A Review on Cybersecurity of Cloud Computing for Supporting A Review on Cybersecurity of Cloud Computing for Supporting Connected Vehicle Applications Connected Vehicle Applications

— In an internet-of-things (IoT) environment, cloud computing is emerging as a technologically feasible and economically viable solution for supporting real-time and non-real-time connected vehicle (CV) applications due to its unlimited storage, enormous computing capabilities, and cost advantage, i.e., cloud computing costs less than owning such systems. However, maintaining cybersecurity is a major challenge in cloud-supported CV applications as it requires CVs and various transportation or non-transportation services to exchange data with the cloud via multiple wired and wireless communication networks, such as long-term evolution (LTE) and Wi-Fi. In this paper, we review the cybersecurity requirements of cloud-supported CV applications, such as confidentiality, integrity, availability, authentication, accountability, and privacy. Our review also identifies the associated cybersecurity challenges that might impact cloud-supported CV applications and corresponding solutions to these challenges. In addition, we present future research opportunities to prevent and mitigate cybersecurity issues in cloud computing for CV-related applications.

accelerated the introduction and usage of cloud computing for CV applications [1]- [6].
Cybersecurity is of utmost importance for cloud-supported CV applications, as security failures can break down the cloudsupported transportation system of an entire area by exposing sensitive information, increasing road users' vulnerabilities, and even causing fatal crashes. These effects can be amplified in a cloud internet-of-things (IoT) environment, where any breach of cybersecurity happening in cloud-supported CV applications can affect other IoT applications and vice versa because of similar resource sharing in an IoT environment [7], [8]. The Cloud IoT environments are emerging as lucrative targets for threat actors seeking to exploit the lack of end users' understanding of the cloud cybersecurity model. According to the 2020 Trustwave Global Security Report, the cyberattacks on cloud services nearly doubled in 2019 [9]. Among the most targeted domains for cyberattacks, cloud environments are third, following corporate and internal networks. For example, in 2016, a botnet called Mirai performed a large-scale network Denial of Service (DoS) attack and brought down several wellprotected cloud services [10].
Apart from the traditional cloud infrastructure, cloud computing for supporting CV applications require sophisticated cybersecurity and privacy protection mechanisms. Cyber attackers can take advantage of cloud-enabled system loopholes and perform cyberattacks as they experience the same privileges as legitimate users. Therefore, to ensure the cybersecurity of cloud-supported applications, requirements such as confidentiality, integrity, availability, authentication, accountability, and privacy must be met along with the expected computing and storage characteristics, i.e., efficiency and flexibility of data storage and usage [7]. Although many traditional cybersecurity mechanisms are available today, they are not enough to address the cybersecurity challenges in cloudsupported CV applications [11], [12]. Cloud-supported CV applications can be compromised due to the cybersecurity issues associated with the vehicular network and the cloud.

Mapping among Cybersecurity Requirements, Challenges, Existing Solutions and Future Research Directions
Masood et al. [12] P P P P PP PP Goumidi et al. [  Our paper P P P P P P P P

P = Present; NP = Not Present
solutions, and future research directions based on the current knowledge gap. Table I presents a comparison of the existing surveys that comprehensively studied the security aspect of cloud computing for CV applications. Table II presents a list of the survey papers we reviewed and the cybersecurity challenges they discussed. As observed from Table II, most of the cybersecurity challenges presented in the other surveys are also directly covered in our paper as well. In addition, we study the challenges in detail with reference to their corresponding existing solutions, current knowledge gaps, and potential future research directions. Among the challenges that we do not directly list as high-level cybersecurity challenges (based on the other surveys listed in Table II) are (i) User access interface [18], which we discuss as "Scalability of Cybersecurity Solutions" in Subsection G of Section IV, and (v) Security cost (bandwidth, quality of service or QoS, etc.) [21], which we discuss as an issue that can be solved using 5G's high bandwidth and low latency in "5G for Secure and Faster Communication" in Subsection D of Section V. The primary contributions of our paper are as follows: • Identification of the cybersecurity requirements, challenges, and future research directions to address the current knowledge gap while considering the holistic and integrated cloud-based environment to operate multiple CV applications in an IoT environment supported by any communication technology and associated protocols • Discussion on potential future research directions based on emerging technologies and how they can serve as enablers of a secure cloud IoT environment for supporting CV applications The rest of the paper is organized as follows: Section II discusses various components of cloud computing for CVs with their functions; Sections III and IV discuss in detail these cybersecurity requirements and existing cybersecurity challenges with solutions that have been discussed in the existing literature, respectively; future research directions for cloud computing for CV applications are discussed in Section V, followed by the conclusions in Section VI.

II. ARCHITECTURE OF CLOUD-SUPPORTED CV APPLICATIONS
In this section, we discuss the architectural components and their corresponding functions required in a cloud-supported CV application to present their cybersecurity requirements and challenges. In general, a cloud computing environment for supporting CV applications can be formed in three ways depending on the CV application type, the amount of data to process and store, and the required geometric area coverage by the CV application: (1) using only a group of CVs where the CVs communicate with each other using vehicle-to-vehicle (V2V) communication and share their physical resources such as computational and storage resources (tier 1), (2) using roadside or edge infrastructures (i.e., roadside units or RSUs) where CVs communicate with the RSUs using vehicle-toinfrastructure (V2I) communication and RSUs are connected to local servers (tier 2), or (3) using backend clouds or clouds that reside in the internet domain, such as commercial clouds (tier 3) [22]. The tier 2 formation is often referred to as Edge computing [23], [24]. A cloud formed using a group of CVs (tier 1) or including RSUs (tier 2) can better assist small-scale and localized transportation applications, whereas backend or commercial clouds (tier 3) are capable of handling large-scale transportation applications and thus hold significant potential to serve large-scale CV applications [3].
To show the interactions among CVs, cloud, and various transportation and other infrastructures, we present a general architecture for cloud-supported CV applications in Fig. 1. CVs represent mobile nodes and can communicate directly to the cloud through various wireless networks, such as long-term evolution (LTE), 5G, and Wi-Fi, or indirectly through Roadside Data Infrastructure (RDI), such as RSUs, Traffic Control Infrastructure (TCI), such as connected roadway traffic signals, or other CVs to send Basic Safety Messages (BSMs). According to the SAE J2735 standard [25], CVs broadcast BSMs 10 times per second, which include information, such as the CVs' location, heading, speed, and other states information. On the infrastructure side, TCI communicates with the cloud by sending its own traffic control information, such as the Signal Phase and Timing (SPaT) messages, and Traffic Management Centers (TMCs) share traffic and roadway information recorded by Traffic Management Infrastructures (TMIs). Other services, such as weather services, news services, and social media, can also be connected with the cloud. Inside the cloud, a message broker is deployed to help data producers and consumers exchange data. A message broker acts as a topicbased intermediary message routing program that operates in a publish/subscription pattern to exchange data between the CV application-related data producers and subscribed consumers of the data. Fig. 1 also presents the cybersecurity requirements and relevant challenges faced in such cloud-supported CV applications that will be discussed in detail in Sections III and IV.
Leading global cloud service providers offer commercial cloud services that can be utilized in cloud-supported CV applications. For example, Amazon Web Services (AWS) offers an IoT solution architecture for CV applications [26]; Google established a cloud platform that can support CV applications in a cloud IoT environment [27]; and Microsoft Azure offers high-performance computing services that can support CV applications [28]. The commercial cloud services can dynamically scale resources up/down depending on the demand or the number of CVs connected to the cloud at a particular time. Any cloud-supported CV applications that use CV-generated data include three types of cloud services: infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), and software-as-a-service (SaaS). Developers can utilize IaaS to set up low-level requirements of an application, such as data storage, virtual machines (VMs), and operating systems. Beyond infrastructure, PaaS provides flexible and scalable services, such as database management and computing services for developers to build their applications. Applications are implemented on the SaaS for users, where developers implement real-time or non-real-time applications according to target user requirements. Many commercial cloud service providers now offer server-based as well as serverless computing services. In a server-based architecture, application developers are responsible for setting up and managing the server instances, whereas, in a serverless architecture, this role is taken care of by cloud service providers. Server-based architectures include all three types of services, i.e., IaaS, PaaS, and SaaS. On the other hand, in serverless architectures, IaaS is managed by the cloud service providers. Serverless cloud architecture, which includes PaaS and SaaS, can help to costeffectively implement real-time CV applications [29], [30].

