A Survey of Trust Management in the Internet of Vehicles

: Over the past decade, the groundbreaking technological advancements in the Internet of Vehicles (IoV) coupled with the notion of trust have attracted increasing attention from researchers and experts in intelligent transportation systems (ITS), wherein vehicles establish a belief towards their peers in the pursuit of ensuring safe and efﬁcacious trafﬁc ﬂows. Diverse domains have been taking advantage of trust management models in the quest of alleviating diverse insider attacks, wherein messages generated by legitimate users are altered or counterfeited by malicious entities, subsequently, endangering the lives of drivers, passengers, and vulnerable pedestrians. In the course of vehicles forming perceptions towards other participating vehicles, a range of contributing parameters regarding the interactions among these vehicles are accumulated to establish a ﬁnal opinion towards a target vehicle. The signiﬁcance of these contributing parameters is typically represented by associating a weighting factor to each contributing attribute. The values assigned to these weighting factors are often set manually, i.e., these values are predeﬁned and do not take into consideration any affecting parameters. Furthermore, a threshold is speciﬁed manually that classiﬁes the vehicles into honest and dishonest vehicles relying on the computed trust. Moreover, adversary models as an extension to trust management models in order to tackle the variants of insider attacks are being extensively emphasized in the literature. This paper, therefore, reviews the state of the art in the vehicular trust management focusing on the aforementioned factors such as quantiﬁcation of weights, quantiﬁcation of threshold, misbehavior detection, etc. Moreover, an overarching IoV architecture, constituents within the notion of trust, and attacks relating to the IoV have also been presented in addition to open research challenges in the subject domain.


Introduction
Recently, the number of vehicles on the road are increasing at an exponential rate and it is anticipated to reach up to 2.8 billion by 2036 [1]. Owing to such a momentous increase in the number, several issues, including but not limited to, traffic congestion and road accidents have transpired. According to the World Health Organization, the major cause of mortality among the population aged 5-29 years is via road accidents and the total number of road fatalities is nearly 1.3 million every year globally [2]. This creates a high demand for innovative and sophisticated traffic management systems. The continued expansions and advancements in connected vehicles are revolutionizing the notion of transportation by further enhancing intelligent transportation systems (ITS) to improve traffic throughput and road safety by reducing traffic congestion and the risk of road accidents [3,4]. These systems rely on acquisition, analysis, and processing of the immense volume of sensor data associated with the embedded sensors in modern vehicles. These sensors exchange information with other internal sensors and sensors in their immediate ambience utilizing the notion of the Internet of Things (IoT), wherein the interconnecting devices exchange data about themselves and their surroundings to form intelligent networks [5]. It is estimated that about 152,200 IoT devices will be connecting to the Internet per minute, subsequently, increasing the data volume up to 73.1 ZB in 2025 [6,7]. Furthermore, a single car has nearly a 100 sensors embedded and according to an estimate, it can generate approximately 380 TB-4.9 PB of data annually [8]. The information shared among the onboard sensors (e.g., position, speed/velocity, pressure, temperature sensors, etc.) and IoT devices (e.g., traffic speed and density sensors, road cameras, etc.) assists in real-time traffic management by creating a true perception of the road and the traffic network [9].
Over the past few decades, researchers from both academia and industry have invested great efforts into technological advancements of mobile ad hoc networks (MANETs), wherein mobile devices create on the fly, self-organizing, and dynamic networks by communicating with one another without any communication infrastructure [10][11][12][13]. MANETs evolved over time and one of the advanced flavors of it, vehicular ad hoc networks (VANETs), was introduced whereby peer vehicles share information with one another [14,15]. Vehicles, in cooperation with the transportation infrastructure, engage in vehicle-to-everything (V2X) communication composed of a variety of communication forms primarily including vehicle-to-vehicle (V2V), vehicle-to-sensor (V2S), vehicle-to-pedestrian (V2P), and vehicle-to-infrastructure (V2I) communications [16]. The V2X communication is integral in materializing the Internet of Vehicles (IoV), an amalgamation of VANETs and the IoT, also known as IoT on wheels [17,18]. IoV is indeed a breakthrough in the context of both non-safety and safety-critical vehicular applications. It can serve as a bridge between the conventional media (i.e., radio, broadcast television) and the social media (i.e., infotainment applications) as smart connected vehicles offer a platform for the passengers to generate and request mobile media content [19,20]. Figure 1 depicts the notion of V2X communications in an IoV network. The V2X communication coupled with the aforementioned sensor embedded vehicles' capabilities helps improve traffic management and road safety by generating collision warnings, emergency brake notifications, hazard warnings, obstacle warning, and traffic congestion warnings [21]. Due to the sensitive nature of these applications, it is crucial that the exchanged information is secure and reliable. However, such messages are vulnerable to attacks where dishonest vehicles can counterfeit safety messages and introduce delays in the transmission resulting in accidents and loss of human lives [22]. The presence of even a single malicious vehicle can cause great damages, and therefore, it is of great importance to identify and eradicate such vehicles from within the network. Cryptography-based solutions have been widely proposed to eliminate misbehavior from the network; however, these techniques are only applicable for outsider attackers. With the aim to eradicate insider misbehaving entities from the vehicular network, the notion of trust has been introduced, wherein vehicles evaluate their peers (i.e., the evaluator, commonly known as the trustor, and the one being evaluated, referred to as a trustee or a target node) based on their behavior and the information disseminated by them in the network.
The development of trust management models helps prevent exchange of counterfeited data as well as eliminate the sources dispersing such data, consequently, ensuring safe, reliable, and efficacious traffic flows. Trust management models are classified into three categories [23]: (i) data-centric, wherein the authenticity of the exchanged messages is the primary focus; (ii) entity-centric, wherein the credibility of the vehicles exchanging the information is emphasized; and (iii) hybrid, wherein the legitimacy of both data and vehicles is considered. The said data and/or entity evaluations rely on a variety of attributes associated with the interactions among a pair of vehicles. In addition to interaction-based attributes, social parameters based on the driver (e.g., age, driving license score, and driving age), and his/her behavior (e.g., number of speeding tickets, number of traffic accidents, and number of traffic violations) are often taken into consideration as well to reflect a driver's honesty as drivers are usually the deciding authorities when it comes to driving-related critical decisions. While aggregating these attributes to compute a final trust score, an arithmetic mean of the said attributes is calculated which insinuates an equal importance of each of these contributing attributes on the final trust value. Conversely, weights reflecting the importance of individual attributes are associated with respective attributes during the aggregation process. Once the final trust is computed, a steady predefined threshold is applied to identify malicious vehicles, i.e., vehicles possessing a trust score greater than the said threshold are categorized as trustworthy vehicles, whereas vehicles having a trust value below the defined threshold are tagged as malicious. Furthermore, trust management models are often designed with targeted attack resistant models such as man-in-the-middle attack, Sybil attack, bad-mouthing attack, on-off attack, black-hole attack, etc. [24][25][26][27].

