← Use Cases · RAIL · ERTMS / ETCS

Railway ERTMS/ETCS & railway signaling

AllEyes Resilient (rail variant)GARANCE PKI

01 — Analysis

Problem

ERTMS/ETCS Level 2 relies on GSM-R (obsolete 2030) and FRMCS (5G) with EuroRadio protocol based on 3DES MAC — vulnerable and non-post-quantum. Metro CBTC systems often use classical TLS 1.2. An attacker able to forge signaling messages or a Movement Authority could cause an accident. SIL-4 functional safety does not yet integrate PQC.

CryptOps Solution

An AllEyes Resilient in RBC (Radio Block Centre), trackside systems and onboard: the hardware crypto engine encrypts all EuroRadio / FRMCS comms with ML-KEM + ML-DSA-87, FPGA runs SIL-4 real-time EuroRadio/SUBSET-037 stack, CPU orchestrates Movement Authorities and interlockings, GPU handles AI traffic supervision and predictive track/rolling-stock maintenance.

Deployment architecture

◆

RBC / Interlocking

EN 50129 SIL4

◆

Agent PQC-WAN Edge

ML-KEM-1024 · DIN Rail

-40/+70°C

◆

GARANCE PKI

Audit CCS / EU-Rail

FRMCS / GSM-RAES-256-GCMDeterministic latency · Jitter < 1 ms

◆

EVC bord train

Euroradio / GSM-R / FRMCS

◆

Agent PQC-WAN embarqué

EuroBalise encryption

Ferroviaire & signalisation

☑EN 50129 SIL4

☑TS 50701

☑NIS2 art. 21

☑ERA TSI-CCS

See multi-agent compute breakdown (FPGA · CPU · GPU)

02 — Performance

Key metrics

SIL-4

CENELEC EN 50129

Signaling

<100

ms Movement Authority

EuroRadio latency

99.999

% SIL-4 RAMS

Availability

ML-KEM

PQC FRMCS 5G

Ground-onboard encryption

03 — ROI

ROI analysis

Item	Before	With CryptOps	Impact
EuroRadio 3DES	Vulnerable 3DES MAC	Hybrid ML-DSA-87	Future-proof
GSM-R to FRMCS transition	Multi-vendor migration	Single appliance	-30% CAPEX
Track maintenance	Periodic inspections	AI-based predictive	-40% incidents

04 — Compliance

Applicable regulation

ERA · TSI CCS

Technical Specification for Interoperability

European control-command-signaling, PQC target in baseline 4+ (2028+).

CENELEC EN 50129

Safety SIL-4

Functional safety applicable to critical rail systems.

UIC FRMCS

Future Railway Mobile Communication

GSM-R successor based on 5G — security specs in progress (MCX, MCData, MCVideo).

05 — Target clients

Target clients

SNCF Réseau, Infrabel, DB Netz, Adif RATP, Alstom Signalling, Siemens Mobility Metro operators (Société du Grand Paris) Rail freight operators ERTMS industrials (Thales, Hitachi)

06 — Business applications

Data processing on the same appliance

Beyond post-quantum encryption, every AllEyes Resilient appliance hosts your data-processing workloads on its FPGA, CPU and GPU resources — all isolated from the certified crypto core.

Explore business applications →

Next step

Secure your infrastructure today

Our team will guide you through the deployment tailored to your use case.

Request a demo → Download brochure ↓