A semi-decentralized security framework for Connected and Autonomous Vehicles

With the fast evolution of vehicle networks, Connected and Autonomous Vehicles (CAVs) are mobile devices that are not only used for transportation but also form part of other promising technologies such as the internet of vehicles and cyber-physical systems. Despite the benefits of CAVs, exposing in-vehicle networks to external devices can lead to different privacy and security challenges. Due to scalability, efficiency, and dynamic communication requirements, the security between in-vehicle networks with external devices cannot fully rely on the vehicle's external third parties. In this paper, we propose a semi-decentralized fine-grained security framework based on Ciphertex-Policy Attribute-Based Encryption (CP-ABE) to secure the communication of in-vehicle network's Electronic Control Units (ECUs) with vehicle's external connected device. Our approach's fine-grained access control is based on the attributes of external devices connected to different subsystems inside the vehicle. Each subsystem inside the vehicle has full control of the access policy during the vehicle's operation. Therefore, our proposed approach has a flexible and dynamic key management suitable for future CAVs. Finally, the experiment of our framework validates its feasibility for implementation.