Social Internet of Vehicles for Smart Cities

Digital devices are becoming increasingly ubiquitous and interconnected. Their evolution to intelligent parts of a digital ecosystem creates novel applications with so far unresolved security issues. A particular example is a vehicle. As vehicles evolve from simple means of transportation to smart entities with new sensing and communication capabilities, they become active members of a smart city. The Internet of Vehicles (IoV) consists of vehicles that communicate with each other and with public networks through V2V (vehicle-to-vehicle), V2I (vehicle-to-infrastructure) and V2P (vehicle-to-pedestrian) interactions, which enables both the collection and the real-time sharing of critical information about the condition on the road network. The Social Internet of Things (SIoT) introduces social relationships among objects, creating a social network where the participants are not humans, but intelligent objects. In this article, we explore the concept of the Social Internet of Vehicles (SIoV), a network that enables social interactions both among vehicles and among drivers. We discuss technologies and components of the SIoV, possible applications and issues of security, privacy and trust that are likely to arise.


Introduction
Smart cities are areas where innovation is supported through digital networks and applications [1].Smart cities are often called sustainable, digital or connected cities [2].The goal of converting a city into a smart environment is to alleviate the problems resulting from urbanization and increased urban population.A smart city is an urban area that provides the conditions for sustainable economic growth and quality of life.Smart solutions, like traffic congestion avoidance [3], green buildings [4] and modern industrial control systems (ICS) [5], are some of the technologies that can make today's urbanization sustainable.A smart city involves the intelligent use of technology to improve how people live, work, commute and share information [6].A key aspect of a smart city is next generation vehicles that incorporate new sensing, communication and social capabilities as part of the wider Internet of Things concept.By providing mobile wireless sensing and communications, vehicles can facilitate data access, which is fundamental to make smart cities a reality.
Wireless networks can be divided into three main categories.First, infrastructure wireless networks rely on a central station that coordinates all communications [7].Second, non-structured networks or ad hoc networks give equal roles to all stations in the network [8,9].Third, hybrid networks combine the first two categories [10].An example of hybrid networks is hybrid vehicular ad hoc networks (hybrid-VANETs) [11], which use ad hoc networks for communication between vehicles and infrastructure networks, such as wireless local area networks (WLANs) and cellular systems for communication with a core network [12,13].Smart vehicles, through their advanced communication capabilities, will be able to interact not only with navigation and broadcast satellites, but also with passenger smart phones, roadside units and other smart vehicles, making them an important component of IoT and the development of smart cities [14].VANETs combine these with new applications and methods to enable the intelligent communication between vehicles and the connection to the Internet.VANETs rely on roadside units (RSU) and on-board units (OBU) to facilitate the connectivity and the intelligence of the smart vehicle.RSUs are communication infrastructure units that are positioned next to roads to connect vehicles to a larger infrastructure or to a core network, such as a metropolitan traffic management system.The OBU is a network device integrated into smart vehicles that supports different wireless networks, such as dedicated short-range communication (DSRC) and WLAN.A VANET has a diverse range of applications, from road safety, through the detection and avoidance of traffic accidents [15], traffic control, through reduction of traffic congestion [16], as well as infotainment, through the improvement of driving comfort [17].Recently, three of the biggest companies that provide digital content and operating systems for mobile devices, Google, Apple and Microsoft, have announced their actions toward taking over the in-car infotainment system with their operating systems dedicated to vehicles and mobile devices (CarPlay, Android Auto and Windows Mobile) [18].
The Social Internet of Things (SIoT) [19] is a network of intelligent objects that have social interactions.The Social Internet of Vehicles (SIoV) [20,21] is an example of a SIoT where the objects are smart vehicles.The authors in [21] designed analytical models of the subsystems involved in the SIoV interaction process and proposed models that could be useful in order to deploy Social Internet of Vehicles (SIoV)-based safety, efficiency or comfort applications.Although the basic rules are the same for both social networks of humans and social networks of vehicles, there are significant differences in terms of the dynamic nature of the entities, their social interactions, the topology of the network, privacy concerns and security issues that arise.In this article, we will present a comprehensive review of the research and analysis of such systems.
Social Internet of Vehicles (SIoV) describes both the social interactions among vehicles [22] and among drivers [23].As described in [23], a vehicular social network is created when a driver enters an area where other people with common interests or relevant content exist.Contrary to this, Nitti et al. [22] describe a vehicular social network as social interactions among cars, which communicate autonomously to look for services (automaker patches or updates) and exchange information relevant to traffic.Given that vehicles are becoming more and more autonomous [24] and that applications supporting social interactions among drivers and passengers are already being developed [25,26] we strongly believe that SIoV will eventually be a network of both drivers, passengers and cars.This new interconnection among entities on different levels (vehicles, drivers, passengers) creates new capabilities, poses new challenges and exposes the network to new threats.
New applications that are based on the social concept of vehicular networking were recently developed.For example, RoadSpeak [27] is a voice chatting system that allow commuters to dynamically enter vehicular social networks on the fly and exchange messages.NaviTweet [26] incorporates the driver's preferences into the navigator's route calculation using traffic voice tweets.Caravan Track [25] is a similar application that allows drivers to share mobility data among a cluster of cars.This application, supported by Ford, can be used to filter incoming information to suit the needs and desires of the driver.Porsche also unveiled its new concept electric car that has the ability to post updates to social media [28].As we move to the era of the next generation of vehicles, smart vehicles with sensing, communication and sociability capabilities, more applications and technologies are going to be developed that will materialize the idea of SIoV.
This article provides an comprehensive survey of the Social Internet of Vehicles.We first review components and technologies of the SIoV in Section 2. We then discuss context awareness in Section 3. In Section 4, we present how social network analysis methods can be applied in SIoVs.Next, in Section 5, we review security and trust issues related to SIoVs.Finally, we discuss current challenges and open issues regarding driver privacy in Section 6.

