Safety Analysis for a New GNSS Timing Service via Galileo

Ricardo Píriz, Fulgencio Buendía, Juan-Ramón Martín, Javier Fidalgo, Pascale Defraigne, Antonio Danesi, Marc Jeannot, Juan Pablo Boyero

Abstract: This work is devoted to perform a Safety Analysis of Global Navigation Satellite System (GNSS) Timing in order to derive a Safety Architecture for a European GNSS Timing Service with Integrity capability. This work has been performed in the context of EGALITE (Galileo Timing Service Extension and Consolidation) project. EGALITE project is funded by the European Commission (EC) as part of the Horizon 2020 framework programme and aimed at studying the possibility of developing a EGNSS Timing Service based on Galileo with committed end-to-end performances. The project’s consortium is led by GMV with VVA, Physikalisch-Technische Bundesanstalt and Observatoire Royal de Belgique as partners. As it is usually done for other GNSS safety related applications, the first step in the Safety analysis is the identification and definition of the so-called “fault free” state of the GNSS timing service, this is the situation where GNSS is behaving nominally and not posing any threat for the user. Once the fault-free condition has been established, the second step would be the identification of “top level” hazards which may push the system out of the “fault-free” condition in to a so-called faulty condition. Assuming that the GNSS timing service would be employed in different critical infrastructure applications, we have tentatively assumed that all f ailure conditions should be considered of “major” class. The practical implication of this assumption is that the overall failure rate of the timing service should be smaller than 10-5 per hour. In order to evaluate how far current GNSS systems are from the target failure rate, we have calculated the so-called “inherent” probability of failure of GNSS for timing applications. This would be the GNSS failure rate “as is”, this is in the absence o f any integrity assurance or failure mitigation function for a pre-defined Maximum Time Error (MTE), where the MTE is defined starting from user requirements for different timing applications. After the Hazard Analysis of the potential GNSS Timing Failures, a Fault Tree Analysis is performed and a Safety Architecture is derived. The Safety Architecture proposed includes the dissemination of Timing Flags via the Galileo satellites obtained from the processing of the measurements gathered by a network of monitoring stations for timing. In addition, a set of robustness measures are foreseen at user equipment level.
Published in: Proceedings of the 32nd International Technical Meeting of the Satellite Division of The Institute of Navigation (ION GNSS+ 2019)
September 16 - 20, 2019
Hyatt Regency Miami
Miami, Florida
Pages: 3359 - 3376
Cite this article: Píriz, Ricardo, Buendía, Fulgencio, Martín, Juan-Ramón, Fidalgo, Javier, Defraigne, Pascale, Danesi, Antonio, Jeannot, Marc, Boyero, Juan Pablo, "Safety Analysis for a New GNSS Timing Service via Galileo," Proceedings of the 32nd International Technical Meeting of the Satellite Division of The Institute of Navigation (ION GNSS+ 2019), Miami, Florida, September 2019, pp. 3359-3376.
Full Paper: ION Members/Non-Members: 1 Download Credit
Sign In