UNIVERSITY OF VAASA SCHOOL OF TECHNOLOGY AND INNOVATION WIRELESS INDUSTRIAL AUTOMATION Akpojoto Akporido Siemuri ROBUST AND RELIABLE WIRELESS COMMUNICATION BETWEEN SMART NOX SENSOR AND THE SPEEDGOAT/ENGINE CONTROL MODULE A case study of Wärtsilä’s smart NOx sensor and W4L20 Diesel Engine Master`s thesis for the degree of Master of Science in Technology submitted for inspec- tion, Vaasa, 13 February, 2019. Supervisor Professor Timo Mantere Instructors M.Sc. Tobias Glocker Assistant Professor Mike Mekkanen VAASA 2019 1 ACKNOWLEDGEMENT First, I am thankful to God for His wisdom and guidance through my master’s studies. I would like to thank Professor Mohammed Elmusrati and Reino Virrankoski for the op- portunity to work on the Wärtsilä smart NOx sensor case under the Work Packet 3 (WP3 – Wireless Communication) in the Smart Energy Systems Research Platform (SESP) project. I am also thankful to Professor Kimmo Kauhaniemi and Assistant Pro- fessor Mike Mekkanen for an excellent guidance through the SESP WP3 project to its completion. I will like to mention my gratitude to Professor Timo Mantere and Tobias Glocker for an excellent supervision and guidance in achieving success in the completion of my the- sis. I am also thankful to the laboratory engineers in Technobothnia, Veli-Matti Esko- nen and Juha Miettinen, for providing all the necessary equipment and a good working environment and to Xiaoguo Storm for helping with the smart NOx/speedgoat tests in VEBIC. Thanks to Rayko Toshev, Sulaymon Tajudeen and Ibukun Odubogun for giv- ing access to the digital manufacturing laboratory in Technobothnia and providing the relevant equipment to achieve the 3D printing aspects applied in this thesis and to Sulaymon Tajudeen for assisting in the design of the models that was 3D printed. Lastly, I am thankful to everyone who supported me in any way towards the completion of this thesis. TABLE OF CONTENTS page ACKNOWLEDGEMENT 1 LIST OF FIGURES 5 LIST OF TABLES 8 ABBREVIATIONS 10 ABSTRACT 13 1. INTRODUCTION 15 1.1. Motivation 15 1.2. Objectives 16 1.3. Methods 16 1.4. Thesis Structure 17 2. INTRODUCTION OF PROTOCOLS AND MAJOR COMPONENTS 18 2.1. Controller Area Network (CAN) 18 2.1.1. The CAN Bus 19 2.1.2. CAN Standard 20 2.1.3. CAN Messages 22 2.2. Wireless Communication Protocols 24 2.2.1. Factors that affect wireless communication 25 2.2.2. Types of Wireless Communication Protocols 27 2.2.3. Bluetooth Low Energy (BLE) 28 2.2.4. Zigbee (IEEE 802.15.4) 32 2.2.5. WiFi (IEEE 802.11 b/g/a) 37 2.2.6. LoRa (Long Range) 40 2.2.7. Comparing the Wireless Communication Protocols 47 2.2.8. Choosing a Wireless Protocol 49 2.2.9. Basic Network Attacks 50 3 2.2.10. Encryption and Authentication 52 2.3. Smart NOx Sensor, Speedgoat and Engine Control Module (ECM) 52 2.3.1. Smart NOx Sensor 52 2.3.2. Acquiring data from the Smart NOx sensor 55 2.3.3. Testing the Smart NOx sensor 56 2.3.4. Calculating O2% and NOx ppm 57 2.3.5. Speedgoat and the Engine Control Module (ECM) 57 3. SMART NOX AND SPEEDGOAT WIRELESS COMMUNICATION 58 3.1. System Architecture 59 3.2. System Overview 73 3.2.1. Connecting the Smart NOx Sensor 73 3.2.2. The BLE-CAN bridge Hardware 73 3.2.3. The BLE-CAN bridge Software 76 3.2.4. The XBee-CAN bridge Hardware 78 3.2.5. The XBee-CAN bridge Software 80 3.2.6. The WIFI-CAN bridge Hardware 83 3.2.7. The WIFI-CAN bridge Software 85 3.2.8. The LoRa-CAN bridge Hardware 87 3.2.9. The LoRa-CAN bridge Software 89 3.2.10. Flowchart for codes and Viewing the CAN frames 91 3.2.11. Connecting to the Speedgoat 95 3.3. Wireless Communication Performance Measure 96 4. EXPERIMENT AND ANALYSIS 97 4.1. Details of Transmitted Payload and LCD Display for XBee-CAN Modules 98 4.2. Bluetooth Low Energy (BLE) 99 4.2.1. BLE RSSI Values 99 4.2.2. BLE Packet Loss 100 4.2.3. BLE Latency 101 4.3. XBee (IEEE 802.15.4) 101 4.3.1. XBee RSSI Values 101 4.3.2. XBee Packet Loss 102 4.3.3. XBee Latency 103 4.4. WIFI (IEEE 802.11 b/g/a) 103 4.4.1. WIFI RSSI Values 103 4.4.2. WIFI Packet Loss 104 4.4.3. WIFI Latency 105 4.5. LoRa (Long Range) 105 4.5.1. LoRa RSSI Values 105 4.5.2. LoRa Packet Loss 106 4.5.3. LoRa Latency 107 4.6. Bit Error Check for all wireless protocols 107 4.7. Security Implementation 108 4.8. Power Comsumption 108 4.9. Comparing the Wireless Solutions Based on the Analysis of Results 109 4.10. Viewing O2% and NOx ppm Values on the Speedgoat 114 4.11. SmartNOx + XBee-CAN Module Test on Wärtsilä W4L20 Diesel Engine 115 4.12. Applying Additive Manufacturing (3D printing) to the Designed Prototype 120 5. CONCLUSION AND FUTURE WORK 121 LIST OF REFERENCES 124 APPENDICES 134 APPENDIX 1. Schematic of Mikroelectronika CAN SPI click board 134 APPENDIX 2. Smart NOx, XBee-CAN Module and Speedgoat system overview 135 APPENDIX 3. LCD Display for Transmitter/Receiver Modules 136 APPENDIX 4. Sample output of transmitter and receiver code 137 APPENDIX 5. 3D printed protective casing body 138 APPENDIX 6. 3D printed protective casing covers 138 5 LIST OF FIGURES Figure 1.CAN Bus Architecture 19 Figure 2. ISO11898 Architecture 20 Figure 3. CAN 2.0A - Standard CAN Frame 11-Bit Identifier 21 Figure 4. CAN 2.0B - Extended CAN Frame 29-Bit Identifier 22 Figure 5. Arbitration on a CAN Bus 23 Figure 6. Fresnel zone illustration 25 Figure 7. Bluetooth Low Energy Frequency Channels 30 Figure 8. Zigbee Packet Structure 33 Figure 9. ZigBee Protocol Stack Architecture 34 Figure 10. Application Layer Security 36 Figure 11. Network Layer Security 36 Figure 12. Application and Network Layer Security 37 Figure 13: LoRa Packet Structure 42 Figure 14. A Simplified SX1272 Block Diagram 45 Figure 15. LoRa Network Architecture 46 Figure 16. Types of network attacks 51 Figure 17. Schematic representation of an amperometric NOx sensor 54 Figure 18. CAN frame to start heating smart NOx 56 Figure 19. Engine Control Unit of a 1996 Chevrolet Beretta 58 Figure 20. CAN Bus Module 60 Figure 21. Multiprotocol Radio Shield v2.0 61 Figure 22. Arduino UNO Rev.3 62 Figure 23. Arduino IDE 63 Figure 24. Waspmote development board 63 Figure 25. Waspmote IDE 64 Figure 26. Waspmote Expansion Board 64 Figure 27. XBee PRO Module 66 Figure 28. XBee Explorer USB 66 Figure 29. XBee PRO Module on XBee Explorer USB 66 Figure 30. XCTU tool 67 Figure 31. LoRa Module 68 Figure 32. WIFI PRO Module 69 Figure 33. Waspmote Bluetooth Low Energy module 69 Figure 34. Smart NOx sensor from Wärtsilä 71 Figure 35. Speedgoat – A performance real-time target machine 71 Figure 36. Simulink model to receive smart NOx CAN frames 72 Figure 37. Hardware setup of BLE-CAN bridge 74 Figure 38. Block diagram for the hardware setup of BLE-CAN bridge 75 Figure 39. Smart NOx sensor and BLE-CAN transmitter 77 Figure 40. BLE-CAN receiver and Kvaser Leaf Light HS v2 USB 77 Figure 41. Hardware setup of Xbee-CAN bridge 78 Figure 42. Block diagram for the hardware setup of XBee-CAN bridge 79 Figure 43. Smart NOx sensor and XBee-CAN transmitter 80 Figure 44. XBee-CAN receiver and Kvaser Leaf Light HS v2 USB 81 Figure 45. Hardware setup of WIFI-CAN bridge 83 Figure 46. Block diagram for the hardware setup of WIFI-CAN bridge 84 Figure 47. Smart NOx sensor and WIFI-CAN transmitter 85 7 Figure 48. WIFI-CAN receiver and Kvaser Leaf Light HS v2 USB 86 Figure 49. Hardware setup of LoRa-CAN bridge 87 Figure 50. Block diagram for the hardware setup of LoRa-CAN bridge 88 Figure 51. Smart NOx sensor and LoRa-CAN transmitter 89 Figure 52. LoRa-CAN receiver and Kvaser Leaf Light HS v2 USB 90 Figure 53. Flowchart for the XBee, WiFi and LoRa transmitter codes 92 Figure 54. Flowchart for the XBee, WiFi and LoRa receiver codes 93 Figure 55. Hexadecimal View of the CAN frames 94 Figure 56. Decimal View of the CAN frames 94 Figure 57. Continuously updated sliding graph for O2% and NOx ppm values 95 Figure 58. Transmitted Smart NOx Payload 98 Figure 59. RSSI Measurements for all the wireless protocol in Technobothnia 111 Figure 60. RSSI Measurements for all the wireless protocol in VEBIC 112 Figure 61. Continuously updated sliding graph for O2% and NOx ppm values 115 Figure 62. Speedgoat result when Wärtsilä W4L20 Diesel Engine is idle 117 Figure 63. Wärtsilä W4L20 Diesel Engine is running without load 117 Figure 64. Speedgoat sliding graph of the O2% and NOx ppm values 118 Figure 65. Speedgoat results for O2% and NOx ppm values 118 Figure 66. Wärtsilä W4L20 Diesel Engine is running with load 119 Figure 67. Speedgoat sliding graph of the O2% and NOx ppm values 119 Figure 68. Speedgoat results for O2% and NOx ppm values 119 Figure 69. XBee-CAN Receiver/Transmitter in 3D printed protective casings 121 8 LIST OF TABLES Table 1. Main Features of BLE that differ from standard Bluetooth 29 Table 2. BLE Radio feature 31 Table 3. LoRa Device Variants and Key Parameters taken from LoRa SX1272/73 Datasheet, Rev. 3.1. Semtech, 2017 42 Table 4. Comparing BLE, XBee, WIFI and LoRa Wireless Protocols 48 Table 5. Payload in smart NOx CAN frames 56 Table 6. Technical details of the CAN Bus Module 60 Table 7. XBee 802.15.4 Channel Number Frequency 65 Table 8. LoRa specification 68 Table 9. Main features of the BLE module 70 Table 10. NOx sensor performance specification 70 Table 11. Smart NOx sensor pin labeling 73 Table 12. BLE maximum and minimum RSSI measurement in Technobothnia 99 Table 13. BLE maximum and minimum RSSI measurement in VEBIC 99 Table 14. BLE maximum and minimum Packet Loss measurement in Technobothnia 100 Table 15. BLE maximum and minimum Packet Loss measurement in VEBIC 100 Table 16. BLE maximum and minimum latency measurement in milliseconds 101 Table 17. XBee maximum and minimum RSSI measurement in Technobothnia 102 Table 18. XBee maximum and minimum RSSI measurement in VEBIC 102 Table 19. XBee maximum and minimum Packet Loss measurement in Technobothnia 102 Table 20. XBee maximum and minimum Packet Loss measurement in VEBIC 102 9 Table 21. XBee maximum and minimum latency measurement in milliseconds 103 Table 22. WIFI maximum and minimum RSSI measurement in Technobothnia 104 Table 23. WIFI maximum and minimum RSSI measurement in VEBIC 104 Table 24. WIFI maximum and minimum Packet Loss measurement in Technobothnia 104 Table 25. WIFI maximum and minimum Packet Loss measurement in VEBIC 105 Table 26. WIFI maximum and minimum latency measurement in milliseconds 105 Table 27. LoRa maximum and minimum RSSI measurement in Technobothnia 106 Table 28. LoRa maximum and minimum RSSI measurement in VEBIC 106 Table 29. LoRa maximum and minimum Packet Loss measurement in Technobothnia 106 Table 30. LoRa maximum and minimum Packet Loss measurement in VEBIC 107 Table 31. LoRa maximum and minimum latency measurement in milliseconds 107 Table 32. Computed Battery Life of Transmitter and Receiver Modules 109 Table 33. Comparison of the wireless protocols based on the analysis of results 110 Table 34. Comparison of the values from SICK and Smart NOx sensor for the Wärtsilä W4L20 Diesel Engine for different operation modes 116 10 ABBREVIATIONS AES Advanced Encryption Standard BLE Bluetooth Low Energy BER Bit Error Rate CAD Computer Aided Design CAN Controller Area Network CBC Cipher Block Chaining dBm decibel-milliwatts DDM Direct Digital Manufacturing ECM Engine Control Module ECU Engine Control Unit IDE Integrated Development Environment IEEE Institute of Electrical and Electronics Engineers ISO International Standard Organization LCD Liquid Crystal Display LoRa Long Range mAh Milliampere hour MCP2515 Microchip ms Milliseconds NOx Nitrogen oxide O2 Oxygen OSI Open System Interconnection OTA Over the Air ppm parts per million QoS Quality of Service RSSI Received Signal Strength Indicator SAE Society of Automotive Engineers SPI Serial Peripheral Interface TCP/IP Traffic Control Protocol/Internet Protocol µA Microampere UART Universal Asynchronous Receiver/Transmitter 11 USB Universal Serial Bus VEBIC Vaasa Energy