SIoV Technologies and Components: Next Generation of Vehicles
The design, development and deployment of vehicular networks is boosted by recent advances in context-aware technology and wireless vehicular communication techniques, such as dedicated short-range communications (DSRC), Long-Term Evolution (LTE), IEEE 802.11p and Worldwide Interoperability for Microwave Access (WiMax) [29].An increasing number of social network applications is being proposed for vehicular networks, which leads to a shift from traditional vehicular networks toward SIoV.In this section, we briefly introduce the key aspects that enable SIoV in current vehicular networks.Similar to [30], we focus on three main components: (1) next-generation vehicles; (2) vehicle context-awareness; and (3) SIoV context-aware applications.
Vehicular ad hoc networks (VANETs) are a kind of mobile ad hoc network that has been proposed to enhance traffic safety and provide comfort applications to drivers.The unique features of VANETs include fast-moving vehicles that follow pre-determined paths (i.e., roads) and messages with different priority levels.For example, messages for comfort and infotainment applications have low priority, while messages for traffic safety applications require timely and reliable message delivery [31].Using the on-board unit, vehicles can communicate among themselves (vehicle-to-vehicle, V2V) and with roadside units (vehicle-to-infrastructure, V2I).This enables several other forms of communication, such as vehicle-to-broadband cloud (V2B), where the vehicle communicates with a monitoring data centre, vehicle-to-human (V2H) to communicate with vulnerable road users, for example pedestrians or bicycles, or vehicle-to-sensor (V2S), where the vehicles communicate with sensors embedded in the environment [31].
Vegni et al. [32] introduced next generation vehicles as smart vehicles that represent the convergence of communications, infrastructure, computers and autonomy, resulting in new capabilities, such as sensing, navigation, sociability, context-awareness and communication.Based on these aspects, smart vehicles exhibit five features: self-driving, safety driving, social driving, electric vehicles and mobile applications.

Self-Driving
The aim of autonomous cars is to drive independently without human interaction and to navigate the roads safely to reduce traffic accidents.According to a report by KPMG [33], the use of autonomous vehicles could eliminate 90% of all vehicle accidents.The industry [34] defined six accreditation levels of autonomous driving: At Level 0 (no automation), the driver has control of all aspects of the driving, even if he or she is assisted by various intervention or warning systems.At Level 1 (driver assistance), the vehicle will be fully controlled by the driver.This might include specific warning applications, such as blind spot detection.Level 2 (partial automation) has a low level of automation, including lane detection and an assisted braking system.Level 3 (conditional automation) combines two functions for congested traffic, namely driving in a straight line and automatic speed reduction.Level 4 (high automation) allows limited self-driving, which requires the driver to maintain consistent observation of the roadway in selected environments, to cede control when required.At Level 5 (full automation), the vehicle is capable of reaching the navigated destination without human interaction.
Current mass-market technology offers features on accreditation Level 2 (partial automation).For example, the 2014 Mercedes S-Class comes with options for auto-parking, clever steering, lane keeping, automated acceleration/braking and fatigue monitoring [35].In traffic jams, the 2014 BMW i3 can accelerate autonomously and brake up to 30 miles per hour [36].The 2015 Audi A7 provides autonomous braking in traffic jams [37].
In the future, most technology companies and automobile manufacturers predict to offer features on higher accreditation levels.For example, Tesla expects to build a vehicle that can drive 90% of distances in fully-automated mode in 2016.In 2018, Google expects to provide fully-autonomous vehicles on the market.In 2020, Mercedes-Benz, GM, Nissan, Volvo, BMW and Audi all expect to sell fully-automated/self-driving vehicles.

Safety Driving
The aim of the safety driving feature is to reduce casualties, injures and create vision zero [38], i.e., to reach the ambition of zero traffic accidents.To help achieve this goal, vehicular networks enable applications that provide a wide range of information to drivers and travellers.An example application is described in [39], where the authors propose the use of V2I communications in order to reduce the emergency services' arrival time.

Social Driving
In social driving, vehicles gather on-the-flyto be part of a social network that consists of neighbouring vehicles.These vehicles can share the same interests, locations, move towards the same direction/destination or be part of existing relationships.There exist smart tools that use real-time traffic information, collected by a participatory sensing approach in order to help drivers choose the best route, e.g., Waze [40], Google Live Traffic to Google Maps [41], etc. Uber and Lyft, two applications that were recently launched, although having raised many legal issues, also give the users the opportunity to share their cars with people that have similar destinations [42] and can be considered as different expressions of the social driving concept.

