Internet of vehicles: From intelligent grid to autonomous cars and vehicular clouds

Traditionally, the vehicle has been the extension of the man's ambulatory system, docile to the driver's commands. Recent advances in communications, controls and embedded systems have changed this model, paving the way to the Intelligent Vehicle Grid. The car is now a formidable sensor platform, absorbing information from the environment (and from other cars) and feeding it to drivers and infrastructure to assist in safe navigation, pollution control and traffic management. The next step in this evolution is just around the corner: the Internet of Autonomous Vehicles. Pioneered by the Google car, the Internet of Vehicles will be a distributed transport fabric capable to make its own decisions about driving customers to their destinations. Like other important instantiations of the Internet of Things (e.g., the smart building), the Internet of Vehicles will have communications, storage, intelligence, and learning capabilities to anticipate the customers' intentions. The concept that will help transition to the Internet of Vehicles is the Vehicular Cloud, the equivalent of Internet cloud for vehicles, providing all the services required by the autonomous vehicles. In this article, we discuss the evolution from Intelligent Vehicle Grid to Autonomous, Internet-connected Vehicles, and Vehicular Cloud.


I. FROM INDIVIDUAL VEHICLES TO THE CLOUD
The urban fleet of vehicles is rapidly evolving from a collection of sensor platforms that provide information to drivers and upload filtered sensor data (e.g., GPS location, road conditions, etc.) to the cloud; to a network of autonomous vehicles that exchange their sensor inputs among each other in order to optimize a well defined utility function. This function, in the case of autonomous cars, is prompt delivery of the passengers to destination with maximum safety and comfort and minimum impact on the environment. In other words, one is witnessing in the vehicle fleet the same evolution from Sensor Web (i.e., sensors are accessible from the Internet to get their data) to Internet of Things (the components with embedded sensors are networked with each other and make intelligent use of the sensors). In the intelligent home, the IOT formed by the myriad of sensors and actuators that cover the house internally and externally can manage all the utilities in the most economical way, with maximum comfort to residents, with virtually no human intervention. Similarly, in the modern energy grid, the IOT formed by all components large and small can manage power loads in a safe and efficient manner, with the operators now playing the role of observers.
In the vehicular network, like in all the other IOTs, when the human control is removed, the autonomous vehicles must efficiently cooperate to maintain smooth traffic flow in roads and highways. Visionaries predict that the vehicles will behave much better than drivers allowing to handle more traffic with lower delays, less pollution and certainly better driver and passenger comfort. However, the complexity of the distributed control of hundreds of thousands of cars cannot be taken lightly. If a natural catastrophe suddenly happens, say an earthquake, the vehicles must be able to coordinate the evacuation of critical areas in a rapid and orderly manner. This requires the ability to efficient communicate with each other and also to discover where the needed resources are (e.g., ambulances, police vehicles, information about escape routes, images about damage that must be avoided, etc.). Moreover, the communications must be secure, to prevent malicious attacks that in the case of autonomous vehicles could be literally deadly since there is no standby control and split second chance of intervention by the driver (who may be surfing the web).
This efficient communications and distributed processing environment can be provided by a new network and compute paradigm specifically designed for vehicles -the Vehicular Cloud. This mobile cloud provides several essential services, from routing to content search, spectrum sharing, dissemination, attack protection, etc., to autonomous vehicle applications via standard, open interfaces that are shared by all auto manufacturers. This article discusses the evolution from intelligent vehicle grid to autonomous, Internet-connected vehicles and vehicular cloud. In particular, we highlight the advantages of the Internet of Autonomous Vehicles and at the same time expose its challenges stemming from networking for content distribution to possible hostile attacks.

