Научная статья на тему 'Modelling of safety-related Communications for railway applications'

Modelling of safety-related Communications for railway applications Текст научной статьи по специальности «Компьютерные и информационные науки»

CC BY
111
17
i Надоели баннеры? Вы всегда можете отключить рекламу.
Ключевые слова
РіВЕНЬ ПОВНОТИ БЕЗПЕКИ / ЗАЛіЗНИЧНі ДОДАТКИ / ПРИСТРОї ЗВ'ЯЗКіВ БЕЗПЕКИ / КОД БЕЗПЕКИ / CRC / MATLAB / МОДЕЛЮВАННЯ / SAFETY INTEGRITY LEVEL / RAILWAY APPLICATIONS / SAFETY-RELATED COMMUNICATIONS / SAFETY CODE / MODELING / УРОВЕНЬ ПОЛНОТЫ БЕЗОПАСНОСТИ / ЖЕЛЕЗНОДОРОЖНЫЕ ПРИЛОЖЕНИЯ / УСТРОЙСТВА СВЯЗИ БЕЗОПАСНОСТИ / КОД БЕЗОПАСНОСТИ / МОДЕЛИРОВАНИЕ

Аннотация научной статьи по компьютерным и информационным наукам, автор научной работы — Franekowa M., Lüley P.

Purpose. The authors according to requirements of the standard valid for safety-related communication between interlocking systems (EN 50159) analyze the situation of message undetected which is transmitted across BSC channel. The main part is orientated to description of model with CRC code used for messages assurance across noise communication channel. Methodology. For mathematical description of encoding, decoding, error detection and error correction is used algebra of polynomials. Findings. The determination of the intensity of dangerous failure caused by the electromagnetic interference was calculated. Originality. To obtain information on the probability of undetected error in transmission code and safety code and on the intensity of dangerous failure from the motel it was created program with graphical interface. To calculate the probability of undetected error for any block code (n, k) was created a supporting program that displays the probabilityof undetected error for selected interval of error bit rate. Practical value.From the measured and calculated values obtained by the simulation one can see that with increasing error bit rate is increasing also intensity of dangerous failures. Transmission code did not detect all corrupted messages therefore it is necessary to use safety code independent on transmission code in safety-related applications. CRC is not able to detect errors if all bits are logical 0.

i Надоели баннеры? Вы всегда можете отключить рекламу.
iНе можете найти то, что вам нужно? Попробуйте сервис подбора литературы.
i Надоели баннеры? Вы всегда можете отключить рекламу.

Текст научной работы на тему «Modelling of safety-related Communications for railway applications»

Наука та прогрес транспорту. Вкник Дншропетровського нацюнального ушверситету залiзничного транспорту, 2016, № 5 (65)

АВТОМАТИЗОВАН1 СИСТЕМИ УПРАВЛ1ННЯ НА ТРАНСПОРТ1

UDC 656.25-047.58

M. FRANEKOWA1*, P. LULEY2*

1 Faculty of Electrical Engineering, University of Zilina, Univerzitna St., 8215/1, Zilina, Slovak Republic, 01026, tel. +421 (041) 513 33 46, e-mail maria.franekova@fel.uniza.sk

2*Faculty of Electrical Engineering, University of Zilina, Univerzitna St., 8215/1, Zilina, Slovak Republic, 01026, tel. +421 (041) 513 33 46, e-mail peter.luley@fel.uniza.sk

MODELLING OF SAFETY-RELATED COMMUNICATIONS FOR RAILWAY APPLICATIONS

Purpose. The authors according to requirements of the standard valid for safety-related communication between interlocking systems (EN 50159) analyze the situation of message undetected which is transmitted across BSC channel. The main part is orientated to description of model with CRC code used for messages assurance across noise communication channel. Methodology. For mathematical description of encoding, decoding, error detection and error correction is used algebra of polynomials. Findings. The determination of the intensity of dangerous failure caused by the electromagnetic interference was calculated. Originality. To obtain information on the probability of undetected error in transmission code and safety code and on the intensity of dangerous failure from the motel it was created program with graphical interface. To calculate the probability of undetected error for any block code (n, k) was created a supporting program that displays the probability of undetected error for selected interval of error bit rate. Practical value. From the measured and calculated values obtained by the simulation one can see that with increasing error bit rate is increasing also intensity of dangerous failures. Transmission code did not detect all corrupted messages therefore it is necessary to use safety code independent on transmission code in safety-related applications. CRC is not able to detect errors if all bits are logical 0.

