*Article* **Longitudinal Control for Connected and Automated Vehicles in Contested Environments**

**Shirin Noei 1,\* ,† , Mohammadreza Parvizimosaed 2,† and Mohammadreza Noei 3,†**


**Abstract:** The Society of Automotive Engineers (SAE) defines six levels of driving automation, ranging from Level 0 to Level 5. Automated driving systems perform entire dynamic driving tasks for Levels 3–5 automated vehicles. Delegating dynamic driving tasks from driver to automated driving systems can eliminate crashes attributed to driver errors. Sharing status, sharing intent, seeking agreement, or sharing prescriptive information between road users and vehicles dedicated to automated driving systems can further enhance dynamic driving task performance, safety, and traffic operations. Extensive simulation is required to reduce operating costs and achieve an acceptable risk level before testing cooperative automated driving systems in laboratory environments, test tracks, or public roads. Cooperative automated driving systems can be simulated using a vehicle dynamics simulation tool (e.g., CarMaker and CarSim) or a traffic microsimulation tool (e.g., Vissim and Aimsun). Vehicle dynamics simulation tools are mainly used for verification and validation purposes on a small scale, while traffic microsimulation tools are mainly used for verification purposes on a large scale. Vehicle dynamics simulation tools can simulate longitudinal, lateral, and vertical dynamics for only a few vehicles in each scenario (e.g., up to ten vehicles in CarMaker and up to twenty vehicles in CarSim). Conventional traffic microsimulation tools can simulate vehiclefollowing, lane-changing, and gap-acceptance behaviors for many vehicles in each scenario without simulating vehicle powertrain. Vehicle dynamics simulation tools are more compute-intensive but more accurate than traffic microsimulation tools. Due to software architecture or computing power limitations, simplifying assumptions underlying convectional traffic microsimulation tools may have been a necessary compromise long ago. There is, therefore, a need for a simulation tool to optimize computational complexity and accuracy to simulate many vehicles in each scenario with reasonable accuracy. This research proposes a traffic microsimulation tool that employs a simplified vehicle powertrain model and a model-based fault detection method to simulate many vehicles with reasonable accuracy at each simulation time step under noise and unknown inputs. Our traffic microsimulation tool considers driver characteristics, vehicle model, grade, pavement conditions, operating mode, vehicle-to-vehicle communication vulnerabilities, and traffic conditions to estimate longitudinal control variables with reasonable accuracy at each simulation time step for many conventional vehicles, vehicles dedicated to automated driving systems, and vehicles equipped with cooperative automated driving systems. Proposed vehicle-following model and longitudinal control functions are verified for fourteen vehicle models, operating in manual, automated, and cooperative automated modes over two driving schedules under three malicious fault magnitudes on transmitted accelerations.

**Keywords:** traffic microsimulation tool; cooperative automated driving systems; vehicle powertrain; safety; road capacity; contested environments

**Citation:** Noei, S.; Parvizimosaed, M.; Noei, M. Longitudinal Control for Connected and Automated Vehicles in Contested Environments. *Electronics* **2021**, *10*, 1994. https:// doi.org/10.3390/electronics10161994

Academic Editor: Alexey Vinel

Received: 15 June 2021 Accepted: 9 August 2021 Published: 18 August 2021

**Publisher's Note:** MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

**Copyright:** © 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https:// creativecommons.org/licenses/by/ 4.0/).

#### **1. Introduction**

SAE defines six levels of driving automation


Dynamic driving tasks are real-time operational (e.g., longitudinal and lateral vehicle motion control) and tactical (e.g., object and event detection, recognition, classification, and response preparation) functions required to operate a vehicle. Delegating dynamic driving tasks to automated driving systems can eliminate 94% of crashes attributed to driver errors [2].

Cooperative driving automation enables cooperation among road users, intending to enhance dynamic driving task performance, safety, and traffic operations. Cooperative driving automation can prevent 439,000 to 615,000 crashes, save 987 to 1366 lives, reduce 305,000 to 418,000 maximum abbreviated injury scale 1–5 injuries, and eliminate 537,000 to 746,000 property damage only vehicles annually [3]. Vehicles equipped with cooperative automated driving systems can also follow their leaders at shorter gaps and with less variation in acceleration than vehicles dedicated to automated driving systems. SAE defines four classes of cooperative driving automation cooperation: Class A (status-sharing), Class B (intent-sharing), Class C (seeking-agreement), and Class D (prescriptive) [4]. Classes C–D cooperative driving automation cooperation can be achieved at Levels 3–5 driving automation.

Cooperative automated driving systems can be simulated using a vehicle dynamics simulation tool (e.g., CarMaker and CarSim) or a traffic microsimulation tool (e.g., Vissim and Aimsun). Vehicle dynamics simulation tools are mainly used to simulate longitudinal, lateral, and vertical dynamics on a small scale, while traffic microsimulation tools are mainly used to simulate vehicle-following, lane-changing, and gap-acceptance behaviors on a large scale.


A cyberattack can exploit one user application's vulnerabilities (e.g., spoofing, data falsification, and replay attacks) or multiple user application vulnerabilities (e.g., denial-of-service attack), leading to severe consequences for vehicle and potentially its operating environment [7]. Spoofing, data falsification, replay, and denial-of-service attacks are common cyberattacks on connected vehicles [8]. Spoofing attack is when hackers steal authentication credentials or use a legitimate vehicle's identity to send unchanged or manipulated messages to other vehicles; data falsification attack is when hackers read, insert, or modify transmitted messages; replay attack is when hackers copy a message stream between two vehicles and repeat that stream to other vehicles; denial-of-service attack is when hackers prevent or interfere with target vehicles from receiving specific messages.

Conventional fault detection methods are broadly classified into model-driven and data-driven methods [9]. Model-driven methods (e.g., unknown input observer and Kalman filter) require partial plant model; data-driven methods (e.g., neural network) require measured inputs and outputs under normal and faulty conditions to derive plant model. Model-driven methods are more computationally intensive but more accurate than data-driven methods [10].

Conventional traffic microsimulation tools do not simulate contested environments. A simple strategy is to rely on onboard sensor measurements when there is a significant discrepancy between onboard sensor measurements and transmitted messages [11].

Our traffic microsimulation tool is superior to vehicle dynamics simulation tools and conventional traffic microsimulation tools because it can achieve these objectives


#### **2. Literature Review**

Longitudinal control variables are mostly treated as constant parameters (see Tables 1 and 2) or variables estimated using empirical or simplified mechanistic models. However, maximum acceleration, maximum deceleration, minimum safe distance gap, and minimum safe time gap are sensitive to driver characteristics, vehicle model, grade, pavement conditions, operating mode, and traffic conditions.

