Vehicular Ad-hoc Networks for Smart Cities: Third International Workshop, 2019 (Advances in Intelligent Systems and Computing, 1144) 9811537496, 9789811537493

Citation preview

Advances in Intelligent Systems and Computing 1144

Anis Laouiti Amir Qayyum Mohamad Naufal Mohamad Saad   Editors

Vehicular Ad-hoc Networks for Smart Cities Third International Workshop, 2019

Advances in Intelligent Systems and Computing Volume 1144

Series Editor Janusz Kacprzyk, Systems Research Institute, Polish Academy of Sciences, Warsaw, Poland Advisory Editors Nikhil R. Pal, Indian Statistical Institute, Kolkata, India Rafael Bello Perez, Faculty of Mathematics, Physics and Computing, Universidad Central de Las Villas, Santa Clara, Cuba Emilio S. Corchado, University of Salamanca, Salamanca, Spain Hani Hagras, School of Computer Science and Electronic Engineering, University of Essex, Colchester, UK László T. Kóczy, Department of Automation, Széchenyi István University, Gyor, Hungary Vladik Kreinovich, Department of Computer Science, University of Texas at El Paso, El Paso, TX, USA Chin-Teng Lin, Department of Electrical Engineering, National Chiao Tung University, Hsinchu, Taiwan Jie Lu, Faculty of Engineering and Information Technology, University of Technology Sydney, Sydney, NSW, Australia Patricia Melin, Graduate Program of Computer Science, Tijuana Institute of Technology, Tijuana, Mexico Nadia Nedjah, Department of Electronics Engineering, University of Rio de Janeiro, Rio de Janeiro, Brazil Ngoc Thanh Nguyen , Faculty of Computer Science and Management, Wrocław University of Technology, Wrocław, Poland Jun Wang, Department of Mechanical and Automation Engineering, The Chinese University of Hong Kong, Shatin, Hong Kong

The series “Advances in Intelligent Systems and Computing” contains publications on theory, applications, and design methods of Intelligent Systems and Intelligent Computing. Virtually all disciplines such as engineering, natural sciences, computer and information science, ICT, economics, business, e-commerce, environment, healthcare, life science are covered. The list of topics spans all the areas of modern intelligent systems and computing such as: computational intelligence, soft computing including neural networks, fuzzy systems, evolutionary computing and the fusion of these paradigms, social intelligence, ambient intelligence, computational neuroscience, artificial life, virtual worlds and society, cognitive science and systems, Perception and Vision, DNA and immune based systems, self-organizing and adaptive systems, e-Learning and teaching, human-centered and human-centric computing, recommender systems, intelligent control, robotics and mechatronics including human-machine teaming, knowledge-based paradigms, learning paradigms, machine ethics, intelligent data analysis, knowledge management, intelligent agents, intelligent decision making and support, intelligent network security, trust management, interactive entertainment, Web intelligence and multimedia. The publications within “Advances in Intelligent Systems and Computing” are primarily proceedings of important conferences, symposia and congresses. They cover significant recent developments in the field, both of a foundational and applicable character. An important characteristic feature of the series is the short publication time and world-wide distribution. This permits a rapid and broad dissemination of research results. ** Indexing: The books of this series are submitted to ISI Proceedings, EI-Compendex, DBLP, SCOPUS, Google Scholar and Springerlink **

More information about this series at http://www.springer.com/series/11156

Anis Laouiti Amir Qayyum Mohamad Naufal Mohamad Saad •

•

Editors

Vehicular Ad-hoc Networks for Smart Cities Third International Workshop, 2019

123

Editors Anis Laouiti Telecom SudParis Institut Polytechnique de Paris Paris, France

Amir Qayyum Capital University of Science & Technology Islamabad, Pakistan

Mohamad Naufal Mohamad Saad Universiti Teknologi Petronas Seri Iskandar, Perak, Malaysia

ISSN 2194-5357 ISSN 2194-5365 (electronic) Advances in Intelligent Systems and Computing ISBN 978-981-15-3749-3 ISBN 978-981-15-3750-9 (eBook) https://doi.org/10.1007/978-981-15-3750-9 © Springer Nature Singapore Pte Ltd. 2020 This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. This Springer imprint is published by the registered company Springer Nature Singapore Pte Ltd. The registered company address is: 152 Beach Road, #21-01/04 Gateway East, Singapore 189721, Singapore

IWVSC 2019 Workshop Organization

General Co-chairs Anis Laouiti, Telecom SudParis, France Amir Qayyum, Capital University of Science and Technology, Pakistan Mohamad Naufal Mohamad Saad, Universiti Teknologi Petronas, Malaysia

Organizing Co-chairs Mohamed Hadded, VEDECOM, France Ines Ben Jemaa, IRT SystemX, France Oyunchimeg Shagdar, VEDECOM, France Paul Muhlethaler, INRIA, France

Technical Program Committee Abed Ellatif Samhat, Lebanese University, Lebanon Ahmed Soua, VEDECOM, France Ameni Chtourou, VEDECOM, France Amir Qayyum, Capital University of Science and Technology, Pakistan Anis Laouiti, Telecom SudParis, France Arnaud Kaiser, IRT SystemX, France Azlan Awang, Universiti Teknologi PETRONAS, Malaysia Brigitte Lonc, Renault, France Carole Bassil, Lebanese University, Lebanon

v

vi

IWVSC 2019 Workshop Organization

Farah Haidar, Renault, France Fatma Hrizi, Gafsa University, Tunisia Fatma Marzouk, University of Aveiro, Portugal Francisco J. Martinez, University of Zaragoza, Spain Fouzi Boukhalfa, VEDECOM, France Hamssa Hasrouny, Lebanese University, Lebanon Hakim Ghazzai, Stevens Institute of Technology, Hoboken, NJ, USA Hichem Sedjelmaci, Orange Lab, France Ines Khoufi, Telecom SudParis, France Ines Ben Jemaa, IRT SystemX, France Joseph Kamel, IRT SystemX, France Khalifa Toumi, IRT SytemX, France Leila Azouz Saidane, Manouba University, Tunisia Meriem Allouch, VEDECOM, France Mohamad Naufal Mohamad Saad, University Teknologi Petronas, Malaysia Mohamed Hadded, VEDECOM, France Mohamed Ben Brahim, Qatar Mobility Innovations Center, Qatar Muhammad Zeeshan, NUST, Pakistan Nasrullah Armi, Indonesian Institute of Sciences, Indonesia Oyunchimeg Shagdar, VEDECOM, France Paul Muhlethaler, INRIA, France Patrick Sondi, University of Littoral Cote d’Opale, France Pierre Merdrignac, VEDECOM, France Sabrine Aroua, University of La Rochelle, France Samira Chouikhi, Technology University of Troyes, France Sylvain Lefebvre, TOYOTA InfoTechnology Center, France Thiwiza Bellache, VEDECOM, France Wei Wei, Xi’an University of Technology, China

Additional Reviewers Dory Merhy, Centrale Supelec, France Maissa Boujelben, VEDECOM, France Michael Lucic, Stevens Institute of Technology, Hoboken, NJ, USA Mohammed Adel Abdel-Hafez, United Arab Emirates University, United Arab Emirates

IWVSC 2019 Workshop Organization

Sponsoring VEDECOM, France IRT SystemX, France Telecom SudParis, Institut Mines-Telecom, France INRIA, France Universiti Teknologi Petronas, Malaysia Capital University of Science and Technology, Pakistan

vii

Preface

It is our great pleasure to welcome all participants to the beautiful city of Paris to participate in the Third International Workshop on Vehicular Ad-hoc Networks for Smart Cities (IWVSC 2019). This new edition comes after the success of the two first editions of the workshop organized in Kuala Lumpur, Malaysia, in 2014 and 2016. Vehicular communication for intelligent transportation systems is getting more attractive than ever, especially with the huge development of the advanced driver assistance systems (ADAS). ADAS will make the autonomous driving a reality, while vehicular communication and data exchange will increase a vehicle’s perceptual abilities. From a macroscopic perspective, improved driving cooperation between vehicles will also increase the fluidity of vehicle fleet movements. For many years, the academic and industrial research communities have been investigating several communication technologies like the most promising 5G in order to improve the efficiency and safety of future transportation systems. As the research is becoming mature, vehicular networking is expected to offer a wide variety of applications, including safety and infotainment. It is envisioned that future communicative vehicles will evolve in a more intelligent and facilitating environment, also known as smart cities. In this context, the interaction between vehicles and intelligent infrastructures will influence each other to achieve their targets. Not only the car drivers would travel in an efficient and safe manner but the smart cities would also offer the best living conditions for citizens by reducing air and noise pollutions for the inhabitants and reducing traffic congestion with a better traffic information system for cars. Efficient interaction between vehicles and smart cities’ infrastructures is naturally needed to reach these goals. IWVSC 2019 aims at providing a forum to bring together people from both academia and industry to discuss recent developments in vehicular networking technologies and their interaction with future smart cities, in order to promote further research activities and identify practical challenges. We hope you will find the technical program and the keynote talk very beneficial. It has been a huge team effort involving many volunteers in order to make IWVSC 2019 a reality. Warm thanks to our Organizing Committee and special thanks to our Organizing Technical Program Committee members who worked ix

x

Preface

hard to produce a comprehensive, high-quality program. In addition, IWVSC features two keynote speeches. The first one focuses on the use of the Unmanned Aerial Vehicles as an Enabler for Next Generation Intelligent Transportation Systems, whereas the second one analyzes the challenges and solutions of the Trusted Computations in 5G Vehicular Environments. Last but not least, we are also grateful to all authors for their submissions. We hope that you will find this program interesting and that the workshop will provide you valuable opportunities to share ideas with other researchers and practitioners around the world. Paris, France November 2019

Anis Laouiti Amir Qayyum Mohamad Naufal Mohamad Saad

Contents

Intelligent Traffic Systems and V2X Communication Implementation and Evaluation of Intelligent Roadside Infrastructure for Automated Vehicle with I2V Communication . . . . . . . . . . . . . . . . . . Abhishek Jandial, Pierre Merdrignac, Oyunchimeg Shagdar, and Laurent Fevrier

3

Technology Selection for IoT-Based Smart Transportation Systems . . . Wael Ayoub, Abed Ellatif Samhat, Mohamad Mroue, Hussein Joumaa, Fabienne Nouvel, and Jean-Christophe Prévotet

19

Performance Evaluation of Speed Platoon Splitting Algorithm . . . . . . . Rami Khoder, Rola Naja, and Samir Tohme

31

New Technologies for Vehicular Networks AVEC: A Statistical Framework for Adaptive Vehicular Edge Data Cleaning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Mohamed Ben Brahim and Hamid Menouar

45

Software-Defined Networking for Emergency Traffic Management in Smart Cities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Pegah Nikbakht Bideh, Nicolae Paladi, and Martin Hell

59

Vehicular Networks and Security Towards a Reliable Machine Learning-Based Global Misbehavior Detection in C–ITS: Model Evaluation Approach . . . . . . . . . . . . . . . . . Issam Mahmoudi, Joseph Kamel, Ines Ben-Jemaa, Arnaud Kaiser, and Pascal Urien A RINA-Based Security Architecture for Vehicular Networks . . . . . . . . Fatma Hrizi and Anis Laouiti

73

87

xi

xii

Contents

Networks of Trusted Execution Environments for Data Protection in Cooperative Vehicular Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Philippe Boos and Marc Lacoste

99

Vehicular Ad Hoc Networks Security for Smart Cities Based on 2D ZCC/MD Optical CDMA Code . . . . . . . . . . . . . . . . . . . . . . . . . . 111 Rima Matem, S. A. Aljunid, M. N. Junita, C. B. M. Rashidi, and N. M. Saad Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Intelligent Traffic Systems and V2X Communication

Implementation and Evaluation of Intelligent Roadside Infrastructure for Automated Vehicle with I2V Communication Abhishek Jandial, Pierre Merdrignac, Oyunchimeg Shagdar, and Laurent Fevrier

Abstract Automated vehicles (AV) are important elements of smart cities reducing traffic congestions and gas emission. These objectives, however, cannot be achieved without smart infrastructures installed in complex road sections like intersections, roundabouts, blind zones, and uphill. Smart infrastructures equipped with sensors combined with infrastructure-to-vehicle (I2V) communication offer an opportunity to make better decision and to extend perception of AVs. Roadside infrastructure (RSI) is for various services such as green light optimization speed advisory, cooperative awareness, and decentralized event notification supporting AVs to driving safer and in a more efficient manner. Complementary, a collective perception message (CPM) is under specification at European Telecommunications Standardization Institute (ETSI) to transfer information from smart sensors. As CPM carries detailed information on objects detected by the sensors, significant benefits are expected by installing such service on RSI collecting data on blind zones and other complex areas. In this paper, we first introduce an intelligent RSI architecture, which is compatible with multiple sensor types and providers, further processes sensor data for CPM creation and transmission. Then, we present our methodology for implementation of our RSI for on-site experimentations. Finally, some key evaluations of CPM transmissions are conducted. Keywords Infrastructure-to-vehicle communication · Collective perception · Automated vehicle · Roadside infrastructure · Roadside unit

A. Jandial (B) · P. Merdrignac · O. Shagdar · L. Fevrier Institut VEDECOM, 23 bis Allée des Marronniers, 78000 Versailles, France e-mail: [email protected] P. Merdrignac e-mail: [email protected] O. Shagdar e-mail: [email protected] L. Fevrier e-mail: [email protected] © Springer Nature Singapore Pte Ltd. 2020 A. Laouiti et al. (eds.), Vehicular Ad-hoc Networks for Smart Cities, Advances in Intelligent Systems and Computing 1144, https://doi.org/10.1007/978-981-15-3750-9_1

3

4

A. Jandial et al.

1 Introduction Autonomous vehicles (AVs) are rapidly emerging as a major technology to improve road transportation systems in terms of safety and efficiency. While AVs are currently mostly relying on the existing road infrastructure, such as road lanes and traffic signs, to navigate safely and more autonomously, they must share their driving environment with other users such as non-AVs, pedestrians, or cyclists. Since AVs must perform complex maneuvers such as crossing an intersection, entering in a roundabout, overtaking in roadwork area, cooperation among road users has to be made and is the key element of Cooperative Intelligent Transportation Systems (C-ITS) [1, 2]. Complementary to the development of AVs, roadside infrastructure (RSI) is also under constant evolution and can support new generation of vehicles by hosting different services such as intersection crossing assistance [3] or road hazard warning [2]. To ensure interoperability and to facilitate the deployment of such services, standardization organizations such as European Telecommunications Standards Institute (ETSI) and IEEE made enormous efforts in producing specifications of V2X communication protocols, security, privacy measures, and a set of target C-ITS services. In Europe, roadside units (RSU) and vehicles implementing such services should be equipped with a module, called ITS Station, compliant with the standardized C-ITS architecture [4]. Among the different services offered by C-ITS architecture, cooperative awareness (CA) [5] and decentralized environmental notification (DEN) [6] services were the first ones that are normalized by ETSI in order to provide basic set of application for driving assistance [7]. Although CA and DEN services have brought interesting support to connected vehicles, they are not sufficient for AVs which require more advanced C-ITS applications such as protection of vulnerable road users, maneuver intention sharing, and cooperative driving. For today, AVs are mainly relying on their embedded sensors in order to have a local perception of their environment and plan automated maneuvers. However, as these sensors can have a limited field of view or be occluded in presence of road obstacle, an AV may be unable to perform some actions, leading to possible counter-productive effects in terms of road safety and traffic. Hence, sharing embedded sensor information among AVs is proposed in order to extend the perception range [8, 9]. In this paper, we present an RSI which uses collective perception (CP) for assisting AVs in dedicated sites. Figure 1 illustrates the proposed system at a roundabout where local perception of AV is insufficient due to limited field of view and occluding obstacles. Here, a set of local intelligent sensors such as cameras and lidars can be installed to cover the site with a full perception. Then, RSU transmits such perception information via V2X communication using collective perception messages (CPM) as being specified by ETSI [10]. The proposed system assists the vehicle to adapt its behavior when approaching an accident-prone zone (ex: for arrival on a pedestrian passage or bus stop or a crossroad, etc.). Indeed, receiving real-time information

Implementation and Evaluation of Intelligent Roadside …

5

Fig. 1 Illustration of collective perception by roadside infrastructure

of the current situation on this zone would help the vehicle to anticipate better its trajectory (speed and heading) and hence to take maneuvers such as soft braking or smooth lane change. The rest of the paper is organized as follows. Section 2 introduces related works. Section 3 presents our system for roadside infrastructure based extended perception for AVs and Sect. 4 details the key steps in implementation of an intelligent RSI. In Sect. 5, we provide system evaluations. Finally, Sect. 6 concludes our work.

2 Related Works The majority of the R&D efforts on roadside units have a focus on assisting vehicles using infrastructure-to-vehicle (I2V) communication [11] for use cases such as event notification by an operator center [2], Signal Phase and Time (SPaT) of traffic lights for green light optimal speed adaptation [3]. Such information can then be displayed on human–machine interface (HMI) of the vehicle for driver assistance [2] or advertisement of service availability on service channel of V2X Communication frequency band [12]. Although, all these messages offer very interesting assistance for drivers of non-AVs, they do not provide a sufficiently precise description of the environment for AVs. The authors of [13] proposed to extend RSI with a functionality of sharing sensor measurement using, for example, CA messages (CAM). Although such an approach exploits the existing standards, it is preferred to rely on a dedicated message for such augmented perception as many CAMs would be transmitted for indicating

6

A. Jandial et al.

multiple users and generating an important channel load. It could also present security risks if some malicious vehicles decide to transmit fake information about other users. As automated vehicles are equipped with embedded sensors, various works have been proposed to share the data collected by these sensors in the vehicular network [8, 14, 9]. With such systems, the information from local sensors are broadcasted to neighboring vehicles, which can then process the received data elements. To ensure interoperability between different types of vehicles and infrastructures, that may be equipped with various types of sensors, a generalization of the data format is necessary. Such a common message format has been introduced in [15] and a modified version is being specified at ETSI [10] under the new work item entitled Collective Perception Service. With CP service, road users share their environmental knowledge and it has been shown that such a service can improve the overall situation awareness for AVs [16]. Earlier simulation studies on CPM transmitted by an intelligent RSI have been carried out and showed its potential to extend the time horizon of AVs [17]. As CPM is getting more and more attention, we introduce an intelligent RSI which has been installed in multiple test sites. The main contribution of our work consists of large experimental trials of CPM transmission with a study on RSI installation at trial site to obtain the optimal performance with these messages.

3 Intelligent RSI for Extending Perception of AVs As autonomous shuttles are driving in open road to serve passengers in regular trips, it is necessary to ensure that the road is fully compliant with their operational requirements as illustrated in Fig. 2. As part of a French national project, multiple AVs are conducting on-field experiments covering 10 km of open roads. In this context, we developed intelligent RSI to cover the autonomous shuttle testing environment. In particular, our intelligent RSI has been installed in 26 sites where the quality of service of autonomous shuttles may be reduced if they drive in complete autonomy.

3.1 Requirements The following are the key elements which should be carefully considered for developments and installations of intelligent RSIs.: • Time synchronization: As data communicating between AV and RSI are highly dynamic, e.g., position and speed of vehicles, a perfect synchronization between these equipments is needed.

Implementation and Evaluation of Intelligent Roadside …

7

Fig. 2 Road infrastructure for autonomous shuttle supervision

• End to end time: The time duration between the moment when the sensor perceives the environment and the moment when AV receives the corresponding CPM shall be sufficiently small. A CPM which arrives late to the AV would be of no use. • Interoperability between various sensors and V2X vendors: Nowadays, many commercial sensor providers are available with very efficient object detection algorithms like smart cameras by Flir [18] and Lidar by Quanergy [19], etc. The RSI should support any sensors of such vendors. Similarly, it should be able to support interface with any V2X devices or LTE broadcasting routers. • Precision of position: As this system shares roadside perception with AV, so that AV can make decisions to perform automated actions, a precision of a few centimeters is required for transmitted position values. • Site coverage: RSI is installed in an environment where perception of AV can be degraded due to limited visibility. Therefore, the roadside sensors mounted on the RSI should provide broader perception view in order to reduce the effects of blind zones for AVs and assist AVs in anticipating any danger. • Adaptability to site particularities: As each site for RSI installation has its unique particularities in terms of road layout, road length/width, traffic density, vehicle types and their velocity, and the presence of vulnerable road users and buildings/trees in the surroundings, it is necessary for the system to be adaptable. By studying installation sites, appropriate decisions regarding choice of sensors and equipment implantation shall be made. For example, sensors cannot be installed everywhere and existing poles or lamp posts can be chosen to support them.

8

A. Jandial et al.

Fig. 3 Architecture of the roadside infrastructure

3.2 Architecture of the System As shown in Fig. 3, the proposed RSI is composed of three main elements: • Smart sensors are responsible for roadside scene observation and object detection. As such smart sensors embed signal processing algorithms, they produce tracking lists containing information regarding the objects located in the target zone of RSI. • A central perception unit is responsible for converting tracking list obtained from smart sensors into CPM format. This module ensures interoperability between multiple sensors vendors and multiple communication technologies. In addition, it can fill CPM data fields based on data elements provided by the sensors currently in use at a given RSI. • A roadside unit (RSU) sends CPM on the V2X channel. This RSU must be compliant with the reference C-ITS architecture [4].

3.3 Central Perception Unit Currently, many commercial sensors and software are available in the market to perform automatic object detection and tracking. The purpose in designing such component is that the RSI can be configured with multiple sensors and RSU vendors. This provides an improved adaptability of the system when installed in sites having different requirements. Central Perception Unit flowchart is shown in Fig. 3 and is composed of three main steps: (1) A reader connects to the sensor via standard protocols like TCP, UDP, WebSocket, etc. Then sensor data are read over various formats like, XML, JSON, etc. In our experiment, a TCP and WebSocket readers have been designed.

Implementation and Evaluation of Intelligent Roadside …

9

(2) Depending on the received sensor data format, the packets are decoded using either JsonDecoder or XMLDecoder, and then converted in order to be filled into CPM format. (3) Once the CPM is prepared, a publisher provides such data structure to an RSU, which is in our case a V2X device, for its broadcasting to the AV. In our experiment, the publisher sends the CPM over TCP protocol. Additionally, it can be configurated to connect to multiple kinds of devices or logging units.

4 Key Concepts in Implementation of Intelligent RSI 4.1 Site Survey Perception survey was performed before the installation of the sensors and the RSU. The purpose of this survey was to understand the topology of the sites and points of interest. Moreover, a particular attention was brought into finding blind spots for AV. To ensure that such blind zones can be anticipated, an optimal sensor is chosen for the installation on a particular site. Table 1 lists indicators that were evaluated during the site survey. These indicators have been organized into three main categories: Table 1 Categorization of indicators evaluated during site survey SS_ID

Site categories

Site survey indicators

SS_RPC_1

Physical conditions of the roadside

• Presence of trees

SS_RPC_2

• Presence of heavy-structure buildings

SS_RPC_3

• Straight road

SS_RPC_4

• Sidewalks

SS_RPC_5

• Roundabout • Intersection • …

SS_DOT_1

Detection object type

• Pedestrians only (e.g., crossroad)

SS_DOT_2

• buses and pedestrians (e.g., at bus stops)

SS_DOT_3

• Vehicles only (e.g., at highways)

SS_DOT_4

• Multiple types of objects (e.g., at a large roundabout) • …

SS_ROI_1

Region of interest (ROI)

• Blind/hidden spot

SS_ROI_2

• Dangerous zones

SS_ROI_3

• Key detection areas on the site

10

A. Jandial et al.

Fig. 4 Roadside topology

• Physical conditions of the roadside: roadsides can have trees or heavy-structure buildings which could limit the visibility of AV. Topology of a site varies like roundabouts, small intersections, blind curves, single or multiple lane roads, etc. and can impact choice of sensors. Figure 4 shows two different types of road topologies: a large roundabout on the right and a narrow straight road on the left. For instance, a sensor with large field of view would be preferred at the roundabout due to site dimension. • Detection object type: On certain sites, main interest for detection could be just pedestrians, vehicles/buses, or both. Sites with a high number of specific objects, could use a sensor with the best detection performances on that specific object. For example, the straight road illustrated in Fig. 2 (right) has a pedestrian crossing, hence the pedestrian detection is the major interest of the installed RSI. On such sites, a short-range pedestrian detection camera could be the best fit. • Region of interest (ROI): Region of interest refers to blind spots or other types of danger zones, where vehicles can have high probability of collisions and hence requiring an especial attention to enhance the perception of AV. Many blind zones are possible in a trajectory of an AV, e.g., an uphill or sharp bend on the road, the presence of static/dynamic objects such as trucks and buses. In order to choose a sensor for the installations, it is important to understand the efficiency and functionality of that sensor. In our work, we performed a series of test cases on the sensors, as shown in Table 2, to evaluate their strengths and limitations. Our tests can be divided into two kinds. First, sensor unit test cases, classified in five categories, seek to provide the conditions in which a sensor can be used at an RSI. The results of such tests are binary, either OK or KO. Second, sensor performance evaluation tests are conducted on multiple parameters. Particularly, extensive tests are conducted with multiple datasets in order to estimate average performances for different parameters, e.g., accuracy of position and speed of detected objects.

Implementation and Evaluation of Intelligent Roadside …

11

Table 2 Sensor validation tests SV_ID

Test category

Test cases

SV_LCT_1

Light conditions tests

Object detection in night conditions

SV_LCT_2

Object detection in different weather conditions like rainy, snowy

SV_FOC_1

FOV tests

Test the horizontal field of view of the sensor • Lidar 90°/180°/270°, • cameras 45°, 60°, 90°

SV_OIC_1

Object_id confirmation and range blockage tests

Test object blockage by some surrounding objects like wall, tree, etc

SV_OIC_2

Detection and tracking of 2 or more objects moving closely and then separating

SV_OIC_3

Detection and tracking of 2 or more objects arriving from different directions and will move together toward a same direction and with a speed

SV_OIC_4

Test an object, which enters the detection frame and then leaves out of the range and then shows up again

SV_MOT_1

Mask object tests

Detection of a pedestrian carrying cap and/or umbrella

SV_MOT_2

Detection of incomplete or semi hidden object in the frame of the sensor, e.g., half vehicle appears in the FOV of the sensor

SV_MOT_3

Detection of pedestrian with skates/electric scooter/Stroller

SV_MOT1_1

Multiple object tests

Detection of multiple objects arriving from different directions and leave to different directions

SV_MOT1_2

Detection of two or more pedestrians appearing in the frame from opposite directions at the same time

SV_MOT1_ 3

Detection of a large number of objects (20–100) appearing at the same time in the frame

SV_PAT_1 SV_PAT_2

Position accuracy tests

Detection of an object within 0–20 m of distance from the sensor Detection of an object at 30 m of distance from the sensor (continued)

12

A. Jandial et al.

Table 2 (continued) SV_ID

Test category

SV_PAT_3 SV_ST_1

Detection of an object at 40 m distance from the sensors Speed test

SV_DT_2 SV_ST_1

Test cases

Detection of vehicles driving at different speeds: 10, 20, 40, 60 km/h Detection of pedestrians that are walking, jogging, or running

Direction test

Detection and tracking of objects moving in the directions of: • X-axis to −X-axis • −X-axis to X-axis • Y-axis to −Y-axis • −Y-axis to Y-axis

4.2 Sensors Qualification Per Site After completing site survey and sensor testing as presented in the above sections, a main part of our work is to qualify sensors that can be installed on individual target sites. Figure 5 presents the flow chart of our methodology for qualifying a given sensor for a target installation site. First, requirements related to the installation site are extracted from the perception survey. These requirements express objectives for the RSI sensors in terms of site Fig. 5 Flowchart of sensor qualification methodology

Implementation and Evaluation of Intelligent Roadside …

13

coverage regarding identified ROI and target object for detection. In addition, some constraints for sensor implantation are also defined from the perception survey. Second, individual sensors are qualified with respect to the site requirements. In particular, the following criteria are considered in the qualification process: • Type of sensors: As different sensors have different capabilities, we need to validate the capacity of the sensor to be compliant with site coverage and other detection requirements. • Sensor installation constraint: All the sensors cannot be mounted on the same height. For example, lidar cannot be installed at a height more than 4 m, while cameras have prerequisite of installation between 6 and 9 m depending upon its horizontal FOV. Implantation position satisfying these conditions must be ensured. • Position and Angle of the sensor: Depending on the position and view angle of the sensor, it can have different performances. As these parameters are fixed at the installation, it is important to decide a configuration where a sensor has optimal detection for the required region of interest inside the site. Then, an expected performance level is evaluated by retrieving the sensor performance in the configuration of the target site from a recorded dataset. From this evaluation stage, a sensor acceptance score is obtained in order to validate or invalidate the installation of such sensor. Finally, once all sensors have been qualified for a given test site, the configuration of the RSI with the highest acceptance is selected and is applied for installation.

