1. Technical Field
The present invention relates to a control network management system for relaying a first wireless communication in conformity with IP (Internet Protocol) and a process control wireless communication standard, and a second wireless communication in conformity with IP and a wireless communication standard differing from the process control wireless communication standard, and in particular, to a control network management system capable of avoiding tampering, and so forth, attempted by a mala fide third party, and allowing a signal of a process control wireless communication of which highly real-time responsiveness is required while guaranteeing priority, and a signal of which real time responsiveness is not required so much to coexist in the same network.
2. Related Art
It has since been proposed that a process control system in, for example, industrial automation is constituted as a wireless control network system making use of wireless communication.
The reason for this is that since a related-art control system is configured as a wired network, it has been impossible to install field devices such as sensors for measuring temperature, a flow rate, and so forth, respectively, at optimum locations inside a plant owing to limitations to a communication distance, constraints to routing of wiring, and so forth, resulting in deterioration in control accuracy, and the wireless control network system is therefore proposed in order to obviate such inconvenience.
Further, there has been proposed a control network management system for controlling the operation of the wireless control network system, and optimizing the operation of a plant in whole.
The field devices include various field devices such as, for example, a differential pressure gage, a flow meter, a thermometer, a monitoring camera, an actuator, a controller, and so forth.
There has lately been seen a move for attempting to incorporate wireless technologies into various industrial sectors including a process control sector, and wireless communication standards as well have been under studies. More specifically, under study at present are Wireless HART provided under HART (Highway Addressable Remote Transducer) 7, and a process control wireless communication standard ISA100. 11a, approved by ISA 100 committee of ISA (International Society of Automation). The WirelessHART, and ISA100. 11a each are a protocol/standard of industrial wireless communication for execution of frequency division communication, and the contents of arrangements concerning respective communications are explained in, for example, the following documents;    Document 1: Wireless systems for industrial automation: Process control and related applications    Document 2: Control with WirelessHART (URL: http://www.hartcom. org/protocol/training/resources/wiHART_resources/Control_with_wirelessH ART.pdf)
The WirelessHART, and ISA100. 11a are adopted for a wireless control network system in conformity with IEEE (Institute of Electrical and Electronic Engineers) 802. 15. 4, where a large number of field devices are installed by taking advantage of small size • and power-saving feature of the respective field devices.
Meanwhile, there has also been proposed a wireless communication system making use of “Wi-Fi (Wireless Fidelity)” technology (hereinafter referred to as Wi-Fi wireless communication) in conformity with IEEE 802.11a/IEEE 802.11b since some time ago.
As the Wi-Fi communication, there has been proposed a wireless communication system in a process control system, connected with a maintenance terminal for a maintenance operation by a worker on a job site, and field devices such as a monitoring camera of which communication of massive date (for example, statistical data, a moving picture screen, a still picture screen, various image data, and so forth) is required.
For some time up to now, there have been under study a repeater for controlling the operation of a wireless control network system by making use of both wireless communication in conformity with the WirelessHART, ISA100. 11a, and wireless communication in conformity with the Wi-Fi communication to thereby relay both the communications in order to optimize the operation of a plant as a whole, and a control network management system using the repeater.
For example, U.S. Patent Application No. 20070268884A relates to a related-art network management system.
The above U.S. patent application features a technology concerning a mechanism for a wireless system for execution of frequency hopping, being compatible with a Wi-Fi wireless communication system, using a communication frame, wherein respective communication time zones of both the systems are divided from each other, thereby providing a guard interval (blank time for prevention of interference) therebetween.
In the above related-art control network management system, highly real-time responsiveness (for example, response within 10 ms, and so forth) is required of the process control wireless communication (the wireless communication in conformity with the WirelessHART and ISA100. 11a, respectively) in order to execute transmit/receive of various control data (a flow rate, a pressure value, and so forth) necessary for carrying out an optimum operation of a plant and so forth.
On the other hand, real-time responsiveness higher than that required in the case of the WirelessHART and ISA100. 11a is not required of the Wi-Fi wireless communication.
