short-paper

HIP: HSM-based identities for plug-and-charge

Authors:

Christoph Krauß,

Maria ZhdanovaAuthors Info & Claims

ARES '20: Proceedings of the 15th International Conference on Availability, Reliability and Security

Article No.: 33, Pages 1 - 6

https://doi.org/10.1145/3407023.3407066

Published: 25 August 2020 Publication History

Abstract

Plug-and-Charge (PnC) standards such as ISO 15118 enable Electric Vehicle (EV) authentication against Charge Points (CPs) without driver intervention. Credentials are stored in the vehicle itself making methods using RFID cards obsolete. However, credentials are generated in service provider backend systems and provisioned via the Internet and not in a secure Hardware Security Module (HSM) within the vehicle. In this paper, we propose HIP, a backwards compatible protocol extension for ISO 15118 where keys are generated and stored in a Trusted Platform Module (TPM) within the vehicle. Our implementation and evaluation show that our solution is feasible and is a viable option for future editions of ISO 15118.

References

[1]

E. Barker. 2016. NIST Special Publication 800-57 Part 1, Recommendation for Key Management: General. Revision 4 (2016).

[2]

CAR 2 CAR Communication Consortium. 2018. Protection Profile V2X Hardware Security Module, Release 1.3.0.

[3]

S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno. 2011. Comprehensive Experimental Analyses of Automotive Attack Surfaces. In Proceedings of the 20th USENIX Conference on Security (SEC'11). USENIX Association, Berkeley, CA, USA, 6--6.

Digital Library

[4]

ElaadNL. 2017. EV Related Protocol Study. https://www.elaad.nl/uploads/downloads/downloads_download/EV_related_protocol_study_v1.1.pdf

[5]

A. Fuchs, D. Kern, C. Krauß, and M. Zhdanova. 2020. TrustEV: Trustworthy Electric Vehicle Charging and Billing. In Proceedings of the 35th ACM/SIGAPP Symposium on Applied Computing SAC 2020. ACM.

[6]

A. Fuchs, C. Krauß, and J. Repp. 2016. Advanced Remote Firmware Upgrades Using TPM 2.0. In ICT Systems Security and Privacy Protection. Springer International Publishing, Cham, 276--289.

[7]

D. Ghosh, R. Thomas, and S. Wicker. 2013. A privacy-aware design for the vehicle-to-grid framework. In 2013 46th Hawaii International Conference on System Sciences. IEEE, 2283--2291.

[8]

A. Greenberg, C. Miller, and C. Valasek. 2015. Hackers Remotely Kill a Jeep on the Highway - With Me in It.

[9]

HIS. 2009. SHE - Secure Hardware Extension Functional Specification.

[10]

ISO/TEC. 2013. Road vehicles - Vehicle to grid communication interface - Part 1: General information and use-case definition. ISO Standard 15118-1:2013.

[11]

ISO/IEC. 2014. Road vehicles - Vehicle-to-Grid Communication Interface - Part 2: Network and application protocol requirements. ISO Standard 15118-2:2014.

[12]

ISO/IEC. 2018. Road vehicles - Vehicle-to-Grid Communication Interface - Part 2: Network and application protocol requirements. ISO/DIS 15118-2:2018.

[13]

K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage. 2010. Experimental Security Analysis of a Modern Automobile. In 2010 IEEE Symposium on Security and Privacy. 447--462.

[14]

C. Miller and C. Valasek. 2014. Adventures in Automotive Networks and Control Units.

[15]

C. Miller and C. Valasek. 2014. A Survey of Remote Automotive Attack Surfaces. In Blackhat.

[16]

D. Moghimi, B. Sunar, T. Eisenbarth, and N. Heninger. 2020. TPM-FAIL: TPM meets Timing and Lattice Attacks. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, Boston, MA.

[17]

Open Charge Alliance. 2016. Open Charge Point Protocol 1.6. Open Standard. Arnhem, Netherlands.

[18]

Open Charge Alliance. 2018. Open Charge Point Protocol 2.0 - Part 2 - Specification. Open Standard. Arnhem, Netherlands.

