YANG Ming,QIU Xin-xi,CHEN Xiang-xian,HUANG Hai

DOI: https://doi.org/10.3969/j.issn.1000-3428.2012.19.062

2012-01-01

Abstract:This paper designs a safety-critical communication protocol according to the European standard EN50159 for the communication among the subsystems of Communication Based Train Control(CBTC).The protocol is connection-oriented and adopts many safety measures such as sequence number,timeout,safety code and so on.When transmission errors occur,the protocol makes the system fall into the safe state.In the end,the real-time response of the protocol is analyzed with the help of OPNET.Simulation results show that the real-time response of the protocol can well satisfy the requirements of CBTC application.Through the injection of a link failure during the simulation,the fail-safe function of the protocol is verified.So the safety-critical communication protocol designed is good enough to be applied in CBTC.

Xiaoli She,Jiyuan Zhao,Jian Yang

DOI: https://doi.org/10.1109/itsc.2014.6958124

2014-01-01

Abstract:Signaling system acts very important safety role in both national railway and urban rail transportation. This paper provides a formal verification framework on functional safety desired by railway industry application. The presented work chooses Colored Petri Nets for functional modeling and verification. The modelling approaches of internal faults and undesired external influences are proposed by introducing a countering place, and the verification criteria is established based on credible hazard set. An application of this framework on Communication Based Train Control system is also presented.

LI Qi-lin,CHEN Zai-ping,LIU Jing,LI Tong-li,ZOU Zhen-huan

DOI: https://doi.org/10.3969/j.issn.1673-095x.2006.04.010

2006-01-01

Abstract:Using MCU and communication protocol designed by ourselves,We have designed a set of intelligent monitoring controlling device on the base of existing alarm line.This device have many functions such as A.C.lighting,filament switching,fault locating and warning,fault classified warning,secondary filament online checking.It can both control and test the status and security of the signal lamps in the railway station.

Christian Schlehuber,Markus Heinrich,Tsvetoslava Vateva-Gurova,Stefan Katzenbeisser,Neeraj Suri

DOI: https://doi.org/10.1007/978-3-319-66266-4_21

2020-09-09

Abstract:We present the proposed security architecture Deutsche Bahn plans to deploy to protect its trackside safety-critical signalling system against cyber-attacks. We first present the existing reference interlocking system that is built using standard components. Next, we present a taxonomy to help model the attack vectors relevant for the railway environment. Building upon this, we present the proposed "compartmentalized" defence concept for securing the upcoming signalling systems.

Cryptography and Security

Yu Jiang,Hehua Zhang,Xiaoyu Song,William N. N. Hung,Ming Gu,Jiaguang Sun

DOI: https://doi.org/10.1109/compsac.2013.89

2013-01-01

Abstract:The train control system is a safety-critical embedded system. In this system, all buses and devices share the real time communication protocol, which is described in the standard IEC 61375. Many systems that comply the standard have been implemented and used in the real world railway, however, their safety checking is highly nontrivial. In this paper, we focus on the formal verification and implementation of the protocol described in the standard. The protocol is modeled as a network of timed automata, which are synchronized to describe the procedure of connection establishment and data transmission among vehicles. The stochastic factors such as time delay and packet loss are modeled in the channel module. Afterwards, we abstract some safety critical properties that are important to guarantee the correctness of the protocol. These properties are verified with the model checker Uppaal. Two properties are violated in the verification, and two corresponding bugs in the standard are fixed and proposed to the IEC. In order to prove the bugs we find, we implement two versions of the standard. The first is for the original description of the standard, and the second is for our fixed description. Both versions are tested with the D113 (a widely used general Multifunction Vehicle Bus control system implemented by the Duagon company), and we find that the second version works well, while the first fails. The second version for the fixed protocol is now used in the real world subway.

Lei Wang,Xi Wang,Minling Zhu

DOI: https://doi.org/10.2514/6.2010-8848

2010-01-01

Abstract:Distributed control system plays an important part in the application of satellite systems. However, there are integrated requirements (i.e., reliability, real-time capability, expandability, commonality, usability, economy and efficiency) for communication in these systems often used in hostile environments. The work presented here relates to a protocol named IRCBus (Industry High-Reliability Configurable Bus), which supports these requirements. And it also offers practical solutions. First of all, the protocol is formulated based on ISO/OSI (International Organization Standardization /Open System Interconnection) model and it includes four layers: Physical, DataLink, Network and Transport. And it proposes new ideas and improved methods in each layer draft and realization for these requirements. Then the high reliability is guaranteed by hot backup, three redundancy, bus isolation, retransmission law, data check and intrinsically safe explosion-proof; the real-time capability is realized by hardware system based on Field Programmable Gate Arrays (FPGA) and software system; the expandability for bus functions and network size is considered during the whole design; the usability is solved by system management function, installing law and uninstalling law; the low cost are achieved as follows: adopting common cable as transmission media; utilizing existing chip RS485 chip with rational circuit; the efficiency is improved by taking advantage of 8-bit data and 9-bit data in UART (Universal Asynchronous Receiver/Transmitter) protocol and other features. Moreover, it analyzes the protocol from communication principle perspectives. Lastly, in conclusion, it provides some discussion about extensions for Presentation layer (the sixth layer in ISO/OSI) and bus drive. rds: Protocol, IRCBus, Field bus

