**About the Editor**

#### **Arman Sargolzaei**

Dr. Arman Sargolzaei's expertise is in applying linear and nonlinear control methods, machine learning, and artificial intelligence to the field of cyber-physical systems. His mission is to enhance the quality of life for people by assuring safety, security, and privacy concerns through extensive collaboration among multi-disciplinary fields. Dr. Sargolzaei is the recipient of the NSF CAREER award for his research on testing and verifying the security of connected and autonomous vehicles. He was recognized with the honor of the "Faculty Research Excellence Award"for two consecutive years. He received his doctorate degrees in Mechanical Engineering and Electrical Engineering from the University of Florida, and Florida International University. He is currently an assistant professor of Mechanical Engineering at Tennessee Technological University. Before joining Tennessee Tech, he was director of the Advanced Mobility Institute (AMI) and an assistant professor of Electrical Engineering at Florida Polytechnic University. Dr. Sargolzaei has published more than 70 articles in high-impact factor journals, including IEEE Transactions on Automatic Control, Industrial Informatics, and Industrial Electronics. Dr. Sargolzaei has two active and one pending patent for his research on cyber-physical systems. He is largely involved in national and international fund-raising events to improve education and training on the security of control systems. He is a proud splash instructor who volunteers and actively participates in outreach events.

**Navid Khoshavi 1,2,\*, Gabrielle Tristani <sup>2</sup> and Arman Sargolzaei <sup>3</sup>**


**Abstract:** Blockchain technology continues to grow and extend into more areas with great success, which highlights the importance of studying the fields that have been, and have yet to be, fundamentally changed by its entrance. In particular, blockchain technology has been shown to be increasingly relevant in the field of transportation systems. More studies continue to be conducted relating to both fields of study and their integration. It is anticipated that their existing relationships will be greatly improved in the near future, as more research is conducted and applications are better understood. Because blockchain technology is still relatively new as compared to older, more well-used methods, many of its future capabilities are still very much unknown. However, before they can be discovered, we need to fully understand past and current developments, as well as expert observations, in applying blockchain technology to the autonomous vehicle field. From an understanding and discussion of the current and potential future capabilities of blockchain technology, as provided through this survey, advancements can be made to create solutions to problems that are inherent in autonomous vehicle systems today. The focus of this paper is mainly on the potential applications of blockchain in the future of transportation systems to be integrated with connected and autonomous vehicles (CAVs) to provide a broad overview on the current related literature and research studies in this field.

**Keywords:** blockchain; security; privacy; financial transactions; transportation systems; autonomous vehicles

#### **1. Introduction**

Despite being widely anticipated and celebrated by many today, the field of connected and autonomous vehicles (CAVs) has also faced scathing criticism, disadvantage analysis, and distrust from wary organizations and people [1–7]. Security, safety, and privacy concerns have all been brought up and, as a result, there is a great deal of uncertainty surrounding just how beneficial CAVs can truly be to our society and overall health. A major force in this skepticism is that CAVs systems rely on online networks and, as connected devices, they may be susceptible to numerous software and hardware faults that can be exposed and exploited by attackers [8–11]. Attackers are known for using any means possible to compromise user data, overwhelm networks, and potentially cause dangerous situations for users. In the case of AVs, any form of lax security and safety measures can prove to be fatal due to the inherent hazards that are involved in driving and managing past and present location-sensitive information of users [12,13].

A centralized system is viewed by many to be incredibly ineffective, as well as dangerous, due to the constantly changing nature and wide-scale data management required

**Citation:** Khoshavi, N.; Tristani, G.; Sargolzaei, A. Blockchain Applications to Improve Operation and Security of Transportation Systems: A Survey. *Electronics* **2021**, *10*, 629. https://doi.org/10.3390/ electronics10050629

Academic Editor: Giuseppe Prencipe

Received: 3 January 2021 Accepted: 26 February 2021 Published: 9 March 2021

**Publisher's Note:** MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

**Copyright:** © 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https:// creativecommons.org/licenses/by/ 4.0/).

in CAV operations [14]. Retrieving data in a timely manner is an absolute necessity in ensuring prompt response time, which may be difficult in the case of a single central system managing all user data. Another concern with this setup is the potential for attackers to take advantage of the single failure point for all CAVs by overwhelming the centralized system with requests or manipulating certain user data, at which point they would be able to potentially devastate the entire CAV network [15].

Over time, inherent flaws in totally centralized networks led to the search for alternative models, such as those that are depicted in Figure 1. The proposed model relies on a variety of interconnections between users and other entities instead of using a single, central node. Among the many possibilities, the most promising one was blockchain, proposed by a person or group of people using the name Satoshi Nakamoto in 2008 [16]. Blockchain has the potential to realize a large system, with its size being supported by a variety of peers, equipped with measures to validate, begin, and end transactions through its consensus and validation protocols. No longer restricted to the performance and security challenges of centralized network, blockchain provides all the same necessary features that are present in centralized networks, but, under a high throughput, scalable peer-to-peer based architecture. Despite its creation being fueled primarily by a desire to allow bitcoin technology to function, it has gained a lot of traction with researchers and the public in a wide variety of fields due to its benefits in providing secure, reliable transactions without the use of a single central entity in managing them.

As of now, the blockchain solution has already been incorporated across varying areas of study with great success, which has led many to wonder whether it can be applied similarly to other emerging fields [8]. Among these fields, the applications of blockchain in CAVs have been extensively studied [12–14]. Through these studies, a wide spectrum of methods have been proposed on how blockchain can be incorporated to add and expand on existing CAV functionality, coupled with a number of tests indicating the feasibility of implementations [17,18].

While not designed with a CAV system use in mind, blockchain has proven itself to have a number of benefits that could be successfully carried over to CAVs [19]. Its application could lend itself to use in enhancing the security of CAVs as well as improving the privacy of the users [20], increasing passengers' safety, and maintaining records on vehicle actions in the case of accidents to provide more accurate information for insurance and compensation purposes, as has been noted by a variety of researchers [21], allowing financial transactions to occur directly between a vehicle and a user or other device without the involvement of unnecessary parties [22,23], and providing CAVs with the ability to interact with other devices to offer additional relevant services to users. With its high level of use in various industries and noted security and operation-based benefits, its integration into CAVs could completely eliminate former concerns and provide a framework for entirely new capabilities.

Current blockchain faults in terms of energy and resource consumption, as well as financial cost and increased delay, when several users that are connected to a network have caused some researchers to view it as too inherently flawed to scale to such a large and time-sensitive system, but such concerns may soon prove to be unfounded. Blockchain is, when compared to a variety of other technologies today, relatively new, which means that there is still plenty of ability for improvement. In addition, there have been several proposals on how to resolve such issues, including the use of more lightweight approaches, coupled with the revision of the current Proof of Work algorithm that is responsible for many of the issues discussed [24,25]. With more time to study and improve on blockchain and the algorithms that it tends to use, it will likely prove to be fully capable to support the decentralized network discussed, with its production cost lowering in turn due to an increase in blockchain understanding between companies and develop.

The stride to achieve a safe and secure ecosystem where all-inclusive CAVs operate without a human input has been aligned with our motivation to demonstrate the potential benefits of leveraging blockchain to address the previous transportation-related threats. Because the current literature is lacking a comprehensive study on the application of blockchain in operation and security of Transportation Systems, this paper surveys the most recent studies in this domain. In this survey, we briefly describe the structure of blockchain as well as highlighting the advantages of utilizing blockchain in CAVs. Furthermore, we thoroughly demonstrate how blockchain can be, and has already been, applied to CAV technology. More specifically, this study aims to discuss the following concerns relating to CAVs:


The remainder of this article is organized, as follows: Section 2 of the paper discusses the basic background information surrounding the history of blockchain and how it functions, Section 3 elaborates on how common blockchain applications and features could benefit CAVs if implemented effectively. Section 4 describes the application of Blockchain in collective decision. Section 5 presents the future research direction and challenges. Section 6 serves as the conclusion.

**Figure 1.** The different types of networks. Centralized networks have a central node that provides connection capabilities for the entire network. Decentralized networks have multiple connection paths between nodes, but some nodes can still lose connection with the network. Distributed networks have several communication paths between nodes, which drastically reduces the probability of a node disconnecting. Centralized is the most common, but decentralized and distributed are increasing in popularity.

#### **2. Background**

Before discussing specific blockchain applications, we need to briefly explain the terminologies, concepts, and algorithms that construct the blockchain methodology.

#### *2.1. Ledger*

The blockchain is best described as a distributed ledger, maintaining information regarding the transactions carried out and providing its services to all blockchain users. Under this system, every party maintains its own ledger copy, which allows them to check any past or present transaction record sent to them for security and validity. The network bundles transactions into blocks to facilitate the distribution of data across the nodes. Those blocks are then checked for authenticity and appended to the chain.

#### *2.2. Block*

A block is comprised of a number of different data-bearing segments, with each being necessary for upholding transactions. In the most general view, a block is composed of its header and its body. Its header contains important information regarding the specifics of the version, hash, and other relevant protocol details for the validation, while its body includes the actual transaction taking place, as well as its counters. One block can contain multiple transactions, with the total number of transactions being dependent on its size.

#### *2.3. Proof-of-Work (PoW) and Hashes*

Each block connects to the previous block by using hashes, as shown in Figure 2. Each hash is a set value, which is computed by assessing block contents and used to detect errors. As an extra mechanism to detect the alteration of previous blocks in the chain, the hash value of the prior block is included. Any entity that wants to send a block over the network needs first to compute an algorithm we will call a puzzle, Power-of-Work (PoW), and then send the solution to the network for approval. This requirement accomplishes two key goals: stopping attackers from generating and sending incorrect transaction data to the ledger and similarly limiting the number of concurrent transactions that a ledger can receive to prevent it from being overloaded.

**Figure 2.** A diagram showing connections between blocks in blockchain technology, providing these connections through hashes.

#### *2.4. Scalability*

Scalability is one of the most highly desired features for any system that expects to expand over time or needs to be able to remain stable in the face of targeted attacks on its infrastructure as a whole. Centralized networks, while simple to set up and understand, are severely limited in this regard, since they rely on a single entity for all network operation, which provides a clear target for attackers, as well as allowing for the potential overload of the central node as more users join the network since these nodes do not come with their own resources to manage increased network traffic. This is demonstrated in Figure 3.

However, with blockchains, when a user is added to a blockchain, like in Figure 4, they come with their own set of resources. Besides the resource requirements, the complexity and run time of the consensus algorithms running on the network should also scale (either linearly or sublinearly) with the size of the network. This contribution of resources and the scalability of the consensus algorithm allows for enhanced network operation, since users will primarily take care of themselves and their own role in the chain, letting the blockchain scale easily when new users are added without straining a central server. The peer-to-peerbased architecture means that there is no single point in the network that is responsible for all normal operation of other nodes, meaning that the system lacks a single failure point, and is thus much more resilient. All of the nodes can rely on its interconnections between a variety of other nodes instead of choosing just one, providing a backup for all users over a network. This allows for the blockchain to retain overall connection and operation, even when several nodes are compromised.

**Figure 4.** Scaling in a distributed network is simpler because new nodes contribute their own resources.

#### *2.5. Privacy, Anonymity, and Keys*

Instead of associating transactions with a fully-fledged identity, as is the case in fully centralized institutions, blockchain uses a pseudo-identifier. Commonly, this pseudoidentifier is just a cryptographic key. All of the transactions that would typically need a name, social security number, ID, and other associated information, now only require the key. This increases both privacy and risk proportionally, since, now, if an entity loses its key, it loses access to all of its information. Even worse, if a malicious party compromises an entity's key, it can then use that to either pretend to be the entity or access all the entities' records, credentials, and resources.

The cryptographic key is based on the famous public-private key architecture. In this architecture, a user generates two keys: the public key and private key. Private keys they keep to themselves, while public keys are broadcasted over the network whenever requested. In this system, private keys are used to encrypt the information, while public keys are utilized to decrypt encrypted messages. This allows the identity of the user to be easily verifiable. If the user encrypts a file and that file later comes into question, its authenticity can be verified, since the system trusts that a user will keep their private key secure.

#### *2.6. Re-Purposing*

Currently, the primary and most notable application of the blockchain protocol is Bitcoin. For processing transactions, users, referred to as miners, gain a digital monetary reward that is known as Bitcoin. As the number of miners on the network increase, the PoW increases proportionally. The appeal of a decentralized financial system that is unregulated by any government has led to its widespread popularity among the public.

Although blockchain was designed with application to bitcoin alone in mind, it is a very flexible system that can be applied to countless industries. Currently, blockchain technology is used in healthcare, online transaction security, and several other fields. Because blockchain is new, many researchers are eager to find new ways to apply this quickly growing and changing technology to other systems and areas.

Table 1 briefly demonstrates how blockchain can overcome the challenges of centralized systems.


**Table 1.** Blockchain solutions for centralized system flaws.

#### **3. Blockchain and Transportation**

One of the main reasons CAV technology has not been fully embraced is an underlying safety concern. However, at the same time, many would agree that the most dangerous and unstable elements of transportation are the human drivers [26]. While not yet perfect, CAVs have the potential to compensate for the shortcomings of humans and fully prevent accidents. When discussing CAVs, there are several levels to consider: *level 0*, which has no automation, *level 1*, which has certain automation when needed for certain very specific and isolated functions, *level 2*, which has automation in the case of several different communicating functions, *level 3*, which has significantly limited, but still functional, selfdriving capabilities that may require some user input, and *level 4*, which has the complete ability to operate and drive by itself. In the end, it is expected and desired that *level 4* CAVs will be developed, but, until then, the focus has been on enhancing the capabilities of previous levels, with the exception of level 0. Several companies, including Google, Uber, and Telsa, have recently made great strides in self-driving vehicles, and Tesla has recently announced that its shared autonomy fleet will go live within 2020.

Despite an overall reduction in accidents, there have still been many noted driving failures involving CAVs. Currently, CAVs are known to make incorrect decisions at times for two reasons: (1) because the technology is far from perfect, as it is challenging to meet the mandatory requirements, and (2) because the vehicles do not yet have enough information to process to avoid certain incidents.