II. EMERGING APPLICATIONS ON WHEELS
Applications in vehicle communications have ranged from safety and comfort to entertainment and commercial services. This section discusses four noticeable characteristics observed in emerging vehicle applications and offers a vision on trends toward an intelligent vehicle grid and impact on the autonomous vehicle.
Application content time-space validity. Vehicles produce a great amount of content, while at the same time consuming the content. That is, they become rich data "prosumers." Such contents show several common properties of local relevance -local validity, explicit lifetime, and local interest. Local validity indicates that vehicle-generated content has its own spatial scope of utility to consumers. In safety applications, for instance, a speed-warning message near a sharp corner is only valid to vehicles approaching to the corner, say within 100 m. Explicit lifetime reflects the fact that vehicle content has its own temporal scope of validity. This also implies that the content must be available during its entire lifetime. For instance, the road congestion information may be valid for 30 min, while the validity of roadwork warning must last as long as work is finished. Local interest indicates that nearby vehicles represent the bulk of potential content consumers. This concept is further extended so as to distinguish the scope of consumers. For instance, all the vehicles in the vicinity want to receive safety messages, while only a fraction of vehicles are interested in commercial advertisements. Timespace validity of the data implies the scalability of the data collection/storage/processing applications, since old data is discarded. It also implies that the data should be kept on the vehicles rather uploaded to the Internet, leading to enormous spectrum savings. This property will be key to the scalability of the autonomous vehicle concept, given the huge amount of data collected by autonomous vehicle sensors.

Content-centric networking.
Vehicle applications are mainly interested in content itself, not its provenance. This memoryless property is characteristic of VANETs. In the fixed Internet, when one wants to check traffic congestion, she visits a favorite service site. Namely, the explicit site's URL guarantees access to ample, reliable information. In contrast, vehicle applications flood query messages to a local area, not to a specific vehicle, accepting responses regardless of the identity of the content providers. In fact, the response may come from a vehicle in the vicinity that has in turn received such traffic information indirectly through neighboring vehicles. In this case, the vehicle does not care who started the broadcast. This characteristic is mainly due to the fact that the sources of information (vehicles) are mobile and geographically scattered. Content centric networking will play a major role in the management and control of the autonomous car fleet. There are two reasons for this: first, the autonomous vehicle will travel at high speed and short distance from neighbors (on highways) and must have very up-to-date information of surrounding vehicles up to several kilometers in order to maintain a stable course. Thus, in the content-centric networking style, the vehicle periodically sends interests to receive position, speed and direction from the rest of the fleet. Secondly, in case of accident ahead, the vehicle must alert the driver (who may have been occupied in other matters) of the urgency so that the driver has the option of manual intervention. In this case, to prepare the driver for takeover, the vehicle retrieves photos and possibly video of the accident scene for the cameras of the vehicles facing the accident. Content-centric networking allows access to the best cameras with the needed data, without prior knowledge of the cars that offer the data.
Vehicle collaboration sharing sensory data. Emerging vehicle applications consume a huge amount of sensor data in a collaborative manner. That is, multiple sensors, installed on vehicles, record a myriad of physical phenomena. Vehicle applications collect such sensor records, even from neighboring vehicles, to produce value-added services. In MobEyes [1], for example, vehicles use a few sensors (including a video camera) to record all surrounding events including car accidents while driving. Thereafter, if indeed an accident was reported, Internet agents and/or mobile agents (e.g., police) search the vehicular network for witnesses as part of their investigations. The CarSpeak application [2] enables a vehicle to access sensors on neighboring vehicles, in the same manner as it can access its own. The vehicle then runs an autonomous driving application using the sensor collection, without knowing who produced what. In an Intelligent Transport System, vehicles exchange traffic congestion and road conditions messages to construct an up-to-date load conditions data base from which best path to (local) destinations are computed. Collaboration in the sharing and processing of sensor data will be one of the strong assets of the autonomous vehicles. The continuous sharing of position data is essential to guarantee stability of the autonomous fleet. The crowdsourcing of road conditions (poor pavement conditions, obstacles, accidents, etc.) using the collection of available sensors will allow smooth driving even in perilous conditions. Moreover, the collective tracking of available channels using sophisticated on board radios will allow careful mapping of the available spectrum, enabling the efficient communications required for fleet situation awareness and content downloading to "passive" drivers.
Intelligent vehicle grid and vehicular cloud. Vehicles are equipped with sensors that generate copious amounts of data every second. At the same time, the road is instrumented with smart dust components [3], RFID tags [4], and embedded microcontrollers. These Things constitute a Vehicle Grid, i.e., an intelligent road infrastructure analogous to the energy grid for intelligent power generation and distribution. The last trend we want to report is the emergence of the Vehicular Cloud. The vehicular cloud is the instantiation of the Internet of Vehicles comprising all the protocols and services required for the vehicle grid to operate efficiently and safely. The cloud provides a communication and computing environment on top of the grid so as to inter-network all Things that sense and move in the grid. One of the major beneficiaries of the vehicular cloud architecture will be Autonomous Driving.
Recall that the autonomous vehicle must be capable of sensing its surroundings and of self-driving without human inputs. To do that, it uses a myriad of on board sensors, ranging from RADAR, GPS, video cameras to CAN Bus sensors that monitor vehicle's internal operation status. An advanced autonomous driving system processes all the sensory data, constructs the traffic map, identifies appropriate paths and avoids obstacles on such paths, and makes driving safe and comfortable. Recently, Google 1 and Daimler-Benz 2 demonstrated autonomous driving system prototypes on real roads. In the future, as addressed in [2], access to sensors on neighboring vehicles will significantly improve the accuracy and safety of the driving. The vehicular cloud will provide the ideal system environment for the coordinated deployment of the sensor aggregation, fusion and database sharing applications required by the future autonomous vehicles.