4.3 RSI Installations The RSI installation was performed for the experimentation with AV on a commercial road with many non-connected vehicles. The figures below show AV on the road with installed RSI. In this section we discuss post-installation tasks and challenges. Calibration: Once the sensor is installed, some intrinsic and extrinsic parameters like sensor height, tilt angle, and detection criteria should to be calibrated for the best performances. First, in a case of smart cameras, the calibration involves just inputting the height of the sensors for precise detection. Second, in a case of lidars, the calibration can be more complicated especially if dealing with raw laser data. For our experiments, a commercial lidar with automatic calibration based on the background image was installed. Additional steps must be performed when multiple lidar fusion is involved and for the complete of RSI: • Position precision: The central perception unit performs the translation of the object position from its relative position to the RSU/sensor to an absolute position using the absolute position of RSU and the sensor. Thus, the positions of sensors and RSU have to be precisely measured during the installation of these equipments on a site. These precise positions were obtained in this experiment using an RTK

14

A. Jandial et al.

Fig. 6 Experiment sites and AV next to RSI

correction with GNSS. Figure 6 (right) shows recording position at the experiment site using GPS RTK. • Defining the region of interest (ROI) of the sensors is made in order to avoid unwanted object detections and unnecessary processing overhead. Stability of the infrastructure: If the sensor moves after the calibration procedure, the calibration can be lost resulting in false detections. It has been experienced that precision of the output data given by sensors can be degraded in case of a movement of about 2 cm at the installation mast. Such instability could be caused due to improper installations or due to the weather conditions (strong winds). Therefore, it is important to ensure the sensor stability by taking into account the following considerations: • Making sure the roadside mast is stable and robust. • Avoid any electromagnetic interface around sensors or to the electric box. • Ensure the cable connecting the main circuit box to sensor should not exceed 100 m. • In a case of change in calibration of sensor, alerts should be triggered to an administrator of the RSI.

5 Evaluations In this section, we provide some key insights related to the performance of our RSI which were obtained during the evaluation of the system.

5.1 V2X Transmissions Evaluations Figure 7a (left) shows the CPM generation time with number of objects associated to it. The CPM generation time ranges from minimum 2.6 ms to maximum 9.3 ms.

Implementation and Evaluation of Intelligent Roadside …

15

Fig. 7 a and b CPM generation and transmission time

Figure 7b (right) shows the CPM air time or transmission time associated with number of objects in the CPM message. It has to be noted that all these values in graphs are average of at least 100 iterations performed. In addition, we made the following observations from our experiments regarding V2X communication: • Due to the MDPU (media access data protocol unit) limitation, which is 1398 bytes for IEEE Std 802.11—2007, we include up to a given number of objects in a single CPM. In our case, approximately up to 50 objects can be informed by a CPM. • Range of V2X message transmission by RSU is affected by urban infrastructure. Indeed, V2X signal had a lower range in some urban sites of the experimentation. We noticed an average range around 400 m in the best conditions, i.e., rural sites and that this signal strength was reduced to approximately 200 m in the urban sites. This phenomenon of signal absorption maybe due to infrastructural structures like buildings, trees, etc. However, performances of the project experiment were not affected by such limitation as receiving CPM 200 meters ahead was sufficient considering an average speed of 18 km/h for AV. Nevertheless, this aspect should be considered in further experimentations with AVs at higher speeds. • The CPM performance can be largely affected by other protocols’ operations, particularly those for security-related procedures such as attachment and verification of security certificates. Moreover, security certification necessitates a reduction of the message size.

5.2 Sensor Evaluations Figure 8 shows the results obtained from object positioning measurements performed by a camera sensor when the camera is mounted at different heights (4, 5, 5.5, and 6 m) and the object is placed at various separation distances (horizontal distances) from the camera (da : 2, 5, 10, 20, and 25 m). More specifically, the camera mounted

16

A. Jandial et al.

POSITION ACCURACY WITH A CAMERA 30

Sensor Height = 4m Sensor Height = 5m Sensor Height = 5.5m Sensor Height = 6.5m Reference

MEASURED DISTANCE

25 20 15 10 5 0

0

5

10

15

20

25

30

DISTANCE IN METERS

Fig. 8 Sensor position accuracy test

Table 3 Object positioning error (|d − da|/da in percentage) by a camera sensor Distance (d) (m)

Camera height 4 m (%)

5 m (%)

5.5 m (%)

6.5 m (%)

2

35

59

81

79

5

3

3

1

20

10

9

6

5

16

20

21

17

13

35

25

35

59

81

79

at 4 meters estimates 2.7095 m for an object, which was actually at 2 m of distance (with error of 0.7095 m). Table 3 shows the resulting per-meter positioning error (|d − da |/da ). It can be seen that an optimal height of camera installation is between 5 and 5.5 m providing up to 5% of positioning error if the object is in the range of 5–15 m.

5.3 Time Synchronization Between Complete RSI and AV In our experiments, time synchronization has been made by using a NTP server for sensors and by GNSS antennas on the C-ITS stations. On the AV side, the time synchronization was performed using LTE network and GNSS. For the message exchange like SPaT there was not a major problem of the time lag as it does not require microsecond time precision. But for the CPM, which requires a high precision of time, we did not receive satisfying results (a detailed analysis is being carried out, and it will be presented in the future papers). Despite of using GNSS for time synchronization on both the ends RSU and OBU (on board unit), we conclude that

Implementation and Evaluation of Intelligent Roadside …

17

the GNSS does not provide a stable time and position accuracy. For our experiment, we decided to trigger a centralized clock which synchronizes both sides.

6 Conclusion We presented in this paper an intelligent roadside infrastructure which has been tested and installed in different target sites for assisting autonomous vehicles in case of limited perception situation. Our study provides major insight for future installation of such RSI, (1) the system must be interoperable with different sensors and communication system to be adapted to multiple site topologies (2) installation sites have to be studied carefully for choosing the most appropriate sensor configuration and offering the best service to AVs (3) installation calibration should done very precisely and alerts should be provided to operators in case calibration is lost to guaranty a high level of service for the RSI (4) current V2X communication systems have still some limitations to fully support collective perception, indeed, it has limitations to transmit information for a large number of detected objects and cannot ensure synchronization between transmitters.

References 1. Festag, A.: Cooperative intelligent transport systems standards in Europe. IEEE Commun. Mag. 52(12), 166–172 (2014) 2. Santa, J., Pereñíguez, F., Moragón, A., Skarmeta, A.F.: Vehicle-to-infrastructure messaging proposal based on CAM/DENM specifications. In: 2013 IFIP Wireless Days (WD). IEEE (2013) 3. Katsaros, K., Kernchen, R., Dianati, M., Rieck, D.: Performance study of a Green Light Optimized Speed Advisory (GLOSA) application using an integrated cooperative ITS simulation platform. In: 7th International Wireless Communications and Mobile Computing Conference. IEEE (2011) 4. ETSI: ETSI EN 302 665; Intelligent Transport Systems (ITS); Communications Architecture, 2010-09 5. ETSI: ETSI EN 302 637-2; Intelligent Transport Systems (ITS); Vehicular Communications; Basic Set of Applications; Part 2: Specification of Cooperative Awareness Basic Service, 201411 6. ETSI: ETSI EN 302 637-3; Intelligent Transport Systems (ITS); Vehicular Communications; Basic Set of Applications; Part 3 Specification of Decentralized Environmental Notification Basic Service, 2014-11 7. ETSI: ETSI TR 102 638; Intelligent Transport Systems (ITS); Vehicular Communications; Basic Set of Applications; Definitions, 2009-06 8. Bauer, M.A., Charbonneau, K., Beauchemin, S.S.: V2Eye: enhancement of visual perception from V2V communication. In: 2011 IEEE Consumer Communications and Networking Conference (CCNC). IEEE (2011) 9. Wender, S., Dietmayer, K.: Extending onboard sensor information by wireless communication. In: IEEE Intelligent Vehicles Symposium 5IV, pp. 535–540. IEEE (2007) 10. ETSI: ETSI TS 103 324; Intelligent Transport System (ITS); Collective Perception Service [Release 2] (2017)

18

A. Jandial et al.

11. Jerbi, M., Marlier, P., Senouci, S.M.: Experimental assessment of V2V and I2V communications. In: 2007 IEEE International Conference on Mobile Adhoc and Sensor Systems. IEEE (2007) 12. Labiod, H., Servel, A., Segarra, G., Hammi, B., Monteuuis, J.-P.: A new service advertisement message for ETSI ITS environments: CAM-Infrastructure. In: 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS). IEEE (2016) 13. Kitazato, T., Tsukada, M., Ochiai H., Esaki, K.: Proxy cooperative awareness message: an infrastructure-assisted v2v messaging. In: 2016 Ninth International Conference on Mobile Computing and Ubiquitous Networking (ICMU). IEEE (2016) 14. Rauch, A., Klanner, F., Dietmayer, K.: Analysis of V2X communication parameters for the development of a fusion architecture for cooperative perception systems. In: IEEE intelligent vehicles symposium (IV). IEEE (2011) 15. Gunther, H.-J., Mennenga, B., Trauer, O., Riebl, R., Wolf, L.: Realizing collective perception in a vehicle. In: IEEE Vehicular Networking Conference (VNC). IEEE (2016) 16. Günther, H.-J., Trauer, O., Wolf, L.: The potential of collective perception in vehicular ad-hoc networks.” In: 14th International Conference on ITS Telecommunications (ITST). IEEE (2015) 17. Merdrignac, P., Shagdar, O., Tohmé, S., Franchineau, J.-L.: Augmented perception by V2X communication for safety of autonomous and non-autonomous vehicles. In: Proceedings of 7th Transport Research Arena TRA 2018, 16–19 Apr 2018 18. Flir trafione cameras. https://www.flir.com/products/trafione/ 19. Quanergy M8 lidar. https://quanergy.com/m8/

Technology Selection for IoT-Based Smart Transportation Systems Wael Ayoub, Abed Ellatif Samhat, Mohamad Mroue, Hussein Joumaa, Fabienne Nouvel, and Jean-Christophe Prévotet

Abstract In this paper, we consider the selection of the appropriate technology in IoT environments. Specific IoT-based applications, including innovative tracking solutions in automotive or transportation systems, require the mobility of the IoT device under different IoT technologies. Selecting the best technology for connectivity based on several criteria is essential in this context. We investigate four LPWAN technologies and we study two well-known multi-attribute decision-making algorithms, TOPSIS and SAW, to select the appropriate IoT technology based on criteria such as bit rate, coverage, power consumption, etc. These two algorithms were implemented to select the best technology depending on the requirements of the application. The obtained results showed that the TOPSIS method gives better results than SAW in the selection and the sorting of the technologies. However, the running time of SAW is smaller. Keywords IoT · LPWAN · LoRaWAN · Sigfox · Wi-Fi HaLow · NB-IoT · MADM · Technology selection

W. Ayoub (B) · F. Nouvel · J.-C. Prévotet Institut National des Sciences Appliquées de Rennes—IETR-INSA, Rennes, France e-mail: [email protected] F. Nouvel e-mail: [email protected] J.-C. Prévotet e-mail: [email protected] A. Ellatif Samhat · M. Mroue · H. Joumaa Faculty of Engineering - CRSI, Lebanese University, Hadath Campus, Hadath, Lebanon e-mail: [email protected] M. Mroue e-mail: [email protected] H. Joumaa e-mail: [email protected] © Springer Nature Singapore Pte Ltd. 2020 A. Laouiti et al. (eds.), Vehicular Ad-hoc Networks for Smart Cities, Advances in Intelligent Systems and Computing 1144, https://doi.org/10.1007/978-981-15-3750-9_2

19

20

W. Ayoub et al.

1 Introduction Internet of Things (IoT) has spread across broad domains of applications such as health, automotive, supply chain, smart cities, smart homes, manufacturing, etc. Some studies expect that 20.8 billion of smart objects will be connected to the Internet by the end of 2020 [1, 2]. What distinguishes IoT technologies, such as the deployment of Low-Power Wide-Area Networks (LPWAN) from other systems, including Wi-Fi and cellular technologies, is that they are developed to send a small amount of data with a minimum of power and the end devices (ED) generally run on a battery and last a long time. Over the years, more and more IoT technologies have been developed. Some are created for specific needs that are not compatible with legacy systems, while others are an attempt by developers to develop a new standard that could be widely adopted. Beyond the ubiquity of ED in IoT environments, there is an increase in IoT applications that require mobility. With this increase in IoT technologies and applications, the industry must consider the mobility of the devices and the heterogeneity in the technologies. For example, in innovative tracking and collection solutions, most large companies need to track their vehicles and keep monitoring the quality of the transported products. Thus, investigating and supporting mobility is a significant requirement for a wide range of IoT applications. In [3, 4], we investigated the mobility of an ED moving within the coverage of different Gateways (GW). Also, we presented the switching procedure achieved by an ED after losing the connection with the current GW, in order to connect with a new one. When an ED supports different technologies, it is essential to select the most appropriate communication technology based on predefined criteria and strategic decisions. In this paper, we consider technology selection when an ED moves under the coverage of different IoT technologies. We focus primarily on the selection of the appropriate technology based on several criteria. Typical scenarios include vehicle tracking where the position of the moving vehicle is periodically collected by a specific application as shown in Fig. 1. In this case, a multi-technology IoT vehicle is a convenient solution. Another scenario consists of monitoring the supply chain where the ED is the system installed in the vehicle/container that transports food products. The idea is to monitor periodically the conditions of the food environment, such as temperature and humidity. In this case, the ED is responsible for collecting the appropriate data while the vehicle is moving. This IoT-based monitoring and tracking process helps improving product quality in a fabrication process based on industrial automation and where transportation is part of the whole process. Since a large number of criteria must be taken into account and due to the presence of many technologies, Multi-Attribute Decision-Making algorithms (MADM) [5, 6] are adopted. In particular, we consider Simple Additive Weighting (SAW) [5] and Technique for Order Preference by Similarity to Ideal Solution (TOPSIS) [7] algorithms. We assume that the IoT device is present in a heterogeneous environment including different IoT technologies and is running three types of applications divided into economical (or eco-performance), normal, and high-performance mode. In this

Technology Selection for IoT-Based Smart Transportation Systems

21

Fig. 1 Tracking location

context, we study the use of TOPSIS and SAW in order to select the best technology based on predefined criteria. To determine the weight of each criterion, the Analytical Hierarchy Process (AHP) algorithm is used [5]. The different algorithms are simulated and several scenarios are tested to compare the different algorithms. In addition, they are implemented using an IoT device “Arduino Uno R3” to measure CPU consumption time. The rest of the paper is organized as follows. In Sect. 2, we present the general architecture of the IoT LPWAN technologies, and we provide a brief overview of the selected technologies: LoRaWAN, NB-IoT, Sigfox, and Wi-Fi Halow. In addition, we briefly describe the communication mechanism when moving in IoT networks. In Sect. 3, we explain the distribution of AHP weights, the types of applications, and the two MADM algorithms, SAW and TOPSIS. In Sect. 4, we present the results of the simulation and the hardware implementation including the performance and the comparative study of both algorithms. Finally, in Sect. 5, we provide a brief conclusion and discuss the possible perspectives of this work.

2 Technologies Specification Low-Power Wide-Area Networks (LPWAN) are wireless technologies with features such as wide-area coverage, low bandwidth, data packets, and asynchronous communication used for small amount of data and high energy efficiency. Recently, LPWAN is gaining popularity in research communities. It is developed to adapt to IoT applications that only need to transmit small amount of data for a long time. Some of these technologies use the licensed band as NB-IoT and others use the unlicensed band as LoRaWAN. They share the same architecture [8], and each has its own specifications to support wide use of applications. The heterogeneity of LPWAN technologies meets the requirements of the market and applications. In this work, we consider four

22

W. Ayoub et al.

LPWAN technologies: LoRaWAN, Sigfox, Wi-Fi HaLow, and NB-IoT technologies. In this section, we present a general description of the specifications of each of them.

2.1 LoRaWAN LoRaWAN is an open standard architecture developed by LoRa Alliance [9] that provides a medium access control mechanism and allows IoT device to communicate with one or more gateways. LoRa is a physical layer technology that allows longrange wireless communication with low data rate and low power consumption. It works in the unlicensed band and modulates the signals in the sub-GHz ISM band using the expanded spectrum technique. LoRaWAN uses a star network topology. Its architecture contains IoT devices, gateways, network server, and application server. The IoT device sends data using the uplink slot with the Aloha method. Any GW that receives this message will forward it to the network server and an RSSI (received signal strength indicator) value is attached to this message. Then, the NS decides according to the received RSSI which GW is the most appropriate to communicate with the IoT device in the downlink phase. The specifications of this technology are given in Table 1.

2.2 NB-IoT The Narrowband of Internet of Things (NB-IoT) is part of Version 13 of 3GPP (3rd Generation Partnership Project) [10]. It was configured on cellular systems in support of ultra-low complexity and low-throughput Cellular Internet of Things (CIoT). It defines a new radio access technology that can be integrated into the LTE standard or replace GSM. NB-IoT is built from existing LTE functions, but many features have been removed to keep this standard as simple as possible to reduce the cost of the device and minimize battery consumption. This optimization includes the elimination of handover, aggregation of operators, measurements to control channel quality and double connectivity. NB-IoT operates on the same licensed frequencies used by LTE and employs QPSK and BPSK modulations. Nb-IoT uses the same LTE architecture but with some optimization to meet the requirements of massive IoT users. The architecture is based on the Evolved Packet Core (EPC) developed by LTE. The Cellular IoT User Equipment (CLoT UE) is the mobile terminal. Security and authentication were provided as in normal LTE. In NB-IoT, an IoT device is associated and connected to only one GW. In general, an IoT device can move and change its location several times. Thus, every time the connection is lost, it searches for a suitable GW to connect. When the IoT device has data to transmit (uplink), it will search for a cell at an appropriate frequency, read the SIB (system information block) information, and start the random access procedure [4]. The specifications of this technology are summarized in Table 1.

Technology Selection for IoT-Based Smart Transportation Systems Table 1 Standard specifications Protocol Frequency Bandwidth LoRaWAN

sub 1 GHz

Sigfox

sub 1 GHz 2.4 GHz Cellular Band

NB-IoT

Wi-Fi Halow

sub 1 GHz

125–500 KHz 100 Hz 180 KHz

2 MHz

Data rate

Modulation

23

Range Urban

Rural

0.3–50 kpbs LoRa (CSS) 2–5 km

15 km

10 bps–1 kbps 50 kbps (multi) 20 kbps (single) 0.6–8 Mbps

GFSK

3–10 km

up to 40 km

QPSK BPSK

1–2 km

10–15 km

OFDM

100 m

1 km

2.3 Sigfox Following the architecture depicted in Fig. 1, Sigfox is deploying the first global IoT network to listen to billions of objects that transmit data, without the need to establish and maintain network connections [11]. Sigfox offers a software-based communication solution, where the entire network and the complexity of computing are managed in the cloud, rather than on the IoT devices. All of this drastically reduces energy consumption and the costs of connected devices [12]. The Sigfox network architecture is formed of IoT devices, base stations, and a central network. Sigfox was designed with a communication protocol for small messages. The message size ranges from 0 to 12 bytes. A payload of 12 bytes is sufficient to transfer sensor data, the status of an event such as an alert, GPS coordinates, or even application data [11]. The downlink frequency is the same as that used for the first uplink message plus a known delta. The network equipment layer in the Sigfox architecture consists essentially of base stations that are responsible for receiving messages from the devices and transferring them to Sigfox support systems. Therefore, the base stations are connected to the Internet with a single central cloud-based network. This approach avoids transfer procedures to support device mobility. The specifications of this technology are also summarized in Table 1.

2.4 Wi-Fi HaLow The IEEE 802.11ah (Wi-Fi HaLow) [13] defines a physical layer (PHY) based on narrowband Orthogonal Frequency Division Multiplexing (OFDM) modulation and sets several low-speed operation modes (from 150 kbps) to extend the range (up to 1 km outdoors). This standard is optimized to ensure long battery life for batterypowered devices and to serve a large number of IoT devices with a MAC layer that

24

W. Ayoub et al.

promises high scalability, high ecological efficiency, and reliability [14]. Also, this standard defines in the communication the relay mode operation which is a single node or multiple node communication. HaLow intends to extend the set of WiFi standards to the world with constrained and limited resources. This technology operates in the 900 MHz band. This allows the technology to penetrate the walls and other physical barriers, which means a better range than the current 2.4 GHz and 5 GHz Wi-Fi bands. The standard defines the use of this technology in sensors connected in homes, cities, and cars where thousands of battery-powered devices can be connected to a single Wi-Fi access point. The completion of Wi-Fi HaLow is underway with 26 channels around 900 MHz (between 863 and 868 MHz in Europe). The specifications of this technology are given in Table 1.

3 Weight Distribution and Decision Algorithms MADM methods have been widely used in network or technology selection decisionmaking. The selection of the optimal network depends on the network parameters and the type of the application. The decision algorithm provides scores allowing to select the most appropriate network based on the best obtained score. In selection process, the most used MADM methods are Simple Additive Weighting (SAW) and Technique for Order Preference by Similarity to Ideal Solution (TOPSIS). These methods allow analyzing and evaluating different criteria related to the available technologies in order to find the best one before performing the connectivity. In this work, the network decision is made in a heterogeneous environment formed by LoRaWAN, NB-IoT, Sigfox, and Wi-Fi HaLow. To assign weights to the decision criteria, we use in SAW the Analytical Hierarchy Process (AHP). However, in TOPSIS, we use a combination of AHP and the entropy method. Three classes are specified according to the performance of the application type: eco-performance, normal, and high performance. For example, for food transportation it is obvious that temperature, humidity, etc. are not instant messages. They can be sent once per hour. Therefore, they are less sensitive to delay or bandwidth. Therefore, for such messages the IoT device can operate with eco mode. In case of emergency, the IoT device should work in a high-performance mode. The IoT device can operate in normal mode for normal cases.

3.1 Assignment of Weights IoT applications need different requirements. Without loss of generality, we use the following criteria: bit rate, loss, cost, power, available bandwidth, coverage, and SNR as shown in Table 2, where the “Bit Rate” represents the data rate supported by each technology for the communication between ED and GW. As the bit rate increases, the transmission/reception time decreases. The “Loss” parameter represents the average

Technology Selection for IoT-Based Smart Transportation Systems Table 2 Weight distribution Criteria Bit rate Loss Bit rate (kbps) Loss Cost Power Bandwidth available Coverage SNR

25

Cost

Power

Bandwidth Coverage available

SNR

1

1/5

1/6

1/6

1/2

1/2

1/6

5 6 6 2

1 1/3 1/3 1/4

3 1 1 1/3

3 1 1 1/3

4 3 3 1

1 1 1 1/2

1/5 1/5 1/5 1/5

2 6

1 5

1 5

1 5

2 5

1 2

1/2 1

number of packets lost during communication. The “Cost” parameter represents the cost of network implementation which reflects the cost of the service. This value is provided by the operator. The “Power” parameter represents the average power consumption of the ED in the IDLE, Transmit, and Receive states. The “Available Bandwidth” represents the ability of the GW to support received packets. As the number of IoT devices in a region increases, the GW capacity decreases. The “Coverage” parameter represents the area that a GW can support. Finally, the “SNR” represents the signal-to-noise ratio in the area of the IoT device. The importance of each parameter changes depending on the requirements of each application. Most of the existing network selection algorithms have employed Analytic Hierarchy Process (AHP) method for assigning weights to each criterion. Weights are measures of relative importance of criteria. Each type of the three classes has its own weight vector. We construct Pair-Wise Comparison Matrix (PWCM), i.e., perform pair-wise comparison of the criterion at each level. For each pair, within each criterion award a score on a scale between 1 and 9 to the better option, and a reciprocal of this value to the other option in the pair. For eco-performance mode, the priority is power and cost. For normal mode, all parameters are normal. For high-performance mode, the priority is bandwidth. The PWCM for eco mode is shown in Table 2. We check the consistency of a pair-wise comparison by using consistency ratio CR=CI/RI. CI is the consistency index and RI is the random index. If the value of CR is smaller or equal to 0.1, the PWCM is acceptable. In eco mode, the CR = 0.07, the subjective evaluation is consistent. Following the AHP method, once the PWCM matrix is built, it is possible to derive from it the normalized pair-wise comparison matrix by making equal to 1 the sum of the entries on each column. Finally, the criteria weight vector w (that is, a seven-dimensional column vector in our case) is built by averaging the entries on each row.

26

W. Ayoub et al.

3.2 SAW With SAW, the parameters collected from each available technology are normalized and combined with the corresponding sensitivity weights and then added to form the technology score. Thus, the score of each technology is simply the weighted sum of the normalized parameters. The technology having the highest score will be selected.

3.3 TOPSIS TOPSIS is based on the domain relationship represented by the distances between the weights and the ideal solution. Its principle is to choose a solution that is closer to the ideal one and move as far as possible from the worst solution for all criteria. Therefore, the solution chosen by TOPSIS must have the shortest distance from the ideal solution and the longest distance from the worst one. For the application of the TOPSIS method, the criteria weights are calculated using the AHP algorithm. Then, we calculate the entropy weight and combine it with the AHP weight [7].

4 Implementation and Discussion The choice of the technology must be efficient enough to avoid affecting the application requirements. To validate and compare the differences between the two algorithms, we consider that the IoT device is under the coverage of four technologies: LoRaWAN, NB-IoT, Wi-Fi Halow, and Sigfox. The values of the decision criteria are shown in Table 3. SAW and TOPSIS are implemented and the selection for the different classes is simulated using Matlab.

Table 3 Decision criteria Uplink/ Loss (%) downlink rate (kbps)

Cost

Power (mW)

Bandwidth Coverage (%) (km)

SNR

LoRaWAN 50

10

2

50

50

10

0.3

NB-IoT

50

10

10

100

50

10

0.3

Wi-Fi HaLow

200

10

4

200

50

10

0.3

SigFox

0.1/0.002

10

1

5

50

10

0.3

Technology Selection for IoT-Based Smart Transportation Systems

27

4.1 Numerical Results In this section, we study the rank given by SAW and TOPSIS in all types of applications: eco, normal, and high performance. Starting with an IoT device in eco mode, the idea is to select the best technology in terms of power consumption and cost. As shown in Table 4, the TOPSIS and SAW algorithms select Sigfox as the first choice, but with a small difference with LoRaWAN. Now, we consider that the IoT device is in normal mode. Using the same criteria values, all technologies are good but with little preference for Wi-Fi HaLow and LoRaWAN as shown in Table 5. Finally, we consider that the IoT device is in high-performance mode with the same criteria values. As shown in Table 6, the fastest technology is selected and the slowest one is omitted. Wi-Fi HaLow is in the first rank and Sigfox is in the last one. Compared with SAW, one can see that TOPSIS gives an accurate sorting of the technologies to be selected. SAW is ranked first. But the scores of the other technologies are very close.

