On the Secure and Resilient Design of Connected Vehicles: Methods and Guidelines

Vehicles have come a long way from being purely mechanical systems to systems that consist of an internal network of more than 100 microcontrollers and systems that communicate with external entities, such as other vehicles, road infrastructure, the manufacturer’s cloud and external applications. This combination of resource constraints, safety-criticality, large attack surface and the fact that millions of people own and use them each day, makes securing vehicles particularly challenging as security practices and methods need to be tailored to meet these requirements.This thesis investigates how security demands should be structured to ease discussions and collaboration between the involved parties and how requirements engineering can be accelerated by introducing generic security requirements. Practitioners are also assisted in choosing appropriate techniques for securing vehicles by identifying and categorising security and resilience techniques suitable for automotive systems. Furthermore, three specific mechanisms for securing automotive systems and providing resilience are designed and evaluated. The first part focuses on cyber security requirements and the identification of suitable techniques based on three different approaches, namely (i) providing a mapping to security levels based on a review of existing security standards and recommendations; (ii) proposing a taxonomy for resilience techniques based on a literature review; and (iii) combining security and resilience techniques to protect automotive assets that have been subject to attacks. The second part presents the design and evaluation of three techniques. First, an extension for an existing freshness mechanism to protect the in-vehicle communication against replay attacks is presented and evaluated. Second, a trust model for Vehicle-to-Vehicle communication is developed with respect to cyber resilience to allow a vehicle to include trust in neighbouring vehicles in its decision-making processes. Third, a framework is presented that enables vehicle manufacturers to protect their fleet by detecting anomalies and security attacks using vehicle trust and the available data in the cloud

Cooperative intersection control for autonomous vehicles

Self-driving cars crossing road intersection

Design and Formal Verification of a Safe Stop Supervisor for an Automated Vehicle

Autonomous vehicles apply pertinent planning and control algorithms under different driving conditions. The mode switch between these algorithms should also be autonomous. On top of the nominal planners, a safe fallback routine is needed to stop the vehicle at a safe position if nominal operational conditions are violated, such as for a system failure. This paper describes the design and formal verification of a supervisor to manage all requirements for mode switching between nominal planners, and additional requirements for switching to a safe stop trajectory planner that acts as the fallback routine. The supervisor is designed via a model-based approach and its abstraction is formally verified by model checking. The supervisor is implemented and integrated with the Research Concept Vehicle, an experimental research and demonstration vehicle developed at the KTH Royal Institute of Technology. Simulations and experiments show that the vehicle is able to autonomously drive in a safe manner between two parking lots and can successfully come to a safe stop upon GPS sensor failure

Fractional-Order-Based ACC/CACC Algorithm for Improving String Stability

International audienceTraffic flow optimization and driver comfort enhancement are the main contributions of an Adaptive Cruise Control (ACC) system. If communication links are added, more safety and shorter gaps can be reached performing a Cooperative-ACC (CACC). Although shortening the inter-vehicular distances directly improves traffic flow, it can cause string unstable behavior. This paper presents fractional-order-based control algorithms to enhance the car-following and string stability performance for both ACC and CACC vehicle strings, including communication temporal delay effects. The proposed controller is compared with state-of-the-art implementations, exhibiting better performance. Simulation and real experiments have been conducted for validating the approach

Pedestrian and Passenger Interaction with Autonomous Vehicles: Field Study in a Crosswalk Scenario

This study presents the outcomes of empirical investigations pertaining to human-vehicle interactions involving an autonomous vehicle equipped with both internal and external Human Machine Interfaces (HMIs) within a crosswalk scenario. The internal and external HMIs were integrated with implicit communication techniques, incorporating a combination of gentle and aggressive braking maneuvers within the crosswalk. Data were collected through a combination of questionnaires and quantifiable metrics, including pedestrian decision to cross related to the vehicle distance and speed. The questionnaire responses reveal that pedestrians experience enhanced safety perceptions when the external HMI and gentle braking maneuvers are used in tandem. In contrast, the measured variables demonstrate that the external HMI proves effective when complemented by the gentle braking maneuver. Furthermore, the questionnaire results highlight that the internal HMI enhances passenger confidence only when paired with the aggressive braking maneuver.Comment: Submitted to the IEEE TIV; 13 pages, 13 figures, 7 tables. arXiv admin note: text overlap with arXiv:2307.1270