III. VEHICULAR CLOUD
Vehicles are evolving from simple data consumers to intelligent agents that enable local collaborations with ample (1.  Fig. 1: The existing VANET networking vs. Information Centric Networking content sharing for richer user experience (UX). We claim that the Vehicular Cloud is the core system environment that makes this evolution possible. This section describes integral functions of the cloud, computing and networking, and discusses cloud resources and their interoperations.

A. Vehicular Computing
Vehicles and sensors within a local area generate vehicle contents. These contents are stored and searched in the vicinity; and processed and consumed within their lifetime period by neighboring vehicles. Recently, Gerla [5] introduced a new computing model, Vehicular Cloud Computing (VCC), to account for theses characteristics. VCC is a variant of Mobile Cloud Computing (MCC) [6], that begins from a conventional cloud computing model. To mobile nodes with limited resources, the Internet cloud offers network access both for using unlimited computing resources on the Internet and for storing/downloading contents to/from the Internet. However, it is too costly to upload every content to the Internet cloud, and too time consuming to search and download interesting contents from the Internet cloud. Besides, most of the contents picked up by vehicles have local relevance only and could be best stored locally.
In VCC, most of queries from drivers are about the world surrounding us (i.e., local relevance), and vehicles are the best probes of this environment. VCC resolves the queries using a self-organized model of the local environment. That is, vehicles effectively form a cloud within which services are produced, maintained, and consumed. To realize the model, VCC leverages the increasing processing and storage capacity of vehicles; it constructs a cloud by using the collection of vehicles' computing resources, which primarily aim at extending the capability of interactions amongst vehicles.

B. Information Centric Networking
Information Centric Networking (ICN) was initially conceptualized as a general form of communication architecture to achieve efficient content distribution on the Internet. ICN focuses on what (content) instead of where (host) to fulfill primary demands from both content consumers and publishers. Consumers are interested in content regardless of the originator. Publishers strive to efficiently distribute content to consumers. To this end, as shown on the right of Fig. 1, ICN uses content names instead of IP addresses so that the content is decoupled from publishers. Some of the recently proposed architectures for ICN in the Internet context [7] include DONA (Data-Oriented Network Architecture), NDN  Of these architectures, NDN [8] has been recently extended to vehicular networks [9], [10], [11]. NDN has two types of packets: Interest from consumers and Data (i.e., content) from publishers. Content name in these packets is used for routing. A consumer requests content by broadcasting an Interest with its name toward potential publishers. When a publisher receives the Interest and has data matching the Interest, it replies with the data back to consumer using the Interest path in reverse. NDN allows routers on the path to cache the content so that they can reply the cached content to consumers once they receive the matching Interest. This way, NDN achieves an effective content distribution that VCC critically requires to support its content oriented applications.

