Securing the AI-Driven Vehicle: A Hardware-Based Security Framework for Scalable, Trustworthy Autonomy

Autonomous driving technology in modern vehicles marks a pivotal evolution in transportation, but it may also introduce system-level vulnerabilities that span from tampering with sensors and interfaces to compromising compute units and communication links. This paper proposes a unified, layered hardware security architecture for AI-equipped automated vehicles. Based on current automotive Ethernet and zonal architectures, it provides end-to-end trust using hardware interface security, accelerated-cryptography, and SRAM PUF-based key provisioning. All security primitives are anchored to a hardware root of trust, delivering cryptographic identity, secure boot enforcement, and trusted key storage across the entire vehicle lifecycle. Our architectural assumptions follow the direction ISO 26262, ISO/SAE 21434 and AI development mandates for next-generation SAE Level 3+ vehicles using zonal Ethernet backbones, Time-Sensitive Networking (TSN), and heterogeneous compute islands (e.g., vision fusion, sensor aggregation, AI inference). Sensors such as LiDAR, radar, and high-resolution cameras stream raw data to fusion hubs. The data shall be protected by secure interface solutions, preventing injection and snooping. In a zonal Ethernet-based vehicle network, data is exchanged over point-to-point links between ADAS perception ECUs, sensor fusion modules, host CPU, and AI processing units, which in turn interface with actuator control units. Each node is equipped with secure MACsec-enabled interfaces that ensure link-layer confidentiality and integrity, while tRoot validates device identities and enables policy-based control. The vehicle topology supports Time-Sensitive Networking (TSN), and the co-design of MACsec with deterministic TSN avoids introducing unacceptable latency jitter, a crucial requirement for real-time AI inference pipelines. Novel contributions in this paper include a fully mapped dataflow showing hardware-based security for perception-to-actuation AI workflows, integration of interface security solutions within zonal Ethernet architectures using automotive-qualified switches, use of inline memory encryption and SRAM PUFs for secure inference and key provisioning, and real-world deployment insights from pre-production AI-driven vehicle networks.