Technical Paper
A Zero Trust Architecture for Automotive Networks
2024-04-09
2024-01-2793
Since the early 1990’s, commercial vehicles have suffered from repeated vulnerability exploitations that resulted in a need for improved automotive cybersecurity. This paper describes the strategies and challenges involved in securing vehicle networks through the implementation of an automotive Zero Trust Architecture (ZTA). Zero Trust, originally an IT principle of “never trust, always verify”, is the concept that a network must never assume assets can be trusted regardless of their ownership or location within the network. This research focused on drastically improving security of the cyber-physical vehicle network, with minimal performance impact, measured as timing, bandwidth, and processing power. Impacts to safety and cost were also considered. The automotive ZTA was tested using a software-in-the-loop vehicle simulation paired with resource constrained hardware that closely emulated a production vehicle network.