Intelligent connected vehicles (ICVs) face escalating threats from remote cyberattacks and challenges in securing the entire vehicle lifecycle. To address these issues, this paper proposes a novel in-vehicle service authentication and authorization mechanism integrating DNSSEC, DANE, and DANCE standards. It pioneers the use of DNSSEC-secured TLSA records to bind OEM-issued service certificates to domain names, thereby decoupling certificate issuance by third-party suppliers from centralized OEM authorization—effectively separating service identity from deployment identity and significantly simplifying key management. Security analysis is conducted using the STRIDE threat modeling framework. The approach is experimentally validated on an embedded automotive platform, demonstrating high security, scalability, and interoperability, while enabling efficient certificate distribution and real-time service authorization for fleets exceeding one million vehicles.

The automotive industry is undergoing a software-as-a-service transformation that enables software-defined functions and post-sale updates via cloud and vehicle-to-everything communication. Connectivity in cars introduces significant security challenges, as remote attacks on vehicles have become increasingly prevalent. Current automotive designs call for security solutions that address the entire lifetime of a vehicle. In this paper, we propose to authenticate and authorize in-vehicle services by integrating DNSSEC, DANE, and DANCE with automotive middleware. Our approach decouples the cryptographic authentication of the service from that of the service deployment with the help of DNSSEC and thereby largely simplifies key management. We propose to authenticate in-vehicle services by certificates that are solely generated by the service suppliers but published on deployment via DNSSEC TLSA records solely signed by the OEM. Building on well-established Internet standards ensures interoperability with various current and future protocols, scalable management of credentials for millions of connected vehicles at well-established security levels. We back our design proposal by a security analysis using the STRIDE threat model and by evaluations in a realistic in-vehicle setup that demonstrate its effectiveness.