Vehicular communication via V2X networks significantly improves road safety, but is vulnerable to data manipulation, which can lead to serious incidents. To address this threat, misbehavior detection systems (MBDs) have been developed to detect such misbehavior. In order to enhance the detection of data manipulation, trust assessment in V2X networks has recently gained increasing attention. Trust assessment takes into account the output of various security mechanisms such as MBDs or Intrusion Detection Systems (IDSs) to detect misbehavior. One particular challenge in trust assessment is the appropriate quantification of the output of these security mechanisms into trust opinions. In this paper, we propose a trust quantification methodology that transforms the output of an MBD into a subjective logic opinion. Furthermore, we apply a hyperparameter optimization approach to determine the optimal parameter set for an MBD. Our evaluation using three MBD variants shows that the optimization approach significantly increased the detection-performance of all MBDs. The MBD variant that used the optimization approach and our proposed trust quantification methodology achieved the best performance, increasing the F1 score by over 13% compared to other state-of-the-art MBD variants analyzed in this work.

Future vehicles and infrastructure will rely on data from external entities such as other vehicles via V2X communication for safety-critical applications. Malicious manipulation of this data can lead to safety incidents. Earlier works proposed a trust assessment framework (TAF) to allow a vehicle or infrastructure node to assess whether it can trust the data it received. Using subjective logic, a TAF can calculate trust opinions for the trustworthiness of the data based on different types of evidence obtained from diverse trust sources. One particular challenge in trust assessment is the appropriate quantification of this evidence. In this paper, we introduce different quantification methods that transform evidence into appropriate subjective logic opinions. We suggest quantification methods for different types of evidence: security reports, misbehavior detection reports, intrusion detection system alerts, GNSS spoofing scores, and system integrity reports. Our evaluations in a smart traffic light system scenario show that the TAF detects attacks with an accuracy greater than 96% and intersection throughput increased by 42% while maintaining safety and security, when using our proposed quantification methods.

Vehicular communication via V2X networks increases road safety, but is vulnerable to data manipulation which can lead to serious incidents. Existing security systems, such as misbehavior detection systems, have limitations in detecting and mitigating such threats. To address these challenges, we have implemented a software prototype of a Trust Assessment Framework (TAF) that assesses the trustworthiness of received V2X data by integrating evidence from multiple trust sources. This interactive demonstration illustrates the quantification of trust for a smart traffic light system application. We demonstrate the impact of varying evidence coming from a misbehavior detection system and a security report generator on the trust assessment process. We also showcase internal processing steps within our TAF when receiving new evidence, up to and including the eventual decision making on the trustworthiness of the received V2X data.

Connected and automated vehicles rely on data from various entities to support safety-critical applications such as Cooperative Adaptive Cruise Control (CACC). However, unauthorized data manipulation through, for example, data injection attacks can compromise vehicle safety and lead to incidents. Existing vehicular security mechanisms, such as Misbehavior Detection System (MBD), have limitations in detecting and mitigating all types of threats on their own. To address these limitations, our prior work has proposed the concept of a Trust Assessment Framework (TAF), which assesses data trustworthiness by combining evidence from multiple security systems operating as trust sources. However, TAF as a concept has not been extensively evaluated in safety-critical Cooperative Driving (CD) applications. In this work, we refine the architecture of the TAF and implement a software prototype based on it. We integrate the TAF prototype with a CACC simulation environment and implement three types of data injection attacks. We demonstrate that by incorporating multiple security mechanisms as trust sources, the TAF significantly improves attack detection performance and reduces the number of crashes by 86% compared to using a single security mechanism, such as MBD.

