Sage Journals: Discover world-class research

Abstract

This study proposes trusted measurement and evaluation models for intelligent transportation system products to provide technological means for the transport sector and government departments to detect the compliance and availability of intelligent transportation system products and consider the market access of intelligent transportation system products. Then, this study builds a trusted testing platform based on a hardware-in-loop system to test and validate trusted measurement and evaluation models of intelligent transportation system products. Finally, a traffic signal controller is tested and validated in the platform in different operation environments. The result shows that the trusted measurement model can accurately measure the trusted status in normal and non-normal operation conditions, and the trusted evaluation model can dynamically calculate the intelligent transportation system product’s trusted attributes, namely, the trusted evaluation values and comprehensive trusted evaluation values of the intelligent transportation system product, as the intelligent transportation system product’s operation environment changes.

Keywords

Trusted measurement trusted evaluation intelligent transportation system intelligent transportation system product traffic signal controller

Introduction

Intelligent transportation systems (ITSs) show positive effects on improving traffic operation efficiency, alleviating traffic congestion, ensuring traffic safety, and reducing traffic emissions, among others. Therefore, the state and governments at all levels take a serious attitude toward the ITS industry’s development and planning strategy. Governments have proposed a series of policies to simulate the development of the ITS industry and raised its financial budget to develop the ITS. With the application and popularization of ITS in the area of transportation, especially in urban traffic system, people are becoming increasingly dependent on ITS products. The governors use ITS products to alleviate traffic disorders, reduce traffic accidents, and decrease traffic emissions, such as using traffic signal controller. The travelers use ITS products to obtain traffic information, improving traffic safety and comfort, such as using personal digital assistant (PDA) navigation. ITS products are being extensively used in all areas of urban traffic system, such as traffic signal control, traffic flow guidance, traffic information service, and traffic safety monitoring. These products not only directly affect people’s quality of living but also the safety of their life and property. Therefore, when ITS products develop faults, failures, or errors, it will have increasingly serious consequences for the governors and travelers.¹

In China, there are more than 2000 corporations engaged in the ITS industry.² The products of these corporations include hardware products, software products, and integrated systems. These products are used in the fields of traffic signal control, traffic flow guidance, traffic information service, electronic toll collection (ETC) system, traffic monitoring, and so on. However, these products’ reliability, usability, testability, maintainability, and security are of varying quality. The governors and travelers enjoy the various services, conveniences, and effectiveness of ITS products, but at the same time, they suffer from life and property loss, trouble, and challenge due to untrusted ITS products.

To ensure the trustability of ITS products, excluding potential faults in the hardware, software, and integrated systems of ITS products before launching in the application market, it is necessary to measure and evaluate the capacity of trusted services provided by ITS products.³ This article aims to analyze the influencing factors for the trusted measurement and trusted evaluation of ITS products and then to develop a measurement and evaluation model to measure and evaluate the trustability of ITS products.

The rest of this article is organized as follows. Section “Literature review” is a review of the literature on fault detection and trusted computing. In section “ITS product trusted measurement and evaluation model,” the trusted measurement model and trusted evaluation model for ITS products is proposed and deduced. In section “Experimental validation,” an ITS product trusted testing platform based on a hardware-in-loop system was set up to test and validate the trusted measurement model and trusted evaluation model using traffic signal controller. In section “Discussion and conclusion,” a brief review of this article and the future research are presented.

Literature review

Urban traffic management and control rely heavily on ITS products for its reliable and effective operation. ITS products provide traffic network operating condition, detect traffic incident, and so on for the governors to make more effective management. With increasing safety, performance, and automation requirements, ITS construction is increasingly sophisticated and is heavily reliant on ITS products. However, ITS products are often considered the weak link in urban traffic management and control. Any ITS product failure could degrade ITS performance and possibly lead to the failure of all the urban traffic systems. Therefore, it is necessary to detect and accommodate such failures, particularly if the ITS product in question has a safety-critical application. In safety-critical applications, any failure could result in damage to property or the environment and, in the worst-case scenario, the loss of life. Traffic signal control system is a good example of safety-critical application. All in a word, ITS product failure detection, identification, and accommodation constitute an important part of research in the safety-critical systems domain.⁴

Throughout the research and application of the trusted measurement and evaluation of ITS products, the state-of-the-art practice is to implement fault detection, identification, and accommodation of hardware devices. There have been three stages of development for hardware devices’ fault detection, diagnosis, identification, and fault-tolerant control. The researches are mostly based on experimental experiences, sensors and dynamic testing, and artificial intelligence. In the literature, early works on analytical ITS hardware devices’ faults were mostly based on observers and Kalman filtering.^5–8 These researches relied on the linear time-invariant mathematical model of the system. In addition, these techniques can suffer from modeling discrepancies between reality and the mathematical models of the system. The recent literatures have seen efforts been made to address these issues, particularly regarding the linearity assumption of the Kalman filtering. Several versions of the Kalman filtering have been developed and applied to various fault tolerance and state estimation problems in hardware devices.^9,10