Electric Vehicles
There is high customer growth and interest in fully-electric, hybrid (gas-electric) and zero-emission vehicles.Especially in highly populated areas and low speed zones, these vehicles can contribute to the protection of the environment.Novel methods that deal with the optimal charging of electric vehicles, in static or dynamic mode, have recently been introduced.These vary from stationary stations that are scattered across the road network in central positions [43][44][45], dynamic wireless charging methods that take advantage of the mobility of nodes [46,47] and eco-routing algorithms that run in isolation in every vehicle or in a central way for a fleet of vehicles [48,49].The authors in [50] present a method for dynamic wireless charging of vehicles based on the concept that vehicles meet at rendezvous points, giving a social aspect to the power transfer procedure.

Mobile Applications
The integration of network adapters, on-board units, different types of sensors and Global Positioning system (GPS) receivers enables vehicles to gather and analyse information about themselves and the surrounding environment and disseminate this information to nearby vehicles [31].
Depending on their primary purpose, VANET applications are classified into comfort applications and safety applications.Comfort or entertainment applications provide ease, high levels of comfort and tranquillity to all passengers, including the driver.This can include information of current restaurant menus, prices and discounts on highway services, nearby gas stations, shop discounts and current prices for nearby hotels.For passengers, this can also include online gaming, Internet access and social instant messaging [51].Safety applications use dedicated short-range communications (DSRC) to improve road safety and avoid accidents or reduce their severity.
These five features will expose SIoV to a plethora of sensor data that need to be analysed, to enable vehicles to become context-aware.
In their seminal work, Alam et al. [20] envisioned the concept of a social network among cars as a cyber-physical layer on top of the physical vehicular network.Based on this concept, the authors proposed application scenarios that target both drivers, authorities and cars and discussed privacy issues that arise from such a system.Using this work as a basis, we elaborate in the following sections on how next generation vehicles can achieve higher levels of vehicle context-awareness.This is followed by a discussion as to how approaches to social network analysis can be applied within an SIoVs and what new security and privacy challenges arise.

Vehicle Context-Awareness
A key aspect in IoV is to enable vehicles to be context-aware, i.e., to be aware of the circumstances that exist around the vehicle, especially those that are particularly relevant to it [52].Context-aware systems are those that have the capability to adapt their behaviour to their current contextual environment.Context-awareness in vehicles can be provided by three main subsystems: sensing, reasoning and acting [53,54].
The sensing subsystem gathers contextual information from different sensors integrated with the vehicle's OBU.The type of these sensors differs according to the vehicle's requirements, for example location, infrared or ultrasound.In other terms, this phase represents the way context data are collected.
The reasoning subsystem processes raw data to extract high-level contextual information, such as the driver's situation.Contextual information can be either extracted from a single sensor, defining certain contextual information, or extracted from multiple sensors, defining uncertain contextual information.Detecting driver's fatigue levels is considered uncertain (high-level) contextual information.
The acting subsystem represents the application enforcer, which provides services to users or other drivers.Disseminating warning messages, in-vehicle alerts and smart assisted parking are examples of high-level applications deployed to prevent accidents and reduce road congestion.
Several context-aware systems and frameworks for the SIoV have been proposed in the literature.Hu et al. [55] presented s-frame, a framework for social vehicular networks formed by in-vehicle or mobile equipment used by passengers, vulnerable road users and drivers that supports high-level context-aware applications.
Alhammad et al. [54] designed a VANET on-street context-aware smart parking assisting system, deploying the concept of the centralized InfoStation to locate and reserve a parking slot.This reservation process is dictated by the driver's preferences.All parking zones have a dedicated InfoStation that acts as a terminal, providing wireless coverage over DSRC, as shown in Figure 1.Wan et al. [29] presented a cloud-based context-aware dynamic parking service that provides planning services for traffic authorities, a parking reservation service and context-aware optimization.Their framework allows drivers to park their vehicle alongside the road for short periods, provided this does not impede the traffic flow.To provide this service, the framework considers contextual information, such as time (e.g., rush hours) and road conditions (e.g., the width of a road).Traffic authorities can manage this service dynamically and effectively reduce parking problems in a smart city.
Shu et al. [56] designed SocialDrive to allow drivers to disseminate real-time travel information on social networks and to help them understand their own driving behaviour.SocialDrive provides contextual data to drivers to reflect the ultimate driving style, which can reduce fuel consumption by eliminating unwanted habits.

Social Network Analysis in SIoVs
Social network analysis (SNA) can be used to discover important players in a network and refers to the use of network theory to analyse social networks.Individual actors within the network, which can either be vehicles, drivers or even passengers, are represented by nodes, and the interactions or relationships among them are represented by edges [57].Based on the interaction among entities of the network, which can be either static or dynamic, metrics, like centrality, cohesion, degree and clustering coefficient, can reveal relations among nodes, as well as groups of entities that share common habits.
Cunha et al. [58] showed that vehicles tend to show a similar behaviour and routines in terms of mobility.The mobility of vehicles can be mapped as a social network, following the same basic laws of degree distribution and distance among nodes.Applying SNA on vehicular networks can therefore improve the performance of communication protocols and services.Traditional concepts from graph theory, like centrality and clustering, can be applied in vehicular networks, as long as they incorporate their specific features, such as mobility of nodes, channel conditions and drivers' behaviour.
The centrality of nodes plays a crucial role in information spreading in a network [59,60].In a similar way, central nodes can serve as good spreaders of infections [61] or as good points for building defence mechanisms [62].Furthermore, central nodes can be elected as the clusterhead of groups that are created on the fly.A clusterhead may act as a relay node for traffic coming or destined to different clusters or as a relay node for intra-cluster communication [63].