Automated vehicles communicating with each other or their surroundings are expected to exchange a large amount of data. With that, the trustworthiness of a shared data item concerning its integrity is raised, as well as the trustworthiness of a vehicle component not having been tampered with by an attacker. Traditional security mechanisms, such as misbehavior detection, can help identify some security violations but cannot assess the overall consequences of a range of vehicle attacks. For this purpose, previous work has already introduced the Trust Assessment Framework, which computes a target entity’s Actual Trustworthiness Level (ATL). This paper focuses on the concept of Required Trustworthiness Level (RTL), which represents the numerical thresholds an ATL needs to reach for an entity to be considered trustworthy. We present a risk-based method to calculate the belief component of an RTL based on the well-established and standardized Threat Analysis and Risk Assessment (TARA). We provide an in-vehicle use case to demonstrate our belief calculation method and discuss the impact of using risk ratings.

Connected, Cooperative, and Autonomous Mobility (CCAM) will take intelligent transportation to a new level of complexity. CCAM systems can be thought of as complex Systems-of-Systems (SoSs). They pose new challenges to security as consequences of vulnerabilities or attacks become much harder to assess. In this paper, we propose the use of a specific type of a trust model, called subjective trust network, to model and assess trustworthiness of data and nodes in an automotive SoS. Given the complexity of the topic, we illustrate the application of subjective trust networks on a specific example, namely Cooperative Intersection Management (CIM). To this end, we introduce the CIM use-case and show how it can be modelled as a subjective trust network. We then analyze how such trust models can be useful both for design time and run-time analysis, and how they would allow us a more precise quantitative assessment of trust in automotive SoSs. Finally, we also discuss the open research problems and practical challenges that need to be addressed before such trust models can be applied in practice.

Smart traffic lights systems (STLSs) are a promising approach to improve traffic efficiency at intersections. They rely on the information sent by vehicles via C2X communication (like in cooperative awareness messages (CAMs)) at the managed intersection. While there exists a large body of work on privacy-enhancing technologies (PETs) for cooperative Intelligent Transport Systems (cITS) in general, such PETs like changing pseudonyms often impact the performance of cITS applications. This paper analyzes the extent to which different PETs affect the performance of two types of STLSs, a phase-based and a reservation-based STLS. These are implemented in SUMO and combined with four different PETs. Through extensive simulations we then investigate the impact of those PETs on STLS performance metrics like time loss, waiting time, fuel consumption, and average velocity. Our analysis shows that the impact of PETs on performance varies greatly depending on the type of STLS. Finally, we propose a hybrid STLS which is a combination of the two STLS types as a potential solution for limiting the negative impact of PETs on performance.

Today’s vehicles run various safety-critical applications requiring data input from diverse in-vehicle components. Adaptive Cruise Control (ACC), for example, can rely on the data input from components such as lidar, radar, GNSS, and cameras. Malicious manipulation of any of this data compromises the data integrity and can result in safety incidents or accidents on the road. Security mechanisms like intrusion detection can be in place; however, they can not reliably assess the consequences of attacks on a system level or for arbitrary subsystems. In this paper, we present a Trust Assessment Framework (TAF) that allows an in-vehicle application in a complex System-of-Systems to assess whether it can trust the integrity of its input data.The TAF assesses the trustworthiness of every component in the data flow chain based on collected evidence. We explain this concept with the example of ACC and show case two ossible implementations of the TAF inside a vehicle.

Vulnerable or malicious third-party components introduce vulnerabilities into the software supply chain. Software Composition Analysis (SCA) is a method to identify direct and transitive dependencies in software projects and assess their security risks and vulnerabilities. In this paper, we investigate two open source SCA tools, Eclipse Steady (ES) and OWASP Dependency Check (ODC), with respect to vulnerability detection in Java projects. Both tools use different vulnerability detection methods. ES implements a code-centric and ODC a metadata-based approach. Our study reveals that both tools suffer from false positives. Furthermore, we discover that the success of the vulnerability detection depends on the underlying vulnerability database. Especially ES suffered from false negatives because of the insufficient vulnerability information in the database. While code-centric and metadata-based approaches offer significant potential, they also come with their respective downsides. We propose a hybrid approach assuming that combining both detection methods will lead to less false negatives and false positives.