With a constant improvement in hardware performances, the stability and reliability of hardware device fundamentally improve. The industry found that the most fault of hardware occurred in its embedded software. In recent years, researchers have begun to focus on software’s stability, security, and credibility. The enactments or formulations of standards, norms, contracts between ITS products, or ITS product units have been organized. ITS products’ reliability, stability, availability, and compliance have attracted increasing focus and will be the most prominent factor in trusted measurement and evaluation in the research and application stage of trusted computing. In the literature, research on analytical software trusted measurements is mostly based on software trusted modeling and measurement. Johnson¹¹ analyzes the use of formal verification methods in developing trusted software and gives methods for the design, implementation, and maintenance of safe and dependable software, to enhance the dependability of software. Alawneh and Hamou-Lhadj¹² propose high-performance computing analytic tools to describe the necessary trusted software behavior and model trusted computing of the inter-process communication. Betous-Almeida and Kanoun¹³ present a stepwise approach for dependability modeling, based on generalized stochastic Petri nets. This approach allows the various dependencies to be considered at the correct level of abstraction: functional dependency, structural dependency, and dependency induced by non-exponential distributions. Lenzini et al.¹⁴ propose a trustworthiness management framework for quality metrics on the software component behaviors and for periodically evaluating their trustworthiness. Ardagna et al.¹⁵ provide an approach that permits service developers and software adopters to evaluate service performance at design time through building on expert knowledge, service complexity evaluation, and the performance (retrieved by testing) of some reference services; to estimate the execution time of service operations; and to improve the credibility and stability of software. The recent literatures have seen efforts to address security analysis, mutual authentication, identity management, and trusted interaction of software. Several versions of trusted authentication, trusted security analysis, and identity management have been developed and applied to various ITS software products.

In the current researches and applications in fault detection and diagnosis, they mostly used redundancy modules embedded in hardware or software to collect information and analyzed and confirmed the fault sections and reasons based on the principle of subordination of the minority to the majority. Although using embedded redundancy modules can improve the reliability of hardware or software, it can increase system complexity and running delay of the hardware or software. For safety-critical and real-time demanded system, especially in ITS, the method of embedding redundancy modules is unacceptable. This article focuses on external fault detection and diagnosis. A trusted testing platform based on hardware in-loop system was built to extract input vector, state vector, and output vector of different modules of ITS hardware or software. The trusted measurement and evaluation model was inject to observe the data stream of ITS hardware or software using the input vector, state vector, and output vector, testing and validating the trusted capacity of ITS product. According the trusted evaluation value, the user of ITS product can decide whether it can be deployed in urban traffic management and control area.

ITS product’s trusted measurement and evaluation model

ITS product’s trusted measurement

In traffic management and control systems, ITS products are used for detecting traffic information, monitoring traffic flow condition, and controlling traffic flow work in a time-driven, event-driven, and data-driven style. Time-driven means that the ITS product works periodically, such as a fixed-time traffic signal controller. Event-driven means that the ITS product works when an event occurs, such as a traffic flow video detector. Data-driven means that the ITS product works when data are input to the product, such as traffic information display devices.^16–18 The high-level abstract structure of an ITS product is illustrated in Figure 1.

Figure 1.

Structure of ITS product.

The sensor module of an ITS product obtains traffic flow data. It may be time-driven, event-driven, or data-driven, depending on the type and the application of ITS product. The controller module of an ITS product processes traffic flow data and generates or optimizes a traffic control plan. The traffic data transmitted from the sensor module to the controller module have time-lag, set as ${\bar{d}}^{sc}$ . The controller module’s traffic data processing cycle is set as T.

The ITS product’s actuator module preformation status model can be described as follows

${\begin{matrix} \overset{\cdot}{x} (t) = A_{f} \cdot x (t) + B_{f} \cdot v (t) + f (t) \\ y (t) = C_{f} \cdot x (t) \end{matrix}$ (1)

The ITS product’s sensor module preformation status model can be described as follows

${\begin{matrix} \overset{\cdot}{x} (t) = A_{f} \cdot x (t) + B_{f} \cdot v (t) \\ y (t) = C_{f} \cdot x (t) + f (t) \end{matrix}$ (2)

where $x (t) \in R^{n}$ is the state vector, $v (t) \in R^{m}$ is the input vector, $y (t) \in R^{l}$ is the output vector, and $f (t) \in R^{n}$ is the fault vector. Under normal circumstances, $f (t)$ is the zero vector, which represents whether the ITS product is creditable. If $f (t)$ is a nonzero vector, then a fault had occurred in the ITS product, and the ITS product is untrusted. $A_{f}$ , $B_{f}$ , and $C_{f}$ are the constant coefficient matrices.

