Survey - From Autonomous Vehicles to Vehicular Clouds: Challenges of Management, Security and Dependability

Abstract

Survey on the challenges of using vehicular networks as a vehicular cloud for the Internet in terms of dependability and security.

Full text

From Autonomous Vehicles to Vehicular Clouds:
Challenges of Management, Security and
Dependability
Jian Kang
Electrical Engineering & Computer Science Department
University of Missouri
Columbia, Missouri, U.S.
jkang@mail.missouri.edu
Dan Lin
Electrical Engineering & Computer Science Department
University of Missouri
Columbia, Missouri, U.S.
lindan@missouri.edu
Elisa Bertino
Department of Computer Science
Purdue University
West Lafayette, Indiana, U.S.
bertino@purdue.edu
Ozan Tonguz
Department of Electrical and Computer Engineering
Carnegie Mellon University
Pittsburgh, Pennsylvania, U.S.
tonguz@ece.cmu.edu
Abstract—Autonomous vehicles have the potential to enhance
road safety, reduce traffic pressure and improve the driving
experience. With the on-board sensors, compute units, storage
devices, and communication modules, autonomous vehicles are
becoming integrated information systems. Compared to conven-
tional centralized approaches and traditional clouds, the emerg-
ing vehicular clouds (v-clouds) technology is a more promising
solution for utilizing such rich resources. In v-clouds, vehicles can
communicate with one another, form self-organized vehicular ad-
hoc networks (VANETs), collect real-time sensing data, conduct
intensive computation, and disseminate information. However,
the highly dynamic and heterogeneous nature of autonomous
vehicles raises many issues when designing v-cloud systems.
In this paper, we focus on the challenges in designing v-cloud
computing architectures, providing effective routing protocols,
securing v-cloud environments and enhancing the dependability
of v-clouds. We review the state of the art and discuss open
research issues.
Index Terms—Autonomous Vehicles, Vehicular Clouds,
VANETs, Management, Security, Privacy Preservation
I. INTRODUCTION
With the development of autonomous vehicles and vehicular
ad-hoc network (VANET) technology, vehicles are becoming
integrated information systems. Huge amounts of data are
collected by embedded sensors, stored by high-capacity stor-
age devices, processed by on-board computing units, and dis-
seminated via the various communication networks to which
vehicles are connected. By utilizing such rich resources, many
new applications are emerging, such as autonomous driving
management, traffic management, content sharing, etc. These
applications can enhance road safety, increase traffic efficiency
and improve the comfort of drivers and passengers [8].
In spite of the benefits of the autonomous vehicle appli-
cations, how to utilize those resources of vehicles efficiently,
effectively and securely is far from simple. To perform the
complex computation tasks required by those applications,
large amounts of data, such as road conditions, vehicle status,
and multimedia resources, need to be collected, transferred and
processed continuously. Computation results, such as naviga-
tion routes, evacuation plans, and automatic driving decisions,
should be conducted rapidly and disseminated accurately to
the vehicles. These requirements impose extreme challenges
on conventional centralized approaches which may not be able
to quickly collect real-time information and disseminate deci-
sions due to jamming or inaccessibility of the Internet/cellular
network at the scene.
To address this issue, the newly emerging vehicular clouds
(v-clouds) technology is a more promising solution. In v-
clouds, vehicles communicate with one another and form self-
organized vehicular ad-hoc networks. Their under-utilized re-
sources, such as sensing, storage, computing, and networking
resources, are pooled together. Considering there are a large
number of vehicles on roads, the vehicular cloud has sufficient
resources to collect first-hand information on the scene, con-
duct intensive computation efficiently, and coordinate vehicles
effectively even during unexpected events [2].
At first glance, the v-clouds may look deceptively similar to
the mobile cloud computing. However, unlike the mobile cloud
computing, on one hand, a modern vehicle typically has larger
storage space, greater computing power, better communication
ability, and unlimited power supply [8], which makes v-clouds
more powerful than mobile clouds. On the other hand, the
strict safety requirements of vehicles make the design of v-
cloud systems much harder than the mobile clouds. Compared
with the traditional cloud computing and the mobile cloud
computing, there are three unique characteristics of v-cloud
computing: (1) Lack of a central authority; (2) High mobility
of network nodes; and (3) Stringent time constraints. Those

Optical, Infrared, Radar,
Laser, Camera , etc..
Embedded Sensors
Stora ge Dev ices , Com putin g
Units, etc..
On-board Units
Vehicle-to-Vehicle, Vehicle-
to-Infrastructure, etc..
Wireless Networks
Coordination
Secutiry
Dependability
Fig. 1. On-board Equipment of Autonomous Vehicles and the Requirements
characteristics raise a series of new challenges that cannot be
easily addressed by conventional methodologies:
•Architecture: The architecture of v-clouds should be
flexible, extensible, efficient and robust enough to fit the
dynamic and heterogeneous nature of vehicles.
•Authentication: The authentication protocol for vehicles
in v-clouds should be able to verify the identities of other
vehicles to account for service liability while preserving
privacy information.
•Authorization: The authorization mechanism in v-clouds
should be able to verify access rights without knowing
other vehicles’ real identities.
•Information Trustworthiness Assessment: The vehicles
should be able to validate the trustworthiness of infor-
mation processed by v-clouds according to stringent time
constraints.
The rest of this paper is organized as follows. Section II
introduces the overview and fundamentals of vehicular clouds.
Section III presents the unique requirements and challenges of
v-clouds. Section IV reviews the state-of-the-arts. Section V
discuss the open research issues. Lastly, Section VI concludes
the paper.
II. FU NDA ME NTALS OF VEHICULAR CLOUDS
In this section, we provide an overview of autonomous
vehicles, the vehicular ad-hoc networks, and the fundamental
concepts of vehicular clouds.
A. Autonomous Vehicles
Autonomous vehicles, which also called automated or self-
driving vehicles, are rapidly developing. Compared to the
traditional human-driven vehicles, autonomous vehicles have
the potential to improve road safety, alleviate traffic con-
gestion, and change driving behaviors [3]. Defined by the
Society of Automobile Engineers (SAE), there are six levels of
vehicle automation: (1) no automation, (2) driver assistance,
(3) partial automation, (4) conditional automation, (5) high
automation, and (6) full automation. As shown in Fig. 1, a high
level of vehicle automation not only means more powerful
on-board equipment (sensors, automated controls, wireless
networks, navigation devices [23], storage devices, computing
units), but also indicates more stringent requirements for the
coordination, security, and dependability of the system of the
autonomous vehicles.
B. Vehicular Ad-hoc Networks
Considering the huge number of vehicles on the roads,
VANETs are envisioned to be the supporting technology
for autonomous vehicles. In VANETs, using the Vehicle-to-
Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) commu-
nications, vehicles, which serve as network nodes, can self-
organize as a dynamic architecture, share resources, exchange
messages and enhance the connectivity of vehicles. Such a
capability provides the fundamental support for the v-clouds.
Approaches proposed for the management, security, and de-
pendability of VANETs are relevant to v-clouds as well.
C. Vehicular Clouds
By utilizing the V2V and V2I communication, vehicles
can share computing, storage, sensing and communication
resources with others in v-clouds [8], [25]. Based on the mobil-
ity, formation and maintenance scenarios, v-cloud architectures
can be classified into three major types [39]: stationary v-
cloud, infrastructure-based v-cloud, and dynamic v-cloud. The
stationary v-cloud is formed by parked vehicles and is very
similar to a conventional clouds. The infrastructure-based v-
cloud relies heavily on static infrastructure such as road-side
units (RSUs) which are in charge of cloud formation. The
dynamic v-cloud is self-organized by vehicles via V2V com-
munications and is the most promising for handling emergency
responses.
III. UNIQUE CHALLENGES IN VEHICULAR CLOUDS
As shown in Fig. 2, compared to other networks, v-clouds
have some unique characteristics that are relevant for the
design of their security solutions:
•Lack of a central authority: In the conventional cloud,
the network nodes are all deployed and connected in a
relatively static way. The cloud vendor owns the network
nodes and fully controls them, and hence the cloud vendor
can enforce a series of security and privacy methods
on its network nodes. In mobile clouds, since mobile
devices typically have limited power supply, storage,
and computing capability, they have to heavily rely on
infrastructures such as base stations to form clouds. The
broadly deployed base stations make this feasible as well.
However, in v-clouds, due to the high mobility and low
infrastructure reliance requirement, vehicles have to self-
organize into clouds to share their unused resources.
There is no central authority or a single point of trust
that has full control of all vehicles’ resources. This makes