Towards cooperative urban traffic management: Investigating voting for travel groups

In den letzten Jahrzehnten haben intelligente Verkehrssysteme an Bedeutung gewonnen. Wir betrachten einen Teilbereich des kooperativen Verkehrsmanagements, nämlich kollektive Entscheidungsfindung in Gruppen von Verkehrsteilnehmern. In dem uns interessierenden Szenario werden Touristen, die eine Stadt besuchen, gebeten, Reisegruppen zu bilden und sich auf gemeinsame Besuchsziele (Points of Interest) zu einigen. Wir konzentrieren uns auf Wählen als Gruppenentscheidungsverfahren. Unsere Fragestellung ist, wie sich verschiedene Algorithmen zur Bildung von Reisegruppen und zur Bestimmung gemeinsamer Reiseziele hinsichtlich der System- und Benutzerziele unterscheiden, wobei wir als Systemziel große Gruppen und als Benutzerziele hohe präferenzbasierte Zufriedenheit und geringen organisatorischen Aufwand definieren. Wir streben an, einen Kompromiss zwischen System- und Benutzerzielen zu erreichen. Neu ist, dass wir die inhärenten Auswirkungen verschiedener Wahlregeln, Wahlprotokolle und Gruppenbildungsalgorithmen auf Benutzer- und Systemziele untersuchen. Altere Arbeiten zur kollektiven Entscheidungsfindung im Verkehr konzentrieren sich auf andere Zielgrößen, betrachten nicht die Gruppenbildung, vergleichen nicht die Auswirkungen mehrerer Wahlalgorithmen, benutzen andere Wahlalgorithmen, berücksichtigen nicht klar definierte Gruppen von Verkehrsteilnehmern, verwenden Wahlen für andere Anwendungen oder betrachten andere Algorithmen zur kollektiven Entscheidungsfindung als Wahlen. Wir untersuchen in der Hauptsimulationsreihe verschiedene Gruppenbildungsalgorithmen, Wahlprotokolle und Komiteewahlregeln. Wir betrachten sequentielle Gruppenbildung vs. koordinierte Gruppenbildung, Basisprotokoll vs. iteratives Protokoll und die Komiteewahlregeln Minisum-Approval, Minimax-Approval und Minisum-Ranksum. Die Simulationen wurden mit dem neu entwickelten Simulationswerkzeug LightVoting durchgef¨uhrt, das auf dem Multi-Agenten-Framework LightJason basiert. Die Experimente der Hauptsimulationsreihe zeigen, dass die Komiteewahlregel Minisum-Ranksum in den meisten Fällen bessere oder ebenso gute Ergebnisse erzielt wie die Komiteewahlregeln Minisum-Approval und Minimax-Approval. Das iterative Protokoll tendiert dazu, eine Verbesserung hinsichtlich der präferenzbasierten Zufriedenheit zu erbringen, auf Kosten einer deutlichen Verschlechterung hinsichtlich der Gruppengröße. Die koordinierte Gruppenbildung tendiert dazu, eine Verbesserung hinsichtlich der präferenzbasierten Zufriedenheit zu erbringen bei relativ geringen Kosten in Bezug auf die Gruppengröße. Dies führt uns dazu, die Komiteewahlregel Minisum-Ranksum, das Basisprotokoll und die koordinierte Gruppenbildung zu empfehlen, um einen Kompromiss zwischen System- und Benutzerzielen zu erreichen. Wir demonstrieren auch die Auswirkungen verschiedener Kombinationen von Gruppenbildungsalgorithmen und Wahlprotokollen auf die Reisekosten. Hier bietet die Kombination aus Basisprotokoll und koordinierter Gruppenbildung einen Kompromiss zwischen der präferenzbasierten Zufriedenheit und den Reisekosten. Zusätzlich zur Hauptsimulationsreihe bieten wir ein erweitertes Modell an, das die Präferenzen der Reisenden generiert, indem es die Attraktivität der möglichen Ziele und Distanzkosten, basierend auf den Entfernungen zwischen den möglichen Zielen, kombiniert. Als weiteren Anwendungsfall von Wahlverfahren betrachten wir ein Verfahren zur Treffpunktempfehlung, bei dem eine Bewertungs-Wahlregel und eine Minimax-Wahlregel zur Bestimmung von Treffpunkten verwendet werden. Bei kleineren Gruppen ist die durchschnittliche maximale Reisezeit unter der Bewertungs-Wahlregel deutlich höher. Bei größeren Gruppen nimmt der Unterschied ab. Bei kleineren Gruppen ist die durchschnittliche Verspätung für die Gruppe unter der Minimax-Wahlregel hoch, bei größeren Gruppen nimmt sie ab. Es ist also sinnvoll für kleinere Gruppen, die Minimax-Wahlregel zu verwenden, wenn man eine fairere Verteilung der Reisezeiten anstrebt, und die Bewertungs-Wahlregel zu verwenden, wenn das Ziel stattdessen ist, Verzögerungen für die Gruppe zu vermeiden. Für zukünftige Arbeiten wäre es sinnvoll, das Simulationskonzept anzupassen, um reale Bedingungen und Anforderungen berücksichtigen zu können. Weitere Möglichkeiten