The ITS product’s controller module preformation status model can be described as follows

${\begin{matrix} x (t + 1) = A \cdot x (t) + B \cdot u (t) + f (t) \\ y (t) = C \cdot x (t) \\ z (t) = y (t - 1) \end{matrix}$ (3)

where $A = e^{A_{f} \cdot T_{d}}$ , $B = \int_{0}^{T_{d}} e^{A_{f} \cdot s} ds \cdot B_{f}$ , $C = C_{f}$ , $u (t)$ is the control vector of controller module, and $z (t)$ is the input vector of controller module.

Thus, the ITS product’s trusted measurement model can be described as follows

$\overset{⌢}{x} (t + 1) = A \cdot \overset{⌢}{x} (t) + B \cdot u (t) + L \cdot (y (t - 1) - \overset{⌢}{y} (t - 1))$ (4)

where L is the gain measurement matrix.

The state estimation error is assumed to be as follows

$e (t) = x (t) - \overset{⌢}{x} (t)$ (5)

The ITS product’s trusted status estimation can be described as follows

$e (t + 1) = A \cdot e (t) - L \cdot C \cdot e (t - 1)$ (6)

Introducing the augmenting vector $θ_{k}$ to equation (6) gives the following

$θ (t) = {[e^{T} (t) e^{T} (t - 1)]}^{T}$ (7)

$θ (t + 1) = [\begin{matrix} A & L \cdot C \\ I & 0 \end{matrix}] \cdot θ (t)$ (8)

Then, let $\tilde{A} = [\begin{matrix} A & 0 \\ I & 0 \end{matrix}]$ , $\tilde{L} = [\begin{matrix} L \\ 0 \end{matrix}]$ , and $\tilde{C} = [\begin{matrix} 0 & C \end{matrix}]$ , and the ITS product’s trusted measurement estimation error is as follows

$Q (t + 1) = (\tilde{A} - \tilde{L} \cdot \tilde{C}) \cdot Q (t)$ (9)

Lemma 1 (matrix Schur complement property)

Given constant matrices A, P, Q, $Q = Q^{T}$ , $P = P^{T} > 0$ , and $A^{T} PA + Q < 0$ , then if and only if¹⁹

$[\begin{matrix} Q & A^{T} \\ A & - P^{- 1} \end{matrix}] < 0 or [\begin{matrix} - P^{- 1} & A \\ A^{T} & Q \end{matrix}] < 0$ (10)

Theorem 1

As the ITS product’s trusted measurement estimation error equation, if there exist symmetrical positive matrices P and Q, and they meet the below condition

$[\begin{matrix} - P & {\tilde{A}}^{T} P - {\tilde{C}}^{T} Q \\ P \tilde{A} - Q^{T} \tilde{C} & - P \end{matrix}] < 0$ (11)

Proof

Using Lyapunov’s function $V (t) = e^{T} (t) Pe (t)$ , where P is the symmetric positive definite matrix, then

$\begin{matrix} Δ V (t) = V (t + 1) - V (t) = e^{T} (t + 1) Pe (t + 1) - e^{T} (t) Pe (t) \\ = e^{T} (t) [{(A - LC)}^{T} P (A - LC) - P] e (t) \end{matrix}$ (12)

Obviously, $Δ V < 0$ is equal to formula (13)

${(A - LC)}^{T} P (A - LC) - P < 0$ (13)

According to matrix Schur complement property (as in lemma 1), formula (13) is equal to formula (14)

$[\begin{matrix} - P & A^{T} - C^{T} L^{T} \\ A - LC & - P^{- 1} \end{matrix}] < 0$ (14)

As formula (14) includes P and $P^{- 1}$ , the matrix inequality is nonlinear. Let formula (14) pre-multiply and post-multiply $diag (I, P)$ respectively, then we will obtain

$[\begin{matrix} - P & A^{T} P - C^{T} L^{T} P \\ PA - PLC & - P \end{matrix}] < 0$ (15)

Definition $Q = L^{T} P$ replaces $L^{T} P$ in formula (15), which turns out to be formula (11).

End proof.

