|
|
Railway Signalling Using
Wireless Sensor Networks
Sandeep Patalay
Sr. IT Engineer, CMC Ltd
Abstract
Railway Signalling is safety critical domain, where still traditional technology is in use. There are many reasons for using traditional technology; one of the main reasons being the proven Safety performance of the older systems (Relay Based). As the rail traffic is increasing and with higher speed of trains there is an acute need for modernization of Railway Signalling Technology. Even with the advent of Microprocessor based technology, the problems have not been solved.
This article proposes the use of Wireless sensor networks in Railway Signaling domain which combines the Ground base signalling and the On–Board Signalling, which is suitable for high Speed Railway Traffic. The article gives brief idea of the architectures of a Sensor Node, Driver node, Gateway Node and Base Station. It discusses the network Architectures and the Routing algorithms to be used in the sensor networks. It also discusses the design of Control laws (Interlocking Logic) for safe movement of trains and also the failsafe techniques to be used in the design of such Technology. It also describes the challenges in using the Concept of Wireless Sensor Networks in Railway Signalling Domain.
Contents
1.3.1. Route Relay Interlocking
1.3.2. Solid State Interlocking (SSI) or
Computer Interlocking System (CIS)
2. Existing Interlocking
systems and their Limitations
2.1. Route
Relay Interlocking (RRI)
2.2. Computer
based Interlocking System (SSI)
2.2.1. Challenges faced by Computer based
Interlocking Systems
3. Proposed Architecture
of Signalling Systems in Railways
3.2.1.1 Flat
routing algorithm
3.2.1.3 Pulse
routing algorithm
4.1. Fail
Safe Tech used in the design of Control Laws (Interlocking Logic)
4.1.2. Boolean Equation Method
5. Challenges in using
Wireless Sensor Networks in Railway Signalling
6. Future Work and
Conclusions
List of Figures
Figure 1:
Typical Relay Circuit
Figure 2: A
Typical Solid State Interlocking System in a Station Yard
Figure 3:
Typical RRI Installation
Figure 4:
Typical SSI Installation
Figure 5:
Typical Architecture of a Sensor Node..
Figure 6:
Typical Architecture of a Base Station..
Figure 7:
Typical Architecture of a Driving Node..
Figure 8:
Futuristic Model using Sensor Networks in Railway Signalling
Figure 10:
Failsafe Hardware for Sensor Node
Figure 12:
Hardware Redundancy
Figure 15:
Diverse software on redundant hardware..
Figure 16:
Diverse software on Diverse Hardware
The railway signalling domain is a safety critical domain, where safety is given utmost importance. The railway signalling domain is mostly operated using traditional technology, which is considered safe and time proven. The New advances in technology have not been able to solve age old problems of safety and reliability. Here we give brief of the signalling domain and signalling concepts
Railways traverse through the length and breadth of the country covering 63,140 route kms, comprising broad gauge (45,099 kms), meter gauge (14,776 kms) and narrow gauge (3,265 kms). As the principal constituent of the nation's transport system, Indian Railways own a fleet of 2, 16,717 wagons (units), 39,236 coaches and 7,739 number of locomotives and manage to run 14,444 trains daily, including about 8,702 passenger trains. They carry more than a million tonne of freight traffic and about 14 million passengers covering 6,856 number of stations daily.
Harnessing the potential of these vast and widespread assets to meet the growing traffic needs of developing economy is no easy task and makes Indian Railways a complex cybernetic system. Over the years, Railways have built up an elaborate and well established manual information system to help them monitoring their moving assets. Supported by a dedicated voice communications network, it collects and transmits information from the remotest corners of the country to control centres, at the highest level. The size and complexity of their operations, growing traffic and changing technologies, placed inevitably a heavy burden on this manual information system. Need for its modernization was therefore felt for sometime.
The most important part of the railways to carry
out operations like safe movement of trains and communications between
different entities is Signalling. The Railway signalling is governed by a
concept called Interlocking. A railway interlocking system controls the traffic
in a railway station, and between adjacent stations. The control includes train
routes, shunting moves and the movements of all other railway vehicles in
accordance with railway rules, regulations and technological processes required
for the operation of the railway station.