Motivations and Contributions
The employment of trust management schemes prevents vehicles from exchanging fake safety messages and help eradicate nodes dispersing counterfeited information by computing data and entity-based trust scores relying on trust attributes to guarantee safe and reliable traffic flows. Weights are assigned to these trust attributes to reflect their respective influence on the trust computation and a threshold is specified to identify dishonest vehicles based on the calculated trust scores. Defining precise values for the weights associated with the contributing attributes and the steady threshold is extremely challenging. Moreover, it is of considerable importance to evaluate the performance of the envisaged trust management models against diverse attacks by introducing attack specific adversaries. This survey provides a comprehensive review of the state-of-theart in vehicular trust management employing diverse computational domains, including but not limited to, Bayesian inference, blockchain, machine learning, and fuzzy logic. Furthermore, the survey presents a comparison among the said trust management models in respect of the evaluation tools, quantification of weights, misbehavior detection, attack resistance, and quantification of threshold. Table 1 presents a comparison of the recently published surveys on the vehicular trust management vis-à-vis the current work. The table depicts that the recently published surveys do not account for the trust aggregation process (i.e., the trust attributes and the quantification of weights associated with them) and lack the discussion on the computational methodologies employed for trust evaluation. Considering these challenges, we summarize the salient contributions of this survey as follows:

1.
We provide an overarching background of the IoV architecture along with a comprehensive discussion on the notion of trust (and its indispensable constituents) and some major attacks that can transpire on an IoV network;

2.
We review the state of the art in the vehicular trust management with a focus on some key factors, including but not limited to, quantification of weights, quantification of threshold, and misbehavior detection; 3.
We identify and subsequently discuss the open research challenges in the subject domain.  Figure 2 depicts the taxonomy of the survey at hand. The rest of this paper is organized as follows. Section 2 provides necessary background of the IoV architecture. Section 3 discusses the notion of trust and its constituents. Section 4 presents a comprehensive review of the existing state-of-the-art trust management models. Section 5 discusses the open challenges in the subject domain. Finally, Section 6 offers concluding remarks.

Internet of Vehicles: A Layered Architecture
The layered hierarchy of the Internet of Vehicles is similar to that of the Internet of Things as smart vehicles are connected to other vehicles and smart infrastructure to share data over the Internet. Figure 3 depicts the layered IoV architecture.

Data Source Layer
Nearly 100 sensors are embedded in modern vehicles, and it is anticipated that these sensors will increase to approximately double in number expeditiously [31]. These diverse sensors acquire data from the immediate ambience of the vehicle, which combined with the information gathered by V2V, V2R, and V2P communications belong to the data source layer. Due to the limited processing capability of a vehicle, only a limited volume of these data are processed at this layer.

Edge Layer
Owing to the critical nature of the vehicles' and traffic related information, the processing and analysis of the immense volume of the data gathered by the sensors and V2X communications need to be achieved in real-time. Accordingly, an edge layer is introduced to further process such data without incurring the cloud-related delays by utilizing the same sensor embedded smart vehicles, infrastructure or gateway devices.

Fog Layer
This layer, just like the edge layer, is introduced to reduce the dependence on cloud for data analysis. The fog layer accomplishes further processing of data at a local level utilizing intermediate networking infrastructure, V2I communications, Wi Fi, LAN, etc., consequently, ensuring prompt decision-making and preventing latency issues which might have transpired by relying only on cloud for all the processing [32].

Cloud Layer
This layer encompasses big data storage and cloud servers for storage and extensive computation of the massive volume of data which cannot be processed at the preceding layers. Due to the latency issues introduced by the cloud, the data that is not critical for expeditious decision-making, e.g., data required for high-end applications such as traffic navigation systems and traffic flow monitoring systems, is analyzed on this layer.
Vehicular networks are susceptible to attacks due to the dynamic topology and high mobility. To prevent the vehicular networks against the insider attacks, the notion of trust is introduced.

Towards the Notion of Trust
Most experts, irrespective of domain, conceptualize trust as a certain degree of risk, vulnerability, or uncertainty, and it establishes an expectation regarding the way an entity might behave in future [33]. Trust is a multifarious abstraction which relies entirely on the subject's perceptive. In psychology, trust is often defined as the degree of likelihood of an individual's anticipation/expectation towards another (i.e., a peer) with regards to the peer's conduct on which one's welfare relies [34,35]. Trusting reflects the belief of a trustor that the trustee will not exploit the trustor for its (i.e., the trustee's) benefit, the trustee will not exhibit malicious behavior towards the trustor and is inclined to sacrifice for the trustor, and that the trustee is capable of acting for the benefit of the trustor [35,36]. In sociology, it is believed that reciprocity and cooperation in social interactions or voluntary associations derive trust [37]. In economics, having confidence on the business associates' reliability and integrity, and on the transactions among them is defined as trust. Furthermore, given the nature of online businesses with no physical interaction among the trading parties and with the products, trust plays a significant role in reducing risks associated with business transactions and information asymmetry, and allows acclaimed sellers to achieve price premiums [34,38].
Trust, as a tactic to enhance the security, has been used with a variety of interpretations by researchers in computer science. It is said to be the belief of a trustor on the reliability of a target node with an aim to achieve a trust objective under certain conditions [39]. In other words, trust is the perception of an evaluator regarding the character, relying on past interactions with a target entity and/or the opinions of the trustworthy nodes [40]. We define trust as the confidence of a trustor towards a trustee based on the past experiences among the two and the recommendations received from the trustor's neighbors regarding the trustee. Most, if not all, of the trust management models discussed in this article are (more or less) using similar definitions of trust.

Components of Trust
The notion of trust relies on the quality of interactions between two entities usually encompassing these components [41]:

Direct Trust
Direct trust exhibits the direct observations of a trustor on a target vehicle, relying on the interactions among the two [42]. Some researchers use the term knowledge to define the direct information gathered by the trustor to evaluate the trustee utilizing certain parameters relying on the participating nodes and the services [43]. It is believed that the significance of direct trust exceeds the indirect trust, however, the amalgamation of both is taken into consideration while assessing a vehicle [31]. Figure 4 delineates direct and indirect trust among vehicles.

Indirect Trust
Indirect trust manifests the opinions of the neighboring/trusted entities of a trustor regarding the target node (trustee), taking into account the past experiences with the node in question. Some researchers use the amalgamation of reputation and experience to explain indirect observation. Reputation accumulates all the past experiences with a target node to depict a global opinion regarding that node, whereas experience is a correlation among the trustor and the trustee relying on the belief of the trustor regarding the degree of confidence on the trustee to carry out a task [39].

Attributes of Trust
A variety of influencing trust attributes are considered while computing the abovementioned trust components:

Similarity
Similarity relates to the degree of similar content and services among any two vehicles. In the literature, similarity among the messages or vehicles is often taken as the Euclidean distance, the direction of movement of two nodes, i.e., cosine similarity, or the positioning based trajectory similarity [44][45][46].