Business Innovation Centre WEP Wired Equivalent Privacy WiFi Wireless Fidelity WSN Wireless Sensor Network ZC ZigBee Coordinator ZDO ZigBee Device Object ZED ZigBee End Device ZR ZigBee Router 12 13 ______________________________________________________________________ UNIVERSITY OF VAASA School of Technology and Innovation Author: Akpojoto Siemuri Topic of the Thesis: Robust and Reliable Wireless Communica- tion Between the Smart NOx Sensor and the Speedgoat/Engine Control Module Supervisor: Professor Timo Mantere Instructors: M.Sc. Tobias Glocker Assistant Professor Mike Mekkanen Department: Department of Computer Science Degree: Master of Science in Technology Degree Programme: Wireless Industrial Automation Year of entering the University: 2016 Year of completing the thesis: 2019 Number of pages: 138 ______________________________________________________________________ ABSTRACT In recent years, the industrial applications of the wireless transmission of data acquired through sensors have been growing. Addressing the challenges or requirements that come with this needs the integration of new product designs and manufacturing tech- niques with automation devices. Factors like development time, security, reliability, transmission in an industrial environment, data rate, battery life with energy harvesting capabilities, etc. are of major concerns. This thesis is based on the Wärtsilä smart NOx sensor case study which investigates the possibility of replacing the existing wired CAN bus connection between the smart NOx sensor and the rapid control prototyping system speedgoat and possibly in the future the Engine Control Unit (ECU) with a wireless communication solution. The designed pro- totype would wirelessly transmit the smart NOx sensor data. The smart NOx sensor data is received using a CAN bus integrated with a wireless transmitter module. The wireless receiver module receives the data and then relays the CAN frames through an integrated CAN Bus to the speedgoat. A matlab simulink module has been programmed into the speedgoat to receive the CAN frames, calculate O2% and NOx ppm values and display the results on a monitor connected to the speedgoat. Criteria like transmission in indus- trial environments, packet loss, RSSI, bit error rate, reliability and security of the wire- less solution are analyzed. According to the analysis done and best practices, a wireless solution is recommended and implemented. The wireless-CAN prototype is installed on the Wärtsilä W4L20 diesel engine in VEBIC for monitoring and observation. ______________________________________________________________________ KEY WORDS: BLE, CAN Bus, Engine Control Module (ECM), LoRa, RSSI: Received Signal Strength Indicator, Smart NOx sensor, Speedgoat, Wi-Fi, Wireless Communication, ZigBee 14 15 1. INTRODUCTION Modern industries’s rapid development and increase in the economics of scale leads to production and industrial automation. These brings about the need to transfer data and the integration of data. This can be achieved using wireless communication, therefore, analysis of some well-known wireless communication solutions is crucial in achieving reliable and flexible data transfer. (Gao, Huang, Chen, Jin, & Luo 2013.) Wireless connectivity offers multiple advantages such as easy installation and mainte- nance, better flexibility and scalability and long communication range. However, wire- less communication introduces new challenges and risks such as noise and interference which might cause transmission errors, delays or connection drops. It is also prone to malicious attackers that might attempt to spy, hack into to controls or interfere with and jam communications. Therefore, careful considerations and field testing is required to verify if a wireless solution can deliver the expected robustness and security compared to the wired solution. 1.1. Motivation The approach taken in this thesis is based on the case study of Wärtsilä’s smart NOx sensor. They are interested in limiting hard wire cabling and possibly moving to wire- less communication between the sensors and the speedgoat or Engine Control Module (ECM). In our case study, the smart NOx sensor is connected to the engine control unit (ECU) with a wired CAN bus connection. Data is transmitted using SAE J1939 protocol which is built on top of CAN Networks. SAE J1939 is developed specifically for use in heavy duty environments, with an emphasize on achieving reliable and fault tolerant communications. 16 1.2. Objectives This thesis investigates the possibility of replacing the existing wired CAN bus connec- tion between the smart NOx sensor and the rapid control prototyping system speedgoat and possibly in the future the Engine Control Unit (ECU) with a wireless communica- tion solution. For the purpose of comparison, some wireless protocols are implemented and analyzed with the aim of coming up with recommended wireless solutions. These recommendations mut achieve and agree with some criteria like transmission in indus- trial environments, packet loss rate, RSSI, bit error rate, reliability and security of the wireless solution etc. Guidelines: The designed prototype should wirelessly transmit the smart NOx sensor data. The smart NOx sensor data is received using a CAN bus integrated to a wireless transmitter module. The wireless receiver module receives the data and then relays the CAN frames through integrated CAN Bus to the speedgoat. A matlab simulink module has been programmed into the speedgoat to receive CAN frames, calculate O2% and NOx ppm and display the results on a monitor connected to the speedgoat. Specifications: According to the prototype design plan, the following are to be consid- ered; development time, overall cost, transmission in industrial environment, transmis- sion rate, battery life with energy harvesting capabilities and low energy consumption, lifetime of the technology, future prospect of the technology, backwards compatibility of the technology and the feasibility of implementing the solution as a final product. 1.3. Methods The smart NOx is connected to the CAN bus at the transmitter side. The CAN bus is interfaced with the wireless device (BLE, ZigBee, WiFi and LoRa) over an expansion board or multi-protocol radio shield which allows for connection of two communication modules at the same time. The hardware setup is programmed to read the data coming from the smart NOx sensor through the CAN bus and transfer the data through SPI to the wireless module for wireless transmission to the receiver side. At the receiver side, 17 the device is programmed to transfer the data received by the wireless module to the CAN bus and then the data is sent from the CAN bus to the speedgoat which is connect- ed to it. Each wireless solution is implemented separately in turns and analyzed. To achieve this, measurements such as Receiver Signal Strength Indicator (RSSI), packet delivery rate, bit error rate, and latency were taken and used for comparing the imple- mented wireless protocols. 1.4. Thesis Structure This thesis has five chapters. Chapter 1 introduces the research topic presenting the ob- jective and motivation of this thesis as well as the methods used. Chapter 2 presents the theoretical review of how the smart NOx sensor and the speedg- oat works. It also presents the Control Area Network (CAN) protocol with details about the CAN standard and its features and the selected wireless communication protocols. The wireless communication protocols used in this thesis includes BLE, LoRa, WiFi and ZigBee. A comparison of the wireless communication protocols in terms of fre- quency, range, maximum data rate, power sources options and most appropriate uses of the wireless solution is done. Chapter 3 presents the description of the thesis topic and how the wireless communica- tion between the smart NOx sensor and the speedgoat can be achieved for each of the wireless solution. Chapter 4 describes the interfacing of the smart NOx sensor and the speedgoat to each wireless module using an external CAN bus. It also presents simula- tion and analysis of the results obtained for each wireless protocol as well as specific measurements such as latency, delivery rate and bit error rate, etc. The research conclu- sion, recommendations and possible future study based on the results in chapter 4 are presented in chapter 5. The appendix contains the pictures of the hardware implementations done as well as extracts from the codes used in programming the transmitter and receiver wireless CAN communication modules. 18 2. INTRODUCTION OF PROTOCOLS AND MAJOR COMPONENTS This chapter presents the theoretical background of the communication protocols used as well as the major components and principles applied in this thesis. Section 2.1 intro- duces the control area network, section 2.2 introduces the wireless protocols used in the thesis work and section 2.3 briefly presents other components like the smart NOx sen- sor, speedgoat and Engine Control Module (ECM). 2.1. Controller Area Network (CAN) Unlike USB or Ethernet that sends large blocks of data point-to-point from a node A to node B with supervision from a central bus master, CAN network broadcast several short messages like temperature reading, or RPM to the entire network. This provides data consistency in every node of the system. The controller area network (CAN) is suitable for the various high-level industrial protocols embracing CAN and the ISO 11898:2003 standard as their physical layer. It has tremendous flexibility in system de- sign due to its cost, performance, and upgradeability. (Texas Instrument 2016.) CAN is a solution for automation industries and the CAN protocol is used in systems that need to transmit and receive a small amount of data with real-time requirements. CAN protocol has been stipulated as an international standard by 150 International Standard Organizations. (Wan, Xing & Cai 2009.) CAN transmits signals on the CAN network using two wires, CAN-High and CAN- Low. These 2 wires operate in different mode carrying inverted voltages which decrease noise interference. The standard being used determines the voltage level and other char- acteristics of the physical layer. The two standards are the ISO11898 (CAN High Speed) standard and the ISO11519 (CAN Low Speed) standard. (Nilsson 2018.) The international standard ISO11898 definition of CAN bus state that, it is a fully digi- tal field control devices connection bus, which can efficiently support the serial com- 19 munication of distributed control and real-time systems. CAN bus is widely used with sensors for data acquisition, industrial control systems and is an instrument with high reliability and flexibility. (Texas Instrument 2016.) 2.1.1. The CAN Bus Robert Bosch developed the automotive CAN Bus. It is a multi-master message broad- cast system that gives a maximum signaling rate of 1 Megabit per second (Mbps). Au- tomotive components use it to communicate on a single or dual-wire networked data bus. CAN is a serial bus protocol used to connect individual systems and sensors and it is an alternative to conventional multi-wire looms. (Texas Instrument 2016.) Figure 1. CAN Bus Architecture (Github 2018). R L R L CAN Bus Line CAN Low CAN High 20 Figure 1 shows the CAN Bus Architecture. The maximum signaling rate of 1Mbps is achieved with the High-Speed ISO11898 standard specifications having a bus length of 40m and maximum of 30 nodes. The cable could be a shielded or unshielded twisted- pair having a 120-Ω resistor at each end. This standard uses a single line of twisted-pair cable as the network topology as presented in figure 1. A 120-Ω resistors is used to ter- minate both ends matching the characteristic impedance of the line to prevent signal re- flections. Using RL on a node should be avoided based on the ISO 11898 because the node will be disconnected from the bus and the bus lines would lose termination. (Texas Instrument 2016.) 