Fieldbuses such as Profinet, Ethercat or ASi replace conventional, direct wiring of sensors and actuators 1:1 in many places. For this reason, they are optimized for cyclically transmitted data, which is essential for controlling a machine. In the course of advancing digitalization and the resulting requirements of Industry 4.0, however, other aspects are becoming increasingly important:

• Measuring instead of switching sensors
• Control of drives via speed instead of simple on/off
• Acquisition of secondary measured variables in addition to the primary ones
• Recording of derived variables such as switching frequency
• Checking software statuses and installing updates if necessary
• Diagnostic data

ASi-5 enables sensors, actuators and control systems to be networked intelligently, efficiently and safely.

© Bihl + Wiedemann

This change in requirements primarily necessitates higher bandwidths for data transmission, but also has other consequences: for example, depending on the application, the bandwidth needs to be divided differently into fast, cyclical data (typically with a few bits) and slower acyclical data (with a larger volume). In addition, current intelligent field devices are often equipped with an IO-Link interface, which also supports cyclical and acyclical data. In order to implement ASi-5 modules with several IO-Link master ports, it is important to be able to establish individual acyclic connections to each IO-Link port - without having to regulate access between the different ports at application level.

ASi-5 has therefore implemented a flexible system with which, on the one hand, the bandwidth of a participant can be scaled between one and four transport channels. On the other hand, the allocation between cyclical and acyclical services can be managed as required. The predefinition of suitable sets is carried out by Bihl+Wiedemann, for example, as the manufacturer of ASi-5 devices. For this purpose, the user is provided with a series of easily selectable profiles so that both classic I/O boxes with one bit per input point and, for example, displays that require 'streaming data' can be adequately served.

TCP/IP monoculture as a security risk

The Heartbleed bug was 'just' a classic programming error. However, nightmare scenarios are also conceivable in which criminals infect IoT devices with manipulated software. These then fulfill their actual function and also search for security gaps in the accessible company network, for example to detect passwords, which they then send to an external server.

Of course, the increased awareness of the potential problems of networking in recent years also ensures greater security - especially in the highly professional environment of automation. However, the challenge posed by an exponentially increasing number of TCP/IP-capable field devices is very high. After all, those responsible for network security not only have to define the permitted and necessary services for each device. They also have to implement these definitions correctly in the firewalls and other security devices. This is no easy task, and it is becoming increasingly difficult due to the growing number of devices.

Logic break between ASi-5 and TCP/IP

The communicative break between the individual communication levels - especially between ASi-5 and TCP/IP - increases security

© Bihl + Wiedemann

In terms of safety, it is therefore helpful that ASi-5 and IO-Link provide a logic break to TCP/IP. This means that high security requirements only have to be placed on the ASi-5 gateway, which establishes the connection to TCP/IP. ASi-5 modules, on the other hand, are much less critical in terms of security, as they cannot communicate in TCP/IP networks. Those responsible for network security can therefore concentrate on far fewer devices and check them more carefully.

Recording of messages made more difficult

Another special feature of ASi-5 ensures greater security: data transmission using OFDM (Orthogonal Frequency-Division Multiplexing) with dynamic frequency allocation means that recording the exchanged messages is very time-consuming. This is because the entire context of the connection setup between the gateway and module is required. In addition, precise synchronization of the clock frequencies is necessary, as takes place between the gateway and module in accordance with the ASi-5 protocol. This is the only way that signals can be decoded at all.

Data transmission using OFDM with dynamic frequency allocation makes unwanted eavesdropping more difficult.

© Bihl + Wiedemann

Another important point is that the signal strength is not equally good at all spatial positions, depending on the frequency. The ASi-5 gateway and module negotiate this with each other in an optimized manner, but this makes it much more difficult to listen in. In comparison, recording Ethernet telegrams with commercially available Ethernet TAPs or standard mirror ports is comparatively easy.

Extensive safety tests

The firmware update is secured by several security mechanisms in the background.

© Bihl + Wiedemann

Bihl+Wiedemann's development department already ensures a high level of security: firstly, all software components used are selected with security aspects in mind; secondly, the developers constantly monitor error and security reports. In the company's experience, open source software can often be a very good alternative due to a large, active community.

In addition, extensive security tests are carried out regularly using various tools. These include test systems such as the 'Achilles' test platform from General Electric. This test system stresses the test object in a mixture of random test patterns and known problematic patterns - for example in relation to differences between the actual and declared length of data blocks or exceeding permitted lengths. For further tests, Bihl+ Wiedemann uses load generators that make it possible to simulate high network loads. These can, for example, stop individual tasks in the test object, which can result in unexpected reactions.

In practice, such tests in development repeatedly reveal astonishing effects. Discovering these in the laboratory - before they occur in the user's environment - is a decisive factor in quality assurance.