Though many of the factors that cause such flaws and potential areas of improvement are well known, methods that outline how solutions can be implemented may not be as clear. Some examples of well studied problems in CAV technology are ensuring the abilities to both maintain and secure certain data, like physical and geographic location of vehicles [27–30], allow sufficient operation space for vehicles and control traffic flow [31–34], allowing and securing communication between vehicles and each other as well as other network-connected devices [35–39], providing collision warning and evasion techniques [40–44], providing security against attacks from malicious entities and faulty software or hardware [45–49], and offering safe and reliable availability of updates when needed [50]. The possibilities that are opened by CAV technology are too vast to be ignored, with broad applications to various fields to improve operation and user convenience. As noted, CAV technology lends itself to use in transport-based financial transactions, like public transportation systems [51].

CAVs are still relatively new, which leads them to suffer from a number of flaws that have lessened public support in the name of security and safety concerns for drivers and pedestrians. However, while CAVs have yet to gain full public trust, blockchain technology is viewed as one of the most secure methods used to maintain transactions and enable users to perform common operations as simply and safely as possible. In order to promote trust in CAVs and more fully demonstrate the full capabilities and possible extension of blockchain technology, the integration of blockchain technology and CAV systems is an idea that could prove advantageous to both fields. Figure 5 illustrates a summary of the leading research activities in each aspect of applications of blockchain. We explain the technical contribution of each work in the rest of the manuscript.

**Figure 5.** A circular dendrogram demonstrating the leading research activities in each domain.

#### *3.1. Anonymity and Security*

Figure 6 shows the attribute graph of the security concerns of CAVs that blockchain technology can address. In the case of CAVs, data and device security and anonymity are some of the largest places of failure, as well as the largest places that must be secured in vehicle operation, as brought up by a variety of researchers and wary consumers [52–56]. Because blockchain was built entirely to provide security in transactions, its role in providing security for CAV users is by far the most well studied and desired. Thus, the majority of this study will discuss this aspect, as well as the several approaches that utilize the blockchain to ensure security and user anonymity in CAV systems.

**Figure 6.** The attribute graph of the security concerns of connected and autonomous vehicles (CAVs) that blockchain technology can address.

Although data security and user anonymity are both highly prized features of any vehicle or device in use today, they tend to be ignored in favor of physical driver safety and more technically accurate operation. Recently, this has been extremely noticeable in CAV development, leading to user outrage from the fact that their personal data and vehicles' safety from attackers is not given necessary protection [57–61]. As an example, VANETs [62] seek to remedy the issue of numerous drivers, and the risk that is associated with them, by creating a network for cars to directly communicate with each other, sharing information on road safety issues, upcoming traffic stops, and general information to improve the efficiency of the whole vehicular system. However, while this sounds promising to many researchers and drivers, some users worry about the inherent risks involved, with concerns being based around the exposure of car, driver, and location information in these communications.

VANETs were not designed with the current developments of CAVs in mind, but could prove incredibly beneficial to an CAV network, possibly even more beneficial than it is to regular vehicle systems with the removal of human unpredictability. The use of consistent and constant communication between adjacent vehicles to help them prepare for future traffic events and situations would provide CAVs with all of the needed information to make decisions in a timely and accurate manner, which is why their incorporation is so essential. However, before they can be safely added, the previously mentioned risks to user privacy and security must be overcome.

Le et al. have outlined a system, called a Blockchain-based Anonymous Reputation System (BARS), which works using guidelines and defined operations to ensure trust throughout the network [10]. With this, Ref. [10] believe they have found a way to mitigate known security and privacy flaws in CAV systems. This BAR system works under its defined development in a number of connected phases, called steps, all of which were created to secure user privacy. The first step is to adjust blockchain features, so the preexisting, commonly used Public Key Infrastructure (PKI) can be extended to provide for a new authentication procedure that guarantees user data privacy. At this point, there is a distinct link from the communicating vehicle to its private key, which presents a huge security risk in allowing attackers to find the private key for a given user, and, in turn, gain access to their transaction information. This risk is accounted for and prevented with the addition of a Certificate Authority (CA), which serves to provide a new abstraction layer to protect the anonymity of all users, letting the whole network continue to function securely [10].

The next development step is in the researcher's design of a new algorithm to assess vehicle reputation and its level of trustworthiness based on its prior actions and broadcasts over the network, as well as nearby vehicles viewpoints [10]. Adversaries may attempt to spoof vehicles or manipulate vehicle data in such a way as to disturb the functionality of the network or the records of the victim vehicles. This can be incredibly dangerous to both the driver and the network relying on that vehicle's information. Table 2 lists the parameters that need to be considered in the design of a reliable consensus protocol in CAVs.

Currently, different trust models can be, and have been, applied to VANET systems, including entity-centric, data-centric, and combined trust models. The model used in [10] is entity-centric, meaning that it is concerned primarily with the vehicles themselves. Some potential assessment measures include a reputation-based system, as depicted in Figure 7, where every vehicle's weight is judged based on its past behavior in the network. The reputation of each vehicle transmitting data determines the validity of the transmission. There are three main message types in the network, including the following: beacon messages, which are sent periodically with simple driving status information, alert messages that are sent for emergencies and come in three levels, and disclosure messages, which are sent by witnessing vehicles and those with conflicting information [10]. By this model, underlying blockchain technology is the backbone of the system in regards to the security and stability of the system underlying vehicle operation in this model. Its inherent security, flexibility, and trust among users make it a natural choice, and one that could serve to solve many more common issues with current CAV technology.

**Figure 7.** Reputation-based system for judging the validity of vehicles and their provided information on a network. This system is based on the past and present behavior of the vehicle and culminates in a score that is attributed to that vehicle.


**Table 2.** Considerations for consensus protocol involving CAVs.

The possibility of using blockchain in VANETs has also been noted by Leiding et al. [63], with them offering an approach based around peer-to-peer networks instead of the traditional centralized client-server architectural approach. Because blockchain inherently lends itself to decentralized approaches, it was noted as being a very promising potential choice. Decentralization is assured through the implementation of smart contracts, which function using an Ethereum blockchain implementation, with these smart contracts providing applications that make user vehicles perform operations that contribute to overall network decentralization by relying on several RSUs (road-side units) instead of a single entity [63]. Operations that are carried out may entail forcing vehicles to follow traffic rules or regulations, or presenting useful roadway condition information to drivers [63]. This heightened level of consistent control without reliance on a single party in operation ensures both the proper function of the system and connected vehicles and the stability and reliability of the underlying system, which makes this approach a very promising one to consider for future CAV use [63].

Any given VANET is heavily reliant on the reliable interaction between vehicles and, as a result, any malicious adversary interference could prove dangerous to the driver in question and other drivers in the system. To combat this risk, Singh and Kim [64] suggested implementing IV-TP into messages that are sent over the network, with their focus being to add needed security elements and data reliability. This element is represented as a singular, unpredictable number, which is chosen randomly and appended to any message sent in a particular communication. The researchers propose using a cloud storage solution that is based on blockchain to handle IV-TP communications. The authors note that the necessity for such a system derives from the fact that current vehicular ad-hoc networks use less secure forms of communication that can be accessed or manipulated by malicious adversaries, and that the proposed blockchain solution will provide a freely available and accessible ledger, secured via a Merkle tree and SHA-256 Hash with a consensus mechanism (PoW).

The new proposed system involves the use of blockchain technology, vehicular cloud computing (VCC), and a network-connected device (the vehicle). VCC operates as a form of hybrid technology, utilizing the resources that are owned by user-controlled vehicles, like their data maintenance and storage, computing power, and Internet-aided decision-making skills. In this case, the blockchain makes up much of the system and it has been divided into seven layers, similar to the popular OSI model that was used in the Internet.

An article written by Rathee et al. proposed a security method that made extensive use of blockchain technology in order to protect CAVs from exploitation [20]. Following this proposed method, blockchain technology would be used to protect user data security, as well as maintain a history of vehicle movement, decisions, and external conditions. By this implementation, blockchain technology is the main method of data protection, a job that has been noted to be extremely geared towards [20]. Similarly, Narbayeva et al. noted the applicability of blockchain technology to CAV systems [65]. The reasons for incorporating blockchain technology were supported in full with an analysis of past trends in technology to make predictions for currently developing CAV technology, as well as how many new technologies, like the Internet of Things and bitcoin, have made use of blockchain for data protection [65]. In addition to its user and producer trust, its ease of application and flexibility can be seen through its widespread use in a variety of fields to secure data and anonymity in transactions [65]. This flexibility, as discussed, makes it not only a safe and reliable, but a relatively easy and inexpensive to implement, technology [65].

In the past, blockchain technology has been applied with great success in security and it has been shown to be an effective means of facilitating the spread of information between several connected systems. Because of these traits, a study that was conducted by authors of [12] attempted to integrate blockchain technology with existing CAV traffic event validation systems to quickly and effectively secure vehicle information and eliminate misleading information exchanged by malicious vehicles [12]. To test the proposed system, the team tracked the number of attackers and the ability of the blockchain-based system to detect when users were generating malicious information, with the blockchain technology using a reputation-based system to track the trustworthiness of certain users based on their past actions [12]. The results gathered indicated that this system was very effective in distinguishing normal from attacker-generated data [12]. Its success heightens an area of particular importance for the use of blockchain technology in CAVs: attack mitigation and user safety. Based on these results, it can be said that blockchain technology has the potential to build greatly upon many previously concerning aspects of CAV operation and reliability.

Objects that are connected to a large-scale network are frequently subject to attacks, old and new, by malicious users, and CAVs have never been immune. Software vulnerabilities that are present in a given product are generally remedied through updates to fix known flaws, so the existence of a readily available system to provide such updates quickly and completely to all users is necessary. However, these updates must also be provided securely, with no chance of an attacker taking advantage of this system to infect CAVs. To meet security needs while ensuring that no vehicle is missed, Baza et al. [14] highlighted traits of blockchain technology that lend it to be used in such an application.

To explain the use of blockchain in finding a solution, the group outlined a firmware update scheme that uses blockchain technology to provide security in their releases and ensure that certain vehicles are not overlooked due to geographical location [14]. This system would use several distributors, vehicles that are rated highly based on their reputation in regards to its trustworthiness and driving history, to deliver new updates [14]. The reputation of vehicles would be recorded via the implementation of blockchain technology, ensuring availability and security to avoid the targeting of high reputation vehicles in attacks. The encryption scheme used would require that CAVs be authorized to install updates, and all of the updates would be secured via the use of smart contracts. Smart contracts can only operate via the use of blockchain technology and, as such, are known to be incredibly secure and well-used by people in electronically conducted transactions today. Blockchain technology serves as the basis for the scheme as a whole, again heightening its relevance and role in the future development of CAV operation, security, and safety.

Another method of providing secure software updates via the use of blockchain technology continues to use a cloud-based structure [13]. Wireless Remote Software Updates are, instead of tasked to several deliverers to distribute, available via cloud storage of a car manufacturer or software provider. In order to ensure the security of the update, the software provider begins a transaction, using its private key and a signature constructed via the signed hash of the software binary maintained inside of the cloud structure. Using this signature, the transaction is verified by overlay nodes within, and the manufacturer then signs the transaction. Following this, the overlay block managers supervising the public blockchain broadcast the transaction by checking the signature and ensuring that the manufacturer used the set private keys. Finally, the overlay block managers send out the transaction to all members of their clusters, and all of the connected devices can verify and download the update from the cloud storage. Figure 8 illustrates this process, providing security through the use of extensive checks instead of using outside entities to deliver essential updates [13].

**Figure 8.** A diagram showing how software updates are created, verified, and delivered to CAVs across the network through a cloud-based system, inspired by [13].

On top of securing user personal data, it is necessary to provide the security for the messages that is sent between vehicles. Vehicle-to-vehicle communications are necessary to keep both of the entities updated in traffic conditions and, in turn, mitigate accidents on the road. However, if these communications are compromised, so too is the network in the event of a malicious user carrying out attacks over these communication channels. Because of the huge risk that is involved in allowing vehicle-to-vehicle communication at this time and the significant benefit that this feature would provide to CAV capabilities, finding a solution that provides security while allowing these necessary interactions is a priority of many developers.

In response to this known issue, Rowan et al. [15] looked into a potential solution that incorporated many different technologies, including blockchain, to secure communication channels in CAV networks. The proposed solution outlined an advanced security system that made use of visible light and acoustic audio-based side-channel encoding to permit secure communications between two distinct vehicles, as well as using a PKI heavily based on blockchain technology to allow communication between unverified, potentially untrustworthy vehicles. In order to defend the use of blockchain, the researcher team expanded on its past capabilities in remaining secure and stable when faced with a heavy attack, as well as its proposed ability to verify information that is sent by untrusted vehicles through the use of available distributed hash tables maintained by each machine involved. Blockchain technology was incorporated for communication security and overall system stability and reliability. The implementation of the side-channels would focus primarily on the physical security of the transactions that were carried out by checking for and maintaining the identity and location information of a vehicle being communicated with. These numerous protections would allow immunity to RF channel jamming as well as physical attacks on the side channels through the double-check system, implementing blockchain on top of side channels to provide a backup if one of the systems is compromised through the use of the other one [15].

Singh and Kim [66] also brought up how the use of blockchain could serve as the solution for communication-based security vulnerabilities: citing its frequent use in similar security-based applications, as well as its high level of user trust that stems from its past reliability and flexibility between different fields. The proposed system is one that makes use of two types of blockchains: the main blockchain and a local dynamic blockchain, which each work together to store communications between vehicles. The local blockchain works in maintaining communications that are sent to it, sending any that it deems to be strange or out of the ordinary to the main blockchain, which will hold onto the strange

data for longer than the local one is able to. This way, the local blockchain can continue quickly storing and maintaining understood data, while the rest is held for a longer analysis period by the main blockchain. By this method, the high power use concerns of blockchain technology are mitigated, allowing for proper network function and the security benefits provided by the blockchain. Overall, the proposed communication network would stay secure and reliable without consuming excessive data or compromising network operation.

Michelin et al. [17] suggested the use of blockchain architecture based on smart city operation, whose infrastructure connects through electronic means, allowing the city and entities operating within it to act in a more efficient, beneficial way. Smart cities need to account for all aspects of traditional cities and, thus, have to heavily consider how roadways and traffic will be controlled and maintained. Today, this is generally done through the use of advanced sensors that routinely monitor traffic conditions and let vehicles make fast, consistent, and correct decisions, helping all the parties operating in, around, or with vehicles [17].