Familiarity
Familiarity manifests how familiar/acquainted two vehicles are with one another. A high familiarity score reflects considerable prior knowledge of the evaluator regarding the trustee. This feature is adapted from social networks where more familiarity leads to a greater level of trust in interpersonal relations [47].

Timeliness
Timeliness delineates how recent the interaction among two vehicles is and is computed by taking into account the current time instance and the instance when the interaction took place [48]. It is of paramount significance to maintain the timeliness of data and the trust scores, as the outdated information reflects an obsolete trust value that can lead to dire repercussions [49].

Packet Delivery Ratio
The packet delivery ratio is the degree of how well a trustor is connected to the trustee. In the literature, it is often defined as the packet forwarding rate among nodes and is considered as the sole parameter to compute the direct trust towards a trustee. Furthermore, it is also regarded as a primary objective and core criterion while designing trust models and identifying malicious behavior, respectively [49][50][51].

Co-Work Relationship
Co-work relationship describes the interactions relying on the services instead of the physical proximity. Analogous to social networks, two nodes exhibit a working association when a node offers a service needed by the other and it can be computed through a comparison of multicast interactions [52].

Cooperativeness
Cooperativeness defines the willingness of a node to collaborate with its peers for improved network operations. This feature is of great significance to maintain stability in a vehicular network, consequently, incentives are introduced in order to promote cooperative behavior among different vehicles in a network [52][53][54].

Duration of Interactions
Duration depicts the length of the interaction among two nodes. It is presumed that considerably long interactions lead to better collaboration among entities which result in development of a much higher trust level. This is because the longer the interaction is, the more an entity can learn regarding the other's conduct and capability [52].

Frequency of Interactions
Frequency is the measure of how often the trustor and the trustee interact with each other. Every time a pair of nodes interact, they get an opportunity to acquire information concerning each other's communication and behavioral patterns which result in more accurate trust computations [52].

Categories of Trust Management Models
Vehicular trust management models are generally categorized in three groups, namely data-centric, entity-centric, and hybrid trust management models:

Data-Centric Trust Management Models
This category of trust management models focuses mainly on the accuracy and legitimacy of the information shared among vehicles. This information primarily includes reports and warnings regarding an event. The data-oriented trust models evaluate the honesty of every incident, therefore, delays and data loss may be experienced in case of dense traffic scenario. Conversely, these trust models do not perform satisfactorily in information sparsity due to the lack of enough evidence. It is believed that in this category, the participating entities do not hold long-term trust associations [31,40,55]. Numerous data focused trust management schemes have been proposed in the existing research works, wherein (i) the trust level of the data is assessed by associating weights to the reports (i.e., regarding an event) shared by neighboring vehicles. The associated weights rely on the time and location proximity of a vehicle with regards to the reported event, i.e., a vehicle in the close proximity of an event will have more up-to-date and credible information regarding that event [56], or (ii) the trust level of the message is assessed by considering content conflict and similarity, and the similarity in routing path. Subsequently, a trust value reflecting the probability of the message being authentic is assigned to every exchanged message [57].

Entity-Centric Trust Management Models
This category of trust management models emphasizes on the reliability of the participating vehicle by utilizing the sender's reputation and neighbor recommendations towards it. Therefore, sufficient data is required regarding the originator of the message and its neighboring vehicles for accurate assessment which is rather complicated considering the highly mobile nature of vehicular networks. It is believed that the authenticity of the messages could be an issue as there is no guarantee that the messages originated/sent by the honest vehicles could not be corrupted [40]. Several entity focused trust management schemes have been proposed in the existing research works, wherein (i) the trust score of every vehicle is evaluated amalgamating direct and indirect trust scores prior to electing a cluster head. The vehicle having a trust score greater than a predefined threshold is classified as a trustworthy vehicle, or else, it is categorized as a malicious one [58,59], or (ii) to prevent the network from selecting a malicious vehicle as the data forwarding agent, an aggregated score for vehicles is computed based on the amalgamation of a vehicle's current level of trustworthiness, its cooperativeness, and the recommendation of the last hop. The highest scoring vehicle is selected as the relay vehicle for data dissemination [60].

Hybrid Trust Management Models
This category of trust management models encompasses both the data and the entitybased trust evaluation, i.e., authenticity of the exchanged data, neighbor's recommendation towards the trustee and its (i.e., trustee's) reputation are taken into account. In other words, the honesty of an event is reflected by the trustworthiness of the sender vehicle. An extensive literature review suggests that numerous hybrid trust management models have been presented, wherein (i) both node and data trust are evaluated and performance is evaluated in the presence of dishonest nodes that counterfeit safety-critical information in addition to advertising false trust rating to deceive the trustworthy vehicles into trusting corrupt information [61], or (ii) both node and data trust are assessed to guarantee reliable data exchange among entities and authenticity of the data disseminated by these entities. The final trust computation aggregates the weighted trust score based on a vehicle's cooperation with its peers, and the weighted trust value reflecting the quality of data sent by the vehicle to its neighbor [62].

Categories of Attacks
The highly mobile and dynamic nature of the vehicular networks, and the lack of pervasive infrastructure lead to the vulnerability against numerous attacks classified according to their demeanor, nature, and the extent of the damage caused by them as:

Active Attack
The attackers in an active attack originate counterfeited messages or alter the contents of legitimate messages. It is rather easy and inexpensive to detect such attacks; however, they are not easy to avoid. The main objective of these attacks is to modify network operations and would need to implement physical security measures to be prevented [63].

Passive Attack
Passive attacks are launched to gain insight into the target node without altering the message content. The primary purpose of such attacks is to acquire disseminated data from the network and are harder to detect as they do not disrupt network operations. In passive attacks, the attackers do not take part in the network communications and encrypting data can help avoid these attacks [63,64].

Malicious Attack
Malicious attacks are initiated with a purpose to harm the participating nodes of the network instead of benefiting from the attacks. Such attacks can be awfully destructive and are regarded as extremely dangerous. In some cases, malicious attacker may drop or spread bogus safety-critical information endangering the safety of the drivers, passengers, and pedestrians [65].

Selfish Attack
Unlike malicious attackers, selfish attackers aim for personal gain from the attack, e.g., to preserve their resources by not relaying the received messages. This indicates a considerably low collaboration rate among vehicles. Incentive-based techniques are often employed to prevent selfish behaviors and encourage cooperation among vehicles [66].

Insider Attack
Insider attacks are launched by legitimate users of the network, i.e., the users who have already cleared the authentication phase and are a part of the network in question. Due to their knowledge of the network, the attackers are able to launch attacks rather easily. To mitigate such attacks, trust management is introduced in the networks.

Outsider Attack
In contrast to insider attacks, outsider attacks are executed by nodes that do not have a direct access to the authorized nodes of the network. The attackers do not possess prior knowledge of the network and so these attacks are relatively less damaging. Cryptographybased techniques are often employed to prevent such attacks.
The attacks falling under the aforementioned categories include but are not limited to:

Man-in-the-Middle Attack
Man-in-the-middle attack occurs when a dishonest vehicle intercepts and/or alters the data exchanged among honest vehicles. The said data may contain safety-critical information, e.g., a blind intersection warning, and altering or counterfeiting such messages threatens the lives of the drivers, passengers and the pedestrians [24].