III. CYBERSECURITY REQUIREMENTS FOR CLOUD-SUPPORTED CV APPLICATIONS
In this section, we discuss the cybersecurity requirements of cloud computing for supporting CV applications, how these requirements can be compromised and how existing technologies could protect the cybersecurity requirements against corresponding threats or attacks. As shown in Fig. 1, the cybersecurity requirements of cloud-supported CV applications can be categorized as follows [19], [20]: 1) confidentiality, 2) integrity, 3) availability, 4) authentication, 5) accountability, and 6) privacy. These cybersecurity requirements could be violated by various cyberattacks on data, such as data breaches and data loss [31], [32], or cyberattacks on the internal network used by the cloud or the network used by the external entities to communicate with the cloud [22].

A. Confidentiality
Confidentiality of sensitive information related to 1) CVs, such as vehicle identity (ID) authentication information, which is exchanged between the cloud and the CVs or stored in the cloud for further processing, and 2) VMs that process CV data, such as the location of VMs, is required to ensure the cybersecurity of cloud-supported CV applications. Confidentiality means controlled and authorized access to sensitive information while preventing those data from being accessed by unauthorized users or attackers. Different types of cybersecurity threats on CV data (e.g., data breach using VM Escape attack where VMs intrude the host system [33], VM location information breach using mapping of the cloud's internal infrastructure [34]) or network (e.g., eavesdropping, account or service hijacking, spoofing, and Sybil attack) can compromise confidentiality. To ensure the confidentiality of information for the cloud service users, access control models and data encryption schemes are essential. In a cloud-supported CV application, distributed and scalable access control schemes are required. Various attribute-based access control models have been presented in the literature (e.g., ciphertext-policy attribute-based encryption [35], secure billing protocol over attribute-based encryption [36]) for preserving confidential information in cloud-supported CV applications. Along with an appropriate access control model, asymmetric or public-key cryptography is necessary for information exchange in cloudsupported CV applications [37]- [40].

B. Integrity
In cloud-supported CV applications, integrity refers to the integrity of CV data exchanged with or stored in the cloud or the integrity of the executable scripts in the cloud. CV data integrity refers to accurate, trustworthy, and reliable data related to CVs (e.g., vehicle ID, speed, and location information) which needs to be maintained over the entire data life cycle, i.e., all the stages that data go through from data creation to data deletion. In a CV environment, tampered or modified CV data can be hazardous as they can be responsible for many unacceptable and often unsafe outcomes of CV applications. For example, in a CV data modification attack, an attacker can modify the data about the surrounding environment that is being transferred from the cloud to a CV. Due to the inaccurate information about the surrounding environment (i.e., location and speed of the surrounding vehicles), a CV route guidance application can recommend an unsafe path along a route leading to a fatal or severe injury crash. Similarly, modification attacks on codes or scripts related to a CV application running in the cloud can compromise safety, especially in a cloud IoT environment where multiple IoT applications share the same countermeasure resources, including the defense scripts. The integrity requirement can be compromised by various other types of cybersecurity threats, such as data loss during data exchange, processing, and storing in the cloud [41], or cyberattacks, such as identity spoofing, repudiation, information disclosure, and Sybil attack. Unsecured cloud service/storage could compromise data integrity as they can be tampered intentionally, such as the deletion of stored data, or even unintentionally, such as users being unaware of data storage crashes. Integrity-preserving schemes, such as data-or batch-verification schemes, have been presented in the literature to preserve the integrity of data in a cloud-supported CV application [42]- [45].

C. Availability
Availability refers to the ability of authorized CVs to access and use services from the cloud whenever needed. In a CV environment, many real-time applications have a stringent requirement of an uninterrupted flow of data to and from the CVs. Therefore, ensuring timely access to cloud resources and services is mandatory for the deployment of cloud-supported CV applications. Availability can be compromised due to the loss of required data caused by cyberattacks. Various types of network attacks, such as Denial of Service (DoS), Distributed Denial of Service (DDoS), malware attack, blackhole attack, replay attack, and jamming attack, can compromise the availability of cloud resources [17], [46]. For example, in a DoS attack, an attacker can flood the communication channel or consume the cloud computing resources with fake service requests so that CV application-related service requests or CV data requests from legitimate users are denied due to capacity overloads, such as communication bandwidth overload and resource overload. To protect the communication channel and make data available for legitimate CVs, trust-or cryptographybased techniques can be deployed [17].

D. Authentication
In cloud-supported CV applications, authentication refers to the process of verifying the identity of CVs communicating with the cloud and/or other CVs. Without a proper authentication method, illegitimate entities can gain access to sensitive information, which can compromise other cybersecurity requirements, such as confidentiality, integrity, and availability. Attacks, such as identity spoofing, information disclosure, brute force, and Sybil attacks can compromise authentication. The existence of mobility nodes, i.e., CVs, makes authentication challenging in a cloud-supported CV application as it constitutes dynamic nature in the network communication topology. In Section IV, we present various existing methods for secured authentication in cloud-supported CV applications, such as geographic location-based authentication [20], biometric and elliptic curve cryptography (ECC)-based authentication [47], and batch-verification schemes [42].

E. Accountability
In the context of cloud cybersecurity, accountability means keeping track of all data processors in the cloud and their corresponding data processing actions [48]- [50]. All information related to CVs, such as identity, authentication, location, and motion, must be tracked inside the cloud as these data can be randomly duplicated, transferred, and used across the cloud, which could compromise the accountability requirements. Thus, all processing of the CV data in the cloud must be continuously audited based on cybersecurity analysis, and appropriate cybersecurity mechanisms should be deployed to ensure accountability requirements are met [12], [51]. Various accountable privacy-preserving attribute-based schemes have been presented in [52]- [54] that can be adopted to fulfill the accountability requirement in cloud-supported CV applications.

