Location-Based Schemes for Mitigating Cyber Threats on Connected and Automated Vehicles: A Survey and Design Framework

The increased automation and connectivity of vehicles and road infrastructure can make future transportation systems more efficient and smarter and enable new transportation business models. Connected and automated vehicles (CAVs) may form a group of autonomous fleets to transform today's shared mobility services and also play the role of mobile sensors, which share real-time traffic and road information for transportation management. However, these technological advancements also lead to new cyher and physical threats that cause safety hazards or other undesired consequences. Although there have been a large number of papers about identifying and mitigating each type of threat, the lack of design support still challenges security engineering for developing CAVs. This limits the engineering capabilities of original equipment manufacturers to prioritize among multiple system properties, including safety, security, and privacy, and dealing with ever-changing attack surfaces and the power of attackers. This paper surveys security vulnerabilities and defense mechanisms for CAVs from an engineering design perspective. We illustrate how to identify and mitigate physical threats that compromise the safety of individual vehicles and cyber threats that disrupt newly CAV-enabled transportation services in a systematic way. An integrated security engineering process and a multi-layer design framework are presented for providing traceability and guidance in threat identification and mitigation.