Sybil Attack
When a malicious vehicle disrupts the network applications by claiming or stealing multiple identities, the attack is known as a Sybil attack. It can be used to deceive other vehicles into believing that there is a road congestion by showing a higher number of vehicles than actually exists on the road [25].

Bad-Mouthing and Ballot Stuffing Attack
Trust management models employing neighbor recommendations towards the target vehicle as a part of trust computations can fall victim to bad-mouthing attacks. In these attacks, dishonest vehicles collude to harm the reputation of a vehicle by providing unfair negative ratings for it. In ballot stuffing attacks, vehicles assign unfair positive ratings to a target vehicle to boost its reputation [26,67].

On-Off Attack
Dishonest vehicles do not necessarily depict malicious behavior persistently, instead, there are attackers who behave intelligently, i.e., they switch between honest mode (i.e., where they gain a higher trust score) and dishonest mode (i.e., where they launch an attack). Such attacks are known as on-off attacks and allow the intelligent attackers to cause damage without being tagged and evicted from the vehicular network [31].

Selective Behavior Attack
Analogous to on-off attacks, there might be a case where malicious vehicles behave maliciously (i.e., share counterfeited messages) with some nodes, whereas with other nodes, they behave honestly (i.e., share reliable information). This could result in contradictory trust scores (i.e., based on the direct or/and the indirect observation) assigned to a vehicle by its peers [68].

Black-Hole Attack
Black-hole attackers manipulate other vehicles to transmit data through them (i.e., the attackers) by advertising the route through them (i.e., the attackers) as the best route despite having no route to the desired destination. Once other vehicles send the data to these attackers, they create a blackhole by dropping the data sent towards them [27].
An illustration of Sybil attack, bad-mouthing attack, on-off attack, and selective behavior attack is depicted in Figure 5.

State-of-the-Art Trust Management in IoV
As a consequence of high dynamicity, vulnerable communications, and scarcity of pervasive intercommunication infrastructure, IoV is susceptible to attacks from both inside and outside the network. The dishonest vehicles counterfeit safety-critical data and often introduce transmission delays to disrupt vehicular services, consequently endangering the lives of drivers, passengers, and vulnerable pedestrians. During the past decade or so, trust management has been employed to ensure safe and reliable vehicular networks. This section depicts a comprehensive review of the literature on the trust management in vehicular networks categorized into six classes including: (1) traditional, (2) Bayesian inference-based, (3) blockchain-based, (4) deep/machine learning-based, (5) fuzzy logicbased, and (6) cryptography-based trust management models. Table 2 presents existing state-of-the-art trust management models in IoV.

Conventional Trust Models
Conventional or traditional trust management models are defined as widely accepted frameworks that function without requiring complex data analysis or statistical inference tools. In this subsection, recent research employing traditional trust management models has been discussed in detail [69][70][71][72][73].
Ahmad et al. [69] presented MARINE that detects malicious vehicles, i.e., vehicles launching man-in-the-middle attacks, and cancel their credentials. MARINE is a hybrid trust model that also considers the possibility of an honest vehicle to initiate a false message due to malfunctioning hardware and a malicious vehicle to generate a genuine message. The proposed model takes into account the node trust, data trust, vehicle-to-vehicle trust, and the infrastructure-to-vehicle trust. Node trust is computed by aggregating the past interactions with the target vehicle and the opinions of its neighbors, whereas the data trust is calculated by taking into account the quality of the data received, neighbors' recommendations and the ability of the vehicle to forward messages. While computing the vehicle-to-vehicle trust, every vehicle forms a positive report that includes the honest vehicles and a negative report including details about the dishonest vehicles. These reports are then conveyed to the Roadside Unit (RSU) which, on its part, computes the infrastructure-to-vehicle trust and updates the above-mentioned reports. The up-to-date reports are then shared with the neighboring nodes. The proposed model has been tested against three attack scenarios utilizing simulation of urban mobility (SUMO) and vehicles in network simulation (VEINS).
Suo et al. [70] proposed a distributed, and a centralized trust-based system where trust authorities and vehicles join forces to alleviate dishonest behavior in vehicles. Every vehicle informs the trusted authority regarding suspicious behavior. The trusted authority, on the basis of suspicious activity information received from different nodes, decides if the certificate issued to a particular vehicle should be revoked. The suggested system model addresses insider attacks and it is assumed that the adversary is capable of counterfeiting messages and disseminating them to the vehicles and roadside units in its vicinity via jeopardized vehicles. The trusted authority takes into account both the direct and the indirect interaction with the target vehicle. Different contributing parameters are assigned different context-based weightage while aggregating the trust score. The vehicles with higher trust scores have a higher impact on the trust establishment process. Both architectures, centralized and distributed, are evaluated using a python-based simulation for four different kinds of dishonest behaviors. The absence of a global perspective and the risk of over-trust are two of the main concerns regarding the distributed architecture mentioned by the authors.
Mahmood et al. [71] proposed a hybrid trust management model that amalgamates trust score and available resources of vehicles to compute a composite metric which is utilized to elect a cluster head and a proxy cluster head for a vehicular cluster. Available resources encompass the weighted sum of the measure of remaining power and bandwidth of a vehicle, whereas the trust score is an average of the direct and the indirect trust scores of a vehicle. Subsequently, vehicles with the highest and the second highest composite metric are elected as the cluster head and proxy cluster head, respectively, while the vehicles with a composite metric falling below a predefined threshold are classified as malicious vehicles. The performance evaluation of the proposed model has been carried out employing MATLAB.
Noorullah et al. [72] proposed a forwarding approach for critical information in vehicular social networks, wherein following the legitimacy verification of the emergency notification utilizing the information regarding the location and the social media of the source vehicle, significance of vehicles is computed to identify the vehicles most famous among their peers with the aim of rapid dissemination of the notification. The most well-connected vehicle is the one that shares interests, has common contacts, and is more similar in behavior to its peers. For computing a vehicle's reputation, its contribution in the network and the recommendations by its neighbors are taken into account, which is then utilized in calculating the trust value of that vehicle. The vehicles whose assigned trust values are close to the highest possible trust score are more likely to further improve their reputation and vice versa. Consequently, the dishonest vehicles will be isolated from the forwarding process. Accordingly, the emergency message is disseminated through the network utilizing the vehicle to vehicle and infrastructure communication. Simulations of the proposed scheme are carried out using VANETMobiSim and the performance evaluation metrics included the transmission rate, the propagation latency, the number of messages disseminated, the duration for which the emergency message will circulate in the network, and the number of vehicles selected for critical message dissemination.
Chuprov et al. [73] proposed a scheme to mitigate traffic management issues on the crossroads by identifying the vehicles sending illegitimate messages, wherein three parameters, truth, reputation, and trust, each having a value within [0,1], are computed to assess the legitimacy of the data sent by vehicles. Truth being the opinion regarding the legitimacy of the message exchanged by vehicles, reputation is defined as the temporal function of the truth value, and trust is the weighted aggregation of both of the above stated parameters. The computed trust score is compared with the predefined threshold and the vehicles having a trust score greater than the said threshold are considered trustworthy. The vehicle identified as the source of the misleading information, i.e., the untrustworthy vehicle, is isolated from interacting with its peer vehicles. The performance evaluation of the said system is conducted first by using a customized simulator and then the results are also validated utilizing hardware simulations based on an autonomous vehicle model developed by the authors.

