A Framework to Evaluate 5G Networks for Smart and Fail-Safe Communications in ERTMS/ETCS

Roberto Canonico,Stefano Marrone,Roberto Nardone,Valeria Vittorini
DOI: https://doi.org/10.1007/978-3-319-68499-4_3
2017-01-01
Abstract:ETCS is an European system for high speed trains control and protection within ERTMS, the European standard for rail traffic management system. ERTMS/ETCS implementations use GSM-R for communications. As GSM-R is becoming obsolete, the adoption of more advanced technologies is investigated for next generation trains. New communication systems for railway infrastructures are expected to overcome the limitations of GSM-R, providing enhanced performance and reliability, as well as safety and security functionality to meet the requirements of the future signalling systems, control and users’ applications. While 4G technologies (LTE and LTE-A) are currently tested in a few field trials, railway operators should consider that fifth generation (5G) mobile communications technologies will soon be available. One of the foundational aspects of the 5G architecture is control-plane programmability, achieved through the SDN paradigm. Being aware that in a railway scenario this opportunity can be exploited to dynamically reconfigure the network behavior to better match the communication flows produced by moving trains, we aim at defining a framework, integrating formal modeling and analysis tools and techniques into a network emulator, to evaluate the impact on ERTMS/ETCS safety and security deriving from the adoption of an SDN model in the communication infrastructure. In this paper we describe a first step towards this objective, by presenting a first proof-of-concept implementation of the framework and its use to reproduce a simple railway infrastructure. In our current implementation, Finite State Machines are used to model communication protocols between ERTMS/ETCS entities and to automatically produce code and Promela models. Generated code is directly used to control the network behavior while the Promela model allows to generate and verify a network configuration by model checking.
What problem does this paper attempt to address?