2.1.2. CAN Standard The ISO 11898:2003 CAN communication protocol gives details on how information is transmitted from one device to another on a network and comply with the Open System Interconnect (OSI) model. The Open System Interconnect (OSI) model is defined in terms of layer where the physical layer of the module defines the actual communication between devices connected by the physical medium. The last two layers of the OSI/ISO model’s seven layers are defined by the ISO 11898 architecture as the data-link layer and the physical layers respectively as shown in figure 2. (Texas Instrument 2016.) Figure 2. ISO11898 Architecture (Github 2018). 21 Choosing between the Standard or Extended CAN Message Frames are used to transmit and receive data in the CAN system. The Message frames carry data from a transmitting node to one, or more, receiving nodes. The Mes- sage Frame formats supported by CAN protocol are the Standard CAN (CAN 2.0A) which uses 11-bit identifiers and the Extended CAN (CAN 2.0B) which uses 29-bit identifiers. The “standard” 11-bit identifier, providing 211 or 2048 different message identifiers and the “extended” 29-bit identifier, providing 229 or 537 million identifiers. However, both provide signaling rates from 125kbps to 1Mbps. (Texas Instrument 2016.) Standard CAN (CAN 2.0A) 11-bit identifiers. Figure 3. CAN 2.0A - Standard CAN Frame 11-Bit Identifier. The standard CAN frame in figure 3 consists of the following bit fields: SOF – Start of Frame, Identifier – the standard CAN 11-bit identifier , RTR – Remote Transmission Request (RTR), IDE – Identification extension (IDE), r0 – Reserved bit, DLC – data length code, Data – allows up to 64bits (8bytes) of data to be sent, CRC – 16-bits (15- bits plus delimiter) cyclic redundancy check (CRC) containing the checksum used for error detection, ACK – Acknowledge bit, EOF – End of Frame bit has 7-bits and marks the end of a CAN frame (message) and disables bit stuffing and IFS – 7-bits interframe space bit contains the time required by the controller to move a correctly received frame to its appropriate position in a message buffer area. (Texas Instrument 2016.) 22 Extended CAN (CAN 2.0B) 29-bit identifiers. Figure 4. CAN 2.0B - Extended CAN Frame 29-Bit Identifier. The Extended CAN in figure 4 is the same as the standard CAN message in figure 3, however, the Extended CAN message has additional bit fields such as: SRR – Substitute remote request (SRR) bit. It replaces the RTR bit in the standard message location as a placeholder in the extended format, IDE – When we have a recessive bit in the identifier extension (IDE), this implies that additional identifier bits follow the IDE of the 11-bit identifier, that is, the 18-bit extension which follows the IDE. It is an additional reserve bit included ahead of the DLC bit. (Texas Instrument 2016.) Most CAN 2.0A controllers transmit and receive only Standard format messages, alt- hough some (known as CAN 2.0B passive) will receive Extended format messages but then ignore them. However, CAN 2.0B controllers can send and receive messages in both formats. (Texas Instrument 2016.) The CAN Message Frame format used in this thesis was determined by the smart NOx sensor used. The smart NOx sensor has an Extended CAN ID of 0x18FEDF00. 2.1.3. CAN Messages CAN messages can be said to be contents-addressed, that is, the content of the message implicitly determines their address. The messages are short – maximum utility load of 94 bits with no explicit address in the message. (Kvaser 2018a.) 23 CAN transmits message signals on the CAN network using two wires, CAN-High and CAN-Low. In a scenario of several sensors (nodes) need to send their data, the CAN bus implements a message priority identifier. The message with higher priority (lower binary message identifier number) wins the bus access. The bus access is a random event-driven process and if two nodes try to occupy the bus simultaneously, access is implemented using a nondestructive, bit-wise arbitration. Nondestructive implies that the node that wins the bus access continues with its message transmission without the message being destroyed or corrupted by the other nodes. The priority allocation feature makes CAN to be attractive in its application to real-time control environment. (Texas Instrument 2016.) CAN controller uses an arbitration process to handle the message transmission priority as each node continuously monitors its own transmissions. For example, in figure 5 node B's recessive bit is overwritten by node C’s higher priority dominant bit and node B detects that the bus state does not match the bit that it transmitted, therefore it pauses its transmission allowing node C to continue with transmitting its message. Node B then makes another attempt to transmit its message when node C has completed its message transmission and the bus is free. This functionality is present entirely within the CAN controller as it is part of the ISO 11898 physical signaling layer and it is completely transparent to a CAN user. (Texas Instrument 2016.) Figure 5. Arbitration on a CAN Bus (Texas Instrument 2016). 24 On a CAN bus, the CAN message/frames are of four types namely data frame, remote frame, error frame, and overload frame. They are not discussed here in details as they are not part of the scope of the research. (Kvaser 2018b.) The CAN Bus is a reliable and robust bus because of its error handling capability. The CAN protocol uses five techniques of error checking. It uses three at the message level and two at the bit level. A message that fails any one of these error detection techniques is not accepted leading to the generation of an error frame from the receiving node. When this happens, the transmitting node is forced to retransmit the message until it is received correctly. However, for a faulty node that hangs up a bus when its continuously in error, its ability to transmit is disabled by its controller when an error limit is reached. 2.2. Wireless Communication Protocols In this chapter, some available wireless solutions being used to connect remote sensors and devices to a central monitoring system are analyzed. These wireless solutions can be applied in several areas, however, selecting the right solution and using it in the right application is very crucial and can be a tough task having several associated risks. All wireless communication comprises of the following components; a transmitter, re- ceiver, antennas, channel, and the environment. The transmitter sends signals to an an- tenna for transmission and the radio transmitter encodes data in RF waves having signif- icant signal strength (power output) to transmit the signal to a receiver. The receiver collects and decodes the data arriving at the receiving antenna. At the receiver, assigned RF signals are received and decoded while discarding the unwanted signals. Different radiation patterns are generated by antennas depending on their design and application. The antenna also has a gain which is a measure of how much energy is focused in a di- rection. (DIGI 2016.) In describing the wireless communication environment or path, there are two types of LOS generally used namely Visual LOS – which is the ability to see from one point to the other. A straight linear path between two points is required. RF LOS – this need not 25 only visual LOS, but also requires a Fresnel zone (football-shaped path) that has no ob- stacles so that data can travel optimally from point A to point B. The Fresnel zone can be assumed to be a tunnel between two sites that provide a path for RF signals as illus- trated in figure 6. (DIGI 2016.) Figure 6. Fresnel zone illustration (Frolic 2016). 2.2.1. Factors that affect wireless communication Wireless applications typically require burst transmission, reduced overhead, and they use a very small amount of data per node, therefore, the bandwidth is not the main re- quirement. Some applications require coverage of large areas; reliability, availability, bounded latency for real-time behavior and energy efficiency as some key performance indicators. (Khan & Turowski 2016.) Industrial environments differ significantly when compared to the office and home envi- ronments. Certain challenges exist like high temperatures, very high airborne particu- lates, multiple obstacles and long distances between equipment and systems, making it hard to place and get access to sensors, transmitters, and other data communication de- vices. These and several other factors make setting up of data communication channels that is reliable, long-lasting, and cost-effective, a rare, complex, and costly challenge. 26 From past surveys, according to B&B Electronics, for several reasons such as noise, channel interference, and signal echo etc, wireless I/O has typically not performed well enough to endure the harsh demands of industrial applications (Advantech B+B SmartWorx 2018.) The typical open radio frequencies such as the 900 MHz and 2.4 GHz are used in recent wireless data communication applications and can go through office cubicles walls, drywall, wood and other materials which are found in homes or offices. However, they are usually deflected by larger objects, metals, and concrete. As a result, it can change the data signal path returning it to the original transmitter and thereby resulting in an “echo” or “multi-path”. In the first-generation wireless systems, this led to the cancella- tion of the transmission as the system becomes confused with this type of bounce inter- ference. This resulted in a state called “radio null” and prevents data communication. In the case of noise, large motors create electromagnetic emissions while heavy equip- ment, high power generation, and usage, and other typical industrial machinery can generate very high levels of “noise” which in turn interferes with early wireless equip- ment. In these “noisy” environments, transmitters and remote nodes were unable to communicate with each other, resulting in frequent data loss. (Advantech B+B Smart- Worx 2018.) The radio frequency space becoming very crowded has led to the challenge of channel sharing and interference. This means that the frequency spectrum approved by the FCC were shared amongst many devices, which includes the devices using IEEE 802.11 and IEEE 802.15.4. This resulted in frequent data mix up as receivers and nodes received and transmitted information on the same channel as the other devices in the area. The wide distances between the central control systems and remote sensors made it not fea- sible for the early wireless systems with ranges of several hundred feet or more to allow communication. The era of wireless communication also created many security issues and it continues to require a high level of counter-measures to ensure the safety of data and business systems. (Advantech B+B SmartWorx 2018.) 27 There are modulation and transmission schemes that have been developed to cater for the effects of these challenges and interference. The two most optimum to look for are FHSS (Frequency Hopping Spread Spectrum) which requires narrow bandwidth. In this scheme, data is transmitted through a single channel at a time, but the channel is con- stantly and rapidly changing or hopping. However, for DSSS (Direct Sequence Spread Spectrum), this scheme requires large bandwidth. Data is transmitted simultaneously over every available channel, this makes it a bit more reliable in noisy environments. (Advantech B+B SmartWorx 2018.) 