An autonomous vehicle (AV) may be a vehicle that is capable of sensing its environment and navigating with little or no human input. The autonomous vehicle may include a system having a variety of modules or sub-systems for enabling the vehicle to determine its surroundings and safely navigate to target destinations. For example, an autonomous vehicle may have a computer (e.g., one or more central processing units, graphical processing units, memory, and storage) for controlling various operations of the vehicle, such as driving and navigating. To that end, the computer may process data from one or more sensor arrays. For example, an autonomous vehicle may have optical cameras for, e.g., recognizing hazards, roads and lane markings. Data from these systems and modules may be used by a navigation system to safely guide the autonomous vehicle, even without the aid of a human driver.
Successful and safe navigation of AV may depend on making appropriate decisions in response to the external environment. Making appropriate decisions may, in turn, depend on appropriate data being transmitted fast and in time between different components of the AV system. However, when multiple components are transmitting data to a single receiver, and the combined throughput of the multiple components exceeds the channel capacity, congestion latency may occur.
The AV may have a control system to provide control commands to the various components of the AV performing the driving functions of the AV (e.g., steering, acceleration, or braking). For reliable operation, the control system has redundant computing systems as well as sensors with overlapping capabilities. A classic redundancy system implementation of the control system provides no guarantee of correctness other than that the control command is a decision decided by majority of computing components, even in the presence of a faulty entity (e.g., a faulty sensor). The majority (e.g., two out of three) determination of the appropriate control command may be identified by performing the same computation multiple times (e.g., three times). However, each computation can be expensive with respect to time and utilized system resources. The computational cost is especially significant in the context of autonomous driving, since decisions need to be made rapidly when traveling at high speeds to minimize response time and ensure safety.
The AV may include many components (both hardware as well as software) that communicate with each other via data packets including signals, commands, and/or instructions. For example, a central computer or a computing module associated with a camera sensor of the vehicle may send a signal to an actuator of the vehicle's brakes to apply brakes based on analysis of the environment surrounding the vehicle. These data packets could be exchanged between the vehicle components unsecured, but doing so would make them susceptible to eavesdropping and unwanted modifications. For example, an eavesdropper or a hacker may introduce one or more faults in the data packets or inject fabricated data packets at any point within the communication network of the vehicle, such as right before the intended recipient vehicle component. In addition, even when there is no compromise in communication between two vehicle components, the sending component may sometimes send suboptimal or erroneous instructions to the receiving component (e.g., because the sending component may not have performed its processing correctly). If such modified, compromised, or faulty data packets are received by a vehicle component without safeguards, then the component may cause the vehicle to perform an incorrect action, which could lead to less safe action.