Then, using Lyapunov’s function

$\begin{matrix} θ^{T} (t + 1) P θ (t + 1) - θ^{T} (t) P θ (t) = θ^{T} (t) \\ [{(\tilde{A} - \tilde{L} \tilde{C})}^{T} P (\tilde{A} - \tilde{L} \tilde{C}) - P] θ (t) < 0 \end{matrix}$ (16)

With lemma 1, it can be stated that the ITS product’s trusted measurement estimation error is asymptotically stable.

When the ITS product’s trusted measurement estimation error shows asymptotic stability, then $ε (t) = He (t)$ is defined as the ITS product’s trusted measurement residual error, where H is the weight matrix.

Then, it is possible to choose a suitable critical threshold, $\bar{ε}$ , to decide whether the ITS product is trustable or untrustable

${\begin{matrix} ‖ ε (t) ‖ ⩽ \bar{ε} ITS product is trustable \\ ‖ ε (t) ‖ > \bar{ε} ITS product is untrustable \end{matrix}$ (17)

here, $‖ ε (t) ‖ = \sqrt{ε^{T} (t) ε}$ is the Euclidean norm of the vector.

ITS product’s trusted evaluation

To validate whether the ITS product’s operation behavior corresponds to expectations, and the ITS product is continuously trustable at the scheduled time, it is necessary to confirm the trusted requirement. Generally, the trusted requirement consists of a set of multi-dimensional trusted attributes and establishes a trusted evaluation indices system.^13,20

Definition 1

For trusted evaluation, the ITS product’s trusted status at time $t_{i}$ is defined as follows

$S 〈 t_{i}, t r_{i}, TEIS (X_{e, i}, X_{w, i}) 〉$ (18)

where $t_{i}$ is the ITS product’s operation time; $t r_{i}$ is the ITS product’s trusted requirement at time $t_{i}$ ; $TEIS (X_{e, i}, X_{w, i})$ is the ITS product’s trusted evaluation indices system; and $X_{e, i}$ and $X_{w, i}$ are the trusted indices set and trusted indices weight set, respectively.

Definition 2

During the ITS product’s operation period $(t_{i}, t_{j}]$ , the ITS product’s status transfer function is defined as follows

$\begin{matrix} C S_{i \to j} (τ) = S 〈 t_{i}, t r_{i}, TEIS (X_{e, i}, X_{w, i}) 〉 \\ \to S 〈 t_{j}, t r_{j}, TEIS (X_{e, j}, X_{w, j}) 〉 \end{matrix}$ (19)

where $τ$ is the incentive parameter.

ITS products have different trusted requirements in different statuses, different operation times, and different operation environments. Therefore, the ITS product’s trusted evaluation model needs to be dynamic and adaptive. The ITS product’s trusted requirement is demonstrated by trusted indices and a trusted evaluation indices system. Thus, it is necessary to adjust the trusted indices set $X_{e, i}$ and trusted indices weight set $X_{w, i}$ dynamically to adapt to environmental heterogeneity.

Trusted indices self-adjustment

When an ITS product’s trusted requirements change, it needs to add or delete a trusted index in its trusted indices set at time $t_{i}$ .

Definition 3

Assuming $a_{i}$ and $a_{j}$ are the ITS product’s trusted attributes, the degree of correlation of $a_{i}$ to $a_{j}$ is $C_{ij}$ , $C_{ij} \in (- 1, 1)$ with $C_{ij}$ not necessarily equal to $C_{ji}$ . If $C_{ij} > 0$ , $a_{i}$ and $a_{j}$ are positively correlated. If $C_{ij} = 0$ , $a_{i}$ and $a_{j}$ are mutually independent. If $C_{ij} < 0$ , $a_{i}$ and $a_{j}$ are negatively correlated.

An ITS product’s trusted evaluation computing system can construct a conjunction matrix $TAIM = [C_{ij}]_{n \times n}$ to adapt the change in the trusted indices of the ITS product.²¹

Trusted indices weight self-adjustment

When an ITS product operates in different working environments, the trusted indices of the ITS product in trusted evaluation indices system are changed, and the trusted index weights need to change synchronously. The trusted attributes’ trusted indices weights are set as $W = {w_{1}, w_{2}, \dots, w_{n}}$ . $TAIM = [C_{ij}]_{n \times n}$ is the trusted attributes’ conjunction matrix. The trusted index weights are adjusted as shown below when the trusted indices change:^12,22

Step 1. When the trusted evaluation indices system deletes a trusted attribute $a_{i}$ , then

Step 1.1. If $C_{i *} = 0$ in the $TAIM = [C_{ij}]_{n \times n}$ , then delete the ith row and ith column of $TAIM = [C_{ij}]_{n \times n}$ , producing $TAIM = [C_{ij}]_{(n - 1) \times (n - 1)}$ , and the trusted index weights are adjusted as follows

$w'_{t} = \frac{n w_{t} + w_{i}}{n}$ (20)

where $t = 1, \dots, n$ and $t \neq i$ .