Centrality of Nodes in an SIoV
Centrality metrics have been developed and used in the SNA to characterize and measure the importance of individual entities in a social network.The objective of these metrics is to find nodes that are central in a graph and can thus serve as relay nodes in terms of efficient information dissemination.Generally, a node with high centrality is more central compared to its neighbours, although it is highly affected by the network topology and the application that is used.
Betweenness centrality is a good metric for identifying nodes that can participate in the forwarding procedure of data [64], especially when used in static networks.According to betweenness centrality, a node is central to the degree that it stands between others.For example, in Figure 2, nodes A and B are the most central nodes, because they participate in the majority of shortest paths between the rest of the nodes.Betweenness centrality has been adapted for different types of networks, e.g., sensor networks, where the remaining energy of nodes influences the selection of the next hop in a forwarding chain [65], and delay-tolerant networks, where the delay that every message faces is affected by the popularity of nodes [66].In mobile ad hoc networks, centrality metrics represent the significance of nodes at any time instance.Daly et al. [67] show an effective use of social network and centrality analysis in mobile networking.They derive a social routing algorithm from a combination of similarity and betweenness centrality.When the exact location of the destination node is unknown, the algorithm forwards messages to the nearest central node, thereby increasing the potential of selecting a suitable carrier of the information towards the destination.
Aside from betweenness centrality, there are similar metrics that combine graph theory with social characteristics.In degree centrality, central actors are the ones that have the most ties in the network graph.Closeness centrality focuses on how close one actor is to the other.The idea is that an actor is central if it can quickly interact with all others, and it is based on the geodesic distances among nodes.Smart vehicles that are equipped with GPS and communication capabilities can make use of closeness centrality to dynamically identify the central nodes that can be good candidates for forwarding important messages [68].
Maglaras et al. [69] proposed to rank vehicles based on the road segments that they are going to follow.They start by ranking each road segment according to how many vehicles that enter the network are going to traverse it, based on their historic data.For vehicles with no previous historic data, the shortest path in terms of distance is assumed as the preferred path.Then, each vehicle is assigned a unique ranking based on the accumulated ranking of the roads that it is going to traverse.This metric represents the significance of the node in terms of dissemination capabilities, and it ranks the importance of a node based on dynamic features, e.g., the traffic of road segments and the route of the vehicle.Following a similar approach, Bradai and Ahmed [70] rank vehicles based on the relative location to their neighbours and their potential of reaching other vehicles.Based on these characteristics and inspired by SNA, they propose a new centrality metric, called dissemination capacity.The proposed ReViVprotocol adds a rebroadcaster selection module to the existing IEEE DSRC and thereby reduces the reported delay, so that real-time streaming applications become feasible.
The role of central nodes can be played by roadside units (RSUs), which are computing devices located on the roadside that provide connectivity support to passing vehicles.RSUs can be of different kinds, for example cellular base stations or wireless access points, and can provide various kinds of communication capabilities to approaching vehicles.The optimal placement of RSUs is similar to determining the central nodes in a VANET, and it has been widely investigated both for urban [71] and highway [72] environments.Rongxing et al. [73] propose a novel Social-based PRivacy-preserving packet forwardING(SPRING) protocol for vehicular networks.In SPRING, the optimal locations where the RSUs must be deployed are intersections where many social interactions happen.The RSUs are used as relay nodes to assist cars in packet forwarding.Similar to this work, Huang et al. [74] investigate the RSU optimal placement problem, taking into account location privacy parameters.The authors in [75] present a density-based approach for roadside unit deployment in urban scenarios, where RSUs are placed according to the inverse proportion of vehicles densities, in order to reassure seamless connectivity to the Internet.