2.2.2. Types of Wireless Communication Protocols It is important to take caution when designing wireless networking systems, all wireless transmitters, nodes and equipment most support the same transmission scheme. There are many proven wireless standards out there that can be implemented and developed into a design that takes into consideration the features like signal reliability, security, distance, speed, and efficiency. Trying to find out the best solution would depend on where it is to be applied and the needs involved. The wireless protocols available has its uses and advantages. Identifying the one that suits your application in a given industrial application begins with finding the best match for packet delivery rate, number of de- vices, distance, data rates, cost, power consumption, and most importantly reliability and security. (DIGI 2016.) There are different communication technologies aimed at low power and wireless IoT communication and there are categorized into two namely: Low Power Local Area Networks which has less than 1000 meters range. This category includes IEEE 802.15.4 (for example, ZigBee), WiFi and Bluetooth/BLE, etc., applica- ble directly in short-range personal area networks, body area networks and if well orga- nized in a mesh topology, also in larger areas. Low Power Wide Area Networks has a greater coverage range than 1000 meters are es- sentially low-power versions of cellular networks, with each “cell” covering thousands 28 of end-devices. These include LoRa (LoRaWAN), and protocols, like Sigfox, DASH7, etc. Sections 2.2.3 to 2.2.6 presents some of the most industrially relevant wireless protocol options with some corresponding pros and cons. 2.2.3. Bluetooth Low Energy (BLE) Bluetooth is first briefly discussed before presenting the BLE protocol. Bluetooth wire- less communication protocol technology with is a short-range and a frequency range of 2.4 to 2.485 GHz made as a substitute for wired connections and applied in many devic- es such as headphones, and speakers, etc. It was created by Ericson Mobile in 1994 as a substitute for wired cables and its spread spectrum technology is frequency-hopping based. This also means that devices keep their link preserved even when there is no data flow. When the device goes to sleep it is in Sniffer mode which reduces power consumption and provides up to several months of battery life even at Peak transmit current of typically around 25mA. Bluetooth con- sumes a significantly small amount of power than other radio standards, but it is howev- er not low enough for smaller battery cells like the coin battery cells and energy harvest- ing applications. (Bluetooth SIG 2018a.) Bluetooth Low Energy is a short-range wireless protocol used for applications that does not require handling large amounts of data (throughput) and can therefore remain on battery power for years. BLE is made to provide considerably reduced power consump- tion, and low cost while maintaining very similar communication range to standard Bluetooth; otherwise known as, radio coverage. However, BLE is not backward- compatible with previous Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR) proto- col sometimes referred to as "classic". The Bluetooth 4.0 specification permits devices to implement either or both LE and BR/EDR systems. (Adafruit Industries 2018.) BLE does not have data throughput because BLE does not support streaming data. When a connection has been established (paired), BLE spends most of the time in sleep 29 mode waiting to send or receive the next set of device status information referred to as ‘expose state’, such as the Battery Level. It has a data rate of 1Mbps which allows for quick data transfer of small chunks or data packets (kB), exposing the state of the device to retrieve the information. The status update interval rate delay can be programmed from 7ms up to 4s between data polls. Once data has been transferred, a few millisec- onds, the BLE goes back to sleep to conserve battery; whereas, standard Bluetooth stays on the entire time even when information is not being transferred. (Adafruit Industries 2018.) The main features of BLE that differ from standard Bluetooth are described in table 1. Table 1. Main Features of BLE that differ from standard Bluetooth. Features Details The PHY or physical layer has parts that were derived from the Blue- tooth Radio Advertising altered to simplify the discovery and con- nection Asynchronous connection-less MAC used for fast transactions with low laten- cy, (e.g. 3ms from start to finish) Generic Attribute Profile (GATT) has been simplified between the devices and software Asynchronous Client / Server archi- tecture redesigned to have the lowest cost and ease of implementation BLE was designed for exposing state of devices and retrieving the infor- mation data can be read at any time by a client, such as a Smartphone App; it’s good at small, discrete data transfers and data can be triggered by local events Figure 7 shows a graphical representation of the frequency spectrum used on BLE. 30 Figure 7. Bluetooth Low Energy Frequency Channels (Argenox Technologies 2018). BLE Security - Bluetooth Core Specification provides several features to ensure data encryption, data integrity and data privacy. The first feature is a pairing mechanism in which the devices participating in the communication exchange information about their identity to set up trust and prepares an encryption keys for future data exchange. The second feature is the public/private key generation which is performed by the Host on each low energy device independent of any other device and each device involved in pairing contributes to the generation of the Secure Connection Key. BLE uses the third feature called AES-CCM cryptography which generates a 128-bit data encryption algo- rithm for the encryption of data. The fourth feature is the signed data where BLE uses a Message Authentication Code generated by the signing algorithm and a counter to se- curely send authenticated data over an unencrypted communication channel. Lastly, the fifth feature is privacy in which the ability to track a LE device over a period of time is reduces as a result of the frequent changing address of the BLE device. This frequently changing address is referred to as the private address and it can be resolved by the trust- ed devices. (Bluetooth SIG 2018b.) Some essential BLE Radio features are described in table 2. 31 Table 2. BLE Radio feature. Features Description Range ~150m open field. Increased modulation index provides a larger range > 100m Output Power ~10mW (10dBm) Max Current ~15mA Latency allows an application to form a connection and then transfers the authenticated data within a few milliseconds Topology Star configuration allows for one-to-many connections Data Transfers data packets (8 octet min up to 27 octets max) are transferred at 1 Mbps Connections > 2 billion devices use a 32-bit access address on every packet Modulation GFSK @ 2.4 GHz ISM Band for all Data Transfers Robustness Adaptive Frequency Hopping, 24-bit CRC on all packets ensuring the robustness Security 128bit AES CCM provide strong encryption and authentication of data packets Sleep current ~ 1µA Modes Broadcast, Connection, Event Data Models Reads, Writes Sniffer advanced sniff-sub rating achieves ultra-low duty cycles, conserving battery life Pros – This wireless solution has a lower power requirement in the market compared to other design such as the WiFi, LoRa and ZigBee. It also has, when compared, the low- est cost, and perhaps has the fastest development platform available. Cons – Since it is designed for low energy, the communication rate was not a factor in the design, so in- formation is only transmitted in small bursts of data; of course, this could be considered a ‘Pro’ or an advantage depending on the specific use of this technology. (Advantech B+B SmartWorx 2018.) 32 2.2.4. Zigbee (IEEE 802.15.4) Another short-range wireless protocol is the ZigBee, which is a standard for personal- area networks developed by ZigBee Alliance aiming at providing a low cost, low power consumption, reliable and two-way wireless communication standard for short-range applications. ZigBee is a decentralized network which is very similar to the internet and having support for self-healing mesh networking. It allows the nodes to find new routes throughout the network when one route fails, thereby making it a robust wireless solu- tion. (Texas Instrument 2013.) ZigBee was designed by ZigBee Alliance with the purpose of providing low-cost, low- power consumption, two-way and reliable wireless communication standard for short- range applications. It is a personal area network standard that is completely open and was ratified by the Institute of Electrical and Electronics Engineer (IEEE) in 2003. It has a protocol stack based on the IEEE 802.15.4 standard and has advantages such as long battery lifetime, supports many nodes (up to 65000) in a network, ease of deploy- ment, low-cost, and global usage. (ZigBee Alliance 2012.) The ZigBee stack architecture has four layers namely Physical Layer (PHY), Medium Access Control Layer (MAC), Network Layer (NWK) and Application Layer (APL). Each layer is applied to a specific set of services for the previous layer above. A data entity provides a data transmission service and a management entity provides all other services. The first two layers namely the Physical Layer (PHY) and Medium Access Control Layer (MAC) are defined by the IEEE802.15.4-2003 standard, while the Net- work Layer (NWK) and the frame for the application layer, which consist of the Appli- cation Support sub-layer (APS) and the ZigBee device objects (ZDO), are built by the ZigBee Alliances. (ZigBee Alliance 2012.) Figure 8 shows the ZigBee packet structure. 33 Figure 8. Zigbee Packet Structure (Zybuluo 2018). ZigBee operates on two separate frequencies ranges, 868/915 MHz and 2.4 GHz. The lower frequency PHY layer covers the 868 MHz European band and the 915 MHz band which is used in counties like the United States and Australia. The higher PHY layer frequency is used worldwide. (ZigBee Alliance 2012.) ZigBee protocol supports 3 nodes types namely ZigBee Coordinator ZC, ZigBee Router (ZR) and ZigBee End Device (ZED). The ZC initiates the network, protects it and gen- erates the control functions needed. After the initiation of the network, the PAN coordi- nator works as a ZigBee Router (ZR). If the network is operating in the beacon-active mode, the ZC periodically sends beacon frames to be able to synchronize the rest of the network. While in cluster free topology, all the ZRs receive beacons from their parents and sends their own beacons to the nodes in their cluster. The ZR directs the data de- tected to the sink node. It can perform a multiple node hooping role and does this by having a relation to the ZC or ant previous ZR. The ZED serves one purpose only and that is, being normal nodes without any routing features. (Vançin & Erdem 2015.) Figure 9 shows the outline of the ZigBee stack architecture. 