Bayesian Inference-Based Trust Model
Bayesian inference employs Bayesian theory that delineates uncertainty of data-centric modeling and inference relying on probability and statistics [74]. Bayesian statistics utilize prior distribution for probabilistic distribution of parameters which is amalgamated with the likelihood function to generate posterior distribution [75]. This subsection comprises detailed discussions on recent research in vehicular trust management models utilizing Bayesian inference [76][77][78][79][80]. Zhang et al. [76] proposed a TrustRank algorithm-based trust management model that takes into consideration both local and the global trust of the vehicles. The local trust is computed by applying the Bayesian inference model to the past interactions of the vehicles. Once the local trust values are computed, a trust link graph is constructed. In order to calculate the global trust, social parameters based on the driver (e.g., age, driving license score, driving age, etc.), the vehicle (e.g., vehicle type, handling stability, breaking performance, etc.), and the behavior (e.g., number of speeding tickets, number of traffic violations, etc.) are combined with the local trust values and the previous global trust values before applying the TrustRank based algorithm. The most trustworthy vehicles named as the seed vehicles are identified using the PageRank algorithm which, subsequently, helps in determining the trust values of other vehicles. Simulations are performed using VEINS and the evaluation of the proposed model is measured using two performance metrics, i.e., true negative and true positive rates. Three different attacks have been considered while evaluating the system model, i.e., newcomer attack, on-off attack and collusion attack.
He et al. [77] envisaged a trust management scheme for enhancing the security of cognitive radio based VANETS and detected the JSSDT (i.e., joint spectrum sensing and data transmission) attackers that counterfeit reports and drop data in the spectrum sensing and transmission phases, respectively. While performing trust computations, an aggregation of weighted direct and indirect trust is calculated. The information regarding the neighboring vehicles' behavioral patterns is acquired, the neighbor trust is computed by employing techniques such as Bayesian inference, and is forwarded to other components of the model for other applications such as the data transmission unit which may utilize the computed trust score for route discovery, and the spectrum sensing unit which may utilize the calculated trust as a weightage for aggregation of spectrum detection. The performance of the proposed model is evaluated in terms of false alarm and miss detection probability, latency, and throughput.
Fang et al. [78] proposed a trust management model that employs Bayesian network to prevent on-off attack. The trust computations aggregate weighted direct and indirect trust, direct trust being the trust score relying on the direct interactions, both current and past, between two vehicles (i.e., a trustor and a trustee), whereas the indirect trust is the highest direct trust value assigned to the trustee by all of its neighboring vehicles, i.e., trustors. In the said attack, the vehicle alternates between honest and dishonest conduct quite frequently, consequently, the malicious vehicles end up achieving elevated trust scores. A window to identify the attack is defined based on the interactions between the trustor and the trustee. Every window has a highest, and a lowest trust score assigned to the trustee by the trustor and the number of times the trustee alters between the highest and the lowest score is counted. The dishonest vehicles switch from high to low and vice versa more often. Furthermore, their extreme trust scores are higher in comparison to honest vehicles which results in a smaller difference between the extremes and a higher switch count. If the switch count exceeds a predefined threshold, and the difference between the extremes is smaller or the highest trust score is greater than another predefined threshold, the vehicle is tagged as a malicious one. Simulations of the proposed model are carried out using MATLAB.
Li et al. [79] proposed a secure content delivery framework amalgamating the notions of trust and game theory. The vehicles are evaluated relying on their positivity and ability to communicate with their peers. Whenever a pair of vehicles communicate, the evaluator assigns an evaluation value to the evaluatee which is then cached in the evaluatee's local storage. An average of this evaluation value and a punishment value is combined to compute the trust value of the evaluatee. To minimize the effects of malicious activities, the vehicles are given the opportunity to challenge the punishment value assigned to them by their peers. Moreover, an evaluatee is evaluated by the same evaluator only once. On the other hand, RSUs are evaluated based on quality of service and reliability, and the average of this evaluation along with the punishment scores are combined to calculate the trust score for the target RSU.
Talal et al. [80] proposed a Bayesian inference-based decentralized trust model that takes into consideration the quality of direct interactions among the vehicles and the event related data transmitted by a vehicle. A belief function is defined to update the trust scores of a vehicle relying on the correlation among the event information that the target vehicle transmitted and the actual status of that particular event. The proposed method assigns a low initial trust score based on the punishing strategy to any vehicle new to the network to prevent dishonest vehicles from gaining advantage by leaving and joining the network frequently to gain high trust scores. To overcome the negative impacts of the said punishing strategy, i.e., the lack of collaboration opportunities available for the newcomer due to a low trust score, a trust based vehicular coalition formation scheme to encourage collaboration among vehicles is utilized. The performance analysis of the proposed scheme is performed on MATLAB.