However, the amount of data generated and analyzed by vehicles and the systems they operate over may have some unintended drawbacks. In fact, Michelin et al. noted that in the future, it would likely be possible for vehicles to create around 4000 GB of data per day [17]. Clearly, this much data requires an extensive, reliable system that is well-structured and built to expand easily when faced with greater content production, while still providing for expected security and privacy features that users need. While many systems have been considered to provide for this, there still fails to be one that provides for all necessary qualities of such a system. Eventually, blockchain technology was viewed more extensively in regards to this problem, and it was decided that it would be the best technology to use for system implementation.

Currently, SpeedyChain is a system under heavy consideration, providing measures for intelligent vehicles, elements that are present in smart cities in regards to traffic control (such as traffic lights), Service Providers (SPs), and Roadside Infrastructure Units (RSIs). Common blockchain activities, including transaction and block verification, are all controlled by system users that have significantly higher available computing power and resources than other entities, as well as those that work directly with the smart city to ensure proper operation [17]. The process of introducing new entities, like vehicles and similar network-oriented devices, as depicted in Figures 9 and 10, is well-outlined and customized, especially for blockchain-aided implementation to prevent any coordination problems. When vehicles are first added, they need to undergo a validation process conducted by an RSI, with the validation methods being performed by both the new vehicle and the city-based node [17]. In exchange, the vehicle gets its own block, which has its creation dictated by the blockchain itself. Following the block's creation, the vehicle can use it to request and respond to transactions, with all of the transactions being visible to the system.

Under the system defined, vehicles are able to create data for control or service-based operations. Vehicle control data are uploaded for the use of concerned parties, like traffic management or other vehicles, who wish to minimize the level of traffic in a certain area of the city. However, service data are used instead by certain verified parties who want to sell certain vehicle-related services to users, as well as letting users view statistics on their vehicles to ensure their proper operation maintenance [17]. However, as it stands, there are still numerous problems with vehicle-oriented blockchain technology, with a major problem being the concept of dynamism. To explain, when a vehicle is active, it is moving nearly constantly, so they hardly ever stay in the same exact place over a certain time period. Because location-based data are needed for the system to work, the researcher team came up with a possible solution: the system RSIs and SPs would both take on the role of providing for blockchain implementation, a role that suits them well due to their inherent rigidity and known reliability [17]. Whenever a node is first added to the vehicle system, the RSI, as well as all surrounding vehicles, need to guarantee that the node is valid. This process is called location-based trust establishment [17]. When performed, the

process serves to validate the node's operation, which prevents the possible infiltration of malicious vehicles.

**Figure 9.** An example of a smart city infrastructure where all nodes, or entities, are capable of processing information and contributing resources to the overall network.

**Figure 10.** An example UML of a new vehicle entering a Smart City such as the one shown in Figure 9.

Smart cities have been noted to have great potential in improving their security through the use of blockchain technology in their device management system by Gong et al. [67]. Under this method, all devices, including CAVs, within the smart city network are managed under a blockchain-based system that facilitates safe and reliable updates, device control, and access only by approved parties that oversee smart city function and, overall, a secure and trusted network. Additionally, the blockchain implementation ensures the use of a peer-to-peer based system as opposed to one that is based on a single device, both aiding the reliability and protecting against data overflow and the security concerns that it could bring. Different protocols for use allow this system to communicate between any of the device types that are present within the smart city, which aids in communication, as well as device security and maintenance. In securing the network that oversees CAV operation via blockchain, the security and operation of CAVs

are maintained by extension, showing that blockchain has a number of potential uses that can directly or indirectly help them function.

Through the previous discussion, it is evident that blockchain has extensive application to CAV security, as noted by several researcher teams and companies. However, all of these implementations differ tremendously, each with their own specific benefits and drawbacks. Table 3 shows a more complete discussion of each method of implementation discussed.

#### *3.2. Financial Transactions and Enhanced Services*

With many well-known uses of blockchain centering around securing financial transaction-related data [68–72], it is not surprising that researchers are already looking ahead at how this can benefit CAVs. Beyond proposed use in strictly driving and user safety security measures, blockchain technology has been identified as having immense potential in conducting financial transactions between users driving a vehicle and another entity offering a service to the user [23,73–76]. While it seems like a somewhat outlandish use upon first glance, after considering the number of transportation-related payments that need to be made by people on a day-to-day basis, it is clear that the extension of blockchain technology to this area could provide users with a number of new benefits that could save them time, as well as provide further accessibility for such features to users who may not have access to the type of payment that is required while using more traditional methods on hand [23]. Parking payments, insurance, tolls, and car rentals are just a few examples of common transactions that could be simplified and secured with less time, effort, and user confusion via the implementation of common blockchain technologies [23].

Because CAVs are an emerging technology, they will likely cost too much for average users. Similar to previous emerging technologies, commercial entities will probably be among the first to use CAVs, with prices dropping enough for general consumer use much later. Interested parties that first use this technology will likely offer services, like ride-sharing, to customers that are interested in seeing which industries the technology will head to first; Saranti et al. [18] studied the previous uses of blockchain in CAV systems, taking note of affected areas and those that might be next.

As mentioned, there is a lot of promise for CAVs in ride-sharing, in which companies save time and money by offering unmanned transport to customers. Saranti et al. then moved on to investigate another blockchain-oriented application, in which the technology was used to handle transactions between vehicles, facilitating communication through the system.

The system network is composed of several CAVs, all of which can send messages to a user directly through their phone. A user can access certain information through a mobile application, more specifically, the locations of nearby cars, as well as relevant information on the vehicle currently being driven. This consistent access to accurate information promotes user safety, with the added benefit of building trust between the user and their vehicle's security. In a case where a user wants to use the application to carry out financial transactions, users are also required to enter their own data and, if desired, make a coin ledger.

This coin ledger handles payments between the passenger and CAVs. The vehicle will be able to withdraw the required amount throughout the trip, cost per kilometer, or all at once at the end. When completed, the blockchain-aided transaction is transmitted to the network.

Viewing previous blockchain applications, like its earliest use in Bitcoin, its extension into the financial field surrounding vehicle-based transactions would be relatively easy to apply. As an added benefit, blockchain is most well-known for its widespread influence in securing payments between network-connected entities, and it already has a solid reputation among millions of satisfied users. As such, its implementation could also promote user acceptance of CAVs, allowing for further development in the field and a greater number of studies and system outlines focusing on its future applications.



*Electronics* **2021**, *10*, 629

As Miller explained in an article that focused on the future adoption of blockchain into several different fields, blockchain technology, with its ability to allow and manage transactions securely and their details as permanent records, directly encourages the possibility of allowing CAVs to carry out transport-related financial transactions [77]. Miller went on to add that different transaction types, such as refueling or vehicle repairs, would be treated differently, with transaction rules differing depending on the exact type of service that is being provided to the user. Figure 11 shows a basic diagram of the model, which indicates the specialization of each individual process to make all transactions as simple as possible [77].

**Figure 11.** A model showing how transactions can be carried out and recorded through the use of blockchain in CAVs, inspired by [77].

A similar approach is brought up by Yuan and Wang, which also makes use of blockchain in meeting its goal [78]. In their paper, the potential of CAVs acting with the ability to get certain goods or services, like wi-fi or timed parking spots, through the use of stored cryptocurrency powered by blockchain is discussed in detail [78]. Via this method, it may be possible for people to make payments through the use of intelligent agents that act on their behalf, with these agents having all the specific information, like rules and algorithms, to actually carry out requested user transactions. This would greatly ease the process of making transport-related purchases, ensuring that users are never at a loss in how to carry them out, and CAVs are always equipped with the ability to facilitate financial transactions when desired. Because of this, the integration of blockchain-based cryptocurrency is certainly a promising concept and one that could serve to expand on the capabilities of CAVs greatly.

Companies have not ignored the potential for financial applications of CAVs using an underlying blockchain framework. In fact, IBM has begun contributing its own current blockchain-based architecture to promote the development of a system to access such applications [79]. Through this addition, the main goal is to provide security to the system, as well as the ability to create, end, and manage financial transactions with as much user ease of access as possible, as well as allow users to see statistics on their own vehicles in order to guarantee that everything is functioning properly [79]. The Car eWallet system, initially developed by ZF Friedrichshafen AG, is one that cites a huge number of benefits as the reason for the addition of blockchain, including its security, low processing power needs, validation of transactions, the constant and secured maintenance of transaction records, and the consistent availability of such information to only verified parties [80]. Easy user access to beneficial driving-related services, as well as ease of deploying such services to users, are both major reasons for more companies and users to use this network, and, with its broad applications to CAV technology, it could very well be a primary driving force towards user acceptance of CAVs as a whole [80]. Figure 12 presents a visual model of the transaction process carried out by this Car eWallet system.

**Figure 12.** A diagram of the transaction-establishment and completion process, inspired by [81].

Transportation, while used on a day-to-day basis by most people, has a number of implementation-based flaws that limit its range of accessibility. In areas where public transportation is not an option, anyone who is unable to afford or drive their own vehicle is forced to rely on person-based transport, such as Uber or Lyft, which may not be desired due to concerns of safety in trusting complete strangers to drive them to their destination, or impossible in cases where no drivers live nearby. With the high level of activity that is required in the lives of many people today to go to work, run errands, and access certain services, consistently available and accessible transportation is an inviting concept. While working towards this goal, CAVs may face many challenges in moving forward, depending on their exact implementation. As companies jump on new CAV technology to provide their own businesses in on-demand autonomous transport, there is an inherent risk in this promoting a single transport platform, as has been seen in a number of other industries that are controlled by a few well-known giants that limit competition and promote centralization of the network and its data [21]. In such a case, if one of the major few platforms is compromised, an unacceptably large number of users will be affected, so a major goal of CAV system applications must be to promote many different transport options to discourage single points of failure.

Though many may argue that such a centralized setup is unavoidable in business, measures have been discussed further to promote decentralization, including the adaptation of blockchain technology. A concept that was presented by Catapult Transport Systems alongside the University of Sheffield elaborating on the benefits of decentralizing the transportation industry focused on how blockchain lends itself to use as a factor promoting this push on the industry [21]. Unlike many other systems that promote client-server network architecture, blockchain uses an architecture much more similar to peer-to-peer systems in enabling communication between entities. Making use of this system in transport-as-aservice applications would remove controlling entities, allowing for a collection of transport operators to moderate its use instead of putting all public trust in single entities [21]. This necessary application of CAV technology could be made more robust and reliable through these methods, allowing for its enhanced growth and development without compromising the desired decentralization of the CAV system and its use. In particular, blockchain has already shown itself to be well-trusted and used to promote decentralized networks in a number of other industries with great success across fields, so its use in more specific CAV applications would likely be met with approval from the public as well as researchers.

Similarly, Yuan et al. [82] emphasize the importance of having a decentralized Intelligent Transportation System, as well as the role of blockchain technology in ensuring

it. The team also presents an outline for how such an architectural design would work, proposing a seven-layer model covering all aspects of the blockchain implementation that would be used. Unlike basic blockchain, this design is especially oriented towards an Intelligent Transportation System approach, which it accomplishes by providing a number of distinct layers. The physical layer is the first of these layers, which includes and secures IoT-enabled entities. Following it is the data layer, providing data blockchains and the ability to operate with or on them. Next is the network layer, which outlines the procedures in forwarding and verifying data and participating on the network. After the network layer is the consensus layer, which keeps track of and provides all necessary consensus algorithms and decides on the most appropriate one for any interaction. Layer five is the incentive layer, which works by motivating the network to keep up data verification efforts through the use of money-based rewarding blockchains that are granted to contributing nodes. The contract layer is used to maintain activating entities for specific blockchains, like algorithms and smart contracts. The final layer, the application layer, keeps track of different scenarios and use cases in the system. When combined, these layers form a comprehensive blockchain structure that allows for the construction and maintenance of an Intelligent Transportation System, aiding in the decentralization of CAV technology and applications [82].

When blockchain technology is considered in terms of CAV services, there are a number of different approaches that are opened up by its addition. For example, Liu et al. [83] has proposed the use of blockchain in enabling EVCE, electric vehicles cloud, and edge networks. This architectural model focuses on allowing the needed, easily opened and ended, communications between network-connected entities, while also allowing for certain other exchanges to occur. When vehicles communicate amongst each other across the network, they cannot only share information, but unused resources from a shared pool that can aid in the speed of operation and provide energy to vehicles that need it. In turn, providing vehicles are rewarded with energy or data coins, depending on what they have provided for other vehicles. These coins allow certain benefits, like greater access to the resource pool between vehicles, or lower prices for energy, which encourages users to contribute their unused resources more often. Roadside units serve as communication providers for the system, working in information exchange, and they serve to validate the information and enable transactions, as shown in Figure 13. Local aggregators have slightly different roles, both facilitating information exchange and serving as an intermediate body between an energy-providing power grid and the requesting vehicles to provide access to energy-exchange features, using available batteries to accomplish the latter [83].

The VANETs previously discussed have been noted to be particularly oriented towards the adoption of a financial transaction method, as they primarily act as huge networks of different user-owned vehicles, all of which may have different needs that can be met by suppliers. In their research paper, Benjamin Leiding and William V. Vorobev build on this, outlining a potential transaction-focused network architecture for use in VANETs, citing the number of areas in such networks that goods and services would be desired by users [84]. While similar networks are already in place after implementation by specific companies, they noted that these networks all have different requirements, standards, and methods of operation, which makes interoperability extremely difficult [84]. In order to remedy this problem, they proposed a single unified platform that allows interactions between vehicles and any other enabled devices, which makes the process of carrying out transactions much easier for users [84]. In addition, the proposed platform outlined the foundations of a system for auctioning such goods and services in cases where an agreement needs to be made on a price between a user and seller, providing greater flexibility in the types of purchases that can be made through CAVs [84]. The proposed method was also built on blockchain technology, culminating in a final outline for a network that is able to support full interaction between user vehicles and service-providing devices, letting them interact to their fullest potential by making purchases whenever necessary, regardless of manufacturer or exact object or service being bought [84]. Figure 14 shows a diagram of this system.

**Figure 13.** A model showing how energy and information is exchanged over the network using blockchain, inspired by [83].

**Figure 14.** VANETs setup via blockchain, inspired by [84].

Blockchain has been noted as being particularly useful in carrying out financial transactions, which has led to this described influx of different proposed models for how exactly it can be applied to allow for CAV transactions. While they all seek to accomplish similar goals, they all differ in the manner of implementation, and the exact provisions offered, which makes them all unique. Table 4 shows a comprehensive discussion of each method of implementation discussed.