Akçelik and Besley (2001) empirically estimated maximum acceleration and maximum deceleration based on initial speed and final speed for passenger cars, and based on initial speed, final speed, power-to-weight ratio, and grade for trucks [14]. Ahn et al. (2002) generated a lookup table to identify maximum acceleration over 17 driving schedules (see Table 3) [15]. Fang and Elefteriadou (2005) recommended a maximum acceleration and a maximum deceleration for each vehicle classification (i.e., passenger car and truck), interchange configuration (i.e., Single-Point Urban Interchange (SPUI) and diamond), and traffic microsimulation tool (i.e., Vissim, Aimsun, and CORSIM) (see Table 4) [16]. Kuriyama et al. (2010) considered aerodynamic resistance, rolling resistance, and grade resistance in calculating acceleration and deceleration for electric vehicles [17]. Maurya and Bokare (2012) generated a lookup table to identify maximum deceleration for each vehicle classification at each speed range (see Table 5) [18]. Lee et al. (2013) considered a higher maximum acceleration (13.1 ft/s<sup>2</sup> vs. 10.0 ft/s<sup>2</sup> ) and a lower maximum deceleration (9.8 ft/s<sup>2</sup> vs. 15.0 ft/s<sup>2</sup> ) for connected vehicles than the Federal Highway Administration's recommended maximum acceleration and maximum deceleration [19]. Anya et al. (2014) believed vehicle-following, lane-changing, travel time, and queue discharge had an impact on maximum acceleration and maximum deceleration [20]. Song et al. (2015) empirically estimated maximum acceleration based on speed [21]. Bokare and Maurya (2017) generated two lookup tables to identify maximum acceleration and maximum deceleration for each vehicle classification (i.e., diesel car, petrol car, and truck) at each speed range (see Table 6) [22]. Ramezani et al. (2018) generated a lookup table to identify maximum acceleration for trucks in CACC mode at each speed range (see Table 7) [23].

Shladover et al. (2010) identified that drivers maintain 2.2 s, 1.6 s, and 1.1 s time gaps for 31.1%, 18.5%, and 50.4% of their vehicle-following time in ACC mode, respectively, and drivers maintain 0.6 s, 0.7 s, 0.9 s, and 1.1 s time gaps for 57%, 24%, 7%, and 12% of their vehicle-following time in CACC mode, respectively [24]. Willigen et al. (2011) recommended a distance headway and a time headway for each platoon size (i.e., 20 and 30) and operating mode (i.e., ACC, CACC with transmitted accelerations, and CACC with estimated accelerations) (see Table 8) [25]. Horiguchi and Oguchi (2014) calculated distance gap for vehicles in CACC mode based on minimum safe distance gap, follower's speed, leader's speed, maximum acceleration, and maximum deceleration [26]. Flores et al. (2017) calculated time gap based on minimum safe time gap, desired time gap, and speed, and calculated distance gap based on actuator delay, speed, maximum deceleration, and maximum jerk [27]. Askari et al. (2017) calculated distance gap based on minimum safe distance gap, follower's speed, reaction time, leader's speed, maximum acceleration, and maximum deceleration [28]. Flores and Milanés (2018) recommended a time gap for each controller type (i.e., fractional-order proportional derivative and integer-order proportional

derivative), desired performance (i.e., ensuring loop bandwidth, phase margin, and string stability), and operating mode (i.e., ACC and CACC) (see Table 9) [29]. Chen et al. (2019) calculated time gap for vehicles in ACC and CACC modes based on jam density, free-flow speed, follower's speed, follower's acceleration, and leader's acceleration [30]. Bian et al. (2019) recommended a time headway for each platoon size (i.e., 1, 3, 10, 20, and 30) and controller type (i.e., linear, nonlinear, and nonlinear subject to communication delay) (see Table 10) [31].

Conventional traffic microsimulation tools (1) should be integrated with a vehicle dynamics simulation tool to simulate vehicle powertrain [32], (2) employ kinematics to estimate quantities associated with motion [33], (3) automatically confine accelerations and decelerations to constant (e.g., Aimsun and MITSIM) or estimated (e.g., Vissim and INTE-GRATION) maximum accelerations and maximum decelerations, and (4) rely on constant distance gaps and time gaps to simulate longitudinal control for automated vehicles in a platoon or string. This research proposes a traffic microsimulation tool that can estimate maximum acceleration, maximum deceleration, minimum safe distance gap, and minimum safe time gap with reasonable accuracy at each simulation time step for convectional vehicles, vehicles dedicated to automated driving systems, and vehicle equipped with cooperative automated driving systems, considering driver characteristics (see Section 3.1), vehicle model (see Section 3.2), pavement conditions (see Section 3.2.3), grade (see Section 3.2.3), operating mode (see Section 3.5), traffic conditions (see Section 3.2.3), and vehicle-to-vehicle communication vulnerabilities (see Section 4).


**Table 1.** Constant distance gaps and time gaps used in literature.

\* headway.


**Table 2.** Constant maximum accelerations and maximum decelerations used in literature.

**Table 3.** Maximum acceleration vs. driving schedule.


\* Level of Service.

**Table 4.** Maximum acceleration and maximum deceleration vs. traffic microsimulation tool, vehicle classification, and interchange configuration.



**Table 5.** Maximum deceleration vs. vehicle classification.

**Table 6.** Maximum acceleration and maximum deceleration vs. vehicle classification.


**Table 7.** Maximum acceleration.


**Table 8.** Distance headway and time headway vs. platoon size and operating mode.


**Table 9.** Time gap vs. controller type, desired performance, and operating mode.


**Table 10.** Time headway vs. platoon size and controller type.


#### **3. Proposed Traffic Microsimulation Tool**

Our traffic microsimulation tool enables users to customize driver (see Section 3.1), vehicle (see Section 3.2), road (see Section 3.3), cyberattack (see Section 3.4), and operating mode (see Section 3.5) modules separately. Our traffic microsimulation tool contains ten driver types (conservative to aggressive), fourteen vehicle models (i.e., ten passenger car models and four truck configurations), two driving schedules (i.e., US06 and Cycle D), three malicious fault magnitudes (i.e., malicious increases of 1, 3, and 5 ft/s<sup>2</sup> in transmitted accelerations), and three operating modes (i.e., cooperative automated, automated, and manual) as default to simulate many vehicles with reasonable accuracy at each simulation time step under noise and unknown inputs. Vehicles in manual mode require driver, vehicle, and road modules; vehicles in automated mode require vehicle and road modules; vehicles in cooperative automated mode require vehicle, road, and cyberattack modules to be implemented (see Figure 1).