Conventional Clouds Mobile Cl ouds Vehicular Clouds
Power
Supply
Computing
Capability
Mobility
Infrastructure
Reliance
Time
Constraints
Not Restricted Limited Not Restricted
Most Powerful Limited Powerful
Low Medium Hig h
High High Low
LowMedium High
Fig. 2. The Comparison of Conventional Clouds, Mobile Clouds and
Vehicular Clouds
traditional authentication mechanisms hard to apply in v-
clouds. Instead, vehicular clouds call for a fundamentally
different authentication model that leverages extensive
collaborations of vehicles for solutions suitable in sce-
narios where there is no central authority support.
•High mobility of network nodes (vehicles): Unlike other
networks (e.g., Internet, sensor networks), the network
topology in v-clouds is much more dynamic due to the
high mobility of vehicles. The short-term relationships
(and sometimes one-time relationships) among vehicles
make it an extremely challenging task for a data owner
to track his/her data usage/accesses by other vehicles in v-
clouds, which would not be that difficult in conventional
clouds or other networks with relatively stable topology.
Therefore, vehicular clouds need a fundamentally new
access control mechanism that can travel with data and
enforce access control policies anywhere the data goes.
•Stringent time constraints: Since vehicles may not stay
together for long as nodes in other networks do, all the
security, privacy and trustworthiness mechanisms in v-
clouds must meet stringent time constraints to ensure
that they can be successfully accomplish their tasks.
That is, vehicular clouds need highly efficient security
mechanisms.
The design of security solutions must take into account the
potential threats. Since the v-clouds are based on the vehicular
networks, there are prone to several attacks at the network
layer, including
•Man-in-the-middle attacks: Attackers can secretly relay
or alter the network packets between two vehicles, make
them believe that they are communicating with each other
directly.
•Eavesdropping attacks: Attackers may try to sniff traffic
between vehicles to steal information in the v-clouds.
•Replay attacks: Attackers may replay valid messages to
disturb the traffic.
Internet
Mobile
Communication
Network
Research Thrusts
Secure Architecture
Basic Supporting Architecture
Clo ud Computi ng Ar chitec ture
Privacy-Preserving
Authentication
Securi ty Privac y
Privacy-Preserving Access
Control
Real-time Trustworthiness
Evaluation
Security Components
Does the vehicle has a
valid identity?
What resources can be
accessed by the vehicle?
What actions are
allowed on the data?
Do I need to verify data
trustworthiness?
Vehicle
Secure Vehicular Clouds
Fig. 3. Secure and Dependable Vehicular Cloud Computing
•Impersonation attacks: Attackers may pretend to be an-
other vehicle in v-clouds.
•Message delay and suppression attacks: By delaying or
suppressing messages, attackers may hold critical infor-
mation from the legitimate receivers.
•Denial of Service (DoS) attacks: Attackers may send a
large amount of junk messages so as to block the services
provided by v-clouds.
At the application level, there are many threats which need
to be addressed in cloud computing environment as well [50]:
•Traffic flow analysis: The attacker may analyze the
characteristics of network flow, such as frequency, size,
and destination of the network packets to steal critical
information from the v-clouds.
•Privacy breach: The attacker may get sensitive informa-
tion in different ways, such as tracking movements of
vehicles, stealing sensing data, and infer the real identity
of vehicles in v-clouds.
•Data “disruption”: A malicious vehicle may alter or
fabricate data during different phases of the data life
cycle, namely data collection, processing, sharing, and
dissemination, so as to disrupt the normal operation of
v-clouds.
A. Architecture
As shown in Fig. 3, based on its functions, the design of
the v-cloud architecture can be divided into two parts:
•Basic Supporting Architecture: The basic supporting ar-
chitecture should provides a number of critical functions:

organizing large amounts of heterogeneous vehicles, rout-
ing messages among vehicles, infrastructures, and servers
through frequently interrupted links, and managing the
various entities without imposing too much burden on the
v-cloud system. In conventional networks, the topology of
nodes is relatively fixed. However in v-clouds, as vehicles
move quickly, the relative position of vehicles and the
communication links change frequently and rapidly. One
moment a vehicle may move along with a group of
vehicles in a highway, and next it may leave this highway
and move in the communication range of another vehicle
group. In order to organize vehicles and provide them
with connectivity, the architecture should be able to
acquire and maintain information about vehicle locations
and “topology” of groups of vehicles, route messages
among vehicles, infrastructures and servers, and manage
vehicles, such as adjusting the routing parameters, chang-
ing the scenario from normal to emergency, querying
group heads, etc. Designing and engineering all such
functions is challenging.
•Cloud Computing Architecture: In v-clouds, the design of
resource sharing, task allocation, result aggregation, and
dissemination is different from other cloud computing
architectures. Different vehicles in different locations may
serve as different roles for different applications. Even
a single vehicle may serve at a certain time as one of
a group-decision-makers when crossing an intersection
in road enhancing application. Then at a different time,
it may serve as storage and buffering node in another
group of vehicles for an entertainment application sce-
nario. Supporting such dynamic role assignments is a
challenging problem. Besides that, in order to allocate
tasks and aggregate results efficiently and securely, there
are several problems need to be addressed as well. As an
example, when allocating tasks for a vehicle in a group,
the problem is how to estimate the duration of stay of
this vehicle. If under estimated, the computing resources
will be under-utilized. If over estimated, the vehicle may
no be able to finish the task before leaving the group.
In conventional cloud computing, the connections among
the computing nodes are relative stable, thus it’s accept-
able to simply drop unfinished tasks. However, in v-
clouds, since the vehicles keep establishing connections,
joining groups, leaving groups, and disconnecting over
and over, simply dropping unfinished tasks will waste
lots of computing resources and cause high network
overhead (there may be large amounts of unfinished tasks
need to be re-allocated, re-computed, and re-submitted
again by other vehicles in a short time period). The
estimation of duration of stay in a group is difficult to
be addressed due to the difficulties of predicting the
next actions of a vehicle accurately. Therefore, a more
interesting problem would be how the vehicle hand over
the unfinished, encrypted task to some other vehicles in
v-cloud environments without bring too much overhead.
Another example is related to file replication to ensure
availability of information. With respect to this example,
an important issue is determining how many copies of a
shared file should be distributed in v-cloud so that other
vehicles can keep accessing this file even if many vehicles
are offline (out of communication range, parked and off,
etc.) at the same time.
B. Authentication
It is critical for vehicles to verify the identities of other
vehicles in v-clouds. Without knowing vehicles’ identities, it
is not possible to determine whether a vehicle is a legal node
and what kind of role the vehicle serve as. The authentication
protocols should be designed specifically to fit the unique
characteristics of v-clouds:
•Compared to other scenarios, it is harder for vehicles to
establish a secure channel with other vehicles or servers
in v-clouds. It is very difficult to find an entity in v-clouds
that can be fully trusted. In many cases, the messages in
v-clouds have to pass through several intermediary vehi-
cles to reach the target destination. Thus those messages
are more likely to be monitored, modified, or duplicated
by other vehicles. The authentication protocol should be
designed specifically to better prevent those kinds of
attacks.
•Vehicles that form the self-organized cloud have stronger
privacy requirements than the network nodes in a con-
ventional cloud. Many sensitive information, such as
location, vehicle status, and driver’s biometric data, are
critical for the normal operation of the v-cloud system.
Thus, it is almost inevitable to collect, storage, and
process large amounts of private data in v-clouds. Without
strong privacy protection, vehicle owners will worry that
their identities could be disclosed or their movements
could be tracked by others, which will discourage them
from participating.
These two seemingly conflicting requirements are difficult
to address in v-clouds when there is not a central cloud vendor
or a single fully trusted party.
C. Authorization
The highly dynamic network topology makes the design of
access control mechanisms for the v-cloud very challenging:
•The dynamic and heterogeneous nature of v-clouds makes
it difficult to enforce access policies. A vehicle may leave
a group of vehicles and join another group of vehicles
over and over, thus the vehicle’s role and applied policy
may be changed frequently. Furthermore, as discussed
in Section II.A, depending on the different application
scenarios, surrounding environments, and the driver’s
status, autonomous vehicles in v-clouds may move at
different automation levels. It is necessary for the access
control protocol to enforce the policies under varying
contexts.
•The resources the vehicle can access may change fre-
quently. Based on the context, such as the location, speed,
moving direction, etc., the resources that a vehicle can

access may change quickly and frequently. For example,
in group A, a vehicle may serve as head node and can
access road conditions of vehicles in the same group,
while in group B, it may serve as video buffering
node and can only access video data in its own storage
device. Existing access control mechanisms need major
extensions to fit such dynamic environments.
•To protect privacy, the authorization mechanism should
be able to enforce the access policies without revealing
vehicles’ real identities and other sensitive information.
As mentioned above, it is critical to take privacy into
account when designing v-cloud systems. On one hand, in
many scenarios, such as a road safety enhancing scenario,
the evaluation of the access control policy should base on
vehicles’ information, such as running parameters, sur-
rounding buildings, drivers’ biometric data, etc. However,
on the other hand, the exposure of that information could
easily lead to privacy information leakage. How one can
assure the data owner (resource lender) that his/her data
(resources) shared in v-clouds will not be accessed or
tampered with by unauthorized parties without knowing
other vehicles’ real identities and other sensitive informa-
tion is a challenging problem needs to be addressed.
•The authorization process needs to be completed within
stringent time constraints. In v-clouds, the verification
of access rights needs to be completed within stringent
time constraints, which is often not a major concern for
other types of networks. For example, to avoid collision,
a vehicle may need to communicate with another vehicle
moving on the opposite side of the road. The connection
establishment, identity authentication, and access rights
verification between those two vehicles must be done
in seconds. Moreover, if emergencies come up, such as
one vehicle hit ice on the road, additional permissions on
the data which may not be accessible in normal scenario
should be granted to another vehicle in milliseconds. Any
delay in verifying the access rights may cause serious
consequences.
D. Information Trustworthiness Assessment
In v-clouds, each vehicle should be able to instantly tell
whether the information processed by the vehicular cloud is
trustworthy. One of the reasons is that wrong actions taken
based on erroneous information may not be undone. For
example, the effect of a detour cannot be undone because a
driver in the snowstorm who took a detour based on deceptive
information may become stuck in a worse traffic jam without
the ability to return to the correct route. The design of suitable
techniques for information trustworthiness evaluation in v-
clouds requires addressing challenges:
•It is difficult to build reputation profiles of message
senders in v-clouds. Several reputation systems developed
in social network environments evaluate the trustworthi-
ness of information based on the reputation of the mes-
sage sender. However, in v-clouds, even if an individual
keeps reputation profiles of vehicles that he has traveled
along with, such database may not be useful since the
individual may not come across the same vehicles again
in the future. Moreover, the reputation of the senders may
also lead to privacy leakages.
•Even if an entity is trustworthy and honestly forwarded a
received message, it still necessary to determine whether
the message itself is correct. The reputation of the
message sender may just associate the messages with
high or low trustworthiness. However, in many scenarios,
the messages received by a vehicle should be correctly
reflect physical aspects of the “real-world”. For example,
to avoid a collision, a vehicle should be able to verify
whether the received information about another vehicle’s
speed, direction and location is correct, so as to make a
correct decision such as slow down, speed up, or take an
emergency brake.
•The information trustworthiness assessment process
should be executed so to comply (possibly very) stringent
time constraints. The time performance of the trustwor-
thiness assessment is critical both in v-clouds and in
other fields. However, in v-clouds, the connections among
vehicles are not very stable. The differences in moving
speed and direction raise many issues. For example,
the connection between two vehicles may keep off and
on, the message routing through several intermediary
vehicles may cause high transmission delays, the head
vehicle of a cluster of vehicles may be to busy to handle
large numbers of many verification requests, etc. How
to conduct the trustworthiness evaluation under stringent
time requirements is still a very challenging problem.
IV. STATE OF T HE ART
Approaches proposed to address the issues of v-clouds can
be classified into the four main categories:
A. Vehicular Cloud Computing Architectures
1) Basic Supporting Architecture: Many approaches have
been proposed for functions supporting the organization, con-
nectivity, and management in v-clouds. Lin et al. in [22] pro-
posed a routing solution that delivers messages in VANETs us-
ing the pure vehicle-to-vehicle communication. In this routing
protocol, vehicles are formed and maintained as moving zones
based on their location, speed, and direction, and messages
are delivered through multiple moving zones, without any re-
liance on the infrastructures. Combining the characteristics of
geographic-based routing protocol with cluster-based routing
protocol, Abuashour et al. in [1] proposed three algorithms:
cluster-based life-time routing protocol (CBLTR), intersec-
tion dynamic VANET routing (IDVR) protocol, and control
overhead reduction algorithm to improve the performance of
message routing in VANETs. From a different perspective,
Sun et al. in [36] focus on buses moving in the urban areas
and utilize them to deliver messages in vehicular networks.
By utilizing the simulated annealing algorithm and neural
networks, Bagherlou et al. in [7] proposed a clustering-based
reliable routing algorithm. In this method, the cluster head

