office 3, rue de Varembé CH-1 21 Geneva 20 Switzerland Tel.: +41 22 91 02 1 Fax: +41 22 91 03 00 info@iec.ch www.iec.ch Ab ou t th e I E C The I nternational Electrotechnical Commission (I EC) is the leading global organization that prepares and publishes I nternational Standards for all electrical, electronic and related technologies Ab o u t I E C p u b l i ca ti o n s The technical content of IEC publications is kept under constant review by the IEC Please make sure that you have the latest edition, a corrigenda or an amendment might have been published I E C Catal og u e - webstore i ec ch /catal og u e The stand-alone application for consulting the entire bibliographical information on IEC International Standards, Technical Specifications, Technical Reports and other documents Available for PC, Mac OS, Android Tablets and iPad I E C pu bl i cati on s s earch - www i ec ch /search pu b The advanced search enables to find IEC publications by a variety of criteria (reference number, text, technical committee,…) It also gives information on projects, replaced and withdrawn publications E l ectroped i a - www el ectroped i a org The world's leading online dictionary of electronic and electrical terms containing more than 30 000 terms and definitions in English and French, with equivalent terms in additional languages Also known as the International Electrotechnical Vocabulary (IEV) online I E C G l os sary - s td i ec ch /g l oss ary More than 60 000 electrotechnical terminology entries in English and French extracted from the Terms and Definitions clause of IEC publications issued since 2002 Some entries have been collected from earlier publications of IEC TC 37, 77, 86 and CISPR I E C J u st Pu bl i s h ed - webstore i ec ch /j u stpu bl i sh ed Stay up to date on all new IEC publications Just Published details all new publications released Available online and also once a month by email I E C C u stom er S ervi ce C en tre - webstore i ec ch /csc If you wish to give us your feedback on this publication or need further assistance, please contact the Customer Service Centre: csc@iec.ch I E C P AS 62 48 ® Edition 2.0 201 5-04 P U B LI C LY AVAI LAB LE S P E C I F I C ATI ON P RE -S TAN D ARD colour i n sid e I n d u s tri al n etworks – Wi rel ess com m u n i cati on n etwork an d com m u n i cati on profi l es – WI A-F A INTERNATIONAL ELECTROTECHNICAL COMMISSION ICS 25.040.40; 35.1 00.01 ISBN 978-2-8322-2477-9 Warn i n g ! M ake su re th a t you obtai n ed th i s pu bl i cati on from an au th ori zed d i s tri bu tor ® Registered trademark of the International Electrotechnical Commission –2– I EC PAS 62948: 201 © I EC 201 CONTENTS FOREWORD Scope Norm ative references Terms, definitions, abbreviations, and conventions Terms and definitions Abbreviations 3 Conventions Data coding 20 Overview 20 Basic data type coding 21 I nteger coding 21 2 Unsigned coding 21 Float coding 22 4 Octetstring coding 23 Bit Field coding 23 TimeData coding 23 KeyData coding 23 Structured data type coding 24 Structure type coding 24 List type coding 24 WI A-FA overview 24 Device types 24 Host computer 24 Gateway device 24 Access device 24 Field device 25 Handheld device 25 Network topology 25 Protocol architecture 26 System managem ent 28 Overview 28 Device Management Application Process 28 Network m anager 31 2 Security m anager 31 Network m anagem ent module 31 Security m anagement module 31 DM AP state m achines 31 Addressing and address assignment 42 Comm unication resource allocation 42 General 42 Communication resource allocation 43 Joining and leave process of field device 44 Joining process of a field device 44 Communication resource allocation to field device 45 Leaving process of a field device 45 6 Network performance m onitoring 46 I EC PAS 62948:201 © I EC 201 –3– 6 Device status report 46 6 Channel condition report 47 Management inform ation base and services 47 Managem ent information base 47 MI B services 57 Ph ysical layer 61 General 61 General requirements based on I EEE STD 802 1 -201 61 Additional requirements 62 General 62 Frequency band 62 3 Channel bitm ap 62 Transm ission power 63 Data rate 63 Data Link Layer 64 General 64 Protocol architecture 64 WI A-FA superfram e 64 Communication based on multiple access devices 67 