#### *3.3. Driving Record Maintenance*

In most areas of the world today, records of actions performed and their results are maintained and analyzed to come to important conclusions, such as how much damage was done in an accident, how much money is owed, and what must be done in reaction to certain events. In driving, this no different: traffic accidents are both extremely common and, in many cases, remarkably lengthy and challenging to document [85–89]. The introduction of CAVs with no event-recording measures will not necessarily help to remedy this flaw and, as such, many researchers have come to blockchain technology and similar technologies as a possible mechanism to overcome it instead. Providing evidence through accurate and secured records maintained in a database could greatly ease the current accident documentation process and issue insurance claims, determine who is responsible, and outline how reparations should be made [90–94].

With growing concern over the accountability assigned in traffic accidents involving one or more CAVs, there must be measures to avoid collisions and measures of tracking and securely maintaining information on crashes in the case that one still occurs. Accidents are not always recorded and documented effectively and, even when they are, it can be difficult to determine which parties were at fault. However, in the case of traffic incidents, this information is needed to determine what actions need to be taken to resolve the situation. From these needs, a system description from the authors of [95] emerged, focusing on the application of an approach that is based heavily on blockchain technology in maintaining records of vehicle statistics and decisions made to get a clearer view of events leading up to and following accidents to determine which party was at fault.

While not involving blockchain directly, it was the inspiration for a proposed method to take records of data, maintain these records securely, and promote the safety of CAVs and the people surrounding them [95].

Aste et al. noticed the same potential, saying that the use of unified databases to hold information are inefficient and ineffective when these databases have different information relating to the same case [96]. With the peer-to-peer based model, in which all vehicles present share gathered information, such concerns are mitigated, and the proof is ensured to be provided in a faster, more accurate, and reliable manner. Blockchain was chosen by them to be an incredibly effective method to underly such a system as well, citing its high security, ability to provide proof of existence, and maintained, up-to-date, and readily available information on transactions to verified parties. Data transparency, a decentralized network layout, and the adaption of blockchain technology to a storage facility for the information provided by a number of different relevant devices were all also reasons for its incorporation. Extensive prior use of blockchain in verifying and validating different entities before allowing them to interact is another benefit of the technology. This approach needs further consideration in the adaption of such record-maintaining structures to CAV systems [96].

Oham et al. outlined a similar approach to analyzing accident data for blame attribution [97]. This system manages to avoid several common errors in ensuring that parties are not wrongfully accused or let off for roles in accidents. The model described is resilient, relying on not one, but several parties, and it makes use of blockchain to validate provided evidence and enable only parties directly involved to present information. When accidents occur on the road, parties that are close to or involved in the accident can present evidence, information that they witnessed regarding the accident, including information that is related to time and location, and other factors gathered through visual and auditory sensors in vehicles. Blockchain, they explained, is a natural choice due to its inherent security and heavy use in data validation and decentralized networks. The peer-to-peer based system, in which all entities are able to present, agree on, and invalidate evidence presented makes it harder to miss specific crash details and, in turn, greatly eases the process of determining exactly what happened, who should be blamed, and who must be compensated. Figure 15 shows a basic model for this approach.

**Figure 15.** A model outlining the basic proposed operation of a blockchain-based informationgathering system to validate and collect accident details, inspired by [97].

Cebe et al. [98] also outlined a method of using blockchain to record events and information in the event of accidents, with this approach making use of a type of permissionoriented blockchain-based architecture, which guarantees the access to and use of vehiclecollected data only when necessary to analyze accidents, and only by parties with certain permissions. To continue providing the anonymity and security necessary in information sharing, aliases are assigned to any users participating in the blockchain, so their information will not be compromised. Information gathered can then be used to assess the entire event and, eventually, assign blame to guilty parties and offer reparations to those harmed. Because of heightened overhead in a variety of similar applications, the method accounts for preserving speed and processing capabilities by only requiring the hash values of data provided to be stored and shared in favor of the entire ledger. Figure 16 [98] outlines parties assigned permission to add, analyze, and access accident-based information.

**Figure 16.** Different types of users who may have permission to operate on or with accident-related data, inspired by [98].

In terms of event-recording in piecing together accident-based information, the method used must be both understandable and efficient in determining case-sensitive details. As mentioned, it can be difficult to prove what has happened in the case of traffic incidents, which is why blockchain has been viewed as a potential solution due to its extensive background in maintaining and validating records. However, when CAVs are involved, considerations need to be made for both the user and their vehicle in accident assessment. In other words, how much of the accident was due to the user, and how much was due to flaws inherent in the CAV itself?

M. Ugwu et al. proposed a new type of permissioned blockchain-based system to address concerns on how accidents can be assessed in such a model, with this system operating in a series of two tiers to promote the separation of different data types to their respective tiers [99]. As in permissioned blockchain networks, each entity involved in the accident assessment and recovery process has its own distinct permissions to add, edit, and view data, being allowed and restricted based on their defined roles. Each tier is made up of three classes of objects: those who send data, those who validate sent data, and those who monitor overall functionality and activity on their tier. Tier one deals primarily in exactly how responsible each party is for the crash, determined through communications occurring at this level. Following the full assessment at this level, each party's distinct roles are known, and the known information is moved to the second tier. Next, at tier two, the presented information is viewed and used in determining how exactly each party should be held responsible for their roles. This two-tiered approach is extremely organized and easy to view due to the clear roles, players involved, and task isolation in each area, improving the overall system's efficiency and activity. Figure 17 shows a model of behaving entities in the system [99].

**Figure 17.** Different types of users who may have permission to operate on or with accident-related data under a tiered model, inspired by [99].

The implementation of a tiered system has shown promising results through its many benefits. In fact, it has shown numerous benefits over similarly proposed systems, like Block4Forensics, in its enhanced abilities in proving the existence of participating entities and their behaviors, entity involvement, and the ongoing activities of the blockchain underlying transaction control and validation. By these new capabilities, it is clear that blockchain is even more applicable to event-recording and validation in CAV systems than previously thought. If more thought is put into how exactly CAVs and the entities they work with specifically can benefit from various applications of blockchain technology, they can reach greater capabilities than ever before. Blockchain is applicable to CAV systems and outside systems that regularly interact with CAVs, so it must be thought of in terms of how it can be applied to both, not simply how it can be directly used in CAVs.

Insurance is often difficult for people to manage, and companies tend to have great difficulty in maintaining accurate information that is related to the driving history of an

individual, especially in the case of undocumented traffic incidents and history of reckless driving. Claims that a driver has suffered some form of personal or property damage must be backed by extensive evidence, which is not always readily available due to the absence of constant surveillance among all roadways. Even today, when technology and electronic record keeping exists all around us, driving records do not necessarily have every single instance of traffic-related wrongdoing committed by an individual, but such information can prove itself to be extremely valuable in the case of damaging traffic accidents in assigning blame and determining future insurance rates for individuals responsible, as well as how individuals that are hurt can be properly helped by their insurance plan.

The use of blockchain in CAV insurance cannot be overlooked to remedy these flaws. To understand why, consider the primary function of blockchain: maintaining, securing, and allowing transactions. These transactions are maintained and they can be extended to recording specific conditions, like those that are internal or external to the vehicle in question in the event of a traffic accident. Automobile insurance, including that for future CAVs, is an area that could face great improvement from the addition of blockchain technology, as mentioned by Wang [100]. A consistent history of records with up to date information on vehicle actions, conditions, and location that is secured and accessible only by verified insurance-providing parties means that users can rest assured that they will be able to quickly and effectively claim benefits if they suffer harm or damages in an incident, and those insurance providers will have a simpler time accessing reliable user vehicle data and shifting prices based on user reliability. Kudwa has also assessed the future of blockchain in CAV insurance, who elaborates on just how far blockchain technology can be extended to such an approach [101]. His focus is primarily on the simplification of several auto insurance-related processes, including the ease of users in issuing claims, including those that are based on vehicle and personal injuries or damages. Figure 18 shows a proposed model of how blockchain would be used to assist in general claims [101]. As shown, the prior issue of gathering, verifying, and analyzing extensive proof is made significantly less taxing on all parties that are involved by the addition of blockchain technology due to its known accuracy, tamper-resistant nature, and overall security in the information recorded.

**Figure 18.** Information on how insurance claim processing and analysis can be benefited through blockchain, inspired by [101].

The potential use of blockchain in CAVs record-maintenance to resolve known problems in providing accurate insurance provisions is also noted in [102]. The constant maintenance of internal and external vehicle conditions and operations that are used by blockchain technology would be able to keep a collection of records, with these records being accessible if needed to present evidence of wrongdoing or traffic violation. In addition, this would greatly shorten the amount of time that is required to file claims and appropriately charge individuals responsible. Blockchain, above other existing means of maintaining such information, has shown great success in maintaining security and

resistance to tampering of information, which would allow for access as needed as well as absolutely ensuring that no change has been made to the data recorded.

Consistent driving records that are reliable and accessible to verified parties is also essential in more specific operations. For example, as discussed in an article presented by Deloitte, blockchain-aided recording of delivery vehicles can provide companies or individuals with up to date information on when they can expect shipments to be delivered, as well as the current and prior states of this vehicle to inform them if something is amiss [103]. Additionally, in the case that a product is harmed through transport, internal vehicle conditions can be analyzed to determine so, proving that the customer had no responsibility for the poor state of the product and guaranteeing that they will be compensated instead of blamed for the damages. Similarly, customers will not be able to claim that a product that was damaged wholly by themselves was faulty upon arrival, as the internal conditions of the vehicle will prove that the package was secure for the duration of the trip. This allows for transparency in product condition, delivery status, and accountability in regard to damages, greatly aiding in the return process, as well as maintaining user satisfaction and company reliability.

Continuous vehicle status records also provide for a number of new features regarding vehicle rentals. In terms of leasing company benefits, the company can be sure of the past actions and track records of users prior to setting a rental price and allowing them to request certain vehicles. This setup also directly provides for the protection of safe CAVs operators in the case that a vehicle they were renting was damaged by an outside entity, which ensures that they will not receive full blame for the event in question. In such a way, responsible users and the companies that serve them benefit from this system.

The use of blockchain in transactions has already been noted as a primary reason for the technology by many, and this known benefit can be applied across most industries, including CAVs in the case of enabling and securing the generation and acceptance of contracts. The system that was outlined by [19] demonstrates the potential use of blockchain technology for allowing users to easily and securely make transportation-related agreements, letting them carpool, call autonomous taxis, and charge their vehicles without needing to perform such operations by more traditional, time-consuming means. This system is designed as a full-scale charging system, securing transactions and providing services directly between an CAVs and charging station, gathering essential user input with as little difficulty as possible.

Many people are still skeptical of the use of autonomous technology and so-called smart vehicles in maintaining user security, trust, and immunity to attackers. However, the adoption of such technology could meet these criteria and improve on existing measures in place in terms of availability and ease of access and use. Blockchain technology maintains records of all the transactions that take place, and its adoption in Bitcoin has already proven its safety and security measures. By traditional means, there is often a concern of what kind of currency a given service will require, with carpooling services ranging in whether or not they will accept electronically-made payments and, for some users, entering and exiting a vehicle to refuel or charge it can be a difficult or time-consuming task. Through the implementation of blockchain technology in allowing traditional transportation-based financial transactions to take place between machines with less direct user input, such actions can be simplified, allowing for user ease of use, access, and overall support of CAVs technology.

With the amount of attention blockchain has received in keeping secure and welldocumented records of important data for later use, the focus on how this function can be applied to CAVs is not surprising. As a result, many different system outlines are available to study, test, and consider for further use, each differing in their exact specifications. Table 5 shows a table providing an overview of each of the outlines discussed previously in terms of advantages and disadvantages.



**Table 5.** Comparison of selected record-keeping and maintenance methods in terms of advantages, drawbacks, and type of blockchain used.

#### *3.4. Improved CAVs Operation and Energy Network Functionality*

The arrival of CAVs, while widely anticipated by a number of consumers, has also been met with skepticism. Although they have shown a great deal of promise, it is difficult to ask users to put complete faith in their vehicle safely, especially following several noted failures to traverse roadways without endangering drivers or bystanders involved [104–108]. In addition, with the expected future automation of certain drivingrelated features, like recharging vehicles on the road, there are growing concerns regarding how these features can be handled safely and effectively with as little driver inconvenience and as much optimization as possible, with a number of existing system outlines and potential implementations [109–113]. To resolve such issues, many have started to look to blockchain technology for new solutions.

While CAVs have shown lots of promise in many areas of driving, they have also been shown to come into trouble when approaching and entering intersections [114] consistently. Intersections rely on a variety of complex rules that are easy for humans to process, understand, and quickly react to, but computer systems have difficulty in operating with the same speed and accuracy. Another factor making intersection navigation difficult to implement in CAVs is the amount of personal data that need to be analyzed in order to make important decisions regarding how to proceed, which raises numerous privacy and safety concerns from users. Of these issues, the latter relates closely to blockchain technology applications today and as such, a study that was conducted by Buzachis et al. [114] investigated how it could be implemented to aid CAVs operation.

Upon testing the discussed blockchain-based implementation of an CAVs system, the team found that the flow of information between CAVs was still too slow to provide reliable real-time decisions regarding what should be done. Latency faced a noticeable increase when met with greater send rates and user interaction, with it eventually increasing delay to the point of being unacceptable for real-time use in potentially hazardous driving scenarios. However, this does not necessarily mean that blockchain technology has no potential for future use in the area. As was discussed at several points throughout the experiment, blockchain technology is not unacceptable for priority-based decision making in complex roadway situations due to its own inherent flaws and incapabilities: the software and hardware limitations today prevent it from making these decisions in a reasonable period. With the constant and consistent evolution in software and hardware capabilities today, it is still completely possible that blockchain-based approaches will prove to be successful in meeting this currently unachievable goal.

Buzachis et al. [115] presented another proposed method to guarantee better CAVs operation, dealing with CAVs navigation of intersections. This one focused on the use of smart contracts to oversee the security and privacy of communications, relying on the underlying blockchain technology. Here, CAVs are overseen by a multi-agent autonomous intersection management system, known as an MA-AIM system, which requires the use of a specific entity, an intersection manager agent, assigned to a given intersection, in order to provide direction to each vehicle operating within its range. Of course, if not secured and protected from alteration, these communications could easily be compromised by malicious users, with potentially fatal results. The communications between adjacent vehicles, as well as those between vehicles and the intersections they operate across, are essential to this approach. Thus, blockchain technology, as well as smart contracts that are based on them, are utilized to provide security.