Keywords: safety integrity level; railway applications; safety-related communications; safety code; CRC; Mat-lab; modeling

Introduction

If the safety-related electronic system transfers information between different entities then the communication system is also part of a safety-related system and must be demonstrated that the transfer between end terminals is safe and in compliance with standard EN 50159 [5]. Safety-related communication system performs and fulfils safety functions with defined level of safety. Such a system includes a safety-related communication layer which contains all necessary mechanisms to ensure safety-related transfer of data [8]. Selection and use of a safety code and other recommended tech-

niques depends on whether is the possible unauthorized access to the system or not. This fact is very significant because in case of possible unauthorized access (malicious attacks) it is necessary to use cryptographic techniques with secret key. If there is no possibility of unauthorized access to the transmission system it is used non-cryptographic safety code (type A0). If the unauthorized access is possible we can achieve the safety by the transmission functions related with safety with the use of cryptographic mechanisms (type A1). Further is for this case used term cryptographic safety code. In case of possible unauthorized access can be used separate access protection layer (type B0 or B1).

Наука та прогрес транспорту. Вкник Дншропетровського нацюнального ушверситету залiзничного транспорту, 2016, № 5 (65)

Corruption of the message during transmission can be caused by the network user, by the failure of transmission medium, by the interference of messages or by electromagnetic noise. Errors of this type are categorized as unintentional attacks. They can be detected by the CRC (Cyclic Redundancy Check) or by the CS (Check Sum). Evidence of safety with respect to the safety integrity level and the nature of the safety-related process must demonstrate appropriateness of: probability of the detection of random error types and ability to detect all types of expected message corruption systematic types.

Safety code must be independent of the transmission code what can be achieved in two ways. One is to use different encryption algorithms and the second is to use different configuration parameters of the same algorithm. To meet the required safety integrity level must be the probability of undetected errors below specified limit. Safety code must be able to detect transmission faults (e.g. impact of EMI) and systematic faults in un-trusted transmission system caused by hardware failures. Safety code must also be able to detect typical faults of transmission system.

In the paper we work with the message type A0 because we do not expect unauthorized access to the transmission system. Each message will be secured with non-cryptographic safety code CRC-r.

Characteristic of safety code

Cyclic code is the most used code that can detect several multiple burst of errors. This code is one of the linear codes (n, k), for which is applicable the linearity property and also property that cyclic shift of code word creates again code word belonging to the code [6]. This feature is used in the construction of encoders, mainly by the use of linear shift register with feedback. From the group of cyclic codes in most communication protocols are used block systematic CRC codes marked CRC-r (where r is the number of redundant bits in the code word with length of n bits). For mathematical description of encoding, decoding, error detection and error correction is used algebra of polynomials [7].

If is used the safety code in transmission system it is necessary to demonstrate probability of undetected error during transmission below the

limit defined by particular application or standard to ensure the required safety level. Therefore it is necessary to calculate the maximum value of probability of undetected error of code word in the transmission system for every safety code. In case of syndrome detecting techniques we look for event when syndrome is zero (error was not detected) but during the transmission of the code word occurred error. This case is mathematically expressed by probability of code word error pned depending on the error bit rate pb of used channel. In the calculation are used statistical values of error bit rate of particular transmission speeds or if it is possible for particular application the channel is tested.

When calculating the probability of undetected errors are considered only errors arising due to interactions that cause the interchange of symbols. Errors to the improper synchronization are resolved by other safety means. The probability of undetected error for codes with unknown weight function can be calculated by following equation [4]:

Pned —'

1

\n-k

■ S

i=d min

( n >

V i J

Pb (1 - Pb Г ■ (1)

If the conjunction of n and pb is much smaller than one (npb ^ 1) the sum can be approximated by the first number of the sum. The equation 1 can be adjusted to following:

pned = '

1

\n-k

j-t dmin

Pb

■(1 - pb Г

(2)

where: n - total number of code bits, k - number of information part bits, dmin - minimum Hamming distance, pb - error bit rate of the communication channel.

