Through the active development of industrial internet of things (IIoT) technology, there has been a rapid increase in the number of different industrial wireless sensor networks (IWSNs). Accordingly, the security of IWSNs is also of importance, as many security problems related to IWSN protocols have been raised and various studies have been conducted to solve these problems. However, the provisioning process is the first step in introducing a new device into the IIoT network and a starting point for IIoT security. Therefore, leakage of security information in the provisioning process makes exposure of secret keys and all subsequent security measures meaningless. In addition, using the exploited secret keys, the attacker can send false command to the node or send false data to the network manager and it can cause serious damage to industrial infrastructure depending on the IWSN. Nevertheless, a security study on the provisioning process has not been actively carried out, resulting in a provisioning process without guaranteed security. Therefore, in this paper, we analyzed security issues of the provisioning process in IWSN by researching prominent IWSN standards, including ISA 100.11a, WirelessHART, and Zigbee, and also an ISA 100.11a-certified device and provisioning process-related studies. Then, we verified the security issues of the provisioning process through testing and analyzing the provisioning process using the ISA 100.11a standard-implemented devices and ISA 100.11a-certified devices. Finally, we discuss security considerations and the direction of future research on provisioning security for IWSN in the IIoT era.
Keywords: IIoT; ISA 100.11a; IWSN; provisioning; security.