Blockchain-Based Trust Model
Blockchain technology deals with the distributed digital ledger of transactions. It consists of unalterable decentralized database comprising blocks of data forming chains [81,82]. In this subsection, a detailed overview of the recent research in trust management models employing blockchain technology has been presented [83][84][85][86][87]. Javaid et al. [83] proposed a privacy preserving model that utilizes blockchain for exchange of information as well as trust management in a distributed architecture. The vehicles are registered in the network which helps in developing information provenience and certificates are issued to them by a certificate authority (i.e., an RSU) to achieve data exchange security. To ensure the data trustworthiness, physical unclonable functions (PUF) are utilized after the registration of each vehicle. When data is generated, the list of trusted registered vehicles is examined for the originating vehicle. If the system is successful in locating the vehicle in the trusted list and the PUF response is also correct, a certificate is issued. The proposed model was simulated employing an Ethereum virtual machine and a threat model with an adversary, that can imitate/impersonate a vehicle and transmit counterfeited information to the RSU, and alter the information sent by a genuine vehicle, is utilized for system evaluation.
Khan et al. [84] proposed a model that amalgamates blockchain and trust for misbehavior prevention, wherein, a set of public and private keys is generated for every new vehicle, and a certificate is issued to the vehicle, which, in addition to the Certificate Blockchain (CertBC) having this certificate in its record and Revocation Blockchain (RevBC) not having the public key of the vehicle in its record, is used to authenticate the vehicle preceding the trust score acquisition from Trust Blockchain (TrustBC) and the information sharing among the vehicles. When an incident is reported by the vehicle, the receiving vehicle computes the legitimacy and the trust of the report, records it in a trust set, and employs it to calculate the likelihood of the reported incident happening. The report is considered legitimate if the resulting likelihood is greater than the predefined threshold and a positive ranking is assigned to it before it is recorded in the Message Blockchain (MesBC), which is forwarded to the RSU. The greater the number of positive rankings assigned to a vehicle, the more trustworthy the vehicle is, whereas a higher number of negative rankings (i.e., greater than a predefined threshold) results in the vehicle's public key and the certificate cancellation. The RSU, on the receipt of MesBC, computes the updated trust score of the vehicle and informs the network about it before recording it to the TrustBC. In order to become a miner, the hash value computed by the RSU should not exceed the predefined threshold and the sum of the absolute hash values of the RSU should not exceed the highest sum of these values. The block of the miner is then published into the blockchain and it is ensured that the blockchain of every RSU is identical. The performance evaluation of the proposed scheme is conducted by utilizing VEINS, SUMO, and OMNET++ (i.e., Objective Modular Network Testbed in C++), with and without introducing the denial of service attack.
Lu et al. [85] presented a trust management scheme that relies on the blockchain technology to ensure privacy preservation while the certification authority (CA) issues and revokes certificates. It is achieved by splitting the linkage among a vehicle's true identity and its public key. Any action taken by the CA is recorded evidently in the blockchain without exposing any sensitive details regarding vehicles to make sure a vehicle's public key could be utilized as its authenticated pseudonym. Furthermore, every vehicle is assessed relying on the legitimacy of the information disseminated by it in addition to the neighbors' opinion towards the said vehicle. The record of all the messages is maintained in the blockchain and is used as an evidence to compute the reputation score for each vehicle which helps alleviate dishonest behavior and dissemination of counterfeited messages. The vehicles are rewarded for their cooperation, honesty and reporting misconduct, whereas the vehicles are liable to a penalty for misconduct and collusion. The experiments of the proposed scheme are carried out on an Intel Core i5, 2.5 GHz system and the performance is assessed in terms of overhead concerning the storage, transmission, and computation.
Yang et al. [86] proposed a blockchain based decentralized trust management model, wherein the vehicles evaluate the messages received from other vehicles and notify the RSUs about their evaluation results. The RSUs then compute the entity-based trust scores for the vehicles and create trust blocks. The RSU with the highest number of trust values in its block is selected as a miner to update the trust score of the particular vehicle by adding their block first. The adversarial model includes the spoofing attack where dishonest vehicles can counterfeit safety messages, and bad-mouthing attack where vehicles provide dishonest assessment on the legitimacy of messages. The employment of the notion of blockchain in the trust management process provides a decentralized architecture, prevention from data manipulation, persistent trust records throughout the network, fast convergence, and the information regarding the trust scores of a particular vehicle are easily available to all the RSUs. Simulations of the proposed scheme are carried out using vehicular and blockchain simulation platform on MATLAB.
Kang et al. [87] proposed a blockchain based trust model that selects evaluators called miners based on their trustworthiness in previous interactions. These minors are responsible for the creation, distribution and validation of different blocks. Every node, while computing the reputation on a target RSU, incorporates the recommendations from all the other nodes utilizing subjective logic. Moreover, different influencing parameters, i.e., weights are introduced according to how often the two nodes interacted, how recent the latest interaction between the two was, and the outcome of the interaction, are taken into consideration. Subsequently, the weighted recommendations are aggregated to obtain a single recommendation prior to the accumulation of the direct and the recommended opinions. To encourage the participation of the verifiers in the block validation process, a reward is offered, and these verifiers, as per their reputation, are offered contracts by the block managers. Convex (CVX) tool based on MATLAB is utilized to optimize the reward process.

Deep/Machine Learning-Based Trust Model
Machine learning is a subset of artificial intelligence and relies on learning from experience (i.e., data) to forecast and make decisions with precision over time [88]. Deep learning, a subgroup of machine learning, focuses on simulating the way a human brain works to learn from experience (i.e., large volume of data) by employing neural networks with multiple layers [89]. This subsection provides a detailed review of the recent research in trust management models applying the notion of machine learning and deep learning [90][91][92][93][94]. Tangade et al. [90] proposed a trust management model that utilizes the notion of deep learning to enhance the reliability and offers reduced latency. Each vehicle communicates with the neighboring vehicles and based on this communication, reward points are granted to the vehicles that are used to categorize the drivers/messages as honest or dishonest and, subsequently, utilized for trust score computation by employing deep neural network. A message generated by a vehicle is broadcasted and upon receipt at the RSU, the source is authenticated, and deep neural network is employed to compute the reward points taking the factors concerning the driver's behavior into consideration. The received message is classified as honest or dishonest utilizing a deep neural network by the RSU and, subsequently, the mediator trusted authority calculates the updated trust score of the particular vehicle. The proposed model is evaluated via simulations carried out on TensorFlow and Network Simulator (NS-3).
Zhang et al. [91] suggested a trust management model for software-defined networking based VANETs, wherein the route discovery is ascertained by evaluating the trustworthiness of the next hop neighbors. The said heuristic encompasses state, action, and reward, and contains information pertaining to the forwarding ratio matrix, next hop neighbor selection made by the SDN (software-defined network) controller, and the route trust evaluation, respectively. Furthermore, the authors' defined a minimum acceptable trust score and the vehicles possessing a trust score below the same are categorized as dishonest vehicles. When a vehicle originates a message and the data routing information is unknown, route discovery method and trust calculations are utilized to learn the best data forwarding information. As a vehicle's position and forwarding ratio are likely to change, the trust of that particular vehicle is inclined to change which, subsequently, affects the trustworthiness of the discovered path. Simulations are carried out on TensorFlow and OPNET.
Siddiqui et al. [92] presented a trust management model relying on machine learning to compute an optimal threshold and to identify malicious vehicles in a vehicular network utilizing three contributing parameters, i.e., similarity, familiarity, and packet delivery ratio. The proposed model employs multiple unsupervised learning algorithms to cluster the data for label assignment prior to applying diverse supervised learning algorithms to classify honest and dishonest vehicles, and to acquire an optimal threshold. Simulations for the proposed scheme are carried out on MATLAB.
Gyawali et al. [93] proposed a misbehavior detection scheme relying on hybrid collaborative machine learning and reputation where machine learning is employed to identify malicious messages, whereas reputation is utilized to evaluate the trustworthiness of a vehicle. Every message from a trustworthy vehicle is assessed prior to the report being sent to the local authority which amalgamates the reports employing Dempster-Shafer theory in addition to using the vehicle's reputation or trust value to compute the updated reputation. Subsequently, the reputation score is shared with the certificate authority and a revocation alert is broadcasted if the reputation value of the vehicle falls below the predefined threshold. The performance evaluation of the proposed scheme is carried out employing VEINS, SUMO and OMNET++.
Zhang et al. [94] presented a trust management model that relies on deep reinforcement learning approach to enhance communication among connected vehicles. The said trust management scheme integrates a dueling networking architecture inside the SDN's logically centralized controller to ensure a reliable route is established for data forwarding employing a deep neural network. The route selection process is initiated by the vehicle that wishes to forward data to another vehicle and the trustworthiness of each vehicle, along the path, is evaluated to select the directly connected neighbor that is best suited, i.e., the most trustworthy, next hop in the route from the source to the destination vehicle. Simulations of the proposed scheme are carried out on TensorFlow and OPNET.

