Secure Embedded Wireless Can Be Practical

By Ned Lecky, Lecky Integration

I’m working on an extended project for a wind power startup in which we are trying to tie redundant control and monitoring stations into a redundant central controller. We have several weather monitoring stations, for example, as well as redundant motion control systems that position and monitor the turbine complex. The whole system is a critical controller since properly orienting the turbine blades in high winds is a safety-critical function.

Interconnect is a challenge. Most of these stations are separated by 100 ft or more, and lightning strikes not only are possible but inevitable and frequent.

I decided to consider a wireless interconnection strategy since it would offer complete electrical isolation of the stations and even more. Wireless interconnect would sidestep the least-glamorous, but most-common failure mode in digital systems: cable and connector failure. Especially in our wide range of environmental conditions, I was more worried about isolation, connectors and cables than pretty much anything else. So how about a wireless solution?

Now wait a minute. I’m a pretty good electronics designer and architect. I’ve been doing this for a long time. Three engineering degrees, 15 years of embedded software and another 10 doing hardware designs, digital microcontrollers, FPGAs, analog circuitry and PCB layout. And for the past seven or so of those, I’ve even added power electronics into the mix, working on controlling converters and inverters and dealing with mobile and micropower applications.

But wireless? That’s, like, with a radio, right?

My grandfather designed radio circuitry at Bell Labs for 30 years, but he can’t help anymore. I don’t really think a séance is the right format for a technical discussion, especially since psychics rarely have whiteboards in their offices, so I was going to have to figure this one out on my own.

Two issues dominated the choice: how to go wireless, and how to do it securely?

How To Go Wireless

Wi-Fi, or IEEE 802.11 networking is an option. The Wi-Fi standard, however, really is designed to provide interconnectivity to the global TCP/IP network. It also is power- hungry and PC-centric, and while it offers excellent security, the security is based on Internet security standards that are power-, hardware- or CPU-intensive—not well-suited to embedded system design.

IEEE 802.15.4, a set of communication standards and applications commonly called ZigBee, is a relative newcomer to the wireless networking scene. It uses low-power, spread-spectrum radios, typically in the 2.45 GHz frequency range, to interconnect devices in ad hoc networks. It is different from Wi-Fi in that:

1. It is specifically designed to require much less power than Wi-Fi
2. It includes its own ad hoc networking hierarchy in which nodes can be a primary, an endpoint or an intermediate router/endpoint
3. It continuously reevaluates signal strengths and reassigns routes and traffic to avoid failed or powered-down nodes
4. Nodes are commonly addressed by unique MAC addresses assigned during manufacture—every node is unique and cannot be mistaken for another
5. The communications protocol stack is much simpler than TCP/IP and is much easier to implement on small microcontrollers.

Many companies, like Digi, Microstrain and National Instruments, make complete Zigbee-based wireless systems for remote I/O. For the more hands-on integrators, Atmel, Digi, Freescale, Jennic, MeshNetics, NEC, Panasonic, Rabbit and TI are just some of the major players making modules in the $20-$30 range that often include not just the radio but a C-programmable microcontroller. Yes, a $20 postage-stamp-sized board can be added to your design and you have a Zigbee-based embedded system.

How To Do It Securely

I’m using the Jennic JN5139 module product with an integrated SMA connector for antenna connection. The JN5139 is a low-power, low-cost wireless microcontroller integrating a 32-bit RISC processor, a fully compliant 2.4 GHz IEEE 802.15.4 transceiver, 192 kB of ROM, RAM sizes from 8 kB to 96 kB and extensive analog and digital peripherals. The device also integrates hardware MAC and AES encryption accelerators and mechanisms for security key and program code encryption.

The Jennic encryption coprocessor implements the NIST-approved Advanced Encryption Standard (AES) using a 128-bit nonce (number used once) and a 128-bit key for encryption. The purpose of the nonce is to allow implementation of a counter, date or otherwise disposable portion of the key so that if an intruder simply repeats an earlier message, the decryption will fail since an old nonce would be embedded in the packet.

By using the AES coprocessor and a standard security model for the nonce/key pair, completely secure communications can be realized between the stations without dramatically increasing CPU load.

And what about jamming? 802.15.4 is based on a spread-spectrum technique in which radios are frequency-agile in the 2.4 to 2.5 GHz band. They jump from one frequency to another to avoid interference with other radios operating in the same region of space and frequency. This reliability feature also dramatically improves their jam-tolerance. A jamming system would have to transmit on frequencies spanning 100 MHz—from 2.4 to 2.5 GHz—to jam operation, and this is a difficult and costly proposition. Further, the module units support antenna diversity; this is the use of dual antennas which are located in different locations or orientations. The antennas can be alternately selected to avoid destructive interference nodes or blocked pathways in the environment.

My redundant control system is inherently easier to design with the wireless communications, since “cutover” between one weather station and another, or between one motion control system and another, or even one main controller and another, only involves changing the addressing field in a transmitted packet. There are no muxes, relays, routers or switches to interpose and control between the terminal stations. This eliminates software headaches, as well as eliminating more single-point-of-failure hardware devices that so often complicate our best-designed redundant systems.

How to get started? To experiment with ZigBee, I’d certainly recommend starting with the $500 Jennic Home Monitoring evaluation kit that contains five AA-powered evaluation boards, seven Zigbee radio modules and a fantastic set of C-based development tools with enough sample code and documentation to get you started on becoming a ZigBee expert. While the offerings from many other vendors are excellent, I’m always in the mode of delivering full-featured applications very quickly. Having great documentation, copious sample code and a fully working set of demo hardware that can form the core of my own design is about the only way I can feel comfortable about trying something radically new. Give it a whirl!

Ned Lecky is a mechanical and electrical engineer with 25 years of hands-on experience in control systems and machine vision. He is owner of Lecky Integration.