is optimally selected based on the node parameters so as to
provide a higher packet delivery rate. In order to further reduce
the cost of cluster formation, Zhang et al. in [46] proposed
a multi-hop passive clustering algorithm for VANETs. In this
algorithm, vehicles are organized by the priority neighborhood
following mechanism, and the most stable node is passively
selected as the cluster head (CH) in the N-hop range (the
distance between the CH and the cluster members must be
less than or equal to N). To handle the mobility, high density,
sparse connectivity, and heterogeneity of vehicular networks,
Wu et al. in [40] proposed two techniques: (1) the decen-
tralized moving edge which focuses on computation and data
caching, and (2) the multi-tier multi-access edge clustering
which utilizes hierarchical clustering to support efficient com-
munication between vehicles. Since many vehicular networks
rely on roadside infrastructures, Wu et al. in [41] proposed a
vehicle-to-roadside communication protocol. In this protocol,
a fuzzy logic algorithm is used to generate stable clusters
and improve the network performance. Considering the data
dissemination in dynamic vehicular networks, Wu et al. in
[42] proposed a robust data scheduling protocol based on a
fair allocation of channel resources to ensure the stability and
fairness.
As we can see, to provide the basic support, clusters play
an important role in the organization, communication, and
management in v-clouds. By selecting appropriate cluster
headers, it is feasible to form clusters reliably and route
messages efficiently. The head node of a cluster can serve as
the coordinator of a group of vehicles to support the resource
sharing, task allocation, and result aggregation in vehicular
cloud computing as well.
2) Vehicular Cloud Computing Architecture: As discussed
in Section II and shown in Fig. 4, based on the mobility,
formation and maintenance scenarios, v-cloud computing ar-
chitectures can be classified into three major types:
•Stationary v-cloud: The stationary v-cloud is typically
formed by vehicles which are still and at rest in parking
lots. To utilize those idle vehicular resources, Arif et
al. in [4] envisioned a vehicular cloud which takes the
cars in long-term parking lots of an international airport
as storage nodes and forms an airport datacenter. To
address the problem for allocating computation tasks
more specifically, Vignesh et al. in [37] proposed a
communication protocol to form a stationary v-cloud and
support communication among vehicles so as to provide
value-added services. Considering that the infrastructure
of communication and computation are far from per-
fect, Hou et al. in [9] took the view of vehicles as
the infrastructure. They put the underutilized, stationary
vehicles into use to support vehicular cloud computations.
Since the vehicles are parked and off, to save the battery
run time, the computing power and the time length
of providing services must be limited. Otherwise, the
vehicles have to be plugged into power outlet which will
make the system less practical.
•Infrastructure-based v-cloud: Although it is a good
Parking Lots
(a) Stationary v-clouds
(b) Infrastructure-based v-clouds
RSU RSU
(c) Dynamic v-clouds
Captain
Member Me mb er
Member
Fig. 4. Main types of vehicular cloud computing architectures
idea to utilize the idle resources in a stationary v-
cloud, in most v-cloud applications, such as road safety
enhancing and automated driving management applica-
tions, the moving vehicles have to be involved in the
vehicular clouds. To solve this problem, utilizing road-
side infrastructures, such as base stations and RSUs, is
an effective approach for connecting and coordinating
those moving vehicles. In [45], Yu et al. proposed a
hierarchical cloud architecture for vehicular networks.
In this approach, the roadside cloud plays an important
role for vehicles to access the cloud, and the vehicles
need to keep selecting new nearby roadside cloudlets and
customizing new transient clouds while moving along the
road. Similarly, Midya et al. in [27] proposed a three-
layer vehicular cloud architecture in which the WiMAX
base stations are equipped with computation units and
responsible for providing services to authorized users.
•Dynamic v-cloud: Infrastructures, such as RSUs, can be
instrumental in the formation, maintenance, task alloca-
tion of v-clouds. However, RSUs would be expensive
to deploy and are not expected to be widely available
soon. Moreover, in the event of a disaster, such an

earthquake or a hurricane, the infrastructures may be
damaged. A heavy reliance on infrastructures may greatly
undermine the v-cloud availability. The dynamic v-cloud,
which is self-organized by vehicles via vehicle-to-vehicle
communications, is a very promising for reducing in-
frastructure reliance and handling emergency response.
An efficient architecture for dynamic v-clouds is based
on election protocols by which vehicles are selected in
order to serve as the cloud brokers. Such an approach
mediates the resource allocation processes and other
cloud computing tasks. Arkian et al. in [5] proposed a
cluster-based vehicular cloud architecture which selects
vehicle as cluster head to serve as cloud controller which
is responsible for the initialization and maintenance of the
vehicular clouds. Although the RSUs are still necessary
for providing connectivity between the central cloud and
vehicle cluster head, the reliance on the infrastructure
has been reduced. To further reduce the reliance on
the infrastructures, Azizian et al. in [6] proposed a
model for efficient data delivery in v-clouds. In this
model, autonomous vehicles are self-organized into non-
overlapping clusters, and vehicular clouds are established
accordingly and dynamically. Then, the data collected by
mounted sensors is treated as service (data-as-a-service)
and can be delivered and processed by the members and
heads of the vehicular clouds. Based on the pure vehicle-
to-vehicle communication, Meneguette et al. in [26] de-
veloped an allocation and search resource mechanism
for the v-clouds. In this mechanism, vehicles are self-
organized into clusters as well, and the collaborations are
established so as to manage and share the resources in
v-clouds.
The security and privacy issues in the stationary v-cloud
can be treated similarly as in the conventional cloud, while the
infrastructure-based cloud requires the pervasive deployment
of RSUs which may not happen in the near future due
to high costs. For the dynamic v-cloud, very few v-cloud
architectures have been proposed. How to reduce the reliance
on the infrastructures, improve the efficiency and stability
of the operations in v-clouds, such as resource sharing, task
allocation, etc. are still an open research problem that needs
to be better addressed.
B. Authentication Protocols
1) Authentication Protocols in VANETs: Existing vehicular
authentication protocols are mostly designed for VANETs
which may not consider the functions (e.g., resource man-
agement and task allocation) offered by the v-clouds. Those
authentication protocols can be classified into three major
categories: (1) pseudonym-based protocols, (2) group-based
protocols, and (3) hybrid protocols.
•Pseudonym-based protocols: The basic idea of
pseudonym-based authentication protocols is to equip
each vehicle with a huge pool of pre-assigned certificates
to be used for different rounds of communication.
Wang et al. in [38] proposed a two-factor authentication
Vehicle i
Real ID: Alice Pseudonym: Kate
Pseudonym: Bob
Pseudonym: Jim
1. High message authentication overhead
2. Privacy isn’t fully preserved
Vehicle i
Vehicle j
Vehicle …
Cluster Head Road Side Unit
Cluster j
Heavily rely on some sort of infrastructure such
as road side units
Identity Management
Authority
Fig. 5. Comparison between Pseudonym-based Protocol and Group-based
Protocol in VANETs
protocol to VANETs. To improve security and privacy,
the message-authentication-code (MAC) and one-way
hash operations are used to authenticate multiple
users of one single vehicle while providing strong
privacy preservation and DoS resilience. Zhang et al.
in [49] proposed a distributed aggregate authentication
protocol based on their multiple trusted authority
identity-based aggregate signature technique. In this
protocol, the one-time pseudonym-private key pairs can
be generated locally, and the root trusted authority (TA)
can recover the real identity of the vehicles if necessary.
Jiang et al. in [14] proposed a privacy preserving
authentication protocol which uses Homomorphic
encryption to generate randomized identities so as
to prevent vehicles from being tracked. Pournaghi et
al. in [30] proposed an efficient authentication which
provides secure communications in VANETs. This
protocol combines tamper-proof device (TPD) schemes
and RSUs based schemes to generate pseudo-identity
with vehicle’s real identity to sign messages by this
pseudo-identity and its corresponding key. To reduce
the reliance on RSUs, Kang et al. in [16] proposed
an efficient randomized authentication which does not
need the server to generate pseudonyms every time
and does not require the availability of RSUs in the
authentication phase. Many pseudonym-based protocols
achieve different degrees of improvement over the key
revocation problem. However, in most of these protocols,
the identity management authority is required to maintain
the certificates associated with each vehicle so as to
retrieve the vehicles’ real identities when disputes occur.
The checking process of the similarly huge pool of