Similarly to real-life traffic situations today, there has been some trouble in ensuring that vehicles on the road are placed with enough space to ensure safety in the case of sudden braking to avoid obstacles. Humans are not always as responsive as necessary to avoid collisions that occur in crowded roadways, so the possibility of using CAVs technology to ensure that sufficient space is always allotted between adjacent vehicles could result in a significant decline in the number of accidents that occur. In response to such concerns, Robin Westerlund made use of an Ethereum blockchain-based system to keep track of where vehicles are in relation to each other and ensure that no boundaries are crossed during operation [31]. Through the tests conducted, Westerlund was able to demonstrate the high level of security, reliable and correct operation, and acceptable time and space use provided by the proposed system [31].

Another major source of error for CAVs today is the logic surrounding their lane change operation, as the act of switching between lanes is an inherently complex operation due to its dependence on a variety of internal and external factors [26]. Information transfer is greatly hindered by this, as the sheer amount of information that a system needs to track can be overwhelming, and even the slightest mistake or delay can lead to a collision. The data collected can also be excessive and even dangerous in the eyes of users who do not want information on their location and driving habits made known to hackers or other malicious parties.

While blockchain technology has certainly been very promising, it also relies on the use of extensive record maintenance and ledger updates to operating effectively, which presents problems in the energy use and response delay of CAVs [116]. Energy use is a huge hindrance for many vehicles and other devices today, so it cannot be ignored when present on such a major scale in an entire class of developing technology. It is not enough for CAVs to be secure and safe for users: their energy consumption must also be a factor that is considered before their full implementation. In addition, the significant number of transactions occurring at any given time over the network has dangerous implications for the network as a whole. The potential for network overload contributes to overall instability, as well as providing an opening for attackers to misdirect drivers and compromise user information. In such a case, regardless of the security and safety benefits provided by the implementation of blockchain technology into CAVs systems, it would be far too risky to use. However, at the same time, the number of transactions cannot simply be reduced without further thought. This would risk eliminating any of the beneficial aspects that are provided by blockchain technology, which makes its use pointless. Because it is not possible to prioritize either of these aspects without drastically compromising the network and devices on it, there is no truly secure way to implement blockchain technology into CAVs systems until its excessive energy-consumption and rate of transactions can be resolved.

Responding to energy-use concerns, Sharma came up with a method of drastically reducing the number of transactions that are carried out over blockchain without compromising its many benefits. Figure 19 shows a model of the approach, labeling several points where energy can be further conserved to allow improved efficiency. By his method, the number of transactions and overall energy-use would be reduced via the use of his designed distributed clustering model, with calculated 40.16% energy conservation on average and an 82.06% reduction in the number of transactions. The model does this by utilizing the optimal slots to update blockchain ledgers instead of choosing any slot indiscriminately, which is found via the use of an optimal transaction model selected from Cluster Heads. As noted, this potential reduction in energy use and the number of transactions carried out across the CAVs network would greatly increase the efficiency, speed, and overall operation of these devices, which makes it an extremely promising method to consider for blockchain implementation.

**Figure 19.** A model showing the structure of the areas of the CAVs network where energy use can be improved, inspired by [116].

Charging systems put in place to provide for consistent and reliable energy provisions in the case of requested transactions must also be assessed before CAVs systems as a whole can function effectively. In order to understand why, keep in mind how many vehicles may be completely autonomous in the future, and how this may open opportunities for the overload of charging stations and their resources. In such a case, the network itself may become compromised, and vehicles in need of energy may be unable to access it, compromising the operation of vehicles across the network. Energy-allocating transactions need to be readily available, presented via a scalable and resilient system, and immune to overload.

Looking to find a way to ensure this functionality, Jin et al. noted that blockchain technology is not only useful in CAVs themselves: it has a variety of traits that would benefit the operation of charging stations. Using it, energy can be provided to vehicles via a decentralized network, with ensured security and operation, very closely mirroring the architectural layout of CAVs systems as a whole. Inherent scalability, flexibility, and security present in blockchain technology have made it very well suited for such use, so it is certainly worth further consideration in terms of this application.

Charging system optimization is, as mentioned, a strong factor in determining the optimization of CAVs systems as a whole, since by improving their efficiency, CAVs will be able to operate more efficiently while still providing for the safety and health of our world in terms of environmental impact. To address concerns about the current capabilities of energy-providing units, Su et al. [117] designed a comprehensive system that works to provide a charge in a specialized, user-specific way, which guarantees that any given car will receive the optimal treatment and that charge-distributors can function with greater effect and efficiency. With the incorporation of blockchain in the system, the security level is guaranteed to carry out needed transactions, mitigating energy use concerns by implementing a permission-based model that avoids the use of an outside entity to overlook transactions. In addition, the authors discussed the possibility of using a consensus algorithm, called a delegated Byzantine fault tolerance algorithm, which heavily cuts the amount of energy that is used in carrying out transactions. Transactions are similarly carried out via blockchain to ensure the reliable, secure, and decentralized approach that is desired, with records of transactions being secured and always maintained. Figure 20 shows the results from analyzing the proposed model and previous methods for utility relative to the cleanness and environmental-consciousness of energy in use [117].

**Figure 20.** A model showing the environmental impact and utility of charging stations behaving under different methods, adopted from [117].

The concept of energy exchange between distinct CAVs and defined charging units or other charge providers has faced significant improvement from blockchain technology use. In an article that was presented by Javed et al. [118], an entirely new framework to charge vehicles, called a Mobile-Vehicle-to-Vehicle method, was outlined, which facilitates decentralized charging between network entities, and showed marked improvement in data security, transaction speed, energy cost, and ease in locating and accessing charge providing units for users. THe benefits listed are accomplished through, among other factors like improved algorithms, the incorporation of blockchain technology. An example of its benefits in relation to the costs of vehicles traveling overall based on the number of vehicles moving is shown in Figure 21 [118]. Underlying blockchain was used primarily in security, but also ensured user trust and approval through its extensive past use in known technologies and marked reliability, as well as its transparency in letting users view ongoing transactions in terms of who is sending and receiving information. Its implementation is an absolute necessity in this case, as, without the stability and security it provides, this charging system would be dangerous for its users, and, thus, not a feasible option for implementation [118].

**Figure 21.** A graph showing the cost to transport CAVs based on method, adopted from [118].

Another example of the use of blockchain-based scheduling optimization in benefiting the energy-exchange process is shown in an article that was presented by Huang et al. [119]. In this case, a consortium blockchain-based architecture is used to define the presented charge schedule, which aims to optimize the efficiency and utility of charge stations and their users. Similar to the method that is discussed above, blockchain is used primarily in its decentralized network promotion, as well as its inherent security and promotion of user trust and transparency. Figure 22 shows a base outline of the discussed approach to charging hybrid EVs, and, as pictured, involves a number of different entities that behave in distinctly specified ways. Under the hybrid-based system, many different charging

methods can be used, such as vehicle-to-vehicle and mobile charging vehicle-to-vehicle style transactions. By this method, the charge would be available to vehicles, regardless of type, model, and individual vehicle capabilities through the offer of a variety of charging methods instead of expecting all to follow a singular style best.

**Figure 22.** A diagram presenting the overall layout of the hybrid-based vehicle system, inspired by [119].

Open-source, usable networks for charging electrically-powered vehicles have not only been proposed; some have already been put into place. The first example of such a network was provided by the Energy Web Foundation (EWF), which put forward the energy-based blockchain system, called the Energy Web Chain [120]. With its network, the EWF hopes that energy can be provided to vehicles via an efficient, cost-effective, and overall accessible and optimized process that, in turn, contributes to the efficiency of the vehicles in using themselves. German-based company Share&Charge has also implemented its own network, which is called the Open Charging Network (OCN), to provide electric vehicles with fuel via the use of an expansive, mobile network [121]. Among other methods and technologies, blockchain technology was a huge basis for the design of the OCN, its security, mobility, and broad scope of applications causing it to have significant attention in such areas.

With its heavy recent growth and success, it is extremely likely that this technology will soon also be applied to CAVs. In this case, the optimization of the charging system needs to be given just as much thought as that of the CAVs system, since charging will be a central part of the proper operation of CAVs. Open, decentralized networks to provide energy must be available, reliable, and presented in a user-friendly manner, while not compromising the speed expected in carrying out energy-based transactions.

The difficulty faced by CAVs attempting to change lanes safely has already been noted and studied by a number of individuals and organizations, all rushing to find a way to combat this flaw. In response, one study, which was conducted by Fu et al., decided to implement blockchain technology into a more generally used machine-learning approach in an attempt to expedite the process [26]. In this implementation, they made use of vehicular blockchain in tandem with a deep reinforcement learning model, which acted to secure and protect data collected as it related to the user. This information gathering style allowed for users to remain anonymous and completely secure without sacrificing the educational benefits offered by having access to numerous sources of information relating to CAVs progress and behavior. Using this method, it was expected that users would have fewer privacy and security concerns about CAVs, be more willing to participate in data collection on their vehicles for research purposes, and that the information gathered would be shared between CAVs more quickly and effectively, all of which would lead to a shorter learning period for CAVs, and in turn, fewer accidents.

In order to test this idea, the group assessed the security of two separate groups: one using a collective learning approach without blockchain technology, and the other implementing blockchain technology to aid privacy and security. From the security tests conducted, it was shown that, when compared to the collective learning approach, the CAVs following the blockchain-based approach had a notably higher success ratio in changing lanes as malicious nodes were added to produce faulty and harmful data. The results showed that blockchain technology improved the safety and privacy of user information, supporting the use of blockchain in further development in the lane-changing capabilities of CAVs [26].

The use of blockchain has been applied and proposed for use in a variety of systems aiming to benefit its potential applications, as well as how well resources that are involved in such operations are maintained and utilized. As discussed above, these system and method outlines, while often similar, are never the exact same in how they are applied or what problem they aim to solve, and each has its own specific strengths and weaknesses. Table 6 shows a comprehensive discussion of each method mentioned above and how they relate to each other.




*Electronics* **2021**, *10*, 629


#### **4. Application of Blockchain in Collective Decision**

Before their full deployment, autonomous vehicles must have both individual and group operations that are assured to be secure. After all, the majority of accidents that occur require more than one party, so there must be a way to allow for autonomous vehicles to decide what maneuvers to make with other parties in proximity to avoid accidents. While many solutions have been posed, all with their advantages and drawbacks, blockchain has been applied rather extensively in this area through a variety of applications, highlighting its ability to allow the safe and consistent operation of a variety of related parties within a group.

There are not many methods of ensuring well-timed, secured communication between distinct devices operating in a group, as mentioned previously. Many researchers have noted that while devices may work adequately when operating alone, incorporating a group is a much more difficult topic, as a great deal of the rules underlying their operation are based upon human cues that are not readily understood by machines. As a potential solution to such group-based operation problems, blockchain has emerged and been employed in common group-based exercises to test its ability to govern such interactions. For example, an experiment that was conducted by Moran Cerf, Sandra Matz, and Aviram Berg, which incorporated its use into a Public Goods game, showed that its use of Smart Contracts allowed operating entities to understand and take opportunities that yielded better results [122]. Under different rule sets, this logical operation could be applied to vehicle systems as well, allowing them to avoid collisions and operate optimally on the road, securing the safety of all group entities and their passengers.

Cooperative decision making is essential to a variety of different systems, including swarm robotics, in which blockchain has already been extremely successfully applied [123]. The secure and consistent control of these autonomous devices was one of the main features keeping it back, but, with the application of blockchain technology in the field, many of the underlying problems were overcome due largely to the security, flexibility, and scalability of blockchain, as well as its low resource use when using its Proof-of-Authority algorithm [123–125]. Through an experiment implementing it into the decision-making process, it was shown to excel in this area, allowing for different parties in the swarm to communicate seamlessly, and thus avoid colliding and allow work in an intelligent manner [123].

Similarly, this use of blockchain to encourage cooperation within a system is maintained by studies conducted by Malavika Nair, and Daniel Sutter [126]. Starting by outlining the history of blockchain, its more common uses today, and its predicted growth, their paper discusses the potential impact it will have on other group-oriented applications [126]. Through past uses of blockchain, it is evident that, as it continues to be implemented into such problems, it will greatly contribute to entities' ability to communicate quickly and securely over a network, making it a promising choice in future studies regarding AV group operation. This expectation is due to its strengths in allowing crowd-based applications to thrive, in addition to it consistently providing users with expected security and privacy needs [126].

Blockchain, by its very nature, lends itself to use in ensuring the cooperation of autonomous entities, as emphasized by researchers in [127]. Their study, which begun with the goal of finding an efficient, scalable, and effective way to allow the control of large groups of robotic entities, arrived at the conclusion that blockchain would serve as an effective means [127]. This conclusion was reached due to the known benefits blockchain has above similar methods in privacy, security, and decentralized network incorporation [127]. Through its incorporation, it is reasonable to expect that its incorporation may also gain such benefits into AVs, which would be a significant step forward towards their wide-scale implementation and acceptance.

Even more specifically, blockchain has had its use proposed in ensuring the safety of vehicles operating in a platoon, a group of closely positioned operating vehicles. One project involved its use in maintaining these platoon vehicles' safety needs while simultane-

ously making them secure from information-stealing and attacks [128]. Both of these traits, while being necessary to AV operation, are often viewed as mutually exclusive, since the increase of one tends to imply the relapse of the other, but, through the use of blockchain, it is expected that both of the requirements may be met [128]. Such advanced operation would allow for the hastened and safer deployment of large-scale AV structures, making blockchain incredibly desirable incorporation.

LIPS (Leadership Incentives for Platoons) is another such method that is built around blockchain to ensure the appropriate operation of connected AVs across a network [129]. Similarly, the method proposed is primarily put forth to aid AV platoons, this time increasing their ability to form dynamically by providing certain benefits, often in the form of payment, to vehicles willing to lead [129]. As proposed, this payment method would be carried out over blockchain architecture, a natural choice due to its origin in Bitcoin, ensuring secure and consistently available payment between entities [129]. In tests carried out to test this proposal, it was shown to be effective in fulfilling its goals, with a number of future areas for improvement in platoon operation and capabilities [129].

