Secure Data Coverage across 55,000 Square Miles of U.S. Oilfields
Two U.S. technology companies recently joined forces to launch a large-scale data/IoT communications network that provides secure data transmission in more than 55,000 square miles of U.S. oil and gas fields in several important shale plays.

Digital Oilfield: the hardware consists of a radio and an access point.

San Diego’s On-Ramp Wireless, a provider of long-range connectivity for the Internet of Things (IoT), and WellAware, a San Antonio based provider of oilfield monit...

See Details Here: How the System Works

OAG360: How does the system work?

The occupied bandwidth of each RPMA access point is 1 MHz of spectrum within the 80 MHz in the unlicensed 2.4 GHz band.

The radio that WellAware uses most commonly operates on three internal 3.6 V lithium ion batteries, packaged together to be about the size of a pack of playing cards. These provide 13 Ah at 10.8 volts DC.

The RPMA network is a terrestrial WAN just like cellular or 900 MHz; however, it has built in physical and application layer technologies to improve its coverage and capacity. At the physical layer, it has the largest link budget -- 172 dBm -- of any commercially available terrestrial network, giving it the ability to propagate signal further than any other terrestrial network operating in the same or similar frequency band. On the application layer, it can withstand packet loss of greater than 50 percent and still reliably interpret and deliver robust data. This means that even at low signal strength, it can reliably and accurately deliver oilfield data where other networks would fail. All of this translates to an extremely wide coverage area per access point.

Traditional networks, depending on network coverage, can deliver between 80-95 percent data availability. The WellAware RPMA is in excess of 99.9 percent data availability.

We monitor all of the sites for each measurement to be collected. Since we’re doing the collection of the data, we know the number of data points that we should get with each data pull. We can easily identify any missing data. If something is missing, the unique store-and-forward capabilities of RPMA radios ensure that it’s transmitted when the radio reconnects.

OAG360: could you talk about the low power aspect of your network?

Imagine a midstream company wants to monitor a single pressure transducer on a remote section of pipeline once every hour. In this example, the expected battery life of the RPMA radio is about 18 months. Decrease the polling frequency to once per day, and that battery life could increase to 15 years. On an IP-based network such as cellular, this kind of transmission frequency would require a solar panel and charger to sustain life up to 18 months, and would ultimately rely on sunny days to remain active. The RPMA network is able to do this because of the way that packet delivery is scheduled. This allows the radio to remain in a deep sleep mode, drawing only a few microamps of power, unless it is taking or processing reads or transmitting data.

Even in transmit mode, which lasts approximately 2.1 seconds per outgoing traffic, the radio consumes less than 2.5W of power, which is about 60 percent that of a typical 4G cellular modem.

OAG360: When you say that 900 MHz networks are plagued by interference issues, what interferes with them?

Typically, 900 MHz networks interfere with each other. 900 MHz, like the 2.4 GHz that RPMA operates on, is an unlicensed spectrum on the ISM band. Any radio can operate on this band, and operators are free to adjust transmit powers up to -- and sometimes over -- allowable FCC limits to ensure that THEIR network successfully delivers traffic. When many operators stand up multiple 900 MHz networks in the same space, the frequency bands can become saturated, leading to network failure.

RPMA mitigates interference risks using features such as congestion control and handover on the network layer, acknowledged delivery and closed loop transmit power control on the medium access control layer, and a high DSSS processing gain supported by interleaved FEC algorithms on the physical layer. This absolutely ensures that the network is extremely robust to interference. As an additional benefit, these features also leave a small radio band footprint. In fact, the RPMA footprint is a fraction of the typical 900 MHz mesh footprint, due to its low duty cycle, power control, and limited bandwidth consumption.

OAG360: How is your network secured?

Security only works if every transaction is secured, from the endpoint node to the point of visualization. To start, each RPMA endpoint node is factory keyed to a particular network key. In a few words, the WellAware RPMA endpoints can connect ONLY to WellAware RPMA access points. Even if another RPMA access point is available but not keyed on the WellAware network, the WellAware RPMA endpoint nodes will not connect. This key exchange does not occur over the air, so it cannot be changed in the field. Mutually authentication also limits the liability of a compromised key. If an endpoint node key is compromised, only the pair-wise communication between that endpoint and the access point is corrupted. If the access point key is compromised, the worst-case scenario is a denial of service attack. In addition to mutual key authentication, the network employs AES128 based CMAC to authenticate over the air messages.

Messages are encrypted using 168-bit triple DES encryption, and anonymous links reduce network visibility. Beyond the network, WellAware houses its servers in Tier four datacenters owned and managed by Rackspace and Amazon Web Services. These datacenters ensure physical and digital security, provide regular penetration testing, and implement disaster recovery and failover systems to guarantee data security and maintain 99.999% data availability for the authenticated end user.

All WellAware applications access WellAware data services using secure, mutually authenticated HTTPS sessions.

The network was built with security in mind; as opposed to being bolted on once the entire system design was completed. We designed the network to be secure from the operator’s desktop and mobile device all the way to the sensor.
We use industry standard security practices in backhauling data aggregated from several RPMA radios in the field.

Additionally, we encrypt using industry standards across the endpoint radios and towers, as well as use advanced keying mechanisms for device authentication. For example, mutual entity authentication ensures that valid radios will join only valid networks and the converse: valid networks will only recognize valid radios. These practices include recommendations by various widely respected organizations such as the NIST.

Network solution components are also all certified by the US Bureau of Industry Standards (BIS) prior to export outside of the United States.

"Security is an increasingly important concern for operators. According to the Dell 2015 Security Annual Report, cyber attacks on SCADA systems, commonly used in oil and gas applications, jumped from 163,228 in 2013 to 675,186 in 2014."  


Legal Notice