revoked certificates is time-consuming, and the identity
issuer can easily track a vehicle if the real identities of
the vehicles are not been properly hidden; hence, the
vehicles’ privacy is not fully preserved.
•Group-based protocols: A large number of group-
based protocols have been developed based on a group-
signature scheme. By utilizing the group signature, Kong
et al. in [17] proposed an incentive framework which
can support mutual verification between the leader and
follower vehicles in v-clouds. To decrease the burden of
TA, Shao et al. in [34] proposed a threshold anonymous
authentication protocol which adopts decentralized group
model and develops a new group signature scheme so
as to release TA from generating group certificates,
free OBUs from having to retrieve the revocation list,
and provide efficient traceability and message linkability.
Considering the high computation cost of the bilinear-
pairing and elliptic curve in many implementations, Islam
et al. in [12] utilize cryptographic general hash function
and propose a password-based authentication and group-
key generation protocol for VANETs with conditional
privacy preservation. To reduce the reliance on the in-
frastructure, Kang et al. in [15] proposed a secure and
lightweight identity management system. Based on the
self-organized vehicle clusters, after registration phase,
the vehicles in this system does not need to rely on
any infrastructure during V2V authentications. In those
approaches, by means of a group signature, each vehicle
can judge whether the message received is from its
group members without knowing the members of its
group. However, these group-based protocols achieve
only conditional privacy in that the vehicles’ locations
and identities are kept private from other member vehicles
but are still known to the group coordinators.
•Hybrid protocols: To overcome the drawbacks of
the pseudonym-based protocols and group-based proto-
cols, in [31], a hybrid approach which combines the
pseudonym-based protocol with group-based approaches
was proposed by Rajput et al. for privacy-preserving
authentication in VANETs. In this protocol, a vehicle
does not need to be involved in the certificate revoca-
tion list management and group management, and the
pseudonyms can serve as trapdoors in order to provide
conditional anonymity.
2) Authentication Protocols in Vehicular Clouds: Although
there are some authentication protocols for VANETs which can
be used to support authentication among entities in v-clouds,
a specialized design is still necessary to better utilize the
functions offered by the v-clouds. Park et al. in [29] proposed
a pseudonymous authentication for vehicle-to-infrastructure
communication in v-clouds. They designed a pseudonym-
based service access token management mechanism to allow
only legitimate vehicles to connect to cloud service through
RSUs while protecting the privacy of vehicles. Xie et al.
in [43] proposed an efficient message authentication scheme
in which vehicles should be registered at TA first, then obtain
pseudonyms for identity verification and message signing
purpose while preserving privacy information. By combining a
pseudonym-based protocol and a group-based protocol, Zhang
et al. in [48] has proposed a secure and privacy-preserving
communication scheme. In this scheme, an authentication
protocol was proposed to allow a group of vehicles to form
a VC, verify the legality of the message sender securely and
anonymously. Without using the pseudonym-based protocol
and group-based protocol, in [13], an integrated authentication
and key agreement framework was proposed to support mutual
authentication among users, VC, and conventional cloud.
However, it is not a privacy-preserving protocol since the
honest-but-curious cloud servers in this framework may still
cause privacy leakage. In addition, since some of the existing
authentication schemes usually require complex cryptographic
operations, there is still room for improving the efficiency in
v-cloud authentication.
C. Access Control Mechanisms for Vehicular Clouds
Access control is a challenging task in the v-cloud due to
its unique characteristics. Existing centralized access control
approaches developed for closed domains, such as databases
and operating systems, or approaches used in conventional
cloud systems cannot be applied to the v-cloud because of
the lack of a central monitor in the v-cloud. The highly
dynamic network topology in the v-cloud makes it extremely
challenging to track data stored in multiple moving vehicles.
Moreover, the access control mechanism in the v-cloud also
needs to meet stringent time constraints due to the high
mobility of vehicles. Otherwise, vehicles may already move
out of the communication range before the authorization is
completed, which can severely affect the availability of the
v-cloud services. For a specific application, under the v-
cloud advertisement dissemination setting, Hong et al. in [18]
proposed a secure and privacy-preserving incentive mechanism
which utilize the RSUs to perform access control for the
responding vehicles. Based on the hierarchical attribute-based
encryption (ABE) technique, Huang et al. in [11] proposed
a secure and efficient message access control and authentica-
tion scheme, called SmartVeh, to achieve fine-grained access
control while maintaining the anonymity of the vehicles. Since
this scheme still has relative high computational complexity in
the key generation phase, Luo et al. in [24] further proposed a
multi-authority ciphertext-policy attribute-based access control
protocol which provides attribute revocation mechanism and
can prevent static corruption of the authorities (a scenario that
the adversaries can only corrupt authorities statically, while
key queries are made adaptively [19]).
D. Trustworthiness Evaluation
The previously discussed authentication and authorization
techniques would discourage most vehicles from misbehaving
as malicious vehicles can be traced. However, they are still
not sufficient to fully prevent malicious behavior in the case
of attackers that do not care whether they are caught later