The minimum Hamming distance dmin and the length of code word n are the basis for the construction of block codes. The systematic block code ( n, k ) has the upper limit of achievable minimal Hamming distance given by Varshamov-Gilbert inequality. For odd values of dmin applies equation 3 and for even values of dmin applies equation 4. Codes where these two equations are equal are called perfect codes [3].

Наука та прогрес транспорту. Вкник Дншропетровського нацюнального ушверситету залiзничного транспорту, 2016, № 5 (65)

2k I

( dmin

i=0

-1)/2

ГгЛ

V i /

< 2n

2k I

( dmn

i=0

-2)/2

( n -П

< 2

n—1

(3)

(4)

Error probability calculated according to the

equation 2 limits to the value 2-(^ = 2-r, what is the highest residual error rate of the code (equation 5). This value is stated as maximum value of undetected error for CRC-r codes [5]. The probability of undetected error can be then calculated by the following equation:

un det

= 2—

(5)

where r - number of redundant bits.

If the error is not detected by transmission code nor safety code while the data integrity was corrupted by EMI during the transmission of the message the intensity of dangerous failure caused by

EMI [6]:

Я E

is calculated according to equation 6

Я EMI = Psc . pTC .fcc

(6)

where: pSC is the probability of undetected failure of safety code, pTC is the probability of undetected failure of transmission code, pTC = 1 if the transmission system does not include a channel encoder

and channel decoder of transmission code, fcor is the frequency of occurrence of corrupted messages. In case of cyclic transmission of messages can be easily determined. In case of non-cyclic transmission of messages is this value estimated or set to the worst case scenario - all messages generated from the source are corrupted.

Description of realized model

Realized model of safety-related communication system with transmission code and safety code is shown in Fig. 1. In the figure is the scheme composed of seven blocks. Communication system consists of transmission system and two terminal equipment's TEi and TE2. Transmission system is composed of a communication channel CCH, encoder of transmission code ETC, decoder of transmission code DTC, encoder of safety code ESC and decoder of safety code DSC. The transmission system is untrusted if it contains only a communication channel and transmission code. The safety integrity level can be in this case defined as SIL 0. To achieve higher level of safety integrity SIL 1 to SIL 4 we have to add safety code for elimination of communication errors which are not detected via transmission code. The SIL level depends on the selected safety code.

Fig. 1. Safety-related communication system for two-point connection

r

Наука та прогрес транспорту. Вкник Дншропетровського нацюнального ушверситету з^зничного транспорту, 2016, № 5 (65)

Fig. 2. Model with a safety code and transmission code realized in Matlab [2]

In Fig. 2 is shown the model simulating the transfer of n messages secured with safety code and transmission code which was constructed in software tool Matlab, version 7.10.0 (R2010a) and Communications System Toolbox library [2].

The model is constructed to simulate the transmission of messages through safety-related communication system secured by transmission code and safety code for two-point connection. From the point of view of ensuring the transmission we are using the safety code and transmission code based on CRC-r. Length of information part of the message was set to 64 bits. In order to ensure the independence of both types of codes was the generating polynomial of transmission code selected from standardized polynomials. For safety analysis we used generating polynomial of 8th degree type G(x)= x8+x2+x+1, which is used for example in ATM link protocol. Safety code generating polynomial was also selected from standardized polynomials for safety-related applications. There was selected polynomial of 32nd grade

G(x)=x32+x30+x27+x25+x22+x20+x13+x12+ x11+x10+x8+x7+x6+x5+x4+1, which is used for example by the European Train Control System ETC S and if used separately it provides integrity level SIL 2. Model is designed so that we can simulate different error pattern. To trigger them we use three switches (S1, S2, S3). If we want to simulate transmission where the messages are affected only by functional block of binary symmetric channel (which generates random errors) S1 must be in position 1, on the position of S2 does not matter and S3 must be in position 1. If we want to simulate transmission where the mes-

sages are affected by functional block of binary symmetric channel and subsequently negated the position of switches is as follows: S1 - position 2, S2 - does not matter, S3 - position 1. If we want to simulate transmission where all bits are set to logical 0 the position of switches is as follows: S1 -does not matter, S2 - position 1, S3 - position 2. If we want to simulate transmission where all bits are set to logical 1 the position of switches is as follows: S1 - does not matter, S2 - position 2, S3 -position 2.