Social Clustering of Vehicles
Clustering is a method widely used in all kinds of networks, ranging from mobile ad hoc networks [76] to sensor networks [77].Clustering exists in different forms and can be performed using a wide range of network characteristics, bringing significant benefits to a network.For example, clustering can alleviate the problem of an overwhelming number of broadcasts in dense networks (broadcast storm) [78], increasing the system throughput and improving the bit error rate.It can significantly decrease packet delays and provide better spectrum utilization in time and space.Clusters that partition the network cleverly can also allow data aggregation and increase network longevity.By creating small groups of nodes that share common characteristics, the network appears to be smaller and more stable.To form clusters, vehicles can combine LTE and DSRC communication capabilities, as shown in Figure 3. Cluster heads can perform special operations inside a cluster, such as regulation of channel use, aggregation of data, scheduling and packet routing.A special characteristic of a VANET environment is diversity in the mobility patterns that vehicles follow, which is based on the road network's local condition, for example reacting to traffic congestion or accidents.This characteristic makes a VANET a very dynamic network where the vehicle density exhibits large variations.Another problem that the communication between moving vehicles has arises when the receiver and the source are moving towards different directions.The problem that is called Doppler shift has attracted much attention, and many solutions have been proposed [79].The authors in [80] identified the key factors that affect the delivery of warning messages between vehicles, which are the radio propagation model, the density of vehicles and the roadmap.This work showcased how dynamic a VANET environment can be and how small variations in only one feature can heavily affect the performance of the network.
Having this dynamic characteristic of a VANET in mind, a good clustering method that can reassure good stability and high cluster lifetime must incorporate many different factors during both the cluster formation and cluster maintenance processes [63,81].In addition, an effective clustering method has to take into account signal fading and channel interference.Hassanabadi et al. [82] presented APROVE, a protocol for distributed election of cluster heads using affinity propagation from a communications perspective.Maglaras et al. [81] proposed a distributed clustering algorithm, which applies virtual forces among the nodes to form stable clusters.The applied force is relative to the current and predicted future distance among each pair of vehicles and to their relative velocities.The method assigns positive virtual forces among vehicles that move towards each other and negative forces to vehicles that follow different directions.Nodes decide whether to become cluster heads, join a nearby cluster or leave their cluster depending on their current state and the relation of the total virtual forces applied to it from its neighbours.Vegni et al. [83] introduced a new cluster-based routing protocol that reduces network overload, message duplication and packet collisions by allowing vehicles to selectively transmit messages.
When moving on the social aspect of vehicular communications, new parameters, like the frequency of interactions between entities, historical data of driver behaviour and driver habits, must be taken into account.As drivers tend to follow similar routes when moving in a city or on a highway, past mobility information can be used to build distinct social profiles of the drivers.These social profiles can become a basic characteristic to create social groups of vehicles and drivers.In [84], the nodes are divided into different groups based on the regularity of contact between vehicles with fixed routes.Using the social behaviour of vehicles as a basic parameter in the clustering formation procedure, the method presented in [85] manages to increase cluster stability.The social behaviour of drivers is derived from historical data that are collected from RSUs, which are deployed at critical points of the road network.To implement the proposed clustering method, the path that vehicles are likely to follow is added to every beacon message.Both methods use the routes that the vehicles follow or tend to follow as an additional parameter to form stable clusters.
A special category of clusters is platoons.Platooning describes the automated coupling of vehicles by electronic means, with the first vehicle taking control [86].The lead vehicle decides the speed with which the platoon will move, while the remaining vehicles regulate their speed to follow automatically.The advantages of this scheme are higher security and improved use of resources.Large transport vehicles naturally have a high air resistance, which can be reduced through slipstream effects within a platoon.This saves fuel and helps to make better use of road space [87].A platoon can consist of an arbitrary number of vehicles, and as vehicles become members of the platoon, they can also form a social network on the fly [88].After the creation of the platoon, the leading vehicles can serve as the clusterhead and take over most of the communications between the platoon and the outer network (see Figure 4).

SIoV Security Issues
The security of a vehicular network is a vital aspect of an SIoV, as the compromise of a vehicle can lead to life-threatening situations, as well as a general degradation of other components that use the SIoV as part of a wider smart city infrastructure.Different from a standard computer network, a vehicular network provides a large number of distributed and heterogeneous resources and computational functionalities.The connectivity between vehicles in various geographic locations makes security a more complicated issue to solve, as is the heterogeneous nature in terms of ownership, manufacturer and, indeed, users.Social vehicular network security considers social characteristics and human behaviour [30] alike.This section reviews issues of security, trust and reputation in vehicular networks with a particular focus on the social aspects.

SIoV Threats
Existing research of vehicular security threats considers them as a whole and has not highlighted the social aspects that have a direct impact on the security of the overall infrastructure.Raya reviewed the threats to vehicular networks and classified them into insider/outsider, malicious/rationale and active/passive [89].Zeadally [90] classified them into threats to availability, threats to authenticity and threats to confidentiality.In the following, we describe the main security threats and highlight some solutions for SIoV security.

Denial of Service Attack
Denial of service (DoS) attacks aim to prevent legitimate users from accessing data or services in computer networks.In vehicular networks, this attack floods and jams the traffic with large volumes of irrelevant messages that negatively impact the communication between the network's nodes, on-board units and roadside units.Because the vehicle under attack is part of the wider infrastructure of the SIoV embedded in a smart city environment, there is a large number of high-powered computing facilities in close proximity to the target.An attacker can potentially use these for jamming attacks against the target's on-board sensory equipment to counter the target vehicle's ability to identify rogue messages through corroboration with its local information sources.
The problem of DoS attacks can be addressed by using a voting scheme [91].However, voting schemes may fail if the attacker can produce false identities to disguise himself [92].

False Message Injection
An insider attacker can sign a false message and broadcast it to the network.The attacker can thus manipulate the traffic flow and affect the decisions of other drivers, causing damage through traffic jams or accidents.
In vehicular networks, the notion of proof-of-relevance (PoR) has been proposed to address this issue by filtering false data via authentic consensus.PoR is based on the idea that witness vehicles provide authenticated endorsements to information about an event.The event reporter can thus prove that he/she is authentically relevant to the event [93].

