Security Risks and Designs in the Connected Vehicle Ecosystem: In-Vehicle and Edge Platforms

Abstract

The evolution of Connected Vehicles (CVs) has introduced significant advancements in both in-vehicle and vehicle-edge platforms, creating a highly connected ecosystem. These advancements, however, have heightened exposure to cybersecurity risks. This work reviews emerging security challenges in the CV ecosystem from a new perspective, focusing on the integration of in-vehicle platforms such as the infotainment system and vehicle-edge platforms. By analyzing case studies such as Android Automotive, Message Queuing Telemetry Transport (MQTT), and the Robot Operating System (ROS), we identify the primary security threats, including malware attacks, data manipulation, and Denial of Service (DoS) attacks. The discussion extends to privacy concerns and the lack of trust-building mechanisms in CVs, highlighting how these gaps can be exploited. To mitigate these risks, we retrieve solutions drawn from the broader field of Internet of Things (IoT) security research, including Multi-Factor Authentication (MFA) and trust-based systems. The proposed framework aims to increase the trustworthiness of devices within the CV ecosystem. Finally, we identify future research directions in adaptive mechanisms and cross-domain security.