With the related-art control network management system, however, there has existed a problem in that even if priority control is applied to the process control wireless communication among the process control wireless communication, and the Wi—Fi wireless communication in order to secure the quality of the process control wireless communication of which particularly high real-time responsiveness is required, there is a possibility that communication according to priority cannot be executed due to information for deciding priority being intercepted by a mala fide third party to be thereby subjected to tampering because anyone can gain access to the relevant wireless communication. This problem is specifically described hereunder.
For some time up to now, there has been under study a repeater for realizing a mechanism wherein a wireless network system of the process control wireless communication, of which the highly real-time responsiveness is required, is compatible with the Wi-Fi wireless communication system of which the real-time responsiveness higher than that required in the case of the process control wireless communication is not required, and a control network management system using the repeater.
With the related-art technology, in particular, there has been under study use of a priority control function, generally called QoS (Quality of Service), as a function mounted in a repeater, such as a router, a LAN switch, and so forth, in order to secure the quality of the process control wireless communication more important than the Wi-Fi wireless communication.
More specifically, a method whereby a repeater decides priority includes a method for a repeater explicitly designating priority by making use of a field prepared in the header of communication packet data.
For example, relatively high priority information is written in a TOS (Type of Service) field, or a DSCP (Differentiated Services Code Point) field of an IP (Internet Protocol) packet by terminals or field devices, making up a network, whereupon a repeater executes prioritization on the basis of the priority information (TOS, or DSCP).
For example, when any of a plurality of terminals making up a network, or any of a plurality of field devices making up a network prepares communication packet data relating to data of high real-time characteristic, such as voice communication data, or process control data (control data such as pressure, a flow rate, and so forth), a repeater writes priority information in the TOS field, or the DSCP field, prepared in the header (IP Header) of packet data in communications in conformity with IP.
The repeater controls transmission timing of the packet data on the basis of the priority information written in the TOS field, or the DSCP field, prepared in the IP Header of the communication packet data received from the terminal, or the field device.
That is, the repeater transmits the communication packet data as received, in order of decreasing precedence. Even if packets lower in precedence build up internally (in a storage means), the repeater sends them out in order of decreasing precedence on the basis of the priority information.
As a result, with the related-art control network management system, it has been possible to provide high quality communications of which relatively high real-time responsiveness is required by the action of the repeater, for explicitly designating priority, making use of fields prepared in the header of the communication packet data, in the method for the repeater deciding priority.
FIGS. 3(A), 3(B) each are a schematic representation showing a format of related-art communication packet data, in which FIG. 3(A) is the schematic representation showing the communication packet data in whole, and FIG. 3(B) is the schematic representation for explaining about an IP header thereof. In FIG. 3(A), the communication packet data is made up of a TOS field, a DSCP field, an IP header, and IP data, and as shown in FIG. 3(B), the IP header is provided with the TOS field corresponding to 1 octet.
With the related-art control network management system described as above, however, even if the priority control is executed in order to secure high real-time responsiveness of the process control wireless communication, a problem has existed in that there is a possibility that communications according to priority cannot be implemented because anyone can gain access to the relevant wireless communication, and the wireless communication is intercepted by a mala fide third party, and information for deciding priority is subjected to tampering.
More specifically, with the related-art control network management system, in the case of executing the priority control on the assumption that the Wi-Fi wireless communication, and the process control wireless communication (signals thereof) are allowed to coexist in the same network without any countermeasures taken into consideration, if, for example, the communication packet data of the process control wireless communication is intercepted by a mala fide third party who has invaded from the Wi-Fi wireless communication to be re-transmitted after a portion expressing a priority {TOS (Type of Service) corresponding to 1 octet, in (FIG. 3B)} of the communication packet data have been subjected to tampering, this will cause communication packet data to be transmitted on the basis of priority information after the tampering, thereby causing a problem that security on priority is not provided at all, and it is impossible to carry out the optimal operation of a target for control, in a plant, and so forth.
In other words, a problem has existed in that there is a possibility of the system being under a replay attack that is an attack technique whereby a third party eavesdrops on contents of the communication, and transmits contents identical to the contents of the communication packet data of the process control wireless communication, thereby gaining an irregular access.