34 Figure 9. ZigBee Protocol Stack Architecture (3dfury 2012). The topologies used by ZigBee are star, tree and mesh as shown in figure 12. The tree topology in figure 12 is suitable for wireless sensor networks due to its low power con- sumption and cost. Its power protection process is provided by the IEEE802.15.4/ZigBee Mac frame. However, it has drawbacks related to restrict routing process and band usage and any disconnection in the tree topology bring delay in data flow and a heavy workload is created in the recovery process. This topology is better than mesh topology with respect to usage of memory since a single rout is used from the 35 source node to the destination node and the excess memory is not saved. (Vançin & Er- dem 2015.) The star topology has a communication structure that is centrally managed with its ar- chitecture based on a central node. The ZEDs do not interact with each other directly but communicate with each other through the ZC in the center. The ZC has a PAN ID that is not defined in any other ZigBee network in the environment. However, since the star topology consumes battery power rapidly because it points towards the center and the ZigBee clustering is cumbersome while addressing large-scale networks, it is not suitable for wireless sensor networks. The mesh topology is more power efficient when using batteries than the star topology. It is a centralized structured topology were any node can reach other nodes in the network and communicate directly, thereby, giving the network high flexibility but also introduces the complexity of end-to-end communi- cation. (Vançin & Erdem 2015.) ZigBee finds its application in the following areas such as Building Automation, Health Care, Home Automation, Input Devices, Remote Control, Retail Services and Smart Energy and Telecom Services. (ZigBee Alliance 2012.) ZigBee Security The three security modes supported by ZigBee standard are residential security which requires a network key to be shared among the source and destination devices, the standard security which adds several optional security enhancements over the residential security, including an APS layer link key and the high security which adds entity au- thentication and other features not widely supported. ZigBee security is divided into two levels. The application layer security and the net- work layer security. The AES-128-bit encryption algorithm is used for the security. The security is used to ensure message integrity, confidentiality and entity authentication. (Mukherji & Sadu 2016.) 36 Application layer security - The APS layer security is used to encrypt the application data using a key that is shared between source and destination devices. APS security is optional and provides end-to-end security using APS key that is known only to the source and destination devices, whereas, network layer security is applied to all the data transmission and is decrypted and re-encrypted on a hop-by-hop basis. When the APS security is enabled, the data are encrypted as shown in figure 10 below. (DIGI 2018.) Figure 10. Application Layer Security (DIGI 2018). Network layer security - The network key is used in encrypting the APS layer and ap- plication data. Apart from encrypting application messages, network security can also be applied to route request and reply messages, APS commands, and ZDO commands. However, network encryption is not applied to MAC layer transmissions such as beacon transmissions. When you enable security on a network, all the data packets are encrypt- ed with the network key as shown in figure 11 below. (DIGI 2018.) Figure 11. Network Layer Security (DIGI 2018). 37 The packets encrypted by network layer key are encrypted and decrypted by each hop in the network. On receiving a packet with network encryption, the receiving device will decrypt the packet and authenticate the packet. If the device is not the expected destina- tion, it encrypts the packet using its details and sends to the next hop. (DIGI 2018.) Application and Network layer security - Applying both application and network lay- er security at the same time is possible. Figure 12 demonstrates the authentication and encryption performed on the final Zigbee packet when both are applied. (DIGI 2018.) Figure 12. Application and Network Layer Security (DIGI 2018). Pros – It is much more power efficient when compared to WiFi and Bluetooth as a re- sult of its advanced sleep and sniffs capabilities. It operates with an even smaller physi- cal footprint than Bluetooth and has a higher penetrating power. Cons – ZigBee's poor interoperability is a disadvantage as well as its low data rate of 720 kbit/s. It is relatively unpopular and efforts are still been made by hardware developers to improve its archi- tecture. (Advantech B+B SmartWorx 2018.) 2.2.5. WiFi (IEEE 802.11 b/g/a) Wireless fidelity (WIFI) is a wireless networking technology which utilizes radio waves to provide a wireless high-speed internet and network connections. 38 The IEEE 802.11 (b/g/a) standards are presented as follows. The IEEE 802.11b has an operating frequency of 2.4GHz radio spectrum with a range of 100 -150 feet. It is the most popular and least expensive. Since 802.11b uses the same unregulated radio sig- naling frequency (2.4 GHz) as original 802.11 standard 802.11b devices can have inter- ference from other appliances using the same 2.4 GHz range such as microwave ovens and cordless phones, etc. However, when you install 802.11b devices with an adequate distance from other appliances, the interference can easily be avoided. The IEEE 802.11a standard is less popular and has an operating frequency of 5GHz with a shorter range of 50 -75 feet due to its higher frequency. It is more expensive and is not compat- ible with 802.11b. 802.11a supports bandwidth up to 54 Mbps. Its higher frequency also implies that 802.11a signals penetrate walls and other obstructions with more difficulty. IEEE 802.11g combines the features of both 802.11b and 802.11a with a range of 100 - 150 feet and operates at a radio frequency of 2.4GHz. It is compatible with 802.11b. (Symmetry Electronics 2018.) When connected to the internet, WiFi gives a full TCP/IP stack. The integration of WiFi to most technologies of today such as laptops, smart phones, tablets and TVs makes it a well-established standard. Most WiFi networks operate on the 2.4 GHz band. It has a capability of operating at 5 GHz giving clearer signal with more channel space. Howev- er, the range of 5 GHz is shorter than 2.4 GHz, which is why the 2.4 GHz is often used in homes. Power consumption of WiFi has been an issue making it not efficient for IoT devices, however, this issue can be negligible when the WiFi module is combined with a powerful microprocessor making it capable of consuming power less than other mod- ules like the 433 MHz. (Darshana, Wilkie & Irvine 2016.) WiFi is not usually utilized in the building IoT nodes due to its high-power consump- tion interfaces. It consumes 40 times the power during transmission and 10 times more than a Bluetooth Low Energy node when receiving. New technologies like WiFi and 4G-LTE internet access has contributed to the growth of the information communica- tion network. The IP addresses and the domain names are the fundermental assets of Internet used to identify and get the position of the networking equipment in the Inter- 39 net. However, services like information retrieval become important infrastructure of In- ternet to maintain all applications of Internet. (Walia, Kalra, & Mehrotra 2016.) Three main reasons why WiFi networks do not support sensor networks sufficiently are first lack of power saving mechanisms - The peculiar energy constraints of sensor net- works are not considered in the IEEE 802.11 standard; energy saving mechanisms spe- cially designed for these types of devices are not included in the standard, secondly us- ing unsuitable bands - Based on their short wireless range and high obstruction losses, current WiFi bands need to make use of intermediate nodes which makes the network more complex. Implicitly, this means that there is a lack of an implementation of a band in the IEEE 802.11 standardized that will be suitable for low-rate and long-range net- works and lastly, availability of low-cost alternatives - Due to the low usage of WiFi for data communication between low-capability and battery-powered nodes, there has been a rise in the development of low power alternatives such as IEEE 802.15.4, 6LoWPAN, Zigbee, and sub-1GHz proprietary protocols, all referred to as WSNs. (Adame, Bel, Bellalta, Barcelo & Oliver 2014.) WiFi finds its application in several areas such as military and aerospace, medical elec- tronics, network and server equipment, automotive car electronics, industrial and home networking and mobile phones, etc. WiFi Security - The WiFi network security requirements can be categorized into three main components, first is authentication which involves user authentication and server authentication and second is integrity involving the maintenance of the accuracy and consistency of data and the third is privacy. Security ensures message integrity and con- fidentiality. WiFi network makes use of certain encryption algorithms to provide securi- ty, allowing the control of who connects, and privacy, preventing unauthorized persons to read the transmitted data. During wireless communication, to ensure maximum secu- rity the network should include only devices with the latest security technology. It can use the AES-128-bit encryption algorithm to provide security. Others include SSL3/TLS1, HTTPS, RSA, AES-256, 3DES, RC-4, SHA-1, MD-5, WEP, WPA and WPA2 accelerated in hardware: AES, 3DEC and SHA. (Lin 2014.) 40 Pros – This is the typical method of networking for businesses, homes, and offices. WiFi is widely used for its high data transfer rates between 12MB/s up to 54 MB/s. It provides advantages like mobility, ease of installation, flexibility, cost, reliability, secu- rity, use unlicensed part of the radio spectrum, roaming and speed. Cons – However, complying with this standard requires excessive overhead in relations to power con- sumption, processor resources, short range (160m max), software, and the physical component size, making it less than effective in most situations. (Advantech B+B SmartWorx 2018.) 2.2.6. LoRa (Long Range) LoRa is a “Long Range” wireless communication protocol marketed by LoRa Alliance. LoRaWAN uses the MAC layer protocol to provide a medium access control mecha- nism which enables many end-devices to communicate with a gateway making use of a proprietary LoRa modulation. However, the LoRaWAN is an open standard that is be- ing developed by LoRa Alliance. LoRa is a new, private spread-spectrum modulation technique that allows sending data at extremely low data rates to extremely long ranges. The low data rate, which goes down to few bytes per second, and LoRa modulation lead to very low receiver sensitivity as low as -134dBm, which when combined to an output power of +14dBm implies extremely large link budgets of up to 148dB. This implies more than 22km (13.6 miles) in LOS links and up to 2km (1.2miles) in NLOS links for urban environment which can go through buildings. LoRa uses the Sub-1 GHz spec- trum, that is, the 900MHz ISM band in the U.S. and the 868MHz ISM band in Europe, to provide the long-range connectivity. (LoRa Networking Guide 2017.) LoRa was originally designed for IoT slow sampling rate, long distance communication. The LoRaWAN defines the Data Link (DL) layer above the Physical Layer (PHY) de- fined by LoRa radio. LoRaWAN has a good scalability, cellular architecture and central coordination function. These two-parted systems can work together when several sensor nodes are involved. The physical layer is implemented using LoRa that exploits the Chirp Spread Spectrum (CSS) modulation using specialized transceivers. The chirp symbol can encode a variable number of bits represented by Spreading Factor (SF). A 41 Forward Error Correction (FEC) is also implemented as a Hamming Code H (M, K) where M= {5, …, 8} is the codeword length and K=4 is the block length. The Lo- RaWAN defines the coding rate as CR=K/M and the typical chirp bandwidth in the 868 MHz band is B [125, 250] kHz; but the spreading factor varies from SF [7, 12]. (Rizzi, Ferrari, Flammini, Sisinni & Gidlun 2017.) LoRa was defined to provide a variable chirp duration Tc as seen in equation 3 and BW is not affected by the SF, therefore, the raw bit rate Rb can be computed using equations 1 and 2. 