This paper proposes a reference model for defining security benchmarks for the safety assessment of Cooperative Driving Automation (CDA) applications. Our reference model provides a systematic approach to benchmark the resilience of CDA applications against malicious attacks through extensive system simulations. It enables the test repeatability and comparison of results across different implementations of CDA applications. In our approach, a benchmark is defined as a series of tests that expose the target system to specific attacks while recording its response. Using this model, we define a benchmark for evaluating the resilience of Cooperative Adaptive Cruise Control (CACC) algorithms against barrage jamming attacks targeting the physical layer of the IEEE 802.11p communication standard. We apply this benchmark to assess and compare the performance of four CACC algorithms: P1, Flatbed, Ploeg, and Consensus. The benchmark measures reveal that the Consensus algorithm demonstrates the highest resilience against jamming attacks, primarily due to its heavy reliance on onboard sensors and the use of sensor data from all other vehicles for decision-making. In contrast, the P1 algorithm, which depends mainly on vehicle-to-vehicle (V2V) communication, proves to be the most vulnerable. Furthermore, the results indicate that vehicles are most susceptible to jamming attacks during acceleration phases, making these periods critical for security evaluation. These findings validate the effectiveness of our benchmarking framework in identifying strengths and vulnerabilities of CACC algorithms under cyberattacks.

This paper presents our initial contributions toward defining security benchmarks for simulation-based assessment of Cooperative Driving Automation (CDA) applications. A security benchmark is a process or procedure for assessing and validating a system’s ability to achieve its operational objectives in the presence of specific security attacks. This work lays the groundwork for developing security benchmarks that assess the robustness of CDA applications against jamming attacks. The driving scenario and the attack model are the core components of our proposed security benchmark. We used two scenarios braking and sinusoidal as a stimulus for evaluating the robustness of a platooning application modeled in a simulation framework called Plexe. The platooning application is equipped with a Cooperative Adaptive Cruise Control (CACC) controller. We injected barrage jamming attacks into the physical layer of the wireless communication system modeled by the IEEE 802.11p protocol. We demonstrate that jamming attacks can compromise safety, leading to emergency braking and collision incidents among platooning vehicles. Our findings also indicate that the severity of jamming attacks varies with the driving scenario, with the most severe impacts (i.e., collisions) occurring when the attack is injected during vehicle acceleration. 

This paper presents the results of extensive simulations to assess the resilience of several Cooperative Adaptive Cruise Control (CACC algorithms against barrage jamming. CACC is an extension of ACC that utilizes V2V communication to maintain string stability and appropriate inter-vehicle spacing in automotive platooning systems. We conduct simulations using four existing CACC algorithms: two employ a Constant Time Headway (CTH) policy, and two employ a Constant Vehicle Spacing (CVS) policy.CACC algorithms based on the CTH policy primarily rely on local sensor data, whereas those following the CVS policy depend mainly on information received from other vehicles via wireless communication.Our simulations show that CTH-based algorithms are resilient to barrage jamming attacks. In contrast, CVS-based algorithms are highly vulnerable due to the lack of fallback mechanisms for handling communication failures. However, since CVS enables higher traffic density and flow, we investigate whether a CVS-based algorithm can achieve jamming resilience comparable to that of CTH-based algorithms.To this end, we propose two extensions to one of the CVS-based CACC algorithms to improve its jamming resilience. Our results demonstrate that both extensions significantly reduce the number of collisions compared to the original CVS implementation. Notably, one of the proposed extensions enables the CVS-based CACC algorithm to achieve the same level of jamming resilience as the tested CTH algorithms.

This paper presents our initial contributions toward defining security benchmarks for simulation-based assessment of Cooperative Driving Automation (CDA) applications. A security benchmark is a process or procedure for assessing and validating a system’s ability to achieve its operational objectives in the presence of specific security attacks. This work lays the groundwork for developing security benchmarks that assess the robustness of CDA applications against jamming attacks. The driving scenario and the attack model are the core components of our proposed security benchmark. We used two scenarios braking and sinusoidal as a stimulus for evaluating the robustness of a platooning application modeled in a simulation framework called Plexe. The platooning application is equipped with a Cooperative Adaptive Cruise Control (CACC) controller. We injected barrage jamming attacks into the physical layer of the wireless communication system modeled by the IEEE 802.11p protocol. We demonstrate that jamming attacks can compromise safety, leading to emergency braking and collision incidents among platooning vehicles. Our findings also indicate that the severity of jamming attacks varies with the driving scenario, with the most severe impacts (i.e., collisions) occurring when the attack is injected during vehicle acceleration.