für zukünftige Arbeiten wären die Betrachtung zusätzlicher Algorithmen und Modelle, wie zum Beispiel die Betrachtung kombinatorischer Wahlen oder die Durchführung von Simulationen auf der Grundlage des erweiterten Modells, die Berücksichtigung der Rolle finanzieller Anreize zur Förderung von Ridesharing oder Platooning und die Nutzung des LightVoting-Tools für weitere Forschungsanwendungen.In the last decades, intelligent transport systems have gained importance. We consider a subarea of cooperative traffic management, namely collective decision-making in groups of traffic participants. In the scenario we are studying, tourists visiting a city are asked to form travel groups and to agree on common points of interest. We focus on voting as a collective decision-making process. Our question is how different algorithms for the formation of travel groups and for determining common travel destinations differ with respect to system and user goals, where we define as system goal large groups and as user goals high preference satisfaction and low organisational effort. We aim at achieving a compromise between system and user goals. What is new is that we investigate the inherent effects of different voting rules, voting protocols and grouping algorithms on user and system goals. Older works on collective decision-making in traffic focus on other target quantities, do not consider group formation, do not compare the effects of several voting algorithms, use other voting algorithms, do not consider clearly defined groups of vehicles, use voting for other applications or use other collective decision-making algorithms than voting. In the main simulation series, we examine different grouping algorithms, voting protocols and committee voting rules. We consider sequential grouping vs. coordinated grouping, basic protocol vs. iterative protocol and the committee voting rules Minisum-Approval, Minimax-Approval and Minisum-Ranksum. The simulations were conducted using the newly developed simulation tool LightVoting, which is based on the multi-agent framework LightJason. The experiments of the main simulation series show that the committee voting rule Minisum-Ranksum in most cases yields better than or as good results as the committee voting rules Minisum-Approval and Minimax-Approval. The iterative protocol tends to yield an improvement regarding preference satisfaction, at the cost of strong deterioriation regarding the group size. The coordinated grouping tends to yield an improvement regarding the preference satisfaction at relative small cost regarding the group size. This leads us to recommend the committee voting rule Minisum-Ranksum, the basic protocol and coordinated grouping in order to achieve a compromise between system and user goals. We also demonstrate the effect of different combinations of grouping algorithms and voting protocols on travel costs. Here, the combination of the basic protocol and coordinated grouping yields a compromise between preference satisfaction and traveller costs. Additionally to the main simulation series, we provide an extended model which generates traveller preferences by combining attractiveness of the points of interest and distance costs based on the distances between the points of interest. As further application of voting, we consider a meeting-point scenario where a range voting rule and a minimax voting rule are used to agree on meeting points. For smaller groups, the average maximum travel time is clearly higher for range voting. For larger groups, the difference decreases. For smaller groups, the average lateness for the group using minimax voting is high, for larger groups it decreases. Hence, it makes sense for smaller groups to use the minimax voting rule if one aims at fairer distribution of travel times, and to use the range voting rule if the goal is instead to avoid delay for the group. For future work, it would be useful to adapt the simulation concept to take real-world conditions and requirements into account. Further possibilities for future work would be considering additional algorithms and models, such as considering combinatorial voting or running simulations based on the extended model, considering the role of financial incentives to encourage ridesharing or platooning and using the LightVoting tool for further research applications