on. A survey on approaches for evaluating the trustworthiness
of messages disseminated in VANETs can be found in [47].
Some approaches estimate the trustworthiness of information
based on trustworthiness of the message sender. In [35],
Son et al. proposed a new cryptographic approach to the
trustworthiness management problem in VANETs. To evaluate
the trustworthiness, a reputation management server is used to
issue session secrets, verify reputation values and accumulate
evaluation messages. The approach is similar to the ones used
for reputation systems developed for social networks. Based
on one’s reputation, other users can determine whether the in-
formation he/she provides is trustworthy. However, reputation
is established over a period of time and a relatively stable
network, and neither of these exists in VANETs. Moreover,
even if an entity is trustworthy and has honestly forwarded
messages it has received, we still do not know whether the
message itself is correct. Therefore, it would be more effective
to directly evaluate the content of the message. One well
known approach is by Raya et al. [32]. Their approach relies
on the availability of trust scores of individual evidence (i.e.,
messages) related to an event. However, they do not provide
any specific function to compute such trust scores, but mainly a
framework of factors to be considered. By assuming that these
trust scores are known, they used several techniques (e.g.,
voting, Bayesian inference) to evaluate trustworthiness of the
event. Huang et al. in [10] proposed a privacy-preserving trust-
based verifiable vehicular cloud computing scheme, named
PTVC. In this protocol, the vehicles are selected based on rep-
utation to form temporary vehicular clouds, and the user can
verify the correctness of computation results without privacy
leakage. However, the malicious behaviors may still happen if
the attacker does not follow the protocol honestly. To address
these problems, Mudengudi et al. in [28] proposed an agent-
based intelligent architecture which can establish trust among
vehicles in vehicular cloud. Yavuz et al. in [44] proposed a
structure-free and compact real-time authentication (SCRA)
which can not only support authentication in networks, but
also support the computation and verification of the digital
signatures on messages with real-time constraints. By shifting
the expensive operations of signature generation phase to the
key generation phase, they combine pre-computed signatures
in a very efficient way so as to provide fast authentication
on messages for v-clouds. Limbasiya et al. in [21] proposed
a secure message confirmation scheme which utilizes tamper-
proof devices to sign and deliver messages, and uses the RSUs
to verify received messages by using bath verification. Since
many such approaches rely on RSUs, they may not suitable
for dynamic v-cloud with limited infrastructure reliance. Thus
many issues need to be addressed for the design of trustwor-
thiness evaluation techniques suitable for v-clouds.
V. OP EN RESEARCH PRO BL EM S
In the following, we discuss some open research problems
in v-clouds.
A. Secure Vehicular Cloud Computing Architecture
The underlying foundation of the secure v-cloud computing
architecture is the organization of continuously moving vehi-
cles to form a network that enables these independent vehicles
to collaborate with one another efficiently, securely and stably.
As discussed in Section IV, although many approaches have
been proposed to form vehicle groups and support collabora-
tions across vehicles, research is needed to enhance the secu-
rity of v-clouds. More specifically, to design a secure vehicular
cloud computing architecture, a number of interrelated security
mechanisms should be developed supporting several critical v-
cloud tasks, including:
•V-cloud initialization: When vehicles first log into a
VANET, vehicles should be able to exchange hello mes-
sages with neighboring vehicles, register themselves with
cluster head / RSUs / TA and obtain necessary informa-
tion such as pseudonyms, key pairs, random seeds, etc. In
the initialization phase, vehicles may need to join groups
formed by RSUs or other vehicles, basic topology needs
to be built, and important secure connections should be
established. All of those steps need to be well designed
so as to support the following operations.
•V-cloud operations: When vehicles in the v-cloud start
using the v-cloud services, there are many operations
need to be performed. To maintain the stable and efficient
vehicular network, we should consider how to handle the
splitting, merging, re-allocation of the groups, how to
routing messages efficiently, how to move a vehicle from
one group to another smoothly, etc. For the vehicular
cloud computing, there are many issues need to be
addressed as well. For example, to allocate computing
task to a vehicle, we have to consider whether this vehicle
is in the center of a group of vehicles or will leave soon,
what kind of sensors this vehicle has, if the automation
level suitable for receiving this task or not, the current
speed and direction of this vehicle, the most possible
action it will take in next seconds, etc. To design a good
v-cloud computing architecture, there are much more
details need to be considered so as to meet the unique
characteristics of v-clouds.
•V-cloud management: The management is very impor-
tant to make the v-cloud more applicable. For the security
purpose, the authority should be able to reveal vehicles’
real identities, recover the snapshot of the topology in
an area so as to identify the attackers. It’s a useful
but challenging task in v-clouds because the connections
among vehicles change rapidly and frequently, store that
information could increase the workload significantly.
Moreover, the more management data recorded, the more
possible that the user privacy will be violated. In addition,
the architecture should be able to support changing the
running mode of the v-clouds. For example, if there is
a traffic accident happened, the police may need to set
the vehicles in a given range into an emergency mode so
that those vehicles can re-schedule the resources to sup-

port the application for safety enhancing. When holding
large scale events, such as Olympic Games, the v-cloud
should allow the organizer to upload the locations, time
schedules, and traffic policies thus the vehicles can adjust
their algorithms to optimize the network, enhance security
and improve dependability. If disasters happened, such as
earthquake, flood, and hurricane, the infrastructures might
be damaged or destroyed, the authority should be able to
change the v-clouds into an emergency mode so that the
vehicles could minimise the use of the RSUs. There are
many existing, adequate solutions for traditional clouds
and mobile clouds, however, in v-clouds, we still have lots
of works to do to provide easy and efficient management
to make the v-clouds more practical.
B. Privacy-preserving Authentication in Vehicular Clouds
Privacy-preservation is critical to the authentication of the
v-clouds. If the sensitive information collected, stored and
processed on the nodes (vehicles, infrastructures, and servers)
is not well protected, the attacker may be able to steal them
and perform attacks not only to v-clouds, but also to other
systems. In traditional scenarios, there are many existing
methods, such as splitting information into different parts,
then store and process these parts in several honest-but-curious
servers to reduce the risk of privacy leakage. However, in
v-clouds, the infrastructures are expensive and not expected
to be deployed widely soon. To reduce the reliance on the
infrastructures, the authentication procedure should be carried
out via pure vehicle-to-vehicle communication, or at least, by
relying on the connectivity provided by pure vehicle-to-vehicle
communication. Thus, it is hard to ensure all the vehicles
are honest. How to perform authentications among untrusted
entities while preserving privacy is an open problem.
C. Privacy-preserving Access Control in Vehicular Clouds
To design the privacy-preserving access control in v-clouds,
there are many aspects need to be considered:
•Composing privacy-preserving access control policies:
At the user vehicle side, the first step is to compose
the access control policies that specify which vehicles
are allowed to perform what actions on what part of
the data to be stored or processed in the v-cloud. The
challenge is that the user vehicle should not know the
real identities of the lender vehicles during the policy
composition or be able to track the lender vehicles during
the data processing so that the lender vehicles’ privacy is
preserved.
•Constructing data-policy package: After the policies
are composed, one way for the user vehicles to control
the data stored in the v-cloud is constructing data-policy
packages. How to construct a data-policy package that
tightly couples data items with the corresponding access
control policies, how to transmit them in the v-cloud and
ensure that any access to the data is allowed by the access
control policy, and how to make sure that any access to
the data will trigger automatic logging actions for future
auditing, have all problems to be addressed.
•Distributed and automatic authentication and autho-
rization: How to design an access control mechanism
that allows the lender vehicle use a different new random
ID for authentication and authorization each time it needs
to access or process the user data in order to preserve the
lender vehicle’s privacy is an open problem to be solved
as well.
D. Real-time Message Content Validation
To add another layer of dependability assurance to the v-
cloud through instant validation of message trustworthiness,
the trust model should consist of two major components: (1)
message classifier; and (2) message content validator.
•Message classifier: In v-clouds, one vehicle may receive
multiple messages with different, and possibly contrasting
information from different vehicles during a short period
of time. Moreover, these messages may be related to
different events occurring at different places as well.
A message classifier module needs to be designed to
identify messages belonging to the same event so as better
evaluate the trustworthiness of messages.
•Message validation: It is necessary to identify the factors
that may have impact on message trustworthiness, model
them and integrate their scores to generate an overall
trustworthiness score that can easily be used by end
users when making decisions. In v-clouds, a vehicle may
receive several messages in response to a query on traffic
conditions, and those messages may seem to conflict
with one another. The trustworthiness evaluation system
(installed on the vehicle’s onboard unit) should be able to
help analyze these messages by clustering them into two
groups and examining the content similarity and conflicts
as well as routing path similarity. Then, the system should
be able to calculate the trust scores of the messages and
return them as the suggestion (see [20] and [33] for
relevant approaches).
VI. CONCLUSION
The integrated sensors, computing units, storage devices,
and communication systems make possible for autonomous
vehicles to enhance road safety, reduce traffic pressure and
improve the driving experience. To utilize the rich resources
in autonomous vehicles, the emerging v-cloud is a promising
solution. The dynamic and heterogeneous nature of vehicles,
the lack of central authority, the high mobility of network
nodes and stringent time constraints raise several issues that
need to be addressed in the design of v-cloud systems. In this
paper, we focus on the unique characteristics of v-clouds and
analyze the challenges in their design. Then we survey the
state-of-the-art approaches to the architecture, authentication,
access control and trustworthiness evaluation in v-clouds.
Finally, we discuss the open research problems regarding the
management, security, and dependability of v-clouds.

