WirelessHART Field DevicesIvan Muller, Joao Cesar Netto, and Carlos Eduardo Pereira

T oday, the use of wireless industrial field devices (FDs) is gradually increasing because they are easy to install in difficult places, they ease the design of modular

machines, they support mobility, they are less expensive to in-stall and have greater flexibility than wired devices, and they reduce modification time. In addition, there is no downtime due to maintenance of network cables or connectors. Stud-ies that have been conducted highlight these advantages [1]. Among all of these advantages, the easy installation when compared with wired devices seems to be the most attractive to factory and plant managers.

In this paper, the Wireless Highway Addressable Remote Transducer (WirelessHART, WH) Protocol which has evolved from the HART Protocol is presented. It is one of the most prominent industrial wireless mesh network communications protocols for process automation applications. We describe how the protocol copes with RF link difficulties. A case study of the network behavior is given using a previously developed FD with commercial tools and analysis software developed by the authors for use in industry to obtain network data.

IntroductionCable and wire links are the simplest and most reliable in-dustrial communication media. Despite the advantage of simplicity, these links are prone to failure due to corrosion, shorts and open circuits, and electromagnetic interference. Also, cable and wire installation demand careful planning and should include localization of ducts, pipes, inspection boxes, and terminals which will be needed for future modifications and maintenance. Fiber optics provides large bandwidth and electromagnetic interference immunity but at a high cost per meter considering the fiber and the installation. Repairs are another cost of fiber cabling. High cabling cost is a great incen-tive to consider wireless monitoring and control systems, since they can save 20% to 80% of the overall installation cost [2].

Current wireless technology permits battery operated FDs that can easily be installed when an additional process vari-able must be monitored or controlled. On the other hand, robustness and real-time communication requirements are of-ten cited as potential obstacles to the employment of wireless systems in industry. An even bigger impediment is the con-servative mindset that often characterizes the attitude taken towards the adoption of new technologies by industrial au-tomation customers. The tangible connections made of wires and cables lead to confidence for those who work with them. The same cannot be said of the invisible RF connections. Ef-forts are being made to develop reliable wireless network systems for industrial environments [3].

Comparison of Field Devices Communication among radio FDs and controllers usually oc-curs at slow rates, which permit the use of low-rate wireless personal area networks (LR-WPAN). One of the greatest bene-fits of RF systems in a factory is easy installation and mobility, which eases the process of repositioning or installing FDs. Cost and time are reduced if no cable installation is needed. Some wireless FDs are even battery operated, so the installation and service requirements are minimal and are limited to the sim-ple infrastructure.

Wi-Fi, Bluetooth, ZigBee, ISA and HART are organizations that are making efforts to promote the use of their technol-ogy in industrial applications. However, only FDs that were specifically developed for industry are truly reliable. Wire-less technologies that work fine in home and office settings are not necessarily usable in hazardous industrial environments. For instance, ZigBee and Wi-Fi networks use only one chosen channel and, therefore, do not cope effectively with jamming (messages colliding).

Other constraints are noticed, especially those related to power consumption. The use of beacons to synchronize the

This work has been partly supported by the Brazilian research agencies CNPq, CAPES, and FINEP. The authors also acknowledge the support of Petrobras, the major Brazilian oil company.

20 IEEE Instrumentation & Measurement Magazine December20111094-6969/11/$25.00©2011IEEE

Wireless technologies that work fine in home and office settings are not necessarily

usable in hazardous industrial environments.

network devices increases the active time and, as a result, the power required. Wi-Fi can-not be considered a low power protocol especially because of its large bandwidth, which is unnecessary for most FD com-munications. Also, the Wi-Fi star network topology and the Bluetooth cluster-tree are not adequate because they don’t provide spatial diversity. Zig-Bee networks can form mesh topologies, but these are prone to failure due to the concentra-tion in the PAN coordinator device. If this device fails, the network fails. Ethernet ori-ented wireless protocols are very inefficient when small payloads are used, and most industrial process data fits in small packets.