F. Privacy
Private data related to cloud-supported CV applications can be classified into two categories: (i) personally identifiable information, such as CV owner information (e.g., name and phone number) and vehicle information; and (ii) sensitive information, such as CV authentication and CV location information [48]. CVs, especially connected and automated vehicles (CAVs), depend on various in-vehicle sensors to operate that produce a huge amount of data every second. Common in-vehicle sensors include Global Positioning System or GPS (collect location data for navigation), Radio Detection and Ranging or RADAR (measure distance and speed of the surrounding objects), camera (collect video data for object detection and classification), and Light Detection and Ranging or LiDAR (generating a 3D map of the surrounding area) [55]- [57]. Location data collected by GPS or video data captured by the camera are of key privacy concerns. The US Fair Information Practices (FIP) defines the basis of the data protection and privacy laws, which includes: (i) data collection limitation, (ii) purpose specification, (iii) purpose use limitation, (iv) individual participation, and (v) visibility and transparency [58]. The ISO/IEC 27018 is among the first industry standards that defines cloud privacy in 2014 [59]. This standard provides the guidelines for the protection of personally identifiable information through six principles: consent, transparency, communication, portability/data retention, compliance, and confidentiality [48]. Microsoft Azure and AWS are examples of two cloud service providers who follow the ISO/IEC standard to comply with privacy requirements [60], [61].

IV. CYBERSECURITY CHALLENGES, SOLUTIONS AND GAPS BASED ON EXISTING STUDIES FOR CLOUD-SUPPORTED CV APPLICATIONS
We discuss the challenges, existing solutions and gaps related to the cybersecurity of cloud-supported CV applications in this section. As summarized in Table II, our list of challenges is the most comprehensive one compared to all of the six reviewed papers. In addition, Figure 1 broadly categorized the challenges into three primary groups: CVs, cloud, and communication, which map with the categories adopted by the US Department of Transportation (USDOT) [62].
We discuss the cybersecurity challenges related to cloudsupported CV applications in this section. For each challenge, we present a comprehensive literature review of the existing solution techniques. Table III presents findings from the following subsections, i.e., Subsections A to H.

A. Authentication of High Mobility Nodes 1) Challenges:
One of the challenges in securing a cloud-supported CV application is effective authentication in the presence of CVs that represent mobility with high and varying speeds. The security requirements related to this challenge are authentication and integrity. Authentication refers to the verification of the CVs' identities. CVs can authenticate themselves with the cloud using several methods, such as vehicle identification numbers (VINs), pseudonyms, security tokens, software tokens, passwords, and signatures [20]. However, the challenge is the authentication process due to the high mobility of CVs in the physical world. Usually, CVs enter and leave the transmission range of access points in a short time interval. Authentication of event-based messages (such as alerts and warnings) is associated with a location context, but with the continuous change in the network topology, it is difficult to authenticate the messages of an individual CV [19]. Authentication also depends on reliable wireless communication because it requires message exchanges between the cloud and the CVs. Unreliable wireless communication increases the probability of packet loss; as a result, the exchange of authentication tokens, such as passwords and signatures might be lost [14]. The authentication process with security tokens needs to incorporate the cases of dynamic network topology into their system [20]. Due to the inability of traditional authentication methods, many attacks could be carried out against the cloud, such as Sybil and impersonation attacks. Identity consistency for each CV, where the same authentication credential is used to connect to multiple cloud services by different providers, is a challenge that could compromise the authentication process for CVs [63]. Messages from unauthenticated CVs can compromise the integrity of the overall cloud-supported CV application.

2) Existing Studies Addressing the Challenge and Current Gap:
Many studies have looked at solving the problem of the authentication of CVs in the cloud. In recent studies, the most popular approach for authentication of CVs in the cloud is multi-factor authentication, which utilizes the strength of different schemes, such as multiple cryptography-based authentication schemes to create a more robust and secure authentication system. For example, in [63], the authors present an integrated authentication framework using a single-server 3factor authentication protocol and a non-interactive identitybased key establishment protocol. In [47], the authors present a biometric and ECC-assisted authentication framework for cloud computing for CVs to enhance efficiency in terms of communication and computation overhead. The method presented in [47] is able to reduce at least 42% of the computational cost to complete the cryptographic operations compared to other existing methods. Another study focuses more on message confirmation in the cloud using batch verification in the roadside edges [42]. The authors, using their developed verification method, calculate the execution time, which depends on the completion of the total required number of cryptographic operations to complete the verification. The average verification time of the developed method in [42] is 0.176 milliseconds (ms), while it varies between 1.783 ms and 30.516 ms for the existing baseline verification methods. In [20], the authors present a geographic location-based security mechanism that ensures secure authentication of CVs for V2V communication. The encryption key of the sender CV messages are geographic location keys, and the receiving CV cannot decrypt the messages if it is not within a specific geographic region. This method can be adapted for cloud-supported CV applications, where a CV cannot decrypt a message from the cloud unless it is physically within a specific geographic region. The decryption region can be dynamically changed, which makes the authentication more secure and robust. Using Artificial Intelligence (AI), the dynamically changing topology can be predicted to improve authentication algorithms, which needs to be studied in the future. The existing gaps in literature also include authentication process investigations in a realworld mobility environment with considerable CV penetration utilizing fast, secure, and reliable communication, such as 5G. Furthermore, an efficient authentication process in a virtual, software-based digital infrastructure environment needs to be investigated.

B. Establishing Trust Relationships with a High Number of CVs 1) Challenges:
Establishing trust relationships with CVs is an essential part of cloud security. The security requirements related to this challenge are confidentiality and accountability. A CV can be authenticated by the cloud as a legitimate vehicle, but cloud usage may be restricted based upon the trust relationship with the CV. Different CVs communicate with the cloud for different applications, and the cloud needs to establish a trust relationship with different CVs in real-time to initiate the service [20]. However, establishing trust with a large number of CVs in real-time poses a cybersecurity challenge. A related case is multi-hop routing, where the CVs communicate with the cloud through various agents (i.e., other CVs, roadside edges) due to network topology or application requirements. In this scenario, the cloud needs to establish trust with all the intermediate agents, such as RSUs, service providers, network channels, and secret key generators, in real-time, which adds to the computational burden of the trust establishment service [19]. The cloud needs to maintain confidentiality of CV application services by evaluating the trust on CVs and be accountable for access to different services.

2) Existing Studies Addressing the Challenge and Current Gap:
One way to establish cloud-CV trust is to use trusted middleagents, such as the servers operated by the Department of Motor Vehicles (DMV), who have access to the CV information and can verify the CV information for the cloud [20]. In general, the use of infrastructure as a middle agent to establish the trust between CVs and the cloud is an effective strategy since the infrastructure is capable of handling trust relationships with a large number of connected agents within its domain. Another effective strategy is the distributed agent-based trust establishment technique, in which the cloud can establish a trust relationship with a leader CV elected to represent a group of CVs, in which all other CVs in that group communicate with the cloud through the leader CV [20], [64]. Other CVs can broadcast protest packets (i.e., warning message sets indicating that the information communicated by the leader CV seemed incorrect to the protesting CVs) against the leader CV if they deem the leader CV to be malicious. The cloud then examines the leader and protester CVs and re-evaluates the legitimacy of the leader CV [20], [64]. To develop better trust models for cloud-supported CV applications, edge computing can be used. In [65], the authors introduce a decoy technology (DT) and user behavior profiling (UBP) to solve trust issues in cloud servers using edge computing architecture. The edge computing-based UBP system ensures the trust relationship with the CVs in the cloud, as an intruder can be detected based on its behavior profile [65]. The authors in [65] evaluate the combination of DT (where a decoy file having scrambled content is shared with the intruder) with UBP for scenarios with up to 50 vehicles and found that the combination of both DT and UBP is more effective (minimum attack detection accuracy of 83%) in a majority of the events compared to the system which uses DT and UBP separately (minimum attack detection accuracy of 76.9%). Blockchain has also proven to be a useful technology for ensuring trust in cloud-supported CV applications. In [66], the authors present a system called Trust Bit, which provides trust for each broadcasted data packet by CVs in all networks. The Trust Bit is a bit in the data packet sent by CVs, where the bit represents a trusted unique ID given to each CV, which the other CVs can use to gather background information about CVs in the network, thus representing the trustworthiness of vehicle actions (i.e., legal and illegal actions). In [67], biometrics are combined with blockchain technology to provide an ID-aware credit-based trust system for secure CV data sharing. The protocol presented in [67] assigns crypto data to each CV. Then, a consensus competition determines a winner CV based on the highest credit record and rewards the winner CV with an extra credit associated with its biometric ID. The winner CV then takes the lead in the communication network. Even though blockchain has been proved to be very effective in establishing trust for a high number of moving nodes in an IoT environment, seamless integration of blockchain and virtual or cloud-based transportation infrastructure (referred to as the 'Infrastructure as Code' in Section V) for cloud-based CV applications is yet to be developed. The research gaps we have identified are improving blockchain-based trust establishment systems and using Infrastructure as Code to enhance and support the trust establishment systems.

