Autonomic Vehicular Networks: Safety, Privacy, Cybersecurity and Societal Issues

Safety, efficiency, privacy, and cybersecurity can be achieved jointly in self-organizing networks of communicating vehicles of various automated driving levels. The underlying approach, solutions and novel results are briefly exposed. We explain why we are faced with a crucial choice regarding motorized society and cyber surveillance

On safety in ad hoc networks of autonomous and communicating vehicles: A rationale for time-bounded deterministic solutions

International audienceAd hoc networks of autonomous vehicles endowed with inter-vehicular communication (IVC) capabilities are in our future. Avoidance of accidents in safety-critical (SC) scenarios is a major concern. We show that IVCs can " solve " safety-related problems that are not within the grasp of sensing/robotics. A rigorous definition of SC IVCs is given, based on the Bounded Move (BM) requirements. Longitudinal SC scenarios in ad hoc strings and lateral inter-string SC scenarios as they arise on highways are examined. Since current WAVE standards (IEEE 802.11p, ETSI ITS-G5) fail to meet the BM requirements by huge margins, novel solutions are sought. We present the cohort construct—a string with a specification, a deterministic MAC protocol that also achieves fast string-wide message dissemination, and two distributed agreement algorithms. Worst-case time bounds achieved by these solutions are given, showing that they meet the BM requirements. Anonymity issues are briefly addressed

Cohorts and Groups for Safe and Efficient Autonomous Driving on Highways

International audienceWe introduce constructs aimed at reconciling safety and efficiency for ad hoc highway-centric clusters of autonomous vehicles. The cohort construct is an ad hoc variant of the platoon construct. We show how to enforce safe inter-vehicle spacing in cohorts despite inaccurate vehicle space-time coordinates and failing telemetry capabilities, via neighbor-to-neighbor beaconing based on short range unidirectional communications. Worst-case analytical results are established for safe spacing bounds. A classical spacing algorithm is revisited, and proofs of usability in a discrete time beaconing model are given. Along with the group construct, which is based on prefixing usage of sensing-based solutions with omnidirectional inter-vehicular communications, we present a categorization of safety-critical scenarios. We discuss the benefits resulting from prefixing vehicle maneuvers with vehicle role assignments in safety-critical scenarios

Safety in Vehicular Networks—On the Inevitability of Short-Range Directional Communications

Mobile Ad Hoc NetworksInternational audienceSafety implies high dependability and strict timeliness under worst-case conditions. These requirements are not met with existing standards aimed at inter-vehicular communications (V2V) in vehicular networks. Ongoing research targets medium-range omnidirectional V2V communications and short-range directional communications, which we refer to as neighbor-to-neighbor (N2N) communications. Focusing on the latter, we investigate the time-bounded message dissemination (TBMD) problem as it arises in platoons and ad hoc vehicle strings, referred to as cohorts. Informal specifications of TBMD, of a solution, are given. We show how to guarantee cohort-wide dissemination of any N2N message generated by a cohort member, either spontaneously or upon receipt of a V2V message. Dissemination time bounds are given for worst-case conditions regarding N2N channel contention and N2N message losses. These results add to previously demonstrated merits of short-range directional communications as regards safety in vehicular networks

Integrated Safety and Efficiency in Intelligent Vehicular Networks: Issues and Novel Constructs

International audienceWe present the cohort and the group constructs which are aimed at reconciling safety and efficiency for intelligent vehicular networks on roads and highways, and show how platoons and vehicular ad hoc networks can be structured as cohorts and groups. Fundamental implications of safety requirements are reviewed. A rationale for on-board systems based on diversified functional redundancy is developed, illustrated with a proposal for neighbor-to-neighbor periodic beaconing based on short range unidirectional communications meant to withstand telemetry failures. Worst-case analytical results are given for safe inter-vehicle spacing in cohorts despite inaccurate vehicle space-time coordinates and failing telemetry capabilities. The group construct is based on prefixing usage of sensing-based solutions with omnidirectional communications. Benefits resulting from prefixing vehicle maneuvers with vehicle role assignments are illustrated with the on-ramp-merging safety-critical scenario

Protection de la vie privée, innocuité et immunité envers les cybermenaces dans les futurs réseaux de véhicules autonomes connectés

International audienceNi les communications radio envisagées pour les véhicules autonomes connectés actuellement définies par des standards, ni le balisage périodique ne procurent de propriétés d'innocuité (quasi-élimination des accidents graves) meilleures que celles assurées par la robotique embarquée. Les protocoles sup-plémentaires fondés sur la pseudonymie à clés publiques sont imparfaits. Les atteintes à la vie privée, l'espionnage et les cyberattaques de véhicules sont pos-sibles. Les analyses qui mettent en évidence les faiblesses de ces approches (ensemble baptisé WAVE 1.0) sont détaillées, suivies d'une présentation de solutions qui assurent à la fois l'innocuité maximale et l'immunité envers les cy-bermenaces (ensemble baptisé WAVE 2.0). On met en évidence le choix de société induit par le choix entre WAVE 1.0 et WAVE 2.0

Anonymat, non-traçabilité et sécurité-innocuité dans les réseaux de véhicules autonomes connectés