C. Cloud Resources
A vehicular cloud is created for collaborations amongst the cloud members to produce advanced vehicular services that individual alone cannot make. Unlike the Internet cloud that is created and maintained by a cloud provider, the vehicular cloud is temporarily created by inter-connecting resources available in the vehicles and Road Side Units (RSUs). Such networked resources operate as a common virtual platform on which the efficiency of collaboration is maximized. VCC and ICN together contribute to creating the cloud and to running the virtual platform efficiently.
Resources in the vehicular cloud are distinguished from the ones in the conventional cloud. Each vehicle has three categories of resources -data storage, sensors, and computing as shown in Fig. 2. The data storage stores vehicle contents generated from applications and sensors as well as traditional multimedia files. It supports data sharing between cloud participants by accepting an external search query and by replying with matched contents. The sensor is able to self-actuate as well as to detect events in a physical world. Following the Internet of Things model, each sensor is directly connected to the Internet, so that it can be read and controlled by an external system.
In the vehicular cloud, the resources are inter-networked via purely peer-to-peer connections. That is, each vehicle negotiates the level of resource sharing directly with each other. For efficiency, one vehicle in a cloud can be elected as a broker based on some selection metrics (e.g., connectivity to vehicles). Then, it mediates the process of resource sharing as well as other cloud operations. A RSU, joining the cloud as a stationary member in Fig. 3, can be a good candidate for the negotiator role. We also envision the deployment of resource-constrained RSUs such as cameras. They may not have enough storage and computing power, but still have reliable connections to vehicles. If this is the case, they can store and manage data indexes for effective content discovery.

D. Case study: Autonomous Driving Scenario
Given the collection of resources from vehicles and RSUs and their potential interconnections, we illustrate how the cloud system operates to establish a virtual computing platform and to enable cloud type collaboration in it. We use a simple autonomous driving scenario as shown in Fig. 3.
Cloud resource discovery. Suppose that a vehicle V 1 (a cloud leader) self-organizes as a vehicular computing cloud to complete an autonomous driving application. The application requires images of next three road segments in order to improve the accuracy of context awareness, yet resources in V 1 only covers one road segment. The cloud leader sends out a RREQ to recruit vehicles and RSUs in the right positions that can provide the right sensing resources such as a camera.
Cloud formation. Upon receiving RREPs containing resource information from them, the leader selects two cloud members (say, a vehicle V 2 and a road camera RC 1 ) and forms a new cloud.
Task assignment and result collection. The cloud leader, then, assigns the tasks of taking a picture of the next two block scenes and of returning the data back to it.
Content publishing and sharing. After collecting images from cloud members, the leader processes the collection to create new content that is published to the entire network. V 1 consumes the content for its autonomous driving application. At the same time, the leader asks other vehicles (V 4 in Fig. 3) store and keep the content in their storage for the purpose of potential reuse of the contents around the cloud. When some time later the following vehicles V 6 and V 7 run their autonomous driving applications, they request the contents by broadcast an Interest message with the content name. Finding a match, V 4 can transmit the matched contents to V 6 and V 7 directly without contacting V 1 .
Cloud maintenance. In the meantime, the leader may receive a cloud leave message from a cloud member. Then, it selects a replacement among nodes that sent RREP in the resource discovery phase and have sufficient resources to complete the task assigned to the member that just left. The leader reassigns the task and updates the cloud table.
Cloud release. When the cloud leader decides not to use the cloud any more, it sends a cloud release message to all the cloud members V 2 and RC 1 .

IV. VEHICULAR CLOUD AND AUV CHALLENGES
The evolution from manually operated to autonomous vehicle (AUV) will pose several new challenges. Some of these challenges come from the massive deployment of sensors on the AUV and the huge amount of data that the AUV can pick up from the environment. Other challenges result from the fact that the AUV "drives itself autonomously" while the driver may be busy with background activities and not capable to intervene immediately in case of emergencies. After all, a much-advertised AUV benefit is the ability of the driver to engage in other activities as if she were on a train -"with wheels". In this section, we review these challenges and their impact on vehicular protocols and applications and more generally on the vehicular cloud architecture design.