Table 4 Results in eco mode Technology TOPSIS LoRaWAN NB-IoT Wi-Fi HaLow Sigfox

0.70 0.34 0.41 0.72

Table 5 Results in normal mode Technology TOPSIS LoRaWAN NB-IoT Wi-Fi HaLow Sigfox

0.35 0.27 0.77 0.28

Rank

SAW

Rank

2.00 4.00 3.00 1.00

0.80 0.75 0.79 0.96

2.00 4.00 3.00 1.00

Rank

SAW

Rank

2.00 4.00 1.00 3.00

0.84 0.82 0.92 0.86

3.00 4.00 1.00 2.00

SAW

Rank

0.83 0.82 0.96 0.82

2.00 3.00 1.00 4.00

Table 6 Results in high-performance mode Technology TOPSIS Rank LoRaWAN NB-IoT Wi-Fi HaLow Sigfox

0.27 0.25 0.90 0.13

2.00 3.00 1.00 4.00

28

W. Ayoub et al.

4.2 Hardware Implementation In the previous subsection, the numerical results showed that TOPSIS gives an accurate result compared to SAW. However, TOPSIS is more complex than SAW. In order to perform real-time tests, we used the Arduino Uno R3 board as an IoT device. The Arduino Uno is a microcontroller board based on the ATmega328. The Atmega328 has 32 KB of flash memory to store code. Also, it has 2 KB of SRAM and 1 KB of EEPROM. The board can work with an external source of 6–20 V. Arduino Uno can be programmed with the Arduino software. The ATmega328 of the Arduino Uno is delivered with a bootloader that allows us to load a new code without using an external hardware programmer. Both SAW and TOPSIS were implemented on the Arduino Uno board. We measured the execution time to select the best one. As expected, SAW is faster than TOPSIS. In fact, SAW needed 1.9924 ms to decide and select the best technology, while TOPSIS needed 11.46 ms. Also, we can conclude that TOPSIS can be supported in an IoT device like Arduino Uno.

5 Conclusions In this paper, we investigated the selection of technology in an IoT environment where an IoT device is moving under different technologies. Since many criteria must be taken into account, the selection problem is solved by applying Multi-Attribute Decision-Making (MADM) algorithms, including the TOPSIS and SAW algorithms. Based on different parameters, each algorithm classifies the best technology to be selected. The SAW method was ten times faster than TOPSIS; however, TOPSIS was more accurate and is better than SAW in the classification.

References 1. Evans, D.: The internet of things: how the next evolution of the internet is changing everything. CISCO White Paper, vol. 1 (2011) 2. van der Meulen, R.: Gartner says 6.4 billion connected things will be in use in 2016, up 30 percent from 2015, 10 Nov 2015 3. Ayoub, W., Nouvel, F., Samhat, A.E., Prevotet, J., Mroue, M.: Overview and measurement of mobility in DASH7. In: 2018 25th International Conference on Telecommunications (ICT), pp. 532–536, June 2018. https://doi.org/10.1109/ICT.2018.8464846 4. Ayoub, W., Samhat, A.E., Nouvel, F., Mroue, M., Prévotet, J.: Internet of mobile things: overview of LoRaWAN, DASH7, and NB-IoT in LPWANs standards and supported mobility. IEEE Commun. Surv. Tutor. 21(2), 1561–1581 (Secondquarter 2019). https://doi.org/10.1109/ COMST.2018.2877382 5. Mansouri, M., Leghris, C.: The use of MADM methods in the vertical handover decision making context. In: 2017 International Conference on Wireless Networks and Mobile Communications (WINCOM), pp. 1–6, Nov 2017. https://doi.org/10.1109/WINCOM.2017.8238169

Technology Selection for IoT-Based Smart Transportation Systems

29

6. Yu, H., Ma, Y., Yu, J.: Network selection algorithm for multiservice multimode terminals in heterogeneous wireless networks. IEEE Access 7, 46240–46260 (2019). https://doi.org/10. 1109/ACCESS.2019.2908764 7. Alhabo, M., Zhang, L.: Multi-criteria handover using modified weighted topsis methods for heterogeneous networks. IEEE Access 6, 40547–40558 (2018). https://doi.org/10.1109/ACCESS. 2018.2846045 8. Ayoub, W., Mroue, M., Nouvel, F., Samhat, A.E., Prévotet, J.: Towards IP over LPWANS technologies: LoRaWAN, DASH7, NB-IoT. In: 2018 Sixth International Conference on Digital Information, Networking, and Wireless Communications (DINWC), pp. 43–47, Apr 2018. https://doi.org/10.1109/DINWC.2018.8356993 9. Lora alliance. https://www.lora-alliance.org/. Accessed 06 Oct 2018 10. 3rd Generation Partnership Project (3gpp): Cellular system support for ultra-low complexity and low throughput Internet of Things (CIoT) (Release 13), 2015 edn. http://www.3gpp.org/ ftp/Specs/archive/45_series/45.820/ 11. Lavric, A., Petrariu, A.I., Popa, V.: Long range sigfox communication protocol scalability analysis under large-scale, high-density conditions. IEEE Access 7, 35816–35825 (2019). https://doi.org/10.1109/ACCESS.2019.2903157 12. Mroue, H., Nasser, A., Hamrioui, S., Parrein, B., Motta-Cruz, E., Rouyer, G.: MAC layerbased evaluation of IoT technologies: LoRa, Sigfox and NB-IoT. In: 2018 IEEE Middle East and North Africa Communications Conference (MENACOMM), pp. 1–5, Apr 2018. https:// doi.org/10.1109/MENACOMM.2018.8371016 13. Khan, S., Zeeshan, M.: Performance and throughput analysis of IEEE 802.11ah for multiband multimode operation. In: 2018 21st International Symposium on Wireless Personal Multimedia Communications (WPMC), pp. 150–155, Nov 2018. https://doi.org/10.1109/WPMC.2018. 8712956 14. WiFi-Alliance: Next generation Wi-Fi: the future of connectivity, Wi-Fi evolves, maintains core strengths for next generation use cases, Dec 2018

Performance Evaluation of Speed Platoon Splitting Algorithm Rami Khoder, Rola Naja, and Samir Tohme

Abstract Platooning of vehicles enhances traffic flow performance in transportation systems. Platoon is defined as a group of vehicles standing one behind another, moving in a line by keeping a very short vehicular gap. Many strategies for platoon formation have been proposed in the literature. These strategies aim to control platoon stability and platoon lifetime. Nevertheless, literature algorithms did not take into account the vehicular congestion problem and platoon velocity. Therefore, we propose a new algorithm, called speed platoon splitting (SPS) that targets alleviating congestion by using a ticket pool and classifies platoons according to the velocity using two different lanes. Performance analysis displays that SPS achieves platoon stability and reduces highway congestion. Keywords Platoon formation · Intelligent transportation system · Traffic regulation · Speed platoon splitting (SPS)

1 Introduction Autonomous platoon control is a promising automatic driving experience that frees drivers from stress and offers a comfortable vehicle trip. Vehicle platooning is a technique that organizes vehicles into groups called platoons or convoys. Grouping vehicles into a platoon improves the traffic efficiency, roads capacity, and the safety of vehicles. At the same time, it reduces energy, traffic congestion, and avoids driver errors [1]. Moreover, platooning allows vehicles to efficiently transmit and share information with each other; this issue will improve network scalability. Vehicle systems fall into three categories: driver support systems (DSS), adaptive cruise control (ACC), cooperative adaptive cruise control (CACC). With DSS, the on-board systems assist the driver on the road through the use of the most advanced R. Khoder (B) · R. Naja Doctoral School of Science and Technology, Lebanese University, Hadath, Lebanon e-mail: [email protected] R. Khoder · S. Tohme Li-Parad Laboratory, Versailles Saint Quentin University, Versailles, France © Springer Nature Singapore Pte Ltd. 2020 A. Laouiti et al. (eds.), Vehicular Ad-hoc Networks for Smart Cities, Advances in Intelligent Systems and Computing 1144, https://doi.org/10.1007/978-981-15-3750-9_3

31

32

R. Khoder et al.

information and communication technologies. ACC [2] helps the driver by using the preceding vehicles’ information. Once the preceding vehicle is detected, the ACC system adjusts the vehicle’s speed in order to get fixed time-gap without driver intervention. The usage of the information from the preceding vehicle and the leader system is only able to detect vehicles in the line of sight (LOS), so the ACC system is not able to measure the distance and the speed of vehicle delivery in front of the immediately preceding vehicle, behind the vehicle, and vehicles in a different lane. CACC [3] improves the ACC capabilities and allows cooperation between vehicles through wireless communication, new control logic, and GPS. CACC is considered the most recommendable system since it ensures road safety and information efficiency, which is the most critical issue in the area of the vehicular system. Every platoon has a leader which is responsible for controlling vehicles in the convoy. In addition, this leader controls the entire platoon movement and ensures the required actions, speed, and movement directions. The chosen leader should ensure the stability and scalability of all vehicles in the platoon. Moreover, the leader should not leave the platoon until all vehicles reach their destinations [4]. Many vehicle platoon algorithms have been proposed in the literature. SARTRE [5] provides mixed platoons carrying heavy vehicles and passenger cars. SARTRE’s vision is to develop and deploy solutions that enable vehicles to travel in a group on public roads without changing infrastructure, such as reserved lanes. It describes a platoon as a group headed by a vehicle: Cars can dynamically join or leave the platoon. Full control is given to the heavy vehicle that is the platoon leader. It is noted that there is a need for a backup vehicle or backup technology in urgent cases. The Path strategy [6] is proposed to increase highway capacity and improve transport demand with a minimum infrastructure construction. Path suggests leaving a gap between platoons; this technique guarantees safety and road capacity but ignores vehicles’ speed. In [7], the authors proposed the destination group (DG) algorithm which involves a set of adjacent output ramps. In fact, each lane is adapted to a specific destination group. As soon as a vehicle arrives at the entrance ramp, it is assigned to the suitable path, depending on the vehicle’s destination. When the ramp reaches a specific number of vehicles, it is cleared. Then vehicles in a lane enter highway as one unit called platoon. The platoon remains intact until the first exit of the target group. This approach produces a lower average number of platoons, variations in size, and very long delays between lanes. It is noteworthy that in order to adopt the DG’s strategy, road designers should leave a space that would accommodate several lanes. With dynamic grouping (DYG) [7], destination groups are no longer assigned to a particular lane of the entrance ramp. The range of vehicles destinations in a platoon is constrained to a maximum called the destination range. This destination range is the difference in the index between the nearest and the farthest destination; overall vehicles destination in a platoon should be less or equal to the destination range. In the case where no free lanes are available, the longest waiting time platoon is released. A new arriving vehicle uses the free lane to start a new platoon. Smaller destination range creates a platoon of vehicles with similar destinations and allows the platoon to drive farther without splitting. Smaller destination range makes it difficult to cover

Performance Evaluation of Speed Platoon Splitting Algorithm

33

all destinations if the number of lanes is limited. Compared to the DG strategy, an improvement in the average platoon size is noticed. With DG and DYG algorithms, platoons split up just before the first exit of their target group. After the splitting, the vehicle travels individually. Dynamic grouping and platoon division (DGPS) [7] differs from DYG and DG in that it allows a platoon to keep driving after the vehicles have left the platoon. To accomplish this, vehicles are classified by platoon, depending on their destination, with the leading vehicle having the furthest destination. This strategy is the most appropriate in comparison with the DG and the DYG since it takes into account the lifetime of the platoon. With random assignment [8] strategy, every time a vehicle enters a point of entry, it will move directly into the road and communicate with all the other platoons that exist on the road. The vehicle selects the platoon within communication range. The platoon assignment is executed and determines which vehicle is going to be used by each platoon based on the information sharing between the platoons and the vehicle in the communication unit. The random assignment strategy is considered a realistic strategy, simply because there is no waiting in the entrance ramp. However, the problem with this approach is when there is no platoon within communication range. Table 1 compares the different platoon formation strategies according to three criteria: vehicular congestion solution, velocity, and destination. We concur with the algorithm that solves road vehicle congestion. In addition, it is crucial to investigate the speed of platoons. In addition, the destination of each vehicle should be taken into consideration where vehicles should be sorted according to their destination. On the other hand, platoon formation algorithms neglect the congestion that occurs when vehicular density exceeds highway capacity. This paper develops and evaluates a new platoon formation algorithm called speed platoon splitting (SPS) for organizing vehicles into platoons at highway entrances. SPS contribution is threefold. SPS maximizes platoon lifetime by choosing the leader vehicle that has the farthest destination and last vehicle have the nearest destination, it regulates vehicular flow by controlling inter-platoon spacing through the ticket pool mechanism that regularly generates admission tickets and it considers two types of lanes according to the chosen velocity: high-speed platoon and low-speed platoon. This velocity classification helps to better satisfy the driver’s requirements in terms of speed. Table 1 Platoon formation strategies Algorithm

Vehicular density solved

Velocity

Destination

SARTER

×

Leader velocity or lowest velocity (Lv)

×

PATH

×

Lv

×

DG

×

Lv

✓

DYG

×

Lv

✓

DGPS

×

Lv

✓

34

R. Khoder et al.

This paper is organized as follows: Sect. 2 presents the proposed algorithm “Speed Platoon Splitting.” In Sect. 3, we illustrate the scenario evaluation. Section 4 evaluates the performance results and the analysis before concluding the paper.

2 Proposed Algorithm The proposed platoon formation algorithm, SPS, takes into account two important parameters: velocity and traffic congestion that will be described in the following subsections.

2.1 Velocity Vehicles have different speeds on a highway: some vehicles move at a high speed and others at a low speed. Platoon constrains high-speed vehicles to slow down to the velocity of the head. Conversely, vehicles with low speed will be obligated to speed up in order to stay in a platoon having a head moving at a high speed. Therefore, the SPS algorithm takes the velocity into account: Vehicles are separated into two different lanes according to their velocities.

2.2 Traffic Congestion Platoon formation algorithms in the literature do not take vehicular density and congestion into consideration. Indeed, traffic congestion occurs when vehicular density exceeds highway capacity. Traffic congestion has a number of negative effects, waste a lot of time for motorists and passengers, a nonproductive activity for most people, congestion reduces regional economic health, blocked traffic may interfere with the passage of emergency vehicles traveling to their destinations where they are urgently needed and we can have a higher chance of collisions due to tight spacing and constant stopping-and-going. To avoid these negative effects, we apply an algorithm that limits the number of vehicles on the highway. In our new algorithm (see Fig. 1), we consider that each highway entrance is equipped with a ticket pool that controls the volume of vehicle traffic entering the road by applying the preventive congestion control [9]. The congestion control mechanism consists of two waiting queues with finite capacities K1 and K2 that accommodate vehicles with high velocity and low velocity, respectively. Vehicles arriving in a bursty pattern are first queued in the corresponding waiting queue.

Performance Evaluation of Speed Platoon Splitting Algorithm

35

Fig. 1 Flowchart of SPS algorithm for vehicles at the entrance ramp

At highway entrance, the ticket pool has finite capacity B where tickets are generated with a rate R (at each ticket generation time T = 1/R) and stored in the pool. Each platoon should acquire a ticket to be accepted on the highway, and the ticket following acceptance is removed from the ticket pool. Ticket pool controls vehicle traffic and prevents congestion.

2.3 SPS Algorithm Description Vehicles on the entrance ramp are divided into two lanes: one lane for low-speed vehicles and the other for high-speed vehicles that allow the vehicle to choose the appropriate speed. Each lane is controlled by a scheduler that indicates how long it takes for a platoon to get to the highway. The high-speed vehicle pool has a BH (resp. BL) capacity and generates RH (resp. RL) tickets per second to control the generation of platoons on the highway. On each lane, the vehicles on the access ramp are classified so that the lead vehicle has the furthest destination and so on to ensure the stability of the platoon. When a group of vehicles (8 or fewer vehicles) purchase a ticket, they go on the highway. The flowchart of the SPS algorithm can be shown in Fig. 2.

36

R. Khoder et al.

Vehicles at entrance ramp

Go to the highway

Speed> threshold Yes

High speed lane

Yes

No

SorƟng according to desƟnaƟon

No Low speed lane

SorƟng according to desƟnaƟon

Is there available Ɵcket

Platoon at the entrance ramp

Fig. 2 Flowchart of SPS algorithm for vehicles at the entrance ramp

3 Performance Evaluation of SPS Algorithm In this section, we evaluate the performance of speed platoon splitting algorithm detailed in the previous section. We start by highlighting the simulation scenario and simulation parameters. Afterwards, we exhibit performance results and provide a performance analysis.

3.1 Simulation Our architecture is composed of two lanes: one for high-speed vehicles and the other for low speed. In each lane, platoons of vehicles with same speed circulate. The entire platoon moves depending on the Krauß model. Krauß is a car-following model that can effectively describe the strong interaction among adjacent vehicles with close spacing. The general diagram of a car following model is illustrated in (see Fig. 3).

Fig. 3 General scheme of car-following model

Performance Evaluation of Speed Platoon Splitting Algorithm

37

At the end of the entrance ramp, there is a ticket pool: The platoon leader must acquire a ticket to move to the highway. At the end of the highway vehicles in each lane must circulate to cross one of the exits.

3.2 Simulation Parameters Different parameters are taken into account: Speed of each lane, arrival rate and the size, and the rate of the ticket pool which controls the generation of the platoon. The high-speed lane will vary between 80 and 100 km/h and the low-speed lane will range between 40 and 60 km/h. The vehicle arrival according to Poisson process with mean intensity λ varies between (200 and 2000 veh/h). The ticket pool size B located between the entrance ramp and the highway where every pool has a specified generation rate of tickets R. The maximum platoon length is 8 vehicles per platoon. We can demonstrate that our algorithm limits the number of a platoon on the highway to B in an interval of time t to R × t + B such that R × t + B ≤ l × L high /L car + SD

(1)

where T is the period of time, R the rate of the ticket generation pool, the number of lanes l, L high the length of the highway, L car the length of the car, and SD the minimum safety distance.

3.3 Performance Parameters In order to evaluate our algorithm, we computed the following performance parameters for SPS algorithm: • Platoon lifetime: it measures the time elapsed before splits. • Number of platoons: it computes the number of platoons on the highway. • Platoon communication percentage loss is the ratio between T1 the lifetime of the leader vehicle staying alone out of the platoon until it reaches its destination over T the lifetime of the platoon exists. When congestion occurs, T1 increases thus the platoon communication percentage loss increases. • Distance between platoons: It describes the distance between two platoons. This distance decreases in case of congestion and increases when the congestion is alleviated. • Trip time: It computes the time needed for a vehicle before leaving the platoon and reaching its destination. • Waiting time at the entrance ramp: It is equal to the time that a vehicle waits in the platoon before entering the highway.

38

R. Khoder et al.

Fig. 4 Number of platoons for SPS

3.4 Performance Results and Analysis This section exhibits the performance results of the platoon formation algorithm. We start by evaluating the SPS algorithm with different speeds and the number of platoons on the highway. Afterwards, we shed light on the performance study of SPS and DGPS. The DGPS was chosen because our algorithm is based on it, where the leader has the farthest destination. Figure 4 depicts the average number of platoons in function of flow rate for vehicles driving at high speed and for those driving at low speed. We notice that when the flow rate increases, the number of platoons increases. Indeed, when the flow rate increases, the number of vehicles on the highway increases. Therefore, the number of platoons increases. We suppose that the time needed for the generation of the ticket at high speed is less than at low speed. Therefore, there are more platoons with high speed than those of low speed. Figure 5 illustrates the loss percentage in function of flow rate for DGPS and for SPS algorithms with different velocities. We notice that when the flow rate increases, the loss percentage increases. That is, when the number of vehicles increases on the highway, the time that the vehicle stays alone increases as the congestion increases. For a constant flow rate, we notice that the loss percentage for DGPS is higher than that of SPS. That is simply because with SPS algorithm, there is less congestion than at DGPS algorithm: in fact, with SPS algorithm, there is a ticket pool which

Performance Evaluation of Speed Platoon Splitting Algorithm

39

Fig. 5 Platoon communication percentage loss

alleviates congestion. As the congestion is alleviated, the time needed for a vehicle to stay alone is reduced; therefore, the loss percentage is reduced. Figure 6 depicts the distance between platoons in function of flow rate for DGPS and SPS algorithms.

Fig. 6 Distance between platoons for SPS and DGPS

40

R. Khoder et al.

Fig. 7 The platoon lifetime for SPS and DGPS

We notice that the distance between platoons decreases when the flow rate increases. This is due to the congestion that occurs with high rate. For a constant flow rate, we notice that the distance between platoons is lower when there is congestion. That justifies that this distance is higher for SPS algorithm than that of DGPS algorithm. Figure 7 spots the platoon lifetime in function of flow rate for DGPS and SPS algorithms. We notice that the platoon life increases when the flow rate increases. That is, the platoon takes more time staying intact when the congestion increases. For a constant flow rate, the platoon lifetime is lower for the algorithm that alleviates congestion. This justifies that platoon lifetime is lower for SPS algorithm. Figure 8 illustrates the trip time of the vehicle in the platoon in function of flow rate for DGPS and SPS algorithms. We notice that the trip time of the vehicle in the platoon increases when the flow rate increases. That is, the vehicle takes more time staying in the platoon when the congestion increases. For a constant flow rate, the trip time is lower for the algorithm that alleviates congestion. That is, the trip time is lower for SPS algorithm. Figure 9 depicts the waiting time in the entrance ramp in function of flow rate for DGPS and SPS algorithms. We notice that when the flow rate increases, the congestion increases: the platoon is completed more quickly, and the waiting time decreases. For a constant flow rate, vehicles with SPS algorithm wait for a ticket to be moved to the highway. Therefore, the waiting time is higher than that of the DGPS algorithm.

Performance Evaluation of Speed Platoon Splitting Algorithm

Fig. 8 Trip time for SPS and DGPS

Fig. 9 Waiting time for SPS and DGPS

41

42

R. Khoder et al.

4 Conclusion Platooning is a new concept that enables vehicles to be grouped together so that they exchange road safety messages. Platooning of vehicles helps in improving traffic flow performances in transportation systems. The main idea is that the throughput of vehicles on freeways may potentially increase by forming vehicle platoons with small intervehicle spacings, which allows more vehicles to fit on a road segment. This paper proposes an innovative platoon formation algorithm SPS that considers vehicular congestion and vehicles velocity. At the entrance ramp, SPS adopts a ticket pool mechanism that achieves vehicular flow regulation. After evaluating the performance of the SPS algorithm, we notice that SPS saves up drivers’ time, therefore it may overcome DGPS and other strategies proposed in the literature. Moreover, SPS decreases communication loss percentage of vehicles, the platoon lifetime, and the vehicle lifetime in the platoon. Acknowledgements This project was funded by the Lebanese University research grant and by the AUF PSCI project.

References 1. Hall, R., Chin, C.: Vehicle sorting for platoon formation: Impacts on highway entry and throughput. Transp. Res. Part C Emerg. Technol. 13(5–6), 405–420 (2005) 2. Hosseinnia, S.H., Tejado, I., Milanés, V., Villagrá, J., Vinagre, B.M.: Experimental application of hybrid fractional-order adaptive cruise control at low speed. IEEE Trans. Control Syst. Technol. 22(6), 2329–2336 (2014) 3. Ploeg, J., Semsar-kazerooni, E., Lijster, G., Van De Wouw, N., Nijmeijer, H.: Cruise control : cruise control cruise control 16(1), 488–497 (2015) 4. Su, D., Ahn, S.: In-vehicle sensor-assisted platoon formation by utilizing vehicular communications. Int. J. Distrib. Sens. Netw. 13(7) (2017) 5. Räisänen, C.: Chalmers publication library. Int. J. Oper. Prod. Manag. 27(1), 90–107 (2007) 6. Carbaugh, J., Godbole, D.N., Sengupta, R.: Safety and capacity analysis of automated and manual highway systems. Transp. Res. Part C Emerg. Technol. 6C(1–2), 69–99 (1998) 7. Hobert, L.H.X.: A study on platoon formations and reliable communication in vehicle platoons (2012) 8. Dao, T.S., Huissoon, J.P., Clark, C.M.: A strategy for optimisation of cooperative platoon formation. Int. J. Veh. Inf. Commun. Syst. 3(1), 28 (2013) 9. Naja, R., Matta, R.: Fuzzy logic ticket rate predictor for congestion control in vehicular networks. Wireless Pers. Commun. 79(3), 1837–1858 (2014)

New Technologies for Vehicular Networks

AVEC: A Statistical Framework for Adaptive Vehicular Edge Data Cleaning Mohamed Ben Brahim and Hamid Menouar

Abstract In Vehicle-to-Vehicle and Vehicle-to-Infrastructure (V2X) communication, a large amount of data and information is transmitted over the air by the vehicles. If this data is captured, e.g., by a network of roadside units (RSUs) deployed at strategic locations, cleaned and processed, it may generate an interesting value. The process of cleaning the data involves the removal of data duplicates, as two or more RSUs may capture the same information from the same vehicle. Indeed, a vehicle can be located inside the communication range of multiple RSUs at the same time. The data cleaning process can be achieved through a centralized platform in the backend, where all the deployed RSUs connect and upload their collected data. To avoid overloading the backend, we propose to involve the RSUs in the cleaning process. Ideally, the RSU should be able to detect if any received information from a passing vehicle has not been also received by another nearby RSU. To achieve that, we use an adaptive probability-based splitting of the sensing range. Such a continuous process allows each RSU to adjust the probability distribution of the communication reliability after a sensing time window and to check parameters of neighbor nodes. Simulation results show the efficiency of our solution and demonstrate its ability to adapt with the network dynamicity, by adjusting the algorithm parameters, until reaching a good level of data cleaning compared to static and random approaches. Keywords Adaptive data cleaning · Data filtering · Vehicular edge computing · Probability

M. Ben Brahim (B) · H. Menouar Qatar Mobility Innovations Center (QMIC), Qatar University, Doha, Qatar e-mail: [email protected] H. Menouar e-mail: [email protected] © Springer Nature Singapore Pte Ltd. 2020 A. Laouiti et al. (eds.), Vehicular Ad-hoc Networks for Smart Cities, Advances in Intelligent Systems and Computing 1144, https://doi.org/10.1007/978-981-15-3750-9_4

45

46

M. Ben Brahim and H. Menouar

1 Introduction Intelligent Transport Systems (ITSs) are steering the evolution of our future mobility. People and goods carriers are tending to be smarter. The ultimate goal of these changes is mainly to increase safety of commuters on road and to enhance the traffic efficiency. Vehicular ad hoc networks (VANETs) are standing as a main component in realizing such ITS. Indeed, vehicles are equipped with computational and wireless communication capabilities referred to as OBU, along with a set of multipurpose embedded sensors to get different parameters describing the vehicle state at every instant. Vehicles are able to mutually exchange messages. We refer to that as Vehicle-to-Vehicle (V2V) communication. The main goal of V2V communication is to increase the awareness of neighbor vehicles of their surrounding environment in order to predict and mitigate potentially hazardous situations. A second type of communication is called Vehicle-to-Roadside (V2R) [1]. Usually, this kind of communication is dedicated either to disseminate traffic-related information in the network from authenticated third-party agents or to collect data from vehicles during their journeys. As vehicles are moving, they are continuously broadcasting motion-driven and event-triggered messages. Some of this data might be of particular interest for mobility service providers. Hence, data is collected by nearby RSUs and pushed toward the cloud platforms for processing. The main issue here is the interference between the sensing ranges of RSUs. It leads to redundant data being captured and stored multiple times in the central platforms and creates a processing bottleneck in the processing stream in order to filter them out, especially as the network is scaling up. Vehicular Edge Computing (VEC) is a new paradigm enabling to offload computing tasks from the cloud to the proximity of the network nodes [2]. This is important because it allows the network to catch up with the increasing rate of generated data by every single node in the network, reduces latency, and enables a local decisionmaking by the network nodes. The benefits of using edge-based computing in vehicular networks are multiple compared to centralized cloud-based deployment. These advantages span over different features such as mobility support, decision-making, storage capacity, context awareness, and others. In particular, VEC is helpful to alleviate the data cleaning process in the cloudbased central platforms through a total or partial offload of some job tasks to the network edge or the upstream of the data pipeline as earlier discussed in [3]. In this context, an edge server deployed in the proximity of a group of RSUs having sensing ranges interference could be a reasonable option for fast information mutual exchange. The data exchange using an edge server benefits from locality property; only data exchanged in the proximity of the RSUs are processed in the dedicated edge server and resulting information is quickly made available to interested nodes. These nodes are usually RSUs which push their own computed data toward a dynamic radio coverage map and subscribe to receive notification of any updated neighbor state. In our context, the radio map is considered as a split communication disk into radial and angular sectors. Every single sector is characterized by a probability of message

AVEC: A Statistical Framework for Adaptive Vehicular Edge Data Cleaning

47

capturing. The decomposition of sensing disk into sectors is a continuous process leading to re-assess the sectors’ dimensions and associated sensing probabilities. We seek through the proposed approach to create a trade-off between the data cleanliness and rapidity of computing to avoid queues building up. Fully random and static approaches will be assessed and used to evaluate the proposed approach. The remainder of this paper is organized as follows: Sect. 2 will review the state of the art and existing related work in the literature. Section 3 will present the system model. Section 4 is devoted to illustrate the adaptive data cleaning algorithm in the network edge. Section 5 will discuss some performance metrics of the proposed approach compared to static and fully random approaches. The paper is concluded in Sect. 6.