[19]

I. Rouf, R. Miller, H. Mustafa, T. Taylor, S. Oh, W. Xu, M. Gruteser, W. Trappe, and I. Seskar. 2010. Security and Privacy Vulnerabilities of In-car Wireless Networks: A Tire Pressure Monitoring System Case Study. In Proceedings of the 19th USENIX Conference on Security. USENIX Association, Berkeley, CA, USA, 21--21.

[20]

N. Saxena, S. Grijalva, V. Chukwuka, and A. Vasilakos. 2017. Network security and privacy challenges in smart vehicle-to-grid. IEEE Wireless Communications 24, 4 (2017), 88--98.

Digital Library

[21]

Trusted Computing Group. 2016. Trusted Platform Module Library - Part 1: Architecture. Specification Family 2.0 - Rev. 01.38.

[22]

Trusted Computing Group. 2017. TCG TPM v2.0 Provisioning Guidance. Guidance Ver. 1.0 - Rev. 1.0.

[23]

C. Xu, H. Liu, P. Li, and P. Wang. 2018. A Remote Attestation Security Model Based on Privacy-Preserving Blockchain for V2X. IEEE Access 6 (2018), 67809--67818.

[24]

D. Zelle, M. Springer, M. Zhdanova, and C. Krauß. 2018. Anonymous Charging and Billing of Electric Vehicles. In Proceedings of the 13th International Conference on Availability, Reliability and Security, ARES. ACM, 22:1--22:10.

Digital Library

[25]

T. Zhao, C. Zhang, L. Wei, and Y. Zhang. 2015. A secure and privacy-preserving payment system for Electric vehicles. In Communications (ICC), 2015 IEEE International Conference on. IEEE, 7280--7285.

Cited By

Ahmet K(2024)Smart, Secure and Interoperable Charging Infrastructure with Plug and Charge2024 12th International Conference on Smart Grid (icSmartGrid)10.1109/icSmartGrid61824.2024.10578287(174-180)Online publication date: 27-May-2024
https://doi.org/10.1109/icSmartGrid61824.2024.10578287
Kailus AKern DKrauß C(2024)Self-sovereign Identity for Electric Vehicle ChargingApplied Cryptography and Network Security10.1007/978-3-031-54776-8_6(137-162)Online publication date: 5-Mar-2024
https://dl.acm.org/doi/10.1007/978-3-031-54776-8_6
Sharma GJoshi AMohanty S(2023)Fortified-Grid: Fortifying Smart Grids through the Integration of the Trusted Platform Module in Internet of Things DevicesInformation10.3390/info1409049114:9(491)Online publication date: 6-Sep-2023
https://doi.org/10.3390/info14090491
Show More Cited By

Index Terms

HIP: HSM-based identities for plug-and-charge
1. Security and privacy
  1. Security in hardware
    1. Hardware security implementation
      1. Hardware-based security protocols

Recommendations

TrustEV: trustworthy electric vehicle charging and billing
SAC '20: Proceedings of the 35th Annual ACM Symposium on Applied Computing

In the emerging Electric Vehicle (EV) charging infrastructure, vehicles authenticate themselves for charging and billing using Plug-and-Charge (PnC) protocols such as ISO 15118 and the respective cryptographic credentials stored in the vehicle. These ...
HIP-20: Integration of Vehicle-HSM-Generated Credentials into Plug-and-Charge Infrastructure
CSCS '20: Proceedings of the 4th ACM Computer Science in Cars Symposium

Plug-and-Charge (PnC) standards such as ISO 15118-20 enable the charging of Electric Vehicles (EVs) with (nearly) no user intervention by storing authentication credentials directly in the vehicle. However, these credentials are generated in backend ...
Secure Multi-User Contract Certificate Management for ISO 15118-20 Using Hardware Identities
ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security

In recent years, traditional mobility concepts have been increasingly transformed in favor of electric mobility and vehicle sharing concepts to combat pollutant emissions and inner-city traffic congestion. While the electric charging standard ISO 15118 ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '20: Proceedings of the 15th International Conference on Availability, Reliability and Security