Step 1.2. If $C_{i *}$ are not all zeroes, in the trusted evaluation index system, trusted attribute $a_{i}$ is related to other trusted attributes. The trusted index weights are adjusted as follows

${\begin{matrix} {w'}_{t} = w_{t} - C_{it} w_{i} & C_{it} \neq 0 \\ {w'}_{t} = w_{x} - \frac{\sum_{t}^{n} ({w'}_{t} - w_{t}) - w_{i}}{n - ω - 1} & C_{ix} = 0 \end{matrix}$ (21)

where $t, x = 1, \dots, n$ and $t, x \neq i$ ; and $ω$ is the number of trusted attributes that trusted attribute $a_{i}$ relates to.

Step 2. When the trusted evaluation index system adds a new trusted attribute, it is necessary to compute the degree of correlation of the new trusted attribute with the existing trusted attributes, constructing the new conjunction matrix $TAIM' = [C_{ij}]_{(n + 1) \times (n + 1)}$ .

Step 3. When the ITS product’s operation status changes, the trusted index weights also need to change.

Definition 4

In the trusted evaluation index system, $a_{i}$ is the key trusted attribute; $S_{k}$ is the operation status of the ITS product; $S_{k + 1}$ is the next operation status of the ITS product; and $w_{i}$ and $w'_{i}$ are the trusted index weights of trusted attribute $a_{i}$ under the operation statuses $S_{k}$ and $S_{k + 1}$ , respectively. In the trusted evaluation index system, $a_{t}$ is related to $a_{i}$ , and the degree of correlation of $a_{i}$ to $a_{t}$ is $C_{it}$ . In the trusted evaluation index system, $a_{x}$ is not related to $a_{i}$ . The trusted index weights of $a_{t}$ and $a_{x}$ under the operation status $S_{k + 1}$ are as follows

${\begin{matrix} {w'}_{t} = w_{t} + C_{it} ({w'}_{i} - w_{i}) & C_{it} \neq 0 \\ {w'}_{x} = w_{x} - \frac{\sum_{t}^{n} ({w'}_{i} - w_{t}) + ({w'}_{i} - w_{i})}{n - ω - 1} & C_{ix} = 0 \end{matrix}$ (22)

Trusted evaluation

When the ITS product operates in different working statuses or working environments, the trusted evaluation index system dynamically and self-adaptively adjusts the trusted indices and trusted index weights according to the ITS product’s working status or working environment. Then, it is necessary to obtain the ITS product’s state vector $x (t)$ , input vector $v (t)$ , and output vector $y (t)$ and use different measurement scales and evaluation criteria to normalize the ITS product’s operation status data.

Definition 5

$Ω = {H_{1}, \dots, H_{n}}$ is the ITS product’s operation status evaluation set; $H_{n} (n = 1, \dots, N)$ is a group of evaluation degrees; $m (S)$ is the trusted confidence level of the ITS product’s operation status S within $Ω$ ; and $u (m)$ is the value of the utility function for the ITS product’s operation status data

$m (S) = {(H_{n}, β_{n}), (Ω, β_{Ω}), n = 1, \dots, N}$ (23)

$u (m) = \sum_{n = 1}^{N} β_{n} u (H_{n}) + β_{Ω} u (Ω)$ (24)

$β_{n} = \frac{u (H_{n + 1}) - u (m_{0})}{u (H_{n + 1}) - u (H_{n})}$ (25)

where $β_{n}$ and $β_{Ω}$ are the trusted confidence level probability in $H_{n}$ and $Ω$ , respectively, and $m_{0}$ is given an initial value.

The trusted evaluation values of different ITS products’ trusted attributes are calculated as follows

$V_{TA} (m) = \sum_{n} β_{n} u (H_{n}) + \sum_{β_{n} \neq 0} \frac{β_{Ω} u (H_{n})}{| m |}$ (26)

Experimental validation

This study developed an ITS product trusted testing platform based on a hardware-in-loop system to test ITS products’ trusted attributes, as shown in Figure 2. The ITS product’s trusted testing platform consists of a traffic simulator which is used to generate different traffic statuses. The trusted testing management software is used in fault injection, load simulation, and information coordination. The ITS software product and ITS hardware product are used to inter-feedback the ITS product’s operation status and trusted status.²³ To validate the ITS product’s trusted measurement model and trusted evaluation model, this article uses a traffic signal controller to test and verify the model. The control module of the traffic signal controller is ARM 9. The sensor module of the traffic signal controller is PLC 51, and its maximum control capacity is 64 signal lights. In the ITS product’s trusted testing platform, the traffic simulator’s simulation step is set as 0.1 s and the running time is set as 3600 s. Daily traffic flow data and traffic signal plan of a typical four-phase signalized intersection in Changchun city, China, were used as normal operation condition input and status vectors of the simulator and controller. In the experiment, we defined traffic flow below 800 PCU/lane as status $λ 1$ and above 1200 PCU/lane as status $λ 2$ .

