Over the air provisioning of industrial wireless devices using elliptic curve cryptography

Abstract

Security has become a key consideration in industrial settings. Newer technologies, such as wireless sensor networks, have adopted the position that security is mandatory. For wireless sensor applications it is important to secure data in transit in the air, to authenticate data originating from, or arriving at the wireless devices and applications, and, most important, to protect the safety and integrity of the legacy process control and plant safeguarding systems that the new wireless world interconnects into. Current industrial wireless mesh networks, such as WirelessHART™, ISA100.11a, and WIA-PA, have adopted AES 128 bit encryption for both securing communications and data. To ensure that devices and applications are authenticated special join keys are used. The process of loading these keys is called provisioning. To ensure that join keys remain secret they are loaded offline through special wired interfaces or provisioned over the air using less secure mechanisms. What is needed is a low cost efficient public key mechanism that can be utilized over the air while not compromising security. This paper examines the use of elliptic curve cryptography for this purpose. We realize this technique on a WirelessHART mesh network. Efforts are underway to incorporate this approach as an addition to the WirelessHART standard.