2 Related Work The Cyber-Physical Systems (CPSs) are empowering the establishment of future smart cities. Indeed, they cross the borders between physical and computational domains creating a better awareness of the surrounding environment beyond the visual domain. The evolution of sensing, computing, and networking technologies allows the CPSs to ever increase the data generation causing a deluge of data that need to be managed to serve different business and social applications and services. In ITS, vehicles equipped with communication capabilities are able to measure and share in near-real-time traffic-related data. Similarly to other CPSs, raw data streams generated by mobile road stations might contain faulty values, redundant measurements captured by multiple roadside units (RSUs), and structured or semi-structured data. These issues have a direct impact on the efficiency of the system as they might falsify the computing of some metrics or creating computing bottlenecks in the cloud computing platform. Hence, different techniques have been emphasized in the industrial and research communities to mitigate the negative implications of such dirty data. Zaho et al. [4] investigate the big data challenges resulting from urban mobility as it becomes more available. The raw urban mobility data is usually prone to inaccurate measurements due to physical or computational factors. Hence, a cleaning and preprocessing phase is usually adopted in the urban human mobility data mining pipeline through noise filtering, map matching, and/or road matching techniques. Shiyale and Saraf [5] investigate the dirty data cleaning in mobile wireless sensor network to enhance the overall network lifetime. The used technique is in-network and consists of enhancing the data throughput through embedded data re-transmission and leveraging spatiotemporal consistency to clean dirty data and detect outliers. Javed and Wolf [6] present a generic method using spatial and temporal characteristics to derive statistical models of continuous monitored phenomena. These models are exploited to find out defective sensor reports. In [7], authors present a role-differentiated cooperative algorithm R D 4 to detect and filter deceptive data. Deceptive data is defined to be either false data resulting from wrong readings or redundant data which is not necessarily the same duplicated message, but messages showing similar information. In

48

M. Ben Brahim and H. Menouar

this work, authors were more biased to focus on detecting false data rather than mitigating redundant data. Another interesting approach known as MDI-SMURF was presented in [8]. It proposes a metaphysical data independence layer to uncouple low-level generated data from end-user applications with a declarative and adaptive smoothing filter to clean Radio Frequency Identification (RFID) data streams. The dynamic smoothing window adjustment is based on techniques of sampling theory. In a nutshell, different techniques have been developed to deal with data cleaning and filtering in different sensor-based systems. To the best of our knowledge, there is no proposed edge-based solution dedicated to mitigate duplication of captured messages by RSUs in vehicular network. A shadowed research spot we are trying to shed some light on it in this paper.

3 System Model OBUs and RSUs are using Dedicated Short-Range Communication (DSRC) as underlying communication technology [1]. In this context, vehicles are expected to continuously broadcast messages describing the node motion and static attributes. Messages could be Cooperative Awareness Message (CAM) [9] as specified by ETSI ITS standard or Basic Safety Message (BSM) [10] as in WAVE/DSRC.

3.1 Mobility Pattern and Street Layout Mobile nodes in the network are driving through a regular traffic grid network. Their motion is characterized with variable speed v ∈ [0, Vmax ]. The street junctions are controlled with traffic lights to control access priorities. An engaged vehicle has no way to deviate from its current road segment until it reaches the next road junction, where it can continue driving straight, makes right or left turn, or makes a u-turn. Vertical and horizontal road segments have similar shapes with lengths L V and L H , respectively. Driving is allowed in both ways in all road segments of the network as shown in Fig. 1.

3.2 Spatial Distribution of RSUs and Sensing Ranges RSUs are deployed across the network according to a predefined strategy defined by the operator such as the one described in a previous work [11]. The key point of the resulting deployment is that eventual overlapping in the sensing ranges of the distributed RSUs might exist. Ideally, the infrastructure node’s coverage is a perfect disk of radius R with sensing reliability decreasing with the communication distance in the absence of obstacles. The communication reliability could be modeled

AVEC: A Statistical Framework for Adaptive Vehicular Edge Data Cleaning

49

Fig. 1 RSUs use statistics of communication reliability to split their sensing ranges into sectors associated with probability of data delivery

with the probability distribution of the statistical average packet delivery ratio as function of the distance between the transmitter and the receiver nodes. In the real life, the environment surrounding the RSU is often not uniform across different sides. Different road shapes and static or mobile obstacles might compromise the wireless signal and cause packet loss. Hence, the maximum sensing range Ri of the ith side and communication reliability distribution differ from the sensing range R j and its corresponding reliability distribution. We count the number of angular disk slices per single RSU as N and every sub-slice along the radial dimension, called sector, is denoted as Snm , where n ∈ [1, N ] and m ∈ [1, M].

4 Adaptive Vehicular Edge Data Cleaning The high cost of dirty raw data in the cloud management platform encourages the offload of preprocessing tasks such as data cleaning to earlier phases in the data pipeline. Indeed, the primary limiting factor for using a deterministic approach to decide on the data cleaning is the unreliability of the wireless communication. For network edge computing, it is obvious that maintaining a cache of received messages and performing an exchange of caches’ images to decide on which message to discard is a costly approach with regard to overall delay and communication overhead especially in dense deployments. The previous factors allow to rethink the cleaning process for a broad set of applications that tolerate certain level of packet loss, which is an inherent property of the wireless network itself, in the advantage to collect a fast and cleaner traffic data from the physical environment. As edge computing is not necessarily an extremely powerful computing platform compared to the cloud, the data cleaning process should be designed in such a soft and distributed way that fulfills the application requirements in terms of data cleanliness and freshness. These requirements lead to propose AVEC as an adaptive cleaning process executed in the network edge.

50

M. Ben Brahim and H. Menouar

The key insight of AVEC is that only neighbor RSUs having interfering sensing ranges have to concern about data redundancy mitigation as farther RSUs have no risk to encounter this issue. Every RSU has to subscribe to an edge server which is acting as a broker serving a group of RSUs having conflict zones as shown in Fig. 2. In the course of the time, every RSU maintains a continuous sensing window to infer the statistical model of the reliability of communication around and to split the sensing ranges accordingly. The continuous nature of the sensing window enables it to be responsive to the environmental changes. In fact, AVEC proceeds by splitting the continuous time into alternative periods of sensing/learning and exploiting the built model of sensing range. During learning period, it computes the probability distribution descriptor P and shares it with other neighboring RSUs having potential sensing range interference along with. The temporal sensing window needs to be short enough to catch up with the network dynamics and environmental change, but also long enough to be able to infer a representative statistical probability estimation of the network reliability of a given sector. In the proposed approach, we assume that N is environment dependent and is set by the operator. It takes into consideration the traffic network layouts and the deployment location of the RSU, as well as surrounding static objects such as buildings and trees. For instance, an RSU deployed on the roadside is likely to have N = 2; however, another RSU located in an intersection is more likely to get N = 4. The parameter M is repeatedly computed based on the network performance and communication reliability. Fig. 2 RSUs use a network edge server to share their radio map information through publish/subscribe approach and a vehicular cloud platform to push data for storage and processing

AVEC: A Statistical Framework for Adaptive Vehicular Edge Data Cleaning

51

Recall that our goal is not to reach a 100% of redundancy elimination and 0% of packet loss. Our intention is rather to bring closer to zero duplicated data capturing and minimize the packet loss due to very conservative decision by the receiving nodes. Algorithm 4.1 AVEC algorithm 1: Pthresh ← 0.3 {set a probability thresh used for random decision} 2: if time == n ∗ W then RX 3: Pimj ← T X ii jj {compute statistics of node m sectors} 4: Publish P m 5: Receive P k , k = m 6: end if 7: for msg ∈ R X do 8: if P m (msg) < Pthresh & P k (msg) < Pthresh then 9: Report msg with probability p {decide randomly whether to report or delete msg} 10: end if 11: if P m (msg) > P k (msg) then 12: Report msg by node(m) 13: else 14: if P m (msg) == P k (msg) & m > k then 15: Report msg by node(m) 16: end if 17: end if 18: end for

As it can be seen in Fig. 3, depending on the location of the transmitter mobile node (i.e., vehicle), the received message will be associated with a given probability-based weight. Locally, RSU node will decide on the eligibility of the message to be collected or discarded. For example, message transmitted by vehicle V 1 will be received only by RSU -02 with high probability. Hence, no special treatment is expected, but to save the message. However, message fired by V 2 is likely to be received by RSU -02 with a probability P2 [2] = 0.6 and by RSU -01 with a probability of P1 [4] = 0.2. According to AVEC, RSU -02 will save its copy of the message and RSU -01 will discard its received message. Coming now to V 3, the received messages in both RSUs

Fig. 3 RSUs use statistics of communication reliability to split their sensing ranges into sectors associated with probability of data delivery. Received messages from a given sensing area are assessed against other interfering RSUs using AVEC algorithm to decide the right action

52

M. Ben Brahim and H. Menouar

will have the same probability. Thus, the RSU with higher ID value is prioritized. The other will just ignore the message. The last case in this illustration is for V 4. Although it looks similar to previous case with equally associated probabilities, the treatment is different because of the low probability of reception in both receiving nodes. For this very specific case, AVEC allows every receiving node to make an independent random decision on whether the packet should be discarded or saved. AVEC aims through this specific treatment to give more chance to collect a copy of transmitted packet from poorly reliable areas. The saved copies could be marked to be considered for upper level cleaning process. It is important to mention that the publishing of the packet delivery ratios, at the end of every time window W , is ensured using the cellular- or fiber-based network infrastructure which is not inducing any extra wireless overhead in the V2X radio environment.

5 Performance Evaluation This section describes the simulation environment and discusses the performance results of the proposed algorithms.

5.1 Simulation Setup A grid urban traffic area is considered with some distributed buildings within the network to render the environment asymmetric. The traffic network is controlled with traffic light signals. Five RSUs have been considered in locations/junctions (300, 300), (900, 300), (600, 600), (300, 900), and (900, 900), respectively, where the red blocks represent the buildings that play the role of static obstacles as shown in Fig. 4. The mobility traces have been generated using the Simulator of Urban

Fig. 4 The simulated traffic grid and the RSUs distribution. The red blocks represent the buildings acting as static obstacles of the wireless signal propagation. The white blocks are free space areas

AVEC: A Statistical Framework for Adaptive Vehicular Edge Data Cleaning Table 1 Simulation parameters Parameter Number of vehicles Number of RSUs Traffic grid size Simulation time Beacon’s frequency Vmax Lv, Lh Pthresh W

53

Value/description 100, 200, …, 800 5 1.2 km × 1.2 km 500 s 4 Hz 60 km/h 300 m 0.3 10 s

Mobility (SUMO) [12] and the used network simulator is OMNET++/Veins [13]. Algorithms and graphs were implemented and generated using R (Table 1).

5.2 Performance Results This subsection is quantifying the performance of the proposed algorithm compared to two other algorithms: a random algorithm where every RSU decides locally and randomly whether to report or delete the received message. The second was a statistical but static approach where no adjustment of reliability statistics is carried dynamically, but only at the beginning.

5.2.1

Packet Delivery Ratio

To understand the issue of data duplication in the receiving RSUs, we first study the Packet Delivery Ratio (PDR). The overall packet delivery ratio is quantified for different RSUs as shown in Fig. 6. The impact of the network density is shown through a decrease in PDR due to mobile and static environment obstacles. It is more clear particularly for the RSU in the center of the grid Rsu2. Figure 5 shows the difference between PDRs at different RSUs over communication ranges. More messages are lost as the source node drives away from the RSU. It is also clear that static obstacles of the environment create different sensing ranges of RSUs as could be seen for Rsu4. We could see also the overall PDR decreases with the network densities as more obstacles as well as wireless communication collisions are likely to occur in higher network densities.

54

M. Ben Brahim and H. Menouar

Fig. 5 Packet delivery ratio as function of communication ranges for different network densities

Fig. 6 Overall packet delivery ratio in different RSUs for different network densities

5.2.2

Duplicated Received Packets

The main focus of the proposed approach is to deal with duplicated data in a distributed way and without adding extra delay or communication overhead. Hence, a setup with duplicated received data by more than an RSU is important to validate our approach. Figure 7 shows the redundant ratio of received data within every RSU for different network densities. Because of mobility of vehicles and static obstacles, RSUs show different duplicated received data ratios. It is clear that the central Rsu2 is receiving data probes from a higher number of mobile nodes and thus presents a higher duplicated data than other nodes. The near-zero ratio of duplicated data within Rsu4 is due to its limited sensing range due to obstacles leading to have a small or even no sensing ranges interference with neighboring RSUs. This causes

AVEC: A Statistical Framework for Adaptive Vehicular Edge Data Cleaning

55

Fig. 7 Duplicated received beacon’s ratio by different RSUs for different network densities

high PDR at RSU proximity and dramatic PDR decrease as cars move away, as could be verified by the results from Figs. 5 and 6, but also very low duplicated data.

5.2.3

Accuracy of AVEC

To evaluate the accuracy of proposed approach, we need first to define the evaluation metrics. For this goal, we define the meaning of true positives, false positives, true negatives, and false negatives in our context. If we consider the algorithm decision result for a given message as a test result with two possible values {delete, report} and compare this to the actual decision that should be taken {to delete, to report}, we could easily derive the definitions of the evaluation metrics as summarized in Table 2 to compare the outputs of the algorithms. Recall that AVEC is an adaptive statistical-based algorithm trying to make local decision to filter duplicated data based solely on knowledge of communication reliability of local and neighbor nodes. The metric true positives represents the number of messages that have been cleaned and they should be cleaned as depicted in Fig. 8a. As could be seen, AVEC algorithm is performing better than fully random and static algorithms for different network densities. Indeed, having even high level, but updated information of neighbor’s communication reliability helps a node to decide locally whether a received packet is more or less likely to be received by others and make informed decision about it. Similar behavior could be seen in Fig. 8b for true negatives, which denotes the messages that should be reported and the algorithm

Table 2 Metrics definition Cleaned Reported

To be cleaned

To be reported

True positives False negatives

False positives True negatives

56

M. Ben Brahim and H. Menouar

(a) True positives

(b) True negatives

(c) False positives

(d) False negatives

Fig. 8 Outputs of different algorithms for different assessed metrics {true positives, false positives, true negatives, false negatives}

correctly made the decision. AVEC could identify the higher number of messages to be reported and allows the RSU to forward the received messages to the cloud platform for further processing. Because different applications require more or less updated information about the traffic network, we want the cleaning algorithm to minimize the number of false positives. This last denotes the wrongly deleted messages by the algorithm leading to zero copy remaining of the message in all potentially receiving RSUs and hence causing a coarse information of traffic state. As could be seen in Fig. 8c, AVEC performs far better than other algorithms in maintaining a grained clean data of traffic state. Indeed, it minimizes the over-filtering of data and maintains a representative traffic data to be forwarded to cloud platform. The number of false negatives depicts the reported messages that should actually be cleaned, but they did not, leading to duplicated data in cloud platform as depicted in Fig. 8d. At this feature, AVEC is outperforming other algorithms in cleaning data and mitigating duplicated data capturing. The edge-based algorithm is paying off in terms of computation and processing resources across the rest of the data pipeline.

6 Conclusion This paper presented AVEC: an adaptive vehicular edge data cleaning in vehicular networks based on statistical filtering of received data probes after knowledge solely of the communication reliability distribution of local and neighbor nodes. The

AVEC: A Statistical Framework for Adaptive Vehicular Edge Data Cleaning

57

approach is adaptive which means that every RSU node is subscribed to an edge server allowing to share updated information once available. The informed decisionmaking of AVEC results in a better data cleaning compared to fully random and static algorithms. The results show the importance of an adaptive approach to enhance the upstream data cleaning task. In the next version of AVEC, we will investigate more dynamic features including the sensing window and the impact of variable splitting parameters on the performance of the algorithm. Acknowledgements This publication was made possible by NPRP grants #NPRP8-2459-1-482 and #NPRP9-257-1-056 from the Qatar National Research Fund (a member of Qatar Foundation). The statements made herein are solely the responsibility of the authors.

References 1. Kenny, J.: Dedicated short-range communications (DSRC) standards in the United States. Proc. IEEE 99(7), 1162–1182 (2011) 2. Raza, S., Wang, S., Ahmed, M., Anwar, M.R.: A survey on vehicular edge computing: architecture, applications, technical issues, and future directions. Wirel. Commun. Mob. Comput. J. 2019, 1–19 (2019) 3. Brahim, M.B., Menouar, H.: Distributed upstream data cleaning in VANET. In: The Thirteenth International Conference on Wireless and Mobile Communications, pp. 122–124, July 2017. Nice, France 4. Zhao, K., Tarkoma, S., Liu, S., Vo, H.: Urban human mobility data mining: an overview. IEEE International Conference on Big Data (Big Data), pp. 1–10, Dec 2016 5. Shiyale, K.V., Saraf, P.D.: Efficient technique for network lifetime enhancement by cleaning dirty data. Int. J. Sci. Res. (IJSR) 4(4), 2525–2528 (2015) 6. Javed, N., Wolf, T.: Automated sensor verification using outlier detection in the internet of things. In: 32nd International Conference on Distributed Computing Systems Workshops, pp. 1–6, June 2012 7. Sha, K., Wang, S., Shi, W.: R D 4 : role-differentiated cooperative deceptive data detection and filtering in VANETs. IEEE Trans. Veh. Technol. 59(3), 1183–1190 (2010) 8. Jeffery, S.R., Franklin, M.J., Garofalakis, M.: An adaptive RFID middleware for supporting metaphysical data independence. VLDB J. 17(2), 265–289 (2008) 9. ETSI EN 302 637-2 V1.3.2 (2014-11) - Intelligent Transport Systems (ITS); Vehicular Communications; Basic Set of Applications; Part 2: Specification of Cooperative Awareness Basic Service, Nov 2014 10. SAE J 2735 (2016-03) - Dedicated short range communications (DSRC) message set dictionary, Mar 2016 11. Brahim, M.B., Drira, W., Filali, F.: Roadside units placement within city-scaled area in vehicular ad-hoc networks. In: International conference on connected vehicles and expo (ICCVE), Nov 2014. Austria, Vienna 12. Krajzewicz, D., Erdmann, J., Behrisch, M., Bieker, L.: Recent development and applications of SUMO - Simulation of Urban MObility. Int. J. Adv. Syst. Meas. 5(3&4), 128–138 (2012) 13. Sommer, C., German, R., Dressler, F.: Bidirectionally coupled network and road traffic simulation for improved IVC analysis. IEEE Trans. Mob. Comput. 10(1), 3–15 (2011)

Software-Defined Networking for Emergency Traffic Management in Smart Cities Pegah Nikbakht Bideh, Nicolae Paladi, and Martin Hell

Abstract Vehicle traffic management is becoming more complex due to increased traffic density in cities. Novel solutions are necessary for emergency vehicles, which despite growing congestion must be able to quickly reach their destination. Emergency vehicles are usually equipped with transmitters to control the traffic lights on their path and warn other vehicles with sirens. Transmitters are operated manually and, like sirens, have a limited range. Smart cities can make use of novel network models to facilitate traffic management. In this paper, we design a traffic management application leveraging software-defined network controllers for traffic preemption. The proposed application leverages the logical centralization of the SDN control plane to improve traffic management. Results from evaluating the application under five different scenarios indicate that emergency vehicles can reach their destination much faster, with very little effect on the surrounding traffic.

1 Introduction Road traffic congestion caused by increasing traffic has become a major problem in big cities. However, increasing connectivity creates opportunities to radically improve road traffic management. Smart transport systems, such as Vehicular Ad hoc Networks (VANETs), have the potential to fulfill the needs of traffic management in big cities. VANETs enable communication between vehicles as well as between vehicles and fixed Roadside P. Nikbakht Bideh (B) · N. Paladi · M. Hell Department of Electrical and Information Technology, Lund University, Lund, Sweden e-mail: [email protected] N. Paladi e-mail: [email protected] M. Hell e-mail: [email protected] N. Paladi RISE Research Institutes of Sweden, Stockholm, Sweden © Springer Nature Singapore Pte Ltd. 2020 A. Laouiti et al. (eds.), Vehicular Ad-hoc Networks for Smart Cities, Advances in Intelligent Systems and Computing 1144, https://doi.org/10.1007/978-981-15-3750-9_5

59

60

P. Nikbakht Bideh et al.

Units (RSU); this includes vehicle-to-vehicle, vehicle-to-RSU, and RSU-to-RSU communications. RSUs are fixed access points along the roads which help communication among vehicles. VANET infrastructure is usually deployed by automobile manufacturers to provide services for vehicle owners [1]. Safety and traffic management are the main attributes of VANETs since they can directly affect the lives of people traveling on the road. Vehicles acting as nodes in VANETs can form a vehicular network without prior knowledge of each other. There are two types of applications available in VANETs, namely, comfort applications and safety applications [2]. Traffic prioritization is unnecessary in comfort applications— messages can be delivered to the destination in the order they arrived in the network. Comfort applications include traffic information systems, weather information, and gas station information. Safety applications are intended for emergency and unsafe situations—messages for safety applications have higher priority in the network. Safety applications include emergency vehicle warning, SOS services, and postcrash warnings. Traffic management and safety applications are usually operated by government agencies [3]. In safety application scenarios—such as emergency situations—a vehicle receives complete coverage of all vehicles in the network using broadcasting [4]. This can lead to the broadcast storm problem [5] in VANETs. This occurs when nearby vehicles send a large number of broadcasts, causing packet loss due to collisions. To increase the efficiency of VANETs and address issues such as the broadcast storm problem, support for Software-Defined Networking (SDN) was introduced in VANET [6]. SDN-based VANET helps to address the limitations and challenges of traditional VANET systems. A core advantage of an SDN-based VANET is the global overview of the network which it provides. This can be used to manage the entire network communications more efficiently. Managing the overall network load through a central controller, as done in SDN-based VANETs, can help making more informed routing decisions. But in simple VANETs, because of the focus on shortest path routing, the traffic can easily become unbalanced. Moreover, SDN-based VANETs offer additional advantages: (1) there is no need to configure each network device manually, (2) the path-recovery latency decreases, and (3) the programmability of the network improves through external applications. In this paper, we propose an emergency traffic management application for SDN controllers. The application provides an efficient and fast route for emergency vehicles, moving inside the VANET, in case of emergencies. Our application combines two main approaches to reach its goal. First, which is the main contribution of this paper, we control traffic lights to create a clear and fast route for emergency vehicles. This technology is called Emergency Vehicle Signal Preemption and we aim to improve the performance of emergency signal preemption through an SDN controller. Second, we improve warnings to other vehicles in the network on the path of emergency vehicles through a targeted delivery warning. This allows targeted vehicles to leave the path as quickly as possible (e.g., keeping to the right lane). These are building blocks of our system for emergency traffic management with the help of SDN.

Software-Defined Networking for Emergency Traffic Management in Smart Cities

61

We explain emergency signal preemption and traffic lights control in Sect. 2. In Sect. 3, we explain SDN and its properties. We present the designed application in Sect. 4, and we demonstrate the implementation of the system in Sect. 5. We evaluate the application in Sect. 6. We present related works in Sect. 7. Finally, we conclude the paper in Sect. 8.

2 Background Traffic lights usually have two control modes: fixed time and dynamic control [7]. In the fixed time mode, a fixed time is assigned to traffic lights and after a given time they change color. A dynamic traffic light instead has a detector which communicates with the traffic light and informs it about real-time traffic conditions, such as the number of cars on the road. Some other traffic lights are equipped with wireless LAN that can send information, including waiting time until next color change, to the approaching vehicles, allowing drivers to adjust their driving pattern. More complex dynamic control can be coordinated or synchronized [8]. In synchronized control, all changes are done at the same time. These are only used in special cases or older systems. Coordinated lights are usually controlled from a master controller and can change lights in cascade order so platoons of vehicles can proceed through a series of green lights. The controller is usually placed on a corner of an intersection. It receives information from the detector and changes the traffic signal based on this information. While dynamic control traffic lights perform better than fixed time lights they nevertheless have some drawbacks. A controller is needed in each intersection, and failures in controllers or detectors are difficult to troubleshoot. Traffic lights work on the concept of phases. Phases of traffic lights are groups of directions of movements existing at an intersection. Traffic lights follow the predefined phase patterns repeatedly, and when a traffic light receives a green signal and if the current phase is not green it shifts the phase to green immediately. Traffic signal preemption [9] allows manipulating traffic signals in the path of an emergency vehicle. Signal preemption enables emergency vehicles to move more quickly and more safely since emergency vehicles can move on a green path and avoid traffic congestion. The signal preemption system uses a receiver mounted on the traffic light and a transmitter mounted inside the emergency vehicle. In case of emergency, the transmitter inside the emergency vehicle can be activated and causes compatible traffic lights in the path of the vehicle to change the color to green immediately. Traffic signal preemption can work well in emergencies but it needs to be manually activated and only works within a limited distance from the traffic light. The existence of a central controller, using SDN, can significantly improve the performance of signal preemption since it has knowledge about the path of the emergency vehicle in advance and the control is independent of the vehicles’ distance to the traffic light.