Malware
Malware, such as viruses or worms, is usually introduced through outside unit software and firmware updates.Malware can infect vehicles and even allow remote adversaries to take control of individual vehicles.Remote access Trojans, paired with the advanced communication facilities that VANETs bring to the SIoV, can gain control of the internal CAN bus and disrupt essential services.Remote attacks of this form have been widely demonstrated and have shown in dummy tests to risk the safety of drivers and passengers [94].Other research on malware targeting vehicles has shown that the spread of malware can be achieved through vulnerabilities in the computers used to maintain and diagnose vehicles during servicing.This has wider implications than just the infection of a single vehicle, because the spread of malicious software is taking place through a trusted service platform, potentially affecting an entire product line.As this is already possible with today's technologies, the potential for malware to spread through the SIoV is even higher, for example when a vehicle's social component receives software or firmware updates from another unknown vehicle.
Existing work proposed the person authentication system [95] to ensure only the authorized user can use the vehicle.Zhang proposed a cloud-assisted vehicle malware defence framework to address the malware challenges [96].A key challenge is the maintenance of up-to-date patches and signature files.While cloud-assisted frameworks can centralize some of these efforts and make the problem more manageable, the roll-out of automated patch management in a large-scale SIoV is a formidable challenge, given the heterogeneous nature of current vehicles.Other considerations are that the sophistication of advanced persistent threats (APT) is beyond what manufacturers and infrastructure providers are prepared to or can afford to defend against.This means that the defence of individual vehicles will be left to individuals, which based on experience with currently-available ICT infrastructures, is open to a wide array of threats, including masquerading and social engineering attacks on the members of the SIoV.

Masquerading and Sybil
In a masquerading attack, a vehicle fakes its identity and pretends to be legitimate in the vehicle network.Outsiders can conduct attacks, such as injecting false messages.In a Sybil attack, the attacker generates multiple identities and pretends to be multiple legitimate vehicles concurrently.They can artificially disrupt a roadway and affect the decision making of the other drivers through smart routing systems [16].In this attack mode, a vehicle can claim multiple locations at the same time, which can cause traffic chaos.
Sybil attacks can be detected using resource testing [97], which assumes that vehicles have limited resources.This problem can also be address by using public key cryptography [98], where vehicles are authenticated using public keys.However, these approaches are based on assumptions and have limitations in addressing Sybil attacks.Sybil attacks can be launched on the basis of a large compromised SIoV, because a bot-net that is deployed on an SIoV is difficult to defend against, as the nodes are in a constant flux of reconfiguration.Together with randomized attack patterns, this can lead to denial of service attacks against the wider smart city infrastructure through jamming of low-power sensory infrastructures or the degradation of essential monitoring services.

Impersonation Attack
In an impersonation attack, the attacker steals the identity of a legitimate vehicle and can then broadcast security messages on that vehicle's behalf.These messages can impact other drivers' decision making and create traffic problems.
Chhatwal has proposed an approach called building up secure connection along with key factors (BUCK) to detect and isolate the impersonation attack [99].

Solutions and Future Directions
Tremendous research has been done in protecting vehicular networks from being attacked.These include public key infrastructure [100], trusted architectures, such as the IEEE 1609.2Security Framework [101], and key management and authentication schemes [102].However, less research has been conducted in the area of social vehicular network security.With the increasing integration of smart devices and vehicles, human beings will play an important role in V2V (vehicle-to-vehicle), V2R (vehicle-to-road), V2H (vehicle-to-human) and V2S (vehicle-to-sensor) interactions.This calls for new research in two directions.First, research needs to address security issues from a social perspective, such as policy making, law enforcement or security awareness training.Second, research needs to study the interaction between human agents and technical security solutions.Experience can be borrowed from social network security [100], where social aspects are well researched.

SIoV Trust Issues
Trust has been well studied in social networks.Golbeck introduced the concept of social trust based on sociological foundations, defining trust as "a commitment to an action based on a belief that the future actions of that person will lead to a good outcome" [103].Golbeck sees social networks as platforms to build mutual trust between entities [104].However, trust in a social network consisting of vehicles and drivers has not been well studied.This section reviews the trust issues in the SIoV.

Trust Characteristics of SIoV
Trust in the SIoV exhibits five characteristics that are different from trust in traditional social settings.

Uncertainty
Trust in the SIoV is uncertain and dynamic.Because the SIoV is inherently dynamic, information can change rapidly, and trust may only be valid for a short period of time.When establishing trust, the SIoV needs to take into account three uncertainties caused by the SIoV's dynamic nature: the uncertainty of an entity's identity, the uncertainty of an interaction entity's behaviour (intentional or unintentional) and the uncertainty in observations.Existing work in social networks addressed this issue by expressing trust using a continuous variable instead of a discrete-valued variable, as the former can better capture the dynamic feature of the context [105].

Subjectivity
Trust in the SIoV is subjective.Our level of trust depends on how our own actions are affected by the context [106].Trust decision-making thus exhibits a level of subjective probability that is difficult to predict and monitor.We face an inherent risk in vehicular networks when we make trust decisions within the SIoV.Existing work in social trust addressed this issue by proposing recommendation systems.For example, Yang proposed a recommendation system for online social networks based on Bayesian inference [107].Users can share content ratings with their friends, allowing them to make informed decisions.This provides an opportunity to choose the option with the smallest level of perceived risk.

Intransitivity
Trust in the SIoV is not always transitive.Trust is transitive when it can be extended outside the scope of the two entities who established it [108].However, this is not always the case.If A trusts B and B trusts C, this does not necessarily mean that A trusts C. Trust transitivity depends on the extent to which you trust the trustee and the trustee's recommendations.As with subjectivity, research in social networks has developed recommendation systems to make trust-based recommendations by allowing users to share trust ratings with peers.