C. CV Location Validation 1) Challenges:
The security requirements related to the challenge of CV location validation are confidentiality, integrity, and authentication. The CVs broadcast BSMs every one-tenth of a second [25], which is used by the cloud to provide several services to the CVs. Most, if not all, of the services provided by the cloud depend on the accurate localization of a CV [20]. One approach for accurate and secure localization of CVs is having multiple sources of location validation data. However, cyberattacks on the GPS signal, such as jamming and spoofing, can easily compromise the location data that the CVs generate. In jamming, the GPS signal from the satellite is obstructed, so the receiver in the CV is not able to receive the signals, and the position information cannot be generated. On the other hand, a spoofing attack, in which the original signal is replaced by a fake signal which results in incorrect position information of a CV, is the most sophisticated type of attack [19], [68]. By manipulating the GPS signal, one can generate turn-by-turn spoofed data so that a CV is guided to a wrong destination [69]. For this turn-by-turn attack, an attacker manipulates the GPS signal, and an insignificant shift (in terms of distance) of the current location of a CV occurs [69]. Although a GPS signal can be cross-validated continuously using multiple GPS receiver antennas, all the antennas can be locked into the spoofed signal using multiple phase-locked spoofers during a sophisticated coordinated spoofing attack [70]. Eventually, it could compromise the reliability of cloud services for supporting CV applications. The integrity of the location data will be compromised along with the leakage of sensitive information. Moreover, the authentication of the CV also needs to be reevaluated once an attack has been detected.

2) Existing Studies Addressing the Challenge and Current Gap:
The cloud needs to deploy active or passive location validation techniques for CV locations. In terms of active validation, the cloud can access data from roadside sensors along with the BSM data from roadside devices to validate the precise location of each of the CVs [20]. The cloud can also leverage the sensor data from the in-vehicle sensors, such as camera, RADAR, and LiDAR, to locate other CVs accurately. Passive validation includes using statistical and filtering techniques to correct wrong or missing location data using previous location data and data from other CVs [20]. The cloud has been used in previous studies for CV localization and monitoring. For example, in [71], the authors develop a time of arrival (ToA) based localization algorithm that runs in the cloud. The algorithm leverages the neighboring CVs to implement more accurate localization. Using direct V2V communication, one CV can be tracked using another neighboring one, which means that if a neighboring CV can determine its own position accurately using GPS, then it can act as the reference point for calculating the location of other CVs around it. This method can be used at geographic locations with weak GPS signals and for CV location validation during jamming or spoofing attacks. In [72], Dasgupta et al. presented a prediction-based location validation strategy, i.e., a spoofing attack detection, using a long short-term memory (LSTM) model. The authors use an LSTM model to predict the distance traveled between two consecutive locations to validate the location of a vehicle using in-vehicle sensors data. Blockchainbased strategies have also been proved to be effective for ensuring the cybersecurity of information, such as data owner's location, which is used in supply chain management of transporting goods [73]. From low to medium loads (i.e., 100 to 360 mobility nodes), the authors in [73] found that the efficiency of blockchain in terms of latency was less than a second, and communication throughput was higher than 99%. In [74], blockchain is used to prevent location tracking or remote hijacking by attackers. In this study, the authors present a Lightweight Scalable Blockchain (LSB), which is a decentralized system that creates clusters of nodes managed by the cloud. The LSB has the capability to adjust its throughput utilizing a distributed throughput management (DTM) method so that the additional load on the network does not affect the network efficiency. In [75], the authors present a Cross-layer Location Verification Enhancement (CLVE) system, in which a validated entity, such as CV and roadside infrastructure, is used to verify the location of the CVs. The location validation is achieved through different networking layers, such as the physical layer, network layer, and application layer. On the physical layer, the location validation occurs directly through sensors, such as RADAR. For CVs outside the sensor range, the network layer can be used for location validation. If a CV receives a message with location information of remote CVs, the CV can confirm them by randomly challenging the positions using other CVs on bi-directional roadway traffic (i.e., roadway traffic in the same direction and the oncoming roadway traffic) using multi-hop routing. On the application layer, a CV can collect the location information of another CV from all other entities and perform information fusion to determine the correct CV location. Based on a simulation analysis, the range of standard error for CLEV-based position estimate is 0.12-0.25, while it is 0.18-0.37 for a virtual grid-based method [75]. With increasing CV penetration in the real world, the requirement of real-time, secure, and efficient data transfer to process location data from a plethora of CVs within a short period of time will become a challenge. Thus, in the future, 5G's fast and secure communication will be effective in solving this challenge [76]. We have also identified some research gaps, such as crowdsourcing and data fusion, to enhance the algorithms for detecting and preventing CV location spoofing and using machine learning and predictive analytics to improve the CV location validation process.

D. Securing CV Communication Network 1) Challenges:
The security requirements related to CV network security are confidentiality, integrity, and availability. One of the major concerns of cybersecurity in a cloud-supported CV application is securing the communication network between the mobile edges (i.e., CVs), roadside edges (i.e., RSUs), and the cloud. Network security is a major challenge in cloud computing for CVs due to the various communication methods used by different CVs at the same time. In a cloud-supported CV application, each communication channel may have its own protocol stack and layers which need to be secured. Network security has several vulnerabilities, such as DoS, DDoS, jamming, spoofing, malware injection, communication network traffic tampering, eavesdropping, and man-in-the-middle attacks. For example, in the DoS attack, an attacker CV can start flooding the communication channel, which is being used by other CVs to communicate with the cloud. As a result, the cloud service to other CVs may be interrupted. A man-in-the-middle attack can be caused by intermediate nodes that are forwarding messages from CVs to the cloud and vice versa. The traditional security for communication channels is cryptographic algorithms. The most important part of the cryptographic algorithm is the key management system in cloud computing for supporting CV applications. Creating an efficient Vehicular Public Key Infrastructure (VPKI) is essential for secure communication [77]. In this case, one of the major challenges is the continuous generation of key pairs (i.e., private and public keys) while CVs move from one location to another quickly. CVs change association quickly from one communication access point to another, which breaks down existing communication channels and creates new channels frequently, and new key pairs need to be generated for cryptographic algorithms, which is challenging. Overall, communication network presents the problem of availability since the network always needs to be available for data exchange and security. Moreover, a compromised network endangers confidentiality and integrity requirements since a malicious attacker can gain access to any service.