Results and comments

During the time simulations of safety-related messages we were changing the bit error rate (BER) of the binary symmetric channel (BSC) by changing of BER in the range 1.10-8 to 0,5 (values less than 10-8 have shown very low error rate). Time of the simulation was set to 100000 s for every error bit rate of binary symmetric channel to simulate transfer of 100000 messages with length 104 bits (64 bits of information part, safety code 32 bits and transmission code 8 bits). Each second was sent one message [2].

Fig. 4. Dependence of XEMI on pb [4]

Наука та прогрес транспорту. Вкник Дншропетровського нацюнального ушверситету залiзничного транспорту, 2016, № 5 (65)

In the Fig. 2 is shown intensity of dangerous failures caused by EMI in closed transmission system which is assured by transmission and safety codes depending on the real BER of the communication channel. The value (3,2742e-9) is the worst intensity of dangerous failure. This is calculated as conjunction of the value of worst probability of transmission code (2-8), value of worst probability of safety code and (2-32) and the frequency of corrupted massages, when all messages are considered as corrupted (3600). This implies that such transmission system complies with requirements for the safety intensity level SIL 4 classified for all system with high demand (10-9 < THR < 10-8).

Conclusions

The number of applications with higher SIL (Safety Integrity Level) for which is necessary to provide evidence of safety not only for hardware parts and software parts but also for the communication system is growing. The authors are in this papers dealing with the issue of safety-related communication and types of failures that may occur during transmission of safety-related messages. We focused on the requirements for the safety code according to standard EN 50159 with special attention to the cyclic code on the CRC principle. According to requirements of the standard it is necessary to demonstrate that transmission via real communication channel with safety code meets the required safety integrity level.

The main part of the article was orientated to model realization that simulates transmission of safety-related messages via communication system with closed transmission system at the level of two-point connection. We simulated transfer of messages for various settings of bit error rate of communication channel (model BSC). We also simulated transfer of messages in extreme fault condition as inversion of the message, all bits in logical 0 and all bits in logical 1. We applied limited binary error channel to test the integrity of the transfer with CRC-r safety code and transmission code for various lengths of simulated burst of errors. To obtain information on the probability of undetected error in transmission code and safety code and on the intensity of dangerous failure from the motel we created program with graphical interface. To calculate the probability of undetected error for any block code (n, k) was created a supporting program that displays the probability of

undetected error for selected interval of error bit rate. We can see from the measured and calculated values obtained by the simulation that with increasing error bit rate is increasing also intensity of dangerous failures. Transmission code did not detect all corrupted messages therefore it is necessary to use safety code independent on transmission code in safety-related applications. CRC is not able to detect errors if all bits are logical 0.

Acknowledgements

This work has been supported by the Educational Grant Agency of the Slovak Republic (KEGA) Number: 008ZU-4/2015: Innovation of HW and SW tools and methods of laboratory education focused on safety aspects of ICT within safety critical applications of processes control.

LIST OF REFERENCE LINKS

1. Bialon, A. Bezpieczenstwo i ryzyko na przyk-ladzie urz^dzen sterowania ruchem kolejowym / A. Bialon, M. Pawlik // Problemy kolejnictwa. -2014. - Z. 163. - P. 25-41.

2. Cauner, R. Models of transmission systems with cyclic code generation via SW tool Matlab for safety-related applications ; Slovak Diploma work / R. Cauner ; University of Zilina. - Zilina, 2015.

3. Clark, G. C. Error-Correction Codes for Digital Communications / G. C. Clark, Jr. and J. Bibb Cain. - New York : Plenum Press, 1988. - 422 p. doi: 10.1007/978-1-4899-2174-1.

4. Communication security of industrial networks: in Slovak Komunikacna bezpecnost' priemyselnych sieti / M. Franekova, F. Kallay, P. Peniak, P. Vestenicky. - Zilina : EDIS ZU, 2007.