The ProtocolsThe Highway Addressable Remote Transducer (HART) Proto-col was developed to be used with a range of smart measuring instruments and has been used in industry since the mid-1980s. The traditional 4-20 mA current loops carry a 1200 bps signal that uses Bell 202 Frequency Shift Keying (FSK) modula- tion and that permits coexistence between old analog systems and digital communication. There are currently hundreds of thousands of devices using the Hart pro-tocol installed worldwide. The protocol evolution led to the Wire-lessHART specification in 2007. In 2010, the International Electrotech-nical Commission (IEC) approved WH as an international standard, and its usage has been growing significantly since then. The International Society for Automation (ISA) also released the SP100 protocol whose characteristics are very similar to WH.

WirelessHARTWH compatible devices are low-rate, low-power, and fully compatible with previous HART certified devices at the appli-cation layer [4]. They can be used directly through the network or can be used to upgrade older wired devices by using adap-tors. The WH protocol specifies the following elements within the network: the wireless FDs, one or more access points, a gateway, and a network/security manager. Fig. 1 illustrates a typical, centralized WH network, in which the network/se-curity manager is a single device that creates and manages the sessions, links and routes, keeps a list of all devices, and estab-lishes the routing tables.

Two types of process messages travel on a WH network: request/response and burst messages. For general monitor-ing of FDs like temperature and pressure transmitters, burst messages are usually adopted. The process data can be con-tinuously published (at a given sampling rate) or only when a certain threshold level is passed. Calibration and config-uration routines can be established through a maintenance port or by a wireless handheld device with rights to join the network (this has to be previously set by the network man-

ager). To manage the messages, the following types of transac-tions are defined: the join process where new devices are added to the network, the links between two devices, and the sessions that are the end-to-end communications passed by hops between the net-work devices.

The physical layer is the IEEE 802.15.4 in the globally free licensed 2.4 GHz Industrial, Scien-tific and Medical (ISM) radio band which permits compatible radios to transmit at a “raw” data rate of 250 kbps by means of an O-QPSK modulation. A channel hopping technique is uti-lized to avoid jamming, and each transaction between two devices occurs in a different channel. Fifteen channels are pos-sible, from 2405 to 2475 MHz (IEEE 802.15.4 channels 11 to 25). Channel hopping is implemented, and unsupported channels can be listed to be avoided in the case of coexistence problems. With a maximum RF output power of 10 dBm, up to 200 m links can be established (outdoor, out-of-sight).

RF links have some negatives: wave propagation is not confined since it travels through the air and is prone to several phenomena like reflections, diffractions, scattering, jamming and blocking. There is also the coexistence problem with other RF systems, especially in the open ISM bands. Making an in-dustrial RF link resistant to these factors is a real challenge.

Fig. 1. Typical WirelessHART network.

December2011 IEEE Instrumentation & Measurement Magazine 21

When compared with cable infrastructures, RF links are more prone to suffer cyber

attacks. Security techniques must be employed to

prevent eavesdropping and denial of service attacks.

There are several different techniques employed to obtain a certain degree of reliability. Radios that use direct-sequence spread spectrum modulations, originally developed for mil-itary use, are preferred because they use less energy per bit, have reduced multipath and jamming distortions, are difficult to detect, and permit some degree of coexistence with other al-ready installed RF links.

Other mechanisms must be employed to increase jamming resistance. Most of the protocol’s physical layers define a num-ber of channels and the bandwidth that can be used. Channel hopping techniques use the available channels to avoid jam-ming by changing the used channel constantly with time and verifying the channels’ availability before their use.

Another challenge to indus-trial RF links is security. When compared with cable infrastruc-tures, RF links are more prone to suffer cyber attacks. Security techniques must be employed to prevent eavesdropping and denial of service attacks. These techniques include the use of en-cryption algorithms, such as the Data Encryption Standard (DES) or the Advanced Encryption Standard (AES), to prevent network attacks and ensure mes-sage integrity.

Typically, several FDs are employed in a plant and a mul-tiple access technique is necessary. The carrier sense multiple access (CSMA) frequency and time division methods are ex-amples of methods used to allow multiple access in RF links. The adopted multiple access mechanism must ensure low power consumption by cycling the radios on and off according to their designated time slots.

