Coexistence of safety and security: Synchronized redundant system with security enhancements

A malicious attack on a safety‐critical system can derive in an undesired behavior of the system that may result in a failure. In this case, the reliability of the device is decreased, and it might affect directly to safety. Therefore, the security is also an essential issue to consider in the design of safety‐critical systems. The main problem when safety and security are considered is to make them work together without interfering each other. A safety‐critical device needs to be certified following standards like IEC‐61508, and any security mechanisms must not affect this certification. This paper describes a system that integrates safety and security mechanisms to improve reliability without affecting safety certification. With the aim of reaching the required safety level, a redundant system is considered. This system is an n out of m distributed and synchronized voter. The synchronization method is based on the precision time protocol (IEEE‐1588) allowing that all devices on a local network have the same time.