**Figure 1.** Proposed traffic microsimulation tool.

#### *3.1. Driver Module*

Ten driver types are considered as default (based on an assumed value in CORSIM—a traffic microsimulation tool): type 1 is a conservative driver; type 10 is an aggressive driver. Each driver type is associated with a speed multiplier, an acceleration multiplier, a deceleration multiplier, and a percentage included in traffic which follows a normal distribution as default [63].

#### *3.2. Vehicle Module*

Fourteen vehicle models are included as default (assumed vehicles in SwashSim—a traffic microsimulation tool): 2006 Honda Civic Si, 2008 Chevy Impala, 1998 Buick Century, 2004 Chevy Tahoe, 2002 Chevy Silverado, 1998 Chevy S10 Blazer, 2011 Ford F150, 2009 Honda Civic, 2005 Mazda 6, and 2004 Pontiac Grand Am, single-unit truck with PACCAR PX-7 engine, intermediate semi-trailer with PACCAR MX-13 engine, interstate semi-trailer with PACCAR MX-13 engine, and double semi-trailer with PACCAR MX-13 engine. Each vehicle is associated with a torque map, a drag coefficient, a width, a height, a weight, a wheelbase length, a wheel radius, a differential gear ratio, a drive axle slippage, a drivetrain efficiency, a transmission gear ratio, shift up speeds, shift down speeds, and a percentage included in traffic which follows a normal distribution as default [63]. Vehicle module contains vehicle generation, reference speed profiles, and vehicle dynamics submodules: Vehicle dispatching model in Section 3.2.1 is intended to generate many vehicles at an assumed entrance under steady-state conditions; platoon leaders are assumed to follow US06 and Cycle D driving schedules (see Section 3.2.2); maximum acceleration, maximum deceleration, minimum safe distance gap, and minimum safe time gap are estimated based on vehicle dynamics (see Section 3.2.3).

#### 3.2.1. Vehicle Generation

Entry headways follow shifted negative-exponential distribution

$$f(h) = \begin{cases} \lambda e^{-\lambda \left( h - h\_{\min} \right)}, & h \ge h\_{\min} \\ 0, & h < h\_{\min} \end{cases} \tag{1}$$

where *f* is probability density function, *h* is entry headway (s/veh), *hmin* is minimum entry headway (s/veh), *λ* is distribution parameter (veh/s) calculated as 1/( ¯*<sup>h</sup>* <sup>−</sup> *<sup>h</sup>min*), ¯*h* is average entry headway (s/veh) calculated as 3600/*q*, and *q* is flow rate (veh/h).

#### 3.2.2. Reference Speed Profiles

US06 and Cycle D driving schedules are used as reference speed profiles. US06 driving schedule is designed to test passenger cars, representing an 8-mile route with average speed of 70.4 ft/s, maximum speed of 117.8 ft/s, maximum acceleration of 12.3 ft/s<sup>2</sup> , maximum deceleration of 10.1 ft/s<sup>2</sup> , and 600 s duration. Cycle D driving schedule is designed to test trucks, representing a 5.6-mile route with average speed of 27.6 ft/s, maximum speed of 85.1 ft/s, maximum acceleration of 6.4 ft/s<sup>2</sup> , maximum deceleration of 6.8 ft/s<sup>2</sup> , and 1060 s duration.

#### 3.2.3. Vehicle Dynamics

Conventional longitudinal control functions control accelerations and decelerations using throttle and brake inputs to maintain a constant distance gap in a platoon (e.g., truck platooning) or a constant time gap in a string (e.g., ACC and CACC). Commanded accelerations and decelerations are automatically confined to maximum accelerations and maximum decelerations specific to vehicle model, grade, pavement conditions, and traffic conditions. Longitudinal controller coefficients can be tuned to achieve desired performance. Conventional traffic microsimulation tools require user inputs for maximum acceleration, maximum deceleration, distance gap, time gap, and longitudinal controller coefficients to simulate vehicles in a platoon or string.

Our traffic microsimulation tool follows these steps at each simulation time step to simulate vehicles in a platoon or string: (1) estimating maximum acceleration and maximum deceleration for each vehicle, considering vehicle model, grade, pavement conditions, and traffic conditions, (2) estimating minimum safe distance gap and minimum safe time gap for each vehicle dedicated to automated driving systems or equipped with cooperative automated driving systems, considering vehicle model, grade, pavement conditions, operating mode, vehicle-to-vehicle communication vulnerabilities, and traffic conditions, (3) checking preset distance gaps and preset time gaps with minimum safe distance gaps and minimum safe time gaps, (4) estimating accelerations and decelerations, considering operating mode, and (5) confining accelerations and decelerations to maximum accelerations and maximum decelerations.

Three significant forces against vehicle motion are aerodynamic resistance, rolling resistance, and grade resistance. Aerodynamic resistance can be calculated as

$$\mathcal{R}\_a[k] \stackrel{\Delta}{=} \frac{\rho}{2} \mathcal{C}\_D A\_f v^2[k] \,\prime \tag{2}$$

where *R<sup>a</sup>* is aerodynamic resistance (lb), *ρ* is air density (slugs/ft<sup>3</sup> ), *C<sup>D</sup>* is drag coefficient (unitless), *A<sup>f</sup>* is vehicle frontal area (ft<sup>2</sup> ) calculated as vehicle width (ft) × vehicle height (ft), *v* is speed (ft/s), and [*k*] denotes simulation time step. Rolling resistance can be estimated as

$$R\_{rl}[k] \approx f\_{rl}[k] \mathcal{W}\_{\prime} \tag{3}$$

where *Rrl* is rolling resistance (lb), *frl* is rolling resistance coefficient (unitless) estimated as 0.01(1 + *v*[*k*]/147) for vehicles operating on paved surfaces [64], and *W* is vehicle weight (lb). Grade resistance can be calculated as

$$R\_{\mathcal{S}} \stackrel{\triangle}{=} W \sin \theta\_{\prime} \tag{4}$$

where *R<sup>g</sup>* is grade resistance (lb), and *θ* is grade (unitless). Tractive effort available to overcome resistance and to provide acceleration can be calculated as *F*[*k*] = *min*(*Fmax*[*k*], *F<sup>e</sup>* [*k*]), where *F* is available tractive effort (lb), *Fmax* is maximum tractive effort (lb), and *F<sup>e</sup>* is engine-generated tractive effort (lb). Maximum tractive effort can be calculated as

$$\mathbf{F}\_{\text{max}}[k] \triangleq \begin{cases} \mu \mathcal{W} \frac{l\_{\text{r}} \cos \theta + h f\_{rl}[k]}{L + \mu h}, & \text{front-wheel-drive} \\ \mu \mathcal{W} \frac{l\_{\text{f}} \cos \theta - h f\_{rl}[k]}{L - \mu h}, & \text{near-wheel-drive} \\ \mu \mathcal{W} \cos \theta, & \text{all-wheel-drive} \end{cases} \tag{5}$$

