zk-ScalHard: Scalable and Hardware-Rooted Privacy-Preserving Authentication for Secure OTA Updates in Zonal SDVs

📅 2026-07-08
📈 Citations: 0
Influential: 0
📄 PDF
🤖 AI Summary
This work addresses critical security challenges in software-defined vehicles undergoing frequent over-the-air (OTA) updates, including PKI bandwidth bottlenecks, centralized privacy risks, and limited scalability. To overcome these issues, the authors propose a hardware-rooted, privacy-preserving authentication protocol grounded in a decentralized hierarchical trust model. The protocol uniquely integrates silicon-based physically unclonable functions (PUFs) with two novel zero-knowledge proof circuits—ZIDI and HPCA—and leverages secure multi-party computation alongside recursive aggregation techniques. This design achieves vehicle-level data sovereignty, constant communication complexity, and compliance with GDPR requirements. Compared to Uptane, the proposed approach reduces authentication bandwidth by 99.2%, shrinks the timing attack surface by 99.9%, and lowers both communication and verification complexity from O(n) to O(1).
📝 Abstract
The automotive industry is transitioning to Zonal-oriented Architectures (ZoA) for Software-Defined Vehicles (SDVs), enabling frequent over-the-air (OTA) updates for 100+ Electronic Control Units (ECUs). While OTA updates improve efficiency, they introduce safety-critical security risks. Current standards like Uptane and AUTOSAR Adaptive rely on Public-Key Infrastructure (PKI). However, PKI-based authentication creates bandwidth bottlenecks in in-vehicle and vehicle-to-cloud (V2I) communication as ECU density increases. It also risks exposing sensitive vehicle configurations and passenger privacy due to centralized architectures. Next-generation Zonal SDVs require decentralized, scalable authentication with data privacy. To address this, we propose zk-ScalHard, a hardware-rooted, privacy-preserving authentication protocol. We introduce a decentralized, hierarchical trust-promotion model utilizing Silicon Physical Unclonable Functions (PUFs) and two novel Zero-Knowledge Proof (ZKP) circuits: (1) Zonal Identity and Integrity (ZIDI) and (2) High-Performance Computing Aggregation (HPCA). These circuits employ multi-party computation (MPC) and recursive aggregation to achieve decentralization and scalability. The integration of ZKPs and PUFs ensures 100% vehicle-level data sovereignty. Benchmarked against Uptane, zk-ScalHard achieves constant O(1) communication and verification complexity, improving upon the linear O(n) complexity of current systems. Evaluation shows a 99.2% reduction in authentication bandwidth and a 99.9% reduction in the temporal attack surface. Our results demonstrate that zk-ScalHard provides a scalable, secure, and GDPR-compliant architecture for future Zonal SDVs.
Problem

Research questions and friction points this paper is trying to address.

OTA updates
privacy-preserving authentication
Zonal SDVs
scalability
data sovereignty
Innovation

Methods, ideas, or system contributions that make the work stand out.

Zero-Knowledge Proof
Physical Unclonable Function
Decentralized Authentication
Zonal Architecture
OTA Security
🔎 Similar Papers
No similar papers found.