Cross-ICA Trust Mechanism in Automotive Cybersecurity Tata Motors Passenger Vehicles, Limited

Format:

Book

Conference/Event

Author/Creator:

Venugopal, Vaisakh, author.

Contributor:

Goyal, Yogendra

Rai, Ajay

Raja J, Solomon

Rath, Sowjanya

Conference Name:

Symposium on International Automotive Technology (2026) (2026-01-28 : Pune, India)

Language:

English

Physical Description:

1 online resource cm

Place of Publication:

Warrendale, PA SAE International 2026

Summary:

With the increasing complexity and connectivity in modern vehicles, cybersecurity has become an indispensable technology. In the era of Software-Defined Vehicles (SDVs) and Ethernet-based architectures, robust authentication between Electronic Control Units (ECUs) is critical to establish a trust. Further, the cloud connected ECUs must perform authentication with backend servers. These authentication requirements often demand multiple certificates to be provisioned within a vehicle, ensuring secure communication between various combinations of ECUs. As a result, a single ECU may end up storing multiple certificates, each serving a specific purpose. This work proposes a method to limit the number of certificates required in a given ECU without compromising security. We introduce a Cross-Intermediate Certificate Authority (Cross-ICA) Trust Architecture, which enables the use of a single certificate per ECU for inter-ECU communication as well as backend server authentication. In this architecture, each ECU is issued a certificate from an Intermediate Certificate Authority (ICA), with all ICAs anchored to a common Root CA. The ICAs are structured based on the nature or domain of the ECU (e.g., infotainment, telematics, ADAS), while maintaining trust through the shared root. During the authentication handshake, the ECU presents its certificate chain. The receiving party (another ECU or backend server) verifies the chain up to the common root, thus establishing mutual trust, even if their certificates originate from different ICAs. The participating ECUs don't need prior information about certificate chains of each other. This approach reduces certificate storage requirements, simplifies certificate management, and maintains strong security by leveraging a scalable trust model anchored to a unified root. The proposed method is primarily validated in a virtual environment using an OpenSSL implementation. Additionally, the approach is verified on a simulation setup involving two ECU and cloud connectivity, establishing mTLS with certificates issued by cross-signed Intermediate Certificate Authorities (ICAs)

Notes:

Vendor supplied data

Publisher Number:

2026-26-0615

Access Restriction:

Restricted for use by site license