62

P. Nikbakht Bideh et al.

3 Software-Defined Networking The explosive growth of data traffic has made the limitations of traditional networking obvious. In traditional networking, each network device has local control and a local data plane. Devices, such as switches and routers, are often vendor- and applicationspecific, resulting in a complex (re-)configuration and management. The control plane and data plane inside networking devices, which are, respectively, responsible for policy definition and traffic forwarding, reduce networking flexibility and hinder the evolution of the networking infrastructure. There are many definitions of SDN and the most well-accepted one is from the ONF (open networking foundation) organization. There it is defined as “The physical separation of the network control plane from the forwarding plane, and where a control plane controls several devices” [10]. Around this network architecture, SDN has four main characteristics [11]. – Separation The control and data planes are decoupled. Control functionality is removed from network devices, so they act as simple packet forwarding entities. The control plane is responsible for policy definition and management while data plane devices forward data according to installed rules. – Central Control Control logic is moved to an external entity (SDN controller) or a more complex control system with multiple controllers. It now has central control and management of multiple devices and an overall view of the network situation, allowing better policies. – Virtualization Devices can be physical or virtualized and implementation details can be abstracted. Devices can be configured to act as an arbitrary network device. – Open Interfaces and Programmability SDN-based devices now have open interfaces and software applications running on top of the controller which could control the devices by high-level programming without concern about the trivial details of the devices, bringing easier configuration and updates. This is a fundamental characteristic of SDN and the main value proposition.

4 SDN-Based Emergency Traffic Management Application In this section, we describe the main contribution of this work, an SDN-based emergency traffic management application. This novel approach for emergency signal preemption makes use of the global network view of an SDN controller to create a green corridor for emergency vehicles, without increasing the latency for other vehicles on the road. The proposed approach can replace the traditional signal preemption method and radically simplify the current approach.

Software-Defined Networking for Emergency Traffic Management in Smart Cities

63

4.1 System Components and Communications The components of our designed system are the SDN controller, SDN nodes, and SDN RSUs [2]. The SDN controller is used to control the whole network and the traffic lights. SDN nodes, in our system, are vehicles that are constantly moving, making the system more dynamic in comparison to stationary SDN nodes. An SDN RSU is a physical device attached to roadsides and responsible for communication between vehicles, traffic lights, and with the SDN controller. A vehicle can interact with its environment using the following types of communication: – V2V (vehicle to vehicle) in which both parties are vehicles. – V2I (vehicle to infrastructure) is a type of communication in which one part is a vehicle and the other part is RSU. – I2I (infrastructure to infrastructure) in which different RSUs communicate with each other or RSU is communicating to SDN controller.

4.2 System Design The general overview of the system is depicted in Fig. 1. The SDN controller has a global overview of the network, e.g., emergency vehicles’ current position, their destinations, and the paths they are taking to their destinations (the available shortest path). Moving vehicles and traffic lights are connected to their nearest RSUs. Here we make the assumption that the network has high coverage and there are RSUs available all around the network. The system is constructed from two sub-systems described below: 1. Vehicle Traffic Preemption This sub-system aims to preempt traffic lights on the path of emergency vehicles. When an emergency vehicle approaches a traffic light on its path, if the phase of the traffic light is not green, the SDN controller sends a change phase command to the traffic light via the nearest RSU. This command changes the phase of the traffic light and turns it to green sooner than the specified phase state. Later, the traffic lights return to their earlier phase pattern. Vehicle traffic preemption helps emergency vehicles to move on the green path. Considering that other vehicles on the road are controlled by drivers, control commands issued over a network cannot be enforced. However, this feature may become available in autonomous vehicles. Vehicle traffic preemption can be complemented with control commands to vehicles on the road to help provide a green corridor for moving emergency vehicles. However, traffic control commands to autonomous vehicles are outside the scope of this paper.

64

P. Nikbakht Bideh et al.

Designed Application SDN Controller

L

Traffic Light

V

Vehicle

V

Emergency Vehicle

RSU

I2I V2I V2V

V

L

V

RSU

V

L

V Fig. 1 General overview of SDN-based emergency traffic management

2. Target Vehicle Notification Target vehicle notification aims to notify other available vehicles on the path of emergency vehicles. Vehicles on the path of emergency vehicles are identified by the SDN controller and a “notify message” is sent to them. After receiving the “notify message” by a vehicle, if there are two lanes available on the road, the driver keeps right and slows down to make the road clear. There is no need to send traffic light’s information to other vehicles on the road since they just stop if the light is red or pass if it is green. Target vehicle notification helps in providing a congestion-free path for emergency vehicles.

5 Implementation Based on the system model described in Sect. 4, we here describe the implementation of the SDN-based traffic management application. As mentioned in Sect. 3, in SDN networks, the data plane is separated from the control plane. We used the RYU SDN controller for our implementations since it supports almost all OpenFlow versions and has good documentation available [12]. Along with the SDN controller, we used a network emulator to create a network of virtual hosts, switches, controller, and the links between them. We used the Mininet [13] emulator for this purpose. It provides a simple testbed to develop OpenFlow applications, enables complex topology testing, and provides an easy way to achieve correct system behavior.

Software-Defined Networking for Emergency Traffic Management in Smart Cities

65

Furthermore, we used SUMO (Simulation of Urban MObility) [14] version 1.1.0 to simulate road traffic in a smart city. SUMO is an open-source and portable road traffic simulator which has been designed to handle large road networks. SUMO uses the TraCI module (traffic control interface) to retrieve attribute values of simulated vehicles, traffic lights, and to manipulate their behavior online. SUMO can be connected to Mininet via a Python API. Hosts, taking the role of vehicles, are created in Mininet based on the number of vehicles in SUMO. Then, Mininet connects to RYU, our SDN controller. In the emergency traffic management application, live data such as vehicle state, position, accident spot, and emergency vehicles’ location need to be sent to the SDN controller. The controller should also be able to send packets to different vehicles, traffic lights, and devices such as RSUs. Since Mininet does not support data packet communication with RYU, in our implementation, we instead used sockets to send data packets between RYU and Mininet. Whenever data is needed to be sent, a socket is open between different devices and also between Mininet and RYU. Sockets stay open and devices can use them for upcoming data transfers if needed. For the emergency traffic management application, vehicles on the road and traffic lights along with RSUs have been simulated in SUMO. Since SUMO cannot be connected directly to an SDN-based controller, we used Mininet between SUMO and the RYU controller. Thus, for each available vehicle and traffic light in SUMO, we add a node and map them to the relevant hosts in Mininet. There are many typologies such as single switch, tree, and linear available in Mininet. We selected linear topology and based on this topology the relevant number of switches is added in Mininet and hosts are connected to the switches. As illustrated in Fig. 2, both SUMO and Mininet form the infrastructure layer in our implementation. The mapping and communication between SUMO and Mininet are also shown in Fig. 2. Then, the infrastructure layer connects to, and is controlled by, the RYU controller and our designed emergency traffic management application runs on top of RYU.

Fig. 2 SUMO and Mininet mapping in emergency traffic management application

66

P. Nikbakht Bideh et al.

In the course of a simulation, whenever an accident occurs, a vehicle identifier along with a lane identifier is sent to the SDN controller through the nearest RSU. This information can be extracted from SUMO using the TraCI module. The SDN controller knows all vehicles on the road and also their positions. Then, the controller finds the ambulance closest to the accident spot and sends the ambulance the position of the accident. In SUMO, the shortest path algorithm is used to find the shortest route to the destination. Thus, an ambulance takes the available shortest path to the accident spot. While the ambulance is moving, it connects to its nearest RSUs and its position information is sent to the controller online. When the ambulance approaches a traffic light, the SDN controller checks the phase of the light. If it is not green, the SDN controller sends a “change phase” command to the traffic light through the nearest RSU. Also, the SDN controller knows which vehicles are moving on the ambulance route and sends notification messages to them. After receiving a notify message, if there are two lanes available, the vehicle keeps right, slows down, and lets the ambulance take over. If there is only one lane available, the vehicle stops at the roadside and the ambulance can take over. Based on the severity of the accident, other emergency vehicles such as a fire truck, police, or another ambulance can be sent to the accident spot. In Sect. 6, we test the system with different emergency vehicles. The SDN controller has a global view of the network and signal preemption can be achieved more efficiently by allowing earlier preemption and reducing delays of emergency road traffic. The preemption is done through the RSUs instead of sending the green signal via a transmitter mounted inside the vehicle.

6 Performance Evaluation and Results To evaluate the performance of our proposed emergency traffic management application, we defined five different scenarios of varying complexity. – Scenario 1: One accident spot, one ambulance drives to the accident spot, and 10 other vehicles on the road. – Scenario 2: One accident spot, one ambulance drives to the accident spot, and 100 other vehicles on the road. – Scenario 3: One accident spot, one ambulance, one fire truck, and one police all drive to the accident spot, and 100 other vehicles on the road. Fire truck and police face each other in an intersection. – Scenario 4: One accident spot, two ambulances drive to the accident spot and they face each other in an intersection, and 100 other vehicles on the road. – Scenario 5: Two accident spots, two ambulances each drives to a different accident spot, and 100 other vehicles on the road. We implemented and simulated each of the above scenarios in SUMO. We used a part of the New York city map (Chelsea, Manhattan) in our implementations and

Software-Defined Networking for Emergency Traffic Management in Smart Cities

67

Table 1 Arrival time to accident spot without using emergency traffic management application Scenarios Arrival time to accident spot (seconds) Ambulance 1 Ambulance 2 Fire truck Police Scenario 1 Scenario 2 Scenario 3 Scenario 4 Scenario 5

297.49 310.31 178.30 267.70 357.90

− − − 356.80 412.80

− − 416.40 − −

− − 235.60 − −

Table 2 Arrival time to accident spot with using emergency traffic management application Scenarios Arrival time to accident spot (seconds) Ambulance 1 Ambulance 2 Fire truck Police Scenario 1 Scenario 2 Scenario 3 Scenario 4 Scenario 5

159.50 168.90 160.90 175.90 183.10

− − − 181.00 193.20

− − 246.60 − −

− − 272.10 − −

there were 63 separate roads available on the map. The map was exported from OpenStreetMap [15] and imported into SUMO. Among these roads, 21 of them were one-way roads with an ending edge. To avoid such traps, only 42 out of the 63 roads were used in our simulation. We simulated the first, second, and last scenarios 42 times with the 42 different starting road positions for ambulances. Since in the third and fourth scenarios the emergency vehicles’ paths must intersect, these starting points were not randomized. In the application, we encoded a set of traffic priority rules based on traffic rules. First, when two crossing emergency vehicles at the intersection have different priorities, the one with higher priority should cross the intersection first. For example, if a fire truck and a police car face in an intersection, the fire truck crosses first. Second, when two crossing emergency vehicles at the intersection have the same priority we prioritize the vehicle whose traffic light was due to turn to green sooner. For example, if ambulance 1 and ambulance 2 face an intersection and the remaining time to the green phase for ambulance 1 is 5 s and for ambulance 2 is 10 s, ambulance 1 has priority. The SDN controller has knowledge about different types of emergency vehicles and their priorities and the encoding rules can be easily applied. To evaluate the performance of the emergency traffic management application, we measure the arrival time of the different emergency vehicles before and after applying the SDN-based traffic management application. The arrival times before applying our application are shown in Table 1, while the arrival times resulting from applying our application can be found in Table 2. Comparing the arrival times in the two tables shows that with our SDN-based application, the arrival time is significantly decreased for the emergency vehicles.

68

P. Nikbakht Bideh et al.

Table 3 Mean, median, variance, and standard deviation of arrival time of all vehicles to their destination without using emergency traffic management Scenarios Without using emergency traffic management Mean Median Variance Standard deviation Scenario 1 Scenario 2 Scenario 3 Scenario 4 Scenario 5

227.87 309.60 292.70 289.47 313.24

208.8 282.2 282.2 280.05 285.45

7293.02 16369.62 12108.11 10774.48 16162.16

90.57 128.70 110.73 104.45 127.87

Table 4 Mean, median, variance, and standard deviation of arrival time of all vehicles to their destination with using emergency traffic management Scenarios With using emergency traffic management Mean Median Variance Standard deviation Scenario 1 Scenario 2 Scenario 3 Scenario 4 Scenario 5

223.32 315.82 284.29 306.28 318.03

212.5 286.65 282.6 294.7 295.3

4451.12 16952.22 8812.15 14205.18 15084.80

69.97 130.94 94.46 119.88 123.54

In our simulations, starting points and destinations of other vehicles on the road are fixed points and they are equal for both cases (before and after applying our application). We do not apply the randomization of starting points for normal vehicles on the road. To make sure the emergency traffic application does not increase latency for other vehicles on the road, we calculated the mean, median, variance, and standard deviation of arrival times of all vehicles to their destination before and after applying emergency traffic management application. These values are shown in Tables 3 and 4. As illustrated in the tables, the difference between the mean arrival times before and after using our emergency traffic management application is relatively small. Thus, applying our application does not have a significant impact on the latency of other vehicles on the road.

7 Related Work Several SDN-based approaches to emergency traffic control are available from earlier work. In [16], the authors proposed an SDN-based algorithm to control emergency traffic. In case of an emergency, the SDN controller calculates the shortest route to the destination area and gives priority to emergency vehicles to reach their destination as quickly as possible. The controller also diverts normal traffic to alternative routes to avoid congestion. The authors tested the proposed method by using Mininet, with

Software-Defined Networking for Emergency Traffic Management in Smart Cities

69

the cars represented as packets and the traffic lights emulated as OpenFlow switches. This is not a very realistic emulation since it is not possible to emulate real-time vehicular traffic behaviors such as slow down, take over, and change of lights using Mininet. Instead, in our emulations, we used SUMO in which all vehicular behaviors can be simulated easily. In [17], the authors proposed a solution for adaptive traffic management for emergency services in smart cities. The goal was to reduce the latency of emergency vehicles with minimum disruption to the regular traffic. The designed traffic management system consists of a set of traffic management controllers, each of them controlling traffic in a specific area. One of the advantages of this method is the ability to authenticate emergency vehicles (hospitals, fire stations, etc.) upon receiving emergency notifications. On the other hand, the system needs many traffic management controllers and they need to coordinate with each other, increasing the complexity of the system. In our designed system, there is only a central controller available and there are RSUs all around the city. Each RSU can communicate with the SDN controller and there is no need to coordinate RSUs since they are directly controlled by the SDN controller. Also, in our system it is not necessary to program different controllers, so the complexity of the system decreases. In [18], an SDN-enabled hybrid emergency message transmission architecture on the Internet of Vehicles (IoV) was proposed. The authors applied SDN to a vehicular network to obtain rapid and reliable transmission of emergency messages. In the proposed method, the SDN controller sends the emergency message to relevant RSU switches. Then the RSU switches take relevant action based on their flow table. The designed architecture can only help in forwarding emergency messages in the vehicular network and it does not help emergency vehicles itself to reach their destination faster. Our designed system aims to improve emergency vehicular traffic management by providing a green and congestion-free path for emergency vehicles.

8 Conclusions and Future Work In this paper, an SDN-based emergency traffic management application was designed to improve signal preemption through a central controller. The application can provide a green path for emergency vehicles to their destination. It can also be used to notify other vehicles on the road about an approaching emergency vehicle. We define different scenarios and compute the arrival time for vehicles. The results show that by using our designed SDN-based emergency traffic management application, we can clear the road for emergency vehicles and decrease their arrival times. Moreover, our application does not have a significant impact on the latency of other vehicles. Thus, having a central SDN controller with a global network view can reduce the latency of emergency vehicles with little negative impact on other vehicles. On the other hand, a central controller can also be a single point of failure. This problem can to some extent be mitigated by having a backup SDN controller available. Deploying such an SDN-based VANET traffic management application in smart cities requires collaboration between government agencies and automobile manufacturers.

70

P. Nikbakht Bideh et al.

A future work could be to consider autonomous vehicles on the road and extend the application to control commands instead of notification messages. Acknowledgements This paper was partially supported by the Swedish Foundation for Strategic Research, grant RIT17-0035, and partially supported by the Wallenberg Autonomous Systems and Software Program (WASP).

References 1. Bhatia, A., Haribabu, K., Gupta, K., Sahu, A.: Realization of flexible and scalable VANETs through SDN and virtualization. In: 2018 International Conference on Information Networking (ICOIN), pp. 280–282. IEEE (2018) 2. Shafiq, H., Rehman, R.A., Kim, B.S.: Services and security threats in SDN based VANETs: a survey. Wirel. Commun. Mob. Comput. (2018) 3. Salmon, P.M., Read, G.J., Stevens, N.J.: Who is in control of road safety? a STAMP control structure analysis of the road transport system in Queensland. Asustralia. Accid. Anal. Prev. 96, 140–151 (2016) 4. Yousefi, S., Mousavi, M.S., Fathy, M.: Vehicular ad hoc networks (VANETs): challenges and perspectives. In: 2006 6th International Conference on ITS Telecommunications, pp. 761–766. IEEE (2006) 5. Chen, R., Jin, W.L., Regan, A.: Broadcasting safety information in vehicular networks: issues and approaches. IEEE Netw. 24(1), 20–25 (2010) 6. Ku, I., Lu, Y., Gerla, M., Gomes, R.L., Ongaro, F., Cerqueira, E., et al.: Towards softwaredefined VANET: architecture and services. In: Med-Hoc-Net, pp. 103–110 (2014) 7. How Traffic Light Control Systems Work. https://www.autoevolution.com/news/how-dotraffic-light-control-systems-work-41839.html (June 2019) 8. Traffic signal design terminology. https://www.traffic-signal-design.com/terminology_main. htm (June 2019) 9. Paniati, J.F., Amoni, M.: Traffic signal preemption for emergency vehicle: a cross-cutting study. US Federal Highway Administration (2006) 10. ONF: Software-Defined Networking (SDN) Definition. https://www.opennetworking.org/sdndefinition/ (July 2019) 11. Kreutz, D., Ramos, F., Verissimo, P., Rothenberg, C.E., Azodolmolky, S., Uhlig, S.: Softwaredefined networking: a comprehensive survey. arXiv:1406.0440 (2014) 12. Zhu, L., Karim, M.M., Sharif, K., Li, F., Du, X., Guizani, M.: SDN controllers: benchmarking & performance evaluation (2019) 13. Mininet. http://mininet.org/ (July 2019) 14. Lopez, P.A., Behrisch, M., Bieker-Walz, L., Erdmann, J., Flötteröd, Y.P., Hilbrich, R., Lücken, L., Rummel, J., Wagner, P., Wießner, E.: Microscopic traffic simulation using SUMO. In: The 21st IEEE International Conference on Intelligent Transportation Systems. IEEE (2018). https://elib.dlr.de/124092/ 15. Open Street Map. https://www.openstreetmap.org (June 2019) 16. Rego, A., Garcia, L., Sendra, S., Lloret, J.: Software defined networks for traffic management in emergency situations. In: 2018 Fifth International Conference on Software Defined Systems (SDS), pp. 45–51. IEEE (2018) 17. Djahel, S., Salehie, M., Tal, I., Jamshidi, P.: Adaptive traffic management for secure and efficient emergency services in smart cities. In: 2013 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), pp. 340–343. IEEE (2013) 18. Zhu, W., Gao, D., Zhao, W., Zhang, H., Chiang, H.P.: SDN-enabled hybrid emergency message transmission architecture in internet-of-vehicles. Enterp. Inf. Syst. 12(4), 471–491 (2018)

Vehicular Networks and Security

Towards a Reliable Machine Learning-Based Global Misbehavior Detection in C–ITS: Model Evaluation Approach Issam Mahmoudi, Joseph Kamel, Ines Ben-Jemaa, Arnaud Kaiser, and Pascal Urien Abstract Global misbehavior detection in Cooperative Intelligent Transport Systems (C–ITS) is carried out by a central entity named Misbehavior Authority (MA). The detection is based on local misbehavior detection information sent by Vehicle’s On–Board Units (OBUs) and by Road–Side Units (RSUs) called Misbehavior Reports (MBRs) to the MA. By analyzing these Misbehavior Reports (MBRs), the MA is able to compute various misbehavior detection information. In this work, we propose and evaluate different Machine Learning (ML)-based solutions for the internal detection process of the MA. We show through extensive simulation and several detection metrics the ability of solutions to precisely identify different misbehavior types. Keywords Misbehavior detection · Machine Learning · C–ITS

This research work has been carried out in the framework of the Technological Research Institute SystemX, and therefore granted with public funds within the scope of the French Program Investissements d’avenir. I. Mahmoudi · J. Kamel (B) · I. Ben-Jemaa · A. Kaiser Institut de recherche technologique (IRT) SystemX, 91120 Palaiseau, France e-mail: [email protected]; [email protected] I. Mahmoudi e-mail: [email protected]; [email protected] I. Ben-Jemaa e-mail: [email protected] A. Kaiser e-mail: [email protected] I. Mahmoudi Paris Descartes University, 75006 Paris, France J. Kamel · P. Urien Télécom ParisTech, 75013 Paris, France e-mail: [email protected] © Springer Nature Singapore Pte Ltd. 2020 A. Laouiti et al. (eds.), Vehicular Ad-hoc Networks for Smart Cities, Advances in Intelligent Systems and Computing 1144, https://doi.org/10.1007/978-981-15-3750-9_6

73

74

I. Mahmoudi et al.

1 Introduction Cooperative Intelligent Transport Systems (C–ITS) is a mature technology that aims at improving road safety, traffic efficiency, and users comfort. This technology relies on the exchange of information between moving Intelligent Transport Systems (ITS) Station (ITS–S) (vehicles, trucks, motorbike, bicycle, etc.) and fixed ones (Road–Side Units (RSUs)). ITS–S periodically broadcast kinematic information (geographical position, speed, heading, etc.) to advertise their neighbors. These information are then used by safety applications embedded in each ITS–S to detect and avoid potentially dangerous situations. The C–ITS technology is standardized by the European Telecommunications Standards Institute (ETSI) in Europe and by the IEEE in the US. Securing communications between vehicles and the infrastructure (also called Vehicle–to–Everything (V2X) communications) is thus of paramount importance. The C–ITS community worldwide agreed to use a Public Key Infrastructure (PKI) to perform this task. Basically speaking, the PKI provides unique digital certificates to ITS–S. ITS–S then use these certificates to digitally sign their V2X messages in order to guarantee authentication, integrity, and non-repudiation. ITS–S also frequently change the certificate they are using in order to avoid potential tracking which may lead to break driver’s privacy [18]. The PKI is a solution that protects C–ITS against external attacks. However C–ITS still remains vulnerable against internal attacks. It is indeed possible for a malicious ITS–S that is authenticated at the PKI to deliberately send false information in its V2X messages in order to disrupt the system. MisBehavior Detection (MBD) is a promising technology that aims at monitoring the C–ITS in order to detect potentially misbehaving ITS–S. Basically speaking, the MBD process can be divided into the following three steps: 1. Local detection: Detection at the ITS–S level of potentially misbehaving ITS–S in the neighborhood 2. Reporting: Reporting the detected misbehaving ITS–S to the Misbehavior Authority (MA) localized in the Cloud 3. Global detection: Decision-making at the MA level: is the reported ITS–S actually misbehaving or not? In this paper, we focus our work at the MA level. The objective of the MA is to classify the reported ITS–S as (1) misbehaving (and what kind of attack it does), (2) faulty (e.g., the MA has a broken sensor), (3) genuine (false positive). We believe that the MA will benefit from using Artificial Intelligence (AI) solutions such as Machine Learning (ML) to perform this task. In this work, our goal is to evaluate different ML approaches for the MA. To this end, we implemented the complete MBD process in an extension of VEINS simulator [3]. Our results show that the use of ML enables the MA to precisely classify the reported ITS–S and identify the different types of misbehavior. The remainder of the paper is as follows. Section 2 presents the state-of-theart of ML-based approaches used for MBD. Section 3 presents the C–ITS general

Towards a Reliable Machine Learning-Based Global …

75

architecture and details the misbehavior detection concept. Then, Sect. 4 presents our evaluations and discuss the obtained results. Finally, Sect. 5 concludes this work and gives some future work.

2 Related Work In this section, we give a brief overview of machine learning-based techniques used for MBD in the context of C–ITS. Grover et al. [7] propose a machine learning-based approach to detect misbehavior in VANETs. For this purpose, the authors experiment with different classifiers implemented in WEKA toolset including Naive Bayes, Instance-based learner (IBK), Decision Tree (J-48), Random Forest (RF), and AdaBoost. They conduct a comprehensive comparison and show that RF and J-48 classifiers perform best. In a subsequent paper [6], the authors improve the detection performance by replacing the single classification algorithm with several classification algorithms. They aggregate, through a majority voting ensemble-based scheme, the results of previously mentioned classifiers into a single stronger classifier. They show that the ensemble-based model is more robust and efficient in classifying multiple misbehaviors present in VANETs and could achieve a better result in comparison to each individual base learner. Ghaleb et al. [5] train a feedforward neural network to detect misbehavior in a C–ITS system. The authors create features from the data model as well as historical values of several plausibilities and consistency checks. In total, the network takes seven features as input. The training and performance evaluation are done using a relatively small real-world traffic dataset called NGSIM. They show that the proposed solution could generalize better than some baseline models. So et al. [20] propose a machine learning-based framework to detect and classify location spoofing. Their model is based on six plausibility checks as a feature vector. They build two machine learning models: k-nearest neighbors (k-NN) and support vector machine (SVM). The training and data evaluation are done on using VeReMi dataset [23]. They show that they can improve the overall detection precision of the plausibility checks used in the feature vectors by over 20%, while maintaining a recall within 5% of that of the plausibility checks. Gyawali and Qian [8] propose a ML-based scheme to detect two categories of attacks: false alert attack and position falsification attack. The false alert messages are generated using the Veins simulator. The position falsification messages are extracted from the VeReMi dataset. They train multiple machine learning models including Logistic Regression, k-NN, Decision Tree, and Random Forest. They claim that the proposed scheme is more effective to detect internal attacks as compared to the one proposed in VeReMi. So et al. [19] propose three novel physical-layer plausibility checks. They use machine learning models to evaluate their proposed checks. They test these models

76

I. Mahmoudi et al.

on the VeReMi dataset. They show that these checks outperform recently proposed machine learning-based schemes operating at the application layer. Note that the studies cited in this section operate at the local level of the C–ITS misbehavior detection process. We believe that a global detection could yield better results and still not studied well in the context of C–ITS. In this work, we focus on machine learning-based solutions for the global detection process done at the MA level.

3 System Model 3.1 C–ITS General Architecture The vehicular network is based on a set of On–Board Units (OBUs) and RSUs that periodically broadcast V2X safety messages. Each message contains several kinematic information such as the position, the velocity, the heading. This information is generally provided by the vehicle’s internal sensors. To send and receive safety messages the vehicle needs to acquire digital certificates. These certificates are requested from the PKI through the IEEE 802.11p or the cellular technologies. Upon reception of a valid request, the PKI delivers one long term and several short-term certificates. The short-term certificates are often referred to as pseudonym certificates. Vehicles frequently change their pseudonym certificates to avoid tracking and protect their privacy. These certificates are used by each transmitting vehicle to sign its messages. Figure 1 illustrates the C–ITS security architecture and the data flows sent between the security entities. The signature allows receiving vehicles to authenticate the sender and to verify the integrity of the transmitted data. Authenticating vehicles is simply verifying that their certificate is valid. Whereas the integrity test consists of verifying through the message signature if data is altered by a malicious entity. However, a malicious vehicle with a valid certificate and a valid data signature may send intentionally bogus information. Additionally, vehicles may experience sensors defect. In this situation, the sent information would be erroneous as well. This type of malicious behavior, which targets the data semantics, or shortly misbehavior, is managed by the MA. The MA is also localized in the back-end security system. The MA receives misbehavior alerts, called misbehavior reports from vehicles which contain data about a potential misbehaving vehicles. It proceeds then to an internal analysis and processing of the received data. Finally, once it obtains the MBD results of the data processing, it sends a report to the entity which is in charge of the misbehavior reaction. In Fig. 1, we suppose that the entity which is in charge of the misbehavior reaction is the PKI. The whole process of MBD is detailed in Sect. 3.2.