where *µ* is road adhesion coefficient (unitless), *l<sup>r</sup>* is distance from rear axle to gravity center (ft), *h* is vehicle height (ft), *L* is wheelbase length (ft), and *l f* is distance from front axle to gravity center (ft). Engine speed can be calculated as

$$m\_{\varepsilon}[k] \stackrel{\Delta}{=} \frac{v[k]\varepsilon\_{0}[k]}{2\pi r(1-i)},\tag{6}$$

where *n<sup>e</sup>* is engine speed (revs/s), *e*<sup>0</sup> is overall gear reduction ratio (unitless), calculated as transmission gear ratio (unitless), selected based on vehicle speed) × differential gear ratio (unitless), *r* is wheel radius (ft), and *i* is drive axle slippage (unitless). Engine power can be calculated as

$$
\ln p\_{\varepsilon}[k] \triangleq \frac{2\pi M\_{\varepsilon}[k] n\_{\varepsilon}[k]}{550},
\tag{7}
$$

where *hp<sup>e</sup>* is engine power (hp), and *M<sup>e</sup>* is torque (ft-lb). Engine-generated tractive effort can be calculated as

$$\,\_{1}F\_{\varepsilon}[k] \stackrel{\Delta}{=} \frac{\mathcal{M}\_{\varepsilon}[k]\varepsilon\_{0}[k]\eta\_{d}}{r} \,\_{1} \tag{8}$$

where *η<sup>d</sup>* is drivetrain efficiency (unitless). Maximum braking force can be calculated as

$$B\_{\max}[k] \triangleq \begin{cases} \eta\_b \mu W \frac{l\_r \cos \theta + h f\_{rl}[k]}{L - \eta\_b \mu h}, & \text{front-wheel-drive} \\ \eta\_b \mu W \frac{l\_f \cos \theta - h f\_{rl}[k]}{L + \eta\_b \mu h}, & \text{near-wheel-drive} \\ \eta\_b \mu W \cos \theta, & \text{all-wheel-drive} \end{cases} \tag{9}$$

where *Bmax* is maximum braking force (lb), and *η<sup>b</sup>* is braking efficiency (unitless). Maximum acceleration can be estimated as

$$a\_{\max}[k] \approx \frac{F[k] - R\_a[k] - R\_{rl}[k] - R\_{\mathcal{g}}}{m \gamma\_m[k]} \tag{10}$$

where *amax* is maximum acceleration (ft/s<sup>2</sup> ), and *γ<sup>m</sup>* is mass factor (untiless) estimated as 1.04 + 0.0025*e* 2 0 [*k*] [64], accounting for rotational inertia during acceleration. Maximum deceleration can be estimated as [63]

$$d\_{\max}[k] \approx \frac{\mathcal{B}\_{\max}[k] + \mathcal{R}\_a[k] + \mathcal{R}\_{rl}[k] + \mathcal{R}\_{\mathcal{S}}}{m\gamma\_b} \,\tag{11}$$

where *dmax* is maximum deceleration (ft/s<sup>2</sup> ), and *γ<sup>b</sup>* is mass factor (unitless), accounting for rotational inertia during deceleration. Minimum safe distance gap can be estimated as [63]

$$\mathcal{S}\_{\min}[k] \approx \left(\tau\_{\rm s}^{i+1} + \tau\_{\rm c}^{i+1}\right) v\_{i+1}[k] + \mathcal{S}\_{\text{stop}}^{i+1}[k] - \mathcal{S}\_{\text{stop}}^{i}[k],\tag{12}$$

where *Smin* is minimum safe distance gap (ft), *τ<sup>s</sup>* is sensing delay (s), *τ<sup>c</sup>* is communication delay (s), subscript/superscript *i* + 1 denotes follower, subscript/superscript *i* denotes leader, and *Sstop* is minimum stopping distance (ft) estimated as

$$\mathcal{S}\_{stop}[k] \approx \frac{m\gamma\_b}{\rho \mathcal{C}\_D A\_f} \ln\left(1 - \frac{R\_a[k]}{B\_{max}[k] + R\_a[k] + R\_{rl}[k] + R\_g}\right). \tag{13}$$

Minimum safe time gap can be estimated as [63]

$$T\_{\min}[k] \approx \tau\_{\text{s}}^{i+1} + \tau\_{\text{c}}^{i+1} + \tau\_{\text{lag}}^{i+1}[k] - \tau\_{\text{lag}}^{i}[k].\tag{14}$$

where *Tmin* is minimum safe time gap (s), and *τlag* is lag in tracking desired deceleration (s) estimated as *v*[*k*]/*dmax*[*k*].

**Assumption 1.** *Vehicles have constant speeds during sensing delay and communication delay.*

**Remark 1.** *Proposed longitudinal dynamics has been previously validated for 53,000 lb and 80,000 lb interstate semi-trailers against an industry-standard simulation tool (i.e., TruckSim) [65–67].*

#### *3.3. Road Module*

Any desired freeway segment with a single lane can be simulated. Each freeway segment is associated with a grade, a road adhesion coefficient, and a free-flow speed.

#### *3.4. Cyberattack Module*

Three malicious fault magnitudes are assumed as default: 1, 3, and 5 ft/s<sup>2</sup> malicious increase in transmitted accelerations. Each malicious fault magnitude is associated with a percentage injected on traffic which follows a normal distribution as default.

#### *3.5. Operating Mode Module*

Three operating modes are considered as default: manual, automated, and cooperative automated. Each operating mode is associated with a percentage included in traffic which follows a normal distribution as default. This section proposes a vehicle-following model for vehicles in manual mode and longitudinal control functions for vehicles in automated and cooperative automated modes.

#### 3.5.1. Manual Mode

Levels 1 and 2 automated vehicles are assumed to have a vehicle-following model similar to the Improved Intelligent Driver Model (IIDM)

$$a\_{i+1}[k] \triangleq \begin{cases} n \times a\_{\max}^{i+1}[k] \mathbb{C}\_{\text{s}}[k] \mathbb{C}\_{\text{v}}[k], & \text{S}[k] \ge \text{S}\_{\text{min}}[k] \\ -q \times d\_{\max}^{i+1}[k], & \text{else} \end{cases} \tag{15}$$

where *n* is acceleration multiplier (unitless), *C<sup>s</sup>* is distance gap coefficient (unitless) calculated as <sup>1</sup> <sup>−</sup> (*Smin*[*k*]/*S*[*k*])*<sup>α</sup>* , *S* is distance gap (ft) calculated as *x<sup>i</sup>* [*k*] − *xi*+<sup>1</sup> [*k*] − *L<sup>i</sup>* , *x* is front bumper position (ft), *C<sup>v</sup>* is speed coefficient (unitless) calculated as 1 − (*m* × *v<sup>i</sup>* [*k*]/*FFS*) *β* , *m* is speed multiplier (unitless), *FFS* is free-flow speed (ft/s), *q* is deceleration multiplier (unitless), and *α* and *β* are calibration parameters (unitless). IIDM has fewer calibration parameters and demonstrates a more stable performance than Wiedemann model (i.e., vehicle-following model used in Vissim) [68].