2) Existing Studies Addressing the Challenge and Current Gap:
Securing the communication channel between CVs and the cloud is an important aspect of cloud cybersecurity. The most common cybersecurity technique is to use cryptographic algorithms to generate a continuous stream of private/public key pairs for the dynamically changing vehicular environment. In [78], the authors present a novel key management protocol for securing cloud-supported CV applications. The scheme presented in [78] uses the ECC. The certification authority (CA) generates an individual unique key pair for each registered CV, which is securely stored at the CA repository using key wrapping constructors/hash functions. The CA uses a global revocation approach based on the Public Key Infrastructure Certificate Revocation List (PKI CRL) to delete keys and certificates of malicious vehicles. The authors in [78] compared the computation time to evaluate the security system's performance, and the analysis shows the group key computation time is 14 ms for keys of 512 bits, whereas it can be up to 160 ms while using any existing base model. Machine learning methods have been used to monitor the raw network data stream and detect intrusions within the network. In [79], the authors construct a convolutional neural network (CNN) model to analyze the network traffic data. In [80], the authors present a firewall scheme that they refer to as the Enhanced Intrusion Detection and Classification (EIDC) system to ensure the cybersecurity of the cloud computing environment. EIDC takes the received traffic packets as input, combines both past data with associated decisions with the current decision to estimate the final attack category classification. Blockchain has also been used to secure the communication channel between CVs and the cloud [81]. In [82], the authors combine blockchain and software-defined networking (SDN) to increase the security of the network between CVs. Using a simulation analysis, the authors in [82] show that, with over 5% malicious node, the blockchain-based detection gives 5% to 15% more accuracy than the traditional method with individual effort-based detection. In the near future, quantum computers will help further secure the CV communication/network with quantum cryptographic solutions, which future research needs to address. Other research gaps and future research directions include developing and deploying the new generation faster communication technologies (5G and beyond) and using SDN and NFV to virtualize the network and improve network security by enhancing the control over the network.

E. Securing CV Data in the Cloud 1) Challenges:
Security breach in cloud-supported CV data compromises multiple security requirements of CV applications, including confidentiality, authentication, and integrity. In cloudsupported CV applications, the CVs work as mobile nodes containing mobility attributes and position information collected from On-Board Units (OBUs) [19]. As mobile nodes, CVs share their data in a public space inside the cloud that is used by various applications. For data in the cloud, it is necessary to prevent data leakage to avoid compromising CV data confidentiality. [83]. Using the leaked information, the authentication process can be further compromised once attackers use the leaked sensitive information to have access to the cloud. Many CV applications supported by cloud computing would require developments using outsourced commercial cloud services, such as AWS, Microsoft Azure, Google Cloud, and IBM Cloud. Either a small leakage or an improper usage of CV data stored in the cloud could result in catastrophic aftermath in the cloud-supported applications which would affect all the entities, such as CVs, dependent on those applications. Therefore, it is important to protect users' data integrity and storage correctness [84].

2) Existing Studies Addressing the Challenge and Current Gap:
Generally, encryption is used to ensure data confidentiality, integrity, and authentication. Before transmitting messages to a public cloud, CVs can utilize Rivest-Shamir-Adleman (RSA) based encryption with cryptography and signatures to prevent access by an unauthorized user [83]. This approach may fail without any verification in a malicious server. Su et al. offer a verifiable Multi-Key Searchable Encryption (MKSE) to secure the encrypted data efficiently [85]. To detect and prevent data leakage in the cloud, Lü et al. present non-interference for the cloud that allows concurrent and sequential access to the cloud to coexist [86]. Ma et al. on the other hand, developed an antileakage Block-level (i.e., part of a file) Client-side Deduplication (BC-Dedu) scheme for ownership management with a dynamic data storage strategy to enhance its performance (up to 57.4% computation time saving) compared to the total file-level deduplication [87]. For protecting data integrity, Li et al. present a low client cost auditing scheme for provable data integrity (PDI) in untrusted environments [88] which has 98 times lower cost than the state-of-the-art strategy (that does not consider the storage overhead of the verification metadata). Garg et al. provide an efficient approach for data integrity auditing [89]. Both [88] and [89] rely on bilinear pairing. Zhang et al. provide a security approach on storage correctness without using the PKI, which eliminates the complex certificate management. Their system uses the lattice basis delegation technique to update the private key without changing the key size [90]. Zhang et al. design an identity-based data outsourcing with public integrity verification (DOPIV), which is also a lattice-based approach that ensures post-quantum cybersecurity for cloud storage [91]. Instead of performing time-consuming tasks (such as bilinear pairing operations and modular exponentiations), this lattice-based cryptography performs fast addition and multiplication operations, which results in 154%time savings while performing auditing tasks with 350 data blocks. While existing data encryption and data integrity auditing can help to secure CV data in the cloud, moving forward, how CV data security will be integrated into a cloud environment with virtual transportation infrastructure nodes, where the software will replace the physical transportation infrastructure operating in a multijurisdictional environment, needs to be studied. Having multiple entities, who are in control of the infrastructure node in their jurisdiction, broadens the attack surface, and future study is needed to investigate and identify appropriate technological measures to have a cybersecure transportation infrastructure as code system.

F. Securing Heterogenous Networks and Nodes 1) Challenges:
Both confidentiality and authentication can be compromised once the CV communication network and nodes are targeted and breached by attackers with malicious intents. In a cloudsupported CV application environment, CVs communicate with each other and external infrastructure through V2V and V2I technologies, respectively. Heterogeneous networks such as the combinations of Cellular Vehicle-to-Everything (C-V2X), LTE, and 5G, can be utilized to achieve the required CV application coverage over a geographical area. In an Advanced Heterogeneous Vehicular Network (AHVN), CVs work as heterogeneous network nodes with multiple applications [92]. Typically, CVs use V2V communication to process safetycritical applications, such as collision avoidance, obstacle warning, and lane changing. Due to the dynamic, distributed, and heterogenous nature of cloud-based CV applications, data confidentiality and authenticity can be compromised by cyberattacks. Therefore, a major cybersecurity issue for heterogeneous network nodes is to ensure a way for the nodes to protect information and trust entities with whom the information is conducted for any cloud-supported CV applications. CVs also need to prevent the risk of a jammed network channel [93]. The presence of different types of networks is accompanied by the presence of different types of nodes. From Fig. 1, we have already seen that the lower layer in the architecture for cloud-supported CV applications consists of different types of nodes, such as CVs, RDI, and TCI. Another challenge arises from different vehicle models/types of CVs, which will have different capabilities in terms of computing speed and storage. For example, different encryption and decryption algorithms will require different models/types of CVs to meet certain hardware requirements.

2) Existing Studies Addressing the Challenge and Current Gap:
To solve the cybersecurity issues related to heterogeneous networks and nodes, Mudengudi et al. present an approach to establish trust among CVs and infrastructures through an evidence-based theory which is called the Dempster Shafer Theory of Evidence (DST) [94]. Their trust framework is agentbased, as an agent is responsible for establishing trust between the cloud service providers and the users based on evidence. Hurl et al. present a method for CAV cooperative perception utilizing the TruPercept model [95]. In this model, the CAV perception observations are used for evaluating the cooperative trust among CAVs through V2V communication. Lei et al. present a blockchain-based dynamic key method to manage cybersecurity in group broadcast within a heterogeneous wireless communication environment [96], which saves almost half of the processing time compared to a centralized key management method, while transaction number (i.e., number of transactions collected by a security manager within a given transaction collection period) is less than 1500. Yang et al. also utilize the blockchain-based hierarchical trust networking to defend against DDoS over IoT devices and find that the latency of their model is much lower than the state-of-the-art model (which requires no permission) for a number of transactions varying from 1 (latency savings of 81%) to 2000 (latency savings of 93%) [97]. The current research gap includes the development of a virtualized network that will be agnostic of the heterogeneity of the CV communication medium. In network function virtualization or NFV, security functions are decoupled from physical infrastructure. In an NFV-enabled CV environment, to overcome cybersecurity challenges arising due to heterogeneous nodes (i.e., data encryption and decryption for different vehicles), lightweight algorithms (i.e., algorithms that require modest memory usage for computation) should be developed so that all CVs can meet the computation requirements of respective applications.

