Table of Contents
Advertisement
3. About FDAP
3.7. FDAP security
3.7
FDAP security
Security is a primary concern for the process automation industry. The security concern
is heightened when communicating process data over a shared physical layer such as
over the air. OneWireless network protects plant information and ensures safe operations
with industry standard 128-bit encryption at the mesh, Wi-Fi and wireless field
instrument level. The FDAP offers a robust embedded ISA100 security and Infrared
security.
Embedded ISA100 security
To reduce security threats, ISA100.11a requires all process data to be 128-bit encrypted.
The data is encrypted and decrypted at the FDAPs, field instrument, and WDM level to
provide end-to-end security for the process data.
The FDAPs self-discover other neighboring ISA100.11a routing devices, such as
Multinodes, and routing ISA100.11a field instruments, to form a reliable and secure
ISA100.11a based wireless mesh network. Honeywell's intelligent wireless routing
algorithm enables a FDAP to dynamically identify the best route to send data to and from
wireless field instruments. This algorithm enables the field instrument mesh network to
dynamically re-optimize itself when FDAPs are added to or removed from the network.
Infrared security
In addition to data encryption, ISA100 standard requires each FDAP to be authenticated
before joining the network. OneWireless network supports over the air and infrared
authentication key distribution. OneWireless network relies on a more secured infrared
authentication key distribution method as it requires users to be physically next to the
FDAP to add it to the network.
The authentication keys are generated and managed by the WDM. A Provisioning
Handheld device is used to upload the authentication keys from the WDM and download
keys to FDAPs using infrared media. The infrared media is used to send an
authentication key from the Provisioning Handheld to the FDAP. Therefore, all
Provisioning Handhelds and FDAPs offered by Honeywell feature IR ports. The FDAP
features a conveniently located IR port for use in device commissioning. The keys are
encrypted when distributed over the network. Once a key is deployed to a FDAP it is
validated by the WDM before the FDAP can join the OneWireless network. Key
deployment is onetime activity which means that devices can rejoin the network after
power down or other service interruptions without re-keying the device. OneWireless
supports a key rotation mechanism to enable a secure network. Once the devices join the
network, a master key is assigned to each device which can be rotated on a timely basis.
The key rotation period can be configured from the WDM UI.
30
OneWireless Field Device Access Point User's Guide
Honeywell Confidential & Proprietary
R200
October 2010
Advertisement
Table of Contents
