Vehicular communication via V2X networks significantly improves road safety, but is vulnerable to data manipulation, which can lead to serious incidents. To address this threat, misbehavior detection systems (MBDs) have been developed to detect such misbehavior. In order to enhance the detection of data manipulation, trust assessment in V2X networks has recently gained increasing attention. Trust assessment takes into account the output of various security mechanisms such as MBDs or Intrusion Detection Systems (IDSs) to detect misbehavior. One particular challenge in trust assessment is the appropriate quantification of the output of these security mechanisms into trust opinions. In this paper, we propose a trust quantification methodology that transforms the output of an MBD into a subjective logic opinion. Furthermore, we apply a hyperparameter optimization approach to determine the optimal parameter set for an MBD. Our evaluation using three MBD variants shows that the optimization approach significantly increased the detection-performance of all MBDs. The MBD variant that used the optimization approach and our proposed trust quantification methodology achieved the best performance, increasing the F1 score by over 13% compared to other state-of-the-art MBD variants analyzed in this work.

Zero Trust Architectures have recently attracted a lot of interest in the network community. However, access control is often not extending into client devices. In this paper, we propose an extension of Zero Trust Policy Enforcement Points that integrates a device agent to expand the zero trust security model to client devices. We have developed a generalized framework that integrates with multiple compartmentalization technologies, ensuring the isolation of processes and enforcement of network policies while maintaining application and user authentication. This approach minimizes the attack surface of malicious processes, as our Zero Trust Device Agent manages compartment lifecycles based on their behaviour within the network and integrates into the global access control framework, thereby improving the overall security of zero trust architectures.

Future vehicles and infrastructure will rely on data from external entities such as other vehicles via V2X communication for safety-critical applications. Malicious manipulation of this data can lead to safety incidents. Earlier works proposed a trust assessment framework (TAF) to allow a vehicle or infrastructure node to assess whether it can trust the data it received. Using subjective logic, a TAF can calculate trust opinions for the trustworthiness of the data based on different types of evidence obtained from diverse trust sources. One particular challenge in trust assessment is the appropriate quantification of this evidence. In this paper, we introduce different quantification methods that transform evidence into appropriate subjective logic opinions. We suggest quantification methods for different types of evidence: security reports, misbehavior detection reports, intrusion detection system alerts, GNSS spoofing scores, and system integrity reports. Our evaluations in a smart traffic light system scenario show that the TAF detects attacks with an accuracy greater than 96% and intersection throughput increased by 42% while maintaining safety and security, when using our proposed quantification methods.

Vehicular communication via V2X networks increases road safety, but is vulnerable to data manipulation which can lead to serious incidents. Existing security systems, such as misbehavior detection systems, have limitations in detecting and mitigating such threats. To address these challenges, we have implemented a software prototype of a Trust Assessment Framework (TAF) that assesses the trustworthiness of received V2X data by integrating evidence from multiple trust sources. This interactive demonstration illustrates the quantification of trust for a smart traffic light system application. We demonstrate the impact of varying evidence coming from a misbehavior detection system and a security report generator on the trust assessment process. We also showcase internal processing steps within our TAF when receiving new evidence, up to and including the eventual decision making on the trustworthiness of the received V2X data.