G. Scalability of Cybersecurity Solutions 1) Challenges:
The cloud scalability challenge affects cybersecurity requirements related to accountability, availability, authentication, and integrity. The cloud should be able to process and generate security authentication keys for CV traffics that can vary from a small number of CVs to a large number of CVs in order to ensure cybersecurity in a cloudsupported CV application environment. Due to the mobility of the CVs, the corresponding CV network topology changes frequently. The scalability of cloud computing for CVs is a challenging issue due to these moving nodes and a frequently changing network [98], [99]. To be widely deployed, cloudsupported CV applications should be able to handle an unstable and scalable network of CVs.

2) Existing Studies Addressing the Challenge and Current Gap:
Generally, establishing a cluster network can address the scalability challenge [100]. Recently, more and more studies related to cloud computing security for supporting CV applications have considered the ability of the cloud to scale when needed. Noroozi et al. implemented a dynamic and scalable VPKI on Google Cloud Platform (GCP) that proved to be cost-effective with a large amount of traffic and achieve a five-fold improvement, due to the dynamic scalability characteristics, in processing delay compared to the existing method [101]. Lim et al. present a scalable and secure strategy for delivering keys to individual nodes in VANET [102]. Mansour et al. introduce an Asymmetric Lightweight Multicast Scalable (ALMS) group key management protocol that can enhance the scalability of VANET, which potentially could overcome key distribution limitations of symmetric key management protocols (such as the centralized protocol to secure multicast communication) [103]. Wang et al. focus on the roadside infrastructure (i.e., RSUs) to develop a blockchainassisted trustworthiness scalable computation system for V2I authentication and improved cybersecurity in VANET [104]. The existing research gap entails having scalable cybersecurity solutions for the virtual transportation infrastructure nodes (discussed in Subsection A of Section V). Also, future studies need to incorporate network virtualization techniques to make the security solutions for cloud-supported CV applications more scalable.

H. Data Privacy in the Cloud 1) Challenges:
Privacy can be compromised because of unprotected CV user data, which are susceptible to unauthorized usage [105]- [107]. There are three key issues related to the lack of proper user access control: (i) illegitimate data handling (IDH), (ii) illegitimate data dissemination (IDD), and (iii) unauthorized secondary usage (USU) [48]. IDH occurs when the unauthorized user performs illegal actions on the data, such as copying and modification. IDD refers to unauthorized users who disseminate data to unauthorized third parties. USU occurs when secondary usage of data by another cloud service provider occurs. After receiving data from the CVs, dynamic algorithms in the cloud need to ruan to transfer and store data so that outside users do not know the data location in the cloud [48]. Dynamic algorithms are responsible for the replication of data, which ensures that services are always available in case of any single point of failure [48]. However, this dynamic process can make it difficult to keep track of all copies of data and all the actions taken on each copy of the data. It becomes difficult to ensure the removal of all the copies of the data if the data owner requests the removal of their data from the cloud.
Ensuring privacy compliance depends on the following considerations: (i) privacy policies related to user preferences and (ii) enforcement mechanisms to establish privacy policies [48]. As a user (e.g., CV owner), it is difficult to be aware of all the relevant complex privacy policies and what actions will be taken in the cloud on the corresponding private data, and how it will be shared in the cloud. In addition, the enforcement process of privacy policies, such as how the dynamic nature of the cloud will be controlled and how user access can be controlled, is not comprehensive yet. There is no trivial solution for privacy policies in the context of cloud-supported CV applications, and it poses challenges to data privacy in the cloud. Currently, there are two types of policies for private data protection: (i) data owner policies [108]- [111]; and (ii) legal policies [108], [111]- [113]. However, CV users may not be aware of all the policies, and cloud users may be responsible for unusual usage of data, such as secondary usage of data.

2) Existing Studies Addressing the Challenge and Current Gap:
In [114], the authors developed a privacy-preserving authentication using RSU signature verification. The advantage of this approach is the message overhead is low. However, the key limitation is that it depends on the RSUs for verification. In another study [115], the authors developed an approach for ensuring privacy using asymmetric cryptography. This approach is related to PKI-oriented security solutions, and it depends on the PKI certificated issuance. The privacy using IDbased cryptography removes the need for ID-based cryptography and introduces the problem of pseudonym issuance [116]- [118]. In [119], [120], the authors proposed an approach for ensuring privacy using symmetric cryptography that is computationally efficient. However, a receiver is required to know the secret key. In another study [121], a group of researchers ensures privacy using group signature schemes. Although it uses the need for pseudonym change, the limitation of this study is pseudonym resolution and revocation. In [122], a privacy scheme using access control and trust using geolocation was presented. However, this approach provides only access control of the private messages, and management schemes are unknown. In [123], the authors used encryption and decryption outsourcing mechanisms and developed an access control framework based on fog-to-cloud architecture. This approach ensures message confidentiality, access control, and vehicle authentication. However, it is difficult to maintain authentication credentials because of the dynamic nature of vehicles, and fog nodes are semi-trusted and may not follow appropriate access control. Another study [124] presents an authentication scheme for vehicular communication in a multicloud environment. The authors in [124] evaluated the computational and communication latency, and they found that the latency for their authentication scheme is satisfactory for applications related to connected vehicles. In [125], the authors presented a cloud-enabled privacy-preserving truth discovery (PPTD) framework to protect moving users' personal information from their smartphone through crowdsensing, such as readings of compass, accelerometer, and gyroscope, to identify the indoor floor plan. The PPTD framework uses a homomorphic cryptosystem, which uses encrypted data for the application without directly decrypting it, for guaranteeing data privacy. They evaluated the cloud-based PPTD framework's processing time for the indoor floor plan identification application using data from moving smartphone users. The authors in [125] found that, for each smartphone user, the total processing time is only 0.039s, which was satisfactory for the cloud-based indoor floor identification application.
In [126], the authors develop an obfuscation technique that utilizes a middleware data obfuscator integrated into the cloud infrastructure to ensure privacy protection and prevent IDH, IDD, and USU issues. In [127], the authors introduce a middleware for deploying certifiable and auditable applications to process data in the cloud, which can prevent IDH, IDD, and USU issues through high-level enforcement resilience. In [128], the authors develop a data flow tracking model to keep track of data across system users. Some studies focus on dynamic models for distributed data tracking to track each host [129]- [131]. Also, data monitoring and auditing techniques are developed for data tracking, which ensures who is processing the data and what actions are taking place on data in the cloud [132], [133]. Instead of data monitoring and auditing techniques, some techniques enable data usage control requirements, which is referred to as retention obligation enforcement, for keeping track of data usage [128], [129]. Data segmentation, obfuscation, and encryption techniques have been developed for ensuring the confidentiality of data following data owner policies as well as legal policies [126], [134]- [136]. In addition to this data level policy compliance, some enforcement mechanisms have been developed to enforce policies at application and hardware levels to support data protection [108]- [110]. Beyond these existing privacyprotecting solutions, further studies are needed on the development of privacy solutions related to IDH, IDD, and USU, considering the dynamic interaction between CVs and cloud to make real-world cloud-supported CV applications a reality.  [85] • Block-level Client-side Deduplication (BC-Dedu) [87] • Bilinear pairing-based data integrity auditing [88], [89] • Data Outsourcing with Public Integrity Verification (DOPIV) [91] Leverage the Infrastructure as Code to provide CV data security solutions Scalability of cloud security solutions • Accountability • Availability • Authentication • Integrity • Commercial cloud-based Vehicular Public Key Infrastructure (VPKI) [101] • Asymmetric lightweight centralized group key management [103] • Blockchain assisted trustworthiness [104] Implement the network virtualization techniques along with Infrastructure as Code to make the cybersecurity solutions for cloud-supported CV applications more scalable Data privacy in the cloud Privacy • Authentication using RSU signature verification [114] • Privacy-preserving schemes using cryptography [115]- [120] • Group signature scheme [121] • Access control and trust using geolocation [122] • Fog-to-cloud data sharing architecture with outsourced encryption and decryption mechanisms [123] • Conditional privacy protection authentication scheme [124] • Privacy-Preserving Truth Discovery (PPTD) framework [125] • Integrating middleware data obfuscator [126] • Integrating middleware for deploying certifiable and auditable applications [127] • Data tracking, monitoring, and auditing [128]- [133] • Data retention obligation [128], [129] • Data segmentation and encryption [134]- [136] • Privacy policy enforcement mechanisms [109]- [111] Develop privacy solutions related to illegitimate data handling (IDH), illegitimate data dissemination (IDD), and unauthorized secondary usage (USU) considering the dynamic interaction between CVs and cloud, and utilizing the blockchain-AI, and secure quantum machine learning and cryptographic techniques

