Automated Vehicles (A)V development historically placed a significant focus on
functionality and less on security. Programs such as Cybersecurity for Robotics
and Autonomous Systems Hardening (CRASH) are addressing AV cybersecurity,
strengthening security while simultaneously supporting the developer focus on
functionality. This task is challenging due to continuous interaction by AVs
with the environment through sensors and actuators, command and control, and
remote connectivity. This paper presents an approach balancing functionality and
security through an AV Zero-Trust Architecture (ZTA) which leverages
authentication, cyber policy enforcement, and monitoring to detect and mitigate
cyber-attacks. The AV ZTA approach is traceable to NIST 800-217 guidance for
applying ZT concepts to Information Technology (IT) networks.
The presented AV architecture example begins with a non-self-driving baseline,
adding sensors, actuators, command/control, and remote connectivity. NIST
800-207 principles are distilled into three (3) components: 1. Authentication 2.
Policy Enforcement and 3. Monitoring. Authentication includes verifying software
authenticity prior to booting, and use of a combination of public/private key
encryption, symmetric key encryption, and Message Authentication Codes (MACs) to
secure network communication. Policy Enforcement occurs at every AV network node
and is overseen by a central gateway. The gateway also monitors traffic and logs
issues. Together, these combine into an AV ZTA.
Several recent programs have partially implemented the outlined AV ZTA. For
example, the CRASH program has implemented authentication for networked
communication, policy enforcement, and monitoring. Other programs are tackling
monitoring automotive CAN and ethernet busses and improving resiliency through
sensor redundancy and fusion. There remain other unaddressed pieces to fully
implement an AV ZTA.