Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ensuring safety in communication for signaling applications Based on EN 50159:2010 1.

Published byBeatrice Mathews Modified over 8 years ago

Similar presentations

Presentation on theme: "Ensuring safety in communication for signaling applications Based on EN 50159:2010 1."— Presentation transcript:

1 Ensuring safety in communication for signaling applications Based on EN 50159:2010 1

2 Background More and more Signalling applications are using transmission of safety information on Indian Railways. We are moving from copper cable to optical fiber or even wireless media How safety is ensured during transmission of digital information? What are Open communication and closed communication systems?. EN 50159:2010 is the standard which deals with all above. 2

3 Content Some examples from Indian Railways Role of transmission medium in safety. What can go wrong in Transmission? (Modes of errors) What required to be done? (Various defences) Which defences to be used and where? Quantifying errors. Classification of Transmission systems (Open and Closed) Discussion on safety in open and closed systems Examining the examples in light of discussions done. 3

4 Example: Change of medium for block working through UFSBI on copper cable Changing medium to point to point wireless link using free frequency band of 2.4 GHz. It is obvious that Additional safety is required for wireless medium. 4 What may be additional safety measures? What are the parameters which affect the quantitative assurance?

5 Another example which is not so obvious It is to be worked on Optical fiber cable Existing Axle counter working on quad cable It is to be worked on digital transmission medium 5

6 Change of transmission medium for Axle Counter Whether do we need to relook the safety aspect in such cases? Here the questions are If yes, then understanding the issues involved in such cases. 6

7 Role of Transmission medium Safety is function of transmission medium’s characteristics. But, No safety requirement is placed on the Transmission system However certain performance level is required from transmission medium in some cases. The communication safety requirements are fulfilled signaling device. The safety case for a signaling device is for a particular transmission system. 7

8 What can go wrong in Transmission? The messages carrying safety information may be subject to following errors; Deletion : A message can be deleted due cable cut. It can cause unsafe situation if e.g. deleted message was to change status from track clear to track occupied. Data Corruption (bits in errors) some bits changed during transmission It can be due to EMI or deliberate by attacker Unsafe if undetected at the receiver 8

9 What can go wrong in Transmission? Repetition It means that an old message is again sent to the recipient. This can be by attacker, known as replay attack Alternatively it can also be caused when a non-safety device (like NMS) is also sharing the same transmission system and it resends an earlier stored message due to some fault. If such repeated message says e.g. “Line clear” when actually it is not, it can lead to unsafe situation. Insertion attacker inserts a message permitting movement of train when it should not be happening re-sequencing (out of sequence) Due to hardware failure the message sequence is changed or the message reaches out of sequence e.g. in IP based network or attacker changes the sequence of the message. 9

10 What can go wrong in Transmission? (Contd.) Delay Delay can cause unsafe condition due to same reasons as deletion. The delay may be caused by congestion in network. The congestion may be caused by other non - safety applications sharing the network or by attacker by overloading the network. Masquerade (impersonate, disguise oneself as) If attacker X intercept message from A to B and replaces by its own message pretending to B as if message coming from A, this attack is known as masquerading 10

11 What is required to be done ? Failure to detect error at the receiver can lead to Unsafe situation We have to use various techniques (defences) to detect various message errors. We aim to bring probability of undetected error below a required level. This probability will depend on probability of each type of error and the type of defences used. Probability of each error depends on type of transmission medium used. E.G. probability of bit error is more for wireless and less for optical fiber.

12 Various techniques to detect errors (defences) – Sequence number Detect out of sequence message Detects repeated message – Time stamp; Detects delayed message – Time-out; Protection against deleted message – Source and destination identifiers Detects message from stated source – Safety code Detects Data corruption – Cryptographic techniques Used when chances of un-authorised access to detect message errors cause deliberately by attacker

13 Requirement of defenses  The type of defense will depend on the types of likely errors  Types of errors depend on Type of transmission systems.  Parameters of various defences will depend on type of transmission medium e.g. length of error correction code.  Cryptographic techniques are normally used only in those cases where there are chances of unauthorized access 13

14 Quantitative analysis: Probability of undetected error It will depend on Message rate Likelihood of bit error Hardware fault rate of transmission system Length of safety code (error correcting code). The error correcting code being used by transmission medium etc.