International audienceLes véhicules autonomes seront également « connectés », par adjonction aux systèmes bord de moyens de communication radio définis dans les standards US WAVE (ETSI ITS G5 sont les standards européens équivalents). Les communications inter-véhiculaires ont pour but de contribuer significativement à la réduction du taux d’accidents (propriété d’innocuité meilleure qu’avec la seule robotique embarquée). Les versions initiales de WAVE permettent des atteintes à la vie privée qui n’existent pas avec les véhicules à conduite humaine. Des solutions complémentaires furent donc définies (standards IEEE 1609.2, ETSI 102941) afin d’éliminer ces risques. L’ensemble comprenant WAVE et ces solutions complémentaires est noté WAVE 1.0. Des analyses rigoureuses permettent d’établir que WAVE 1.0 ne procure pas d’amélioration significative en matière d’innocuité (en sus de la robotique embarquée) et que WAVE 1.0 n’est pas satisfaisant en matière de protection de la vie privée. Les principaux risques encourus sont examinés. On développe un argumentaire en faveur de l’avènement de nouveaux standards de communications radio et optiques inter-véhiculaires—noté WAVE 2.0, fondés sur des solutions existantes qui assurent à la fois l’innocuité maximale et la discrétion absolue (l’élimination des risques examinés)

On the Power of Cohorts -- Multipoint Protocols for Fast and Reliable Safety-Critical Communications in Intelligent Vehicular Networks

International audienceWe report on recent findings related to safety-critical V2V multipoint communications in ad hoc networks of fully automated vehicles, in the presence of communication failures. Neither classical failure assumptions nor multipoint protocols at the core of existing communication standards can be considered, since they do not meet the high reliability and strict timeliness requirements set for safety-critical scenarios. We introduce a novel unbounded omission failure model, the concept of proxy sets which builds on the cohort construct, and Zebra, a suite of geocast, convergecast, and multicast protocols specifically designed for safety-critical 1-hop multipoint communications. Analytical expressions of worst-case termination time bounds are given for each Zebra protocol, which is mandatory with safety requirements. These results have a number of practical implications, which are discussed. They should be of interest to safety authorities and to the transportation industry involved in future deployments of intelligent vehicular networks

A Collision-Free MAC Protocol for Fast Message Dissemination in Vehicular Strings

International audienceThe focus of this paper is on safety-critical inter-vehicular communications in strings circulating on highways and main roads. The bounded channel access delay (BCAD) and the time-bounded message acknowledgment (TBMA) problems are specified. We present a collision-free deterministic directional MAC protocol that solves both problems. At the same time, that protocol minimizes string-wide message dissemination delays, in the presence of message and acknowledgement losses. Analytical expressions of various time bounds are given and illustrated with numerical examples

Cyberphysical Constructs and Concepts for Fully Automated Networked Vehicles

Human lives are at stake in networked systems of automated vehicles. Drawing from mature domains where life/safety critical cyberphysical systems have already been deployed as well as from various scientific disciplines, we introduce the SPEC (Safety, Privacy, Efficiency, Cybersecurity) problem which arises in self-organizing and self-healing networks of fully automated terrestrial vehicles, and CMX functionalities intended for vehicular onboard systems. CM stands for Coordinated Mobility, X stands for S, P, E and C. The CMX framework encompasses cyberphysical constructs (cells, cohorts) endowed with proven properties, onboard proactive security modules, unfalsifiable cyberphysical levels, protocols and distributed algorithms for timed-bounded inter-vehicular communications, reliable message dissemination, trusted explicit agreements/coordination, and privacy preserving options that insulate passengers from illegitimate internal cyber-surveillance and external eavesdropping and tracking. We establish inter alia that safety and privacy can be obtained jointly, by design. The focus of this report is on SE properties. Notably, we show how to achieve theoretical absolute safety (0 fatalities and 0 severe injuries in rear-end collisions and pileups) and highest efficiency (smallest safe inter-vehicular gaps) jointly, by design, in spontaneous cohorts of vehicles. Results conveyed in this report shall open new opportunities for innovative research and development of high societal impact.Les vies humaines sont en jeu dans les réseaux de véhicules automatisés, à l’instar de domaines matures où des systèmes critiques en matière de sécurité-innocuité ont déjà été déployés. Les connaissances acquises dans ces domaines ainsi que dans diverses disciplines scientifiques permettent de définir le problème SPEC (Safety, Privacy, Efficiency, Cybersecurity) qui se pose dans les réseaux auto-organisés et auto-réparateurs de véhicules terrestres à conduite entièrement automatisée. On introduit CMX, un ensemble de fonctionnalités destinées aux systèmes bord. CM est l’abréviation de Coordinated Mobility, et X signifie S, P, E et C. L’ensemble CMX repose sur des constructions cyberphysiques (cellules, cohortes) dotées de propriétés prouvées, les concepts de module de sécurité proactif et de niveaux cyberphysiques infalsifiables, des protocoles et des algorithmes distribués pour communications inter-véhiculaires en temps borné, dissémination fiable de messages, coordination et accords explicites dignes de confiance, ainsi que sur des options de protection de la vie privée qui permettent aux passagers d’interdire la cyber-surveillance illégitime interne et externe (écoutes radio et pistage des trajets). On établit qu’il est possible de garantir conjointement sécurité-innocuité (safety) et respect de la vie privée (privacy), par conception. Ce rapport est consacré aux propriétés SE. En particulier, on montre comment obtenir la sécurité-innocuité absolue théorique (taux nul de mortalité et de graves blessures en cas de collisions longitudinales) et maximiser l’efficacité (espaces inter-véhiculaires minimaux) conjointement, par conception, dans les cohortes spontanées de véhicules. Les résultats contenus dans ce rapport devraient ouvrir de nouvelles perspectives de recherche et développement à fort impact sociétal