XU Ming,YANG Xian-hui,CHEN Feng-hua

DOI: https://doi.org/10.3969/j.issn.1001-8360.2011.04.010

2011-01-01

Abstract:The paper analyses the position and function of communication in execution of the train safety-critical system and the requirements to be satisfied with the failure frequency of train safety-related communication.The failure principles and mechanism of the safety-related communication system are discussed.In view of the safety-related communication system established on the basis of the non-trusted transmission system,the influence of safety codes and transmission codes on the train control system SIL is argued.Uncertainty of electromagnetic,environmental and other interferences is the main factor to cause the fact that the safety-related communication system cannot satisfy the safety indexes.The online safety monitoring principles and methods are illustrated,the quantitative relationship between the lengths of safety codes and monitoring cycles is given.Thus,an efficient monitoring tool is provided to ensure that the safety-related communication system remains safe while the environments are changing or other interferences occur.

Honghui Dong,Wenlong Peng,Siyang Qin,Limin Jia,Yong Qin

DOI: https://doi.org/10.4028/www.scientific.net/AMM.390.440

2013-01-01

Applied Mechanics and Materials

Abstract:Today, the rail traffic as a large capacity public transportation way gets rapid development in the world, in order to guarantee the train's safety, people use train network to monitor the train's real time status. But with the developing of safety requirement, the traditional MVB network's low transmission rate has been unable to meet the train safety monitoring's large capacity data transmission requirement, so people put forward the idea of industrial Ethernet. Industrial Ethernet although can meet the requirement of large capacity, high rate transmission requirement, but still in the initial development stage, there has no unified transmission protocol and interface specification, so research on transmission standard of train safety monitoring network with great data transmission capacity has become the new development direction. © (2013) Trans Tech Publications, Switzerland.

Xu WU,Si-ji HU,Yan-ping CUI,Qing LUO

DOI: https://doi.org/10.3969/j.issn.1003-3033.2005.04.020

2005-01-01

Abstract:The high-speed railway is new in China. Its safety is of great importance. In order to ensure its safety, the safety of infrastructure is of first importance. More important is to improve the safeguard by applying information technology and set up the information safeguard system. According to characteristics of high-speed railway and the theory of the safety system engineering, and referring to man-machine-environment system, the information safeguard system of the high-speed railway is established. Functions and component of each subsystem are introduced. Referring to the agent technology in artificial intelligence, the multi-agent system designed for information safeguard system of high-speed railway is proposed, which consists of the monitoring agent, judgment agent, diagnosis agent, processing agent, evaluation agent and management agent.

Fangmei Wu,Meng Li

DOI: https://doi.org/10.1109/ats.1999.810758

1999-01-01

Abstract:This paper illustrates the importance of safety testing of railway signaling computer control software in techniques and market development. A black-box testing scheme based on the current status is presented and key techniques to generate dynamic decisions table are also introduced. Any kind of computer interlocking control software can be tested effectively by the universal testing platform demonstrated in this paper. The test results of the software of 10 stations are given. It is verified that the testing platform is useful in discovering software faults, improving the reliability and safety of software control, administrating the quality of development and production of railway computer real-time control systems and standardizing the computer interlocking market.

Xiangxian Chen,Aiai Guan,Xinxi Qiu,Hai Huang,Jiquan Liu,Huilong Duan

DOI: https://doi.org/10.1080/17517575.2012.705021

2013-01-01

Enterprise Information Systems

Abstract:Railway signalling system is a safety-critical system to ensure railway safety and its development cost is huge. It is of great economic value to apply the generic signalling systems in different environments through configuration of different application data. In this paper, a new method to configure the application data completely and accurately is illustrated; in particular, a technique called automatic generation technology is introduced to automatically configure the functional logic of safety-critical systems, i.e. computer-based interlocking CBI system and automatic train protection ATP system. All of the application data are collected from the workflow among various departments through the enterprise system ES. Some application data are represented by models employing automatic generation technology, and the functional logic is then obtained through analysis using these models. A configuration platform based on the ES is developed in which both the efficiency and accuracy of the application data configuration are significantly improved. In addition, it is capable of reducing human errors to a maximal extent.

