Successful development and integration of an SIL4 protocol stack for the rail industry
As digitalisation progresses, new challenges for railway infrastructure operators are starting to make themselves known. The continuous collection and evaluation of data by different systems leads to a multitude of interfaces that must be carefully coordinated and controlled. The European initiative EULYNX was created to address these challenges. Involving 14 railway infrastructure operators, EULYNX aims to standardise the interfaces and elements of signalling systems. Switzerland is represented in the initiative by SBB.
IWhen it came to modernising its signal boxes, SBB had the options of EULYNX architectures on an embedded platform examined by means of a proof of concept (PoC) investigation. Emphasis was placed on running safe and unsafe applications on the same platform at the same time. For this purpose, a protocol stack for the “RaSTA” (Rail Safe Transport Application) safety protocol was implemented and a PoC carried out to demonstrate that it could be integrated into a tried-and-tested platform used by the aviation industry, while also complying with the normative requirements of EN50128, EULYNX and the maximum safety level (SIL4).
SBB decided to rely on the expertise of CSA Engineering AG for the implementation of this task.
CSA implemented the RaSTA protocol stack based on Aviotech’s SCORPOS platform. The RaSTA protocol stack forms the link between the signal box and the object controller (OC) and is therefore a core element of the system. The OC is used to control outdoor installations such as light signals, points and train detection systems. The purpose of the stack is to ensure reliable data transmission with no undetected data loss. The protocol stack has a redundant design and is continuously monitored by means of a heartbeat. To ensure secure and maintainable communication, the CSA engineers integrated TCP/IP, TLS and OPC UA into the platform. It was not only the protocol stack itself that was implemented by CSA, but also the OC partitions in line with EULNYX Baseline 4 Release 1, field applications for the various OC outdoor facilities and the overall integration of the OC PoC. A light signal was used to simulate a real outdoor element in the field.
In June 2022, CSA was able to demonstrate the feasibility of integrating the RaSTA stack. This was presented by SBB at the EUG safety conference in October 2022. The demo showed the successful segregation of the applications with corresponding error handling. Each field application is operated separately from the others and, in the event of a fault, only the affected part of the system is switched to the safe state. If an error affects the entire system, all field applications immediately go to the safe state.
In addition to the actual development of the stack, there was a further challenge in terms of compliance with railway standards, in particular EN50126 and EN50128. CSA employees developed and documented their work according to the specified V-model and sequential phases of the standard, starting with the specification of the system, then on to its implementation, component and integration tests, and finally the validation of the system. The development was evaluated by TÜV. The development was evaluated by TÜV, which issued a positive inspection report in late 2022. As a result, SBB now has a tested reference stack including a verification kit.
For further details, please refer to the June 2023 issue of Signal & Draht (in German), in which SBB published the report «Integrated safety and security through software-based segregation in the EULYNX Object Controller».
Download the article (german only) >
The successful development and integration of the SIL4 protocol stack for the railway industry underscores CSA’s expertise and experience. With its understanding of complex systems, careful compliance with railway standards and quality assurance, CSA proves that it is a competent partner for projects with heightened safety requirements.