Figure 2.

ITS product’s trusted testing platform.

ITS product’s trusted measurement testing

In the trusted testing platform, when the daily traffic flow data and traffic signal plan run in the simulator module and controller module, respectively, the input vector, state vector, and output vector are extracted by I/O port of hardware-in-loop system. The trusted testing management uses a sampling period to discrete the continuous data stream of the hardware-in-loop system. When the sampling dataset was enough (in this article, the sample size is 30), the constant coefficient matrices in different modules can be derived from the sampling data. In the ITS product’s trusted measurement, the constant coefficient matrices are calibrated as $A_{f} = [\begin{matrix} - 1 & 0.2 \\ 0 & - 1.5 \end{matrix}]$ , $B_{f} = [\begin{matrix} 1.5 & 0 \\ 0 & 1 \end{matrix}]$ , and $C_{f} = [\begin{matrix} 1 & 1 \end{matrix}]$ . In the ITS product’s trusted testing platform, the traffic simulator’s simulation step is set as 0.1 s ( $T = 0.1 s$ ) and ${\bar{d}}^{sc}$ is randomly distributed in the range between 0 and 0.1.

According to formula (3), the ITS product’s controller module preformation status model can be discretized as follows

${\begin{matrix} x_{k + 1} = [\begin{matrix} 0.905 & 0.018 \\ 0 & 0.861 \end{matrix}] \cdot x_{k} + [\begin{matrix} 1.5 & 0.133 \\ 0 & 0.667 \end{matrix}] \cdot u_{k} + f_{k} \\ y_{k} = [\begin{matrix} 1 & 1 \end{matrix}] \cdot x_{k} \\ z_{k} = y_{k - 1} \end{matrix}$ (27)

The gain measurement matrix L can be calculated as $L = [\begin{matrix} 0.461 & 0.430 \end{matrix}]^{T}$ .

In the first step of experimental process, the trusted testing management did not inject any fault information to the hardware-in-loop system and let the ITS product’s trusted testing platform to run in the normal status. The preformation status of the controller module and the actuator module is observed under input statuses $λ 1$ and $λ 2$ , respectively. The ITS product’s trusted operation status is measured as shown in Figures 3 and 4.

Figure 3.

ITS product’s trusted measurement curve in operation status $λ 1$ .

Figure 4.

ITS product’s trusted measurement curve in operation status $λ 2$ .

In hardware-in-loop system, the controller module can be simulated and evaluated by the trusted testing management software. So, we simulate the input vector of status $λ 1$ and status $λ 2$ for controller module, respectively. The trusted testing management extracts the state vector. Then, the state of the actuator module was observed. The observed state of the controller module and the actuator module is shown in Figures 3 and 4. In status $λ 1$ , with the F-test ( $F = 1.026$ ), the single tail critical $F_{α} = 2.687$ , $F < F_{α}$ ; with two-sample heteroscedasticity hypothesis in T-test, $P (T ⩽ t) = 0.971$ . In status $λ 2$ , with the F-test ( $F = 0.871$ ), the single tail critical $F_{α} = 0.372$ , $F > F_{α}$ ; with two-sample heteroscedasticity hypothesis in T-test, $P (T ⩽ t) = 0.947$ . From the F-test and T-test, the observed state of the controller module and the running state of the actuator module were not significantly different. So, the designed model can accurately track the running state of the ITS product in the level of significance $a = 0.05$ .

To test the ITS product’s trusted operation status in non-normal status, a random fault data is injected through the trusted testing management software to the hardware-in-loop system when the ITS product’s trusted testing platform running simulator time is 1800 s. The ITS product’s trusted measurement dependable critical threshold is set as $\bar{ε} = 0.05$ . The Euclidean norm value of the ITS product’s trusted measurement residual error results is computed from formulas (4)–(16) and shown in Figures 5 and 6.

Figure 5.

ITS product’s trusted measurement residual error in operation status $λ 1$ .

Figure 6.

ITS product’s trusted measurement residual error in operation status $λ 2$ .

