Towards Zero Trust Security in Connected Vehicles: A Comprehensive Survey
Malak Annabi, Abdelhafid Zeroual, Nadhir Messai
TL;DR
This comprehensive survey analyzes the application of Zero Trust security to connected vehicles (CVs) within intelligent transportation systems. It synthesizes principles, architectures, maturity models, and open-source tools, then maps these to CV-specific intra- and inter-vehicular networks, threats, and trust models. Key contributions include a CV-focused synthesis of ZT models (entity, data, and hybrid), a catalog of CV security challenges across CAN/LIN/MOST/Ethernet and VANET/V2X, and a discussion of CV-tailored ZT deployments (IoV, ICVs, CAVs) with open problems and future directions. The work emphasizes the practical impact of ZT in improving CV safety and resilience, particularly through continuous verification, dynamic access control, and blockchain/DTM/ETM-enabled trust mechanisms, while highlighting integration challenges and research opportunities for V2V and V2I ecosystems.
Abstract
Zero Trust is the new cybersecurity model that challenges the traditional one by promoting continuous verification of users, devices, and applications, whatever their position or origin. This model is critical for reducing the attack surface and preventing lateral movement without relying on implicit trust. Adopting the zero trust principle in Intelligent Transportation Systems (ITS), especially in the context of connected vehicles (CVs), presents an adequate solution in the face of increasing cyber threats, thereby strengthening the ITS environment. This paper offers an understanding of Zero Trust security through a comprehensive review of existing literature, principles, and challenges. It specifically examines its applications in emerging technologies, particularly within connected vehicles, addressing potential issues and cyber threats faced by CVs. Inclusion/exclusion criteria for the systematic literature review were planned alongside a bibliometric analysis. Moreover, keyword co-occurrence analysis was done, which indicates trends and general themes for the Zero Trust model, Zero Trust implementation, and Zero Trust application. Furthermore, the paper explores various ZT models proposed in the literature for connected vehicles, shedding light on the challenges associated with their integration into CV systems. Future directions of this research will focus on incorporating Zero Trust principles within Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) communication paradigms. This initiative intends to enhance the security posture and safety protocols within interconnected vehicular networks. The proposed research seeks to address the unique cybersecurity vulnerabilities inherent in the highly dynamic nature of vehicular communication systems.