𝑇𝑐 = 2𝑆𝐹 𝐵𝑊 (1) 𝑅𝑏 = 𝑆𝐹 ∗ 𝐵𝑊 2𝑆𝐹 ∗ 𝐾 𝑀 (2) where Rb is the raw bit rate, SF is the spreading factor, BW the bandwidth, K the block length, and M the codeword length. The Value of Rb can vary from 366 bps (BW=125 kHz and SF=12) to 11 bps (BW=250 kHz and SF=7). One thing to note is that different SF are pseudo-orthogonal, meaning that packets using SF=i and SF=j can still be decoded even if they overlap in time and frequency provided that i≠j and the received packet’s signal to Interference plus Noise Ratio (SINR) is above the isolation threshold which is a function of I and j. These pa- rameters affect the decoder sensitivity. An increase in bandwidth lowers the receiver sensitivity, whereas, an increase of the spreading factor increases the receiver sensitivi- ty. When the code rate is reduced, the Packet Error Rate (PER) also reduces when there is a short outpour of interference, that is, a packet transmitted with a code rate of 4/8 will tolerate interferences more than a signal transmitted with a code rate of 4/5. Table 3 tak- en from the SX1272 datasheet shows the device Variants and Key Parameters. (Semtech SX1272 LoRa Datasheet 2017, Rev. 3.1.) 42 Table 3. LoRa Device Variants and Key Parameters taken from LoRa SX1272/73 Datasheet, Rev. 3.1. Semtech, 2017. Part Number Frequency Range LoRaTM Parameters Spreading Factor Bandwidth Effective Bitrate Sensitivity SX1272 860 – 1020 MHz 6 - 12 125 – 500 kHz 0.24 – 37.5 kbps -117 to -137 dBm The LoRa symbol rate Rs is defined in equation 3 as: 𝑅𝑠 = 1 𝑇𝑐 = 𝐵𝑊 2𝑆𝐹 (3) Where Tc is the chirp duration, BW is the programmed bandwidth and SF the spreading factor. The transmitted signal is a constant envelope signal. Equivalently, one chip is sent per second per Hz of bandwidth. LoRa Packet structure and Payload The LoRa TM modem uses two types of packet format namely the explicit and implicit formats. The explicit packet includes a short header that contains information about the number of bytes, coding rate and whether a CRC is used in the packet. Figure 13 shows the LoRa packet structure. (Semtech SX1272 LoRa Datasheet 2017, Rev. 3.1.) Figure 13: LoRa Packet Structure (Semtech SX1272 LoRa Datasheet 2017, Rev. 3.1). The three elements of the LoRa packets are: 43 A preamble - The preamble is used in synchronizing the receiver with the incoming data flow. The default configuration of the packet is a 12-symbol long sequence. This is programmable to make the preamble length extendable in applications where reducing the receiver duty cycle is needed in receive intensive applications. The transmitted pre- amble length is adjusted using the registers RegPreambleMsb and RegPreambleLsb from 6 to 65535 with total preamble lengths of 6+ 4 to 65535 + 4 symbols once the overhead of the preamble data is considered. (Semtech SX1272 LoRa Datasheet 2017, Rev. 3.1.) An optional header - The header type is dependent on the mode of operation chosen, the header type is selected using the ImplicitHeaderModeOn bit found within the Reg- ModemConfig1 register. The Explicit header mode is the default header mode and we also have the Implicit header mode. (Semtech SX1272 LoRa Datasheet 2017, Rev. 3.1.) The data payload - The packet payload of LoRa is a variable-length field that contains the actual data coded at the packet error rate either as specified in the header in explicit mode or in the register settings in implicit mode. An optional CRC may be appended to it. Using a given combination of spreading factor (SF), coding rate (CR) and signal bandwidth (BW), the total on-the-air transmission time of a LoRa packet can be calcu- lated as illustrated below. (Semtech SX1272 LoRa Datasheet 2017, Rev. 3.1.) The definition of the symbol rate leads to the definition of the symbol period in equation 4. 𝑇𝑠 = 1 𝑅𝑠 (4) However, the LoRa packet duration is the sum of the duration of the preamble and the transmitted packet. Where the preamble length is computed as in equation 5. 𝑇𝑝𝑟𝑒𝑎𝑚𝑏𝑙𝑒 = (𝑛𝑝𝑟𝑒𝑎𝑚𝑏𝑙𝑒 + 4.25) ∗ 𝑇𝑠𝑦𝑚 (5) 44 where npreamble is the programmable preamble length, taken from the register RegPream- bleMsb and RegPreambleLsb. The payload duration is dependent on the header mode that has been enabled. The number of payload symbols is given by the equation 6. 𝑛𝑝𝑎𝑦𝑙𝑜𝑎𝑑 = 8 + max (𝑐𝑒𝑖𝑙 [ 8𝑃𝐿−4𝑆𝐹+28+16𝐶𝑅𝐶−20𝐼𝐻 4(𝑆𝐹−2𝐷𝐸) ] (𝐶𝑅 + 4), 0) (6) where PL is the number of bytes of payload, SF is the spreading factor, IH = 1 when implicit header mode is enabled and IH = 0 when explicit header mode is enabled. When DE is set to 1, it indicates the use of the low data rate optimization, while 0 indi- cates its disabled. CRC shows the presence of the payload; CRC = 1 when on and 0 when off. CR is the programmed coding rate from 1 to 4. The ceil function indicates that the portion of the equation in square brackets should be rounded uo to the next inte- ger value. While the max function compares the evaluated ceil value result and returns 0 or the result depending on which one is higher. (Semtech SX1272 LoRa Datasheet 2017, Rev. 3.1.) 𝑇𝑝𝑎𝑦𝑙𝑜𝑎𝑑 = 𝑛𝑝𝑎𝑦𝑙𝑜𝑎𝑑 ∗ 𝑇𝑠 (7) Equation 7 is used to compute the total payload. Therefore, the total on-the-air transmis- sion time of a LoRa packet is the addition of the preamble duration and payload dura- tion as shown in equation 8. 𝑇𝑝𝑎𝑐𝑘𝑒𝑡 = 𝑇𝑝𝑟𝑒𝑎𝑚𝑏𝑙𝑒 + 𝑇𝑝𝑎𝑦𝑙𝑜𝑎𝑑 (8) According to the LoRa SX1272/73 Datasheet, Rev. 3.1. Semtech, 2017, the LoRa mod- ule utilizes frequency hopping spread spectrum (FHSS) typically used when the dura- tion of a single packet could exceed the regulatory requirements relating to the maxi- mum allowed channel retention time. This is, however, most noticed in the case of the US operation where the 902 to 928 MHz ISM band which makes provision for frequen- cy hopping is used. LoRa modem enables the FHSS by setting the FreqHop-pingPeriod bit to a non-zero value in the register RegHopPeriod. The time in which the transmis- sion will dwell in any channel is determined by the FreqHoppingPeriod which is an “in- teger” multiple of the symbol periods as illustrated in equation 9. 45 𝐻𝑜𝑝𝑝𝑖𝑛𝑔𝑃𝑒𝑟𝑖𝑜𝑑[𝑠] = 𝑇𝑠 ∗ 𝐹𝑟𝑒𝑞𝐻𝑜𝑝𝑝𝑖𝑛𝑔𝑃𝑒𝑟𝑖𝑜𝑑 (9) Figure 14. A Simplified SX1272 Block Diagram (SX1272 LoRa Datasheet 2017). A Simplified SX1272 Block Diagram is illustrated in figure 14. LoRa and LoRaWAN can meet the requirements of industrial environments particularly when application sce- nario needs cycle time in the order of one minute and for a large number of sensor nodes. LoRa is focused on applications where the end devices have limited energy ( bat- tery-powered) and where end devices do not require transmission of more than a few bytes of data at specific time and where the initiation of data traffic can be done by ei- ther the end-device (for example, when the end-device is a sensor) or by an external en- tity that wants to communicate with the end-device (like when the end-device is an ac- tuator). (LoRa Alliance White Paper 2015.) LoRa physical layer which was developed by Semtech operates on the 433, 868 and 915 MHz ISM band depending on the region in which it is to be deployed. In Europe, the 868 MHz ISM band is used. The payload on each transmission can vary from 2 to 255 octects and the data rate reaches up to 50Kbps when the channel aggregation is em- ployed. The modulation technique used is proprietary to Semtech. LoRaWAN gives a medium access control mechanism, enabling many end-devices to communicate with the gateway using the LoRa modulation. The LoRaWAN is an open standard being de- 46 veloped by LoRA Alliance unlike the LoRa modulation which is proprietary. (Semtech SX1272 LoRa Datasheet 2017, Rev. 3.1.) The typical LoRa network uses “star-of-stars” topology as seen in figure 15. Figure 15. LoRa Network Architecture (ResearchGate 2018). From figure 15, the end-devices communicate with gateways using LoRa with the Lo- RaWAN. The gateways forward raw LoRaWAN frames from the devices to a network server over a back-haul interface with a higher throughput, using Ethernet or 3G. Con- sequently, gateways are only bidirectional relays, or protocol converters, with the net- work server being responsible for decoding the packets sent by the devices and generat- ing the packets that should be sent back to the devices. There are three classes of LoRa end-devices (nodes), which differ only with regards to the down-link scheduling which is based on a cellular-like architecture where several base stations hosting the packet forwarder provide point-to-point link to end-devices on the field. Three different node “flavors” exist, where Class A is the basic one, Class B uses Beacon messages for time synchronization and Class C allows for continuous node listening. (ResearchGate 2018.) LoRa Security - Both signing and encryption are provided by the LoRaWAN protocol for parts of the LoRaWAN packets and are performed using symmetric keys that both to the Node and to the Network Server knows and possibly also known to Application Servers located behind the Network server depending on requirements. The keys are 47 shared in a way that is based on how a node joins the network. The AES128-bit data encryption algorithm is used to encrypt data. The MAC Payload section of messages is signed to hinder the manipulation of the cipher-text, or of other values. (Miller 2016.) Pro – LoRa is a much better choice for devices or sensor nodes transmitting every 10 or 15 minutes in networks with a low or medium number of nodes. LoRa is also the very good option for very wide networks, having long-range links. Other communication modules cannot get more than a few km. Cons – LoRa is not very good for projects which require high data-rate and/or very frequent transmissions (like every 10 seconds) and LoRa is probably not suitable for highly populated networks. But this depends on the number of nodes as well as on the number of packets per hour that each node sends. LoRa node should be powered by a solar panel, or better, connected to mains electricity as power consumption is a major challenge. Lastly, note that due to the low bandwith, LoRa by itself does not support Over the Air Programming (OTA), but can be done us- ing 3G, GPRS or WiFi modules that allow OTA as a second radio for OTA purposes. (Libelium Communication Distribution 2018.) 2.2.7. Comparing the Wireless Communication Protocols The analysis of some few papers and several online articles led to the findings from available publication for different estimations and evaluation results regarding the speci- fications and performance of wireless protocols.This is because these specifications are gotten from the implementation performed by the producers of these devices and stand- ards. As a result, some main wireless modules from well-known manufacturers are illus- trated based on the wireless protocols used in this thesis. Table 4 summarizes some of the main features of the wireless protocols taken from the respective datasheets of each wireless protocol devices used. The references to the datasheets and networking guide of these wireless protocols are given at the reference section of this document. 