Now showing 1 - 10 of 16
  • Publication
    Metadata only
    Design and Development of a Roaming Wireless Safety Emergency Stop
    Modern manufacturing is characterized by a high degree of automation, with autonomous systems also frequently being used. In such environments human intervention in the event of malfunctions or maintenance becomes a rare but also necessary task. When human workers are no longer an integral part of the production process, but only intervene when necessary, e.g., in the case of unexpected machine behavior, appropriate safety solutions will become even more important. This work describes a wireless communication system enabling a flexible and safe emergency stop function for multiple automation cells. A portable emergency stop switch allows seamless transition between different wireless cells, ensuring functional safety. The communication protocol combines IO-Link Wireless features with the safety requirements already implemented in IO-Link Safety. Security requirements are fulfilled through encryption and authentication. The IO-Link Wireless roaming functionality is used to extend the system across several manufacturing cells. An experimental setup confirms the suitability of the system for various applications. The results demonstrate the effectiveness of the handover mechanism and evaluate the potential of the system to improve flexibility, availability and security in dynamic production environments. Future extensions could include the use of AI based evaluation of the radio signals for an intelligent cell handover.
  • Publication
    Open Access
    Contribution to IO-Link Wireless Safety – Architecture and System Extensions
    (Universitätsbibliothek der HSU / UniBwH, 2024-02) ; ;
    Helmut-Schmidt-Universität / Universität der Bundeswehr Hamburg
    ;
    Schiller, Frank
    Functional safety systems protect humans and equipment from hazards while machines or humans perform automation processes. Therefore, the systematic and safe design of functional safety protocols and systems together with appropriate safety management and maintenance concepts is critical and must follow quality standards. In the field of production automation, IO-Link Wireless (IOLW) offers energy-efficient and cost-effective solutions for wireless sensors/actuator communication close to the machines on the industrial shop-floor. In case of safety applications within IO-Link (IOL), currently only a wired extension of a functional safety protocol, called IO-Link Safety (IOLS), exists. Thus, the applied safety features in IOLS are not sufficient for a safety extension of IOLW. Therefore, a safety concept proposal to enhance IOLW with safety features is suggested. This proposal is realized for safety critical communication in industrial environments with performance characteristics of demanding safety integrity level (SIL) 3 requirements. As also data security is of paramount importance, security-for-safety mechanisms are adopted for IOLW Safety, especially to meet the necessary criteria within the safety requirement specification (SRS) to ensure a one-to-one connection between an IOLW Master and an IOLW Device. Potential cryptographic algorithms are evaluated with respect to energy consumption and timing. Reliable and energy-efficient characteristics are crucial for a fast and secure wireless communication solution, especially for mobile safety applications. Therefore, the current consumption should not significantly increase due to implemented cryptographic algorithms. A current measurement method is designed to evaluate the current consumption for different crypto-algorithms together with an uncertainty estimation. Furthermore, a SRS is elaborated together with an authorized certification organization with a profound focus on standards (mainly IEC 61508 and IEC 61784-3) regulating the probability of dangerous failure on demand (PFD) addressed within SRSs. Also, relevant security standards (e.g., IEC 62443) involving security-for-safety for IO-Link Wireless Safety (IOLWS) are considered. The PFD is determined using probabilistic models to verify the regulations stated in the standards. Taking performance parameters into account, which are crucial for industrial manufacturing processes, a safety process data unit (SPDU) is designed and certified by the authorized safety organization for different payload lengths and cycle times. This is necessary, because for various applications safety devices require different payload lengths. Therefore, measurements for different payload lengths to enable various safety devices are performed to analyze cycle and processing times of the communication channels and devices. The protocol architecture, including a safety and security communication layer, is introduced including services to provide features to the application layer. A prototype implementation assures that the concept is applicable in real world with existing hardware to meet the stated requirements within the SRS. The measurements demonstrate feasibility of the concept and its assumptions.
  • Publication
    Metadata only
    Contribution to Safety Extension of IO-Link Wireless
    (Vulkan Verlag, 2023-09-04) ; ; ;
    Schlögl, Walter
    ;
    Supavatanakul, Peerasan
    This paper descibes an enhancement of IO-Link Wireless with an additional safety and security communication layer employing the black channel principle to fulfill safety requirements with respect to IEC 61784-3:2021. An extended channel model based on uniformly distributed segments (UDS) superimposed with the binary symmetric channel (BSC) is applied to simplify the residual error probability (REP) calculation, to detect additional error patterns, and to consider BSC-preserving cryptographic algorithms. Also, the REP with respect to the underlying security layer as well as the probability of failure per hour (PFH) are quantified.
  • Publication
    Metadata only
    An FPGA-based Unidirectional Gateway Proposal for OT-IT Network Separation to Secure Industrial Automation Systems
    A new FPGA-based approach for a data diode transmitting data unidirectionally from a high security zone to a lower security zone is evaluated and implemented. With the FPGA implementation, the need of additional hardware could be minimized compared to most state-of-the-art data diode realizations. The proposed data diode is designed to use the available backplane bus communication protocol between the programmable logic controller (PLC) and its connected peripherals. To demonstrate the universal approach an open-source platform based on the Revolution Pi (RevPi) and its backplane bus is used. Principally the data diode behaves as a mirror presenting the complete protected system behind the high security zone including the RevPi controller and its devices to the information technology (IT) network. Another controller within the lower security zone is used to imitate the operational technology (OT) process. Our approach is not limited to the above controller and can be applied to any type of PLC. The only requirement is that the communication protocol on the backplane bus is known and can be modified for this purpose.