**Assumption 2.** *There are three significant components underpinning a traffic microsimulation tool (i.e., vehicle-following, lane-changing, and gap-acceptance models). This research mainly focuses on vehicle-following models, assuming vehicles drive in a single lane, and there is no lane-change maneuver (i.e., lane-changing and gap-acceptance models are not required). However, a lane-change maneuver can temporarily affect vehicle-following behaviors (e.g., drivers speed up or slow down to align with acceptable gaps in target lanes; drivers temporarily adopt shorter gaps after a lane-change maneuver; drivers temporarily adopt shorter gaps after a vehicle merges in front).*

#### 3.5.2. Automated Mode

When (1) a vehicle dedicated to automated driving systems approaches a vehicle, or (2) a vehicle equipped with cooperative automated driving systems approaches a vehicle not equipped with cooperative automated driving systems, a longitudinal control function similar to ACC is activated [69]

$$a\_{i+1}[k] \triangleq \max\left(\min\left(K\_{p,a}[k]e\_x[k] + K\_{d,a}[k]e\_v[k], a\_{\max}^{i+1}[k]\right), -d\_{\max}^{i+1}[k]\right),\tag{16}$$

where *Kp*,*<sup>a</sup>* is proportional gain in automated mode (s −2 ), *e<sup>x</sup>* is distance gap error (ft) calculated as *Sdes*[*k*] − *S*[*k*], *Sdes* is desired distance gap (ft) calculated as *max*(*Tset*, *Tmin*[*k* − 1])*vi*+<sup>1</sup> [*k* − 1], *Tset* is preset time gap (s), *Kd*,*<sup>a</sup>* is derivative gain in automated mode (s−<sup>1</sup> ), and *e<sup>v</sup>* is speed error (ft/s) calculated as *v<sup>i</sup>* [*k*] − *vi*+<sup>1</sup> [*k*]. When no leader is detected, a longitudinal control function similar to cruise control is activated

$$a\_{i+1}[k] \triangleq \max\left(\min\left(K\_{p,cr}[k](FFS-\upsilon\_{i+1}[k]), a\_{\max}^{i+1}[k]\right), -d\_{\max}^{i+1}[k]\right),\tag{17}$$

where *Kp*,*cr* is proportional gain in cruise mode (s−<sup>1</sup> ). *Kp*,*<sup>a</sup>* and *Kd*,*<sup>a</sup>* should satisfy (18) to maximize road capacity without compromising safety [63]

$$\begin{cases} \left[\frac{2\pi r\_{\text{lag}}^{i+1}}{\sqrt{4K\_{p,a}(t)\tau\_{\text{lag}}^{i+1} - (K\_{d,a}(t) + 1)^2}} - \frac{\pi}{2} \sqrt{\frac{\tau\_{\text{lag}}^{i+1}}{K\_{p,a}(t)}}\right] \times \\\\ \left[-\frac{\pi(K\_{d,a}(t) + 1)}{\sqrt{4K\_{p,a}(t)\tau\_{\text{lag}}^{i+1} - (K\_{d,a}(t) + 1)^2}} - v\_l(t)\right] \leq \mathcal{S}\_{\text{min}}(t), & \text{during acceleration} \\\\ K\_{d,a}(t) \leq \frac{T\_{\text{min}}(t)}{8\tau\_{\text{lag}}^{i+1}} - 1. & \text{during acceleration} \end{cases} (18)$$

#### 3.5.3. Cooperative Automated Mode

When a vehicle equipped with cooperative automated driving systems approaches another vehicle equipped with cooperative automated driving systems, a longitudinal control function similar to CACC is activated [69]

$$a\_{i+1}[k] \triangleq \max\left(\min\left(\mathbf{K}\_{p,\mathcal{E}}[k]e\_{\mathcal{D}}[k] + \mathbf{K}\_{i,\mathcal{E}}[k]e\_{\mathcal{X}}[k] + \mathbf{K}\_{d,\mathcal{E}}[k]a\_{i}[k], a\_{\max}^{i+1}[k]\right), \quad \text{(19)}\right), \quad \text{(10)}$$

where *Kp*,*<sup>c</sup>* is proportional gain in cooperative automated mode (s−<sup>1</sup> ), *Ki*,*<sup>c</sup>* is integral gain in cooperative automated mode (s−<sup>2</sup> ), and *Kd*,*<sup>c</sup>* is derivative gain in cooperative automated mode (unitless).

**Remark 2.** *All driver characteristics and vehicle powertrain information used in this research are derived from https://www.automobile-catalog.com/ [63,70,71].*

**Assumption 3.** *Class B cooperative driving automation cooperation is utilized.*

**Assumption 4.** *x<sup>i</sup> and v<sup>i</sup> are prone to measurement noise and process noise, and a<sup>i</sup> is prone to measurement noise, process noise, natural fault, and malicious fault (i.e., x<sup>i</sup> and v<sup>i</sup> are known state subvectors, and a<sup>i</sup> is an unknown state subvector).*

#### **4. State and Unknown Input Estimation**

Consider a state-space model in which unknown inputs can be modeled as an additive term

$$\mathbf{x}[k+1] = A\mathbf{x}[k] + Bu[k] + Dd[k] + \xi[k],\tag{20}$$

$$z[k] = \mathbb{C}\mathfrak{x}[k] + \theta[k],\tag{21}$$

where *<sup>x</sup>* <sup>∈</sup> <sup>R</sup>*<sup>n</sup>* is state vector, *<sup>A</sup>* <sup>∈</sup> <sup>R</sup>*n*×*<sup>n</sup>* is state matrix, *<sup>B</sup>* <sup>∈</sup> <sup>R</sup>*n*×*<sup>p</sup>* is input matrix, *<sup>u</sup>* <sup>∈</sup> <sup>R</sup>*<sup>p</sup>* is input vector, *<sup>D</sup>* <sup>∈</sup> <sup>R</sup>*n*×*<sup>q</sup>* is unknown input matrix, *<sup>d</sup>* <sup>∈</sup> <sup>R</sup>*<sup>q</sup>* is unknown input vector, *<sup>ξ</sup>* <sup>∈</sup> <sup>R</sup>*<sup>n</sup>* is process noise, *<sup>z</sup>* <sup>∈</sup> <sup>R</sup>*<sup>m</sup>* is measurement vector, *<sup>C</sup>* <sup>∈</sup> <sup>R</sup>*m*×*<sup>n</sup>* is measurement matrix, and *<sup>θ</sup>* <sup>∈</sup> <sup>R</sup>*<sup>m</sup>* is measurement noise.