The RF network topology should be carefully chosen to provide spatial diversity. The WH has a mesh network, pre-ferred because data can travel on different routes, which increases the redundancy. On the other hand, star and clus-ter-tree topologies are less resistant to blockages because of

data concentration in some vital points of the network. This issue can be related to mesh networks also if a concentra-tor node is present. Full mesh networks where all the nodes are routers are preferred to provide path redundancy. The reliability level of an industrial RF link can be comparable to its wired counterparts if these techniques are employed simultaneously.

In the WH protocol, the network layer is based on a time division multiple access (TDMA) scheme to arbitrate and coor-dinate communications among network nodes. Time slots are

established and dispatched to each FD to make multiple links possi-ble. These time slots are grouped in a superframe (10 ms each) that are periodically generated, sent, and stored in each device. Fig. 2 depicts the superframes’ structure and their timeslots.

According to the HART Com-munication Foundation, a well formed WH network has a typical reliability greater than 3s (99.73%) which is comparable to wired networks. The statement ‘well

formed’ implies that the network has enough redundant paths to route data and available channels to communicate. Obvi-ously, the reliability decreases when some of these parameters are compromised.

Security is another feature of WH networks. Messages are encrypted and verified using the AES-128 algorithm. This en-cryption system is gradually replacing the DES and is based on a substitution/permutation arrangement that can be imple-mented both in software and hardware. All WH transactions make use of the security system. (It cannot be turned off.)

Three symmetrical keys with 128-bit ciphers are defined: join, network and session. While the first two keys are used in join operations and for maintenance, session keys are used to keep message integrity during transactions. Access points can be redundant, and they provide the RF access to the network.

Fig. 2. WH TDMA structure. Each superframe has multiple time slots. In each time slot, a link between two devices is established. Fig. 3. One of the experimental setups with commercial and developed tools

and devices.

22 IEEE Instrumentation & Measurement Magazine December2011

We found that only a few steps are required to start up a WH network. The basic equipment necessary to set up a network are the network/

security managers, an access point, a gateway, some FDs and a

maintenance port.

The gateway is responsible for integration with other indus-trial systems via widely adopted industrial communication protocols, such as Modbus, Profinet and Profibus-DP.

The main features that make the WH an adequate protocol for industrial use can be summarized as follows:

◗ By the employment of a full mesh, spread spectrum tech-niques and channel hopping, it is possible to say that this protocol is truly reliable.

◗ With channel hopping and a list of prohibited channels, some degree of coexistence with other RF networks is possible.

◗ By means of a TDMA scheme, several devices can simul-taneously use the network (up to 100, typically). Multiple network IDs can coexist and work independently in different parts of a plant.

◗ The TDMA mechanism, allied with the controlled number of retransmissions and maximum hops, leads to deterministic behavior in the communication system.

◗ WH networks are reliable and redundant. All FDs are routers and make part of a full mesh network. The network manager can also be redundant.

◗ The network is secure. It employs the AES 128 encryption standard, and all communications are secure.

◗ The field devices are truly low power; in the network TDMA scheme the devices are naturally cycled on and off.

Having discussed the properties of the WH protocol, now we describe some experiments with the development of a WH protocol stack.

WirelessHART in PracticePreviously developed hardware and software were used in conjunction with commercial equipment to perform a case study. Available commercial WH devices include adapters, individual and integrated managers (network/security/gate-way), and several types of FDs, sensors and actuators. We conducted tests with different commercial managers, field de-vices and analysis software to evaluate the usage and behavior of a WH network. Also, we had built a WH compatible field device previously, and our research about WH hardware and software is reported in [5].

We found that only a few steps are required to start up a WH network. The basic equipment necessary to set up a net-work are the network/security managers, an access point, a gateway, some FDs and a maintenance port. First, it is neces-sary to establish a network ID and a join key. Typically, the network manager set-tings are made via a PC connected to it, and the FDs settings must be through a compliant maintenance port (HART or RS-485 port). Then the network is ready to operate, at least from the wireless point of view. Next, the gateway settings are

added, including addresses and port settings (typically Mod-bus, TCP/IP or UDP settings).

The conducted tests included tests of the physical, net-work and application layers (to simplify the ISO/OSI model utilized by WH). The physical characteristics of the proto-col are channel hopping capabilities, bandwidth occupation, channel restriction, maximum and reduction of RF power and consumption. In the network layer, the formation of the mesh network was observed as were package losses, their re-transmissions and routing. In the application layer, tests were conducted in order to observe network actions such as the join and leave time of an FD, gateway communications (through TCP/IP, UDP, and Modbus), burst message setups, request and response of HART commands, and the application soft-ware. Fig. 3 depicts our typical experimental setup.

