Within the systems safety standards, and focusing on bus communications that carry safety data, these are divided into two groups: white channel and black channel.
The white channel involves the creation of networks and bus protocols designed from scratch for safety. In this way, every device on the network will be safety-related and certification will be necessary. The black channel uses an unreliable form of communication, so the network equipment will not safety-related; that is, they use existing fieldbus architectures to communicate safety-related data.
Safety standards, such as IEC 61508, use a risk-based approach, which requires a safety application to be analysed to assess what SIL (Safety Integrity Level) would be appropriate for the application. Once this is done, a system that meets the required SIL capacity is designed.
An example would be the transmission of safety-related data between controllers and/or smart field devices. If a signal needs to be sent from one controller to another, the output of one would be connected to the input of the other, and these would be treated as the controller’s safety output/input. This method is viable for a small number of signals, since it would be very expensive and difficult to maintain when working with more signals. However, if the same data could be sent via a data link, the system would become more flexible and cost-effective, provided the transmission is reliable and deterministic.
The railway industry has been using serial communications for safety signaling for many years, and this has proven to be very successful. Traditionally, in these systems the data is managed by components that are part of the safety system, therefore, their failure modes have been identified and appropriate measures have been taken to ensure that they meet the safety requirements. Also, any software installed in them must have a safety certification. Thus, the communication channel is well-defined and each configuration is designed according to the certified configurations.
- White channel. Source: SAGE Journals. -
This type of communication channel is known as white channel. Its properties are well-defined and known, and each of its components is designed using SIL, which adapts to the specific application, gaining confidence on the channel with respect to the non-alteration of the data, for example, due to a software error. Any error, modification or alteration in the transmission is detectable. The main disadvantage of this philosophy based on safety due to design is flexibility, since adapting and migrating it to new technologies is slow and costly.
The black channel uses an extra safety layer between the last layer of the OSI model and the application, following the IEC 62280-1 standard for railway signalling.
The safety layer allows the transmission of standard and safety data, fail-safe through the same network or bus line. Regardless of the data transport mechanism used, safety components can transmit data using an isolated secure protocol that is tunnelled through a communications channel on which the transmission protocol is supported, thus making it possible to guarantee a certain SIL and check the communications on a channel initially considered insecure.
Within the black channel, the safety data is transmitted by an unknown communication channel, that is, the sender and the receiver do not know the route that the data could take from the moment they are sent until they reach their destination. The number of intermediate nodes through which the data must pass cannot be determined, nor can it be predicted how much time the data needs to reach its end recipient, or if at any time these data may have undergone any alteration due to interference.
- Black channel. Source: SAGE Journals. -
Tunnelling the transmission channel allows for much greater flexibility and bandwidth, that is, using the same bus, information can be transmitted independently through different channels. The use of this safety layer allows this type of transmission channels to be used, with the underlying disadvantages. Possible transmission errors are known and listed in the relevant standards IEC 61784-3 and IEC 61508. The prevention of these types of errors must be implemented in the specification of the safety data transmission protocol that is going to be used. The quality of the communication channel, despite being unknown, should be analysed in detail to check that it meets quality minimums, depending on the level of safety that needs to be achieved.
- Communication via black channel. Source: SAGE Journals. -
White channel vs black channel
White channels need networks and bus protocols designed from scratch for safety, since all their elements have to comply with IEC 61508, which involves the entire communication channel, including the corresponding interfaces. This makes it possible to ensure that both the end devices and the communication between their different interfaces will have a minimum safety compliance for data transfer.
On the other hand, black channels are very useful for transporting safety-related data in a cost-effective manner, using already-installed components that are ready to be used. The black channels are being adopted as the most common option in industrial environments, since they allow the use of technologies such as Ethernet and field buses, which are flexible and versatile. Although the components that use black channel must comply with IEC 61508, at the interface level they make it possible to follow the IEC 62280 standard, so that the communication between them, unlike the white channel, does not have applicable safety requirements according to regulations.
The use of white channel, though it is more expensive and involves an initial safety-oriented and specific design for the control network, makes it possible to increase the safety in the transmissions and rigorously check their integrity, through the use of regulations. In contrast, the black channel allows more versatile devices and flexible architectures to be used, but the attainable level of safety and control over the safety of communications is much lower, just as safety cannot be checked using very restrictive regulations.
- Black channel vs white channel. Source: IEC61508-2:2010 -
Ventajes e inconvenientes del uso de black channel
The main advantage of using black channel is that common network hardware can be used without the need for special equipment or devices. It does not matter if some devices, not related to safety, are on the same bus or share the media, since it allows isolation from the network channel.
However, it has other advantages:
- It allows the use of unreliable networks for the transport of information.
- It does not require proprietary architecture, and thus can use third-party media, including the Internet.
- It makes the network architecture independent of the end devices that make up the system.
Sin embargo, el uso de black channel también presenta una serie de desventajas a tener en cuenta:
- Electrical noise or cross talk on the cable caused by data corruption. This can be detected by a cyclic redundancy check (CRC) or parity check.
- Total loss of data due to a broken cable.
- Conversation or cross communication by the data itself. This occurs when the data that is being sent to the other end is received.
- Cable data cross communication or data from another data link. It can be verified by seeing that the data received is of a different type or length than expected.
Although both the implementation of white channel and black channel, are suitable options for effectively transporting information related to the industrial process, it should be noted that the use of black channel avoids the use of special devices, which makes its implementation easier.
However, the ideal would be to analyse the implementation cost, the risk assumable by the company, the desired SIL, the regulations to be applied, the needs of the industrial infrastructure and its flexibility when choosing one implementation or another.