Studies of how blockchain can be applied to help AV platoons have extended far beyond simply ensuring their security; however, such technology has been extended to allow for the enhanced operation of such platoons in automated group toll payment for charging. In fact, such an application was tested in an experiment conducted by Zuobin Ying, Longyang Yi, and Maode Ma [130]. In the case of platoon operation, while it allows for the eased navigation of a group to retrieve fuel with as little wasted time as possible, there is the possibility of vehicles trying to sneak through without paying or providing incorrect information to lie to a governing distribution authority [130]. For a time, this was a pressing issue, significantly delaying its full implementation. However, it was discovered, through the test that was carried out, that blockchain could provide the perfect mechanism to allow such operation through its smart contract feature and noted security prowess [130].

In addition to approaches that are entirely reliant on the blockchain, its flexibility has allowed it to be considered an option to complement others based on differing technology. For example, it is highlighted as an excellent choice of architecture to support platoons' intelligence while navigating difficult intersections, as mentioned by a team of researchers proposing potential solutions to such problems [131]. Blockchain is viewed as a natural choice to support platoon navigational and operative techniques has also been mentioned by Emanuel Regnath and Sebastian Steinhorst, who, in their research on how to supervise platoons of AVs, noted the applicability of blockchain to verify parties that are involved in the group [132].

Based on increased interest and study and growing capabilities, blockchain is expected to provide numerous benefits in the area of group supervision, in which case its application to AVs to benefit platoon operation would be a natural next step. Prior results in implementation testing have shown to allow great strides forward already, providing a promising look at AVs' future capabilities if blockchain is to be utilized.

#### **5. Future Research Directions, Challenges and Barriers**

Bockchain has a lot of potential to be used in different areas, particularly in the field of Autonomous Vehicles, as discussed through this paper. However, before this can be deployed on a large scale, several problems surrounding the technology must be examined and repaired to ensure that it meets necessary requirements for energy consumption, resource use, and response time [24,25].

Nevertheless, the general form of Blockchain is quite inefficient in terms of consuming computation resource. Lightweight applications of Blockchain have shown a great deal of progress in reducing computational resource strain, and, even now, research is ongoing to improve on this current drawback. Blockchain technology itself also does not have an inherent flaw in computational resource consumption: this is instead linked directly to its PoW algorithm, which has been studied, with some proposals being put forth to reduce

resource consumption [24,133]. As alternative algorithms to PoW are studied, Blockchain will likely be able to overcome its current high degree of resource use.

The high cost of implementation for Blockchain is the next challenge, which could be expensive in applications, such as CAVs. There are not many works discussing the expected cost for a large implementation, but examples of costs to develop other common blockchain applications are discussed across several papers [134,135]. However, as with many technologies, this cost can be expected to reduce significantly over time as more people study it, improve its efficiency, and become familiar with its structure and implementation enough to increase the number of workers who are able to work on implementing large-scale networks as needed.

Another challenge with using Blockchain in CAVs application is the fact that it requires high energy consumption. However, that depends on the exact type of blockchain type, there may be a much lower drain on energy use, as in non PoW models in use today [136]. While a good deal of blockchain applications today are fairly energy-intensive, a number of papers have also thought of how to resolve this issue, coming to a variety of possible solutions depending on the type of application desired [25]. In addition, Blockchain has shown that it provides a platform for users to interact more directly with their energy use and obtainment, as in proposed energy exchanging mechanisms between vehicles, as discussed by papers in the past, which could make up for higher rates of consumption in allowing more user control of how much energy they obtain at a time and from where they can access it [137].

Another main drawback of Blockchain is the responding time when more users are connected to the network, which makes them no suitable for safety applications. Delays are a known problem for Blockchain today, and as such, there is currently a lot of discussion on how to proceed when working to resolve the issue, as discussed in several papers [138]. Although there is not currently an agreed-upon solution to be used in all blockchain implementations, many incorporations of blockchain technology today still use their own methods to account for the issue of delay when under use by many people. For example, proposed methods like parallel proof of work [139] have shown to allow significant improvement in this area already. More lightweight blockchain applications have also been implemented, as with Block4Forensic, to improve the speeds of Blockchain when several users are in a network. With these examples, it's clear that these flaws are already noted and are currently being examined in a variety of ways to come to a resolution. In time, this flaw will most likely be mitigated, at which point blockchain technology will be closer to being ready for full use.

#### **6. Conclusions**

The blockchain technology contributes many advantages to network architecture such as scalability, security, and user safety which results in heavily being considered for future applications in CAVs systems. From its conception, blockchain technology was designed with several key features in mind: secured and maintained transactions, the use of a decentralized network, and user data protection, all of which could be extremely beneficial to future CAVs growth in a variety of ways. CAVs systems may not adequately protect against malicious user interference, leading to numerous accidents that may result in the loss of life. Thus, it still takes time to completely embrace the CAVs technology by public communities, such as engineers, mankind's scholars, legal intellectuals, social scientists, and moral philosophers. We need to take step forward to incorporate novel technologies, such as blockchain, to alleviate these concerns, as shown through experiments, outlines, and increased researcher interest in the idea. For the reasons that are discussed above, it is clear that the potential relationships between blockchain and CAVs technology need to be studied further in order to promote further development in both fields. By making use of a reliable, trusted technology to serve as a backbone for future CAVs systems, developers could be more certain in the safety and security of their products, as could users. In this

way, the full potential of CAVs technology would be realized, which would contribute to a safer, more secure, and more accessible world through the mitigation of traffic accidents.

**Author Contributions:** Conceptualization, N.K. and G.T.; methodology, N.K. and G.T.; validation, A.S.; writing—review and editing, N.K., G.T., and A.S.; visualization, G.T. and N.K.; supervision, N.K. and A.S.; project administration, N.K. and A.S.; funding acquisition, A.S. All authors have read and agreed to the published version of the manuscript.

**Funding:** Partial support of this research was provided by the National Science Foundation under Grant No. CNS-1919855. Any opinions, findings, and conclusions, or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the sponsoring agency.

**Conflicts of Interest:** The authors declare no conflict of interest.

#### **References**


**Mauro Victorio 1,†, Arman Sargolzaei 2,\* ,† and Mohammad Reza Khalghani 1,†**


**Abstract:** Networked control systems (NCSs) are designed to control and monitor large-scale and complex systems remotely. The communication connectivity in an NCS allows agents to quickly communicate with each other to respond to abrupt changes in the system quickly, thus reducing complexity and increasing efficiency. Despite all these advantages, NCSs are vulnerable to cyberattacks. Injecting cyberattacks, such as a time-delay switch (TDS) attack, into communication channels has the potential to make NCSs inefficient or even unstable. This paper presents a Lyapunov-based approach to detecting and estimating TDS attacks in real time. A secure control strategy is designed to mitigate the effects of TDS attacks in real time. The stability of the secure control system is investigated using the Lyapunov theory. The proposed TDS attack estimator's performance and secure control strategy are evaluated in simulations and a hardware-in-the-loop environment.

**Keywords:** time-delay switch attack; networked control systems; secure control design; Lyapunov theory; attack estimation; hardware-in-the-loop testing

**1. Introduction**

A networked control system (NCS) is a type of control system in which the control and feedback data packets are exchanged through communication channels between agents and the controller. NCS systems are used to enhance the efficiency and reliability of the control systems [1–4]. The simplicity and efficiency of NCSs for constructing networks among multi-agent systems have received significant attention over the past years. Although leveraging communication channels in an NCS can control and supervise the system more efficiently and reliably, NCSs are prone to cyber disruptions—either inherent or intentional ones, such as cyberattacks. The most known cyberattacks are denial of service (DoS), which disables access to the system information or a service [5], false data injection (FDI), which intentionally manipulates the exchange of data [6], replay attack, which maliciously repeats valid data transmissions [7], and a newly found attack, the time-delay switch (TDS) [3]. The number and intensity of these cyber manipulations have grown in recent years. One of these cyber attacks was the 2015 Ukraine Blackout event, in which about 225,000 customers lost their electricity for several hours. This cyber incident was a successful FDI on an actual power grid [8]. The 2019 Venezuela blackout resulted from a cyberattack on energy supplies in eighteen states that affected two-thirds of the country [9,10]. These cyber disruptions determine the criticality of studying cyber attacks on NCSs, like power grids.

A TDS attack is made by inserting time delays into communication channels of NCSs [11]. Since NCSs are time-sensitive and require updated measurement signals, a TDS can be highly destructive [11,12]. Time delays can occur purposefully or inherently in a wide range of engineering systems [12–14]. In general, time delays are common in control systems and can influence the stability of control systems. Even worse delays can occur when an adversary injects random TDS attacks into NCSs, making the systems inefficient or

**Citation:** Victorio, M.; Sargolzaei, A.; Khalghani, M.R. A Secure Control Design for Networked Control Systems with Linear Dynamics under a Time-Delay Switch Attack. *Electronics* **2021**, *10*, 322. https:// doi.org/10.3390/electronics10030322

Academic Editor: Qusay H. Mahmoud Received: 28 December 2020 Accepted: 25 January 2021 Published: 30 January 2021

**Publisher's Note:** MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

**Copyright:** © 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https:// creativecommons.org/licenses/by/ 4.0/).

even unstable. This circumstance stems from the fact that the controller needs to receive the measurement values in real time to be able to generate the control signals. NCSs transmit the sensor measurements from agents to a centralized control unit through communication channels, and injecting TDS attacks will result in instability in NCSs. Therefore, it is crucial to design a secure NCS that is robust to both natural delays and TDS attacks [3,15].

Even though it has been shown in the literature that TDS attacks can cause instability in NCSs [11], only a few studies have focused on detecting TDS attacks in real time, and none have investigated the compensation of TDS attacks by designing a secure controller. A neural network (NN) approach was developed in [16] as a tool for estimating a time delay in industrial communication systems with nonlinear dynamics, but the stability of this controller has not been investigated. Another NN-based approach was introduced in [17] to estimate the state of the system in real time. The aforementioned proposed algorithms require offline training and cannot detect TDS attacks in real time. Although machine learning techniques have been utilized for cyber attack detection in NCSs [18], various susceptible and erroneous detection results have been reported in the literature [19,20]. These machine learning methods are prone to maliciously altering the training or test data and cause disastrous operation issues and system instability [20]. A robust controller was introduced in [21] for systems with nonlinear dynamics. The proposed approach can compensate for the effects of TDS attacks in real time without detecting them. However, the proposed controller can only mitigate small amounts of TDS attacks. The approach proposed in [22] uses a neural-network-based detection algorithm to detect and estimate the TDS attack in real time. However, the proposed approach can estimate the TDS attacks accurately, but it cannot mitigate the effects of TDS attacks in real time. To mitigate the effect of a TDS attack, Ref. [12] proposed an adaptive control algorithm that estimates TDS attacks introduced into measurement signals. This work was able to detect and mitigate TDS attacks in real time. However, the stability of the proposed method was not investigated due to the nature of the controller design. Furthermore, the convergence of attack detection and estimation requires further investigation. Table 1 summarizes the advantages and disadvantages of approaches in the literature.


**Table 1.** The advantages and disadvantages of the approaches in the literature.

The contributions of this papers are as follows:


To summarize, the contribution of the paper is its proposal of a novel TDS attack detection technique along with its design of a secure Lyapunov-based controller for NCSs with linear dynamics under TDS attacks. The proposed algorithm is a model-based method that is able to detect and compensate for TDS attacks in real time with low computational complexity compared with learning-based methods.

The rest of the paper is organized as follows. Section 2 presents a general model for an NCS under a TDS attack. The proposed controller with a Luenberger observer is described in Section 3. Section 4 verifies the controller's stability. The case study is described in Section 5. Simulations and results are demonstrated in Section 6, and the conclusion is presented in Section 7.

#### **2. Networked Control Systems**

Despite all of the benefits of NCSs, including that they are fast, reliable, and have remote capability, NCSs are vulnerable to cyber disruptions and threats, since NCSs are highly dependent on information, communication, and cyber interfaces [1–3]. NCSs are used in critical infrastructures, and their security is categorized as one of the important concerns in the nation. Therefore, the vulnerability to external interruptions and attacks must be prevented. Since these systems heavily rely on networked communications, this dependency introduces delays, data packet drops, bandwidth allocations, and other cybersecurity issues in the data transfer process [11,23,24].

Specifically, delays can cause catastrophic failures in the systems that are under control. Measured data and control commands must be transferred within a limited period; otherwise, introducing delays to these signals makes the system unable to trace its operating conditions and causes an undesired response [3,25].

#### *2.1. Dynamic Model of an NCS*

A general diagram of an NCS system is presented in Figure 1. The communication between the plant and the controller takes place through a networked communication channel. Commands from the controller to the actuators and sensing signals from measurement sensors, which are vulnerable points of NCSs, must flow through the network. The NCS is mathematically represented by the following state-space model, assuming that the NCS has *J* agents:

**Figure 1.** General diagram of a networked control system (NCS) with multiple plants under timedelay switch (TDS) attacks.

$$\begin{cases} \dot{\mathfrak{x}}(t) = A\mathfrak{x}(t) + B\mathfrak{u}(t) \\ y(t) = \mathbb{C}\mathfrak{x}(t), \end{cases} \tag{1}$$

where *x*(*t*) indicates the states of NCS and can be described as

$$\mathbf{x}(t) = \begin{bmatrix} \mathbf{x}\_1(t)^T & \mathbf{x}\_2(t)^T & \cdots & \mathbf{x}\_I(t)^T \end{bmatrix}^T \tag{2}$$

and *x<sup>i</sup>* is the state-space vector of the *i th* agent of the NCS.

In a similar manner, *u*(*t*) is the vector of inputs and *y*(*t*) is the output, the aggregated state measurements of the system, which are described as

$$u(t) = \begin{bmatrix} u\_1(t)^T \ u\_2(t)^T & \cdots & u\_I(t)^T \end{bmatrix}^T \tag{3}$$

$$y(t) = \begin{bmatrix} y\_1(t)^T \ y\_2(t)^T & \cdots \ y\_I(t)^T \end{bmatrix}^T. \tag{4}$$

Each agent in the NCS can have a different number of inputs *ui*(*t*), outputs *yi*(*t*), and states *xi*(*t*). This means that each vector in *x*(*t*), *u*(*t*), and *y*(*t*) has its own dimension.

$$\mathbf{x}\_{i}(t) = \begin{bmatrix} \mathbf{x}\_{i,1}(t) \ \mathbf{x}\_{i,2}(t) \ \cdots \ \mathbf{x}\_{i,n\_{\text{xi}}}(t) \end{bmatrix}^{T} \tag{5}$$

$$u\_i(t) = \begin{bmatrix} u\_{i,1}(t) \ u\_{i,2}(t) & \cdots & u\_{i,n\_{\text{u}i}}(t) \end{bmatrix}^T \tag{6}$$

$$y\_i(t) = \begin{bmatrix} y\_{i,1}(t) \ y\_{i,2}(t) & \cdots & y\_{i,n\_{yi}}(t) \end{bmatrix}^T \tag{7}$$

where *nxi*, *nui*, and *nyi* are the dimensions of each vector of the state-space, inputs, and outputs, respectively, for the *i th* agent.