The are different types of Interlocking Systems
available like cabin Interlocking System (Mechanical Interlocking), Panel Interlocking System (PI), Route Relay
Interlocking System (RRI) and Solid Sate
Interlocking System (SSI) also known as
Computer Interlocking System (CIS). The cabin Interlocking system is obsolete
and the Panel interlocking is slowing becoming obsolete. The Route Relay
Interlocking System is the widely used system. In the present age of
Information technology, the relay based technology is slowly being phased out
and replaced with SSIs, but there are operational issues with Computer based
interlocking systems.
A station yard consists of Signals, Track
Circuits and Points. These elements are the deciding factors in the safe
movement of trains. For Safe movement of trains, some of the factors such as the
track on which the train travels is unoccupied until a safe distance, no
Conflicting Movement with any other train(s) Etc. are considered.. The presence
of the train on certain portion of the track is detected by a device called
Track Circuit. The object which gives the information to the train driver is
the signal. The Object used to divert the direction or set the direction of the
train is a point. All these objects such as Signals, track Circuits and points
etc form input to a Centralized system, which monitor the state of these
devices and based on the Interlocking rules and Commands given by the station
master decide the safe movement of trains inside a station yard. So all the
elements in the yard are interlocked with one another, thus the term INTERLOCKING comes in to existence. The
Control laws or better known as Interlocking rules which decide the safe movements
of trains have evolved over a period of 150 years of experience gained in
operating trains. These Controls laws are extremely complex.
In Route Relay Interlocking or popularly known
as RRI, the Control Rules are implemented using Relays. These relay based
circuits implement all types of Logic and take inputs from Signals, Points and
Track Circuits Etc. in the form of relays. The Command to set and clear the
route for the train is taken in the form of button form the Station master’s
console (Control cum Indication panel). When a command is given the RRI checks
if the command given is safe and takes necessary action, but if the command
given by the station master is invalid and unsafe it does not execute it.
The output of the Interlocking Logic is also a relay, which in turn drive the signals and Point Machines associated with points. RRI till date is the safest system implemented, because it implements the proven interlocking rules and also since the Relays used in RRI are inherently failsafe, they (Contacts) drop to safe state due to gravity even when power supply is not available or in any kind of malfunction.
The relays circuits are build using the station Control Table as the input document and the interlocking rules as the Logic. The Control table decides the possible movements of the train inside a station yard and its relationship with other stations.
Example of
Typical Control law or Interlocking Equation:
ASSIGN ~59EMTEZ * (L60HS * 59NWC + L60AHS * 59RWC + ~59TPS * R62VS) TO R62VS;
Implementation
of the above equation using relays:
Figure 1: Typical Relay Circuit
An Interlocking System When built using Electronics replacing traditional Mechanical Levers and Electro mechanical relays is called as Solid state Interlocking System. The Same Interlocking rules or control equations used in RRI form the basis here also. The relays used to form the logic circuits in RRI are replaced by software variables. The field inputs are collected using digital input cards and outputs are given using digital output cards. The processing is done by a processor where the virtual relays (Software Variables) are evaluated using the Interlocking equations, which are now in digitized form either as Algorithms, Boolean equations or state charts in the processor memory. These algorithms now being executed by the processing unit take appropriate action.
SSIs are required to replace the existing RRI and PI Systems Since the traditional systems are very expensive and difficult to maintain because of the huge number of relays and mechanical levers used. SSIs are a better solution to the older systems since they are costing only ¼ the cost of RRI or PI and the maintenance cost is negligible and are easy to maintain.
Figure 2: A Typical
Here we discuss the existing systems used for railway traffic control and their system architectures. We also list out the limitations these systems have in the current scenario
In traditional RRI (Route Relay Interlocking) systems the interlocking logic is implemented through electromechanical relays. In a typical four road station the number of relays used to implement this type of logic would in the order of 1000 relays and wiring is so complex that the time taken to install and commission a RRI is very long. The testing of the system requires the total station to be setup and testing done during normal train operation. The maintenance of RRI systems is costly and complex. So the need for a better system which would reduce the number of relays and maintenance was needed.
A brief list of issues that explain why RRIs are not suitable in the present age of Information technology
Due to the above listed reasons, we conclude that RRI is not acceptable to present day scenarios where traffic needs are growing continuously and the demand for speed of trains in continuously going up
Figure 3: Typical RRI Installation
In SSI system the relays used to implement the interlocking logic in RRI would be simulated by software variables and only the final Output driving relays are needed, so the number of relays is reduced to ¼ of the total RRI relays. The Installation time is also greatly reduced to 1/5 of the RRI installation time and the testing can be simulated and be done even at the factory. Thus the need for a SSI System aroused. The Control Laws or the Interlocking equations are modified as software algorithms and are stored in the embedded system memory. The control table of the station yard which gives the possible movements of the trains in the yard is stored as look up tables in software.
Advantages of SSI over RRI:
Figure 4: Typical SSI Installation
As Discussed in the above chapter, the existing systems used for signalling in railways have limitations in terms of Operations and Technology. These systems have not used the latest advances in the field of Information Technology. There is need to upgrade the existing Railway Signalling Infrastructure and addition of new technologies like fail safe wireless communications which shall combine both the ground based signalling (Interlocking Systems) and the Locomotives (On Board Computers of the train), so that the operation speed of the trains can be increased and thus leading to safe systems with very low accident probability, better utilization of the track and increased profits to railways. In this chapter we shall propose the futuristic model of signalling in railways using the most recent advance in the Wireless Sensor Networks (WSN). We shall also propose a formal approach to be taken in making Control Algorithms for safe movement of trains
A wireless sensor network (WSN) is a wireless network
consisting of spatially distributed autonomous
devices using sensors
to cooperatively monitor physical or environmental conditions, such as temperature,
sound, vibration,
pressure,
motion or pollutants, at different locations. The development of wireless
sensor networks was originally motivated by military applications such as
battlefield surveillance. However, wireless sensor networks are now used in
many civilian application areas, including environment and habitat monitoring,
healthcare applications, home automation, and traffic control.
Each node in a sensor network
is typically equipped with a radio
transceiver
or other wireless communications device, a small microcontroller,
and an energy source, usually a battery. The envisaged size of a single sensor node
can vary from shoebox-sized nodes down to devices the size of grain of dust,
although functioning 'motes' of genuine microscopic dimensions have yet to be
created. The cost of sensor nodes is similarly variable, ranging from hundreds
of dollars to a few cents, depending on the size of the sensor network and the
complexity required of individual sensor nodes. Size and cost constraints on
sensor nodes result in corresponding constraints on resources such as energy,
memory, computational speed and bandwidth.
As per the above definition of a sensor node,
sensor node can be used in railway signalling scenario to detect the presence
of train, serving the purpose of track circuits, to detect the aspect of the
signal and its health and detect the position of points and alsodetect the
presence of vehicles at level crossing gates etc. When the sensors detect the
event being monitored (Presence of train, Change of aspect in a signal,
Movement in a point, Movement near a Level Crossing gate etc), the event needs
to be reported to one of the base stations, which can take appropriate action.
Depending on the exact application, different objective functions will require
different data-propagation strategies, depending on things such as need for real-time
response, redundancy of the data (which can be tackled via data
aggregation techniques), need for security, etc.
Apart form the above discussed points, a sensor
node can also be installed in on board systems like train engine to monitor the
different aspects like speed, brake pressure etc. so that these can be used by
the ground based equipment (Interlocking Systems) to process the data and take
appropriate action in case of abnormal conditions.
Sensor nodes communicate with each other by wireless means, using the IEEE 802.11b wireless technology. The deployed network has typical inter-nodal distances of 400m, and the furthest reliable communications range we have achieved in the field is about 600m, therefore nodes at the edges of the network must use nodes between themselves and the gateway as data relays when communicating with the gateway. To fulfill this requirement, the nodes form an ad hoc network, where each node aims to form as many communications links to other nodes in the network, where possible.
Figure 5: Typical Architecture of a Sensor Node
Gateway nodes are important elements in a sensor network since they provide the ability to establish long range reach-back communication in order to retrieve critical data to remote locations. Gateways connect sensor clusters to wired networks. All communication with the user within the sensor network goes through the gateway node. The data is then transmitted to the base station where all the processing of the data takes place
The Base station receives the data from all the
sensor nodes through the gateway and processes them. The base station in a
railway signalling scenario consists of wired network connection to the
gateway(s). It consists of a processing unit which is responsible for executing
the Control algorithms (Interlocking Rules) and the station specific data to
allow safe movement of trains. As opposed to the traditional interlocking
systems, the base station here can be used to communicate to the onboard
computer of the train and facilitate safe speeds and proper braking distance
without manual intervention. This base station can also be use to know the
geographical location of trains and send to it to the central office where all traffic
can be monitored efficiently. The base station logs all the events in its
memory eliminating the need for an external data logger as in the case of
traditional interlocking systems. Since the Base station is connected to
Internet, any authorized person can monitor the station yard sitting in a remote
location.
In case of Remote train control or driverless trains, the Information from sensor nodes must participate in algorithms which result in commands to traction motors, brakes, and doors Etc. One of the safety-critical applications for sensors in railroading is separation management. Current train control systems -- freight or passenger, manual or automatic -- rely on 'block signalling,' by which separation is assured under the online influence of a centralized authority arranged to allow only one train at a time to occupy a given block (a segment of track of fixed length). Information about the location of trains is crudely quantized based on train length and the size of each block.
All of the requisite sensors, signalling, and processing devices are derived from proven failsafe technologies, as are the accompanying software methodologies. Sensor nodes, some with built-in intelligence, play an important role in the architecture of autonomic train separation. Furthermore, there are daunting safety requirements that characterize railroading applications. Railway vehicles with their traditional wiring harnesses suffer limitations in supporting vital control functions.
Figure 6: Typical Architecture of a Base Station
A driving node is similar to a Sensor node, the only difference is that it drives the objects in the station yard and the on-board systems, based on the commands received from the base station through gateway node. The driving node consists of a radio transceiver or other wireless communications device, a small microcontroller, and an energy source, usually a battery and driving channels that generate signals to drive the field objects. The driving node is used to drive the DC motors of point, Glow a Signal Aspect and also operate Level Crossing gates.
Figure 7: Typical Architecture of a Driving Node
Availability of data is the
most critical part of the Railway Signalling system. Therefore a reliable
architecture of Sensor Network shall be used. Mesh networking is a way to route data
between nodes. It allows for continuous connections and
reconfiguration around broken or blocked paths by “hopping” from node to node
until the destination is reached. A mesh network whose nodes are all connected
to each other is a fully connected network. Mesh networks differ
from other networks in that the component parts can all connect to each other
via multiple hops, and they generally are not mobile. Mesh networks can be seen
as one type of ad hoc network. Mesh networks are self-healing: the network can
still operate even when a node breaks down or a connection goes bad. As a
result, a very reliable network is formed. This concept is applicable to
wireless networks, wired networks, and software interaction.
Wireless
mesh networks is the most topical application of mesh architectures. Wireless mesh was originally developed for military applications, but have
undergone significant evolution in the past decade. Wireless mesh networking
has seen three distinct radio configurations
of mesh technology, each incorporating iterative improvements allowing for
greater reliability and versatility. As the cost of radios plummeted, single
radio products evolved to support more radios per mesh node with the additional
radios providing specific functions- such as client access, backhaul service or
scanning radios for high speed handover in mobility applications. The mesh node
design also became more modular - one box could support multiple radio cards -
each operating at a different frequency. As a result, a whole new set of applications
are being enabled by third generation mesh networking technology. These include
real time video surveillance, border security or voice communication inside
underground mines.
Figure 8: Futuristic Model using Sensor Networks in Railway Signalling
In Figure 8, it can be seen that how wireless sensor
networks are used to perform railways signalling. The Sensor nodes are used to
detect the presence of train, aspect of the signals, Position of points, speed
of the train etc. The sensor network normally constitutes a Wireless ad-hoc network, meaning that it each
sensor supports a multi-hop routing algorithm (several nodes may forward data
packets to the base station).
A number of routing protocols for sensor networks have been proposed in the literature over the last few years. Many of the protocols draw inspiration from similar protocols for wireless ad-hoc networks. Since the challenges for sensor networks are different from those of ad-hoc networks, several interesting variations are introduced. In addition, many novel routing mechanisms have been proposed specially for sensor networks. The following lists some of the sensor network routing algorithms suitable for Railway Signalling Scenario.
Flat routing protocols are similar to the conventional multihop ad-hoc routing protocols. Each sensor node determines its parent node(s) to forward data packets. The nodes are not organized into hierarchical clusters as is done in the hierarchical protocols. The advantage of this approach is that all the nodes can reach the base station irrespective of their position.
The most common way of routing in a sensor networks is routing trees (multi hop routing). A routing tree is a collection of sensor nodes with the base station as the root of the tree. Sensor ‘A’ is the parent for sensors ‘B’ and ‘C’. Sensor nodes transmit all there results to there parent nodes only. It is the responsibility of the parent node for forwarding them to the base station. A child can keep track of several parent nodes, and depending on the power levels or the quality of the communication links a child node can change its parent node.
Figure 9: Routing Trees
Routing structures such as routing trees is well suited when there are only a few number of nodes in the network. A data gathering schedule is a way the data packets are collected from all the sensors and routed to the base station with maximum lifetime. The main assumption of this algorithm is that the location of the sensors, base station and energy values of the sensor nodes are known priori. In this model the lifetime of the system is intrinsically connected to the data gathering schedule. During each round a sensor will collect its own, neighbor’s data and possibly aggregate it and send it to the base station.
The TinyOS embedded sensor network platform employs a very simple ad-hoc routing protocol. The base station periodically broadcasts a route update beacon message to the network. The beacon message is received by a few nodes that are in the vicinity of the base station. These nodes mark the base station as their parent and rebroadcast the beacon to their neighbours. The algorithm proceeds recursively with nodes progressively propagating the beacon to their neighbours; each node marks the first node that it hears from as its parent. The beacon is thus flooded throughout the network, setting up a breadth-first spanning tree rooted at the base station. This process is repeated at periodic intervals known as epochs.
Each network node periodically reads its sensor data and transmits the data packet to its parent in the spanning tree. The parent node in turn forwards the packet to its parent and soon. This process is repeated until the data finally reaches the base station. The attractive feature of TinyOS beaconing is its simplicity–nodes do not have to maintain large routing tables or other complicated data structures. Each node needs to remember only its parent node in the path to the base station. By combining the beaconing with a MAC layer scheduling scheme such as TDMA, the nodes can conserve power by keeping their radio off most of the time. In spite of its attractive features, the beaconing protocol suffers from one main disadvantage: it is not resilient to node failures. If a parent node fails, then its entire subtree is cut off from the base station during the current epoch. Moreover, the protocol results in uneven power consumption across network nodes. The nodes nearer to the base station consume a lot of power in forwarding packets from all the nodes in their subtree, whereas the leaf nodes in the spanning tree do not have to perform any forwarding at all and consume the least power.
The Pulse protocol addresses the three topics of routing, energy consumption and time synchronization in sensor networks. It uses a periodic pulse signal generated and flooded by a pulse source to provide routing paths and synchronization to the network. As the pulse propagates through the network nodes, a spanning tree rooted at the pulse source is constructed. Node traffic follows the paths along this spanning tree. A node that wants to communicate packets sends a reservation packet to the pulse source. The reservation packet contains the address of the node sending the packet and is used to set up reverse routes for data packets. Thus, active nodes need to keep sending reservation packets in response to the periodic pulse signals to keep the routes fresh. Idle nodes that do not have data to communicate and that are not needed for forwarding packets can switch off their radios till the next pulse signal arrives and thereby save energy. To further reduce energy consumption, the Pulse protocol is modified to incorporate intermediate wake-up periods. The motivation behind this modification is that the routes in the network are established by the flooding of the pulse signal, which is an expensive process. Instead, nodes are permitted to send reservation packets during intermediate wake-up periods which can occur several times between two pulse floods. This enables faster path activations with lesser energy expenditure.
The Pulse protocol is similar to the beaconing protocol if the pulse source is considered to be the base station. Thus it has similar merits and demerits as the beaconing protocol. One area of improvement in the Pulse protocol is to provide a path deactivation feature. This feature would allow nodes to deactivate paths and conserve energy even if the intervals between wake-up periods are arbitrarily long. This would of course trade off the fast path activation for power efficiency.
Railway Signalling is a safety critical domain and all the equipment used here shall be Fail Safe. The Existing failsafe techniques used in the design of hardware is listed in Table 1. The table gives the advantages and disadvantages of each type of technique. In this section we propose a new safety technique to be used in the design of hardware applicable for Sensor node, Driver Node and Base station.
Figure 10: Failsafe Hardware for Sensor Node
In the above figure (Figure 10), two processors are used to process the inputs from the sensors, the two processors are of the same configuration, but have different softwares implemented on each one. The two softwares are written in such a manner that both use different algorithms to process the data. The Software Voter takes the output generated by two softwares and compares it. The final level of checking is done by Hardware Comparator called Voter to compare the results given by two processing units. If the results are matching the data is transmitted to the base station other wise appropriate action is taken to make the system Fail Safe. Above all this the Supervisor and the diagnostic module monitors the performance of the two processing units, such as Voltage, Error checking Etc. The same architecture can be used in the design of a Base Station. The above architecture is unique since there are two voters ensuring safety i.e. First level checking is done by a Software Voter and the final level checking is done by a Hardware Voter. By adopting the above described architecture, both failsafe operation and high reliability is ensured.
As Discussed in earlier sections the Railway Signalling Control Laws or Interlocking Rules form the basis for Safe movement of trains. There are different methods by which these Interlocking rules can be implemented in software. Here we discuss the existing methods for design of Interlocking Rules in Software.
In the Geographical method the input to the Interlocking systems is given as the position of the signals, points, tracks Circuits and Slots. The Interlocking is implemented based on the generic rules such as no part of the track are shared by the two routes at a time, Conflicting routes should not be set at a time etc. This type of implementation requires a great knowledge of the Yard Elements and the interconnection between them. In this method the software does not have one to one relation ship to the relay circuits used for RRI and is very difficult validate, so this method has failed to create the necessary confidence in the railway operators
The Boolean equation method is the implementation of the traditional relay interlocking principles. In this method the relay circuits are implemented as Boolean equations, so there is one to one relation ship between the relay circuits and the software variables. Since there is a one to one relation ship between the software and the RRI Relay circuits, Railway operator can easily validate the software entrees made and this method gives him sufficient confidence. This method theoretically has very high safety performance, since the Control laws once written remains constant and only the station data is changed for every yard, but the actual implementation of this method has limitations like the control laws are not fully tested and they are not generic, Boolean equations are written for every yard Etc. Typically these boolean equation are in huge numbers and very difficult to verify these equations.
As Discussed above both the methods have limitations in practical applications, so a new method in which the control laws are generic and applicable for all the yards is yet to be designed. In Railway Signalling using sensor networks scenario these Control laws need modification and with merging of Ground based signalling and ON-Board Signalling (On Train), a new set of Control laws have to be proposed which ensure the safe movement of trains.
The use of Wireless Sensor Networks in a safety critical Domain like Railways signalling poses challenges in implementation and Operation. Some of the issues and challenges are discussed in this chapter.
The use of Wireless Sensor Networks in railway signalling domain was proposed in the earlier chapters. The work ahead is of proving the concept and making in it to reliable technology that can be implemented. The proof of concept will require design and development of Fail Safe and Fault tolerant Sensor Node, Driver Node, Gateway Node and the Base station and the design of network architecture that combines both ground based and On-Board Signalling. As far as the Software in considered, design of network routing algorithm which is Fail Safe and Fault Tolerant and at the same time energy efficient and the design of fail safe Control laws for safe movement of trains.
In this article I covered the major advantages of using Wireless Sensor Networks in Railway Signalling domain. The hostile and remote environment at which sensor nodes are often deployed and the limited computational and energy power along the limited storage are the factors that drive the adoption of security solutions. Since the limited resources affect the types of security algorithms and protocols that can be implemented in a WSN.I also discussed some challenging directions that need special attention. Focus should be placed on designing protocols that are scalable, flexible, fault tolerant and adaptable to dynamic changes. However, the main challenge for researchers is to balance the trade off between resources spent for security and the protection offered. The target is to have a spherical security strategy with solutions that compensate each others vulnerabilities, and provide an enhanced protection to railway signalling Network.
References
Table 1: Existing Failsafe Methods employed in Design of Computer Based
Interlocking Systems
|
Sno |
Method Name |
Method of Implementation |
Type of Errors Detected |
Practical Problems with
the Method |
|
1 |
Time Redundancy |
The same software is executed on the same hardware during two different time intervals (Refer: Figure 11: Time Redundancy) |
Errors Caused by transients. They are avoided by reading at two different time Intervals |
Single hardware Fault leads to Shut down of the System. This method is not used since software faults are not completely found in validation. And the Self diagnostics employed for checking of hardware faults is not complete. |
|
2 |
Hardware Redundancy |
The same software is executed on two identical hardware channels (Refer: Figure 12: Hardware Redundancy) |
Hardware faults are detected since outputs from both the channels are compared. And single hardware fault does not lead to shut down of the system |
Software faults are not detected since the same software is running on two identical hardware channels. Software Faults at design stage are still not detected. |
|
3 |
Diverse Hardware |
Identical Software is Executed on Different hardware Versions (Refer: Figure 13: Hardware Diversity) |
Hardware Design faults at the Initial stage are Detected |
Software Faults at the design stage are still not detected |
|
4 |
Diverse software |
The different software versions are executed on the same hardware during two different
time intervals (Refer: Figure 14: Software Diversity) |
Software Faults at design stage are detected |
Even though the software is diverse, they are executed on the single hardware channel; single hardware fault leads to Shut down of the system. |
|
5 |
Diverse software on redundant hardware |
The different software versions are executed on two identical hardware channels (Refer: Figure 15: Diverse software on redundant hardware) |
Software Faults at design stage are detected and single hardware faults does not lead to system shut down |
Hardware faults at the design stage are not detected. |
|
6 |
Diverse software on diverse hardware |
The different software versions are executed on two different hardware channels (Refer: Figure 16: Diverse software on Diverse Hardware) |
Software Faults and Hardware Faults are detected at the design stage. |
This methods is rarely used, Since design complexity involved is high |
Figure 11: Time Redundancy
Figure 12: Hardware Redundancy
Figure 13: Hardware Diversity
Figure 14: Software Diversity
Figure 15: Diverse software on redundant hardware
Figure 16: Diverse software on Diverse Hardware
WSN: Wireless Sensor Network, or WSN, is a network of RF transceivers,
sensors, machine controllers, microcontrollers, and user interface devices with
at least two nodes communicating by means of wireless transmissions.
Hard Real Time System or
Railway Interlocking System: A railway interlocking system controls the traffic in a railway station, and between adjacent stations. The control includes train routes, shunting moves and the movements of all other railway vehicles in accordance with railway rules, regulations and technological processes required for the operation of the railway station.
Interlocking Logic: A term used for the logical relationships between physical entities in the railway yard such as points, signals, track circuits, and so on. In SSI, this is programmed in the Software; in relay-based interlocking this is hardwired into the relay circuitry, and in ground-frame interlocking it is manifest in the mechanical linkages between physical components.
Mechanical interlocking System: An Interlocking System When built using mechanical linkages between Levers (Physical Entities) is called Ground-frame interlocking System.
Panel Interlocking System: A system similar to RRI, but multiple commands are needed to set and Lock a route for safe movement of trains
Route Relay Interlocking System (RRI): An Interlocking System When built completely using Electro mechanical relays is called as Route Relay Interlocking System.
Reliability: The reliability can be defined as the ability of an item to perform a required function under stated conditions for a stated period of time.
Redundancy: The existence of more than one means of accomplishing a given function. Each means of accomplishing the function need not be necessarily identical.
Hardware (Software Diversity): Two or more different Versions of Hardware (Software) working in a system to achieve a same result.
Failure: The termination of the ability of an item to perform a required function.
Maintainability: The ability of an item, under stated conditions of use, to be retained in, or restore to, a state in which it can perform its required function, when maintenance is performed under stated conditions and using prescribed procedure and resources.
Availability: The ability of an item (Under combined aspects of its reliability, maintainability, and maintenance support) to perform its required function over a stated period of time.
Wayside Signalling: Ground Based Interlocking Systems used to drive the objects located in the station yard
TinyOS: TinyOS is an open-source operating system designed for wireless embedded sensor networks. It features a component-based architecture which enables rapid innovation and implementation while minimizing code size as required by the severe memory constraints inherent in sensor networks.