For this practical application, the WH devices were de-ployed at various locations in a process plant. An important feature to study as a result of this spatial distribution was re-lated to the quality of the radio signal. Data concerning the quality of the radio signal were collected and compared with

other IEEE 802.15.4 compat-ible devices to verify their accuracy.

A WH device keeps a list of other nodes with which it can communicate in memory. The signal qual-ity variations may lead to the discovery and addition of new neighbors, loss of neighboring devices or in the choice of different routes

Table 1—Sample table of recorded links for a device nicknamed 5

Device nickname 5

Neighbor Superframe ID

Slot number

Link option

Link type

2 0 157 TX Normal

2 0 1 TX/RX Discovery

2 0 412 TX Normal

2 0 668 TX Normal

2 0 924 TX Normal

2 0 28 TX Normal

4 0 751 TX Normal

F980 1 86 TX Join

F980 0 445 RX Join

FFFF 1 74 RX Broadcast

FFFF 4 109 TX Broadcast

December2011 IEEE Instrumentation & Measurement Magazine 23

For the users, WH can be expected to become the most prominent wireless

industrial protocol.

for communication. These parameters are verified by sending and interpreting HART commands through developed soft-ware that automatically queries the network manager.

Other data that can be retrieved from the network are the lists of the active superframes, network links and other infor-mation related to the connected devices. The links represent the parameters required to move a package in a hop between adjacent nodes, and they are addressed by their position in the link list of devices. Table 1 shows a sample table of links re-corded in the device nicknamed 5. Note that device number 5 has links with the access point/network manager (nickname F980), FDs 2 and 4, and the link broadcast address (nickname FFFF).

In Fig. 4, it is possible to verify the link utilization over time. In this analysis, one can see the used RF channels and packet switching among FDs. Time slots and data fragmentation are shown sequentially. For example, it is clear that a packet is transferred from device 7 to 2 to 6 and finally to the access point device (1). The same happens among devices 4, 6 and 1.

Having collected data experi-mentally, it is possible to compare the properties claimed for the system with the properties observed while using our test system:

◗ The employment of full mesh, spread spectrum tech-niques and channel hopping proves that this network is resistant to wave propagation phenomena. One disad-vantage is the use of the already polluted 2.4 GHz band that involves coexistence issues. To deal with this, WH standard mentions the possible use of other physical layers in the future.

◗ Some degree of coexistence with other RF devices is possi-ble by channel hopping and the use of a list of prohibited channels. As the channel occupation is cyclical, WH devices do not interfere much with other systems, but the inverse cannot be said. They can suffer from jamming

from a Wi-Fi access point that transmits and receives data continuously. Other jamming tests will be conducted, especially concerning Wi-Fi, SP100, ZigBee, plain IEEE 802.15.4, and 6LoPan coexistence.

◗ A network permits 50 to 100 devices. The number of the devices is limited by the bandwidth requirements, the possible join of new devices, and by real time require-ments from the application. To cope with this, a certain number of time slots must be kept in reserve. Also, network ID multiplicity must be controlled. If another IEEE 802.15.4 network is installed in the area, a WH network can be affected by it if their network ID is the same, because this setting is defined in the PHY layer of the protocol.

◗ The TDMA mechanism allied with the controlled number of retransmissions and maximum hops is proven to be determin-istic. But this demands that the utilized devices in the network are really compatible with the standard. If some device fails the requirements and if it is an impor-tant routing and/or clock source device at a certain moment, it

will compromise network stability and, consequently, determinism.

◗ The network is reliable. All tested FDs behaved as rout-ers and formed a full mesh network. Several topologies were verified, although the centralized one appears to be preferred by the centralized management. Manager redundancy was not yet tested because of unavailability.

◗ The network is secure concerning integrity and eaves-dropping. The AES 128 encryption standard avoids collection of process data without the previous knowledge of the network keys, but there are some possible ways to damage a WH network such as the use of altered able-to-join devices that change their behavior after some time.