Xiangxian Chen,Dong Wang,Hai Huang,Zheng Wang

DOI: https://doi.org/10.1080/17517575.2013.835071

2014-01-01

Enterprise Information Systems

Abstract:Verification and validation of a railway signalling system is a crucial part of the workflow in railway signalling enterprises. Typically, the verification and validation of this type of safety-critical system is performed by means of an on-site test, which leads to a low efficiency and high costs. A novel method for the verification and validation of a railway signalling system is proposed as an application of the enterprise information system (EIS) technique. In this application, the EIS and the simulation test platform are combined together, which enhances the coherence and consistency of the information exchange between the system development and the system verification, to improve the work efficiency. The simulation and auto-test technology used in the system verification also lowers the human and financial costs.

Zhi-Feng Lv,Dan-Dan Liu,Xiang-Xian Chen,Hai Huang

DOI: https://doi.org/10.12783/dtcse/csma2017/17360

2017-01-01

DEStech Transactions on Computer Science and Engineering

Abstract:Power supply system is an important part of safety-critical computer platform for the railway signal control equipment. According to the basic architecture of dual-duplex platform, to meet the reliability requirements of safety-critical computer platform in EN50126, the power supply system is improved and better architectures is proposed. In addition, according to the EMC requirements of EN50121 railway standard, to solve some important EMC problems, the power system adopts the following design methods: transient voltage suppression, current-limiting and voltage dips suppression. Finally, this paper uses Reliability analysis Software to verify the effect of this power supply system design on system reliability, and uses experimental method to verify the function realization of EMC solutions.

CHEN Xiang-xian,GUO Qing,HUANG Hai

DOI: https://doi.org/10.3969/j.issn.1000-3428.2012.15.073

2012-01-01

Abstract:This paper designs a new dual-duplex safety-critical computer system used in the rail transport system including I/O module,CPU module and switch module.In the I/O module,the dynamic circuit design can make it achieve safe input and output data.In the CPU module,this paper presents a synchronization vote program based on Ethernet communication.In the switch module,it implements seamless switch by loop control.It is shown through functional and safety test that the dual-duplex safety-critical computer system can meet the needs of computer platform with high reliability and security.

Xinhong Hei,Weigang Ma,Lei Wang,Sei Takahashi,Hideo Nakamura

DOI: https://doi.org/10.1299/jsmestech.2009._360138-1_

2009-01-01

The Proceedings of International Symposium on Seed-up and Service Technology for Railway and Maglev Systems STECH

Abstract:More and more functional realizations rely on software in real time control systems, such as railway signalling system. In this paper, a modeling and verification methodology is presented for the object-oriented software system of railway signalling system. The methodology combines UML (Unified Modeling Language) and Petri nets to model and verify the specification requirements. The device specifications of railway interlocking system are modeled with UML, and dynamic behaviors are modeled and analyzed with Petri nets. We try to show the feasibility of improving the reliability and reducing revalidation efforts when designing and developing a decentralized railway signalling system.

Xiyang Zhang,Yongze Ma,Yanqing Zhao,Yanxin Li,Yi Hu

DOI: https://doi.org/10.1109/ICTech58362.2023.00073

2023-04-01

Abstract:Aiming at the problem that the existing application layer protocols (http, smtp, ftp) are difficult to fully meet the communication and transmission of industrial data in the network, this paper proposes an industrial Internet application layer protocol QSHQ (Quick-Security-HQ) that supports multiple underlying bearer protocols (MQTT, WebSocket) based on various factors such as security, real-time, versatility, and scalability. QSHQ (Quick-Security-HQ) unifies the format and message structure of industrial data in network transmission, avoids repeated design in industrial Internet development, and at the same time, addresses the security issues of transmission in industrial data networks. In the process of QSHQ message transmission, AES and RSA hybrid encryption technology is used to realize the encryption and decryption of data. Based on this, a set of CNC machine tool security interaction system is designed. The system shows that the protocol can avoid reading and tampering data in network transmission, avoid the network risk caused by the interconnection between CNC network and other networks, and has good real-time performance and versatility, which can provide basic support for industrial data in network transmission.

