Search

US-12627976-B2 - Secure wireless industrial mesh network

US12627976B2US 12627976 B2US12627976 B2US 12627976B2US-12627976-B2

Abstract

Disclosed herein are systems, methods, and computer-readable media related to secure wireless industrial mesh networking. An example wireless mesh network includes one or more wirelessly connected gateways communicatively coupled to a plurality of sensors and including a floating gateway and a backhaul gateway. Operations are performed in response to (1) receiving, at the backhaul gateway, a collection state query and (2) receiving, at the backhaul gateway and via at least one of a floating gateway and a sensor, sensor data. The operations can include generating, by the backhaul gateway, a collection publication instruction including sensor data; transmitting, by the backhaul gateway, the collection publication instruction to the requesting system; and synchronizing, by the backhaul gateway, the sensor data with the wirelessly connected floating gateway.

Inventors

  • Roger L Jungerman
  • Randall King

Assignees

  • Operant Networks

Dates

Publication Date
20260512
Application Date
20230731

Claims (20)

  1. 1 . A method performed by a distributed computing system, the method comprising: with a wireless mesh network comprising a set of wirelessly connected gateways communicatively coupled to a plurality of sensors, the set of wirelessly connected gateways comprising a floating gateway and a backhaul gateway, wherein at least the backhaul gateway is coupled to a computing system via a communication channel, responsive to (1) receiving, at the backhaul gateway and via the computing system, a computing system collection state query, and (2) receiving, at the backhaul gateway and via at least one of the floating gateway and a sensor of the plurality of sensors, sensor data, performing operations comprising: generating, by the backhaul gateway, a collection publication instruction comprising the sensor data; transmitting, by the backhaul gateway, the collection publication instruction to the computing system via the communication channel; and synchronizing, by the backhaul gateway, the sensor data with the floating gateway, wherein the floating gateway is in wireless communication with the backhaul gateway.
  2. 2 . The method of claim 1 , wherein the backhaul gateway is a first backhaul gateway and the set of wirelessly connected gateways further comprises a second backhaul gateway, the method further comprising: synchronizing, by the first backhaul gateway, the sensor data with the second backhaul gateway, wherein the second backhaul gateway is in wireless communication with the first backhaul gateway.
  3. 3 . The method of claim 2 , wherein the first backhaul gateway is associated with a first broadcast domain comprising a first floating gateway and a first sensor, and the second backhaul gateway is associated with a second broadcast domain comprising a second floating gateway and a second sensor, the operations further comprising: separating the first broadcast domain at least in part from the second broadcast domain by assigning a first communication channel to the first backhaul gateway and a different second communication channel to the second backhaul gateway.
  4. 4 . The method of claim 3 , wherein the first communication channel and the second communication channel are selected from a range of wireless protocol channel frequencies.
  5. 5 . The method of claim 4 , wherein the wireless protocol is LoRa.
  6. 6 . The method of claim 4 , further comprising: causing at least one of the first backhaul gateway, the first floating gateway, the second backhaul gateway or the second floating gateway to generate and broadcast a system parameter strategy publication.
  7. 7 . The method of claim 6 , further comprising: causing the computing system to propagate the system parameter strategy publication to the remaining of the first backhaul gateway, the first floating gateway, the second backhaul gateway or the second floating gateway.
  8. 8 . The method of claim 7 , further comprising: determining a parameter in the system parameter strategy publication using a machine learning model.
  9. 9 . The method of claim 8 , wherein the machine learning model is trained on at least one of performance data of the wireless mesh network and propagated strategy data.
  10. 10 . The method of claim 6 , wherein the system parameter strategy publication comprises a spread factor.
  11. 11 . The method of claim 2 , further comprising applying a trust rule to at least one of the first backhaul gateway, the second backhaul gateway, or the floating gateway, wherein a subset of the plurality of sensors are authorized to establish electronic communication with the at least one of the first backhaul gateway, the second backhaul gateway, and the floating gateway based on the trust rule.
  12. 12 . The method of claim 1 , wherein the backhaul gateway and the floating gateway are configured to generate and broadcast periodic gateway collection state queries, the operations further comprising: causing the backhaul gateway to generate a periodic gateway collection state query at a higher temporal frequency than the floating gateway; wherein the collection state query is configured to query the plurality of sensors for new sensor data.
  13. 13 . The method of claim 1 , wherein the backhaul gateway and the floating gateway are configured to generate and broadcast periodic gateway collection publication instructions, the operations further comprising: causing the floating gateway to generate and broadcast collection publication instructions at a lower temporal frequency than the backhaul gateway; wherein the collection publication instructions are configured to broadcast an electronic message comprising sensor data.
  14. 14 . The method of claim 13 , further comprising optimizing a spread factor for the collection publication instructions locally on at least one of the backhaul gateway and the floating gateway.
  15. 15 . The method of claim 14 , wherein the collection publication instruction is responsive to a collection state query received from a neighboring node, the operations further comprising: optimizing the spread factor for the collection publication instructions locally based on a signal strength determined based on a collection state query message received from the neighboring node.
  16. 16 . The method of claim 15 , wherein the neighboring node is one of a sensor or a gateway.
  17. 17 . The method of claim 1 , wherein each of the plurality of sensors is communicatively coupled to at least two mesh gateways, the mesh gateways comprising at least one or more of a backhaul gateway or a floating gateway.
  18. 18 . The method of claim 1 , wherein the communication channel is a multicast communication channel.
  19. 19 . The method of claim 1 , wherein the communication channel is an Ethernet communication channel.
  20. 20 . The method of claim 1 , wherein the communication channel is an IPv6 communication channel.