REFERENCES
[1] Ahmad Abuashour and Michel Kadoch. Performance improvement of
cluster-based routing protocol in vanet. IEEE Access, 5:15354–15371,
2017.
[2] Zubaida Alazawi, Saleh Altowaijri, Rashid Mehmood, and Mohmmad B
Abdljabar. Intelligent disaster management system based on cloud-
enabled vehicular networks. In ITS Telecommunications (ITST), 2011
11th International Conference on, pages 361–368. IEEE, 2011.
[3] James M Anderson, Kalra Nidhi, Karlyn D Stanley, Paul Sorensen,
Constantine Samaras, and Oluwatobi A Oluwatola. Autonomous vehicle
technology: A guide for policymakers. Rand Corporation, 2014.
[4] Samiur Arif, Stephan Olariu, Jin Wang, Gongjun Yan, Weiming Yang,
and Ismail Khalil. Datacenter at the airport: Reasoning about time-
dependent parking lot occupancy. IEEE Transactions on Parallel and
Distributed Systems, 23(11):2067–2080, 2012.
[5] Hamid Reza Arkian, Reza Ebrahimi Atani, Abolfazl Diyanat, and
Atefe Pourkhalili. A cluster-based vehicular cloud architecture with
learning-based resource management. The Journal of Supercomputing,
71(4):1401–1426, 2015.
[6] Meysam Azizian, Soumaya Cherkaoui, and Abdelhakim Hafid. An
optimized flow allocation in vehicular cloud. IEEE Access, 4:6766–
6779, 2016.
[7] Hosein Bagherlou and Ali Ghaffari. A routing protocol for vehicular ad
hoc networks using simulated annealing algorithm and neural networks.
The Journal of Supercomputing, pages 1–25, 2018.
[8] Azzedine Boukerche and E Robson. Vehicular cloud computing:
Architectures, applications, and mobility. Computer Networks, 2018.
[9] Xueshi Hou, Yong Li, Min Chen, Di Wu, Depeng Jin, and Sheng Chen.
Vehicular fog computing: A viewpoint of vehicles as the infrastructures.
IEEE Transactions on Vehicular Technology, 65(6):3860–3873, 2016.
[10] C. Huang, R. Lu, H. Zhu, H. Hu, and X. Lin. Ptvc: Achieving privacy-
preserving trust-based verifiable vehicular cloud computing. In 2016
IEEE Global Communications Conference (GLOBECOM), pages 1–6,
Dec 2016.
[11] Qinlong Huang, Yixian Yang, and Yuxiang Shi. Smartveh: Secure and
efficient message access control and authentication for vehicular cloud
computing. Sensors, 18(2):666, 2018.
[12] SK Hafizul Islam, Mohammad S Obaidat, Pandi Vijayakumar, Enas
Abdulhay, Fagen Li, and M Krishna Chaitanya Reddy. A robust and
efficient password-based conditional privacy preserving authentication
and group-key agreement protocol for vanets. Future Generation
Computer Systems, 84:216–227, 2018.
[13] Qi Jiang, Jianbing Ni, Jianfeng Ma, Li Yang, and Xuemin Shen.
Integrated authentication and key agreement framework for vehicular
cloud computing. IEEE Network, 32(3):28–35, 2018.
[14] Wei Jiang, Feng Li, Dan Lin, and Elisa Bertino. No one can track you:
randomized authentication in vehicular ad-hoc networks. In Pervasive
Computing and Communications (PerCom), 2017 IEEE International
Conference on, pages 197–206. IEEE, 2017.
[15] Jian Kang, Yousef Elmehdwi, and Dan Lin. Slim: Secure and lightweight
identity management in vanets with minimum infrastructure reliance. In
International Conference on Security and Privacy in Communication
Systems, pages 823–837. Springer, 2017.
[16] Jian Kang, Dan Lin, Wei Jiang, and Elisa Bertino. Highly efficient
randomized authentication in vanets. Pervasive and Mobile Computing,
44:31–44, 2018.
[17] Qinglei Kong, Rongxing Lu, Hui Zhu, Abdulrahman Alamer, and
Xiaodong Lin. A secure and privacy-preserving incentive framework
for vehicular cloud on the road. In Global Communications Conference
(GLOBECOM), 2016 IEEE, pages 1–6. IEEE, 2016.
[18] Qinglei Kong, Rongxing Lu, Hui Zhu, and Maode Ma. Achieving
secure and privacy-preserving incentive in vehicular cloud advertisement
dissemination. IEEE Access, 6:25040–25050, 2018.
[19] Allison Lewko and Brent Waters. Decentralizing attribute-based encryp-
tion. In Annual international conference on the theory and applications
of cryptographic techniques, pages 568–588. Springer, 2011.
[20] Hyo-Sang Lim, Yang-Sae Moon, and Elisa Bertino. Provenance-based
trustworthiness assessment in sensor networks. In Proceedings of the
7th Workshop on Data Management for Sensor Networks, in conjunction
with VLDB, DMSN 2010, Singapore, September 13, 2010., pages 2–7.
ACM, 2010.
[21] Trupil Limbasiya and Debasis Das. Secure message confirmation scheme
based on batch verification in vehicular cloud computing. Physical
Communication, 2018.
[22] Dan Lin, Jian Kang, Anna Squicciarini, Yingjie Wu, Sashi Gurung, and
Ozan Tonguz. Mozo: a moving zone based routing protocol using pure
v2v communication in vanets. IEEE Transactions on Mobile Computing,
16(5):1357–1370, 2017.
[23] Todd Litman. Autonomous vehicle implementation predictions. Victoria
Transport Policy Institute Victoria, Canada, 2017.
[24] Wei Luo and Wenping Ma. Efficient and secure access control scheme
in the standard model for vehicular cloud computing. IEEE Access,
6:40420–40428, 2018.
[25] Tesnim Mekki, Issam Jabri, Abderrezak Rachedi, and Maher ben Je-
maa. Vehicular cloud networks: Challenges, architectures, and future
directions. Vehicular Communications, 9:268–280, 2017.
[26] Rodolfo I Meneguette and Azzedine Boukerche. Servites: An efficient
search and allocation resource protocol based on v2v communication
for vehicular cloud. Computer Networks, 123:104–118, 2017.
[27] Sadip Midya, Asmita Roy, Koushik Majumder, and Santanu Phadikar.
Multi-objective optimization technique for resource allocation and task
scheduling in vehicular cloud architecture: A hybrid adaptive nature
inspired approach. Journal of Network and Computer Applications,
103:58–84, 2018.
[28] Shailaja S Mudengudi and Mahabaleshwar S Kakkasageri. Establishing
trust between vehicles in vehicular clouds: An agent based approach.
In Smart Technologies For Smart Nation (SmartTechCon), 2017 Inter-
national Conference On, pages 529–533. IEEE, 2017.
[29] Yougho Park, Chul Sur, and Kyung-Hyune Rhee. Pseudonymous
authentication for secure v2i services in cloud-based vehicular networks.
Journal of Ambient Intelligence and Humanized Computing, 7(5):661–
671, 2016.
[30] Seyed Morteza Pournaghi, Behnam Zahednejad, Majid Bayat, and
Yaghoub Farjami. Necppa: A novel and efficient conditional privacy-
preserving authentication scheme for vanet. Computer Networks,
134:78–92, 2018.
[31] Ubaidullah Rajput, Fizza Abbas, Hasoo Eun, and Heekuck Oh. A hybrid
approach for efficient privacy-preserving authentication in vanet. IEEE
Access, 5:12014–12030, 2017.
[32] Maxim Raya, Panagiotis Papadimitratos, Virgil D Gligor, and J-P
Hubaux. On data-centric trust establishment in ephemeral ad hoc
networks. In INFOCOM 2008. The 27th Conference on Computer
Communications. IEEE, pages 1238–1246. IEEE, 2008.
[33] Mohsen Rezvani, Aleksandar Ignjatovic, Elisa Bertino, and Sanjay Jha.
Secure data aggregation technique for wireless sensor networks in the
presence of collusion attacks. IEEE Transactions on Dependable and
Secure Computing, 12:98–110, 2015.
[34] Jun Shao, Xiaodong Lin, Rongxing Lu, and Cong Zuo. A threshold
anonymous authentication protocol for vanets. IEEE Transactions on
vehicular technology, 65(3):1711–1720, 2016.
[35] Junggab Son, Donghyun Kim, HyungGeun Oh, Dongsoo Ha, and Won-
jun Lee. Toward vanet utopia: A new privacy preserving trustworthiness
management scheme for vanet. In Big Data and Cloud Computing
(BDCloud), Social Computing and Networking (SocialCom), Sustainable
Computing and Communications (SustainCom)(BDCloud-SocialCom-
SustainCom), 2016 IEEE International Conferences on, pages 301–308.
IEEE, 2016.
[36] Gang Sun, Yijing Zhang, Dan Liao, Hongfang Yu, Xiaojiang Du, and
Mohsen Guizani. Bus trajectory-based street-centric routing for message
delivery in urban vehicular ad hoc networks. IEEE Transactions on
Vehicular Technology, 2018.
[37] Narayanan Vignesh, Rengaraj Shankar, Sundararajan Sathyamoorthy,
and V Mary Anita Rajam. Value added services on stationary vehicular
cloud. In International Conference on Distributed Computing and
Internet Technology, pages 92–97. Springer, 2014.
[38] Fei Wang, Yongjun Xu, Hanwen Zhang, Yujun Zhang, and Liehuang
Zhu. 2flip: a two-factor lightweight privacy-preserving authentica-
tion scheme for vanet. IEEE Transactions on Vehicular Technology,
65(2):896–911, 2016.
[39] Md Whaiduzzaman, Mehdi Sookhak, Abdullah Gani, and Rajkumar
Buyya. A survey on vehicular cloud computing. Journal of Network
and Computer applications, 40:325–344, 2014.
[40] Celimuge Wu, Zhi Liu, Di Zhang, Tsutomu Yoshinaga, and Yusheng Ji.
Spatial intelligence toward trustworthy vehicular iot. IEEE Communi-
cations Magazine, 56(10):22–27, 2018.