Engineering,Computer Science

Yongsheng Zhang,M. Liu

DOI: https://doi.org/10.1109/ICCSD.2019.8843009

2019-08-01

Abstract:In order to realize the timely and accurate alarm for abnormal conditions in train carriage, a scheme of safety warning system based on zigbee technology is proposed. The hardware and software architecture of the system are designed. Meanwhile, the workflow and implementation process of each node are elaborated in detail. The system is composed of five parts: sensor node, zigbee router, coordinator, video module and the intelligent terminal. Firstly, the decibels received by the sound sensor are judged through threshold and sent to the coordinator through zigbee router module. Secondly, the video module analyzes the video of the alarming carriage by means of artificial intelligence. Finally, the detailed alarm information is sent to the intelligent terminal. The development cost of the system is low and its installation and maintenance is convenient. It improves the monitoring facilities of train carriages, which can guarantee the accuracy and real-time of the warning. It has good expansibility and portability, which is of practical significance for improving the safety of train operation.

Computer Science,Engineering

YANG Yang,HUANG Xiaoqing,CAO Yijia,ZHANG Zhidan,HE Jie

2011-01-01

Abstract:As the security specifications for IEC 61850 P2P communication protocol(real-time communication),IEC 62351-6 recommends the adoption of authentication for ensuring the safety of data transmission.To meet the requirement for the data flow and data security objectives in IEC 61850 digital substations,a method of implementing identity authentication with extended safe message through SHA-1 and DES encryption is put forward.Through the security analysis,it can meet the confidentiality,integrity and validity of the message.Further,by taking the bus fault on the unified star and the ring network in the whole D2-1 substation as an example,the OPNET network simulation and calculation are applied to the process of authentication.It is proved that the substation communication program has both good security and real-time character.

H. Su,J. Wen

DOI: https://doi.org/10.2495/SAFE-V4-N4-315-328

2014-12-31

Abstract:Regional computer interlocking system (RCIS) is a signal control system, which performs all of the interlocking logic operations and implements the centralized control on multiple stations using one set of interlocking equipment alone. There are two diverse RCIS solutions in China, namely, the centralized interlocking scheme and the distributed interlocking scheme. The main deficiency of the former lies in that the entire system would be paralyzed once the central interlocking equipment fails. The latter overcomes the flaw of the former and can disperse the danger. However, it is not suitable for some small stations due to higher upfront investment. Hence, a better selection is that the two schemes are combined together to play their respective advantages and overcome each other's shortcomings. As a safety-critical system, the RCIS is broadly applied but the investigations on it are rarely reported in reliability and safety. Based on it, this paper establishes the Markov model of the RCIS and investigates its reliability and safety. During modeling some significant factors, such as common-cause failure, coverage rate of diagnostic systems, online maintainability, and periodic inspection maintenance, and as well as diverse failure modes, are fully considered. The relevant researches show that the combination of the two RCIS schemes possesses better safety and reliability, and is an ideal realization mode, not only for the stations but also for the open lines between the stations. Keywords Interlocking scheme, Markov model, railway signal, regional computer interlocking system (RCIS), reliability, safety. Language: en

Engineering,Computer Science

João Nunes,Tiago Cruz,Paulo Simões

DOI: https://doi.org/10.34190/eccws.23.1.2296

2024-06-21

Abstract:The railway infrastructure constitutes a type of operational technology (OT)-based critical infrastructure, which is expected to work 24x7, 365 days a year, and where the life expectancy of operational equipment often exceeds 30 years. In this domain, an operational anomaly compromising the OT system can cause a train accident or interrupt traffic, with potentially significant impact in terms of business as well as for passenger safety. Due to their relevance, railways are strategic assets of national interest and, consequently, targets of interest for cybercriminals and cyberwarfare activities. For instance, service interruptions may trigger ripple effects resulting in product shortages and widespread supply chain disruptions, with severe impacts for both the economy and national security. In a bid to optimise and streamline operations. the railway industry has recently started taking a series of significant steps towards digitization, with infrastructures experiencing a significant paradigm shift which, for instance, makes it possible to have centralised interlockings and Radio Block Centre (RBC) for an entire country, with geographical redundancy, ensuring the utmost availability and punctuality by moving the control logic to the cloud. Nevertheless, these developments must always be carried on within the scope of established cybersecurity standards and frameworks. This paper presents an analysis of the state of the art on railway cybersecurity, focused on the existing solutions based on the application of the CENELEC “Technical specification 50701 - Railway Application – Cybersecurity”, which is currently the latest European specification addressing railways, being designed to help suppliers, integrators, and operators to implement a cybersecurity risk assessment plan, the necessary controls, and the management of the complete system life cycle. Special attention will be paid to the conduit between the rail signal interlocking system, that controls the line signalling, and the Automatic Train Supervision (ATS) that runs in the Operational Control Centre (OCC), as this has been identified by the European Union Agency for Cybersecurity (ENISA) as one of the most critical systems identified by the operators of essential services.