**Assumption 5.** *D is full column rank.*

**Assumption 6.** *rank CD* = *rank D.*

**Assumption 7.** *ξ is white noise:* E(*ξ*[*k*]) = 0*n,* E *ξ*[*k*]*ξ T* [*k*] <sup>∆</sup><sup>=</sup> <sup>Ξ</sup>[*k*]*,* <sup>Ξ</sup> <sup>∈</sup> <sup>R</sup>*n*×*<sup>n</sup> is process noise covariance matrix,* E *ξ*[*k*]*ξ T* [*j*] = 0*n*×*<sup>n</sup>* ∀*k*, *j* ≥ 0*, k* 6= *j.*

**Assumption 8.** *θ is white noise:* E(*θ*[*k*]) = 0*m,* E *θ*[*k*]*θ T* [*k*] <sup>∆</sup><sup>=</sup> <sup>Θ</sup>[*k*]*,* <sup>Θ</sup> <sup>∈</sup> <sup>R</sup>*m*×*<sup>m</sup> is measurement noise covariance matrix, and* E *θ*[*k*]*θ T* [*j*] = 0*m*×*<sup>m</sup>* ∀*k*, *j* ≥ 0*, k* 6= *j.*

**Assumption 9.** E *ξ*[*k*]*x T* [0] = 0*n*×*n, and* E *θ*[*k*]*x T* [0] = 0*m*×*<sup>n</sup>* ∀*k* ≥ 0*.* **Assumption 10.** *<sup>x</sup>*ˆ[0] = <sup>E</sup>(*x*[0]) *is known, where <sup>x</sup>*<sup>ˆ</sup> <sup>∈</sup> <sup>R</sup>*<sup>n</sup> is state estimation.*

**Remark 3.** *D is full column rank* → [*N D*] −1 *exists, where N* <sup>∈</sup> <sup>R</sup>*n*×(*n*−*q*) *[72].*

Let us define *x*[*k*] <sup>∆</sup>= [*N D*] −1 *x*[*k*], *A* <sup>∆</sup>= [*N D*] <sup>−</sup>1*A*[*N D*], *B* <sup>∆</sup>= [*N D*] −1 *B*, *D* <sup>∆</sup>= [*N D*] <sup>−</sup>1*D*, and *C* <sup>∆</sup><sup>=</sup> *<sup>C</sup>*[*N D*], where *<sup>x</sup>* <sup>∈</sup> <sup>R</sup>*<sup>n</sup>* , *<sup>A</sup>* <sup>∈</sup> <sup>R</sup>*n*×*<sup>n</sup>* , *<sup>B</sup>* <sup>∈</sup> <sup>R</sup>*n*×*<sup>p</sup>* , *<sup>D</sup>* <sup>∈</sup> <sup>R</sup>*n*×*<sup>q</sup>* , and *<sup>C</sup>* <sup>∈</sup> <sup>R</sup>*m*×*<sup>n</sup>* .

**Remark 4.** *rank CD* = *rank D* → *U* <sup>∆</sup>= [*CD Q*] −1 *exists, where Q* <sup>∈</sup> <sup>R</sup>*m*×(*m*−*q*) *[72].*

Let us define *x*[*k*] ∆= - *x T* 1 *x T* 2 *T* , *A* ∆= *A*<sup>11</sup> *A*<sup>12</sup> *<sup>A</sup>*<sup>21</sup> *<sup>A</sup>*22 , *B* ∆= h *B T* <sup>1</sup> *B T* 2 i*T* , *U*−<sup>1</sup> <sup>∆</sup>= - *U<sup>T</sup>* <sup>1</sup> *<sup>U</sup><sup>T</sup>* 2 *T* , where *<sup>x</sup>*<sup>1</sup> <sup>∈</sup> <sup>R</sup>*n*−*<sup>q</sup>* is known state subvector, *<sup>x</sup>*<sup>2</sup> <sup>∈</sup> <sup>R</sup>*<sup>q</sup>* unknown state subvector, *<sup>A</sup>*<sup>11</sup> <sup>∈</sup> R(*n*−*q*)×(*n*−*q*) , *<sup>A</sup>*<sup>12</sup> <sup>∈</sup> <sup>R</sup>(*n*−*q*)×*<sup>q</sup>* , *<sup>A</sup>*<sup>21</sup> <sup>∈</sup> <sup>R</sup>*q*×(*n*−*q*) , *<sup>A</sup>*<sup>22</sup> <sup>∈</sup> <sup>R</sup>*q*×*<sup>q</sup>* , *<sup>B</sup>*<sup>1</sup> <sup>∈</sup> <sup>R</sup>(*n*−*q*)×*<sup>p</sup>* , *<sup>B</sup>*<sup>2</sup> <sup>∈</sup> <sup>R</sup>*q*×*<sup>p</sup>* , *<sup>U</sup>*<sup>1</sup> <sup>∈</sup> <sup>R</sup>*q*×*m*, and *<sup>U</sup>*<sup>2</sup> <sup>∈</sup> <sup>R</sup>(*m*−*q*)×*m*.

$$\mathbf{Assumption 11.} \text{ } rank \begin{bmatrix} \text{s} \boldsymbol{I}\_{n-q} - \overline{\boldsymbol{A}}\_{11} & -\overline{\boldsymbol{A}}\_{12} \\ \text{CN} & \text{CD} \end{bmatrix} = n \,\forall \mathbf{s} \in \mathbb{C}, \text{Re}(\mathbf{s}) \ge 0.$$

Let us define *A*e 1 <sup>∆</sup><sup>=</sup> *<sup>A</sup>*<sup>11</sup> <sup>−</sup> *<sup>A</sup>*12*U*1*CN*, *<sup>E</sup>*<sup>1</sup> <sup>∆</sup><sup>=</sup> *<sup>A</sup>*12*U*1, *<sup>C</sup>*<sup>e</sup> 1 <sup>∆</sup><sup>=</sup> *<sup>U</sup>*2*CN*, and *<sup>z</sup>*[*k*] <sup>∆</sup><sup>=</sup> *<sup>U</sup>*2*z*[*k*], where *A*e <sup>1</sup> <sup>∈</sup> <sup>R</sup>(*n*−*q*)×(*n*−*q*) , *<sup>E</sup>*<sup>1</sup> <sup>∈</sup> <sup>R</sup>(*n*−*q*)×*m*, *<sup>C</sup>*<sup>e</sup> <sup>1</sup> <sup>∈</sup> <sup>R</sup>(*m*−*q*)×(*n*−*q*) , and *<sup>z</sup>* <sup>∈</sup> <sup>R</sup>*m*−*<sup>q</sup>* .