15 Classification of Transmission system Transmission system affects the safety in the following ways  The technical properties of the system which affect reliability, availability, delay in transmission and  Consistency of the performance, as the deterioration will affect safety.  Access to the system by unauthorised user, the degree of control which can be exercised over other users sharing the transmission system etc. 15

16 Classification of Transmission system Keeping these criteria in view, the transmission system is categorised in three categories: Category 1 (Closed system): Category 2 (Open System): Category 3 (Open System): Why classify: Different safety requirements are placed on the communication module depending upon the type of system is likely to be used. Before working out requirements we try to identify the type of transmission system.

17 Classification of Transmission system The systems which do not meet any of the above conditions are Open transmission systems. Open systems are further divided into two categories based on the risk of un-authorised access. Open system (Category 2): When risk of unauthorised access is negligible. Open system (Category 3): When risk of unauthorised access is there. Closed transmission system (Category 1): The number of equipments connected to the transmission system are fixed. The configuration of transmission system is defined The characteristics of transmission system (under worst case) are known and fixed. 17

18 Some examples of categories of transmission systems (Ref EN 50159) Category 1 Closed): Close air gap transmission e.g. track balise to train antenna; Industry standard LAN subject to fulfilment and maintenance of the preconditions. Category 1 Closed): Close air gap transmission e.g. track balise to train antenna; Industry standard LAN subject to fulfilment and maintenance of the preconditions. Category 2 (Open): Industry standard LAN connecting different systems (safety related and non-safety related) within a controlled and limited area. WAN belonging to Railways; Leased permanent point to point circuit in public telecom network; Radio transmission system with restricted access (e.g. using proprietary scheme of modulation, impossible to reproduce with off the shelf or affordable lab equipments) Category 3 (Open) : Internet, Circuit switched data radio (e.g. GSM-R); Packet switched data radio (e.g. GPRS); Short range broadcast radio (e.g. wi-fi); Radio transmission system without restrictions. Category 3 (Open) : Internet, Circuit switched data radio (e.g. GSM-R); Packet switched data radio (e.g. GPRS); Short range broadcast radio (e.g. wi-fi); Radio transmission system without restrictions. 18

19 Relation between category of transmission systems and threats Category Threats Closed Transmission system (Cat. 1) Open system with negligible chances of unauthorized access (Cat 2.) Open system with chances of unauthorized access (Cat 3.) Repetition +++ Deletion +++ Insertion +++ Re-sequence ++++ Corruption ++ Delay +++ Masquerade --++ Key: ++ Threat exists, strong counter measures required, + Threat exists but rare, weak countermeasure sufficient, - Threat can be neglected 19

20 Implementation of Safety in Closed transmission system Use of safety code: 1.Safety code is used to detect message corruption. E.g. CRC 2. The safety code shall be different from any error detection/ correction code being used by transmission system. 3. The probabilistic analysis of the performance of the safety code shall be as per requirement of safety target.

21 Ensuring safety in Closed communication system: Quantitative analysis Working out length of safety code based on SIL: It is worked out on the basis of overall error model signalling device and transmission system. It is related to probability of residual data error rate (undetected data errors). Length of safety code can be worked out to achieve the desired safety levels.

22 Summary : Safety in closed transmission system The safety case is involves error model of non- trusted transmission system also. Therefore the SIL certification for a particular closed transmission system may not be valid for another transmission system. The physical characteristics of the transmission system are fixed. If major parameters are changed, all safety related aspects shall be reviewed.