Time synchronization 68 Aggregation/Disaggregation 69 Retransm ission 70 Data link sub-layer data services 73 General 73 2 DLDE-DATA request prim itive 73 DLDE-DATA indication primitive 74 Time sequence of DLL data service 75 Data link sub-layer m anagem ent services 76 General 76 Network discovery services 76 3 Time synchronization services 78 Device j oining services 80 Device status report services 83 Channel condition report services 85 Remote attribute get services 86 8 Remote attribute configuration services 90 Device leaving services 93 DLL frame formats 94 General frame format 94 Date frame form at 96 Aggregation fram e form at 96 4 NACK fram e form at 97 GACK frame format 97 Beacon frame format 97 Join request frame form at 98 8 Join response frame form at 98 Leave request fram e form at 98 Device status report frame format 99 1 Channel condition report fram e form at 99 –4– I EC PAS 62948: 201 © I EC 201 Time synchronization request frame format 99 Time synchronization response fram e form at 99 4 Remote attribute get request frame format 00 Remote attribute get response frame format 00 Remote attribute set request frame form at 01 Remote attribute set response fram e format 01 Data link layer state machines 01 DLL state machine of access field 01 DLL state machine of field device 05 Functions used in DLL state transitions 1 Wired specifications between GW and AD 1 Overview 1 Join process of access device 1 Frame form ats between GW and AD 1 1 Application Layer 1 1 Overview 1 AL protocol stack 1 AL functions 1 Data function 1 Managem ent function 1 3 Communication m ode 1 Application data 1 General 1 Process data 1 Event data 1 User application process 1 General 1 User application object 1 I O data im ages on gateway device 1 Alarm mechanism 20 5 Application configuration process 20 Application services 26 Confirm ed services and unconfirm ed services 26 READ service 27 WRITE service 28 PU BLI SH Service 29 REPORT Service 30 6 REPORT ACK 31 Application sublayer 32 Overview 32 ASL data service 32 ASL packet format 35 1 Security 55 1 General 55 1 1 Security m anagem ent architecture 55 1 Security functions 56 1 Keys 56 1 Security services 57 1 General 57 I EC PAS 62948:201 © I EC 201 –5– 1 2 Key establish service 58 1 Key update service 60 1 Security alarm service 62 1 Secure join 64 1 General 64 1 Secure join process of FD 64 1 Key m anagem ent 65 1 General 65 1 Key establish process 65 1 Key update process 66 1 DLL secure communication 68 1 Security alarm 69 1 Secure fram e format 69 1 General secure DLL frame format 69 1 Secure aggregation frame format 71 1 Key establish request fram e form at 72 1 Key establish response frame format 72 1 Key update request frame format 72 1 Key update response fram e form at 73 1 7 Security alarm request frame format 73 Annex A (informative) Security strategy for WI A-FA network 74 A Risk anal ysis for WI A-FA network 74 A Security principles for WIA-FA network 74 A Security objectives for WI A-FA network 74 A Security grade of WI A-FA network 75 Annex B (informative) Regional modification for compliance with ETSI standards 76 B General 76 B Compliance with ETSI EN 300 440-2 V1 76 B Compliance with ETSI EN 300 328 V1 76 Bibliograph y 80 Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure – Conventions used for state m achines – I nteger coding 21 – Unsigned coding 21 – Single float coding 22 – Double float coding 22 – WI A-FA enhanced star topolog y 25 – OSI basic reference m odel m apped to WI A-FA 26 – Protocol architecture of WI A-FA 27 – Data flow over WI A-FA network 27 – System management schem e 28 1 – DMAP of m anagem ent system 29 – DMAP state machine of gateway device 32 – DMAP state machine of gateway device for each field device 33 – DMAP state machine of a field device 37 – Long address structure of device 42 –6– Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 I EC PAS 62948: 201 © I EC 201 – Joining process of field device 44 – Comm unication resource allocation process for a field device 45 – Passive leave process of a field device 46 – Device status report process of field device 46 – Channel condition report process of field device 47 – BitMap form at 62 – WI A-FA DLL protocol architecture 64 – The template of timeslot structure 65 – WI A-FA