The matrix *A* is described as:

$$A = \begin{bmatrix} A\_{11} & A\_{12} & \cdots & A\_{1f} \\ A\_{21} & A\_{22} & \cdots & A\_{2f} \\ \vdots & \vdots & \ddots & \vdots \\ A\_{f1} & A\_{f2} & \cdots & A\_{ff} \end{bmatrix} . \tag{8}$$

Here, each sub-conjunct *Aii* has the dimension *nxi* × *nxi* of the *i th* agent in the system. *Aab* represents the mutual dependency between agents.

If all the agents are independent of each other, the matrix changes to the following:

$$A = \begin{bmatrix} A\_{11} & 0 & \cdots & 0 \\ 0 & A\_{22} & \cdots & 0 \\ \vdots & \vdots & \ddots & \vdots \\ 0 & 0 & \cdots & A\_{II} \end{bmatrix} . \tag{9}$$

In the same way, the matrix *B* is defined as

$$B = \begin{bmatrix} B\_1 & 0 & \cdots & 0 \\ 0 & B\_2 & \cdots & 0 \\ \vdots & \vdots & \ddots & \vdots \\ 0 & 0 & \cdots & B\_I \end{bmatrix} \tag{10}$$

Therefore, any single *B<sup>i</sup>* has the dimension *nxi* × *nui* based on the number of terms in the state vector (*nxi*) and the number of terms in the input vector (*nui*) of the *i th* agent in the NCS.

Matrix *C* is composed of *C<sup>i</sup>* for each agent in the system. The dimension of each *C<sup>i</sup>* is *nyi* × *nxi*. Matrix *C* is defined as:

$$\mathbf{C} = \begin{bmatrix} \mathbf{C}\_1 & \mathbf{0} & \cdots & \mathbf{0} \\ \mathbf{0} & \mathbf{C}\_2 & \cdots & \mathbf{0} \\ \vdots & \vdots & \ddots & \vdots \\ \mathbf{0} & \mathbf{0} & \cdots & \mathbf{C}\_I \end{bmatrix}. \tag{11}$$

*2.2. NCS under a TDS Attack*

The controller of an NCS is considered to be an optimal controller, which is described as

$$
\mu(t) = -Kz(t),
\tag{12}
$$

where *z* is the signal measured by the centralized controller.

Since delays are introduced to the communication channel, the signals received by the controller from each agent in the NCS are not the *yi*(*t*) originally observed from the system output. This paper assumes that an adversary cannot access control signals and only injects the TDS attacks into the measurement signals. The measured signal under a TDS attack can be described as

$$z\_i(t) = y\_i(t - \tau\_i), \quad i \in \{1, 2, \dots, l\}, \tag{13}$$

where *τ<sup>i</sup>* is the delay of the *i*th element of the NCS.

#### **3. Controller Design: Lyapunov Compensation with a Luenberger Observer**

#### *3.1. Observer Design*

A Luenberger observer is designed such that the error between the system measurement and estimated output converges to zero:

$$\begin{cases} \dot{\mathfrak{k}} = A\mathfrak{x} + Bu + L(\mathfrak{y} - \mathfrak{y}) + \psi\_2\\ \mathfrak{y} = C\mathfrak{x} \end{cases} \tag{14}$$

where the vectors *x*ˆ, *u*ˆ, and *y*ˆ are the state-space, the inputs, and the outputs of the observer, respectively. The compensator signal *ψ*<sup>2</sup> will be designed based on the subsequent stability analysis. The Luenberger gain *L* is a constant scalar number that multiplies the error between the output of the system *y* = *Cx* and the estimated value from the observer *y*ˆ = *Cx*ˆ.

Substituting the *y* and *y*ˆ elements in (14) yields

$$\begin{cases} \dot{\mathfrak{X}} = A\mathfrak{X} + B\mathfrak{A} + L\mathfrak{C}(\mathfrak{x} - \mathfrak{X}) + \mathfrak{Y}\_2 \\ \mathfrak{Y} = C\mathfrak{X} \end{cases} . \tag{15}$$

Grouping the elements with *x*ˆ, the system representation can be written as

$$\begin{cases} \dot{\mathfrak{k}}(t) = (A - LC)\mathfrak{k} + B\mathfrak{d} + LC\mathfrak{x} + \psi\_2\\ \mathfrak{y} = \mathsf{C}\mathfrak{k} \end{cases} . \tag{16}$$

The last term in Equation (16) is the response received by the observer from the plant through the delayed channel, which is actually *x*(*t* − *τ*). Given this variable, the state-space representation is changed to the following:

$$\begin{cases} \dot{\hat{x}}(t) = (A - L\mathbb{C})\hat{x} + B\hat{u} + L\mathbb{C}x(t - \tau) + \psi\_2\\ \hat{y} = \mathbb{C}\hat{x} \end{cases} \tag{17}$$

#### *3.2. Controller Design*

The proposed control diagram is presented in Figure 2.

**Figure 2.** The proposed robust observer-based controller.

The delay presented in the superior feedback loop is the attack delay inserted into the system. The feedback controller is the same for both the plant and observer environment (*K* matrix). The terms of *K* must be defined to implement an optimal response to the system. It was used as a linear quadratic regulator (LQR) method to create the proper *K* matrix with the individual gains for each state in the system [26].

The delay in the system data is estimated at the feedback loop of the observer. This estimated delay signal is applied in the controller to adjust the control commands based on the inserted delay. The system model is set with an initial condition vector and the reference signal, which is a zero vector. It is replicated on the observer, and because of that, the inputs are *u* = −*Kx* and *u*ˆ = −*Kx*ˆ.

As seen in (18) and (19), the input signal of the system is affected by the delay in the communication channel. In the same way, the estimate delay is injected into the observer feedback response to also emulate the delay at the observer.

$$
\mu = -\mathbf{K}\mathbf{x}(t-\tau) + \psi\_{\mathbf{I}} \tag{18}
$$

$$\mathfrak{A} = -\mathbb{K}\mathfrak{X}(t - \mathfrak{F}) \tag{19}$$

As Figure 2 shows, *ψ*<sup>1</sup> compensates for the delay attack in the control input, and *ψ*<sup>2</sup> compensates for the delay attack in the observer process. These two terms will be further elaborated upon in the next section.

#### **4. Proposed Delay Detection Method**

In this section, *ψ*<sup>1</sup> and *ψ*<sup>2</sup> are designed using the Lyapunov approach. Furthermore, this section illustrates how TDS attacks are estimated in real time.

Consider the Lyapunov function described as

$$V\_{\mathbb{C}} = \frac{1}{2} \mathfrak{X} \mathfrak{X}^{T} + \frac{\alpha}{2} \mathfrak{Y} \mathfrak{X}^{T} \, \, \, \, \, \tag{20}$$

where *α* is a positive gain, *x*˜ , *x* − *x*ˆ is the state estimation error, and *τ*˜ , *τ* − *τ*ˆ is the delay estimation error.

In (21), the derivative of the Lyapunov function is taken to obtain the required parameters and design a controller that is resilient against TDS attacks. It should be noted that

time-delay attacks here target the input signals *ureal* and *uobs*. The output data *y* from the plant also have the delay attack shift in this model.

$$
\dot{V}\_{\mathbb{C}} = \mathfrak{X}\dot{\mathfrak{X}}^T + \mathfrak{a}\mathfrak{Y}\dot{\mathfrak{Y}}^T \tag{21}
$$

Substituting ˙*x*˜ = (*x*˙ <sup>−</sup> ˙*x*ˆ) and ˙*τ*˜ = (*τ*˙ <sup>−</sup> ˙*τ*ˆ) into (21), we obtain:

$$\mathcal{V}\_{\mathbb{C}} = \mathfrak{X}\{\mathfrak{x} - \mathfrak{X}\}^{T} + \mathfrak{a}\mathfrak{F}\{\mathfrak{x} - \mathring{\mathfrak{F}}\}^{T}.\tag{22}$$

Then, *x*˙ and ˙*x*ˆ are substituted according to (1) and (14), respectively. The equation changes into:

$$\begin{split} \dot{V}\_{\text{c}} &= \mathfrak{X} \{ A\mathfrak{x} + Bu - \left( (A - LC)\mathfrak{X} + B\mathfrak{A} \right. \\ &\left. + LC\mathfrak{x}(t - \tau) + \psi\_{2} \right) \}^{T} + \mathfrak{a}\tilde{\tau}(\dot{\tau} - \dot{\mathfrak{t}})^{T} . \end{split} \tag{23}$$

Substituting the signals *u* and *u*ˆ from (18) and (19), the equation becomes the following:

$$\begin{split} \dot{V}\_{\text{c}} &= \tilde{\mathfrak{x}} \{ A\mathfrak{x} + \mathcal{B}(-\mathbf{K}\mathfrak{x}(t-\tau) + \psi\_{1}) \\ &- (A\mathfrak{x} + \mathcal{B}(-\mathbf{K}\mathfrak{x}(t-\mathfrak{t}) \\ &+ LC\mathfrak{x}(t-\tau) + \psi\_{2}) \}^{T} + a\mathfrak{x}(t-\dot{\mathfrak{t}})^{T} .\end{split} \tag{24}$$

Considering a constant delay in the channel, even if it happens over short periods of time, the derivative of the delay is going to be null (*τ*˙ = 0). Using a Taylor series, the delayed signal is modeled approximately up to the first derivative term as *x*(*t* − *τ*) = *x* − *x*˙*τ*.

$$\begin{aligned} \dot{V}\_c &= \tilde{\mathfrak{x}} \{ (A - L\mathbb{C}) \tilde{\mathfrak{x}} \\ &- BK(\mathfrak{x}(t - \tau) - \mathfrak{x}(t - \mathfrak{t})) + B\psi\_1 \\ &+ LC\dot{\mathfrak{x}}\tau - \psi\_2 \}^T - \mathfrak{x}\mathfrak{x}(\dot{\mathfrak{t}})^T \end{aligned} \tag{25}$$

Assuming that the second and third terms in (25) can cancel out each other, *ψ*<sup>1</sup> can be obtained as follows:

$$
\psi\_1 = \mathcal{K}(\mathfrak{x}(t-\tau) - \mathfrak{x}(t-\mathfrak{k})).\tag{26}
$$

After this, the derivative of the Lyapunov function is simplified as in (27).

$$\begin{split} \dot{V}\_{\varepsilon} &= \mathfrak{X} \{ (A - L\mathbb{C}) \mathfrak{X} \\ &+ LC(\mathring{\mathfrak{x}} + \mathring{\mathfrak{x}})(\mathring{\mathfrak{x}} + \widetilde{\mathfrak{x}}) - \mathfrak{y}\_{2} \}^{T} - \mathfrak{a}\,\widetilde{\mathfrak{x}}(\mathring{\mathfrak{x}})^{T} \end{split} \tag{27}$$

Applying the distributive property, Equation (27) is extended to (E:dem4):

$$\begin{split} \dot{V}\_{\text{c}} &= \mathfrak{X} \{ (A - L\mathfrak{C}) \mathfrak{X} \\ &+ L\mathfrak{C} (\dot{\mathfrak{X}}\mathfrak{F} + \dot{\mathfrak{X}}\mathfrak{F} + \dot{\mathfrak{X}}\mathfrak{F} + \dot{\mathfrak{X}}\mathfrak{F}) - \mathfrak{y}\_{2} \}^{T} - \mathfrak{a}\mathfrak{F}(\dot{\mathfrak{Y}})^{T}. \end{split} \tag{28}$$

Simplifying (27), we obtain the following equations, which will be used to find the estimated delay *τ*ˆ:

$$\pounds L\big(\dot{\mathfrak{x}} + \mathring{\mathfrak{x}}\big)\mathfrak{x}^T = \mathfrak{a}\mathfrak{x}(\mathring{\mathfrak{x}})^T \tag{29}$$

$$
\hat{\mathfrak{r}} = \frac{L\mathbb{C}}{\mathfrak{a}} (\dot{\mathfrak{x}} + \dot{\mathfrak{x}}) \mathfrak{x}.\tag{30}
$$

The element *α* is a parameter for characterizing the system to make it possible to run the computation of the estimated delay value. Unfortunately, there is not a previous relation between the physical parameters of the system and the value of *α*. The moment when the attack is deployed and the amount of delay injected have different effects on the system. The method used to get *α* is based on the peak value observed when tracking the error signal—the difference between the plant response and the observer response—and defining the *α* value. Then, some series of tests must be performed under known TDS attack conditions to validate the definition of *α*. An offset may be applied according to the essay results to guarantee more precise estimates.

*ψ*<sup>2</sup> is obtained below:

$$
\psi\_2 = L\mathfrak{C}(\dot{\mathfrak{x}} + \dot{\mathfrak{x}})\mathfrak{f}.\tag{31}
$$

The Lyapunov theory is applied to guarantee that the system remains stable at different operating points. The Luenberger gain *L* must satisfy the following equation:

$$\mathfrak{X}\{(A-L\mathbb{C})\mathfrak{X}\}^T<0.\tag{32}$$

The derivative ˙*x*ˆ can be taken from the observer. However, the error signal and its derivative ˙*x*˜ must be deduced—because it is not possible to measure data at the plant output before the delayed channel—by checking the error *x*(*t* − *τ*) − *x*ˆ(*t* − *τ*ˆ).