  • Publication
    Metadata only
    Concept of a 5G Hybrid Wireless Campus Network as Testbed for Industrial Applications
    (Springer, 2023) ; ;
    Solzbacher, Bettina
    ;
    The 5th generation technology standard for broadband cellular networks (5G) is currently being deployed at a large scale. In addition to the expansion of public 5G networks, (private) 5G campus networks are also set up in many areas. However, in parallel with the development of 5G, numerous other wireless solutions have also evolved, primarily using unlicensed frequency bands. In addition to various versions of the consumer grade IEEE 802.11-based WLAN standards and Bluetooth, a number of specific wireless solutions for predominantly industrial data communication have been established. The advantages of these comparatively simpler, non-5G wireless technologies are lower price levels, higher availability of established products on the market, and improved energy efficiency, which often lead to a significant commercial success and justify their beneficial use. This contribution presents a hybrid campus wireless network infrastructure, which is intended to fulfill various requirements as a testbed, especially in the areas of automation, logistics and traffic. A focus is on wireless coexistence, functional safety requirements and functionalities in conjunction with the associated security for safety.
  • Publication
    Metadata only
    On the Security of IO-Link Wireless Communication in the Safety Domain
    (IEEE, 2022-10-25) ;
    Fischer, Florian
    ;
    Merli, Dominik
    ;
    Security is an essential requirement of Industrial Control System (ICS) environments and its underlying communication infrastructure. Especially the lowest communication level within Supervisory Control and Data Acquisition (SCADA) systems - the field level - commonly lacks security measures. Since emerging wireless technologies within field level expose the lowest communication infrastructure towards potential attackers, additional security measures above the prevalent concept of air-gapped communication must be considered. Therefore, this work analyzes security aspects for the wireless communication protocol IO-LinkWireless (IOLW), which is commonly used for sensor and actuator field level communication. A possible architecture for an IOLW safety layer has already been presented recently. In this paper, the overall attack surface of IOLW within its typical environment is analyzed and attack preconditions are investigated to assess the effectiveness of different security measures. Additionally, enhanced security measures are evaluated for the communication systems and the results are summarized. Also, interference of security measures and functional safety principles within the communication are investigated, which do not necessarily complement one another but may also have contradictory requirements. This work is intended to discuss and propose enhancements of the IOLW standard with additional security considerations in future implementations.
  • Publication
    Metadata only
    A New Approach to Secure Industrial Automation Systems Based on Revolution Pi Modules
    In the context of Industry 4.0 and the Industrial Internet of Things, an exponential increase in the interconnection of machines and smart devices can be observed together with an increase of interconnections between Operation Technology (OT) and Information Technology (IT) networks as well as Cloud systems. This development is linked to the user's expectation for suitable security solutions, where it remains a challenging task to ensure that, e.g. a specific Safety Integrity Level (SIL) level can be maintained in view of possible potential cyberattacks. In this case, a data diode can be a suitable solution. In this paper a data diode prototype is presented being integrated into an industrial network analyzing the communication on the backplane bus of an Open Source Industrial PC called Revolution Pi. The advantage of our approach is that the data diode is totally transparent from the IT to the OT network, because all process data behind the data diode are mirrored into the IT network within a few system cycles. The security and reliability issues related with this approach are also discussed and evaluated.
  • Publication
    Metadata only
    Precision measurement of the application-dependent current consumption of a wireless transceiver chip in the time and frequency domain
    (Copernicus Publishing, 2022-06-13) ; ;
    Modern production concepts generate a demand for reliable, energy-efficient, fast, and secure wireless communication solutions. Therefore, the current consumption should not increase substantially due to additional cryptographic operations. This paper shows a principle current measurement method that is exemplary of a transceiver for the IO-Link Wireless protocol. Low-pass filtering and single-sided amplitude spectrum analysis are used to evaluate the main information of the current measurement. An uncertainty estimation is realized using statistical measurement data and considering the measurement setup in order to approximate the combined standard uncertainty. The results show that the current consumption only increases slightly when using additional cryptographic operations. This can be measured with acceptable uncertainty.
  • Publication
    Metadata only
    Safety Architecture Proposal for Low-Latency Sensor/Actuator Networks using IO-Link Wireless
    In the field of production automation, IO-Link Wireless (IOLW) offers energy-efficient and cost-effective solutions for networking wireless sensors and actuators close to the machines on the industrial shop-floor. In this paper, a concept is presented to enhance IOLW with security-for-safety and safety features in order to make safety critical systems in industrial environments with performance characteristics dedicated to demanding applications feasible. As data security is of paramount importance, security mechanisms already implemented in other wireless protocols are investigated and security-for-safety mechanisms for IOLW are introduced. Potential cryptographic algorithms are evaluated for IOLW with respect to energy consumption and timing. Taking performance parameters into account, which are crucial for industrial manufacturing processes, a safety protocol data unit (SPDU) is described and evaluated for different payload length and cycle times. Finally, an outlook towards the implementation of a demonstrator setup completes this work.