48 Table 4. Comparing BLE, XBee, WIFI and LoRa Wireless Protocols. Technical Specification BLE Zigbee (IEEE 802.15.4) WiFi LoRa Device Family Bluetooth v4.0 /Bluetooth Smart Chipset: BLE112 XBee-PRO 802.15.4 EU WiFi PRO module Semtech SX1272 Mod- ule Frequency bands 2400–2500 MHz ISM 2.4 GHz 2.4GHz IEEE 802.11 b/g/a 863-870 MHz (Europe) 902-928 MHz (US) Transmission Power [-23 dBm, +3 dBm] +10 dBm 802.11b: 17 dBm 802.11g: 14 dBm 802.11a: 12 dBm +14dBm RX sensitivity -103 dBm -100 dBm 802.11b@11Mb ps PER<8%: - 87 dBm 802.11g@54Mb ps PER<10%: - 73 dBm 802.11a MCS0 PER<10%: -86 dBm -134 dBm Transmission Range (at max- imum TX pow- er) 100 m 750 m <300m LOS = 22km (13.4miles) NLOS = +2km (1.2miles) 49 Maximum over the air data rate 1Mbps 250 Kbps Max 72.2Mbps (IEEE 802.11n HT) Not mentioned Tx current @3.3 VDC 36 mA 215mA 350 mA Not mentioned Rx current @3.3 VDC 8 mA 55mA 130 mA Not mentioned Encryption AES 128 AES 128 AES-128/256, 3DES, SSL3/TLS1, HTTPS, RSA, WEP, WPA and WPA2 AES 128/192/256 Authentication Not men- tioned Not mentioned WPA-TKIP 128-bit WPA2 CCMP (AES) Not mentioned Topology Scatternet Star, tree, mesh Star Star 2.2.8. Choosing a Wireless Protocol In choosing a wireless solution we need to consider several points and provide answers to relevant questions that arises to ensure that the wireless communication link will per- form satisfactorily. Such questions are as follows; Is it possible to get a clear line-of- sight propagation? Else, can we overcome attenuation and multipathing to provide reli- able communication? Do we have an ideal and acceptable location to mount the antenna and equipment? What is the best frequency range for the application? Have the client provided enough information and support to aid with getting the answers to these ques- tions? Since we want to develop an industrial wireless link and we need to consider the distance, reliability and configurability, we are going to make use of a proprietary RF system. (Conley 2018.) Wireless connectivity offers multiple advantages such as easier installation and mainte- nance, better flexibility and scalability and a long communication range, and not having to worry about the wires wearing or getting tangled together. However, when selecting 50 any specific wireless solution, we need to perform a site assessment. It is important to perform some analysis on the communication environment. A site assessment is an analysis of the distance, terrain, obstacles, foliage, potential RF Interference sources and other factors that can affect the optimum operation of the communications link. The site assessment done is based on the challenges inherent in the application especially for more complex or critical applications. For an ideal situation where there is a clear line- of-sight between the transmitter and receiver antennas, there can be good assurance that a wireless link will operate successfully given adequate power in the appropriate fre- quency range. Still, it is required to put into consideration the probability of the envi- ronmental conditions changing seasonally, or other changes in the industrial area and carryout proper investigation on the presence of sources of RF interference nearby. (Conley 2018.) Wireless protocols are also prone to malicious attackers which might attempt to spy and hack into the network to control or interfere with and jam communications. Therefore, careful considerations and field testing is needed to test if a wireless solution can deliver the required robustness, reliability and security compared to the wired solution. 2.2.9. Basic Network Attacks The network security has become an important topic to note due to the frequency and variety of existing attacks along with the potential threat of new and more destructive future attacks. Attackers make different types of network attacks based on their interest as some may not only be interested in exploiting software applications, but also want to get unauthorized access of the network and the devices connected to the network. Some types of network attacks are eavesdropping, Data Modification, Identity Spoofing (IP Address Spoofing), Password-Based Attacks, Denial-of-Service (DoS)Attack, Man-in- the-Middle Attack, Compromised-Key Attack, Sniffer Attack and Application-Layer Attack etc. (VSkills 2018.) These attacks may be classified into passive monitoring of communications, active net- work attacks, close-in attacks, exploitation by insiders, and attacks through the service 51 provider, Distributed Attack (Distributed DoS) and Hijack attack etc. Any of these at- tacks can be used to cause damage to the network and gain unauthorized access of the network and the devices connected to the network. The attacker may be able to control the devices or make unwanted modification to it and its data. (VSkills 2018.) Security measures should be taken to protect the data and ensure reliability and authen- ticity of data. Based on the IEEE 802.16e standard, the security measure used should provide strong support for authentication, key management, encryption and decryption, control and management of data protection and security protocol optimization. (VSkills 2018.) Figure 16 shows some type of network attacks. Figure 16. Types of network attacks (PCtech24 2017). 52 2.2.10. Encryption and Authentication Wireless communication links certainly comes with an intrinsic vulnerability to security risks and therefore the right steps should be applied to mitigate them. Therefore, we need to make use of wireless systems that has a trusted and accepted security features and capability. Wireless communication links should be able to provide security for data transmission, for example using AES with 128- or 256-bit encryption. In over-the-air transition of data, the US government for example has adopted the AES encryption as the required standard for the secure data transition (Conley 2018). Therefore, AES encryption can be applied to the smart NOx CAN data to ensure the se- cure transmission of the data. 2.3. Smart NOx Sensor, Speedgoat and Engine Control Module (ECM) In this section, we discuss the components used such as smart NOx sensor, speedgoat and the engine control module (ECM). 2.3.1. Smart NOx Sensor The smart NOx is a sensor that measures the oxygen (O2) percentage and nitrogen ox- ides (NOx) ppm in the exhaust of combustion engines. Oxygen is measured as a per- centage while NOx concentration is measured in ppm. (Ina & Bertrand 2010.) Nitrogen Oxides (NOX) are a group of poisonous, highly reactive gases of which two occur naturally namely nitric oxide (NO) and nitrogen dioxide (NO2). The combustion of fossil fuels is the most common source of NOX emissions. The amount of emission depends on the air-fuel mix ratio as well as the amount of nitrogen in the fuel. At high temperatures and conditions that encourage oxidation NOx formation in combustion is favored. NO2 has adverse effects on human health and at high concentrations it can lead to the inflammation of the airways. NO2 is also responsible for the formation of second- 53 ary particulate aerosols and ozone (smog (O3)) in the atmosphere. These are noticeable air pollutants because of their severe impacts on human health. (European Environment Agency (EEA) 2018.) NOx can also lead to acid rain and eutrophication. Eutrophication leads to the occur- rence of potential changes in the quality of soil and water. This leads to devastating ef- fects on the aquatic ecosystems in rivers and lakes and causes damage to forests, crops and other vegetation. Eutrophication can also bring about decreased biodiversity, changes in species composition and dominance, and toxicity effects. NOx therefore has both directly and indirectly effects on human health. Sources NOx include automobiles, trucks and various non-road vehicles such as construction equipment, boats, etc. Other sources are industrial sources such as power plants, industrial boilers, cement kilns, and turbines. Stationary sources of NOx were required to install and operate reasonably available control technology (RACT) by May 31, 1995 according to the Clean Air Act Amendments of 1990 for the United States. (United States Environmental Protection Agency (EPA) 2018.) Similarly, according to the Department of Communications, Climate Action and Envi- ronment, the EU Clean Air Policy has an interim objective to reduce health and envi- ronmental impact up to 2030, these objectives include avoiding 58,000 premature deaths, saving 123,000km2 of ecosystems, (including 56,000km2 protected Natura 2000 sites) from nitrogen pollution, and saving 19,000km2 forest ecosystems from acidifica- tion. The commercial NOx sensors applied in automotive are basically zirconia (YSZ) elec- trochemical sensors of the amperometric type. The NOx sensor’s fundamental principle of operation is illustrated in figure 17. The sensor makes use of two or three electro- chemical cells in adjacent chambers. The first cell electrochemically pumps O2 out of the sample to avoid the O2 interfering with the NOx measurement in the second cell. The removal of the O2 makes this type of NOx sensor to have a dual function; it can al- so be used in detecting of the O2 level in the exhaust. (Carstens & Majewski 2018.) 54 Figure 17. Schematic representation of an amperometric NOx sensor. (Carstens & Majewski 2018.) NOx sensors comprise of a minimum of two oxygen pump cells (see figure 17) - one removes excess oxygen from the exhaust gas, and the other measures the resultant oxy- gen concentration from the decomposition of NOx. When the O2 in the first cell is re- duced, it produces O ions which are pumped through the zirconia electrolyte by the ap- plication of a bias of approximately -200mV to -400mV. The O2 concentration is deter- mined from the pumping current because it is proportional to the pumping current. The second cell collects the remaining gases where the NOx decomposes into N2 and O2 us- ing a reducing catalyst. Like the first cell, a bias of -400 mV is applied to the electrode to separate the O2 produces and then pumps out the O2 from the cell; the second cell’s pumping current is proportional to the amount of oxygen from the NOx decomposition. To help control the NOx sensing cell, an additional electrochemical cell can be applied as a Nernstian lambda sensor. To avoid interference, all HC and CO in the exhaust gas is oxidized before reaching the NOx sensing cell and any NO2 in the sample is convert- ed to NO before the NOx sensing begins to guarantee that the sensor output is propor- tional to the NOx concentration. (Carstens & Majewski 2018.) The NOx sensor has been applied recently in urea-SCR (Selective Catalytic Reduction) systems for light- and heavy-duty diesel engines. SCR systems basically makes use of a NOx sensor downstream of the SCR catalyst to satisfy various OBD (on-board diagnos- 55 tics) requirements. Excessive NOx or ammonia concentrations in the SCR outlet leads to an OBD malfunction notification because NOx sensors are sensitive to NOx and ammonia gases. The SCR is a system that injects a solution like AdBlue through a cata- lyst in the exhaust to react with the nitrogen oxide gas produced by the combustion pro- cess. AdBlue is a solution made up of urea and water injected into the engine/vehicle’s exhaust system to breakdown the harmful nitrogen oxide into harmless nitrogen and ox- ygen gases before it comes out of the exhaust pipe. However, note that the NOx sensor measures the NOx concentration before the NOx is reduced or broken down. (Parkers 2018.) In the Wärtsilä’s smart NOx sensor case, the current installation has the smart NOx sen- sor connected to the engine control unit (ECU) with a wired CAN bus connection. The smart NOx sensor data is transmitted using the SAE J1939 protocol which is built on top of CAN Networks. SAE J1939 was developed specifically for use in heavy duty en- vironments, with the aim on achieving reliable and fault tolerant communications. The objective of the test case in this thesis is to investigate and simulate the possibility of replacing the existing wired connection between the smart NOx sensor and the rapid control prototyping system (speedgoat), and possibly in the future the Engine Control Unit (ECU) with a wireless communication solution. 2.3.2. Acquiring data from the Smart NOx sensor According to the datasheet of the smart NOx sensor provided by Wärtsilä, SAE J1939 is used, with extended 29-bit CAN frame identifiers and a transfer rate of “250kBaude”. The smart NOx sensor transmits data using the address “18F00F52h” when pin5 is open. A new CAN frame is transmitted every 50ms. Table 5 illustrates the format of data bytes in each transmitted CAN frame. Further details about status bytes are availa- ble in the datasheet. (Ina & Bertrand 2010.) To obtain correct readings, the sensor needs to be heated first. Heating must be initiated externally by sending the 8 bytes hexadecimal heating signal “04h” at a repetition rate > 100ms. 56 Table 5. Payload in smart NOx CAN frames. 