The Taylor series approximation must be considered; neglecting the higher-order terms, the delayed signal is represented by the following:

$$\mathbf{x}(t-\tau) = \mathbf{x} - \mathbf{\dot{x}}\tau.\tag{33}$$

Similarly, the estimated states are obtained below:

$$
\mathfrak{X}(t-\mathfrak{k}) = \mathfrak{x} - \dot{\mathfrak{k}}\mathfrak{k}.\tag{34}
$$

Subtracting Equations (33) from (34) will result in (36):

$$\mathbf{x}(t-\tau)-\hat{\mathbf{x}}(t-\hat{\tau})=\tilde{\mathbf{x}}-\dot{\mathbf{x}}\tau+\hat{\mathbf{x}}\hat{\tau}\tag{35}$$

$$
\mathfrak{x}(t-\tau) - \mathfrak{x}(t-\mathfrak{t}) = \mathfrak{x} - \dot{\mathfrak{x}}(\mathfrak{t}+\mathfrak{t}) + \dot{\mathfrak{x}}\mathfrak{t}.\tag{36}
$$

The term *τ*˜ can be neglected because it is expected to go to zero due to the proper function of the proposed estimator. In this case, the Equation (36) becomes:

$$
\mathfrak{x}(t-\tau) - \mathfrak{x}(t-\mathfrak{f}) = \mathfrak{x} - \mathfrak{X}\mathfrak{f}.\tag{37}
$$

Considering that the system must be stable because the chosen value of *L* must guarantee the Lyapunov stability criteria, the Luenberger observer must bring estimation error signals in the form of *x*˜ = *a*.*e* <sup>−</sup>*kt*. Then, ˙*x*˜ <sup>=</sup> <sup>−</sup>*kx*˜. Taking *<sup>k</sup>* <sup>=</sup> <sup>1</sup> (the effects of this *<sup>k</sup>* can be absorbed by *α*) to simplify the calculations, Equation (37) becomes

$$\mathbf{x}(t-\tau) - \mathbf{\hat{x}}(t-\tau) = \mathbf{\hat{x}}(t)(1+\mathbf{\hat{r}}) \tag{38}$$

$$\mathfrak{x}(t) = \frac{\mathfrak{x}(t-\tau) - \mathfrak{x}(t-\mathfrak{f})}{1+\mathfrak{f}}.\tag{39}$$

This way, it is possible to deduce *x*˜(*t*) and its derivative ˙*x*˜(*t*) used in Equations (30) and (31). They are obtained with the difference between consecutive samples in the digital readings.

#### **5. NCS Case Study: Load Frequency Control Design for Power Grids**

Load variation may create frequency oscillations and ultimately cause power grid instability. When the the grid load increases, the frequency decreases, and vice versa. Once a rapid load change is sensed, the electrical torque output is changed, which leads to a mismatch between the electrical and mechanical torques. This torque mismatch results in turbine speed changes that, in turn, cause frequency oscillations in the grid [27].

The load frequency control (LFC) of power systems is crucial in sustaining the grid frequency within a predefined range. LFC guarantees that the grid generators can properly maintain a balance between load and energy supply using the regulation of generators' set-points [27].

The mathematical model for an NCS applied to the power grid with several agents was developed in [12]. The mathematical model presented in Equation (1) with the *x<sup>i</sup>* vector is defined as the following:

$$\mathbf{x}\_{i}(t) = \begin{bmatrix} \Delta f\_{i}(t) \ \Delta P\_{\mathcal{G}i}(t) \ \Delta P\_{\text{lu}\_{i}}(t) \ \Delta P\_{pf\_{i}}(t) \ e\_{i}(t) \end{bmatrix}^{T} \tag{40}$$

where ∆*fi*(*t*) is the frequency deviation, ∆*Pg<sup>i</sup>* (*t*) is the generated power deviation, ∆*Ptu<sup>i</sup>* (*t*) is the turbine position, ∆*Pp f<sup>i</sup>* (*t*) is the tie-line power flow, and *ei*(*t*)]*<sup>T</sup>* is the control error given by *<sup>e</sup>i*(*t*) = <sup>R</sup> *<sup>t</sup>* 0 (*βi*∆*f<sup>i</sup>* + ∆*Pp f<sup>i</sup>* )*dt*.

Therefore, the equations are going to have *<sup>x</sup>i*(*t*), *<sup>u</sup>i*(*t*), and *<sup>y</sup>i*(*t*) <sup>∈</sup> <sup>R</sup><sup>5</sup> , where *ui*(*t*) is the control input vector, *xi*(*t*) is the state vector, and *yi*(*t*) is the output of the *i th* agent in the system.

In this study, multiple grids are connected to the same tie-line within the same NCS. This means that agents can communicate with each other and exchange power among themselves through the grid. The matrix *A* will be similar to that presented in (8) with the following elements: Each *Aii* will be

$$A\_{ii} = \begin{bmatrix} \frac{-\mu\_i}{f\_i} & \frac{1}{f\_i} & 0 & \frac{-1}{f\_i} & 0\\ 0 & \frac{-1}{T\_{tu,i}} & \frac{1}{T\_{tu,i}} & 0 & 0\\ \frac{-1}{\omega\_i T\_{g,i}} & 0 & \frac{-1}{T\_{g,i}} & 0 & 0\\ \frac{2}{\sum} & 2\pi T\_{i,j} & 0 & 0 & 0 & 0\\ \beta\_i & 0 & 0 & 1 & 0 \end{bmatrix} \tag{41}$$

and *Aij* will be

$$A\_{i,j} = \begin{bmatrix} 0 & 0 & 0 & 0 & 0 \\ 0 & 0 & 0 & 0 & 0 \\ 0 & 0 & 0 & 0 & 0 \\ -2\pi T\_{i,j} & 0 & 0 & 0 & 0 \\ 0 & 0 & 0 & 0 & 0 \end{bmatrix} . \tag{42}$$

The parameters presented in (41) and (42) are described as follows:


Similarly to (10), the matrix *B* is defined below:

$$B\_i = \begin{bmatrix} 0 & 0 & \frac{1}{T\_{\mathbb{S},i}} & 0 & 0 \end{bmatrix}^T. \tag{43}$$

Since vectors *y*(*t*) and *x*(*t*) are the same as those shown in Equation (1), the matrix *C* presented in Equation (1) is an identity matrix, and finally, the matrix *D* is considered null in this study.

#### **6. Simulation Results**

This section illustrates the performance of the proposed secure control design along with the TDS attack detection technique through the case study that was introduced in Section 5. On top of the simulation, the method was implemented in a hardware-in-theloop (HIL) environment to show that the proposed method is practical. For the HIL testing, we used a DS1104 Controller Board in connection with the MATLAB Simulink software. The LFC model was implemented via MATLAB Simulink 2019a, and it was converted into a C program to be loaded into the Dspace board. The results were observed using the Dspace console in real time. To show that the proposed method can perform well under measurement noise, we added zero-mean Gaussian noise during the HIL performance testing. As shown in Figure 3, the NCS, including two agents, was subjected to TDS attacks. Table 2 illustrates the parameter values that were used in the simulation.

**Figure 3.** Two-agent load frequency control (LFC) system.

**Table 2.** Simulated Power Areas' Parameter Values


The delay attacks were simulated based on the following assumptions:

**Assumption 1.1.** *The TDS attack takes place at a certain moment and remains constant.*

**Assumption 1.2.** *The TDS attack affects all the states. The starting moment and the delay period are the same for all the states.*

**Assumption 1.3.** *From the moment the attack is launched, it persists until the end of the simulation.*

**Figure 4.** The NCS system under a TDS attack of *τ* = 0.19 s at the instant *t*<sup>0</sup> = 1 s.

**Figure 5.** The NCS system under evaluation submitted to a TDS attack of *τ* = 0.20 s at the instant *t*<sup>0</sup> = 1 s.

#### *6.1. Vulnerability Analysis*

When running the NCS in an optimal control situation, with no compensation algorithm to correct the delays, it can be observed that the system becomes unstable for attacks of *τ* = 190 ms or higher. Figures 4 and 5 show the response of the system under a TDS attack. Both attacks were started at *t*<sup>0</sup> = 1 s, but the intensity of the attack is different. In the first case, *τ* = 0.19 s, and in the other one, *τ* = 0.2 s. It can be observed that the delay of 0.2 s had an aggressive effect on the system, leading the response to a divergent behavior with a highly increasing rate. Figure 4 represents a threshold condition, where the system started facing unstable responses due to the delay. It is possible to observe that the instability started around the instant at 30 s and the oscillations grew at a low rate. However, it was an unstable condition, and the system could not work under this attack. To detect and mitigate the effects of an attack, a resilient controller must be applied.

#### *6.2. TDS Attack Detection and State Estimation*

The observer compensation technique discussed in Section 4 made the system operate correctly, even with TDS attacks of around *τ* = 260 ms. The same TDS attack as that shown in Figure 5 was simulated, but the system was equipped with the proposed secure controller. As Figure 6 shows, the adverse effect of the TDS attack was improved by the proposed state estimation mechanism.

**Figure 6.** NCS system under a TDS attack of *τ* = 0.2 s at the instant *t*<sup>0</sup> = 1 s with the Luenberger observer operating to compensate the errors.

**Figure 7.** Second derivative of *x*ˆ used to detected the instant in time *t*<sup>0</sup> when the TDS is deployed.

The simulation was repeated with different time delays inserted by the TDS attack into the NCS at different starting instants (*t*<sup>0</sup> = 1, 2, ..., 5 seconds). Table 3 shows the results for three different time delays *τ*. The results show an Mean Square Error (MSE) around 5%.

**Table 3.** Delay estimation results—MSE.


The estimation of the delay depends on the parameter *α* mentioned in (30). The definition of *α* is a result of a complex set of essays running under known conditions to evaluate how the system responds to an injected delay depending on the amount of delay and the time instant at which was deployed. When an attack takes place, the error between the actual and the estimated states from the observer increases, and this is also reflected in the variations in *x*ˆ. Using the second derivative of *x*ˆ, the time instant of the TDS attack is detected (as shown in Figure 7). Thus, it is deployed, and the error is used to define the value to be chosen for *α*. The solution for computing *α* was created by using a constant value for alpha and then comparing the results with the offset that should be needed to get the correct values of *τ*ˆ. A polynomial approximation was created by taking the instant values of ˙*x*˜; then, it was incorporated in the *α* computation.

**Figure 8.** The state estimation error signal *x*˜ has a peak at the instant at 1 s, indicating that the attack was deployed. This peak value is used to estimate the proper *α* for *τ*ˆ estimation.

**Figure 9.** Delay estimation using the proposed method compared with the traditional method.

#### *6.3. Performance Evaluation*

The performance of the method proposed in this paper is compared with the performance of the control method presented in [22], which works based on an adaptive NN technique to estimate the time delay to which the NCS is exposed. The simulations were performed based on the following assumptions:

**Assumption 2.1.** *The delay attack takes place in a certain moment and remains constant.*

**Assumption 2.2.** *The delay attack targets only the state of x*3(*t*)*.*

**Assumption 2.3.** *The attack persists from the moment it is launched until the end of the simulation.*

**Figure 10.** Response of *x*<sup>3</sup> with controller correction for a *τ* = 1.0 s delay injected at *t*<sup>0</sup> = 2.0 s. The signal was observed in a Dspace input to simulate the input of the plant received through a feedback loop with a delay.

A delay *τ* = 1 s was inserted from *t*<sup>0</sup> = 2 s. The state estimation errors are shown in Figure 8. The results show that the observer was able to accurately estimate measurement signals, even when the NCS was under TDS attacks. The results associated with the proposed method are presented in Figure 9. As shown in the figure, it is clear that the proposed TDS attack detection technique is more accurate than the NN-based (traditional) detection technique.

The NN approach allows consecutive computations in order to correct the estimation error and compensate frequency discrepancies in the LFC. The proposed method based on the Lyapunov theory presented in (20) depends on the parameter *α*, which is a characteristic quantity of the system, but it also depends on the instant the attack takes place. A study using the values of ˙˙*x*ˆ, ˙*x*ˆ, and *x*˜ was used to calculate this parameter. So, the final value of *τ*ˆ was reached more quickly, but a steady-state error can happen. The better the adjustment of the *α* parameter, the lower the steady-state error.

Another experiment to validate the Lyapunov method for avoiding TDS attack effects was made in a hardware-in-the-loop environment using external hardware equipment, the dSPACE CP1104 platform. A feedback loop was made for the *x*<sup>3</sup> state through the connection on the board. A time delay of *τ* = 1.0 s affected the LFC, and the resilient performance of the proposed controller was seen in the results. The signal response on *x*<sup>3</sup> is shown in Figure 10. This test is important because it shows the effectiveness of the solution in a real-life system, demonstrating how the correction takes place to keep the system working properly, even when it is subjected to a TDS attack.

#### **7. Conclusions**

This paper presented an approach to providing adjustments to the input signal in an NCS structure in order to keep a plant working properly, even under a TDS attack. The compensation signal is defined based on the Lyapunov theory and a Luenberger observer. The proposed approach was evaluated through a case study in which a twoagent LFC system was monitored and controlled. The performance of the controller was validated in a hardware-in-the-loop simulation using the dSPACE platform to emulate the feedback loop of the NCS under TDS attacks. It should be noted that the proposed method can be applied to any NCSs, such as cooperative driving systems.

During the transient response of the system, the proposed delay estimation is more precise compared with other techniques in the literature. Furthermore, the controller and estimator were designed based on Lyapunov stability analysis, unlike other traditional techniques. When the most significant variations take place, it is possible to detect the peaks caused by the attack. The final portion of the transient response already has lower variation, and it brings uncertainties to the estimation of *τ*ˆ. If the attack is deployed at an instant close to the starting point, the estimation is also affected because the observer will get the actual values from the plant. The variation in a delay over time is also a strong challenge for estimations, but this paper considered only constant delay attacks. Future work will enhance the proposed method to investigate time-variable TDS attacks. Although this paper focused on an NCS with dependent agents, the proposed method is general and can be used for a multi-agent system with independent dynamics.

**Author Contributions:** Methodology, M.V. and A.S.; Writing – original draft, M.V., A.S. and M.R.K.; Writing – review and editing, M.V., A.S. and M.R.K. All authors have read and agreed to the published version of the manuscript.

**Funding:** Partial support of this research was provided by the Woodrow W. Everett, Jr. SCEEE Development Fund in cooperation with the Southeastern Association of Electrical Engineering Department Heads and the National Science Foundation under Grant No. CNS-1919855. Any opinions, findings, and conclusions, or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the sponsoring agency.

**Conflicts of Interest:** The authors declare no conflict of interest.

#### **Abbreviations**


#### **References**

