• Our booking engine at tickets.railforums.co.uk (powered by TrainSplit) helps support the running of the forum with every ticket purchase! Find out more and ask any questions/give us feedback in this thread!

Is GSM-R Safety Critical equipment?

Status
Not open for further replies.
T

Tio Terry

Member
Joined
2 May 2014
Messages
1,178
Location
Spain
Last edited by a moderator:
Sponsor Post - registered members do not see these adverts; click here to register, or click here to log in
R

RailUK Forums

E

edwin_m

Veteran Member
Joined
21 Apr 2013
Messages
24,912
Location
Nottingham
Tio Terry said:
Is GSM-R Safety Critical equipment? I would have said the equipment is safety related but it’s use is safety critical. But anyway, it’s just a matter of Product Approval isn’t it?
Click to expand...
If used for signaling (as in ETCS Level 2 as proposed for HS2) it carries vital data such as the authority for a train to move.
 
T

Tio Terry

Member
Joined
2 May 2014
Messages
1,178
Location
Spain
edwin_m said:
If used for signaling (as in ETCS Level 2 as proposed for HS2) it carries vital data such as the authority for a train to move.
Click to expand...

Yes, but that just makes it a bearer system, just like a data link which could be provided by BT or any other carrier. The Safety Critical bit is in the interlocking and signalling system at either end.
 
kevin_roche

kevin_roche

Member
Joined
26 Feb 2019
Messages
930
Tio Terry said:
Is GSM-R Safety Critical equipment? I would have said the equipment is safety related but it’s use is safety critical. But anyway, it’s just a matter of Product Approval isn’t it?
Click to expand...
Tio Terry said:
Yes, but that just makes it a bearer system, just like a data link which could be provided by BT or any other carrier. The Safety Critical bit is in the interlocking and signalling system at either end.
Click to expand...
What engineers should be concerned with is what might be possible by Hackers. If the messages were changed to give a train a longer movement authority for example.

It also carries the current train position. If the position of a train were to become unknown or wrong. Hackers making a change to reported position. That could be critical.
Current encryption technology would prevent messages being changed in transit but technology will change over the next 50 years and its possible that encryption will get broken. The current encryption technology also relies on the private keys being kept safely. That can be an issue.
 
R

rf_ioliver

Member
Joined
17 Apr 2011
Messages
868
kevin_roche said:
What engineers should be concerned with is what might be possible by Hackers. If the messages were changed to give a train a longer movement authority for example.

It also carries the current train position. If the position of a train were to become unknown or wrong. Hackers making a change to reported position. That could be critical.
Current encryption technology would prevent messages being changed in transit but technology will change over the next 50 years and its possible that encryption will get broken. The current encryption technology also relies on the private keys being kept safely. That can be an issue.
Click to expand...

There are multiple systems for ascertaining the train position and a failure in any one of those should be detectable.

GSM encryption however is broken (A5/1 is weak and compromised, A5/0 is no encryption and can be turn on as necessary), downgrade attacks from 3G/4G system can do this as well. Then the whole management of PKI, especially key revocation is difficult to say the least (personal experience her).

The security threats however are much, much deeper than just the GSM-R protocol, but overall system integrity (which is the main goal) is maintained by multiple mechansims.
 
kevin_roche

kevin_roche

Member
Joined
26 Feb 2019
Messages
930
rf_ioliver said:
GSM encryption however is broken (A5/1 is weak and compromised, A5/0 is no encryption and can be turn on as necessary)
Click to expand...

I thought that might be the case. I didn't want to say that without some evidence. My own experience of encryption is in a different area and also a bit outdated. Thank you for making that clear.
 
E

edwin_m

Veteran Member
Joined
21 Apr 2013
Messages
24,912
Location
Nottingham
Putting a slightly different cast on it, GSM-R itself might not be safety-critical due to end-to-end encoding of the data passing through it, but interrupting it would severely disrupt a route that ran on ERTMS. If communication was lost then a train will have to make an emergency stop due to lack of movement authority. With a future Level 3 system the communication also confirms the position of the train so if it is lost the system will also have to stop all other trains in the area. Breaking the communication link is much easier than trying to decode the data, and attempting to generate and insert a message that will create an unsafe condition is harder still.
 
K

kaiser62

Member
Joined
10 Sep 2011
Messages
43
Location
Suffolk
rf_ioliver said:
There are multiple systems for ascertaining the train position and a failure in any one of those should be detectable.

GSM encryption however is broken (A5/1 is weak and compromised, A5/0 is no encryption and can be turn on as necessary), downgrade attacks from 3G/4G system can do this as well. Then the whole management of PKI, especially key revocation is difficult to say the least (personal experience her).

The security threats however are much, much deeper than just the GSM-R protocol, but overall system integrity (which is the main goal) is maintained by multiple mechansims.
Click to expand...

IMHO PKI is well past its sell by date. Slightly off topic so apologies for that. If anyone is interested in cyber security maybe another thread specifically about that would help.
 
O L Leigh

O L Leigh

Established Member
Joined
20 Jan 2006
Messages
5,611
Location
In the cab with the paper
Tio Terry said:
Is GSM-R Safety Critical equipment? I would have said the equipment is safety related but it’s use is safety critical. But anyway, it’s just a matter of Product Approval isn’t it?
Click to expand...

Discussions about encoding aside, yes GSM-R is safety critical equipment within the rail industry’s definition of the phrase.

Where train detection is done by axle counters the GSM-R emergency broadcast facility is your first and only line of protection in the event of an emergency. If you are unable to make or receive an emergency broadcast call you cannot alert the signaller or the drivers of other trains in the area of a situation or be alerted to one yourself. Even though the use of clips is still mandated as a first action, these only have any effect where there are track circuits. Therefore the GSM-R set in the cab being driven from must have at least this function working at all times.

On prep we are also required to check the DSD alarm function, for obvious safety reasons.
 
R

rf_ioliver

Member
Joined
17 Apr 2011
Messages
868
kaiser62 said:
IMHO PKI is well past its sell by date. Slightly off topic so apologies for that. If anyone is interested in cyber security maybe another thread specifically about that would help.
Click to expand...

Not sure what you mean by PKI is past its sell by date, but agree that a new thread for railway cyber security might be good idea --- mods?
 
Status
Not open for further replies.

Top