As shown in Figures 5 and 6, before the random fault was injected, the residual error was asymptotically stable under the designed model. But after the simulator time t = 1800 s, when the random fault was injected, there was a sequence of sudden transformation in the modules. The detected non-normal condition almost continues until the end of the simulation. It can be seen that there were different degrees of time delay in the detected fault: the time delay of status $λ 1$ was about 160 s and status $λ 1$ was about 120 s. The delay result is the data stream of the input vector, state vector, and output vector in different modules of the hardware-in-loop system which have time gap in the experimental processing. If the time gap of data stream between different modules is subtracted, then the residual error can reflect that a fault had occurred in the system immediately. This means that the designed model can detect the non-normal status of the system.

ITS product’s trusted evaluation testing

In an urban traffic signal control system, to keep the road safe and in order, a traffic signal controller should have high trustability. The traffic signal controller operates in all weather conditions to protect the traffic flow from conflicts, keep the traffic flow in order, and prevent disturbance and invasion. A trusted traffic signal controller should have the following trusted attributes: reliability ( $T A_{1}$ ), availability ( $T A_{2}$ ), fault tolerance ( $T A_{3}$ ), safety ( $T A_{4}$ ), and security ( $T A_{5}$ ). According to the study of Dickinson et al.,²¹ the conjunction matrix is calculated as follows

$TAIM = \begin{matrix} T A_{1} & T A_{2} & T A_{3} & T A_{4} & T A_{5} \\ T A_{1} & \times & 0 & - 0.10 & 0.35 & 0 \\ T A_{2} & 0 & \times & 0 & 0 & 0 \\ T A_{3} & - 0.05 & 0 & \times & - 0.10 & 0.10 \\ T A_{4} & 0.25 & 0 & - 0.20 & \times & 0 \\ T A_{5} & 0 & 0 & 0.05 & 0 & \times \end{matrix}$ (28)

Let the traffic signal controller operate under different statuses: idle ( $S_{1}$ ), traffic flow detector inspection ( $S_{2}$ ), traffic data collection ( $S_{3}$ ), traffic control strategy optimization ( $S_{4}$ ), traffic signal plan implementation ( $S_{5}$ ), and traffic signal control exception ( $S_{6}$ ).

According to the studies of Alawneh and Hamou-Lhadj¹² and Li et al.,²² in different operation statuses, the trusted index weights of the traffic signal controller’s trusted attributes change as shown in Figure 7.

Figure 7.

Weight of trusted attributes in different operation status.

Let $Ω = {H_{n}, n = 1, \dots, 5}$ be the traffic signal controller’s operation status set. $u (H_{n}) = {0, 0.25, 0.5,$ $0.75, 1}$ is the value of the utility function for the traffic signal controller’s operation status. The trusted evaluation results of the traffic signal controller’s trusted attributes are shown in Figure 8, as calculated by formula (26).

Figure 8.

Traffic signal controller’s trusted attributes’ trusted evaluation value in different operation status.

Then, the comprehensive trusted evaluation value can be calculated using trusted attributes’ utility function and the trusted index weights. The traffic signal controller’s comprehensive trusted evaluation value is shown in Figure 9.

Figure 9.

Traffic signal controller’s comprehensive trusted evaluation value in different operation status.

As shown in Figure 9, the traffic signal controller operating under traffic data collection ( $S_{3}$ ) situation has the lowest trusted evaluation value because the traffic signal controller is injected by outside data stream and the robustness of the inside traffic signal controller system had changed by outside data stream. The lower trusted evaluation value is obtained when the traffic signal controller is in idle ( $S_{1}$ ) situation, that is because the traffic signal controller is in ready state, but the dataset in I/O port and state of processing is empty. The highest trusted evaluation value is obtained in traffic signal plan implementation ( $S_{5}$ ) and traffic signal control exception ( $S_{6}$ ), that is because the data stream in the traffic signal controller and the processing of the traffic signal controller are all well done.

Conclusion

In this article, a trusted measurement model and trusted evaluation model for ITS products are proposed using fault detection, diagnosis methods, and trusted computing theory. A hardware-in-loop system of ITS products’ trusted testing platform is set up to verify the proposed models of this article. The experimental results show that the trusted measurement model can track the running state of the traffic signal controller and reflect the sudden change in the traffic signal controller when the fault information was injected. Of course, there is still time delay in reflecting a fault had occurred in the current experimental stage. But the time delay in some degree depends on the time gap of processing data in different modules of the traffic signal controller. To a certain extent, the trusted evaluation model can reflect the reality running situation of the ITS products using dynamic adjustment of trusted indices and trusted indices weight in different operation status.

