Browse Publications Technical Papers 2024-01-2793
2024-04-09

A Zero Trust Architecture for Automotive Networks 2024-01-2793

Since the early 1990’s, commercial vehicles have suffered from repeated vulnerability exploitations that resulted in a need for improved automotive cybersecurity. This paper outlines the strategies and challenges of implementing an automotive Zero Trust Architecture (ZTA) to secure intra-vehicle networks. Zero Trust (ZT) originated as an Information Technology (IT) principle of “never trust, always verify”; it is the concept that a network must never assume assets can be trusted regardless of their ownership or network location. This research focused on drastically improving security of the cyber-physical vehicle network, with minimal performance impact measured as timing, bandwidth, and processing power. The automotive ZTA was tested using a software-in-the-loop vehicle simulation paired with resource constrained hardware that closely emulated a production vehicle network. For example, the vehicle Advanced Gateway electronic control unit (ECU) is utilized to enforce cyber policy, monitor the network, distribute keys, and implement network segmentation. The technical approach applied other security solutions including Secure Onboard Communication (SecOC) for authentication and verification of network traffic and Secure Boot to ensure the system is running authentic software. Implementing these elements and the other security controls was complicated by cost, resource constraints, and the complexity of building and maintaining vehicles.
The project team identified four metrics to demonstrate performance success and feasibility of the implementation. They are as follows: 1. Error monitoring system detected 100% of illicit messages, 2. ECUs refused unauthorized firmware 100% of the time, 3. ECUs discarded unauthenticated messages 100% of the time, 4. Latency at first ignition cycle was less than one second. This research successfully met the four requirements and demonstrated that using ZT principles in an on-vehicle network greatly improved the cybersecurity posture with manageable impact to system performance and deployment.

SAE MOBILUS

Subscribers can view annotate, and download all of SAE's content. Learn More »

Access SAE MOBILUS »

Preview Document Add to Cart
Members save up to 16% off list price.
Login to see discount.
Special Offer: Download multiple Technical Papers each year? TechSelect is a cost-effective subscription option to select and download 12-100 full-text Technical Papers per year. Find more information here.
X