Context Dependence
Trust in the SIoV is context-dependent.For example, A may trust B as a physician to perform medical checks (in the context of a medical situation), while A would not trust B to perform surgery (in the context of an accident).Similarly, different types of trust need to be established in an SIoV, depending on the given context.In social networks, Jøsang's subjective logic [109] has been widely used to model trust networks.Cerutti uses subjective logic in a decision-making approach that considers the notion of confidence.The approach determines weights associated with trust ratings and outputs a trust degree that depends on the current interaction context [110].

Non-Cooperativeness
Trust in the SIoV is not always cooperative.Trust decisions are usually made cooperatively between different entities.However, not all entities in an SIoV are cooperative.Entities may refuse to cooperate for selfish or malicious reasons.Existing work in social networks aims to separate selfish entities once they are detected and encourages altruistic behaviours with incentive mechanisms.Cho [111] researched the trade-off between selfish and altruistic behaviours in terms of a node's individual welfare, for example saving energy, and global welfare, for example achieving a goal with adequate service availability.

Trust and Reputation
Reputation management is part of trust management.Although the concepts of trust and reputation are often used interchangeably, they are subtly different.Trust is active and indicates whether an entity believes in the trust quality of a peer.Reputation is passive and indicates an opinion about an entity.A reputation system is further classified as positive reputation and negative reputation.Positive entity behaviour is recorded in positive reputation systems, and negative entity behaviour is recorded in negative reputation systems [105].The authors in [112] present a cooperative neighbour position verification mechanism based on V2V communications among vehicles; it can mitigate the impact of adversary users by excluding malicious nodes from the packet routing mechanism.The aim of the reputation system in the SIoV is to establish trust values for each entity in the SIoV, providing information for other entities to make trust-based decisions.It provides information on whether a peer is trustworthy or not, encourages peers to participate in a trustworthy way and isolates untrustworthy peers from acting in the process.Experience can be borrowed from reputation and trust management in social networks to support trust-based decision-making in the SIoV [113].
Another aspect of the use of trust and reputation within a SIoV is related to the length of interactions between peers in the network.Most work on trust assumes that peers build and establish trust through a number of interactions and that trust can be verified eventually to influence future interactions or recommendations for that peer.While these assumptions hold in the context of electronic transactions and service provisions, they are more difficult to assess in the highly dynamic, reactive environment of the SIoV.In addition, many reputation-based systems rely on the predictability, rationality and repetition of behaviours.In a targeted cyber-attack scenario, these assumptions do not necessarily hold, especially if a malware's spread affects a large number of vehicles in a platoon.
In sum, trust is a multidimensional concept.Trust-based management and decision making in SIoV faces big challenges.Trust establishment needs to address the trust characteristics of the SIoV.Future work should also focus on how to adapt the trust decision frameworks, models and systems in social networks to address similar issues in the SIoV.

SIoV Privacy Issues
The SIoV enables social interactions among vehicles and drivers and thus incorporates features of both vehicular networks and social networks.Both types of networks raise important privacy issues that need to be considered in the context of the SIoV.In this section, we review these privacy issues, discuss privacy-enhancing technologies for the SIoV and highlight research questions that need to be addressed to make SIoVs viable.

Privacy in Vehicular Networks
The main privacy issue in vehicular networks is location privacy [114].Vehicles in a vehicular network broadcast unencrypted messages that contain a vehicle identifier along with the vehicle's location, speed and heading.In many cases, these data can be linked to the driver's identity.Using these data, a system that is ultimately designed to offer safety and comfort applications to drivers can be abused by third parties, such as employers, insurance companies or criminal organizations to track individuals [115].This tracking can reveal sensitive locations, such as home or work locations, along with the time and duration of each visit [116], effectively allowing one to infer the detailed behavioural profiles of drivers.
It is important to note that the location privacy requirements of participants in vehicular networks can conflict with authentication requirements.Because messages in vehicular networks can contain information about safety-critical events, recipients of messages need to make sure that messages have been sent by a trustworthy source before acting on them [117].If this is realized by strong authentication of message senders, the vehicular network cannot provide privacy at the same time.
Therefore, privacy-preserving solutions for vehicular networks often rely on pseudonyms.A pseudonym takes the place of a vehicle identifier, and it should not be possible to link pseudonyms to the real identifier.Because it can be desirable to allow authorities to find the real origin of a message, for example when misbehaviour has been detected, cryptographic schemes have been designed to provide privacy against ordinary participants, but allow authorities to revoke privacy [118].To protect against tracking attacks, pseudonyms need to be exchanged frequently, and it is important to ensure that successive pseudonyms cannot be linked to each other [119].Methods to achieve this unlinkability of pseudonyms include mix zones [120] and silent periods [121].Recently, a new method that guarantees anonymity while at the same time spotting and revoking malicious users of a VANET is introduced [122].