Fuzzy Logic-Based Trust Models
Fuzzy logic focuses on representing the imprecision of human reasoning for decision making in an imprecise and uncertain environment [95]. In this subsection, trust management models employing fuzzy logic have been presented in detail [96][97][98][99][100]. Guleng et al. [96] presented a decentralized trust management framework that employs fuzzy logic to amalgamate a vehicle's direct experience and the recommendations of its peers towards a target vehicle in order to tag the unintended dishonest behavior of the said target vehicle. Furthermore, besides the direct trust, an indirect trust score is also computed towards the vehicles that do not have a direct connection to the trustor employing the notion of reinforcement learning. While evaluating the direct trust, the proportion of the messages relayed by the target vehicle, the ratio of legitimate messages forwarded by the target vehicle, and the fraction of the identified incidents that were reported by the target vehicle, were considered prior to employing fuzzy logic. The indirect trust score is computed by inquiring the opinions of neighboring vehicles on the target vehicle by employing Q-learning where the trust value is decremented on every hop along the path from the node expressing the opinion to the inquirer. Simulations of the presented model are carried out using NS-2.34.
Souissi et al. [97] proposed a model that amalgamates trust, in terms of the degree of similarity, and fuzzy logic to guarantee legitimate location information. The central authority validates the location information by cross checking the attributes of the reported lane and the reporting vehicle prior to storing it locally for future reference, e.g., optimum route selection and the status of road traffic, etc. To compute the similarity, three input parameters, i.e., time, speed, and energy, are used as inputs to the fuzzy system. The higher the resulting similarity index, the higher the trust of the reported location information. The shared location information is characterized as malicious if the resulting similarity index is less than the predefined threshold. Simulations of the suggested system are carried out using MATLAB and SUMO.
Kumar et al. [98] amalgamated the notions of fuzzy logic and trust to select the best path between two nodes and to identify blackhole attacks. The relationship of vehicles is estimated using trust computations, wherein the proportion of the successfully forwarded messages by the neighbor from the number of messages this neighbor is expected to forward, the ratio of the number of messages received through the neighbor but generated by other nodes to the total count of received messages, and the acknowledgment of the message receipt are aggregated. The neighbors are ranked as bad, unknown, and good according to the relationship and the trust scores. To select the best path, the neighbor ranked as good is the preferred option for the next hop node selection to forward the data. The vehicles having a bad association are the ones with lower trust scores and are suspected as blackhole attackers. Simulations of the proposed model are carried out using NS-2 and SUMO.
Tan et al. [99] proposed the reputation-based trust management model wherein, a credit account reflecting a node's behavior is associated with every node. The higher the credit score, the more the node is preferred, whereas if the credits of a node are depleted, the said node is eradicated from the network. The trust score of a node takes into consideration the node's reputation, opinion of the neighboring nodes, and historical interactions with other nodes in the network. Graph theory and fuzzy logic are amalgamated to compute the entity-based trust, to avoid the trust scores from increasing quickly while still allowing a swift decrease in trust scores decaying mechanism is employed. The proportion of the messages successfully delivered and the mean delay value are chosen to be the trust computation parameters, and fuzzy functions are defined for them to evaluate the trustworthiness of the routes. The trust score of a route drops down if a dishonest vehicle exists in that route, therefore, this trust score can be utilized to compute a vehicle's trust score. Simulations of the proposed scheme are carried out on MoSim based on MATLAB.
Marmol et al. [100] amalgamated the notions of trust and reputation, wherein to accept or reject a message generated by vehicles, each vehicle computes the trust scores of its peers by employing fuzzy sets. While calculating the said trust values, the node's past reputation, and the opinions of the roadside infrastructure and the other vehicles in the cluster are taken into consideration. Moreover, the vehicles are rewarded or punished as per the comparison of the final decision of their opinions regarding a particular message. If the source vehicle is proved to be dishonest, a notification is sent to the infrastructure and the information on the vehicle is added to the dishonest vehicle database if the number of negative opinions exceed a predefined threshold. Every message generated in the network has a severity level associated to it, accordingly, the message with a high severity level is considered trustworthy only if it is generated by a trustworthy vehicle. Simulations of the proposed model are carried out using trust and reputation model simulator (TRMSim-V2V) developed by the authors.