Towards a Reliable Machine Learning-Based Global …

77

Fig. 1 C–ITS security architecture

Fig. 2 Misbehavior detection steps

3.2 Misbehavior Detection Overview Commonly, the MBD process is based on four steps (see Fig. 2). 1—Misbehavior local detection: Sybil attack is a situation where an attacker sends ghost beacon messages to simulate the existence of ghost-vehicles on the road. The attack performed by the blue vehicle (see Fig. 2). This attack is able to create a virtual road congestion situation. The local MBD is performed by each single vehicle’s OBU and RSU in the local vehicular network to detect a potential misbehaving entity. It is based on checking the plausibility and the consistency of the received beacon messages. These checks are described in Sect. 3.3.

78

I. Mahmoudi et al.

2—Misbehavior reporting: The reporting process consists of building and transmitting a Misbehavior Report (MBR) message containing the relevant detection information. More precisely, vehicles are required to provide evidence to prove the type of the detected misbehavior to the MA. This evidence consists mostly of the messages used in the detection process. After collecting enough evidence, the MBR is then sent to the global MA. This action is performed by the grey vehicle (see Fig. 2). More details on the reporting protocol are available [11]. 3—Misbehavior global detection: This operation consists of collecting the received MBRs during a specific time frame. These MBRs are then processed to evaluate their integrity then accurately define the type of misbehavior. This operation is performed by the MA which is a back-end security management system. Notice that due to the amount of processed data and the requirements of high detection reliability, this operation is not required to be real-time. 4—Misbehavior reaction: Once the detection results are obtained, the MA may inform the authority in charge of proceeding to the appropriate misbehavior reaction. This can be, for instance, an immediate revocation of the misbehaving entity. Notice that in Fig. 2, we just provide an example where the PKI is in charge of proceeding to the appropriate reaction. As this is not yet standardized, other authorities may be in charge of misbehavior reaction in the future.

3.3 Local Detectors The local MBD is based on checks performed by the ITS–Ss on every received message. These checks are simple and fast to calculate plausibility detectors. The features of the detection process are detailed in the following study [13]. Based on these detectors, the vehicle decides if a report should be send or not. Here is a simple summary of the functionality of all implemented local detectors: – Range plausibility: The position of the sending ITS–S must be inside of the ITS–S maximum radio reception range. – Position plausibility: The position of the sending ITS–S must be at a plausible place (e.g., on a road, no overlaps of physical obstacles). – Speed plausibility: The speed advertised by the sending ITS–S must be less than a predefined threshold. – Position consistency: Two consecutive beacons coming from a same ITS–S have plausible separating distance. – Speed consistency: Two consecutive beacons coming from a same ITS–S must have plausible acceleration or deceleration. – Position speed consistency: Two consecutive beacons coming from a same ITS–S must have consistent speed and separating distance. – Beacon frequency: The beacon frequency of a sending ITS–S must be compliant with the standards.

Towards a Reliable Machine Learning-Based Global …

79

– Position heading consistency: The positions in two consecutive beacons coming from a same ITS–S must correspond to the heading advertised in the respective beacons. – Intersection check: Two beacons coming from two different ITS–S must not have overlapping positions. – Sudden appearance: The ITS–S must not suddenly appear within a certain range, with a preset positive speed. – Kalman Filter Tracking: The ITS–S advertised information must be within a plausible range of the Kalman filter predicted information. The calculation implementation is open source [12]. As proposed in [10], this would us to recalculate the following detectors: (1) Position Consistency, (2) Speed Consistency, (3) Position Speed Consistency.

3.4 Attacker Model We consider an attacker as any misbehaving entity sending inaccurate data on the network. The misbehavior is divided into two categories: Faulty behavior and attacks. A node is exerting faulty behavior if one or more of its sensors are sending inaccurate data. A node is considered an attacker if it is intentionally altering the message data before sending it over the network. We extracted from the literature a set of possible misbehavior types [17, 24]. Details of all the implemented misbehavior mechanisms are presented below: Faulty Behavior – Constant Position: The vehicle broadcasts the same position each beacon. – Constant Position Offset: The vehicle broadcasts its real position with a fixed offset. – Random Position: The vehicle broadcasts a random position from the playground. – Random Position Offset: The vehicle broadcasts its real position with a random offset limited to a max value. – Constant Speed: The vehicle broadcasts the same speed each beacon. – Constant Speed Offset: The vehicle broadcasts its real speed with a fixed offset. – Random Speed: The vehicle broadcasts a random speed with a upper limit. – Random Speed Offset: The vehicle broadcasts its real speed with a random offset limited to a max value. – Delayed Messages: The vehicle broadcasts its information with a delay from reality. Attacks – DoS: The attacking vehicle broadcasts its information with a higher frequency than what is defined in the standard. This increase in the beaconing frequency would inflict an overhead on the broadcasting channel. At a certain frequency increase, the channel becomes unusable by other vehicles.

80

I. Mahmoudi et al.

– DoS Random: Similarly to DoS, the vehicle increase its beaconing frequency. However, the data sent in the transmitted messages is completely random. – DoS Random Sybil: A DoS Random attack where the attacker also changes the pseudonym used at every received message. – Disruptive: The attacking vehicle broadcasts messages with data extracted from previously received beacons. The data broadcasted in generated by genuine vehicles, thus making it plausible on some levels. The saturation of the channel by this type of data would theoretically deteriorate the quality of the C–ITS system. – Dos Disruptive: This attack is a combination of the DoS and the disruptive attack. The attacker sends disruptive data while simultaneously increasing its beaconing frequency. – DoS Disruptive Sybil: A DoS disruptive attack where the attacker also changes the pseudonym used at every received message. – Data Replay: The attacking vehicle chooses a target and replays its data instantly with certain minor epsilons added. Consequently, for an observer it would seem that there are two vehicles in the same space-time dimension. – Data Replay Sybil: Similar to the data replay attack, however, the attacker changes his pseudonym when changing the target vehicle to avoid detection. – Eventual Stop: The attacking vehicle simulated a sudden stop by setting the speed to zero and fixing the position. – Traffic Congestion Sybil: The attacking vehicle uses the multiple stored pseudonyms to generate ghost-vehicles. The ghost-vehicles’ data is generated in a grid-like matter to simulate a traffic congestion.

4 Misbehavior Authority Evaluation In this work, we focus on global MBD done at the MA level. More specifically our aim is to detect the type of misbehavior signaled by the local entities with MBRs. We cast this problem as a multi-class classification problem. We are given a series of observations (x 1 , x 2 , . . . x n ) and the task is to learn a classifier that generates predictions yˆ of the true labels y. In our context, the data we are dealing with is sequential. Within the same ITS–S, all the data sent to the MA are time-dependent. To elaborate, data of more recent MBRs depends on data of previously received MBRs. Therefore, a predictive system that can learn and model these types of dependencies is highly recommended.

4.1 Simulation Settings and Scenarios In order to evaluate our proposed solution, we first need a set of data. Due to the lack of reports data from deployment projects, we resolve to use the F2 MD framework [3]. F2 MD is a VEINS extension, VEINS [21] is an open source framework for

Towards a Reliable Machine Learning-Based Global …

81

(a) Train Network: Luxembourg City

(b) Test Network: Paris Scalay

(c) Train Vehicle Density

(d) Test Vehicle Density

Fig. 3 Simulation scenarios

vehicular network simulations. VEINS uses OMNeT++ [25] for network simulation and SUMO [15] for road traffic simulation. We use different simulation scenarios for the training part and testing part of our ML algorithms (see Fig. 3). We use the Luxembourg SUMO Traffic (LuST) scenario for the train vehicle traces [2]. These traces are a synthetic data set generated with SUMO and validated with real data. Therefore, the vehicle density is somewhat realistic with morning and evening peaks. The network size is 1.61 km2 and the peak density of 67.4 Vehicle/km2 . The train scenario contains 2,131,150 transmitted MBRs. For the testing, we generated a test bench with random vehicle traces data on a network extract of Paris-Scalay. Consequently, the vehicle density is somewhat stable. The choice of this test scenario has a purpose of having a significantly different train and test set. The test bench has a network size of 1.11 km2 and semi-constant density around 17.1 Vehicle/km2 . The test bench contains 1,047,670 transmitted MBRs. For further technical details, the source code of our VEINS extension along with all the configuration details of the simulated scenario are published on github [12].

82

I. Mahmoudi et al.

4.2 ML Features A feature is any attribute that can be used to characterize the data. They are individual independent variables that serve as inputs to a ML system. The quality and quantity of the features can dramatically affect the results we are trying to achieve. Thus, choosing a good set of features is of paramount importance. The process of deriving features from raw data is called feature engineering. In this work, we use the following features: – The local detection checks done on the V2X messages (see Sect. 3.3). – Kinematic data of the V2X messages (Speed, Acceleration, and Position). – Some generic features (count features, binary features computing the number of checks that return a complete failure).

4.3 Results and Analysis In order to better understand the data and the problem we are solving, we perform multiple experiments using several baseline ML algorithms. In this work, we focus our testing on tree-based ensemble techniques and neural networks. This decision is based on the high state-of-the-art performance the former models showed on a wide variety of real-world problems. Algorithms like Random Forests [1] and Gradient Boosted trees [4] help us to gain valuable insights about the data by providing a way to estimate the relevance of each feature. Conversely, our proposed solution is not based on these algorithms since they mostly lack the ability to model time-dependent data when used in a purely supervised fashion. The experimental results of all the trained algorithms are listed in Table 1. Baseline classifiers: In this work, we test a number of baseline classifiers. (1) Random Forests (RF), (2) XGboost (XGB), (3) LightGBM (LGBM), and (4) Neural networks (NN). For the sake of brevity, we detail only the architecture of two models: 1. XGBoost: The proposed XGBoost model is fairly straightforward. We use grid search based on fivefold cross validation to tune the hyper-parameters, which were set to the following values: (1) Learning rate: 0.05. (2) Maximum depth of trees: 3. (3) Sample bagging fraction: 0.9. (4) Feature fraction: 0.6. (5) All other parameters were set to default. 2. Neural Network model: The proposed neural network architecture consists of two hidden dense layers with 300 units in each of them. After each dense layer a Batch Normalization layer [9] and a dropout layer [22] with probability 0.1 are used. The activation function for hidden layers is Rectified Linear Unit (ReLU). In this experiment, we are dealing with a multi-class classification problem. Therefore, the MLP uses a softmax activation in the output layer. The optimized loss function is a categorical cross entropy and the model is trained for 20 epochs using Adam optimizer [14] with a learning rate of 0.1.

Towards a Reliable Machine Learning-Based Global …

83

Table 1 Test scenario results of different trained ML models

Proposed solution: As mentioned above, the MBRs coming from the same ITS–S are time-dependent. These MBRs include beacon messages as well as local check detectors as evidence (see Sect. 3.2). The beacon messages contain kinematic timeseries data (Position, Speed, Acceleration, etc…). However, the local check detectors are Independent and Identically Distributed (I.I.D) observations. To account for both data types, a two-way neural network architecture with two input types is proposed and trained in an end-to-end fashion. We use a sliding window-based technique by computing statistical features (mean, median, min, and quartiles). This method allows us to condense a batch of multiple observations into a single observation. We experiment with different model architectures and resolve to the architecture detailed below. The proposed architecture consists of two branches (see Fig. 4): Time-series branch (left side) and meta-features branch (right side). The time-series branch takes as input the raw beacon message data. It has two bidirectional LSTM layers with 32 units each. The meta-features branch takes all the statistical features as input. It consists of two fully connected layers with 64 neurons followed by a ReLu activation function and a Batch Normalization layer. Both branches are concatenated and are

84

I. Mahmoudi et al.

Fig. 4 Architecture of the proposed solution

followed by a fully connected layer, a ReLu activation function, Batch normalization, and Dropout with probability 0.5. The goal of training is to find model parameters that minimize a loss function between the predicted distribution and the actual target labels. This can be achieved by using Stochastic Gradient Descent Algorithm (SGD). At each iteration, the SGD updates the parameters toward the opposite direction of the gradients to find a good local minimum. In our solution, we use the focal loss with parameters suggested by Lin et al. [16]. We experiment with multiple sets of parameters and we find that the default parameters yield the best results on our validation set. This loss function allows our model to account for the class imbalance present in the data. Additionally, to combat overfitting, we use early stopping based on the model performance on the validation set. In this sense, we evaluate the model accuracy after every epoch on the validation set and stop training when the accuracy stops improving or goes down. The model is trained for 10 epochs with Adam optimizer and a learning rate 0.1. The experimental results regarding this solution are also reported in Table 1. From these results, we can see that the proposed solution based on a LSTM model outperforms all the baseline algorithms on all three evaluated metrics. The overall detection for all types of misbehavior yield an accuracy of 97%.

5 Conclusion and Future Work In this paper, we focus on global misbehavior detection in C–ITS. Specifically, we explore solutions for global misbehavior type classification. To achieve this, we extract features from the local ITS–Ss detector checks and engineer additional fea-

Towards a Reliable Machine Learning-Based Global …

85

tures from the raw beacon data. We capitalize on the time-dependent nature of the data and propose a LSTM-based detection system. We show through testing results that our proposed system outperforms the baseline classifiers on all the evaluation metrics. Future work involves exploring other machine learning techniques, such as blending and stacking. Additionally, we plan on testing our proposed solutions on nonsynthetic data (i.e., data originating from real deployment projects).

References 1. Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001) 2. Codeca, L., Frank, R., Engel, T.: Luxembourg sumo traffic (lust) scenario: 24 hours of mobility for vehicular networking research. In: IEEE Vehicular Networking Conference (VNC), December 2015, pp. 1–8 (2015) 3. Framework For Misbehavior Detection (F2 MD): F2 MD website. https://www.irt-systemx.fr/ f2md (2019) 4. Friedman, J.H.: Stochastic gradient boosting. Comput. Stat. Data Anal. 38(4), 367–378 (2002) 5. Ghaleb, F.A., Zainal, A., Rassam, M.A., Mohammed, F.: An effective misbehavior detection model using artificial neural network for vehicular ad hoc network applications. In: 2017 IEEE Conference on Application, Information and Network Security (AINS), pp. 13–18. IEEE (2017) 6. Grover, J., Laxmi, V., Gaur, M.S.: Misbehavior detection based on ensemble learning in VANET. In: International Conference on Advanced Computing, Networking and Security, pp. 602–611. Springer, Berlin (2011) 7. Grover, J., Prajapati, N.K., Laxmi, V., Gaur, M.S.: Machine learning approach for multiple misbehavior detection in VANET. In: International Conference on Advances in Computing and Communications, pp. 644–653. Springer, Berlin (2011) 8. Gyawali, S., Qian, Y.: Misbehavior detection using machine learning in vehicular communication networks. In: ICC 2019-2019 IEEE International Conference on Communications (ICC), pp. 1–6. IEEE (2019) 9. Ioffe, S., Szegedy, C.: Batch normalization: accelerating deep network training by reducing internal covariate shift. arXiv:1502.03167 (2015) 10. Jaeger, A., Bißmeyer, N., Stübing, H., Huss, S.A.: A novel framework for efficient mobility data verification in vehicular ad-hoc networks. Int. J. Intell. Transp. Syst. Res. 10(1), 11–21 (2012). https://doi.org/10.1007/s13177-011-0038-9 11. Kamel, J., Ben Jemaa, I., Kaiser, A., Urien, P.: Misbehavior reporting protocol for C-ITS. In: 2018 IEEE Vehicular Networking Conference (VNC), December 2018, pp. 1–4 (2018) 12. Kamel, J.: Github repository: framework for misbehavior detection (f2 md). https://github.com/ josephkamel/f2md (2019) 13. Kamel, J., Kaiser, A., Ben Jemaa, I., Cincilla, P., Urien, P.: CaTch: a confidence range tolerant misbehavior detection approach. In: 2019 IEEE Wireless Communications and Networking Conference (WCNC) (IEEE WCNC 2019), April 2019. Marrakech, Morocco (2019) 14. Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. arXiv:1412.6980 (2014) 15. Krajzewicz, D., Erdmann, J., Behrisch, M., Bieker, L.: Recent development and applications of SUMO - Simulation of Urban MObility. Int. J. Adv. Syst. Meas. 5(3&4), 128–138 (2012). http://elib.dlr.de/80483/ 16. Lin, T.Y., Goyal, P., Girshick, R., He, K., Dollár, P.: Focal loss for dense object detection. In: Proceedings of the IEEE International Conference on Computer Vision, pp. 2980–2988 (2017) 17. Petit, J., Ansari, R.: V2X Validation Tool. https://bitbucket.org/onboardsecurity/dsrcvt (BlackHat 2018)

86

I. Mahmoudi et al.

18. Petit, J., Schaub, F., Feiri, M., Kargl, F.: Pseudonym schemes in vehicular networks: a survey. IEEE Commun. Surv. Tutor. 17(1), 228–255 (2015) 19. So, S., Petit, J., Starobinski, D.: Physical layer plausibility checks for misbehavior detection in v2x networks. In: Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks, pp. 84–93. ACM, New York (2019) 20. So, S., Sharma, P., Petit, J.: Integrating plausibility checks and machine learning for misbehavior detection in VANET. In: 2018 17th IEEE International Conference on Machine Learning and Applications (ICMLA), pp. 564–571. IEEE (2018) 21. Sommer, C., German, R., Dressler, F.: Bidirectionally coupled network and road traffic simulation for improved IVC analysis. IEEE Trans. Mob. Comput. 10(1), 3–15 (2011) 22. Srivastava, N., Hinton, G., Krizhevsky, A., Sutskever, I., Salakhutdinov, R.: Dropout: a simple way to prevent neural networks from overfitting. J. Mach. Learn. Res. 15(1), 1929–1958 (2014) 23. van der Heijden, R.W., Lukaseder, T., Kargl, F.: Veremi: a dataset for comparable evaluation of misbehavior detection in VANETS. In: International Conference on Security and Privacy in Communication Systems, pp. 318–337. Springer, Cham (2018) 24. van der Heijden, R.W., Dietzel, S., Leinmüller, T., Kargl, F.: Survey on misbehavior detection in cooperative intelligent transportation systems. IEEE Communications Surveys Tutorials 21(1), 779–811 (Firstquarter 2019) 25. Varga, A.: The omnet++ discrete event simulation system. In: ESM’01 (2001)

A RINA-Based Security Architecture for Vehicular Networks Fatma Hrizi and Anis Laouiti

Abstract In this paper, we investigate the use of Recursive InterNetwork Architecture (RINA), a promising network architecture, in a Vehicular Ad hoc Network (VANET) context. We especially show that it can address by design the security requirements in order to insure a secure Vehicular Ad hoc Network. Moreover, we detail how the ETSI security architecture designed for VANET can be naturally integrated in RINA. Keywords RINA · Security · VANET · Architecture · Policies

1 Introduction Nowadays, Intelligent Transportation Systems are (ITS) getting more and more attention in a context of smart cities with enhanced and more sophisticated services offered to all citizens. Their development is growing exponentially hands in hands with the development of new communication technologies. ITS implies the collaboration of many stakeholders in order to reach an advanced result of smooth and safe traffic on the roads. Vehicular Ad Hoc Networks (VANETs) are a major element of the ITS. With their communications capacities, they are able to disseminate safety information to their neighborhood and interact more globally with the infrastructure to exchange more general information about traffic on the roads. However, vehicular wireless communications are the Achilles Heel of all the system. They raise issues like security and privacy that have to be addressed before deploying such a system massively. Due to the distributed nature of VANETs many F. Hrizi (B) Issat Gafsa, University of Gafsa, Gafsa, Tunisia e-mail: [email protected] A. Laouiti SAMOVAR, CNRS, Télécom SudParis, Institut Polytechnique de Paris, 9 rue Charles Fourier, 91011 Evry, France e-mail: [email protected] © Springer Nature Singapore Pte Ltd. 2020 A. Laouiti et al. (eds.), Vehicular Ad-hoc Networks for Smart Cities, Advances in Intelligent Systems and Computing 1144, https://doi.org/10.1007/978-981-15-3750-9_7

87

88

F. Hrizi and A. Laouiti

challenges and threats have to be overcome in order to come up with a secure and trustful system for the communications between vehicles and that insures privacy for the drivers. Currently, most of the proposed systems are designed in a traditional manner based on the use of standard communication stack like TCP/IP which is enriched with some security mechanisms to cope with security breaches. However, we think that an approach where security is taken into account by design is more suitable. Such a system should be highly scalable and reconfigurable as the software and communication protocols evolve day by day. Such a system will be very dynamic and easy to maintain. In this paper, we consider an alternative communication architecture called Recursive InterNetwork Architecture (RINA) [1], a clean slate architecture that includes security by design. The rest of the paper is organized as follows. Section 2 is dedicated to remind the reader of the security challenges in VANETs, and the standardization efforts accomplished in this direction. A short description of the ETSI security architecture for VANETs is then given. Section 3 introduces the RINA architecture and its management system. In Sect. 4, we detail how we apply RINA in a context of VANETs. Section 5 concludes the paper.

2 VANET Security 2.1 Security Issues VANETs face mainly classical security challenges and issues as in classical wireless networks. These issues become more serious when we think about the critical data exchanged within a VANET and the constraints that have to respect, in terms of reliability, delay of delivery and processing. In fact, the loss or the inconsistency of the safety information embedded in the transmitted packet may have problematic impacts on the safety of people. Generally speaking, offering data protection in VANET against malicious attackers needs to ensure – Authentication for each participating member. Which means that a message transmitted in the network is generated by a legitimate user. This can be done by the use of certificate that enable sender verification. – Availability: Where the data must be available and the system should resist to the DoS attack. – Confidentiality: Is provided by the use of encryption which reduces the access to key holders. – Non-repudiation: A node cannot deny or reject the authorship of a message that has issued.

A RINA-Based Security Architecture for Vehicular Networks

89

– Integrity: The data must not be altered during its transmission and relaying. A digital signature is then inserted before the initial transmission that can be checked by any receiver. – Privacy and Anonymity: This is an important issue in VANET to avoid driver tracking. We need to mask the identity of the driver for non authorized parties. This can be done by the use of temporary pseudonyms. – Access control: Every VANET user must respect a set of rules and has set of rights while taking part in the network. Users are differentiated function of their assigned roles and privileges.

2.2 Standardizations Various standardization efforts are being carried out to provide a secure data exchange while using vehicular communications. Among them we can cite the work being done in Europe with the ETSI TC ITS WG5 [2], and the one being done in the USA within the working group IEEE 1609.2 [3]. Both of them aim at defining the needed services and procedures to insure the security of the data exchanged between vehicles while providing privacy for the drivers which is a major issue to cope with. It is interesting to highlight that the cryptosystem that the ETSI has chosen for cooperative Intelligent Transportation Systems (C-ITS) communications is based on the IEEE 1609.2 standards [3]. In parallel to the research work and standard development on ITS accomplished by different entities in different parts of the world, the European commission (EC) and the United States Department of Transportation (USDOT) took the initiative and put some effort toward the development of harmonized security solutions to avoid duplicated effort and encourage interoperability between them. Harmonization Task Group 6 (HTG6) [4] is one of the Standards Harmonization Working Group (HWG) set up for the purpose of developing a common end-to-end security policy framework. It had produced several documents to present its results and recommendations based on an analysis of different security architectures that have been developed by American and European consortia or collaborative research projects. Both sides, in Europe, as well as in USA, agree on the use of a Public-KeyInfrastructure in order to achieve these goals, but each of them has been elaborating its own architecture to manage the credentials assigned to each vehicle. USDOT in collaboration with security experts from the Crash Avoidance Metrics Partners LLC (CAMP) designed a Security Credential Management System (SCMS) for vehicular communications [5]. In Europe, similar architectures have been designed by the PRESERVE [6] and the SEVECOM [7] European research projects. These works are considered by the ETSI TC ITS WG5 to elaborate a European standard. Basically, these architectures must ensure that a message is generated by a trustworthy vehicle well authenticated that has been granted access to the system. It must also ensure that this message is not modified by a third party before reaching its destination. So the message integrity is secured. Moreover it must be able to detect and discard from the system any misbehaving vehicle. At the same time driver privacy has to be guaranteed.

90

F. Hrizi and A. Laouiti

2.3 ETSI Security Architecture for VANETs The basic requirements that a VANET security architecture must provide can be summarized as follows: – Confidentiality, integrity and authenticity of data: Which is generally provided by the use of a PKI system. – Access control: This relies on an access control system that has the task to provide the credential for each vehicle once it is authenticated. – Privacy of drivers: Anonymize the vehicles to avoid drivers matching and tracking as much as possible. The security architecture proposed by the ETSI (as depicted in Fig. 1) to protect the communications between vehicles meets these goals and provides the needed services for that end. It is based on a hierarchical PKI system composed of a Root Certificate Authority that controls a set of subordinate certifications authorities. The first entity that a vehicle gets in touch with is the Enrolment Authority (EA). This authority is in charge of validating that the vehicle wishing to join the system is allowed to do that and can be trusted. The vehicle provides the (EA) its unique identifier (canonical identity) and its corresponding credentials used for identification management. In return, the (EA) generates the corresponding Enrolment Certificate (EC) which is considered as a long-term certificate for the vehicle. With this (EC), a vehicle can address to the Authorization Authority (AA) to get the permission for specific service. The (AA) hands then the needed authoritative proof that it may use for specific ITS services. The (AA) generates a set of pseudonyms and their related Authorization Tickets (short term certificate), that will be used to sign the messages exchanged in vehicular communications. In this way the data integrity is insured since the messages are signed by the issuer. Moreover, with the list of pseudonyms,

Fig. 1 ETSI security architecture for VANETs

A RINA-Based Security Architecture for Vehicular Networks

91

privacy is protected since their usage is limited on time, in fact, the vehicle pick a new one after expiration of the current one. Consequently, trackers will have more difficulties to follow a given vehicle that changes frequently its certificates.

3 Recursive Internetwork Architecture : RINA RINA [1] (see Fig. 2) is a promising networking architecture that has been introduced to address the challenges and shortcomings of the Internet architecture. The current TCP/IP architecture is based on a layered architecture where each layer is supposed to provide a distinct functionality. To avoid making radical changes that may alter the deployed Internet model, TCP/IP has evolved through the years, and several ad hoc solutions have been integrated in order to meet Internet Service providers (ISP) requirements. This has lead to a layered model with several weaknesses. Artificial isolation of functions of the same scope [1] is the main weakness of TCP/IP. On one hand, TCP/IP model is built up of redundant functions, e.g., transport and routing/relaying are performed at multiple layers. On the other hand, given the principle of isolation between layers, these redundant functions cannot interact properly and exchange relevant information to that specific scope. Another drawback of the TCP/IP model is that interfaces are given names and addresses instead of nodes [1]. Also, addresses and applications ports are made public within the current TCP/IP model which makes it exposed to attacks. The Inter-Process Communication (IPC) [8] basic concept in RINA addresses these shortcomings. Networking is IPC within RINA. IPC is made available as a service to distributed applications (to ensure the communication flows). Communications are ensured by secured layers defined as Distributed IPC Facility (DIF). DIFs provide the same service to distributed applications. Furthermore, they implement the same mechanisms. Moreover, multiple policies can be tuned to operate over different scopes of performance (scale, range, bandwidth, latency). A DIF is a collection of application processes cooperating to provide Inter-process communication (IPC). The application processes that are members of a DIF are called Inter-Process Communication Processes (IPCPs). All IPCPs have the same functions, divided into only two main programmable protocols: one performs data transfer (delimiting, addressing, relaying, encryption…) and data transfer control (flow and retransmission control) functions, while the other implements layer management functions (enrollment, routing, flow allocation, namespace management, resource allocation, security management). The key differences between RINA and the TCP/IP protocol are – RINA is essentially built on the “divide and conquer” concept. In particular, there is a single type of programmable layer (the Distributed IPC Facility (DIF)), that repeats as many times as needed by the network designer as shown in Fig. 2. Each layer is composed of only two programmable protocols: one performs data transfer

92

F. Hrizi and A. Laouiti

Fig. 2 RINA reference model [1]

and data transfer control functions, while the other carries out layer management functions. Multiple policies can be plugged to both protocols at each layer to adapt them to operational requirements. Accordingly, RINA supports very well scalability, thus it avoids current problems of growing routing tables (by limiting the number of processes within each DIF layer). – RINA uses topological addressing. Basically, each layer has its own address space that is independent of the adjacent layer. It is worth mentioning that in RINA addresses are private and managed in the limited scope of the DIF which will solve the issues related to address scalability. Addresses belonging to the same authorities or located in the same geographic place are very close in prefix. – RINA views each DIF as a “privately managed” network thus it offers intrinsic security features. – In RINA there is a common layer management protocol used by all layer management functions (routing, resource allocation, …). This feature can be leveraged to design very flexible and dynamic routing management of the cloud with very little overhead compared to the approaches used in IP networks.