In order to obtain more general and robust conclusions, experimental data from different fault-injected information, traffic signal controller’s running status, and processing conditions require further exploration. And future studies are required to apply the model to other ITS products (such as traffic flow guidance device, traffic information service device, and ETC system). Moreover, with the development and pervasive application of ITS products in the area of transportation, the trusted measurement and evaluation will be focus on gradually before ITS product deployed in the roadside for some considerable time to come. It will be interesting to further design a suitable observer to test and evaluate the fault detection and diagnosis of ITS products, and enhance the robustness of the models to deal with system’s uncertainty and disturbance input. More accurate mathematical model should be further studied to reduce the complexity of parity-check function in trusted measurement and evaluation and make it practicable in engineering application.

Footnotes

Handling Editor: Martin Baumann

Declaration of conflicting interests

The author(s) declared no potential conflicts of interest with respect to the research,authorship,and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research,authorship,and/or publication of this article: This research was supported by the Science and Technology Project of Jilin Provincial Education Department (grant nos JJKH20180150KJ and JJKH20170810KJ),the Youth Scientific Research Foundation of Jilin (grant no. 20180520075JH),and the National Nature Science Foundation of China (grant nos 51408257 and 51308248).

ORCID iD

Ciyun Lin

References

Feng

Qin

Feng

et al . The theory and practice in the evolution of trusted computing. Chin Sci Bull 2014; 59: 4173–4189.

Saiwen Inc. 2018 traffic signal controller market analysis report in China. Beijing, China: Saiwen Inc., 2018.

Yao

Cocquempot

Wang

Fault diagnosis and fault tolerant control scheme for a class of non-linear singular systems. IET Control Theory A 2015; 9: 843–851.

Hussain

Mokhtar

Howe

JM.

Sensor failure detection, identification, and accommodation using fully connected cascade neural network. IEEE T Ind Electron 2015; 62: 1683–1692.

Bin Muhaya

. Security analysis and improvement of a mutual authentication scheme under trusted computing. Int J Ad Hoc Ubiq Comput 2015; 18: 37–44.

Michael

JB.

Trusted computing: an elusive goal. Computer 2015; 48: 99–101.

Wang

Al-Dubai

Advances in trusted network computing. Secur Commun Netw 2014; 7: 1311–1312.

Dong

Chen

LQ.

Recent advances on trusted computing in China. Chin Sci Bull 2012; 57: 4529–4532.

De Loza

Cieslak

Henry

et al . Sensor fault diagnosis using a non-homogeneous high-order sliding mode observer with application to a transport aircraft. IET Control Theory A 2015; 9: 598–607.

10.

Yang

CH.

Adaptive fault diagnosis and active tolerant control for wind energy conversion system. Int J Control Autom 2015; 13: 120–125.

11.

Johnson

TL.

Improving automation software dependability: a role for formal methods?

Control Eng Pract 2007; 15: 1403–1415.

12.

Alawneh

Hamou-Lhadj

An exchange format for representing dynamic information generated from high performance computing applications. Future Gener Comput Syst 2011; 27: 381–394.

13.

Betous-Almeida

Kanoun

Construction and stepwise refinement of dependability models. Perform Eval 2004; 56: 277–306.

14.

Lenzini

Tokmakoff

Muskens

Managing trustworthiness in component-based embedded systems. Electron Note Theor Comput Sci 2007; 179: 143–155.

15.

Ardagna

Damiani

Sagbo

KAR

et al . Zero-knowledge evaluation of service performance based on simulation. In: Proceedings of the 15th international symposium on high-assurance systems engineering, Miami Beach, FL, 9–11 January 2014, pp.254–258. New York: IEEE.

16.

Jie

Fault detection and diagnosis methods for networked control systems. PhD Thesis, Nanjing University of Science and Technology, Nanjing, China, 2010.

17.

Ming

Fault detection and diagnosis of network control system. PhD Thesis, Nanjing University of Science and Technology, Nanjing, China, 2007.

18.

Zhangqing

Robust fault detection and diagnosis on dynamic systems. PhD Thesis, Nanjing University of Science and Technology, Nanjing, China, 2005.

19.

Robust control–linear matrix inequality. Beijing, China: Tsinghua University Press, 2002.

20.

Shuai

Research on software trustworthiness evaluation model and its optimization. PhD Thesis, Hefei University of Technology, Hefei, China, 2011.

21.

Dickinson

Thornton

Graves

Technology portfolio management: optimizing interdependent projects over multiple time periods. IEEE T Eng Manage 2001; 48: 518–527.

22.

Jin

JW.

Guest editorial: high performance trusted computing. J Supercomput 2011; 55: 1–3.

23.

Cavusoglu

Kurnaz

The development of a hardware- and software-based simulation platform for the training of driver candidates. Turk J Electr Eng Co 2013; 21: 131–143.

Trusted measurement and evaluation for intelligent transportation system products: A case study for traffic signal controller