2.3.3. Testing the Smart NOx sensor To test if the obtained sensor had been connected and powered correctly as well as to examine the transmitted CAN frames, a Kvaser Leaf Light HS v2 USB to CAN inter- face was used. The sensor is powered by a regulated DC power supply at 24V. Sending the 8 bytes hexadecimal heating signal “04h” to the smart NOx sensor with a Receive ID 0x18FEDF00 makes the smart NOx sensor to start heating and then sends back its CAN frames through the CAN Bus to the wireless module for transmission to the re- ceiver module where the Kvaser Leaf Light HS v2 USB to CAN Bus interface is used to view the data. Repeating the 8 bytes hexadecimal heating signal “04h” every 100ms will maintain the heating of the smart NOx. The result is shown in figure 18. (Ina & Ber- trand 2010.) Figure 18. CAN frame to start heating smart NOx. 57 2.3.4. Calculating O2% and NOx ppm According to the smart NOx sensor datasheet by Ina & Bertrand 2010, O2 percentage can be calculated from O2 bytes in table 5 using equation 12. 𝑂2(𝑝𝑒𝑟𝑐𝑒𝑛𝑡𝑎𝑔𝑒) = 0.000514% × 𝑂2 − 12 (12) NOx ppm can be calculated from NOx bytes in table 5 using equation 13. 𝑁𝑂𝑥(𝑝𝑝𝑚) = 0.05 × 𝑁𝑂𝑥 − 200 (13) 2.3.5. Speedgoat and the Engine Control Module (ECM) This thesis investigates the possibility of replacing the existing wired CAN bus connec- tion between the smart NOx sensor and the rapid control prototyping system speedgoat and possibly in the future the Engine Control Unit (ECU) with a wireless communica- tion solution. The speedgoat applies Real-time systems with Simulink Real-Time™ from MathWorks to various applications across many industries, in the lab, field, class- room, or embedded in machinery. Speedgoat solutions and simulink are seamlessly in- tegrated and allows for fast test run of simulink software designs with hardware. (Speedgoat GmbH 2007-18.) The Engine Control Module (ECM) in figure 19 which can also be called Engine Con- trol Unit (ECU) is a kind of electronic control unit that manages the control of series of actuators on an internal combustion engine to ensure that the engine’s performance is optimal. This is done by reading the values from all the sensors within the engine bay and interpreting the data using multidimensional performance maps (referred to as lookup tables) and adjusting the engine actuators accordingly. (Wikipedia 2018a.) 58 Figure 19. Engine Control Unit of a 1996 Chevrolet Beretta (Wikipedia 2018b). 3. SMART NOX AND SPEEDGOAT WIRELESS COMMUNICATION This thesis is based on the case study of Wärtsilä’s smart NOx sensor. Its aimed at in- vestigating the possibility of using a wireless protocol to send the data of the smart NOx sensor located on diesel engines to the speedgoat/Engine Control Module (ECM). The project is aimed at being a low powered wireless solution that will be used to transmit data (CAN frames) of the smart NOx sensor (connected to the wireless trans- mitter module) to the wireless receiver module. The receiver module will then relay the CAN frames through an external CAN controller to the speedgoat – performance real- time target machine. A matlab simulink module has been programmed into the speedg- oat to receive CAN frames, calculate O2% and NOx ppm and display the results on a monitor connected to the speedgoat. Regardless of if you are making the changes to an existing system or equipment or if you are developing a new infrastructure, distance, barriers and interference can be a challenge. Sometimes the use of remote monitoring and control can be expensive, how- 59 ever, the cost of having hardwired connections can make an application non-feasible as well as non-viable. Also, hardwiring is basically not achievable in some situations. When adding I/O within an existing system, long distances may not be considered, however, the cost and difficulties accompanying the addition of conduit and wiring to an existing system may exceed the cost and flexibility of making use of a wireless communication link. (Conley 2018.) 3.1. System Architecture There are some factors considered during the implementation of each wireless protocol such as Receiver Signal Strength Indicator (RSSI), packet loss, bit error rate, latency and power consumption. Also, the aim is to have a designed prototype that is cost effec- tive, robust and reliable, therefore, the choice of the components and products used were carefully carried out. The list of the hardware components used includes smart NOx sensor, speedgoat, CAN Bus module, Multiprotocol Radio Shield, Arduino development board, Waspmote de- velopment board, Waspmote expansion board, XBee PRO module, XBee Explorer USB, X-CTU tool, LoRa module, WIFI PRO module and BLE module. These compo- nents are discussed briefly in this section and the connection and programming of the components are discussed in subsections 3.2.1 to 3.2.11. The CAN Bus Module used for XBee, LoRa and WIFI protocol implementation is a CAN 2.0B - Extended CAN frame with 29-Bit identifier from Libelium. (See figure 20.) It has a CAN controller MCP2515 and a CAN transceiver MCP2551. The technical de- tails of the CAN Bus are mentioned in table 6. 60 Figure 20. CAN Bus Module (Cooking-Hacks 2018). Table 6. Technical details of the CAN Bus Module. (Cooking-Hacks 2018). CAN Bus Standard ISO 11898 Cabling Twisted pair Connector DB9 Network Topology Multi-master Speed 125 to 1000 Kbps Signaling Differential Voltage Levels 0-5V Signals Half Duplex The CAN Bus modules in figure 20 also provides a 120-ohm termination resistor. The schematic is like the schematic of Mikroelectronika CAN SPI click board illustrated in APPENDIX 1. A new CAN Bus API was written for the Libelium CAN Bus module of figure 20 to implement the 29-bits extended ID of the smart NOx sensor. 61 Figure 21. Multiprotocol Radio Shield v2.0 (Cooking-Hacks 2018). The Multiprotocol Radio Shield can be used as an interconnection shield for Arduino and was designed to allow the connection of two communication modules at the same time. With its SPI bus connections, it can be used to combine any of the following RS- 485, CAN Bus, LoRa modules, LoRaWAN, RFID, XBee and Bluetooth. See the Multi- protocol Radio Shield in figure 21. (Cooking-Hacks 2018). The Arduino development board used is the Arduino UNO Rev3 (see figure 22). It is an open-source microcontroller board developed by Arduino.cc based on the Microchip ATmega328P microcontroller. There are some sets of pins on the board, digital and ana- log input/output (I/O) pins that can be interfaced with various expansion boards and shields and other circuits for various applications. The Arduino IDE in figure 23 makes use of a version of C++ that has been simplified to make programming it easier. (Spark- fun 2018.) 62 Figure 22. Arduino UNO Rev.3 (Sparkfun 2018). Figure 23. Arduino IDE. 63 The structure of the Arduino IDE code is divided into two basic parts namely setup and loop. They are executed in a sequential order with the setup being the first part of the code that is run only once on initialization of the code. This is the part of the code where it is recommended to include the initialization of the modules which are to be used. The loop part of the code runs continuously, in an infinite loop. This is where the main part of the code to perform the desired function is included. (Tutorialspoint 2018.) The Waspmote development board uses the Atmel ATmega1281 microcontroller. The board has some features that improves its performance and application such as the hi- bernate mode, sleep mode, watchdog and indication LEDs used for several debugging and application purposes. The Waspmote development board is presented in figure 24. (Libelium 2018a.) Figure 24. Waspmote development board (Libelium 2018a). In the Waspmote IDE illustrated in figure 25, the structure of the codes is divided into two basic parts namely setup and loop. Their function is the same as in the case of the Arduino IDE. socket 1 socket 0 http://www.tutorialspoint/ 64 Figure 25. Waspmote IDE. The Waspmote expansion board in figure 26 allows the connection of two communica- tion modules at the same time. This means it can be used to combine any of the follow- ing RS-485, CAN Bus, LoRa modules, LoRaWAN, RFID, 802.15.4, ZigBee, DigiMesh, 868 MHz, 900 MHz, LoRa, WiFi, GPRS, 3G, 4G, Sigfox, LoRaWAN, Blue- tooth Pro, Bluetooth Low Energy and RFID/NFC which are available for Waspmote. (Libelium 2018b.) Figure 26. Waspmote Expansion Board (Cooking-Hacks 2018). 65 The XBee-PRO modules in figure 27 add functionalities such as the node discovery (were specific information is appended to the packet headers so that they can discover other nodes in the same network) and duplicated packet detection to the physical level as well as the link level (MAC layer) already defined by the standard IEEE 802.15.4 which the XBee PRO module complies with. It uses the free frequency band of 2.4 GHz, utilizing 12 channels with a bandwidth of 5 MHz per channel as shown in table 7. (Libelium 2017a.) Table 7. XBee 802.15.4 Channel Number Frequency. (Libelium 2017a). Channel Number Frequency 0x0C – Channel 12 2.405 – 2.410 GHz 0x0D – Channel 13 2.410 – 2.415 GHz 0x0E – Channel 14 2.415 – 2.420 GHz 0x0F – Channel 15 2.420 – 2.425 GHz 0x10 – Channel 16 2.425 – 2.430 GHz 0x11 – Channel 17 2.430 – 2.435 GHz 0x12 – Channel 18 2.435 – 2.440 GHz 0x13 – Channel 19 2.440 – 2.445 GHz 0x14 – Channel 20 2.445 – 2.450 GHz 0x15 – Channel 21 2.450 – 2.455 GHz 0x16 – Channel 22 2.455 – 2.460 GHz 0x17 – Channel 23 2.460 – 2.465 GHz 66 Figure 27. XBee PRO Module (Cooking-Hacks 2018). XBee Explorer USB in figure 28 is used with a configuration tool such as XCTU to configure the XBee modules to talk to each order. It is used to hold the XBee module as illustrated in figure 29. Figure 28. XBee Explorer USB (ES Electronics-Shop 2018). Figure 29. XBee PRO Module on XBee Explorer USB. 67 The X-CTU tool in figure 30 is a utilities configuration and testing tool. It is used to pre-configure the XBee modules to the same channel and PAD ID. This is done to get the XBees to communicate with each other. Further detail is presented in section 3.1.5. Figure 30. XCTU tool. The LoRa module in figure 31 provides an optimum range performance due to its re- ceiver sensitivity developed by LoRa™ technology. The module also has a library which enables addressable, reliable and robust communications with ACK, re-tries or time-outs strategies. The frequency can be selected and set with pre-defined channels based on the country in which it is used, that is, it works for both 868 (Europe) and 900 MHz (USA) ISM bands. (Libelium 2017b.) 68 Figure 31. LoRa Module (Cooking-Hacks 2018). The LoRa Module specification is presented in table 8. Table 8. LoRa specification. (Cooking-Hacks 2018.) LoRa Module SX1272 Dual Frequency Band 863-870 MHz (Europe) and 902-928 MHz (US) Transmission Power 25 mW Sensitivity -134 dBm Channels 8 (868MHz) and 13 (900MHz) Range LOS = 21km (13.4miles) and NLOS = +2km (1.2miles) The WIFI PRO module shown in figure 32 is an 802.11 b/g radio with 32-bit processor, TCP/IP stack, real-time clock, crypto accelerator, power management unit and analog sensor interface. It is managed by UART and it can be connected to SOCKET0 or SOCKET1 of the Waspmote development board. It supports the SSL3/TLS1 protocol used for secure sockets while it supports WEP, WPA and WPA2 WiFi encryption on the WLAN interface. It can connect to any standard router which has been configured as Access Point (AP) and can send data to other devices in the same network as well as send data directly to a web server locat