Privacy in Social Networks
Privacy issues in social networks include identity theft, stalking, the possibility to create digital dossiers about participants and inadvertent publication of information that was intended to remain private [123].This is exacerbated by the fact that many social networks have overly complex privacy policies and do not promote available privacy controls to users [124].In addition, even when users choose to keep most of their information private, several attacks have shown that it is possible to infer sensitive attributes despite restrictive privacy settings [125,126].This is made worse by the fact that information about a user is often revealed by the user's friends and family, resulting in a situation of interdependent privacy, i.e., where a user's privacy depends on other people [127].
Privacy towards the provider of a social network can be achieved by encrypting all information that a user posts to the social network.Several approaches have been proposed that add encryption to existing social networks without requiring the consent or participation of the provider and without affecting the usability of the social network [128][129][130].
Another privacy concern in social networks is link privacy, i.e., the privacy of relationships between users.Link privacy aims to hide the type and existence of social relationships.This is important because it is possible to re-identify anonymous users in a social network graph [131] and to infer global relationship information by subverting a limited number of user accounts [132].Mitigation strategies against attacks on link privacy aim to make attacks more expensive and rely on the network provider to implement them [133].

Privacy-Enhancing Technologies for the SIoV
Combining privacy issues from social networks and vehicular networks, it is easy to see some of the privacy issues that will affect the SIoV.In particular, we envision three risks.First, the privacy threats against social and vehicular networks will become accessible to a wider range of adversaries.For example, it will be possible to eavesdrop on information about social networks via wireless vehicular transmissions, and it will be possible to find location information via online social networks.Second, the information available today will be augmented in two directions: social network profiles will be combined with ubiquitous geo-tagging, and vehicular network messages will be combined with information about a driver's preferences and behaviour.This will allow the inference of much more detailed driver profiles, which can be exploited for marketing or surveillance.Third, it is unclear how privacy policies can be effectively conveyed to a driver in a vehicle and how privacy controls may be offered to drivers.This may lead to even more inaccessible privacy policies and less accessible privacy controls than with today's social networks [124].
To counter these risks, privacy-enhancing technologies for the SIoV are needed.To date, there are very few approaches in the literature that specifically target SIoVs.Most notably, the proposed SIoV architecture in [20] attempts to address privacy issues.However, their approach has three weaknesses.First, their approach relies on cloud storage, which means that the privacy issues associated with cloud computing apply, for example data privacy both towards the cloud provider and the provider's other customers [134].Second, the privacy protection proposed in their architecture consists of tagging all messages with a privacy value (public, private and protected).This policy-based protection depends on whether the recipient of a message honours the transmitted privacy value and is ineffective against most adversaries.Third and most importantly, it does not include technical privacy protections, such as cryptographic means.
Future privacy-enhancing technologies for SIoVs should be based on proven privacy-enhancing technologies for social networks and vehicular networks.New privacy-enhancing technologies and those resulting from combinations of existing technologies need to be evaluated thoroughly to make sure that they provide an adequate amount of privacy.Because the SIoV is a combination of social and vehicular networks, evaluations need to use a selection of privacy metrics from both domains [135,136].

Conclusions
In this article, we surveyed the key concepts of the Social Internet of Vehicles (SIoV), a new type of network that enables social interactions between vehicles, drivers and passengers in the Internet of Vehicles.More specifically, we reviewed enabling technologies and key components of the SIoV and presented context-aware SIoV applications that can be deployed in a smart city.Three main components were introduced that include next-generation vehicles, vehicle context-awareness and SIoV context-awareness applications.Context-aware systems allow vehicles to adapt their behaviour as per the contextual information gathered from different subsystems, such as sensing, reasoning and acting.Several context-aware frameworks are available that support high-level context-aware applications design.Future work should enhance the context-aware systems by adapting existing frameworks and incorporating context-aware applications from different vendors.
We also identified the types of interactions that can happen between vehicles, drivers and passengers and discussed how social network analysis methods can be used to improve the operation of an SIoV.Using historical data of drivers, vehicles that are moving in a road network can be ranked in terms of their social behaviour.Ranking of vehicles can be used in order to perform efficient message dissemination by selecting the nodes that follow populated roads, so as to alleviate the broadcast storm problem.In order to cope with the interference caused by flooding of messages, clustering of vehicles can also be used, where the social characteristics of the drivers can help in the creation of more stable and robust clustering formations.Combined communication capabilities along with social behaviour of the vehicles can facilitate eco-routing and dynamic charging of electric vehicles.Established social metrics, like degree or betweenness centrality, finally, can be modified in order to cope with the dynamic environment of a vehicular network and provide efficient tools for facilitating the communication among the nodes.Future work should focus on the development of new social metrics that can be dynamic and also able to rank in an efficient manner different entities that co-exist in an SIoV; smart vehicles, passengers, road users and drivers.
Finally, we discussed the issues of security, trust and privacy that SIoVs faces and highlighted how existing security solutions can be applied to these highly dynamic networks.Current security solutions place an imbalanced focus on technical aspects over social aspects.However, with the integration of smart devices and vehicles, the human aspect has become vital.Future research should address the social perspective of security and the interaction between human agents and technical solutions.Trust has been well studied in social networks, but less work can be found in the SIoV.Trust in the SIoV has demonstrated five different characteristics, which are uncertainty, subjectivity, intransitivity, context dependency and non-cooperativeness.Future work should focus on the adaption of the trust decision frameworks, models and systems in social networks, addressing the trust characteristics of the SIoV.Future privacy-enhancing technology in SIoV should be based on existing work for both social networks and vehicular networks.Privacy metrics from both domains need to be considered in order to thoroughly evaluate the upcoming SIoV privacy technologies.

Figure 4 .
Figure 4.A platoon of vehicles.