[41] Celimuge Wu, Tsutomu Yoshinaga, Yusheng Ji, and Yan Zhang.
Computational intelligence inspired data delivery for vehicle-to-
roadside communications. IEEE Transactions on Vehicular Technology,
67(12):12038–12048, 2018.
[42] Libing Wu, Youhua Xia, Zhibo Wang, and Hao Wang. Be stable and
fair: Robust data scheduling for vehicular networks. IEEE Access, 2018.
[43] Yong Xie, Fang Xu, Dong Li, and Yu Nie. Efficient message au-
thentication scheme with conditional privacy-preserving and signature
aggregation for vehicular cloud network. Wireless Communications and
Mobile Computing, 2018, 2018.
[44] Attila Altay Yavuz, Anand Mudgerikar, Ankush Singla, Ioannis Papa-
panagiotou, and Elisa Bertino. Real-time digital signatures for time-
critical networks. IEEE Transactions on Information Forensics and
Security, 12(11):2627–2639, 2017.
[45] Rong Yu, Yan Zhang, Stein Gjessing, Wenlong Xia, and Kun Yang.
Toward cloud-based vehicular networks with efficient resource manage-
ment. IEEE Network, 27(5):48–55, 2013.
[46] Degan Zhang, Hui Ge, Ting Zhang, Yu-Ya Cui, Xiaohuan Liu, and
Guoqiang Mao. New multi-hop clustering algorithm for vehicular ad
hoc networks. IEEE Transactions on Intelligent Transportation Systems,
(99):1–14, 2018.
[47] Jie Zhang. A survey on trust management for vanets. In Advanced in-
formation networking and applications (AINA), 2011 IEEE international
conference on, pages 105–112. IEEE, 2011.
[48] Lei Zhang, Xinyu Men, Kim-Kwang Raymond Choo, Yuanfei Zhang,
and Feifei Dai. Privacy-preserving cloud establishment and data dissem-
ination scheme for vehicular cloud. IEEE Transactions on Dependable
and Secure Computing, (1):1–1, 2018.
[49] Lei Zhang, Qianhong Wu, Josep Domingo-Ferrer, Bo Qin, and Chuanyan
Hu. Distributed aggregate privacy-preserving authentication in vanets.
IEEE Transactions on Intelligent Transportation Systems, 18(3):516–
526, 2017.
[50] Dimitrios Zissis and Dimitrios Lekkas. Addressing cloud computing
security issues. Future Generation computer systems, 28(3):583–592,
2012.