A RINA-Based Security Architecture for Vehicular Networks

93

3.1 RINA Management System Network management in RINA is performed by the Distributed Management System (DMS). DMS follows an OSI-like manager/agent concept and is capable of managing and configuring remotely several elements in the network. Multiple network management configurations are possible in RINA: from fully decentralized (autonomic, all the systems are peers) to very centralized. FP7 PRISTINE project [9] focused on the centralized management approach, where the DMS follows an OSI-like manager/agent paradigm. Basically, the DMS is composed of centralized Manager processes (red circle in Fig. 2) that configure and monitor the network via a set of Management Agents (MA, green circles in Fig. 2) deployed at each node. The Manager process can communicate with the Management Agents via a separate DIF (the Management DIF). Inside the management DIF, operations and data related to cryptographic key management (like RSA keys generation, key management policy) are handled by the Key Manager Mainly, two protocols are used for an effective operation of the management systems, the Common Application Connection Establishment Phase (CACEP) for connection establishment between applications and the Common Distributed Application Protocol (CDAP) to exchange shared state. CDAP allows layer management functions to perform six operations (create, delete, read, write, start, stop) on remote objects via the exchange of CDAP messages. These objects are organized in a logical schema called the Resource Information Base (RIB) which can be thought of as a tree of objects that exposes the state of the IPCP and enables its manipulation via CDAP. Each layer management task (routing, enrollment, resource allocation, etc.) defines its own set of objects and operations. When an IPCP receives a CDAP message, a component called RIB Daemon checks to which object the operation is addressed, checks if the operation is allowed and contacts the layer management task that is responsible for that object (see Fig. 2). In RINA, a shim DIF consists of shim IPCPs which are not fully functional IPCPs. Its task is to put as small as possible a “veneer” over a legacy protocol (Ethernet in the case of a shim over Ethernet for instance), to allow a RINA DIF to use this protocol unchanged.

3.2 RINA and VANET Vehicular ad hoc NETworks communication stack is mainly based on the TCP/IP layered architecture principle. However, many protocols have been especially designed for the VANET to cope with the vehicular environment specificities and particularities. For example, Geonet [10] protocol proposed by the ETSI is used for routing purposes between vehicles which is based on geographical information. In addition, the ETSI recommends the use of Basic Transport Protocol (BTP) [11] which similar to UDP instead of classical TCP. Nevertheless the main drawbacks seen in previous sections remain valid. RINA could be applied to deal with these limitations. Some

94

F. Hrizi and A. Laouiti

recent work [12] has been published dealing with the enhancement of the management of vehicles in a VANET. In the scope of this paper, we consider enhancing the security aspects in VANETs by the use of RINA.

4 Enhancing Vehicular Security with RINA In this section, we investigate the integration of the RINA distributed management system (DMS) in the PKI architecture of ETSI (explained in Sect. 2.3). The idea is to leverage the RINA DMS and its common layer management protocol feature. We intend to demonstrate that by using RINA we create a clean and secure security architecture. Figure 3 illustrates the proposed RINA-based PKI architecture. The flexible RINA DMS integrates well within the hierarchical PKI structure proposed by ETSI. Root CA, Enrolment and authorization authorities interact with the DMS manager that, in its turn, interact with their associated DIFs. RINA architecture features DIF programmability from the DMS, which provides a convenient method to configure and re-configure DIF behavior according to network security requirements. The architecture considers an initial network configuration in a first place, then network re-configurations over the lifetime of network service provisioning for continuous re-configuration updates to provide secure network operation. Enrolment Authority issues a long-term enrolment identifier for the ITS-S (Enrolment ID and certificate) in order to validate that an ITS-S can be trusted. Authorization Tickets and Pseudonyms certificates are provided by Authorization Authority for V2V communications. The certificates distribution involves adjusting the DIF configurations and in particular security parameters. The flexibility of the distributed management system of RINA as well as the availability of a single management protocol, supports the security network management by automatically orchestrating the procedure of security parameters configuration. In particular, canonical ids, public encryption keys, certificates and pseudonyms are distributed in the network and deployed accordingly into the appropriate IPC processes within each DIF.

4.1 Securing VANET with RINA A challenging aspect with VANETs is coping with the high mobility of the vehicles, which causes frequent changes in the network topology. This leads naturally to a frequent disrupt in the wireless communications. All these characteristics make the vehicular environment highly vulnerable to threats and attacks. The proposed RINA-based PKI architecture provides a convenient method to support security requirements including

A RINA-Based Security Architecture for Vehicular Networks

95

Fig. 3 RINA-based PKI architecture [1]

– Authentication and access control: Authentication mechanism in RINA is performed every time an IPCP needs to join a DIF. Both authentication and access control are part of RINA enrolment process. This means that attackers have to join the DIF to be able to address IPCPs in that DIF which requires authentication first. Moreover, to access a given resource, an attacker should be allowed and should have the required privileges which is determined by a specific access control policy. – Availability (insured by PKI like systems). – Confidentiality (insured by PKI like systems). – Integrity (insured by PKI like systems). – Non-repudiation (The mandatory authentication system imposed by RINA will guarantee the non-repudiation). – Privacy and anonymity (application names with RINA, that are assigned each time we want to run an application. A list of application names is downloaded from the management system, and used whenever we run an application). The architecture provides a convenient method to instantiate and destroy DIFs as required and support re-configuration of DIFs programmable behaviors according to changes in the network service requirements. This implies the discovery, inventory, and re-configuration of programmable behaviors within a DIF from the DMS, as well as ensuring consistency on the programmable behaviors across a group of associated DIFs.

96

F. Hrizi and A. Laouiti

4.2 Ensuring Trust with RINA Trust is a key security issue that needs to be considered in the vehicular environment. Due to the sensitive nature of the information exchanged in the network, e.g., active safety applications transmit information (accident information…) that could endanger people’s life, a verification procedure must be carried out in order to check the information integrity and trustworthiness. On the other hand, Another feature of this function is to check the consistency of the system state after instantiation, destruction or re-configuration of DIF layers has been performed both within each DIF and between a group of associated DIFs as it is imperative to check that these DIFs have been transitioned to a consistent state. If not, a rollback of the modified DIFs will need to be performed and notification sent to a system administrator to take appropriate remedial action that may include invoking policy analysis processes. This is an area for future work.

5 Conclusion In this paper, we presented a RINA-based Security Architecture for Vehicular ad hoc Networks. After detailing the security challenges in a VANET, and the ETSI framework to secure VANET communication, we mapped this latter into the RINA architecture. We show that ETSI security requirements can be naturally met with RINA since it integrates security by design.

References 1. Day, J.: Patterns in Network Architecture: A Return to Fundamentals. Pearson Education 2. The ETSI ITS. https://www.etsi.org/technologies/automotive-intelligent-transport 3. IEEE 1609.2-2016. IEEE Standards for Wireless Access in Vehicular Environments-Security Services for Applications and Management Messages 4. Harmonized security policies for cooperative intelligent transport systems create international benefits. https://ec.europa.eu/digital-single-market/news/harmonized-securitypolicies-cooperative-intelligent-transport-systems-create-international 5. Brecht, B., Therriault, D., Weimerskirch, A., Whyte, W., Kumar, V., Hehn, T., Goudy, R.: A security credential management system for v2x communications. IEEE Trans. Intell. Transp. Syst. 99, 1–22 (2018) 6. Preserve project. https://www.preserve-project.eu/ 7. Sevecom project. https://sevecom.eu 8. Day, J., Matta, I., Mattar, K.: Networking is IPC: a guiding principle to a better internet. In: Proceedings of the 2008 ACM CoNEXT Conference, CoNEXT ’08, pp. 67:1–67:6. ACM, New York (2008) 9. Pristine project. http://ict-pristine.eu/ 10. ETSI EN 302 636-4-1. Intelligent Transport Systems (ITS); Vehicular Communications; GeoNetworking; Part 4: Geographical addressing and forwarding for point-to-point and pointto-multipoint communications; Sub-part 1: Media-Independent Functionality

A RINA-Based Security Architecture for Vehicular Networks

97

11. ETSI EN 302 636-5-1. Intelligent Transport Systems (ITS); Vehicular Communications; GeoNetworking; Part 5: Transport Protocols; Sub-part 1: Basic Transport Protocol 12. Braun, T., Careglio, D., Matta, I.: Vehicular networking in the recursive internetwork architecture. In: IEEE 87th Vehicular Technology Conference (VTC Spring) (2018)

Networks of Trusted Execution Environments for Data Protection in Cooperative Vehicular Systems Philippe Boos and Marc Lacoste

Abstract Networks of autonomous vehicles roaming in smart cities raise new challenges for end-to-end protection of data in terms of integrity, privacy, efficiency, and scalability. This paper provides a survey of Networks of Trusted Execution Environments (NTEE) architectures. NTEE combine the strong, hardware-rooted security guarantees of the TEE deployed locally in the vehicle, with the distributed protection of a decentralized consensus protocol. We identify three main families of consensus protocols and analyze their architectures, performance, and security, including improvements brought by the TEE. Overall, voting protocols tend to be more efficient for smaller networks, while lottery-based schemes are not easy to apply in a vehicular context due to higher overheads. Both types of protocols reach an intermediate level of security, with variations in byzantine tolerance and types of threats. Graph-based protocols tend to achieve both efficiency and flexibility in terms of network topology support, but their security still remains to be explored. Keywords Vehicular networks · Data protection · Consensus protocols · Trusted execution

1 Introduction Networks of autonomous vehicles roaming in smart cities raise new challenges for end-to-end protection of data. Such hyper-connected, decentralized systems produce and collect from the environment an increasing amount of data, analyzed, stored, and shared with the various stakeholders of the vehicular ecosystem. Examples include itinerary, speed, passenger personal data, network state, or road traffic conditions. Such data is unfortunately highly vulnerable. Protection should strike the P. Boos · M. Lacoste (B) Orange Labs, 92326 Chatillon Cedex, France e-mail: [email protected] P. Boos e-mail: [email protected] © Springer Nature Singapore Pte Ltd. 2020 A. Laouiti et al. (eds.), Vehicular Ad-hoc Networks for Smart Cities, Advances in Intelligent Systems and Computing 1144, https://doi.org/10.1007/978-981-15-3750-9_8

99

100

P. Boos and M. Lacoste

right balance between data integrity, intimately related to safety to avoid hazards in autonomous decision-making, and privacy to minimize personal data collection [21]. Protection should also be practical and scalable, supporting different network topologies, both centralized and decentralized. Networks of Trusted Execution Environments (NTEE) security architectures couple isolation mechanisms such as a TEE (e.g., Intel SGX enclaves) deployed in the vehicle, with a distributed coordination protocol (e.g., blockchain) [9, 36]. NTEE provide both a local secure environment with strong security rooted in hardware (e.g., trusted execution, secure storage, attestation) and decentralized protection such as distributed data integrity. However, it remains unclear which class of protocol matches the previous goals and related trade-offs. A number of comprehensive surveys already addressed some elements of the problem—for instance, on attacks and counter-measures for vehicular networks (e.g., [22, 23]), on consensus protocols, either from a broad perspective [36], including TEEs or from an IoT standpoint [20], but not specifically for autonomous vehicles or through more specific studies on blockchain applications for automotive [29]. However, we felt the need for a shorter, more focused, overall view giving a preliminary assessment of NTEE architectures for protecting data in networks of autonomous vehicles, highlighting research trends and challenges from a literature review, to be confirmed by simulation results in a second step. Several families of well-known approaches also provide elements of solutions, such as for V2X isolation and trust management (e.g., in-vehicle ECUs isolation, trusted computing [15], often TPM-based, remote attestation, HSMs [35] to guarantee strong, certified security profiles for vehicle or roadside units [10, 11]), privacy (e.g., PKIs [16], pseudonym systems [30]), and resilience [2, 5]. Those solutions are already well investigated, but beyond the scope of this paper. This paper surveys existing NTEE architectures for cooperative autonomous vehicles, combining the fields of TEEs and consensus protocols. We distinguish three main families of protocols, voting-, lottery-, and graph-based. We discuss their architectural, performance, and security properties. We also show how such properties may be improved using the TEE to meet vehicular constraints, e.g., enhancing overall efficiency for distributed computation of trust [9].

2 System Overview and Approach NTEE are distributed systems, composed of nodes, each hosting a TEE, and coordinated by a distributed consensus protocol [7]. The aim is to reach an agreement between all participants in the vehicular network. Different network topologies are possible (see Fig. 1). We assume the network provides notably 5G connectivity, including to the infrastructure, e.g., traffic lights, smart city sensors—wireless connectivity is also possible, e.g., for vehicle-to-vehicle interactions.

Networks of Trusted Execution Environments for Data …

101

Fig. 1 NTEE network topologies

Fig. 2 NTEE taxonomy

The NTEE landscape may be captured using the following taxonomy (see Fig. 2). For each class of consensus protocol, we analyze its inherent architecture, performance, and security properties. Architecture We identify three families of protocols sharing similar architectural features. For each family, we sketch the protocol principle and discuss its scalability, dynamicity, and flexibility to support several network topologies. Traditionally, the weak synchrony assumption is made: messages may be delayed, duplicated, delivered out-of-order, or lost. They could also be forged by byzantine nodes. In Vehicle-to-Everything (V2X) networks, the intermittent synchrony seems more relevant: messages are sent on average within bounded time, while allowing this constraint to be relaxed during some short periods [26]. Several network topologies should be supported by the NTEE, ranging from centralized (e.g., star networks), decentralized (e.g., mesh networks), to hybrid. Switching topologies may be possible depending on the vehicular environment or traffic: – In smart cities, vehicles may easily connect to the infrastructure and/or network, as coverage is dense in urban areas. Traffic may be managed smoothly mostly in a centralized manner, with also strong locality (e.g., 4G/5G femtocells, edge technologies).

102

P. Boos and M. Lacoste

– In city borders, vehicles may reach the infrastructure through another vehicle. Both centralized and decentralized topologies are possible. – In scarce connectivity environments, such as rural areas or zones where 5G infrastructure has not yet been deployed, topologies tend to be fully decentralized, as autonomous vehicles must coordinate peer-to-peer. Performance Key protocol KPIs are latency, bandwidth, and energy efficiency. Latency is the end-to-end time to reach agreement. Low latency is critical for vehicular cooperative decision-making at high speed, with direct impact on passenger lives, such as in collision avoidance settings (e.g., evasive maneuvers, emergency braking). Bandwidth efficiency is also required: according to use cases, data sizes can be huge (e.g., high-resolution maps). Energy is consumed by intensive computational tasks (e.g., cryptographic operations, proof-of-work hashing) and network use (with variations between wired/wireless connectivity). Security and privacy Confidentiality is ensured by how nodes access the distributed ledger, either permissioned or permissionless. This property is related to the network architecture and to how easily new participants may be added in the consensus protocol. Confidentiality may be guaranteed through encryption, before uploading data to the distributed ledger or through isolation by sharing data on a private ledger only between a selected subset of participants. Encryption also allows sharing private data using public key cryptography, but may not be applicable to some IoT devices due to the induced overhead. Current ITS PKI systems also issue multiple public keys for the same ITS station, which could as well severely limit performance. For isolation, in some cases, nodes not part of a private group may be allowed to take part in the computation to reach agreement. Distributed integrity of data manipulated by NTEE nodes is also needed. Blockchain protocols have notably been used for providing vehicular data immutability [20]. Reputation mechanisms within vehicles are also useful for event linkability and anonymity [34]. Availability is essential for reliable cooperation between vehicles, e.g., for exchange of information and decision-making. Fallback mechanisms are needed when the vehicle cannot reach the network nor the infrastructure [2], due, for instance, to communication or back-end systems failure, in local MEC or cloud servers. Solutions include bounded-time recovery [13] or self-stabilization [14] to guarantee the network of vehicle stays in a safe state. Failures due to interpretation by the vehicle of its rapidly changing environment added to internal software and hardware flaws, frequent real-time updates, and complexity of multiple autonomic loop orchestration are still major challenges ahead. The platooning case has been particularly investigated in terms of solutions [5]. Privacy is a key challenge in vehicular networks guided by a principle of data minimization. The aim is to regain control over data collected, shared, and used in the large, multi-stakeholder V2X ecosystem, to protect vehicle identities, avoid vehicle tracking, and preserve driver and passenger attributes against unauthorized nodes [21]. The full spectrum of Privacy-Enhancing Technologies (PETs)

Networks of Trusted Execution Environments for Data …

103

is applicable as counter-measures. Homomorphic encryption, secure, verifiable, privacy-preserving multi-party computation (e.g., for committee-based proof-ofstake [36]), differential privacy, hardware protection mechanisms, partial observability, pseudonymity, and anonymity techniques are just but a few. While currently deployed V2X solutions mostly rely on the use of pseudonyms [3, 30], a number of consensus protocols are essentially based on some form of leader election mechanism. This might be a challenge for vehicular networks, where nodes constantly change identities. A secure multi-party computation scheme could help to implement the election algorithm in a privacy-preserving manner. Promising solutions for the platooning case have notably been explored [31]. Sybil attacks could be used to hijack such protocols based on cooperation: an attacker could generate any number of ghost vehicles in its neighborhood to vote for him. Available counter-measures are either based on resource testing, location or position verification, or encryption and authentication [18].

3 Voting-Based Consensus Architecture Participants vote to elect a leader in charge of executing a command on the distributed ledger. Practical Byzantine Fault Tolerance (PBFT) is the first voting consensus working with weak synchrony assumptions [12]. Since then, many variants have been proposed [24, 26, 36, 37]. To reach agreement, PBFT is based on three rounds of message exchanges (pre-prepare, prepare, and commit). This guarantees that commands are atomically executed and strictly ordered, resulting in a final-state consensus. Voting-based consensus protocols are generally considered to have limited scalability in terms of number of nodes [17]. Scalability was also not much explored beyond n = 10 to n = 20 nodes [33]. Informally, every participant joining the network has to be acknowledged by all others. Adding (or removing) node scales as O(n 3 ), due to such intensive all-to-all network communications. Such protocols could, therefore, be very expensive for V2X where nodes are highly mobile, continuously switching from one area to another. Scalability may be greatly improved with optimizations such as canonization of phases enabling pipelining, communication complexity in each phase being reduced from O(n 2 ) to O(n) [37]. In terms of topology flexibility, PBFT schemes are expected to be efficient in environments with scarce network coverage: agreement is reached rapidly when the number of participants is kept small. In an urban environment, they could be applicable to manage traffic at intersections (e.g., smart traffic lights) to take fast decisions. They seem less relevant in smart cities when there are many vehicles to coordinate. Performance Latency depends on the time to perform a commit on the ledger. Thus, as for bandwidth, it is efficient while the network size is kept small. Due to the O(n 2 ) message complexity, such protocols are not applicable for much larger networks.

104

P. Boos and M. Lacoste

Voting-based schemes achieve medium energy efficiency: while most of the energy costs are spent in communication, many messages still have to be exchanged to reach agreement. Security Such protocols are immune against downgrade or rollback attacks [8]: voting consensus are final state. Thus, any change committed on the distributed ledger is definitive. Regarding byzantine tolerance, PBFT protocols are proven to tolerate up to 1/3 of byzantine nodes [33]. The main security threat is DDoS against the leader. The root cause is the protocol design itself, which is at some points centralized around the leader. The approach of choosing a new leader after a time-out expiration is only crash-tolerant, and not byzantine-tolerant, as the DDoS attack can follow the new leader. Apart from a rapid leader change, there seems to be no evident countermeasure [37]. TEE impact Security and byzantine tolerance are improved. The TEE shifts trust to the hardware, instead of the decentralized protocol. Enclaves guarantee integrity of the executed code using hardware protection. Mechanisms are also available to attest run-time integrity [1]. Moreover, by running a simple crash-tolerant algorithm (e.g., Paxos, Raft) inside an enclave for every participant, a behavior similar to a byzantine-tolerant algorithm may be achieved [24]. The TEE also improves performance by reducing the number of messages needed for agreement. Most TEEs support monotonic counters, theoretically impossible to reset, which guarantee a trusted order for messages: the message number is signed together with the message, allowing honest nodes to sort them, even over unreliable networks. This approach has been explored in systems like FastBFT, where message complexity is reduced to O(n) [24]. It can also be used to improve byzantine tolerance [32].

4 Lottery-Based Consensus Architecture Instead of a vote, the leader is selected by a shared lottery algorithm in which all nodes participate. When a solution to the lottery is found by a node, it is sent to all for validity checking. Assuming a majority of honest nodes, an agreement is reached on the data sent by the winning node. The data must be consistent with the ledger current state or it will be rejected. Each node then adds this data to its local copy of the ledger. Many algorithms are available, known as proof-of-X, e.g., proof-of-work (PoW), proof-of-luck (PoL) [27], proof-of-elapsed-time (PoET) [19]. Hybrid lottery-based solutions may also choose a group of nodes that then elect the leader using a PBFT-like scheme. Lottery-based protocols are generally more scalable than their voting counterparts—despite many variations among the wide range of proof-of-X schemes. For PoW, a new node does not need to register anywhere and can join the network just by working on the proof. In other schemes (e.g., based on cryptographic sorti-

Networks of Trusted Execution Environments for Data …

105

tion [25]), a new node has to broadcast its public key to all others to be part of the selection process, which makes them slightly less scalable. Lottery-based consensus protocols are also applicable to many topologies. They are thus already used for distributed management of vehicular data [25]. Performance Due to latency, the applicability of such protocols may be limited for cooperative vehicles: to reach agreement and execute a command on the ledger, the lottery has to be won by a participant. The frequency of winning results should be very high if frequent updates are needed. Nevertheless, PoL and PoET might provide faster agreement between vehicles than PoW. Bandwidth efficiency is highly variable, depending on the block generation rate, ranging from weak (PoW mining) to moderate (PoL). Energy efficiency can be very poor depending on the lottery mechanism. For intensive hashing algorithms (e.g., PoW), there will be a huge waste of energy to reach agreement. With other mechanisms, when the lottery process is based on the participants’ public keys instead of a looping computation, the energy issue is less significant. Security A first threat is the occurrence of forks: two participants may win the lottery in a short time frame, which may split the ledger into two valid parts when the two results are broadcasted simultaneously. Forks may be resolved probabilistically over time, by nodes choosing always the longest chain when the next result is found. An attacker may also attempt to downgrade the distributed ledger state to a previous one to take control over the latest transactions (rollback attack). Mitigation includes using a final-state consensus, avoiding transient unsafe states, so that previous states may not be restored. A trade-off must be reached between consistency and partition tolerance and must be considered in the NTEE deployment policy [17]: sealing blocks will prevent rollbacks, but will also prevent the distributed ledger from merging after a fork. Conversely, to avoid forks, rollbacks must be allowed. Another threat is majority attacks: integrity holds if less than 1/2 of nodes are byzantine. If an adversary takes control of more than 50% of hashing power, consensus may be corrupted by forging blocks with double-spending transactions or putting transactions in arbitrary orders. There is no real applicable counter-measure over public networks. TEE impact Energy efficiency may be improved by delegating trust to a secure enclave rather than to a hash function. Compared to PoW, Intel PoET randomly backs off for an exponentially distributed period of time. The TEE provides hardware attestation that the node has really awaited this time. The PoL approach is similar: all nodes draw a random number in a periodic time slot. Effective randomness is guaranteed by the enclave. Delegating trust to hardware is also beneficial for performance: time- and energyconsuming computing tasks related to proofs-of-X could be highly improved in an enclave, e.g., that may efficiently attest for an amount of work [19].

106

P. Boos and M. Lacoste

5 Graph-Based Consensus Architecture New consensus protocols based on directed acyclic graphs (DAGs) are emerging. For instance, the hashgraph proposes a virtual voting consensus [6]. Nodes vote “virtually” for one another, without exchanging specific agreement messages. The DAG structure represents the inner network in memory—vertices being the network nodes, edges the network links, and flows through the graph the unidirectional message communications. The hashgraph advertises all events in the network. Nodes become interchangeable in terms of knowledge about what happens in the network, hence the virtual voting consensus. Graph-based consensus protocols appear to achieve the greatest flexibility in terms of support of network topology, from centralized to decentralized. Such protocols could, therefore, be applicable to all network topologies found in vehicular environments. Performance Virtual voting does not require to exchange messages to reach agreement, which should result in low latency. Embedding the consensus metadata in the gossip protocol, responsible for data exchange, is foreseen to achieve very efficient bandwidth usage, close to the theoretical limit, i.e., sending only the transaction data [6]. Such protocols should also be very energy-efficient, reaping benefits from both voting- and lottery-based approaches: energy is only spent on communication, and network usage is limited thanks to virtual voting. Such a property is particularly interesting for cooperative autonomous systems. Security Graph-based protocols achieve fair byzantine tolerance, being resilient to 1/3 of byzantine nodes and to forks. Another promising property is resistance to DDoS due to the fully decentralized architecture. How the TEE could improve performance and security of a DAG-based consensus protocol remains an open area for further research.

6 Conclusion Figure 3 shows some broad trends for the consensus families, focusing on the performance versus security trade-off. Security is captured through byzantine tolerance and resistance to other attacks. In a first step, performance is assessed through latency, critical KPI for V2X safety—a finer evaluation, e.g., taking into account bandwidth and energy efficiency is left for future work. Overall, voting protocols tend to be more efficient for smaller networks, while lottery-based schemes are not easy to apply in a vehicular context due to higher overheads. Both types of protocols reach an intermediate level of security, with variations in byzantine tolerance and types of threats. TEE usage also improves security and performance. Graph-based consensus protocols are promising, notably the virtual voting of hashgraph, as they seem to achieve both efficiency and flexibility, but further investigation is needed on those systems.

Networks of Trusted Execution Environments for Data …

107

Fig. 3 Main trends: performance versus security

For V2X, the three NTEE families are applicable to protect data, depending on network topology, infrastructure, and use case requirements. Previous findings will need to be confirmed by simulation results, realistic use cases, or practical deployments for coordination of vehicles. Different classes of simulators could be explored, e.g., for vehicular traffic [28] or V2X ETSI ITS-G5 [4]. NS3 is also promising as it allows to clearly separate the consensus layer from other protocol layers, thanks to Direct Code Execution. We expect flexibility in the data protection architecture to be needed to support multiple consensus protocols—including transparent protocol switching at run time. Typical examples include: (1) vehicles moving between environments (e.g., smart cities, city border, rural area); (2) supporting other verticals (e.g., drones, robots, etc.); and (3) aiming for different real-world use cases. We are, thus, currently implementing a modular simulation framework supporting multiple protocol families (e.g., PBFT-like, PoL, PoET) and run-time features. Acknowledgements We would like to thank Ahmad-Reza Sadeghi and David Koisser for their help and insightful comments on the paper.

