IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. 16, NO. 9, SEPTEMBER 2020 6203 TrustE-VC: Trustworthy Evaluation Framework for Industrial Connected Vehicles in the Cloud Mohammad N. Aladwan, Feras M. Awaysheh , Sadi Alawadi, Mamoun Alazab , Senior Member, IEEE, Tomás F. Pena , Senior Member, IEEE, and José C. Cabaleiro Abstract—The integration between cloud computing and vehicular ad hoc networks, namely, vehicular clouds (VCs), has become a significant research area. This integration was proposed to accelerate the adoption of intelligent transportation systems. The trustworthiness in VCs is ex- pected to carry more computing capabilities that manage large-scale collected data. This trend requires a security evaluation framework that ensures data privacy protection, integrity of information, and availability of resources. To the best of our knowledge, this is the first study that proposes a robust trustworthiness evaluation of vehicular cloud for security criteria evaluation and selection. This article proposes three-level security features in order to develop effectiveness and trustworthiness in VCs. To as- sess and evaluate these security features, our evaluation framework consists of three main interconnected compo- nents: 1) an aggregation of the security evaluation values of the security criteria for each level; 2) a fuzzy multicriteria decision-making algorithm; and 3) a simple additive weight associated with the importance-performance analysis and performance rate to visualize the framework findings. The evaluation results of the security criteria based on the aver- age performance rate and global weight suggest that data residency, data privacy, and data ownership are the most pressing challenges in assessing data protection in a VC environment. Overall, this article paves the way for a se- cure VC using an evaluation of effective security features and underscores directions and challenges facing the VC community. This article sheds light on the importance of Manuscript received August 19, 2019; revised November 9, 2019 and December 18, 2019; accepted January 6, 2020. Date of publication January 13, 2020; date of current version May 26, 2020. This work was supported in part by the Ministry of Education, Culture, and Sport, Gov- ernment of Spain under Grant TIN2016-76373-P, in part by the Xunta de Galicia Accreditation 2016–2019 under Grant ED431G/08 and Grant ED431C 2018/2019, and in part by the European Union under the Euro- pean Regional Development Fund. Paper no. TII-19-3810. (Mohammad N. Aladwan and Feras M. Awaysheh are co-first authors.) (Correspond- ing author: Mamoun Alazab.) M. N. Aladwan, F. M. Awaysheh, T. F. Pena, and J. C. Cabaleiro are with the Centro Singular de Investigación en Tecnoloxías Intelix- entes, University of Santiago de Compostela, 15782 Santiago de Compostela, Spain (e-mail: m.alseran@gmail.com; feras.awaysheh@ usc.es; tf.pena@usc.es; jc.cabaleiro@usc.es). S. Alawadi is with the Department of Computer Science and Media Technology - Internet of Things and People Research Center, Depart- ment of Computer Science and Media Technology, Malmö University, 20506 Malmö, Sweden (e-mail: sadi.alawadi@mau.se). M. Alazab is with the College of Engineering, IT and Environ- ment, Charles Darwin University, Casuarina NT 0810, Australia (e-mail: alazab.m@ieee.org). Color versions of one or more of the figures in this article are available online at https://ieeexplore.ieee.org. Digital Object Identifier 10.1109/TII.2020.2966288 security by design, emphasizing multiple layers of security when implementing industrial VCs. Index Terms—Decision-making (DM), industrial con- nected vehicles (CVs), industrial Internet of Things (IIoT), security analysis, security by design, vehicular clouds (VCs). I. INTRODUCTION T HE vast amount of data generated by the Internet of Things (IoT), especially vehicular ad hoc networks (VANETs), needs a scalable resource, which can be provided by cloud computing on a rental basis. Accordingly, the cloud has attracted the most significant interest in IoT-based applications [1], [2], particularly vehicular clouds (VCs) [3]. The transmitted data in such a realm should be located securely throughout the whole life cycle to guarantee high data privacy. Security is a crucial aspect of spreading the adoption of cloud capabilities among industrial connected vehicles (CVs) [4] and industrial cyber-physical systems [5], [6]. In this regard, security by design can mitigate many of these imposed challenges [7]. Without adequately addressing this concern, a VC would not gain the clients’ trustworthiness and, hence, acceptance. This facility can be achieved by regularly evaluating the security components of the VC to put together an adequate plan of improvement. However, a dedicated work that evaluates the trustworthiness of this framework remains an open challenge. When a cloud-based CV system is realized, significant secu- rity concerns should be considered [8]–[10]. Security features (criteria) are not equal, which means that they should not be gov- erned and managed at the same level. It is essential to note the im- portance of creating a shared understanding of security-related criteria and be able to assign priorities based on each security criteria impact and potential for mitigation. These considerations include security by design of the system and utilization of underlying security technologies and services. This research captures security services used in industrial CVs that describe the VC security items and relationships among them. It also presents landscape techniques to define security gaps (distance from an ideal point of security) and best practices. This article aims at facilitating the realization of vehicles securely connected to cloud computing in an industrial environment. First, we analyze the security criteria of data analytics in VC computing and propose three-level security evaluation elements. Namely, Level 1 consists of six common security criteria (CSCs). Level 2 consist of ten security control components (SCCs). Level 3 1551-3203 © 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See https://www.ieee.org/publications/rights/index.html for more information. Authorized licensed use limited to: UNIVERSIDADE DE SANTIAGO. Downloaded on July 13,2020 at 10:31:32 UTC from IEEE Xplore. Restrictions apply.