Cryptography-Based Trust Model
Cryptography focuses on ciphering data to ensure confidentiality and to prevent unauthorized entities from interpreting the information [101]. This subsection discusses, in detail, the recent research employing the notion of trust along with cryptography [102][103][104][105][106]. Muhlbauer et al. [102] proposed a trust management model, wherein the notion of digital certificates and reputation are amalgamated in a centralized vehicular architecture without the necessity of constant connectivity with the road infrastructure. The proposed scheme relies on public key infrastructure (PKI) for vehicles where an ID, a set of public and private keys, and a certificate is assigned to each vehicle and RSU to be able to communicate and authenticate the exchanged messages. The incidents are validated by the traffic control authority (CCO) in a centralized manner. Every vehicle is required to have a frequent contact with a certificate authority that issues the certificates and pseudonyms to preserve privacy. A score is maintained by each vehicle regarding its own certified reputation which is utilized to compute trust among vehicles. Whenever a vehicle notifies its peers regarding an incident, the recipients verify the digital signatures of the source vehicle using the certificate issued to it prior to the evaluation of the message legitimacy. The proposed scheme employs reputation for weighted voting, and message selection by applying simple summation, and Bayesian inference-based reputation prior to the comparison of the resulting score with the predefined threshold. Simulations of the said model are carried out utilizing VEINS, SUMO, OMNET++, and MiXiM (i.e., a mixed simulator for wireless mobile communication network).
Gai et al. [103] proposed a trust management model, wherein cookies are used by an inquirer to rate, in the range [0, 1], the services provided by another vehicle which are then signed by a certificate authority to keep the vehicle from counterfeiting them. Whenever a vehicle entertains a request by another vehicle, it forwards its cookies along with the service requested which is used by the requester to evaluate the trustworthiness of the service provider. In the event of first interaction between the two, the trust score assigned by the requester is the same as the cookie reported by the service provider. However, if the two have interacted in the past, the requester computes an aggregate of weighted direct and indirect trust based on the cookies. The direct trust being the one computed by the cookies in the record of the requester based on their historic interactions, whereas the indirect trust is the one computed using the cookies shared by the service provider. Simulations of the proposed model are carried out on VANETsim.  Wang et al. [104] proposed an authentication framework that utilizes trust to expedite the re-authentication process in the event of handover between the former and the current RSU where vehicles dissociate from the previous RSU and connect to another RSU in their vicinity. The cloud server is responsible for the evaluation of the trust score of every vehicle based on its characteristics. The RSU utilizes the trust score of a vehicle to complete the authentication process and the creation of the session key. As a vehicle traverses from the service range of one RSU (i.e., former) to the other (i.e., current), a certificate affirming the handover is received by the vehicle, and the current RSU forwarded by the former RSU. A token is generated to the vehicle by the current RSU prior to the generation of the session key between the two. Simulations of the proposed scheme are carried out utilizing GNU MultiPrecision (GMP) and Pairing-based Cryptography (PBC) libraries, C language, and a Ubuntu based system.
Tangade et al. [105] proposed a trust management model relying on hybrid cryptography for authentication to ensure robust and efficient trust management. The trusted authority registers the vehicles, road side units, and intermediary trusted authorities prior to their participation in the network. The trustworthiness of these vehicles is then verified by its neighbors via exchange of a test message and the resulting trust score is forwarded to the trusted authority which is responsible for computing and updating the trust value of the target vehicle. When communicating with one another in the network, vehicles also send their trust score in addition to other information such as safety messages, and is verified by the receiving vehicle through comparison with the one stored at the trusted authority. The safety alerts are trusted if the compared trust scores are identical and greater than the predefined threshold else, they are discarded. The performance evaluation of the proposed scheme is carried out utilizing NS-3, SUMO, and MOVE (i.e., a mobility model generator).
Zhang et al. [106] presented a trust management scheme to prevent the election of malicious platoon heads and to preserve the privacy of participating vehicles utilizing paillier cryptosystem. A proof of handshake among a platoon head and the vehicle is generated by every vehicle joining a platoon. At the end of the journey, both the platoon head and the vehicle create and send driving reports to the RSU which, after verifying the vehicle's authenticity, computes the reputation of the platoon head based on the vehicle's trust score and opinion before delivering it to the service provider. Subsequently, the service provider assesses the performance of the vehicle prior to forwarding it to the trusted authority that forecasts the future behavior of the vehicle relying on the past experiences. The performance evaluation of the platoon selection is carried out utilizing a Java-based simulation, whereas the network performance is assessed by employing NS-2 and SUMO.

Open Directions
A thorough glimpse of the existing literature demonstrates a considerable amount of research in vehicular trust management models. Nevertheless, they do not account for the challenges pertinent to:

Cold Start
Owing to the high mobility, cold start or bootstrapping is a crucial problem in vehicular trust management models. No information is available regarding the previous interactions for newly joining vehicles which makes it impossible to compute the trust score relying on the historical interactions for a newcomer. Consequently, a static initial trust value is assigned to all incoming vehicles. If the said initial value is kept too low, there is a high chance that an honest vehicle will get eliminated from the network owing to a low trust score. On the contrary, if it is set too high, it will take too long to eradicate dishonest nodes (based on trust scores), consequently, jeopardizing the network security. The bootstrapping issue has been addressed in social networks and recommender systems, nevertheless, it is still a major challenge in vehicular trust management models [107,108].

Data Scarcity
Due to the highly dynamic topology of vehicular networks, scarcity of information availability can lead to ineffective trust management and failure to identify misbehaving entities. Analogous to the cold start problem, data scarcity is caused by minimal or no prior interactions by a vehicle in the network. In the case of a newcomer vehicle, there are no historical interactions, whereas in a low traffic density scenario, there is a limited number of interactions available. Accurate trust computations and vehicle eviction relying on these computations require sufficient information regarding a vehicle's past experiences with its peers. Amalgamating both direct and indirect observations regarding a target vehicle occasionally helps with data scarcity; however, trust management models relying primarily on entity-based trust do not perform well in sparse environments [109].

Steady Threshold
While designing trust management models, a steady predefined threshold is often employed to detect malicious vehicles, i.e., the vehicles having a greater trust score than the said threshold are classified as trustworthy, whereas the vehicles with trust values falling below the same threshold are categorized as malicious. As mentioned earlier in Section 3.4.10, intelligent attackers (i.e., on-off attackers) do not depict malicious behavior persistently, i.e., they switch their behaviors from honest to dishonest and back frequently in order to avoid detection. Therefore, a steady threshold does not help in the elimination of these intelligent attackers. To mitigate on-off attacks, adaptive threshold is employed which also helps in early detection of dishonest vehicles; however, trust management models with such a threshold are quite computer intensive [31].

Threshold Quantification
With the intention to identify misbehaving entities in a vehicular network, an acceptable trust threshold is often employed, i.e., vehicles with a lower trust value as compared to the said threshold are tagged as untrustworthy, whereas the ones with a higher trust score are grouped as trustworthy. It is, therefore, of paramount importance that the value of such threshold is precisely defined so as to detect and evict malicious vehicles accurately from the network. If the said threshold is kept too high, the probability of honest vehicles getting eliminated increases. If the threshold is set too low, the malicious vehicles will stay in the network for too long, consequently, causing harm to the network. The existing literature assigns a steady value as a threshold without taking the dynamic nature of the vehicular network into consideration [52].

Weights Quantification
The trust computation process requires the contributing trust parameters (e.g., direct and indirect trust) to be aggregated to acquire a final trust score for a trustee. In some cases, the contributing parameters are averaged out to obtain the final trust score which implies that each contributing factor has the exact same impact on the final trust score. Alternatively, the notion of weights is commonly applied, wherein different contributing parameters are assigned different weightage relying on their respective contribution/importance in the final trust value computation. Determining precise values for these weights in proportion to the relevance and significance of the said parameters is of great importance. The existing research literature addresses the quantification of the aforementioned weights to some extent, nevertheless, this problem demands considerable attention [92].

Conclusions
To satisfy the ever-growing transportation demands in megacities, efficient and effective utilization of the existing transportation infrastructure is of paramount importance, especially in ITS in the context of smart cities. Smart connected vehicles form IoV network that facilitates both non-safety, e.g., infotainment, and safety-critical, e.g., warning and alert generating applications, by exploiting V2X communications. To ascertain the reliability and trustworthiness of such communications, the notion of trust is introduced and, subsequently, trust management schemes are employed in vehicular networks. This paper presents a comprehensive review of the state-of-the-art trust management models in the IoV employing diverse computational domains. The paper emphasizes on comparing the said trust management schemes in respect of the evaluation tools utilized, quantification of weights applied while trust aggregation, misbehavior detection, attack resistance, and quantification of the threshold defined for misbehavior detection. Furthermore, a brief glimpse of the IoV layered architecture, the notion of trust and its constituents, and the attacks associated with vehicular networks is also provided. Finally, open research directions in the area are discussed as well. In a nutshell, this survey can provide useful guidance for future research in trust management in the IoV.

Conflicts of Interest:
The authors declare no conflict of interest.