**Remark 5.** *<sup>D</sup> is full column rank, rank CD* <sup>=</sup> *rank D, and rank sIn*−*<sup>q</sup>* − *A*<sup>11</sup> −*A*<sup>12</sup> *CN CD* = *n* ∀*s* ∈ C*, Re*(*s*) ≥ 0 → {*A*e <sup>1</sup>, *C*e <sup>1</sup>} *is observable [72].*

State vector can be decoupled into known and unknown state subvectors. Known state subvector can be estimated as

$$
\hat{\mathfrak{x}}\_1[k+1] \stackrel{\Delta}{=} \left(\tilde{A}\_1 - L[k]\tilde{\mathfrak{C}}\_1\right)\hat{\mathfrak{x}}\_1[k] + \tilde{B}\_1 u[k] + L^\*[k] z[k] \tag{22}
$$

where *<sup>x</sup>*ˆ¯<sup>1</sup> <sup>∈</sup> <sup>R</sup>*n*−*<sup>q</sup>* is known state estimator (*x*ˆ¯1[*k*] → *<sup>x</sup>*¯1[*k*] as *<sup>k</sup>* → <sup>∞</sup>), *<sup>L</sup>* ∗ [*k*] , *L*[*k*]*U*<sup>2</sup> + *E*1, *L* <sup>∗</sup> <sup>∈</sup> <sup>R</sup>(*n*−*q*)×*m*, and *<sup>L</sup>* <sup>∈</sup> <sup>R</sup>(*n*−*q*)×(*m*−*q*) is Kalman gain, calculated as

$$L[k] \triangleq \tilde{A}\_1 \Sigma[k] \tilde{C}\_1^T \left( \tilde{C}\_1 \Sigma[k] \tilde{C}\_1^T + \Theta[k] \right)^{-1} \tag{23}$$

where <sup>Σ</sup> <sup>∈</sup> <sup>R</sup>(*n*−*q*)×(*n*−*q*) can be recursively calculated as

$$
\Delta[k+1] = \tilde{A}\_1[\Sigma[k] - \Sigma[k]\tilde{\mathcal{C}}\_1^T(\tilde{\mathcal{C}}\_1\Sigma[k]\tilde{\mathcal{C}}\_1^T + \Theta[k])^{-1}\tilde{\mathcal{C}}\_1\Sigma[k]]\tilde{A}\_1^T + D\Xi[k]D^T.\tag{24}
$$

Unknown state subvector can be estimated as

$$\text{\ $}\_2[k] \triangleq \mathcal{U}\_1 z[k] - \mathcal{U}\_1 \text{CN} \$ \_1[k]. \tag{25}$$

where *<sup>x</sup>*ˆ¯<sup>2</sup> <sup>∈</sup> <sup>R</sup>*<sup>q</sup>* is unknown state estimator (*x*ˆ¯2[*k*] → *<sup>x</sup>*¯2[*k*] as *<sup>k</sup>* → <sup>∞</sup>). Unknown input vector can be estimated as

$$d[k] \triangleq \mathcal{U}\_1 z[k+1] + \mathcal{G}\_{d,1}[k] \hat{\mathbf{x}}\_1 + \mathcal{G}\_{d,2}[k] z[k] + \mathcal{G}\_{d,3} u[k] \tag{26}$$

where <sup>ˆ</sup>*<sup>d</sup>* <sup>∈</sup> <sup>R</sup>*<sup>q</sup>* is unknown input estimator, *<sup>G</sup>d*,1 <sup>∈</sup> <sup>R</sup>*q*×(*n*−*q*) , *<sup>G</sup>d*,2 <sup>∈</sup> <sup>R</sup>*q*×*m*, and *<sup>G</sup>d*,3 <sup>∈</sup> <sup>R</sup>*q*×*<sup>p</sup>* . A controller can be further designed based on <sup>ˆ</sup>*d*, *<sup>z</sup>*, and *<sup>x</sup>des*, where *<sup>x</sup>des* <sup>∈</sup> <sup>R</sup>*<sup>n</sup>* is our desired state vector [73–77].

#### **5. Test Scenario**

Let us consider a traffic with ten driver types and fourteen vehicle models operating in manual, automated, and cooperative automated modes over US06 and Cycle D driving schedules with given conditions in Table 11 under malicious increases of 1 ft/s<sup>2</sup> , 3 ft/s<sup>2</sup> , and 5 ft/s<sup>2</sup> in transmitted accelerations, where

$$\mathbf{x}[k] \stackrel{\Delta}{=} \left[ \mathbf{S}^T[k] \; v\_{i+1}^T[k] \; a\_{i+1}^T[k] \; v\_i^T[k] \; a\_i^T[k] \right]^T \; \tag{27}$$

$$\boldsymbol{u}[k] \stackrel{\Delta}{=} \left[ \boldsymbol{K}\_{p} \boldsymbol{e}\_{\upsilon}^{T}[k] \; \boldsymbol{K}\_{i} \boldsymbol{e}\_{p}^{T}[k] \; \boldsymbol{K}\_{d} \boldsymbol{a}\_{i}^{T}[k] \; \boldsymbol{v}\_{ref}^{T}[k] \; \boldsymbol{a}\_{ref}^{T}[k] \right]^{T} \; \tag{28}$$

$$A := \begin{bmatrix} 1 & -\Delta t & 0 & \Delta t & 0 \\ 0 & 1 & \Delta t & 0 & 0 \\ 0 & 0 & 1 & 0 & 0 \\ 0 & 0 & 0 & 1 & 0 \\ 0 & 0 & 0 & 0 & 1 \end{bmatrix}, \text{and } B := \begin{bmatrix} 0 & 0 & 0 & 0 & 0 \\ 0 & 0 & 0 & 0 & 0 \\ 1 & 1 & 1 & 0 & 0 \\ 0 & 0 & 0 & 1 & 0 \\ 0 & 0 & 0 & 0 & 1 \end{bmatrix}. \tag{29}$$



\* for 0 ft altitude, 59◦ F temperature, and 14.7 lb/in<sup>2</sup> pressure, \*\* for good and dry pavement, # leader, ## follower.