default superframe 66 – WI A-FA superframe 66 – The exam ple of WI A-FA devices m ulti-channel comm unication 66 – An example of beacon comm unication based on multiple ADs 67 – Process of one-way tim e synchronization 68 – Process of two-way tim e synchronization 69 – Aggregation frame payload format 70 – Example of retransmission m ode based on N ACK 71 – Example of m ulti-unicast retransmission mode 72 – Example of m ulti-broadcast retransmission mode 72 – Example of GACK-based timeslot backoff m ode 73 – Time sequence of period data service from FD to GW 75 – Time sequence of other data service from FD to GW 75 – Time sequence of data service from GW to FD 76 – N etwork discovery process 78 – Time synchronization process 80 – Device join process 83 – Device status report process 84 – Channel condition report process 86 – Remote attribute get process 89 – Remote attribute set process 93 – Device leave process 94 – General frame format 95 – DLL frame header 95 – DLL frame control format 95 – DLL Date frame format 96 – DLL Aggregation frame format 97 – N ACK frame format 97 – GACK fram e form at 97 – GACK information 97 – DLL Beacon frame format 97 – Shared timeslot count 98 – DLL j oin request fram e form at 98 – DLL j oin request fram e format 98 – DLL leave request fram e format 99 I EC PAS 62948:201 © I EC 201 Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure –7– 59 – DLL Device status report fram e form at 99 60 – DLL Channel condition report fram e format 99 61 – DLL time syn chronization request frame format 99 62 – DLL time syn chronization response fram e format 99 63 – DLL Remote attribute get request fram e form at 00 64 – DLL rem ote attribute get response frame format 00 65 – DLL Remote attribute set request frame format 01 66 – DLL rem ote attribute set response fram e form at 01 67 – DLL state m achine of access device 02 68 – DLL state m achine of field device 06 69 – General frame format between GW and AD 1 70 – AL portions within WI A-FA protocol stack 1 71 – The relationships between U APs and DAPs 1 72 – User application obj ects 1 73 – I m plementation exam ple of I O data images on the gateway device 20 74 – C/S VCR relationships between GW and FDs 22 75 – P/S VCR relationships between GW and FDs 23 76 – P/S VCR relationships between FDs and GW 23 77 – R/S VCR relationships between FDs and GW 24 78 – Configuration process for a field device 25 79 – U AO aggregation and disaggregation process 26 80 – READ request message format 27 81 – READ response( + ) m essage form at 27 82 – READ response(-) m essage format 27 83 – READ Service process 28 84 – WRI TE request message format 28 85 – WRI TE response(-) message format 28 86 – WRI TE Service process 29 87 – PU BLI SH request m essage form at 29 88 – PU BLI SH Procedure from Field Device to Gateway Device 30 89 – PU BLI SH Procedure from Gateway Device to Field Device 30 90 – REPORT request m essage form at 30 91 – REPORT Service process 31 92 – REPORT ACK request m essage form at 31 93 – REPORT ACK response( + ) message format 31 94 – REPORT ACK response(-) m essage form at 31 95 – REPORT ACK Service process 32 96 – ASL general packet form at 35 97 – Format of packet control field 35 98 –Confirm ed service prim itives exchanged between layers 37 99 – U nconfirmed service prim itives exchanged between layers 38 00 – Prim itives invoking for read/ write MI B between layers 39 01 – State transition diagram of AMCL 40 –8– I EC PAS 62948: 201 © I EC 201 Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure 02 – State transition diagram of AM SV 42 03 – State transition diagram of AMPB 46 04 – State transition diagram of AMSB 49 05 – State transition diagram of AMRS 52 06 – State transition diagram of AMRK 52 07 – Security management architecture 55 08 – Life cycle of keys 57 09 – Format of N ONCE 58 1 – Tim e sequence of key establishment 60 1 – Tim e sequence of key updating 62 1 – SecAlarm t_Struct structure 63 1 – Tim e sequence of security alarm 63 1 – Secure join process of field device 65 1 – Key establish process for field device 66 1 – Key update state m achine for FD 67 1 – General secure DLL frame form at 70 1 – Secure aggregation frame format 71 1 – Key establish request frame format 72 20 – Key establish response fram e form at 72 21 – Key update request frame format 72 22 – Key update response fram e form at 73 23 – Security alarm request fram e format 73 B – Timeslot tim ing template 77 Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table – Conventions used for state transitions 20 – Definition of integer data type 21 – U nsigned1 coding 21 – Octetstring coding 23 – Coding of Bit Field data with one octet 23 – Coding of Bit Field data with two octets 23 – Coding of Bit Field data with three octet 23 – N etwork management functions 30 – Security management functions 30 – DMAP state transition of gateway device 32 1 – DMAP state transition of gateway device for each field device 34 – DMAP state transition of a field device 38 – Functions used in DM AP state transition 41 – U nstructured attributes 48 – Structured attributes 50 – Superframe_Struct structure 50 – Link_Struct structure 51 – ChanCon_Struct structure 51 – Device_Struct 52 – 68 – I EC PAS 62948:201 © I EC 201 Table 1 – Key update state transition # Current State Event or condition = > action Next state ASN == New_key KeyActiveSl ot S1 ST1 => Current_key: = N ew_key, ST2 Current_key state: = USI N G Recepti on of New_key && ASN < New_key KeyActiveSl ot S2 ST2 => ST3 New_key state: = BACKUP ASN == New_key KeyActiveSl ot => S3 ST3 Current_key state: = I NVALI D, ST2 Current_key: = N ew_key, Current_key state: = USI N G S4 ST3 ASN > Current_key KeyActiveSlot + KeyU pdateDur && ASN < New_key KeyActiveSLot => ST4 Current_key state: = EXPI RED, ASN == New_key KeyActiveSl ot => S5 ST4 Current_key state: = I NVALI D, ST2 Current_key: = N ew_key, Current_key state: = USI N G ASN > Current_key KeyActiveSlot + KeyU pdateDur && No N ew_key S6 ST2 => ST5 Current_key state: = EXPI RED Recepti on of New_key && ASN > = New_key KeyActiveSlot => S7 ST5 Current_key state: = I NVALI D, ST2 Current_key: = New_key, Current_key state: = USI NG Recepti on of New_key && ASN < New_key KeyActiveSl ot S8 ST5 => ST4 New_key state: = BACKUP Recepti on of New_key && ASN > = New_key KeyActiveSlot => S9 ST2 Current_key state: = I NVALI D, ST2 Current_key: = New_key, Current_key state: = USI NG 1 DLL secure communication DLL shall perform encryption/decryption and integrity check on DLL fram es according to the value of SecLevel in MI B I EC PAS 62948:201 © I EC 201 – 69 – The encryption/decryption and integrity check are performed by CCM * (see I EEE STD 802 4-201 ) The secure DLL frame format is shown in Figure 1 When perform ing encryption/decryption and integrity check, different keys shall be used according to the phase and the frame type shown in Table 1 Table 1 – Keys used in DLL secure communication Phase Before the establishm ent of KEDU an d KEDB After the establishm ent of KEDU an d KEDB Frame type Key type All fram es needs secure protection KS Unicast fram e KEDU Non -agg reg ation broadcast fram e KEDB Aggregati on broadcast fram e KEDU is used for the fram e sent to correspon din g fiel d device i n the agg regation broadcast fram e; KEDB is used for th e wh ole ag gregati on broadcast fram e Before access device sends an aggregation broadcast frame, DLL encrypts and/or calculates MI C for each frame inside the aggregation broadcast fram e using their related KEDUs separatel y, and then, DLL encrypts and/or calculates MI C for the whole aggregation broadcast fram e using KEDB After receiving an aggregation broadcast frame, DLL of field device decrypts and/or checks integrity for the whole aggregation broadcast frame using KEDB, and then, decrypts and/or checks integrity its own fram e in the aggregation broadcast fram e using KEDU 1 Security alarm WI A-FA defines two types security alarm: – Key attacked alarm: the count of the key being attacked is over MaxKeyAttackedN um (see ) in a AttackStatisDur (see ); – Key update tim eout alarm: the key is used over KeyU pdateDur (see ) period and there is no new key available for update Once the security management m odule of field device detects a security al arm event, it shall set the corresponding bit of the Alarm Flag (see Table 20) of the related key to , then invoke the security alarm request prim itive to report the security alarm event and other security alarm events existing in the field device to the security manager in the gateway device periodically