23 Examining in view of discussion held It is to be worked on Optical fiber cable Existing Axle counter working on quad cable 23

24 Examining in view of discussion held When worked on OFC: a.The errors due to EMI will be reduced; b.The modem is replaced by another device to convert RS 232 C serial data to optical signal. Its error detecting and correcting mechanism will come into play. c.Alternatively, the modem is also retained and resulting analog signal to be converted into optical signal. The error model of this device need to be worked out and taken into account. d.The device being used for converting electrical to optical signal may have to be specified and will become part of safety case. 24

25 Safety in open transmission system In open system, there is no control on transmission parameter and also the other users sharing transmission systems are unknown, therefore stronger measures like longer safety code is required. Cryptographic technique is used where unauthorized access can not be ruled out. In cases where un-authorised access is not ruled out, the safety is determined mainly by strength of cryptographic means like length of safety code or length of key. 25

26 Safety in open transmission system (Contd.) Ensuring Authenticity: Putting source address on the message does not ensure authenticity as unauthorised person may replace the original message with its own message retaining the valid source address. Ensuring Integrity (implying correctness of data): Use of error detection code does not ensures Integrity as unauthorised person may replace the original message with its own message with recalculated error detection code. Authenticity and Integrity both can be ensured by Message Authentication code (MAC) which is a cryptographic technique and requires use of shared secret key by both source and receiver.

27 Safety in open transmission system (contd.) Replay attack: However MAC does not prevent replay attack. In this attacker can store previous valid message and send to the receiver after some time. e.g. track clear message sent on earlier occasion is stored by the attacker and sent again when the track is not clear. Sequencing and time stamp will prevent replay attacks because the sequence and time will be different from what was expected at receiver. Enciphering is another technique to prevent attacks from unauthorized person. Here entire message is encrypted using secret key. Management of Secret key (its generation, storage and distribution) is very important aspect, so that it is not intercepted by the attacker while being distributed.

28 Safety in open transmission system: Quantitative analysis The probability of changes in the message going undetected depends on length of MAC. 28 Sufficient length of MAC is worked out to meet the required SIL. Similarly in case enciphering is used in place of MAC, then length of secret key and choice of cryptography algorithm will determine the safety level. Possible defense against a message delay may be to use time out in the receiving equipment.

29 Coming back to earlier example: Block working through UFSBI on point to point wireless link using free frequency band of 2.4 GHz. The issues are Categorization either as category 2 or category 3 mainly being wireless communication. Types of wireless devices used, i.e. type of modulation. Incorporation of necessary defences Use of cryptographic techniques if necessary with selection of key length or MAC as per required safety level. Quantitative analysis to show achieving desired safety level.

30 Thanks 30

Download ppt "Ensuring safety in communication for signaling applications Based on EN 50159:2010 1."

Similar presentations

Module 1 Evaluation Overview © Crown Copyright (2000)

Module 1 Evaluation Overview © Crown Copyright (2000)
Switching Techniques In large networks there might be multiple paths linking sender and receiver. Information may be switched as it travels through various.

Switching Techniques In large networks there might be multiple paths linking sender and receiver. Information may be switched as it travels through various.
Networking | Hardware Components

Networking | Hardware Components
Why to learn OSI reference Model? The answer is too simple that It tells us that how communication takes place between computers on internet but how??

Why to learn OSI reference Model? The answer is too simple that It tells us that how communication takes place between computers on internet but how??
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1 Fall 2005 Hardware Addressing and Frame Identification Qutaibah Malluhi CSE Department Qatar University.

1 Fall 2005 Hardware Addressing and Frame Identification Qutaibah Malluhi CSE Department Qatar University.
Shalini Bhavanam. Key words: Basic Definitions Classification of Networks Types of networks Network Topologies Network Models.

Shalini Bhavanam. Key words: Basic Definitions Classification of Networks Types of networks Network Topologies Network Models.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Networking Theory (Part 1). Introduction Overview of the basic concepts of networking Also discusses essential topics of networking theory.

Networking Theory (Part 1). Introduction Overview of the basic concepts of networking Also discusses essential topics of networking theory.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
Semester 4 - Chapter 4 – PPP WAN connections are controlled by protocols In a LAN environment, in order to move data between any two nodes or routers two.

Semester 4 - Chapter 4 – PPP WAN connections are controlled by protocols In a LAN environment, in order to move data between any two nodes or routers two.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Review on Networking Technologies Linda Wu (CMPT 471 2003-3)

Review on Networking Technologies Linda Wu (CMPT )
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Communicating over the Network Network Fundamentals – Chapter 2.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Communicating over the Network Network Fundamentals – Chapter 2.

Similar presentations

Ads by Google