◗ The field devices are low power. The TDMA scheme proves to be very power efficient. Depending on the type

of FDs, the power consump-tion can extend the battery life until it has to be substituted because of aging and not by its discharge.

ConclusionsThe WirelessHART protocol was explained, and tests were conducted by means of a series of experiments. Our previ-ously developed hardware and software were used in conjunction with commercial equipment to perform a case study. Based on the obtained results, it is possible to say that Fig. 4. Link utilization as a function of time where the used RF channels and packet switching are noted.

24 IEEE Instrumentation & Measurement Magazine December2011

WH is a reliable industrial wireless protocol, and it is ready to use by means of commercial tools. On the other hand, it is also possible to say that there is still much more to develop, and this is related to the main weak points of the protocol: the cen-tralized management, the security concerns, and the use of the polluted 2.4 GHz RF band.

For those who are planning to develop their own WH compatible devices, some advice based on our experience: the protocol TDMA mechanism demands high precision tim-ing clocks to guarantee correct time slots for communication. This is related both to FDs and managers. Also, the manag-ers must cope with network demands such as bandwidth, routing, retransmissions, security and coexistence. Although some degree of freedom is permitted by the standard, the de-velopment of these features is not trivial because it includes large memory and resource management that requires real time embedded operating systems. The message schedul-ing policy is another feature that must be taken into account. Again, the standard is not strict, but it is something that needs to be well planned.

For the users, WH can be expected to become the most prominent wireless industrial protocol. It can be considered safe and easy to use as stated. There are also software tools to help set up a WH network where the positioning of the de-vices is used to calculate the signal propagation through the obstacles, previously supplied by the user. With these data, the software can calculate the weak points of the network, point out bottlenecks, and suggest the use of redundant repeaters.

References:[1] A. Willig, K. Matheus, and A. Wolisz, “Wireless technology in

industrial networks,” Proc. IEEE, vol. 93, no. 6, pp. 1130-1151, June

2005.

[2] X. Shen, Z. Wang, and Y. Sun, “Wireless sensor networks for

industrial applications,” Proc. Intelligent Control and Automation

2004 (WCICA), pp. 3636-3640.

[3] M. Jonsson and K. Kunert, “Towards reliable wireless industrial

communication with real-time guarantees,” IEEE Trans. Industrial

Informatics, vol. 5, no. 4, pp. 429-442, Nov. 2009.

[4] “Network managment specification,” HART Communication

Foundation, (2008), HCF_SPEC-085 Revision 1.1. , Hart (Ed.).

[Online] Available: http://www.hartcomm.org/.

[5] I. Muller, C. E. Pereira, J. C. Netto, E. E. Fabris, and R. Allgayer,

“Development of a WirelessHART compatible field device,” Proc.

IEEE International Instrumentation and Measurement Technology

Conference (I2MTC) 2010, pp. 1430-1434.

Ivan Muller (ivan.muller@ufrgs.br) (IEEE student member) received the electrical engineering B.Sc. degree in 2003 and the M.Sc. degree in 2008, both from the Federal University of Rio Grande do Sul, Brazil (UFRGS). Currently, he is working to-wards a D.Sc. degree in automation systems. His main research interests are electronic instrumentation and measurement sys-tems, wireless sensors network, and power electronics.

João Cesar Netto received the electrical engineering B.Sc de-gree in 1985 and the M.Sc. degree in 1989 both from the Federal University of Rio Grande do Sul, Brazil (UFRGS). He re-ceived the Ph.D. degree in applied sciences from the Catholic University of Louvain, Belgium in 1995. Currently he is pro-fessor at UFRGS, and his main research interests are real-time networks, embedded systems, industrial automation applica-tions, and communication protocols.

Carlos E. Pereira (IEEE member) received the B.S. degree in electrical engineering in 1987 and the M.Sc. degree in com-puter science in 1990 from the Federal University of Rio Grande do Sul, Brazil (UFRGS). He received the Dr.-Ing. De-gree in electrical engineering from the University of Stuttgart, Germany in 1995. Currently, he is professor at UFRGS, and his main research interests are distributed real-time embedded systems, industrial automation applications and communi-cation protocols.

December2011 IEEE Instrumentation & Measurement Magazine 25