Continuous and Efficient Cooperative Trust Management for Resilient CCAM
CONNECT addresses the convergence of security and safety in Cooperative, Connected and Automated Mobility (CCAM) by assessing dynamic trust relationships and defining a trust reasoning framework based on which involved entities can establish trust for cooperatively executing safety-critical functions. This will enable both a) cyber-secure data sharing between data sources in the CCAM ecosystem that had no or insufficient pre-existing trust relationship, and b) outsourcing tasks to the MEC and cloud in a trustworthy way. Beyond the needs of functional safety, trustworthiness management should be included in CCAM’s security functionality solution for verifying trustworthiness of transmitting stations and infrastructure. CONNECT will build upon and expand the Zero Trust concept to tackle the issue of how to bootstrap vertical trust from the application, the execution environment and device hardware from the vehicle up to MEC and cloud environments. This includes measuring the system when instantiating network functions and determining the integrity and origin of software. Trusted Execution Environments (TEEs), as sw- or hw-based security elements, will be essential to establish a verifiable chain of trust throughout the entire application stack of the host vehicle, as well as protecting data in transit, at rest and in use. By coupling the Zero Trust security principle with the need of “Never Trust, Always Verify”, CONNECT bootstraps vertical trust for all users, devices and systems in the CCAM ecosystem by enabling continuous authorization and authentication prior to be granted access to data or resources. Through TEEenabled “Chip-to-Cloud” assurances and verifiable chain of trust, CONNECT reaches its full potential: not only does it mitigates risks stemming from the Zero Trust CCAM environment but also ensures resilience. This can make CONNECT the cornerstone of future smart transportation as it will usher new levels of safety and connectivity and bring vehicles even close to autonomy.
In the CONNECT project, ICCS is represented by one of its Research Groups, the I-SENSE Group. I-SENSE experts will lead (in WP5) the design of the offloading decision-making logic as well as the implementation of relevant CONNECT mechanisms to shift demanding security functions towards the infrastructure (whether MEC or cloud locations). Towards that end, ICCS will contribute software tools utilizing management and network orchestration (MANO) capabilities. Further contributions will be made to the identification of system requirements and architectural design (WP2) as well as in the demonstration of the CONNECT research results (WP6) and their dissemination (WP7) to the research community.

