Towards a Zero Trust Decentralized Identity Management System for Secure Autonomous Vehicles
Amal Yousseef, Shalaka Satam, Banafsheh Saber Latibari, Mai Abdel-Malek, Soheil Salehi, Pratik Satam
TL;DR
The paper tackles securing cooperative autonomous vehicle (V2X) communications by replacing centralized identity management with a Zero Trust, blockchain-based decentralized identity management (D-IM). It presents a formal BAN logic-based security analysis and qualitative evaluation, plus simulation results in urban and highway scenarios showing limited overhead and preserved network performance. Its contributions include a system model, attacker model, architecture, and identification-and-authorization protocol that enable mutual authentication and fresh session keys without relying on a central authority. Future work points to advanced intrusion detection, decentralized consensus with smart contracts, and adaptive security policies for scalable real-world deployment.
Abstract
Autonomous vehicles (AVs) rely on pervasive connectivity to enable cooperative and safety-critical applications, but this connectivity also exposes them to a wide range of cybersecurity threats. Existing perimeter-based security and centralized identity management approaches are inadequate for highly dynamic V2X environments, as they depend on implicit trust and suffer from scalability and single-point-of-failure limitations. This paper proposes D-IM, a Zero Trust-based decentralized identity management and authentication framework for secure V2X communication. D-IM integrates continuous verification with a permissioned blockchain to eliminate centralized trust assumptions and enforce explicit, verifiable identity relationships among vehicles and infrastructure. The framework is designed around clear Zero Trust-aligned goals, including mutual authentication, decentralization, privacy protection, non-repudiation, and traceability, and addresses a comprehensive attacker model covering identity, data integrity, collusion, availability, and accountability threats. We present the D-IM system architecture and identification and authorization protocol, and validate its security properties through both qualitative analysis and a formal BAN logic-based verification. Simulation results in urban and highway scenarios using DSRC and C-V2X demonstrate that D-IM introduces limited overhead while preserving network performance, supporting its practicality for real-world AV deployments.