A. NDN Network Layer
The previous section shows that the VCC's "narrow waist" network layer is NDN. In other words, the NDN network is required to find content, not hosts or IP addresses -that is, content is found by exploiting geographic relevance more than naming hierarchy. In fact, due to node mobility one cannot assume that there is a geographically consistent name hierarchy such that the prefix location gives a hint about the location of the target content. In our case, however, most of the queries will be location relevant. For example, we wish to find a video clip of a museum in a certain area of the city; or a witnesses in a car accident; or information about pavement conditions on a given route (e.g., potholes, bumps, etc.), an ambulance near the train station, or a photo or video of a congested street we are supposed to drive through. This "environment monitoring" service will become popular when there will be lots of AUVs on the road, equipped with all sorts of sensors, from vibration sensors to video cameras and GPS, and capable to capture every detail of the environment. Today, Google cars roam the city and map topology, and combine it actual pictures of the buildings. Visionaries believe that AUVs will map the entire "word" more so than regular cars, and they will maintain the index to this "mapped world". Finding the desired content in this large volume of data stored on the AUVs will be a challenge for the vehicular NDN service of VCC.

B. Beacons and Alarms
One important application built within the vehicular cloud is "Beaconing and Alarms". Recall that the AUV sensors (from optical to Lidar) do most of the work in the attempt to keep the vehicle and its passengers out of trouble. Sensors alone, however, are not sufficient to maintain stable operations in high speeds and extremely reduced inter-vehicle spacing. This is particularly true in truck platoons (Fig. 4). In this case, it was found that communications from front to rear trucks are necessary to avoid the onset of oscillations. Likewise, V2V (Vehicle-to-Vehicle) communications are necessary to avoid the formation of shock waves in a long column of AUVs when a slow down or accident occurs in front. Intersection collisions will not be so critical when most of the cars are autonomous, since the AUVs (unlike human drivers) abide by the signals and speed limits and approach intersections with caution. However, V2V communications will still be required among lead cars facing 4-stop intersections in order to implement the "smart traffic light" [12]. The electronic light schedules groups of cars across the intersection, like a real traffic light would do, dramatically reducing delays. AUVs will also find out about road conditions ahead, via V2V in order to make the drive more comfortable for the passengers.

C. Intelligent Transport
The introduction of the autonomous driving will greatly enhance Intelligent Transport. The AUVs will be able to use the existing highway network much more efficiently than manually-operated cars because they can be packed in compact platoons and convoys. They can also make efficient use of preferred (or pay-per-service) lanes, by maintaining a "train on wheel" configuration on such lanes, and by allowing efficient in-and-out lane switches using a combination of sensors and V2V communications in a much safer way than human could (given the high speeds involved). The AUVs can also manage automatic charges. They can participate in auctions and bids on behalf of customers if necessary, and can enforce the fees by detecting and reporting non-complying vehicles. On the safety side, the AUVs can become aware of other mobiles sharing the road, say pedestrians and bicycles. They can track them with their sophisticated sensors/Lidars and can share the information of "bike ahead" with vehicles behind and one of two lanes across through V2V communications.

D. Infrastructure Failure Recovery
The AUVs depend on the infrastructure (e.g., WIFI access points, DSRC RSUs, and LTE) for several non-safety functions such as advanced sensor data processing and intelligent transport. In the case of a major infrastructure failure caused by an earthquake, say, some of these functions must be taken over by human drivers. However, there is a gray period, between when a massive infrastructure failure occurs and when the human takes over of navigation, during which the AUVs must fight the problems on their own. This is a very critical window because the AUVs only know about their immediate neighbors. After the disaster, they have lost knowledge of the neighbors beyond the reach of their sensors, which was provided by the Internet ITS server. To avoid a second disaster, caused by the AUVs going out of control, it is important to maintain a V2Vsupported propagation of traffic conditions and congestion state on adjacent roads. This background "crowdsourcing" of traffic will allow the AUVs to make intelligent routing decisions (to avoid obstacles or blocked roads in case of earth quakes) so that the human drivers can progressively take over with confidence.