according to the AlarmRptDur (see 7.1 ) Once the security m anager in the gateway device receives a security alarm request, it shall update the keys corresponding to the security alarms in the security alarm request immediately Once the key of which the AlarmFlag is not equal to is updated successfull y, its Alarm Flag shall be cleared 1 Secure frame format 1 7.1 General secure DLL frame format Figure 1 shows the general format of secure DLL frame – 70 – I EC PAS 62948:201 © I EC 201 DLPDU 7/8 octets Variable leng th 0/4/8/1 octets octets DLL fram e header DLL payload MI C FCS Figure 1 – General secure DLL frame format – DLL fram e header, see 8.4.1 ; – DLL payload: according to the value of SecLevel in MI B, if encryption is enable, DLL payload shall be encrypted; – MI C: according to the value of SecLevel in MI B, if integrity check is enable, a m essage integrity code is generated to protect DLL frame header and DLL payload, and filled to MI C; – FCS I EC PAS 62948:201 © I EC 201 – 71 – Table 1 shows the available security levels for DLL in WI A-FA T a b l e 1 – Av a i l a b l e s e c u ri t y l e v e l s fo r D L L S e c L e ve l E n c r yp t i o n M I C l e n g th 0/1 Disabl e Disabl e 32 (MI C-32) Disabl e 64 (MI C-64) Disabl e 28 (MI C-1 28) Enabl e Enabl e 32 (MI C-32) Enabl e 64 (MI C-64) Enabl e 28 (MI C-1 28) ( b i ts ) Corresponding to the NONCE form at defined in Figure 09, Ph yAddress field is set to the 64 bits ph ysical address of the field device in unicast comm unication, and is set to in broadcast communication; TimeStam p field is set to the low bytes of the ASN on which the fram e is transmitted or received; SecurityLevel field is set to the value of SecLevel in MI B 1 S e c u re a g g re g a t i o n fra m e fo rm a t Figure 1 shows the form at of secure aggregation fram e T h e fi rs t fra m e V a ri a b /4/8 /1 o cte le /8 octet Field device add re ss th fr a m e V a ri a b /4/8 /1 /4 /8 / o c te le 6 o c te t t l e n g th o c te ts o cte ts s Data lengt h Data sMI C MI C FCS o c te ts t Aggrega ted num ber Th e n … o cte ts o c te ts DLL fram e header … Data lengt h l e n g th Data o c te ts sMI C … Field device add re ss F i g u re 1 – S e c u re a g g re g a t i o n fra m e fo rm a t – – – – – DLL fram e header: see 4.1 ; Aggregation number: see 8.1 5; Field device address: see 5; Data length: see 5; Data: see according to the value of SecLevel in MI B, if encryption is enable, Data shall be encrypted with the KEDU of the field device related to the fram e; – sMI C: according to the value of SecLevel in MI B, if integrity check is enable, a m essage integrity code is generated with the KEDU of the field device related to the frame to protect the Dest Addr , the Data length and the Data of the fram e in the aggregation frame, and filled to sMI C of the frame; – MI C: see 1 7.1 , generated with the KEDB; – FCS For the protection of each frame in the aggregation fram e, the Ph yAddress field in NON CE is set to the 64 bits ph ysical address of the related field device; and for the protection of the whole aggregation frame, the Ph yAddress field in NON CE is set to – 72 – 1 I EC PAS 62948:201 © I EC 201 Key establ ish requ est fram e format Figure 1 shows the format of the key establish request frame 7/8 octets 29 octets 0/4/8/1 octets octets DLL fram e header KeyMateri al MI C FCS Figu re 1 – Key establ ish req u est frame form at – – – – DLL frame header, see 4.1 ; KeyM aterial: key material for key establish, defined in Table 04; MI C: see 1 7.1 ; FCS 1 Key establ ish respon se fram e form at Figure 20 shows the format of the key establish response fram e 7/8 octets octets octet 0/4/8/1 octets octets DLL fram e header KeyI D Status MI C FCS Figu re 20 – Key establ i sh respon se frame format – – – – – DLL fram e header: see 8.4.1 ; KeyI D: the identifier of the key established; Status: the result of key establish, see the param eter Status in Table 06; MI C: see 1 ; FCS 1 Key u pd ate requ est frame form at Figure 21 shows the form at of the key update request fram e 7/8 octets 29 octets 0/4/8/1 octets octets DLL fram e header KeyMateri al MI C FCS Fi gu re 21 – Key u pd ate requ est fram e format – – – – DLL fram e header, see 8.4.1 ; KeyMaterial: key material for key update, defined in