5. EN 50159. Railway applications. Communication, signalling and processing systems. Safety-related communication in transmission systems. - 2010.

6. Franekova, M. Modelovanie prenosu dat v prostredi Matlab, Simulink a Communications Sytem Toolbox / M. Franekova, R. Pirnik, L. Pekar. - Zilina : Zilinska univerzita, 2014. -218 p.

7. Muzikarova, E. Teoria informacie a signalov / L. Muzikarova, M. Franekova. - Zilina : Zilinska univerzita, 2009. - 217 p.

8. Popov, G. Methods of increasing reliability of Semi-Ergatic Systems in extreme situation / G. Popov, M. Hristova, H. Hristov // Latest Trend in Applied Informatics and Computing : Proc. the 3rd Intern. Conf. on Applied Informatics and Computing Theory (17.10-19.10.2012). - Barcelona, Spain, 2012. - P. 225-231.

Наука та прогрес транспорту. Вкник Дншропетровського нащонального ушверситету залiзничного транспорту, 2016, № 5 (65)

iНе можете найти то, что вам нужно? Попробуйте сервис подбора литературы.

М. ФРАНЕКОВА1*, П. ЛЮЛЕЙ2

1 Каф. «Електротехшка», Жилшський утверситет, вул. Утверситетська, 8215/1, Жилша, Словацька Республiка, 01026, тел. +421 (041) 513 33 46, ел. пошта maria.franekova@fel.uniza.sk

2*Каф. «Електротехшка», Жилшський унiверситет, вул. Ушверситетська, 8215/1, Жилша, Словацька Республiка, 01026, тел. +421 (041) 513 33 46, ел. пошта peter.luley@fel.uniza.sk

МОДЕЛЮВАННЯ ПРИСТРО1В ЗВ'ЯЗКУ, ЩО ЗАБЕЗПЕЧУЮТЬ БЕЗПЕКУ НА ЗАЛ1ЗНИЦЯХ

Мета. Вiдповiдно до вимог стандарта до безпечного зв'язку в системах центратзацп (EN 50159) авторами проаналiзовано ситуац1ю невиявлених повщомлень про помилку, яка передаеться через канал двшко-во! синхронно! передача Основна частина статтi описуе модель i3 кодом циктчно! перевiрки, яка викорис-товуеться для забезпечення достовiрностi повiдомлень, переданих через канал зв'язку шумових перешкод. Методика. Для математичного опису кодування, декодування, виявлення i корекцй' помилок використову-еться алгебра многочлешв. Результати. Для отримання шформаци про ймовiрнiсть невиявлення помилки в кодi передачi та кодi безпеки, а також шформаци про штенсившсть небезпечних ввдмов, була створена програма з графiчним iнтерфейсом. Для того, щоб обчислити вiрогiднiсть невиявлення помилки для будь-якого блочного коду (n, k) була створена допомiжна програма, яка вiдображае ймовiрнiсть невиявлення помилки для обраного iнтервалу швидкостi передачi бiтiв помилки. Наукова новизна. У статп розраховуеться визначення iнтенсивностi небезпечних вiдмов, викликаних електромагнiтними перешкодами. Практична значимiсть. На основi вимiряних та розрахункових значень, отриманих за допомогою моделю-вання, можна зробити висновок, що зi збiльшенням частоти появи бiтiв помилки зростае також штенсившсть небезпечних ввдмов. Код передачi не може виявити всi пошкодженi повiдомлення, тому необхщно ви-користовувати код безпеки незалежно ввд коду передачi в додатках, пов'язаних iз безпекою. Код цинично! перевiрки не може виявити помилки, якщо всi бiти лопчш 0.