E. File and Media Downloading
Efficient downloading of multimedia to drivers and passengers (e.g., TV shows, movies and games) will be a critical marketing strategy for the automated driving. Previous research in this area has shown that in the crowded wireless access spectrum the download of popular content from web is best done using bit torrent techniques via V2V support [13]. Downloading from WIFI access points or LTE alone will not work. Content distribution to AUVs is also motivated by safety considerations. For instance, the drivers in the middle of a convoy travelling bumper to bumper at 60 mph will be reassured, when they are able to capture the video of the lead car. It will give them the impression of "being in control" without having to work on the commands. Even more important will be the immediate delivery of the video, or image, of an accident scene to AUV drivers to alert them of the severity of a problem ahead and let them judge if they should take on the control. A possible scenario of media file propagation is as follows. The beacons inform the AUV's upstream of the presence of an accident in location (x, y), say. A particular AUV determines that the accident can impact its drive and submit an "interest" (in NDN terminology) to the location in question. The first video camera facing the accident responds by returning the video, following the PIT (Pending Interest Table) pointer trail in reverse. Other vehicles can join the multicast tree as well. Clearly, this broadcast can be supported only by V2V communications. LTE would introduce too much latency and would not scale [14].

F. Cognitive Radios and Spectrum Data-base Crowdsourcing
The previous applications point to the critical need for V2V between AUVs. The DSRC dedicated spectrum, in principle, can support the V2V traffic, or at least the traffic for beacons and emergency services. However, visionaries anticipate that the DSRC 75 Mhz spectrum will be quickly exhausted by the basic safety applications. In such cases, previous studies have shown that the V2V requirements must be supported by the WIFI spectrum in a Dynamic Spectrum Sharing Mode, competing with residential users in an urban environment [15]. The cognitive radio functions must be supported by a multiradio AUV platform. They can also be supported by AUV crowdsourcing of the occupancy of the 802.11b/g channels ahead.

G. Virtualization
Virtualization is one of the most important features of the Internet cloud. It also plays an important role in the VCC and in particular in the support of AUVs. Because of the rich assortment of sensors on board, the AUV fleet may be required to perform "data mining" like tasks such as recognizing a fugitive in the vehicular cloud in a certain geographic area. The AUVs can do some initial filtering and correlation of images that can be of interest. But, for final processing this data must be uploaded to a virtual image of the patter recognition process in the Internet cloud. Virtualization will be required also for the privacy of the drivers as well as for the sensitivity of the application. Besides exporting expensive computations to the Internet cloud, another important function of virtualization is the customization of the sensor platform to different applications. For example, the car manufacturer can access all CAN (Controller Area Network) bus sensors and all cameras, while a neighbor vehicle may access only the outward pointing camera.

H. Security
Besides the common security requirements like privacy, confidentiality, Distributed Denial of Service (DDoS) protection and authentication, the AUV is very vulnerable to vicious attacks that may, say, disable the steering or the brakes system. The latter attacks are of concern with normal cars with a human driver in control. They are extremely more dangerous for AUVs because there is no driver on instant stand by. For this reason, the protection from attacks both external (from access points or from conventional vehicles) as well as internal (from other AUVs) must be designed with stricter standards. Yet, access to the cars' internal mechanism and possibly to On-Board Diagnostics (OBD) and CAN bus must be allowed when the AUV is out of control, because of either internal malfunctioning or a malicious attack. One interesting research in these security issues is a multi-factor protection strategy [16]. As shown in Fig. 5, it distinguishes privileges for data reading from system controlling; intuitively the former is prioritized less than the latter. Given such differently weighted access actions, a neighbor vehicle presents only one type of credential factor to obtain data from the AUV (e.g., image of an accident scene). The strategy, on the other hand, requires each access to vulnerable on board equipment to be authorized by two different authorities in advance: for example, the vehicle manufacturer and the municipal authority. In a similar manner, each AUV can prioritize access actions and protect them differently according to their priorities. Changing the number of credential factors in the strategy realizes various protection levels.

V. CONCLUSION
The urban fleet of vehicles is evolving from a collection of sensor platforms to the Internet of Autonomous Vehicles. Like other instantiations of the Internet of Things, the Internet of Vehicles will have communications, storage, intelligence and learning capabilities to anticipate the customers' intentions. This article claims that the Vehicular Cloud, the equivalent of Internet Cloud for vehicles, will be the core system environment that makes the evolution possible and that the autonomous driving will be the major beneficiary in the cloud architecture. We showed a vehicular cloud model in detail and discussed potential design perspective with highlights on autonomous vehicle, AUV, for future research.