A short summary of my networking research project, the piece of research I am most proud of so far.
This started as my final project for a networking course, and it turned into the piece of research I am most proud of so far. The question I wanted to answer was simple to ask and hard to answer: how do self-driving and connected cars actually protect themselves from being attacked, and which approach works best?
Self-driving cars are not really single machines. They are constantly talking to each other, to traffic infrastructure, and to the wider network around them. That constant communication is what lets them react in time, but it is also the problem. A car often has to trust a message from a source it cannot fully verify, and it has milliseconds to decide. If someone feeds it false information, the consequences are not abstract. They are physical.
I looked at two different ways the field has tried to solve this. The first was an edge-assisted approach, where small computing nodes placed close to the road take on the job of checking who sent a message before passing it along, so the car itself does not have to carry that whole burden. The second was the Security Credential Management System, a large national approach built on public key infrastructure, where certificates and rotating pseudonyms are used to keep vehicles both verified and anonymous.
After comparing them across the things that actually matter for safety, authentication, privacy, the ability to keep working under attack, and the ability to scale, I found that neither one solves the whole problem on its own. The edge approach is stronger at protecting a car in the moment a message is moving, but it depends on physical infrastructure being built along the roads, which does not reach everywhere. The national system scales much better and was already tested in real government pilots, but managing all those certificates at that scale gets complicated fast.
I also wanted to see what the companies are doing in practice, so I looked at how Waymo and Tesla handle it. What stood out was the gap between what the research recommends and what is actually deployed. Both companies have built genuinely capable security, but each keeps it closed and proprietary, and neither uses a shared standard that would let cars from different makers trust each other safely.
Where I landed is that the best path forward is probably a mix of the two: use the national system to issue trustworthy credentials, and use an edge layer to protect those credentials while the car is actually on the road. The full paper goes deeper into each framework, the trade-offs, and the open problems still left to solve, including supply chain risk and the question of how mixed fleets running different standards are meant to trust each other.
The full paper is available on request.