1 / 24

Denial  of safety critical services of  a Public Mobile Network for  a  critical transport  infrastructure

Denial  of safety critical services of  a Public Mobile Network for  a  critical transport  infrastructure. E. Ciancamerla, M. Minichino ENEA Cr Casaccia. SNI 2005 – First workshop on Safeguarding National Infrastructures August 25 -27, 2005 – Glasgow, UK. Issues.

reuel
Download Presentation

Denial  of safety critical services of  a Public Mobile Network for  a  critical transport  infrastructure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Denial  of safety critical services of  a Public Mobile Network for  a  critical transport  infrastructure E. Ciancamerla, M. Minichino ENEA Cr Casaccia SNI 2005 – First workshop on Safeguarding National Infrastructures August 25 -27, 2005 – Glasgow, UK

  2. Issues • PMN for a Tele Control system for a Critical Transport Infrastructure (Alpine Road Tunnel - SAFETUNNEL project ) • Tele Control System main issues • TCS validation by modelling • Stochastic measures of denial of safety critical services of PMN for voice and data connection • Modelling assumptions • Denial of service measures • Stochastic methodology • Denial of service models • Availability model • Performance model for voice connection • Performance model for data connection • Numerical results • Conclusions

  3. Tele Control system dependability issues • TCS implements preventive SAFETY functions in REAL TIME, with the aim to enhance accident prevention inside alpine road tunnels (Critical Transport Infrastructures) • TCS does not born at once, but grows up from the existing subsystems • Interacts with operators (the drivers and the tunnel operators) • relies on a Public Mobile Network that interconnects instrumented vehicles, crossing a road tunnel infrastructure, to a Tunnel Control Centre • PMN increases benefits, giving a major support to the drivers and to the road operators in performing their tasks • PMN poses problems of dependability and performability evaluation on the frontier of the technology. • the novelty and complexity of TCS • the topology of the network, that dynamically changes for the presence of mobile nodes • security aspects could weaken availability, performability and safety properties of TCS

  4. Public Public Network Network (GSM/GPRS/UMTS) (GSM/GPRS/UMTS) Public Mobile Network IP Private Network BlueTooth links BT Barriers MSM MSM VSM VSM Tele Control System General architecture SAFE TUNNEL Control Center TILAB Control Center IP Access Data exchange (TCP/IP socket) SITAF Control Center GPRS links

  5. Tele Control System monitoring area limits

  6. Tele Control system preventive safety functions • Prognostics : on board equipment is able to detect existing fault or evaluate the possibility of an imminent fault (predictive analysis) and send information to a control center. • Access control: A control center is able to inhibit access to vehicles with detected or imminent faults • Speed and distance control: The control center transmits to the vehicle recommended speed and safety distance from vehicle ahead. An on-board radar system measures distance from vehicle ahead. The on-board system control engine and brakes in order to automatically achieve recommended speed and distance. • Emergency Message dissemination: Emergency information and warning may be distributed from the control center directly to the On-board Human Machine Interface.

  7. Tele Control System validation The Project designs the Tele Control System and develops a System Demonstrator (composed by a prototype of TCC, two instrumented vehicles and the PMN) The validation of the SAFETUNNEL system is planned according to the following steps: • Validation by FIELD EXPERIMENTATION, centered on System Demonstrator • Validation by MODELLING, centered on the whole System Both FIELD TESTS and MODELLING are needed for system validation That is why: • Just a limited number of field tests can be planned on the actual system Demonstrator; • a set of validation measures have to be predicted on the SAFETUNNEL models, being the Demonstrator not suitable for such measures.

  8. Validation by modelling Have been focused on PMN and has been conducted according to two main lines: • Functional Analysis of the system, by model checking, that looks at the interaction of the dimensioning of the PMN with the Tele Control system preventive safety functions, in system normal operational mode and for different tunnel scenarios • Denial of service measures of the Public Mobile Network, by stochastic methodology, with the ideal goal to verify if and how a possible degradation of service of the network, in terms of performance and availability, does not affect Tele Control System preventive safety functions.

  9. A Glance to the PMN BTS- Base Transceiver Station BSC – Base Station Controller MSC – Mobile Switching Centre GMSC – Gateway MSC .

  10. A glance to the PMN • PMN transfers voice, commands and data between Instrumented Vehicles and the Tunnel Control Centre, with more than one Vehicle at the same time in bi-directional way. • informative messages are transmitted in uplink (from Vehicles on-board system to TCC) • Commands/messages are transmitted in downlink • Data transmission, by GPRS connection. • TCP transport protocol. Each Vehicle is characterized by a TCP address (IP address + TCP port) • TCC that is provided of an analogous address too. • Voice calls, supported by GSM connection, • between Vehicles and TCC, in case GPRS data transfer are not sufficient to manage an emergency.

  11. PMN modelling assumptions For the sake of building manageable models of our PMN, the following assumptions have been made: • We focalized on Base Stations: a single Base Station System is constituted by one Base Station Controller and multiple Base Transceiver Stations • Data exploits the same physical channels used by voice • The channel allocation policy is priority of voice on data • We account for handoff procedure for voice connection • We neglect the possibility of the handoff procedure for data connection • One Control Channel (CCH) is dedicated to GSM and GPRS signalling and control; CCH is randomly assigned to a BTS • The GPRS implements a point to point connection

  12. A measure of denial of service: the Total Service Blocking Probability Considering the PMN, as shown in figure , the GSM and the GPRS services can be denied, due to the following contributes: a) the BSS, as a whole, becomes unavailable or b) the BSS is available and all its channels are full or c) the BSS is not completely available and all the channels in it, which are available, are also full. We named Total Service Blocking Probability (TSB), as a measure of the denial of service both for GSM and GPRS connection due to the occurrence of at least one of the contributes a), b), or c).

  13. Stochastic Activity Networks • The basic elements of SAN (extension of Petri Nets) are places, activities, input gates and output gates. • Places and activities in SAN have the same meaning of places and transitions of Petri Nets. • Input gates and output gates respectively consist in predicates and functions, which contain the rules of firing of the activities and how to distribute the tokens after the activities have fired. • Two high-level constructs for hierarchical models: REP and JOIN. • The complexity of a SAN model could be hidden inside input and output gates. • Differently from Petri Nets, the graphical representation of a SAN model is not correlated to its actual complexity.

  14. PMN denial of service composed model PMN denial of service The same structure for voice and data connection

  15. PMN Availability sub model

  16. GSM&GPRS performance sub model for data

  17. Some numerical results On the previous models we conduct availability, performance and performability measures on voice and data services. The input parameters to the models and their numerical values are summarized in the following tables

  18. Input parameters and values of the availability sub model

  19. Input parameters and values of the GSM performance sub model

  20. Input parameters and values of the GSM&GPRS performance sub model

  21. Total Service Blocking (TSB) probability for voice service

  22. Total Service Blocking (TSB) probability for data packets

  23. Conclusions • We computed Total Blocking Service probabilities, as measures of the denial of service for GSM and GPRS connectionsof a PMN for a Tele Control System • We have built modular sub models, hierarchically composed, by using Stochastic Activity Networks. • Numerical results have been presented • The research is still on going: • to account possible external adverse events, such as intrusions, in a global dependability model • …

More Related