CV location Validation
• Confidentiality • Integrity • Authentication • Roadside sensor-based active validation [20] • Statistical and filtering methods for correction [20] • Crowdsourcing [71] • Prediction-based location validation using neural network [72] • Lightweight Scalable Blockchain (LSB) [74] • Cross-layer Location Verification Enhancement (CLVE) [75] Leverage 5G's faster communication to transfer data into the cloud to validate the location information Establishing trust relationships with a high number of CVs • Confidentiality • Accountability • Trusted middle agent [20] • Distributed agent-based trust establishment [20], [64] • Edge computing-based User Behavior Profiling (UBP) [65] • Blockchain-based Trust Bit [66] • Blockchain combined with biometrics [67] Ensure trust with the integration of Infrastructure as Code and Blockchain, and develop methods for suitable and seamless integrations V. FUTURE RESEARCH DIRECTIONS FOR CYBERSECURITY OF CLOUD-SUPPORTED CV APPLICATIONS In this section, we present potential future research directions related to the cybersecurity of cloud-supported CV applications (also included in Table III) that can be pursued in the future.

A. Infrastructure as Code
In the future, the physical transportation infrastructure will be replaced with a cloud or virtual infrastructure that will be defined in code. This will enable managing and provisioning the infrastructure through software in an automated manner, rather than configuring the hardware manually. Also, there will be increasing instances where the hardware components will be replaced by software. Such Infrastructure as Code can solve the cybersecurity challenges related to authentication of mobile nodes with high and varying speeds, such as CVs, which will support trust relationships with a large number of CVs in a cloud-supported CV application environment. Virtual traffic light control is an example of Infrastructure as Code. In this system, no physical traffic light control is required, and the traffic signal phase and timing are determined by the incoming vehicles or cloud-based infrastructure. Being programmable, portable, and easily expandable, this Infrastructure as Code system will be able to mitigate the challenges related to the scalability of cloud-based cybersecurity solutions. Also, while a communication network is compromised due to a DoS attack, cloud-based virtual traffic signal servers can be migrated automatically to a different domain or server, and the service can be restored immediately. The infrastructure nodes will enhance the cloud-based depth-in-defense (DID) system. In DID, multiple security barriers in the forms of security software, such as firewalls and hardware, are placed to prevent the attackers from having access to their desired targets [137]. Having the programmable infrastructure nodes with added cybersecurity mechanisms will enhance the overall system's cybersecurity and will address the existing challenges of mobile node authentication and trust establishment for a high number of CVs, scalable security solutions, as well as securing CV communication and CV data. Furthermore, the security functions in the cloud will replace the hardware security modules (HSM) that exist to secure the hardware components through encryption and authentication. Thus, the physical hardware that provides security to the CVs (e.g., HSM) could be replaced by the infrastructure as code cybersecurity modules in the cloud.

B. Integration of Blockchain with AI
Blockchain is one of the evolving cybersecurity technologies which shows potential for ensuring the cybersecurity of cloudsupported applications. Blockchain technology works based on the identification of and trust between two transacting parties. Blockchain cybersecurity is based on peer-to-peer (P2P) network fundamentals [66], [67]. To establish trust between a high number of CVs, blockchain technology helps each CV to authenticate the arriving data. Blockchain can be used to trust the connected entities and permit access to a cloud entity. Blockchain technology-based security can be enhanced if integrated with AI, where AI will enable pattern recognition of the underlying data and establish a robust trusted system by incorporating AI-based cyberattack detection and mitigation strategies. However, the process of integrating blockchain, AI, and IoT for a CV-like large network system is not yet implemented [138]- [140]. Though blockchain is being used to secure cloud interactions, much research needs to be done on the widespread implementation of the integration of AI and blockchain technology-enabled cybersecurity in the cloudsupported CV application environment. Thus, research in this direction will help the industry adopt blockchain-based cybersecurity solutions for establishing trust among the CVs and securing cloud architecture for supporting CV applications.

C. Quantum Computing for Machine Learning
Quantum computing in the cloud has the potential to revolutionize industries in a similar way as other emerging technologies, such as AI-enabled technologies. Quantum computers incorporate quantum phenomena into processing power to achieve better computing capability compared to classical computers. If users are allowed access to quantum computers via the internet, then it is known as quantum-as-aservice (QaaS) in the cloud. The cloud is getting reshaped by using the higher processing capabilities of quantum computers. Though existing quantum computers are not portable enough to support an operation inside a vehicle, cloud-supported quantum computers are gaining momentum, such as IBM quantum computers, which are accessible through the IBM cloud. To overcome cybersecurity challenges in cloud-supported CV applications, such as securing CV communication and ensuring privacy compliance, quantum computing-based machine learning, and cryptographic solutions will be effective. Using quantum computers, we will be able to process a vast amount of data to detect anomalies in high-volume and high-velocity data in a very short period which can be very useful for validating CV locations. Such processing capabilities will be able to detect cyberattacks and compute complex mitigation strategies quickly. For example, a cloud-supported hybridclassical quantum system was used to detect an in-vehicle cyberattack in [141]. Recent developments on the quantum key distribution (QKD) aim to reduce the possibility of cyberattacks on the network, which might include the cloud as well. Quantum machine learning can supplement QKD in securing cloud computing for supporting CV applications as well as quantum computing. However, quantum computing also poses threats to the current cryptographic schemes incorporated in today's computer systems, as future attackers may be able to decipher encrypted information using quantum computers [142]. To make cloud-supported CV applications safe from threats posed by quantum computers, research on post-quantum cryptography [143] needs to be conducted.