Table 04; MI C: see 1 7.1 ; FCS I EC PAS 62948:201 © I EC 201 1 7.6 – 73 – Key update response frame format Figure 22 shows the form at of the key update response fram e 7/8 octets octets octet 0/4/8/1 octets octets DLL fram e header KeyI D Status MI C FCS Figure 22 – Key update response frame format – – – – – DLL fram e header: see 4.1 ; KeyI D: the identifier of the key for update; Status: the result of key for update, see the param eter Status in Table 1 0; MI C: see 1 ; FCS 1 7.7 Security alarm request frame format Figure 23 shows the format of the security alarm request frame 7/8 octets octet Variable length 0/4/8/1 octets octets DLL fram e header SecAlarm Count SecAlarm List MI C FCS Figure 23 – Security alarm request frame format – DLL frame header: see 8.4 ; – SecAlarmCount: the count of security alarms contained in SecAlarm List, defined in Table 1 2; – SecAlarm List: the list of security alarm s, defined in Table 1 2; – MI C: see 1 7.1 ; – FCS – 74 – I EC PAS 62948:201 © I EC 201 An n e x A (informative) S e c u ri t y s tra te g y fo r WI A- F A n e tw o rk A Ri s k a n a l ys i s fo r WI A- F A n e t w o rk As an open system, there are potential inevitable security risks in WI A-FA network Therefore, the necessary security measures m ust be applied to protect the resources within the system and m aintain the norm al production The m ain goal of WI A-FA network security is to protect the norm al operation of the system, to detect attacks in time and respond in tim e, ensuring the safety and m inim izing the loss The data transm ission of WI A-FA network is vulnerable to eavesdrop, manipulation or replay attacks These threats can be divided into two kinds, malicious and non-malicious, including accessing and m anipulating data or inform ation without authentication by using network resource and DoS attack There are three threats: risk from the outside of compan y, risk from the m anagem ent network of the compan y and risk from internal WI A-FA network itself A S e c u ri t y p ri n c i p l e s fo r WI A-F A n e t w o rk According the characteristics of the WI A-FA network, the following security principles are recom mended: – Easy to deploym ent and use; – Minimize hum an-related operations; – Extend battery life, such as reducing the fram e size, using low power encryption technologies, etc.; – Maximize the use of existing encryption and authentication technologies and existing standards A S e c u ri t y o b j e c t i ve s fo r WI A-F A n e t w o rk The obj ectives of security in the WI A-FA network include: – System availability, which refers to ensure the access of the system resources when needed by the legal users; – Data integrity, which refers to m aintaining and assuring the accuracy and consistency of the inform ation; – Device authentication, which is used to authenticate a device; – Confidentiality, which refers to ensure that the system hardware, software, and data can be accessed by legal users onl y; – Key m anagem ent, which refers to key establishm ent and key update I EC PAS 62948:201 © I EC 201 A – 75 – S e c u ri t y g d e o f WI A-F A n e t w o rk The grades of security and measures are shown in Table A T a b l e A – S e c u ri t y g d e s fo r W I A- F A n e t w o rk W I A- F A n e t w o rk s e c u ri t y G d e G d e G d e l e ve l S e c u ri t y m e a s u re -FCS -FCS -Device auth entication -FCS -Device auth enticati on -Encryption an d I ntegrity Check M essag e – 76 – I EC PAS 62948:201 © I EC 201 An n e x B (informative) Re g i o n a l m o d i fi c a ti o n fo r c o m p l i a n c e wi th E T S I s ta n d a rd s B G e n e l WI A-FA restricts the usage of the spectrum to the 2, GH z I SM band, see Clause Additional requirem ents appl y in Europe to wide band radio frequency transm itting equipm ent operating in this 2, GH z I SM band Som e of these European requirements can be m et by com pl ying with two H arm onized Standards from ETSI , EN 300 328 and EN 300 440-2 This Annex B provides additional requirem ents for com pliance of WI A-FA devices operating in the 2,4 GH z I SM band with these two ETSI standards: • • EN 300 440-2 is applicable for equipment (devices) with a m aximum transm it power between dBm and dBm e i r p (see Clause B.2); EN 300 328 is applicable for equipment (devices) with a maximum transmit power between dBm and 00 dBm e i r.p (see Clause B 3) NOTE I n this An nex B, the term “devices” refers to electroni cs with radi os operating according to th e appropri ate standard; th ese inclu de but are not lim ited to gateway d evices, access devices and fiel d devices B C o m p l i a n c e w i t h E TS I E N 0 4 - V1 Table B specifies the additional requirements which allow WI A-FA devices operating in the 2, GH z I SM band to satisfy the transm it power limitation requirements of EN 300 440-2 V1 NOTE EN 300 440-2 V1 i s listed as a Harm onized Stan d ard und er the Radi o Equi pm ent Directi ve 201 4/53/EU Tabl e B P a m e t e r EN – Ap p l i c a b l e E N 300 0 4 - re q u i re m e n t s l i s t 4 -2 V1 Ad d i t i o n a l re q u i re m e n t s re q u i re m e n t s Maxim um Transm it Power B dBm (1 mW) e i r p C o m p l i a n c e w i t h E TS I E N Devices shall be confi gured to em it less than dBm e i r p , that m eans less than dBm electrical power with an antenn a gain of I f th e antenn a gai n is different to , then the resultin g e i r p shall be l ess than dBm by an ad equate electrical power adj ustm ent This req uirem ent overwrites the req uirem ent about electrical power given i n 0 V1 Table B specify the additional requirements which allow WI A-FA devices operating in the 2, GH z I SM band to satisfy various requirem ents of EN 300 328 V1 NOTE EN 300 328 V1 is li sted as a Harm onized Standard under the Radi o Equi pm ent Directive 201 4/53/EU I EC PAS 62948:201 © I EC 201 – 77 – Table B.2 – Applicable EN 300 328 requirements list Parameter EN 300 328 V1 8.1 requiremen ts Additional requirements Maxim um Transm it Power 20 dBm (1 00 mW) e i r p Maxim um Power Spectral Density mW/MHz e i r p The m axim um e i r p of dBm results in a spectral density bel ow mW/MHz as requi red Duty Cycl e, Tx-seq uence, Tx-gap For n on -ad apti ve equi pm ent with m axim um e i r p above dBm : The Maxim um Tx-sequence Ti m e for WI A-FA is identical to m axim um transm ission tim e; the Mi nim um Tx-gap Tim e for WI A-FA is identical to m axim um transm ission tim e Maxim um Tx-Sequ ence Tim e = Minim um Tx-gap Tim e = M Devices shall be confi gured to em it less than dBm ± dBm e i r p accordin g to The Duty Cycle of WI A-FA shall be less than 50 % 3, m s < M < ms Medium Utilization Lim it For n on-ad apti ve equi pm ent with m axim um e i r p above dBm : The Duty Cycle of a WI A-FA device cannot exceed 50 % This results in a M U factor val u e of less than % as req uired Maxim um Medium Utilization factor = % MU = dBm e i r p × 50 % < % For WI A-FA, the transmissions of unicast data, broadcast data, unicast ACK, and broadcast NACK are respectively using one separate tim eslot After transmitting a data that required ACK by a source device, the destination device shall not return ACK during the sam e tim eslot The ACK is returned by using aother timeslot that is carefull y scheduled The transm ission method of N ACK is the same as that of ACK I n brief, the transm ission of an ACK or a N ACK is the same as that of general data The timeslot tim ing template of WIA-FA is defined in Figure B Tim eslot tim ing definitions and calculations are shown in Table B The maximum transmission time for a WI A-FA packet is listed in Table B 3, Table B 4, Table B 5, and Table B according to different ph ysical layer The Maximum Tx-sequence Tim e (defined in ETSI EN 300 328 V1 8.1 ) for WI A-FA is identical to the maximum transmission tim e (TxMaxPH YPacket in Figure B ); the Minim um Tx-gap Tim e (defined in ETSI EN 300 328 V1 ) for WI A-FA is identical to the m axim um transmission tim e (TxMaxPH YPacket in Figure B ) compliant with ETSI EN 300 328 V requirements Timeslot timing TxMaxPHYPacket TxMaxMPDU TsCCAOffset TxCCATime RxTxTurnaroundTime PreambleLength PLCPheaderLength Figure B.1 – Timeslot timing template – 78 – I EC PAS 62948:201 © I EC 201 Table B.3 – Timeslot timing definitions and calcu lations Symbol Defini tion FHSS Required value DSSS/HRDSSS Required value OFDM Required valu e 20M 0M 5M TsCCAOffset Start of slot to begi nni ng of CCA _ _ _ _ _ TsCCATim e Tim e to perform CCA ( sym bols) ≤ 27 µ s ≤1 µ s

Ngày đăng: 17/04/2023, 11:50

Xem thêm:

TÀI LIỆU CÙNG NGƯỜI DÙNG

TÀI LIỆU LIÊN QUAN