A Lifecycle-Oriented Review of Security and Privacy Protection in the Internet of Vehicles

The Internet of Vehicles (IoV) is reshaping intelligent transportation through pervasive connectivity, real-time data exchange, cooperative perception, and vehicle–edge–cloud services, while also expanding cybersecurity and privacy risks across heterogeneous cyber–physical environments. This paper presents a PRISMA 2020-informed systematic review of IoV security and privacy protection research. A cross-layer and lifecycle-oriented analytical framework is developed by integrating a four-layer IoV architecture—sensing layer, network access layer, coordinative computing layer, and application layer—with a five-stage data lifecycle covering data collection, transmission, storage, usage, and disposal. Based on this framework, the paper examines representative threat surfaces, vehicle-to-everything (V2X) communication security, public key infrastructure (PKI) based authentication, trust management, privacy-preserving data sharing, intrusion detection, active defense, and AI-assisted security analytics. Privacy-preserving mechanisms, including differential privacy, federated learning, blockchain, homomorphic encryption, and secure multi-party computation, are further compared in terms of deployment layer, lifecycle stage, real-time suitability, and representative performance evidence. In addition, the review discusses the engineering relevance of UNECE WP.29 R155/R156, ISO/SAE 21434, and related national standards, with emphasis on compliance evidence, over-the-air (OTA) governance, supply-chain coordination, and lifecycle cybersecurity management. The review shows that no single protection mechanism can simultaneously satisfy the requirements of real-time performance, scalability, privacy preservation, trustworthiness, and regulatory compliance in dynamic IoV environments. Future research should emphasize lightweight and adaptive protection, cross-layer trust coordination, privacy–utility co-optimization, trustworthy AI-assisted security operations, and evidence-based lifecycle governance. This review provides a structured reference for researchers and a practical basis for secure and privacy-aware IoV system design.