A remotely operated road vehicle (RORV) refers to a vehicle operated wirelessly from a remote location. In this paper, we report results from an evaluation of two safety mechanisms: safe braking and disconnection. These safety mechanisms are included in the control software for RORV developed by Roboauto, an intelligent mobility solutions provider. The safety mechanisms monitor the communication system to detect packet transmission delays, lost messages, and outages caused by naturally occurring interference as well as denial-of-service (DoS) attacks. When the delay in the communication channel exceeds certain threshold values, the safety mechanisms are to initiate control actions to reduce the vehicle speed or stop the affected vehicle safely as soon as possible. To evaluate the effectiveness of the safety mechanisms, we exposed the vehicle control software to various communication failures using a software-in-the-loop (SIL) testing environment developed specifically for this study. Our results show that the safety mechanisms behaved correctly for a vast majority of the simulated communication failures. However, in a few cases, we noted that the safety mechanisms were triggered incorrectly, either too early or too late, according to the system specification. 

A remotely operated road vehicle (RORV) refers to a vehicle operated wirelessly from a remote location. In this paper, we report results from an evaluation of two safety mechanisms: safe braking and disconnection. These safety mechanisms are included in the control software for RORV developed by Roboauto, an intelligent mobility solutions provider. The safety mechanisms monitor the communication system to detect packet transmission delays, lost messages, and outages caused by naturally occurring interference as well as denial-of-service (DoS) attacks. When the delay in the communication channel exceeds certain threshold values, the safety mechanisms are to initiate control actions to reduce the vehicle speed or stop the affected vehicle safely as soon as possible. To evaluate the effectiveness of the safety mechanisms, we exposed the vehicle control software to various communication failures using a software-in-the-loop (SIL) testing environment developed specifically for this study. Our results show that the safety mechanisms behaved correctly for a vast majority of the simulated communication failures. However, in a few cases, we noted that the safety mechanisms were triggered incorrectly, either too early or too late, according to the system specification.

This paper presents ComFASE, a communication fault and attack simulation engine. ComFASE is used to identify and evaluate potentially dangerous behaviours of interconnected automated vehicles in the presence of faults and attacks in wireless vehicular networks. ComFASE is built on top of OMNET++ (a network simulator) and integrates SUMO (a traffic simulator) and Veins (a vehicular network simulator). The tool is flexible in modelling different types of faults and attacks and can be effectively used to study the interplay between safety and cybersecurity attributes by injecting cybersecurity attacks and evaluating their safety implications. To demonstrate the tool, we present results from a series of simulation experiments, where we injected delay and denial-of-service attacks on wireless messages exchanged between vehicles in a platooning application. The results show how different variants of attacks influence the platooning system in terms of collision incidents.

In this work, we evaluate the safety of a platoon offour vehicles under jamming attacks. The platooning applicationis provided by Plexe-veins, which is a cooperative drivingframework, and the vehicles in the platoon are equipped withcooperative adaptive cruise control controllers to represent thevehicles’ behavior. The jamming attacks investigated are modeledby extending ComFASE (a Communication Fault and AttackSimulation Engine) and represent three real-world attacks,namely, destructive interference, barrage jamming, and deceptivejamming. The attacks are injected in the physical layer of theIEEE 802.11p communication protocol simulated in Veins (avehicular network simulator). To evaluate the safety implicationsof the injected attacks, the experimental results are classifiedby using the deceleration profiles and collision incidents of thevehicles. The results of our experiments show that jammingattacks on the communication can jeopardize vehicle safety,causing emergency braking and collision incidents. Moreover,we describe the impact of different attack injection parameters(such as, attack start time, attack duration and attack value) onthe behavior of the vehicles subjected to the attacks.