D. 5G for Secure and Faster Communication
5G is considered an enabler of IoT technologies. Smart cities rely on IoT to reduce traffic congestion, meet water distribution needs, increase cybersecurity, and even decrease pollution. Moreover, with 5G's low communication delay characteristic, it could potentially support cybersecurity solutions for cloudsupported CV applications, where fast communication is required between the CVs and the cloud. 5G offers two major advantages over 4G and LTE networks: ultra-low latency and high data rate. CVs can connect instantly with the cloud through 5G and leverage the cloud services for in-vehicle cybersecurity. In the case of CAVs, which are equipped with various types of in-vehicle sensors, the high data rate will allow them to share the large amount of in-vehicle data generated from sensors. This data can be used for authentication and location validation of CVs, which will be helpful to secure cloud-supported CV applications by detecting and mitigating cyberattacks. A 5G network is inherently more secure than a 4G and LTE network due to several new additions in the standards (5G New Radio or 5G NR) such as anti-tracking and network slicing. However, 5G has its own cybersecurity vulnerabilities, some of which have been inherited from 4G, such as threats from cell-site simulators (also known as Stingrays), and some of which are unique issues, such as mass network failure due to shared infrastructure. Any failure in the underlying network between the CVs and the cloud potentially compromises cloudsupported CV applications, so more research is required on the cybersecurity of 5G.

E. Heterogeneous Wireless Networking
Heterogeneous wireless networking refers to the usage of different communication options, such as C-V2X, LTE, Wi-Fi, and 5G, while CVs are moving along a roadway. CVs need to leverage different communication options and perform efficient handovers between communication access points (AP) and base stations (BS) to maintain connectivity with the cloud. The network between the cloud and the CVs is susceptible to cyberattacks during horizontal handoveri.e., handoff between AP/BS using the same wireless communication technology, and vertical handoveri.e., handoff between AP/BS using different wireless communication technologies. Innovative key exchange protocols can be introduced to maintain faster data transmission while protecting the network during the handover process. A secure handover management process is crucial to ensure cloud cybersecurity since the cloud can be compromised through the underlying network connecting CVs with the cloud. SDN can be combined with the cloud to develop more robust and secure handover management systems for cloud-supported CV applications.

F. Network Function Virtualization
Whereas network security functions (e.g., intrusion detection systems (IDS) and firewalls) are deployed in proprietary hardware in legacy systems, virtualization of such security functions, which is referred to as network function virtualization (NFV), can provide a cost-effective solution to the cybersecurity of cloud-supported CV applications. Isolating the network security functions is one of the key features of NFV, which can decouple the dependency among cloud components, such as IaaS, PaaS, and SaaS, thus making the security barriers harder to penetrate by cyber attackers. NFVbased cybersecurity solutions can run on top of off-the-shelf hardwaree.g., industry-standard storage, servers, and switches. Compared to security functions running in proprietary hardware, virtualized cloud network security functions can provide same-level or even better performance [144]. Virtual networks are also isolated from the underlying physical infrastructure. Thus, even if the physical infrastructure is compromised, virtual networks can continue their operation normally. The cloud cybersecurity architecture needs to be redefined while the NFV is being integrated into the cloud IoT environment for cloud-supported CV applications. We can operate distributed and lightweight cybersecurity algorithms (with small memory usage requirements) using NFV in cloudsupported CV applications. Research on the integration of network visualization techniques with cloud-supported CV applications is needed to take full advantage of the NFV. NFV can help solve the cybersecurity challenges, such as securing the heterogeneous network of the CV nodes and scalability of cloud cybersecurity solutions for cloud-supported CV applications.

VI. CONCLUSION
This paper presents an in-depth review of the cybersecurity of cloud computing from the perspective of CV applications. Based on the review, we discuss the cybersecurity requirements of cloud-supported CV applications in terms of confidentiality, integrity, availability, authentication, accountability, and privacy. Moreover, existing cybersecurity techniques and technologies to meet these cybersecurity requirements and corresponding threats or cyberattacks related to cloudsupported CV applications are discussed. However, many cybersecurity challenges, which arise from CVs, need to be addressed, such as authentication, establishing trust relationships between CVs, and between the CVs and the cloud infrastructure, validating CV location, securing CV data and communication network, scalability of cybersecurity solutions, and data privacy. We identify these challenges for cloudsupported CV applications and discuss the corresponding existing cybersecurity solutions through a review of published studies. While existing and potential cybersecurity measures presented in this paper provide cyber-defenses, their respective efficiency is an important consideration for their real-world adoption related to various cloud-enabled CV applications based on their corresponding communication and computational latency requirements.
As technology advances rapidly, new possibilities emerge to protect cloud-supported CV applications. Potential future research opportunities are identified in this paper to prevent and mitigate the cybersecurity issues related to cloud-supported CV applications. Flexible and dynamic nature of infrastructure as code, the decentralized and immutable property of blockchain, high-speed computing capability of quantum computers, high bandwidth and low latency of 5G network, heterogeneous wireless networking, and cloud network virtualization have the potential to address existing and future cybersecurity challenges in cloud-supported CV applications. Our security challenges are classified to meet the six cybersecurity requirements of cloud-supported CV applications (shown in Figure 1). Although our cyberattack challenge categories are comprehensive, they may not be complete, especially with the evolving cyber-threats of the future. New cybersecurity challenges can emerge and pose new threats to cloud-supported CV applications as technology evolves, which are to be investigated in future studies. In the future, a cyberattack that uses quantum computers could be a major threat to prevailing cyber defenses, including cloud-supported CV applications, for example. As cloud computing can provide technologically feasible and economically viable solutions for supporting CV applications, the proposed solutions can help develop new cybersecurity architectures and protocols for addressing evolving cybersecurity issues. Mashrur "Ronnie" Chowdhury is the Eugene Douglas Mays Professor of Transportation at Clemson University. He is the director of the USDOT Center for Connected Multimodal Mobility (C 2 M 2 ) ((http://cecas.clemson.edu/c2m2). He is the co-director of the Complex Systems, Analytics and Visualization Institute (CSAVI) (http://clemsoncsavi.org) at Clemson University. He previously served as an elected member of the IEEE ITS Society Board of Governors and is currently a senior member of the IEEE. He is a Fellow of the American Society of Civil Engineers (ASCE) and an alumnus of the National Academy of Engineering (NAE) Frontiers of Engineering program. Dr. Chowdhury is a member of the Transportation Research Board (TRB) Committee on Artificial Intelligence and Advanced Computing Applications, and the TRB Committee on Intelligent Transportation Systems. He is the founding advisor of the "IEEE Intelligent Transportation Systems Society (ITSS) Student Chapter" at Clemson University. He is a registered professional engineer in Ohio.
Mitch Shue is a professor of practice in the School of Computing at Clemson University, and the executive director of Clemson's AI Research Institute for Science and Engineering (AIRISE), leaving a long career in industry to join the faculty in 2019. Prior to Clemson, Professor Shue served as chief technology officer for Morningstar (Nasdaq: MORN), a leading global provider of independent investment research and data. He previously held leadership roles with several companies and has helped grow three startups into publicly traded companies, and two others into successful acquisitions. Professor Shue holds a bachelor's degree in computer science from Trinity University in Texas and a master's degree in conflict analysis and resolution from George Mason University in Virginia.