Description

TECHNICAL FIELD The present technology is directed generally to secure sensor networks. More specifically, the present technology is directed to secure wireless industrial mesh networks. BACKGROUND Wireless mesh networks are of interest in electrical smart-grid applications, predictive maintenance of rotating industrial machinery, and for wide deployment for the Industrial Internet of Things (IIoT). In IIoT, numerous sensors such as temperature, pressure, vibration or weather are distributed over a wide spatial area. The aggregated measurements, together with sophisticated analytics and artificial intelligence (AI), are used to optimize the performance, efficiency, reliability, and cost of these physical infrastructure systems. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 shows an example data flow in a secure wireless industrial mesh network, according to some embodiments. FIG. 2 shows an example configuration that includes multiple gateways in a secure wireless industrial mesh network, according to some embodiments. FIG. 3 shows an example LoRa/star mesh hybrid infrastructure where a secure wireless industrial mesh network can be implemented, according to some embodiments. FIG. 4 shows example groupings of gateways optimized for collision avoidance in a secure wireless industrial mesh network, according to some embodiments. FIG. 5 shows an example network architecture to optimize traffic in a secure wireless industrial mesh network, according to some embodiments. FIG. 6 shows an example publication optimization strategy in a secure wireless industrial mesh network, according to some embodiments. FIG. 7 shows an example multi-hop data transport operation in a secure wireless industrial mesh network, according to some embodiments. FIG. 8 shows network design adaptations to accommodate critical digital assets (CDA) in a wireless industrial mesh network, according to some embodiments. The drawings have not necessarily been drawn to scale. For example, the relative sizes of signaling periods in the figures are not to scale, and the size of certain signaling or messaging periods may differ. Similarly, some components and/or operations may be separated into different blocks or combined into a single block for the purposes of discussion of some of the embodiments of the disclosed system. Moreover, while the technology is amenable to various modifications and alternative forms, specific embodiments have been shown by way of example in the drawings and are described in detail below. The intention, however, is not to limit the technology to the particular embodiments described. On the contrary, the technology is intended to cover all modifications, equivalents and alternatives falling within the scope of the technology as defined by the appended claims. DETAILED DESCRIPTION Wireless networking can be preferred for sensors since units can be dispersed across the wireless coverage range and moved as needed. Expensive and cumbersome physical wiring to sensors is avoided. However, wireless connectivity also potentially offers an attack surface for cyber intrusions. Historically, there were relatively few large centralized industrial processing facilities, or in the case of power plants only hundreds were employed to meet the utility grid requirements. Maintenance and wiring of these plants could be managed locally behind secure fences. With increasing numbers of widely dispersed wireless sensors, these physical controls are no longer practical. For example, distributed renewable energy (DER) power systems and IIoT sensors are much smaller, and there can be hundreds of thousands of widely scattered installations; thus legacy security approaches are no longer practical. In the U.S. and elsewhere, cybersecurity threats including distributed denial of service (DDoS) attacks, malware, ransomware, data theft, and other internet-based attacks are becoming common. The scale of the cybersecurity challenges that industrial and power grid operators face is enormous, as this vital infrastructure is targeted by sophisticated adversaries including nation-state actors. Ensuring that wireless sensor networks are resilient and secure is another technical problem. With climate change, significant disruptions to the power grid due to hurricanes and wildfires have recently become much more common. In 2019, a series of planned public power safety shutoffs in California were enacted to avoid starting wildfires due to arcing from power lines. Consequently, approximately three million customers lost power, often for several days. Such large-scale blackouts, particularly when unplanned, can be destabilizing to the grid. Managing blackout events rapidly sometimes requires a more decentralized grid architecture and sensor network, to support the grid infrastructure and recovery efforts needed in the event of a disruption. This network should be capable to adapt to deliver timely sensor data even if parts of the network are compromised or destroyed. T