Ключовi слова: рiвень повноти безпеки; залiзничнi додатки; пристро! зв'язшв безпеки; код безпеки; CRC; Matlab; моделювання

М. ФРАНЕКОВА1*, П. ЛЮЛЕЙ2

1 Каф. «Электротехника», Жилинский университет, ул. Университетская, 8215/1, Жилина, Словацкая Республика, 01026, тел. +421 (041) 513 33 46, эл. почта maria.franekova@fel.uniza.sk

2*Каф. «Электротехника», Жилинский университет, ул. Университетская, 8215/1, Жилина, Словацкая Республика, 01026, тел. +421 (041) 513 33 46, эл. почта peter.luley@fel.uniza.sk

МОДЕЛИРОВАНИЕ УСТРОЙСТВ СВЯЗИ,

ОБЕСПЕЧИВАЮЩИХ БЕЗОПАСНОСТЬ НА ЖЕЛЕЗНЫХ ДОРОГАХ

Цель. В соответствии с требованиями стандартов для безопасной связи в системах централизации (EN 50159) авторами проанализирована ситуация необнаруженных сообщений об ошибке, которая передается через канал двоичной синхронной передачи. Основная часть статьи описывает модель с кодом циклической проверки, используемую для обеспечения достоверности сообщений, передаваемых через канал связи шумовых помех. Методика. Для математического описания кодирования, декодирования, обнаружения и коррекции ошибок используется алгебра многочленов. Результаты. Для получения информации о вероятности необнаружения ошибки в коде передачи и коде безопасности, а также информации об интенсивности опасных отказов, была создана программа с графическим интерфейсом. Для того, чтобы вычислить вероятность необнаружения ошибки для любого блочного кода (n, k) была создана вспомогательная программа, которая отображает вероятность необнаружения ошибки для выбранного интервала скорости передачи битов ошибки. Научная новизна. В статье рассчитывается определение интенсивности опасных отказов, вызванных электромагнитными помехами. Практическая значимость. На основе измеренных и расчетных значений, полученных с помощью моделирования, можно сделать вывод, что с увеличением частоты появления битов ошибки растет также интенсивность опасных отказов. Код передачи не обнаруживает все поврежденные сообщения, поэтому необходимо использовать код безопасности независимо от кода передачи в приложени-

Наука та прогрес транспорту. Вкник Дншропетровського нащонального ушверситету залiзничного транспорту, 2016, № 5 (65)

ях, связанных с безопасностью. Код циклической проверки не может обнаружить ошибки, если все биты

логичны 0.

Ключевые слова: уровень полноты безопасности; железнодорожные приложения; устройства связи безопасности; код безопасности; CRC; Matlab; моделирование

REFERENCES

1. Bialon A., Pawlik M. Bezpieczenstwo i ryzyko na przykladzie urz^dzen sterowania ruchem kolejowym. Problemy kolejnictwa, 2014, z. 163, pp. 25-41.

2. Cauner R. Models of transmission systems with cyclic code generation via SW tool Matlab for safety-related applications. In: Slovak. Diploma work, University of Zilina, 2015.

3. Clark G.C., Jr. and J. Bibb Cain. Error-Correction Codes for Digital Communications. New York, Plenum Press, 1988. 422 p. doi: 10.1007/978-1-4899-2174-1.

4. Franekova M., Kallay F., Peniak P., Vestenicky P. Communication security of industrial networks: in Slovak, Komunikacna bezpecnost' priemyselnych sieti. Zilina, EDIS ZU Publ., 2007.

5. EN 50159: Railway applications. Communication, signalling and processing systems. Safety-related communication in transmission systems. 2010.

6. Franekova M., Pirnik R., Pekar L. Modelovanie prenosu dat v prostredi Matlab, Simulink a Communications Sytem Toolbox. Zilina, Zilinska univerzita Publ., 2014. 218 p.

7. Muzikarova E., Franekova M. Teoria informacie a signalov. Zilina, Zilinska univerzita Publ., 2009. 217 p.

8. Popov G., Hristova M., Hristov H. Methods of increasing reliability of Semi-Ergatic Systems in extreme situation. Latest Trend in Applied Informatics and Computing: Proc. pf the 3rd Intern. Conf. on Applied Informatics and Computing Theory (17.10-19.10.2012) (AICT 2012). Barcelona, Spain. WSEAS Press, 2012, pp. 225231.

Prof. V. H. Sychenko, D. Sc. (Tech.) (Ukraine) recommended this article to be published

Accessed: 19 May, 2016

Received: 15 Sept., 2016

i Надоели баннеры? Вы всегда можете отключить рекламу.