References 1. Abera, T., Bahmani, R., Brasser, F., Ibrahim, A., Sadeghi, A., Schunter, M.: DIAT: data integrity attestation for resilient collaboration of autonomous systems. In: Annual Network and Distributed System Security Symposium (NDSS) (2019)

108

P. Boos and M. Lacoste

2. Alam, M., Ferreira, J., Fonseca, J.A.: Intelligent Transportation System (ITS): Dependable Vehicular Communications for Improved Road Safety. Springer, Switzerland (2016) 3. Amro, B.: Protecting privacy in VANETs using mix zones with virtual pseudonym change. arXiv:1801.10294 (2018) 4. Artery: OMNeT++ V2X simulation framework for ETSI ITS-G5. https://github.com/riebl/ artery 5. Axelsson, J.: Safety in vehicle platooning: a systematic literature review. IEEE Trans. Intell. Transp. Syst. 18(5), 1033–1045 (2017) 6. Baird, L.: The swirlds hashgraph consensus algorithm: fair, fast, byzantine fault tolerance. Swirlds Technical report SWIRLDS-TR-2016-01 (2016) 7. Bano, S., Sonnino, A., Al-Bassam, M., Azouvi, S., McCorry, P., Meiklejohn, S., Danezis, G.: Consensus in the Age of Blockchains. arXiv:1711.03936 (2017) 8. Brandenburger, M., Cachin, C., Lorenz, M., Kapitza, R.: Rollback and forking detection for trusted execution environments using lightweight collective memory. In: IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) (2017) 9. Brandenburger, M., Cachin, C., Kapitza, R., Sorniotti, A.: Blockchain and Trusted Computing: Problems, Pitfalls, and a Solution for Hyperledger Fabric. arXiv:1805.08541 (2018) 10. C-Roads: The platform of harmonised C-ITS deployment in Europe. https://www.c-roads.eu/ platform.html 11. Car2Car communication consortium. https://www.car-2-car.org/ 12. Castro, M., Liskov, B.: Practical byzantine fault tolerance and proactive recovery. ACM Trans. Comput. Syst. (TOCS) 20(4), 398–461 (2002) 13. Chen, A., Xiao, H., Haeberlen, A., Phan, L.T.X.: Fault tolerance and the five-second rule. In: Workshop on Hot Topics in Operating Systems (HotOS) (2015) 14. Dolev, S.: Self-Stabilization. MIT Press, Cambridge (2000) 15. E-safety Vehicle Intrusion proTected Applications (EVITA). www.evita-project.org 16. ETSI TS 103 097 V1.3.1: Intelligent Transport Systems (ITS); Security; Security header and certificate formats (2017) 17. Gilbert, S., Lynch, N.: Brewer’s conjecture and the feasibility of consistent, available, partitiontolerant web services. ACM SIGACT News 33(2), 51–59 (2002) 18. Hamdan, S., Hudaib, A., Awajan, A.: Detecting Sybil attacks in vehicular ad hoc networks. arXiv:1905.03507 (2019) 19. Intel: PoET 1.0 specification (2015) 20. Kang, J., Yu, R., Huang, X., Wu, M., Maharjan, S., Xie, S., Zhang, Y.: Blockchain for secure and efficient data sharing in vehicular edge computing and networks. IEEE Internet of Things J. 6(3), 4660–4670 (2019) 21. Karnouskos, S., Kerschbaum, F.: Privacy and integrity considerations in hyperconnected autonomous vehicles. Proc. IEEE 106(1), 160–170 (2018) 22. Kelarestaghi, K.B., Foruhandeh, M., Heaslip, K., Gerdes, R.M.: Survey on vehicular ad hoc networks and its access technologies security vulnerabilities and countermeasures. arXiv:1903.01541 (2019) 23. Lima, A., Rocha, F., Völp, M., Esteves-Veríssimo, P.: Towards safe and secure autonomous and cooperative vehicle ecosystems. In: ACM Workshop on Cyber-Physical Systems Security and Privacy (CPS-SPC) (2016) 24. Liu, J., Li, W., Karame, G.O., Asokan, N.: Scalable byzantine consensus via hardware-assisted secret sharing. IEEE Trans. Comput. 68(1), 139–151 (2019) 25. Lundbæk, L.N., Janes Beutel, D., Huth, M., Jackson, S., Kirk, L., Steiner, R.: Proof of Kernel work: a democratic low-energy consensus for distributed access-control protocols. R. Soc. Open Sci. 5(8), 180422 (2018) 26. Miller, A., Xia, Y., Croman, K., Shi, E., Song, D.: The honey badger of BFT protocols. In: ACM Conference on Computer and Communications Security (CCS) (2016) 27. Milutinovic, M., He, W., Wu, H., Kanwal, M.: Proof of luck: an efficient blockchain consensus protocol. In: ACM Workshop on System Software for Trusted Execution (SysTEX) (2016) 28. MovSim. http://www.movsim.org

Networks of Trusted Execution Environments for Data …

109

29. Ortega, V., Bouchmal, F., Monserrat, J.F.: Trusted 5G vehicular networks: blockchains and content-centric networking. IEEE Veh. Technol. Mag. 13(2), 121–127 (2018) 30. Petit, J., Schaub, F., Feiri, M., Kargl, F.: Pseudonym schemes in vehicular networks: a survey. IEEE Commun. Surv. Tutor. 17, 228–255 (2015) 31. Santini, S., Salvi, A., Valente, A.S., Pescapè, A., Segata, M., Cigno, R.L.: Platooning maneuvers in vehicular networks: a distributed and consensus-based approach. IEEE Trans. Intell. Veh. 4(1), 59–72 (2019) 32. Veronese, G.S., Correia, M., Bessani, A.N., Lung, L.C., Verissimo, P.: Efficient byzantine fault-tolerance. IEEE Trans. Comput. 62(1), 16–30 (2013) 33. Vukoli´c, M.: The quest for scalable blockchain fabric: proof-of-work vs. BFT replication. In: International Workshop on Open Problems in Network Security (iNetSec) (2015) 34. Whitefield, J., Chen, L., Giannetsos, T., Schneider, S., Treharne, H.: Privacy-enhanced capabilities for VANETs using direct anonymous attestation. In: IEEE Vehicular Networking Conference (VNC) (2017) 35. Wolf, M., Gendrullis, T.: Design, implementation, and evaluation of a vehicular hardware security module. In: 14th International Conference on Information Security and Cryptology (ICISC) (2011) 36. Xiao, Y., Zhang, N., Lou, W., Hou, Y.T.: A survey of distributed consensus protocols for blockchain networks. arXiv:1904.04098 (2019) 37. Yin, M., Malkhi, D., Reiter, M.K., Gueta, G.G., Abraham, I.: HotStuff: BFT consensus with linearity and responsiveness. In: ACM Symposium on Principles of Distributed Computing (PODC) (2019)

Vehicular Ad Hoc Networks Security for Smart Cities Based on 2D ZCC/MD Optical CDMA Code Rima Matem, S. A. Aljunid, M. N. Junita, C. B. M. Rashidi, and N. M. Saad

Abstract Due to the increasing numbers of vehicles in the world which results in a rise in traffic density, smart city is seeking to minimize transportation problems such as accidents. To solve this issue, VANET has been developed to improve vehicles’ mobility and provide a safe city. VANET is a type of wireless technology which provides vehicle-to-vehicle (V2V) and vehicle-to-infrastructures (V2I) communication system. Despite the advantages of VANET, it faces a lot of challenges; security and privacy, for instance, are the most critical ones. In this paper, we implement an approach used in Optical CDMA system given its success in optical domain. This technique is based on the 2D ZCC/MD code which is characterized by zero crosscorrelation property. The transmission system is based on the VLC system, in which the information will circulate in optic domain using light in free space. The proposed system can provide the security and the privacy due to the 2D ZCC/MD code which assigns each user by a specific unique code. Keywords VANET · Optical CDMA · Visible light communication · Zero cross-correlation · Multi diagonal · Security · Privacy R. Matem (B) · S. A. Aljunid · M. N. Junita · C. B. M. Rashidi · N. M. Saad Advanced Communication Engineering Centre of Excellence School of Computer and Communication Engineering (ACE CoE-SCCE), Universiti Malaysia Perlis (UniMAP), Perlis, Malaysia e-mail: [email protected] S. A. Aljunid e-mail: [email protected] M. N. Junita e-mail: [email protected] C. B. M. Rashidi e-mail: [email protected] N. M. Saad e-mail: [email protected] Department of Electrical and Electronic Engineering, Universiti Teknologi PETRONAS, Seri Iskandar, Perak, Malaysia © Springer Nature Singapore Pte Ltd. 2020 A. Laouiti et al. (eds.), Vehicular Ad-hoc Networks for Smart Cities, Advances in Intelligent Systems and Computing 1144, https://doi.org/10.1007/978-981-15-3750-9_9

111

112

R. Matem et al.

1 Introduction The notion of a smart city is proposed to improve the quality of life due to various problems caused by the rapid increase in the urban population such as pollution and long hours of traffic-jams which is making cities’ life insecure and unlivable [1]. The smart city adopts the smart use of public resources’ provisions yielded by the government, increase the quality of the services profound to its citizens, and decrease the operational cost of public administration [2]. Thus, the motivation behind developing such cities is to enhance social, physical, and economic infrastructure. Furthermore, by developing the conception of smart mobility, the smart cities are evolving to accomplish the desire for a safe and secure journey of the users in the urban scenario. Simultaneously, vehicular ad hoc networks are vastly acknowledged to achieve such objective. VANET is an emerging communication network, which has vehicle safety communication, traffic efficient mechanism that uses wireless technologies, and vehicle as its mobile nodes [3] for communication by transferring data between and among nodes. VANET, an application and subclass of a mobile ad hoc network (MANET) and foundation of intelligent transportation system (ITS) program, permits information exchange in real time without fixed or managed infrastructure [3, 4]. VANET enables vehicle-to-infrastructure (V2I) (pure wireless communication between vehicles) and vehicle-to-vehicle (V2V) also called inter-vehicle (communication between mobile nodes and infrastructure unit, i.e., roadside unit (RSU)) communication system [5, 6]. Each vehicle is equipped with a hardware OBU that has computational and communication capabilities [7]. These smart vehicles are integrated with embedded system, micro-sensors, and GPS, apart from on-board unit (OBU). The promise of safe driving, intelligent transportation system, early warning signals for driver that could minimize road accidents, increase road conditions advisement, and the provision of better in-transit, inter-vehicle, and road-vehicle communication are some of the essences of VANET. Emergency notifications, such as warning lights, highway hazard zone advisory, highway construction or maintenance, weather-related hazards, and stop and go traffic information, are some of the safety information available over VANET [8]. Compared to the other ad hoc wireless networks of the same class, VANET can be characterized by high processing power, large storage capacity, energy sufficiency (as work over battery of vehicle), and predictable movement of nodes (as vehicles are bound to follow a certain path along the road) [9]. The smart cities are meant to improve the performance of urban services via coupling of numerous sectors by utilizing the Internet and communication system. The main goal of developing the smart cities is to satisfy the requirement which can change in real time such as traffic management, collision avoidance, smart policing, and parking management [10]. To solve the mentioned problems, VANET can be applied to the smart city project using sensors and wireless communication technologies. The ready availability of Internet gives liberty to subscribe to a bundle of services and helps to access real-time information about road conditions and facilities. This kind of information can be easily accessed by VANET but it requires perpetual

Vehicular Ad Hoc Networks Security for Smart …

113

Fig. 1 VANET architecture [1]

network. With this development comes the risk of breach in security and privacy of users [11]. In this paper, we present the security and privacy challenges faced by VANET and propose a new approach which can be used to mitigate the interference between Internet users based on 2D OCDMA code. Using this approach, security and privacy can be maintained in smart cities. This paper is structured as follows: Sect. 2 presents the security and privacy challenges in VANET. Section 3 introduces the proposed approach, while Sect. 4 illustrates some results of the new approach. Finally, Sect. 5 concludes the work. Figure 1 represents VANET architecture.

2 Security and Privacy Challenge The fast increasing challenges of privacy and security are major impediments to the smart city. vehicle ad hoc network security (VANET), just like any other wireless networks such as WSN and WLAN, must be capable of protecting the information system by averting unauthorized modifications (integrity), preventing the unauthorized information disclosure (confidentiality), enforcing the prohibition of data/resource suppression (availability), and safeguarding communication within the network. Hence, lots of resources have been expended in order to proffer solutions to make the smart cities secured. In a smart city, business transactions are conducted by complying with the policies designed by the authorities so as to manage the trust and privacy in technology thus making security the foremost priority. People, who

114

R. Matem et al.

are the populace of the smart city should be assured that these transactions are confidential and secure. Smart parking which is one of the services in a smart city can be jeopardized through hardware attacks compromising the communication interfaces or even physical devices [1]. Another matter is the violation of user’s privacy and particulars. In order to make the reservation of any service such as a parking slot, social media and credit cards, vital information is shared with the corresponding authority which is, in turn, backed up on a database. This information on the database, if accessed by unauthorized personnel can be used for malicious purposes like the broadcast of unscrupulous messages which has negative impact on a person’s reputation and extraction of vehicle identification (plate number, location) for ulterior purpose that could even cost the driver his life. In V2R environment, the RSU, responsible for disseminating safety messages to the vehicles across the network when compromised could result in spamming, denying the access of an authorized user to the network, or even the spreading of malware across the network. RSU spoofing, whereby a spiteful user can modify safety messages thereby misleading drivers. In the events of emergencies, the flow of malign messages from a node into the network will abase a vehicle’s capability to send messages to neighboring nodes which could result in mayhem since the RSU is regarded to be reliable. Ergo, preventing safety messages from reaching the authorities in charge of the traffic which could, in turn, bring about road mishap. Whenever this onslaught occurs in smart cities, not only a single entity but the whole community is implicated thereby begging the question regarding security and safety of the inhabitants. This draws ones attention to the need for a course of action before smart city can become a success [12].

3 Proposed Approach The proposed approach is adopted from the optical code division multiple access communication systems, due to its features and characteristics, using two-dimensional zero cross-correlation/multi-diagonal spectral/spatial code (2D ZCC/MD) [13]. The concept of the OCDMA technique is based on that of CDMA, where each user is distinguished by a different code sequence. CDMA is established from the technique of a spread spectrum, which consists of distributing the power of the transmitted signal over a much larger bandwidth than that required to transmit the information. 2D ZCC/MD OCDMA code has been developed in order to eliminate the effect of multiple access interference (MAI) between users and mitigate the effect of the noise due to the property of zero cross-correlation [14]. The design of the proposed code can be implemented in the vehicle to facilitate the transmission and to guarantee the security. The proposed approach relies on the visible light communication system (VLC). Visible light communication (VLC) is a new paradigm that could revolutionize the future of wireless communication. In VLC, information is transmitted by modulating

Vehicular Ad Hoc Networks Security for Smart …

115

the visible light spectrum [10]. The visible light spectrum is unlicensed and is readily available aware hardware, and can be used for data transmission. Furthermore, the exponential improvement in the high power light-emitting diodes is an enabler for high data rate VLC Network. It has the potential to provide high-speed data communication with improved energy efficiency along with security/privacy [15]. According to these features, VLC is very useful in smart cities application (Fig. 2).

Fig. 2 Application of VLC system in smart city [16, 17]

116

R. Matem et al.

Table 1 Example of 2D ZCC/MD code sequences for k1 = 3 and k2 = 2 A g,h ⎡ ⎤ 1 ⎢ ⎥ ⎢0⎥ ⎢ ⎥ ⎢0⎥ ⎢ ⎥ ⎢ ⎥ ⎢0⎥ ⎢ ⎥ ⎢ ⎥ ⎣0⎦ 1

[101000100000] ⎤ ⎡ 101000100000 ⎥ ⎢ ⎢ 000000000000 ⎥ ⎥ ⎢ ⎢ 000000000000 ⎥ ⎥ ⎢ ⎥ ⎢ ⎢ 000000000000 ⎥ ⎥ ⎢ ⎥ ⎢ ⎣ 000000000000 ⎦ 101000100000 User 1

[010010001000] ⎤ ⎡ 010010001000 ⎥ ⎢ ⎢ 000000000000 ⎥ ⎥ ⎢ ⎢ 000000000000 ⎥ ⎥ ⎢ ⎥ ⎢ ⎢ 000000000000 ⎥ ⎥ ⎢ ⎥ ⎢ ⎣ 000000000000 ⎦ 010010001000 User 2

[000000010101] ⎤ ⎡ 000000010101 ⎥ ⎢ ⎢ 000000000000 ⎥ ⎥ ⎢ ⎢ 000000000000 ⎥ ⎥ ⎢ ⎥ ⎢ ⎢ 000000000000 ⎥ ⎥ ⎢ ⎥ ⎢ ⎣ 000000000000 ⎦ 000000010101 User 3

3.1 Development of 2D ZCC/MD Code Based on the combination of one-dimensional multi-diagonal code (1D MD) [18] and one-dimensional zero cross-correlation code (1D ZCC) [19], 2D ZCC/MD is constructed. 2D ZCC/MD code denoted by (M × N , k, λa , λc ) where M × N represents code size of 2D ZCC/MD, k is code weight, λa , λc represent auto and crosscorrelation, respectively. Let Y {y0 , y1 , y2 , . . . , y N −1 } and X {x0 , x1 , x2 , . . . , x M−1 } represent 1D-MD code and 1D ZCC code sequences, respectively. Some examples for 2D ZCC/MD sequences are shown in Table 1 for k1 = 3, k2 = 2. 2D hybrid ZCC/MD codes can be created by g = {1, 2, 3, . . . , M} and h = {1, 2, 3, . . . , N }. X h represents the patterns for spectral, Yg represents spreading patterns of space. ⎡

⎤ ⎡ ⎤ 101000100000 100001 ZCC = ⎣ 010010001000 ⎦ M D = ⎣ 010010 ⎦ 000000010101 001100 As illustrated in Table 1 each user or driver is assigned by a unique and specified code. By cancelation of MAI and the noise, 2D ZCC/MD code provides the security against the attacks and guarantees privacy because of the zero cross-correlation property.

3.2 System Description Figure 3 introduces the block diagram of the proposed approach. VLC system consists of an LED as a transmitter, a free space optical communication channel, and a photodetector as a receiver as shown in Fig. 3. LED is used to generate the optical pulse and split it for the transmitter. Then the optical signal will be encoded spectrally by WDM Demultiplexer and Multiplexer based on the 1D ZCC code sequence. The EOM modulates the incoming bits using an on–off keying scheme through the

Vehicular Ad Hoc Networks Security for Smart …

117

Transmitter

Light Emitting Diode (LED)

Spectral Encoding (1D ZCC)

Modulation

Spatial Spreading (1D MD)

Free Space optical communication

Destination

Photodetector

Spectral Decoding

Spatial Decoding

Receiver

Fig. 3 Block diagram of the proposed approach

conversion of electrical data to optical pulses. The spatial spreading is generated by the 1D MD code sequence. The encoded signal will be sent through the free space optical communication channel. At the receiver, the incoming spatial code sequence Yh is decoded spatially and delivered for the spectral decoding. After that, the photodetectors (PD) convert the optical signals to electronic signals.

3.3 Criterion of the Proposed Code The proposed code has a criterion which offers many advantages including • The simplicity of the code construction is based on the 1D ZCC and 1D MD codes. • The proposed code is characterized by the zero cross-correlation property which provides the ability to completely suppress MAI and mitigate the effect of the noise. • The simplicity of the design of the code system.

4 Results and Discussion The assessment of the proposed approach is based on the evaluation of 2D ZCC/MD code system’s performance. The system is configured using the commercial software

118

R. Matem et al.

O pti System T M version 7.0 from O ptiwave T M by modeling the system as a real environment where all factors that influence the system’s performance are considered as the dispersion and nonlinear effect where all practical forms of channel impairment are taken into consideration in the design. It should be noted that the free space optical communication channel is used as a medium. The evaluation is done in terms of the distance, where it varies between 1, 50 and 200 m as shown in Fig. 4 for four users. It is clear that the system exhibits a better performance where the 2D ZCC/MD network can reach more than 200 m without BER deterioration. This is due to its zero cross-correlation property and no overlapping spectra to different users which

Fig. 4 Eye Diagram of 2D ZCC/MD code

Vehicular Ad Hoc Networks Security for Smart …

119

suppress the MAI and mitigate the noise. However, it is obvious that a hike in the distance can cause the deterioration of the signal.

5 Conclusion In this investigation, a new approach has been proposed for VANET-based smart city based on 2D ZCC/MD OCDMA code. The implementation of 2D ZCC/MD system in such networks came after the success has been achieved in optical CDMA system as a result of its features like the zero cross-correlation property using visible light communication system (VLC). The purpose of this study is to improve the security and privacy in VANET, which is a serious matter. The 2D ZCC/MD system performance was evaluated in terms of distance, where the results show that using the proposed system more than 200 m can be reached with satisfactory performance. Furthermore, since each user or driver is assigned by a unique and specified code which provides privacy by showing the message as noise for the not intended user, this property provides the protection of the information system by averting unauthorized modifications (integrity), preventing the unauthorized information disclosure (confidentiality), enforcing the prohibition of data/resource suppression (availability), and safeguarding communication within the network as mentioned in Sect. 2. Therefore, security and privacy are guaranteed in VANET. Acknowledgements The author would like to acknowledge the support from the Fundamental Research Grant Scheme (FRGS) under a grand number FRGS/2/2014/ICT06/UNIMAP/03/1, From the Ministry of Education Malaysia.

References 1. Laouiti, A., Qayyum, A., Saad, M.N.M. (eds.): Vehicular Ad-Hoc Networks for Smart Cities: First International Workshop, vol. 306. Springer, Singapore (2014) 2. Mangiaracina, R., Perego, A., Salvadori, G., Tumino, A.: A comprehensive view of intelligent transport systems for urban smart mobility. Int. J. Logist. Res. Appl. 20(1), 39–52 (2017) 3. Rawat, A., Sharma, S., Sushil, R.: VANET: security attacks and its possible solutions. J. Inf. Oper. Manag. 3(1), 301 (2012) 4. Liu, J., Ren, F., Miao, L., Lin, C.: A-ADHOC: an adaptive real-time distributed MAC protocol for vehicular ad hoc networks. Mob. Netw. Appl. 16(5), 576–585 (2011) 5. Patel, D., Faisal, M., Batavia, P., Makhija, S., Mani, M.: Overview of routing protocols in VANET. Int. J. Comput. Appl. 136(9), 4–7 (2016) 6. Ahmad, S.A., Shcherbakov, M.: A survey on routing protocols in vehicular adhoc networks. In: 2018 9th International Conference on Information, Intelligence, Systems and Applications (IISA), July 2018, pp. 1–8. IEEE (2018) 7. Al-Sultan, S., Al-Doori, M.M., Al-Bayatti, A.H., Zedan, H.: A comprehensive survey on vehicular ad hoc network. J. Netw. Comput. Appl. 37, 380–392 (2014)

120

R. Matem et al.

8. Enkelmann, W.: Fleetnet-applications for inter-vehicle communication. In: IEEE IV2003 Intelligent Vehicles Symposium. Proceedings (Cat. No. 03TH8683), June 2003, pp. 162–167. IEEE (2003) 9. Mishra, R., Singh, A., Kumar, R.: VANET security: issues, challenges and solutions. In: 2016 International Conference on Electrical, Electronics, and Optimization Techniques (ICEEOT), March 2016, pp. 1050–1055. IEEE (2016) 10. Rehman, S.U., Ullah, S., Chong, P.H.J., Yongchareon, S., Komosny, D.: Visible light communication: a system perspective—overview and challenges. Sensors 19(5), 1153 (2019) 11. Khekare, G.S., Sakhare, A.V.: A smart city framework for intelligent traffic system using VANET. In: 2013 International Multi-Conference on Automation, Computing, Communication, Control and Compressed Sensing (iMac4s), March 2013, pp. 302–305. IEEE (2013) 12. Shin, J.H., Jun, H.B.: A study on smart parking guidance algorithm. Transp. Res. Part C: Emerg. Technol. 44, 299–317 (2014) 13. Matem, R., Aljunid, S.A., Junita, M.N., Rashidi, C.M., Ahmed, I.S.: Influence of code size variation on the performance of 2D hybrid ZCC/MD in OCDMA system. In: MATEC Web of Conferences, vol. 150, p. 06018. EDP Sciences (2018) 14. Matem, R., Aljunid, S.A., Junita, M.N., Rashidi, C.B.M., Ahmed, I.S.: Photodetector effects on the performance of 2D spectral/spatial code in OCDMA system. Optik 178, 1051–1061 (2019) 15. Yaqoob, I., Hashem, I.A.T., Mehmood, Y., Gani, A., Mokhtar, S., Guizani, S.: Enabling communication technologies for smart cities. IEEE Commun. Mag. 55, 112–120 (2017) 16. Falcitelli, M., Pagano, P.: Visible light communication for cooperative ITS. In: Alam, M., Ferreira, J., Fonseca, J. (eds.) Intelligent Transportation Systems. Studies in Systems, Decision and Control, vol. 52. Springer, Cham (2016) 17. C˘ailean, A., Dimian, M., Done, A.A.: Enhanced design of visible light communication sensor for automotive applications: experimental demonstration of a 130 meters link. In: 2018 Global LIFI Congress (GLC), pp. 1–4 (2018) 18. Anuar, M.S., Aljunid, S.A., Saad, N.M., Hamzah, S.M.: New design of spectral amplitude coding in OCDMA with zero cross-correlation. Opt. Commun. 282(14), 2659–2664 (2009) 19. Abd, T.H., Aljunid, S.A., Fadhil, H.A., Ahmad, R.A., Saad, N.M.: Development of a new code family based on SAC-OCDMA system with large cardinality for OCDMA network. Opt. Fiber Technol. 17(4), 273–280 (2011)

Author Index

A Aljunid, S. A., 111 Ayoub, Wael, 19 B Ben-Jemaa, Ines, 73 Boos, Philippe, 99 Brahim, Mohamed Ben, 45 E Ellatif Samhat, Abed, 19 F Fevrier, Laurent, 3 H Hell, Martin, 59 Hrizi, Fatma, 87 J Jandial, Abhishek, 3 Joumaa, Hussein, 19 Junita, M. N., 111

Laouiti, Anis, 87 M Mahmoudi, Issam, 73 Matem, Rima, 111 Menouar, Hamid, 45 Merdrignac, Pierre, 3 Mroue, Mohamad, 19 N Naja, Rola, 31 Nikbakht Bideh, Pegah, 59 Nouvel, Fabienne, 19 P Paladi, Nicolae, 59 Prévotet, Jean-Christophe, 19 R Rashidi M., C. B., 111 S Saad, N. M., 111 Shagdar, Oyunchimeg, 3

K Kaiser, Arnaud, 73 Kamel, Joseph, 73 Khoder, Rami, 31

T Tohme, Samir, 31

L Lacoste, Marc, 99

U Urien, Pascal, 73

© Springer Nature Singapore Pte Ltd. 2020 A. Laouiti et al. (eds.), Vehicular Ad-hoc Networks for Smart Cities, Advances in Intelligent Systems and Computing 1144, https://doi.org/10.1007/978-981-15-3750-9

121