#### **6. Results**

Distance gap, speed, and acceleration profiles are shown in Figures 2–4, arranged from shortest to longest time elapsed till crash occurs (showed as dashed lines)—2011 Ford F150 (7.5 s), 2004 Pontiac Grand Am (7.5 s), 2006 Honda Civic Si (7.6 s), 2009 Honda Civic (8.1 s), 2005 Mazda 6 (8.1 s), 2008 Chevy Impala (8.5 s), 2002 Chevy Silverado (8.5 s), 2004 Chevy Tahoe (9.0 s), 1998 Buick Century (9.3 s), 1998 Chevy S10 Blazer (9.3 s), intermediate semi-trailer (42.5 s), single-unit truck (42.8 s), interstate semi-trailer (44.8 s), and double semi-trailer (45.2 s). Results show that (1) proposed state and unknown input estimation model can be used to design a safe cooperative automated longitudinal control function under measurement noise, process noise, natural fault, and malicious fault; (2) vehicles over Cycle D driving schedule are more sensitive to fault magnitude than vehicles over US06 driving schedule (see Table 15), since vehicles over Cycle D driving schedule have lower average speeds and, therefore, maintain shorter time gaps than vehicles over US06 driving schedule; (3) passenger cars are more sensitive to fault magnitude than trucks, particularly at lower magnitude faults (see Table 15), since passenger cars maintain shorter time gaps than trucks; (4) errors in distance gap, speed, and acceleration are proportional to fault magnitude (see Tables 12–14); (5) errors in distance gap, speed, and acceleration are not sensitive to driving schedule; (6) distance gap is most sensitive state; (7) acceleration is least sensitive state; (8) adding 3.4 ft to estimated distance gaps, deducting 2.6 ft/s from estimated speeds, or deducting 0.8 ft/s<sup>2</sup> from estimated accelerations can mitigate impacts

of up to malicious increase of 5 ft/s<sup>2</sup> in transmitted accelerations (as a hypothesis) (see Tables 12–14), (9) higher magnitude faults lead to earlier crashes (see Table 15).

#### **Figure 2.** *Cont.*

(**m**) 2002 Chevy Silverado.

(**n**) 2004 Chevy Tahoe.

**Figure 2.** Distance gap profiles over US06 driving schedule under malicious increases in transmitted accelerations.

**Figure 3.** *Cont.*

(**m**) 2002 Chevy Silverado.

(**a**) 2011 Ford F150.

**Figure 3.** Speed gap profiles over US06 driving schedule under malicious increases in transmitted accelerations.

**Figure 4.** *Cont.*

**Figure 4.** Acceleration gap profiles over US06 driving schedule under malicious increases in transmitted accelerations.


**Table 12.** Distance gap errors \* (ft) before crash occurs \*\*.

\* calculated as *S normal i*+1 [*k* − 1] − *S f aulty i*+1 [*k* − 1], where *S normal* is distance gap in normal conditions, and *S f aulty* is distance gap in faulty conditions, \*\* in absence of our proposed state and unknown input estimation model.

**Table 13.** Speed errors \* (ft/s) before crash occurs \*\*.


\* calculated as *v normal i*+1 [*k* − 1] − *v f aulty i*+1 [*k* − 1], where *v normal* is speed in normal conditions, and *v f aulty* is speed in faulty conditions, \*\* in absence of our proposed state and unknown input estimation model.



\* calculated as *a normal i*+1 [*k* − 1] − *a f aulty i*+1 [*k* − 1], where *a normal* is acceleration in normal conditions, and *a f aulty* is acceleration in faulty conditions, \*\* in absence of our proposed state and unknown input estimation model.


**Table 15.** Seconds elapsed till test till crash occurs \*.

\* in absence of our proposed controller.

Levels 1 and 2 automated vehicles are assumed to maintain minimum safe distance gap in a string; vehicles dedicated to automated driving systems and vehicles equipped with cooperative automated driving systems are assumed to maintain minimum safe time gap in a string; vehicles are assumed to maintain minimum safe distance gap in a platoon at each simulation time step to maximize road capacity without compromising safety or string stability. Therefore, increasing demand up to road capacity would not impact outputs (e.g., distance gap, time gap, speed, and acceleration) significantly. Demands exceeding road capacity will spill back behind entrance.

#### **7. Discussion**

Existing simulation tools may overestimate safety and road capacity improvements associated with cooperative driving automation due to not considering vehicle model and vehicle-to-vehicle communication vulnerabilities on a large scale. This research modifies a vehicle-following model for conventional vehicles, a longitudinal control function for vehicles dedicated to automated driving systems, and a longitudinal control function for vehicles equipped with cooperative automated driving systems, considering vehicle model and vehicle-to-vehicle communication vulnerabilities to maximize road capacity without compromising safety or string stability. Our proposed traffic microsimulation tool can be used to verify automated driving systems and cooperative automated driving systems in contested environments.

Drivers are assumed to drive in a single lane, and there is no lane-change maneuver, while a lane-change maneuver can temporarily affect vehicle-following behaviors. Future work can model other significant components underpinning a traffic microsimulation tool (i.e., lane-changing and gap acceptance)


Microscopic measures (e.g., distance headway and time headway) can be aggregated to macroscopic measures (e.g., density and flow) as *<sup>k</sup>* , 1/*<sup>s</sup>* and *<sup>q</sup>* <sup>=</sup> <sup>3600</sup> <sup>×</sup> ¯*h*, where *<sup>k</sup>* is density (veh/ft), and *s*¯ is average distance headway (ft/veh). Future work can estimate macroscopic benefits associated with cooperative driving automation (e.g., increase in lane capacity) under various market penetration for autonomous and connected autonomous vehicles. Table 16 recommends potential improvements to our proposed longitudinal controller.


**Table 16.** Recommended control designs.

**Author Contributions:** Conceptualization, S.N., M.P. and M.N.; methodology, S.N.; software, M.P. and M.N.; validation, S.N.; formal analysis, M.P.; investigation, M.N.; resources, S.N.; data curation, S.N.; writing—original draft preparation, S.N.; writing—review and editing, M.P. and M.N.; visualization, M.N. All authors have read and agreed to the published version of the manuscript.

**Funding:** This work was sponsored by a contract from the Southeastern Transportation Research, Innovation, Development and Education Center (STRIDE), a Regional University Transportation Center sponsored by a grant from the U.S. Department of Transportation's University Transportation Centers Program. The contents of this report reflect the views of the authors, who are responsible for the facts and the accuracy of the information presented herein. This document is disseminated in the interest of information exchange. The report is funded, partially or entirely, by a grant from the U.S. Department of Transportation's University Transportation Centers Program. However, the U.S. Government assumes no liability for the contents or use thereof.

**Conflicts of Interest:** The authors declare no conflict of interest.

#### **References**