August 2020

1073 pages

ISBN:9781450388337

DOI:10.1145/3407023

Program Chairs:
Melanie Volkamer
Karlsruhe Institute of Technologie (KIT), Competence Center for Applied Security Technology (KASTEL)
,
Christian Wressnegger
Karlsruhe Institute of Technologie (KIT), Competence Center for Applied Security Technology (KASTEL)

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 August 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Funding Sources

Fraunhofer-Gesellschaft
Federal Ministry for Economic Affairs and Energy (BMWi)

Conference

ARES 2020

ARES 2020: The 15th International Conference on Availability, Reliability and Security

August 25 - 28, 2020

Virtual Event, Ireland

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
185
Total Downloads

Downloads (Last 12 months)61
Downloads (Last 6 weeks)12

Reflects downloads up to 09 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Ahmet K(2024)Smart, Secure and Interoperable Charging Infrastructure with Plug and Charge2024 12th International Conference on Smart Grid (icSmartGrid)10.1109/icSmartGrid61824.2024.10578287(174-180)Online publication date: 27-May-2024
https://doi.org/10.1109/icSmartGrid61824.2024.10578287
Kailus AKern DKrauß C(2024)Self-sovereign Identity for Electric Vehicle ChargingApplied Cryptography and Network Security10.1007/978-3-031-54776-8_6(137-162)Online publication date: 5-Mar-2024
https://dl.acm.org/doi/10.1007/978-3-031-54776-8_6
Sharma GJoshi AMohanty S(2023)Fortified-Grid: Fortifying Smart Grids through the Integration of the Trusted Platform Module in Internet of Things DevicesInformation10.3390/info1409049114:9(491)Online publication date: 6-Sep-2023
https://doi.org/10.3390/info14090491
Plappert CJäger LIrrgang APotluri C(2023)Secure Multi-User Contract Certificate Management for ISO 15118-20 Using Hardware IdentitiesProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3605165(1-11)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3605165
Kern DKrauß CLauser TAlnahawi NWiesmaier ANiederhagen R(2023)QuantumCharge: Post-Quantum Cryptography for Electric Vehicle ChargingApplied Cryptography and Network Security10.1007/978-3-031-33491-7_4(85-111)Online publication date: 28-May-2023
https://doi.org/10.1007/978-3-031-33491-7_4
Garofalaki ZKosmanos DMoschoyiannis SKallergis DDouligeris C(2022)Electric Vehicle Charging: A Survey on the Security Issues and Challenges of the Open Charge Point Protocol (OCPP)IEEE Communications Surveys & Tutorials10.1109/COMST.2022.318444824:3(1504-1533)Online publication date: Nov-2023
https://doi.org/10.1109/COMST.2022.3184448
Conti MDonadel DPoovendran RTurrin F(2022)EVExchange: A Relay Attack on Electric Vehicle Charging SystemComputer Security – ESORICS 202210.1007/978-3-031-17140-6_24(488-508)Online publication date: 25-Sep-2022
https://doi.org/10.1007/978-3-031-17140-6_24
Kern DKrauß C(2021)Analysis of E-Mobility-based Threats to Power Grid ResilienceProceedings of the 5th ACM Computer Science in Cars Symposium10.1145/3488904.3493385(1-12)Online publication date: 30-Nov-2021
https://dl.acm.org/doi/10.1145/3488904.3493385
Fuchs AKern DKrauß CZhdanova MHeddergott R(2020)HIP-20: Integration of Vehicle-HSM-Generated Credentials into Plug-and-Charge InfrastructureProceedings of the 4th ACM Computer Science in Cars Symposium10.1145/3385958.3430483(1-10)Online publication date: 2-Dec-2020
https://dl.acm.org/doi/10.1145/3385958.3430483
Lauser TZelle DKrauß C(2020)Security Analysis of Automotive ProtocolsProceedings of the 4th ACM Computer Science in Cars Symposium10.1145/3385958.3430482(1-12)Online publication date: 2-Dec-2020
https://dl.acm.org/doi/10.1145/3385958.3430482

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents