Secure Multi-User Contract Certificate Management for ISO 15118-20 Using Hardware Identities
Authors: 
Christian Plappert, Lukas Jäger, Alexander Irrgang, Chandrasekhar PotluriAuthors Info & Claims
ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security
Article No.: 54, Pages 1 - 11
Abstract
In recent years, traditional mobility concepts have been increasingly transformed in favor of electric mobility and vehicle sharing concepts to combat pollutant emissions and inner-city traffic congestion. While the electric charging standard ISO 15118 with its Plug&Charge (PnC) concept eases the user experience by handling the complex billing process automatically during the charging, it is currently not suitable to the new multi-user mobility concepts since it does not define how to handle charging identities for multiple users per vehicle. With the Trusted Platform Module (TPM) 2.0 already part of the current ISO 15118-20 standard, we propose a new secure and standard-compliant multi-user contract certificate management system for ISO 15118-20 that utilizes the TPM in the vehicle as hardware trust anchor to handle multiple vehicle users. Our concept has little overhead to the current standard and introduces secure TPM-based multifactor authentication into ISO 15118-20, while maintaining the convenience benefits of PnC.
References
[1]
Anoop Singhal, Theodore Winograd, Karen Scarfone. 2007. NIST Special Publication 800-95 - Guide to Secure Web Services. https://doi.org/10.6028/NIST.SP.800-95.
[2]
James Arbib and Tony Seba. 2017. Rethinking Transportation 2020-2030. https://www.rethinkx.com/transportation
[3]
AUDI AG. 2013. Self Study Programme 994618AG - Audi Modular Infotainment System (MIB). http://www.vaglinks.com/docs/ssp/VWUSA.COM_SSP_994618_Audi_MMI.pdf.
[4]
Kaibin Bao, Hristo Valev, Manuela Wagner, and Hartmut Schmeck. 2017. A threat analysis of the vehicle-to-grid charging protocol ISO 15118. Computer Science - Research and Development 33 (09 2017), 3–12. https://doi.org/10.1007/s00450-017-0342-y
[5]
California Energy Commission. 2022. CEC Recommendation for Deployment of ISO 15118-Ready Chargers. https://www.energy.ca.gov/programs-and-topics/programs/electric-vehicle-charging-infrastructure-assessment-ab-2127.
[6]
TPM2 & TSS2 Software Community. 2023. Linux TPM2 & TSS2 Software. https://github.com/tpm2-software/.
[7]
TPM2 & TSS2 Software Community. 2023. tpm2-tools. https://github.com/tpm2-software/tpm2-tools.
[8]
Julian Conzade, Andreas Cornet, Patrick Hertzke, Russell Hensley, Ruth Heuss, Timo Möller, Patrick Schaufuss, Stephanie Schenk, Andreas Tschiesner, and Karsten von Laufenberg. 2022. Why the Automotive Future Is Electric — Mainstream EVs will transform the automotive industry and help decarbonize the planet. https://www.mckinsey.com/industries/automotive-and-assembly/our-insights/why-the-automotive-future-is-electric
[9]
Rainer Falk and Steffen Fries. 2013. Securely Connecting Electric Vehicles to the Smart Grid. International Journal on Advances in Internet Technology 6 (2013), 57–67. https://doi.org/10.1109/ICITCS.2014.7021815
[10]
Rainer Falk, Steffen Fries, and Hans-Joachim Hof. 2011. Secure Communication Using Electronic Identity Cards for Voice over IP Communication, Home Energy Management, and eMobility. International Journal On Advances in Security 4 (2011), 152–162. http://www.iariajournals.org/security/
[11]
Federal Office for Information Security. 2014. Technical Guideline TR-03107-1. https://www.bsi.bund.de/dok/TR-03107-en.
[12]
Federal Office for Information Security. 2023. BSI TR-02102-1 - Cryptographic Mechanisms: Recommendations and Key Lengths. https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102.html.
[13]
Federal Office for Information Security. 2023. Recommendations based on attack targets. https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/empfehlungen-nach-angriffszielen_node.html.
[14]
Filip Forsby, Martin Furuhed, Panos Papadimitratos, and Shahid Raza. 2018. Lightweight X.509 Digital Certificates for the Internet of Things. In Interoperability, Safety and Security in IoT, Giancarlo Fortino, Carlos E. Palau, Antonio Guerrieri, Nora Cuppens, Frédéric Cuppens, Hakima Chaouchi, and Alban Gabillon (Eds.). Springer International Publishing, Cham, 123–133.
[15]
Andreas Fuchs, Dustin Kern, Christoph Krauß, and Maria Zhdanova. 2020. HIP: HSM-Based Identities for Plug-and-Charge. In Proceedings of the 15th International Conference on Availability, Reliability and Security (Virtual Event, Ireland) (ARES ’20). Association for Computing Machinery, New York, NY, USA, Article 33, 6 pages. https://doi.org/10.1145/3407023.3407066
[16]
Andreas Fuchs, Dustin Kern, Christoph Krauß, and Maria Zhdanova. 2020. TrustEV: Trustworthy Electric Vehicle Charging and Billing. Association for Computing Machinery, New York, NY, USA, 1706–1715. https://doi.org/10.1145/3341105.3373879
[17]
Andreas Fuchs, Dustin Kern, Christoph Krauß, Maria Zhdanova, and Ronald Heddergott. 2020. HIP-20: Integration of Vehicle-HSM-Generated Credentials into Plug-and-Charge Infrastructure. In Proceedings of the 4th ACM Computer Science in Cars Symposium (Feldkirchen, Germany) (CSCS ’20). Association for Computing Machinery, New York, NY, USA, Article 12, 10 pages. https://doi.org/10.1145/3385958.3430483
[18]
Henry Gadacz. 2021. Evaluation of Electric Mobility Authentication Approaches. In Proceedings of the 5th ACM Computer Science in Cars Symposium (Ingolstadt, Germany) (CSCS ’21). Association for Computing Machinery, New York, NY, USA, Article 9, 10 pages. https://doi.org/10.1145/3488904.3493384
[19]
Antonio González Robles and Norbert Pohlmann. 2014. Sichere mobile Identifizierung und Authentisierung. In Datenschutz und Datensicherheit-DuD. Springer Nature, Berlin, Tiergartenstrasse 17, 684–690. https://doi.org/10.1007/s11623-014-0271-x
[20]
Xiaohong Huang, Cheng Xu, Pengfei Wang, and Hongzhe Liu. 2018. LNSC: A Security Model for Electric Vehicle and Charging Pile Management Based on Blockchain Ecosystem. IEEE Access 6 (2018), 13565–13574. https://doi.org/10.1109/ACCESS.2018.2812176
[21]
ISO/IEC. 2022. ISO/DIS 15118 — Road vehicles – Vehicle to grid communication interface – Part 20: 2nd Generation network and application protocol requirements. Technical Report. International Organization for Standardization, Geneva, CH.
[22]
Karen Scarfone, Wayne Jansen, Miles Tracy. 2008. Guide to General Server Security. https://csrc.nist.gov/publications/detail/sp/800-123/final.
[23]
Vishnu Teja Kilari, Satyajayant Misra, and Guoliang Xue. 2016. Revocable anonymity based authentication for vehicle to grid (V2G) communications. In 2016 IEEE International Conference on Smart Grid Communications (SmartGridComm). IEEE, Piscataway, NJ, 351–356. https://doi.org/10.1109/SmartGridComm.2016.7778786
[24]
MyeongHyun Kim, KiSung Park, SungJin Yu, JoonYoung Lee, YoungHo Park, Sang-Woo Lee, and BoHeung Chung. 2019. A Secure Charging System for Electric Vehicles Based on Blockchain. Sensors 19, 13 (2019), 1–22. https://doi.org/10.3390/s19133028
[25]
Seokcheol Lee, Yongmin Park, Hyunwoo Lim, and Taeshik Shon. 2014. Study on Analysis of Security Vulnerabilities and Countermeasures in ISO/IEC 15118 Based Electric Vehicle Charging Technology. In 2014 International Conference on IT Convergence and Security (ICITCS). IEEE, Piscataway, NJ, 1–4. https://doi.org/10.1109/ICITCS.2014.7021815
[26]
Paul A. Grassi, Michael E. Garcia, James L. Fenton. 2017. NIST Special Publication 800-63B - Digital Identity Guidelines. https://doi.org/10.6028/NIST.SP.800-63-3.
[27]
pi3g.com. 2023. LetsTrust TPM. https://pi3g.com/products/industrial/letstrust-tpm/.
[28]
Christian Plappert, Lukas Jäger, and Andreas Fuchs. 2021. Secure Role and Rights Management for Automotive Access and Feature Activation. In Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security (Virtual Event, Hong Kong) (ASIA CCS ’21). Association for Computing Machinery, New York, NY, USA, 227–241. https://doi.org/10.1145/3433210.3437521
[29]
Christian Plappert, Daniel Zelle, Henry Gadacz, Roland Rieke, Dirk Scheuermann, and Christoph Krauß. 2021. Attack Surface Assessment for Cybersecurity Engineering in the Automotive Domain. In 2021 29th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP). IEEE, Piscataway, NJ, 266–275. https://doi.org/10.1109/PDP52278.2021.00050
[30]
Daniel Richter and Jürgen Anke. 2021. Exploring Potential Impacts of Self-Sovereign Identity on Smart Service Systems: An Analysis of Electric Vehicle Charging Services. Business Information Systems 1 (Jul. 2021), 105–116. https://doi.org/10.52825/bis.v1i.68
[31]
Junaid Shuja, Abdullah Gani, Kashif Bilal, Atta Ur Rehman Khan, Sajjad A. Madani, Samee U. Khan, and Albert Y. Zomaya. 2016. A Survey of Mobile Device Virtualization: Taxonomy and State of the Art. ACM Comput. Surv. 49, 1, Article 1 (apr 2016), 36 pages. https://doi.org/10.1145/2897164
[32]
Trusted Computing Group. 2019. TCG TSS 2.0 JSON Data Types and Policy Language Specification. https://trustedcomputinggroup.org/wp-content/uploads/TSS_JSON_Policy_v0.7_r04_pubrev.pdf.
[33]
Trusted Computing Group. 2019. TPM 2.0 Library. https://trustedcomputinggroup.org/resource/tpm-library-specification/.
[34]
Trusted Computing Group. 2020. TCG Algorithm Registry. https://trustedcomputinggroup.org/resource/tcg-algorithm-registry/.
[35]
Binod Vaidya and Hussein T Mouftah. 2020. Multimodal and multi-pass authentication mechanisms for electric vehicle charging networks. In 2020 International Wireless Communications and Mobile Computing (IWCMC). IEEE, IEEE, Piscataway, NJ, 371–376.
[36]
Shiyuan Xu, Xue Chen, and Yunhua He. 2021. EVchain: An Anonymous Blockchain-Based System for Charging-Connected Electric Vehicles. Tsinghua Science and Technology 26, 6 (2021), 845–856. https://doi.org/10.26599/TST.2020.9010043
[37]
Daniel Zelle, Roland Rieke, Christian Plappert, Christoph Krauß, Dmitry Levshun, and Andrey Chechulin. 2020. SEPAD – Security Evaluation Platform for Autonomous Driving. In 2020 28th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP). IEEE, Piscataway, NJ, 413–420. https://doi.org/10.1109/PDP50117.2020.00070
[38]
Daniel Zelle, Markus Springer, Maria Zhdanova, and Christoph Krauß. 2018. Anonymous Charging and Billing of Electric Vehicles. In Proceedings of the 13th International Conference on Availability, Reliability and Security (Hamburg, Germany) (ARES 2018). Association for Computing Machinery, New York, NY, USA, Article 22, 10 pages. https://doi.org/10.1145/3230833.3230850
Index Terms
- Secure Multi-User Contract Certificate Management for ISO 15118-20 Using Hardware Identities
Recommendations
TrustEV: trustworthy electric vehicle charging and billing
SAC '20: Proceedings of the 35th Annual ACM Symposium on Applied ComputingIn the emerging Electric Vehicle (EV) charging infrastructure, vehicles authenticate themselves for charging and billing using Plug-and-Charge (PnC) protocols such as ISO 15118 and the respective cryptographic credentials stored in the vehicle. These ...
HIP-20: Integration of Vehicle-HSM-Generated Credentials into Plug-and-Charge Infrastructure
CSCS '20: Proceedings of the 4th ACM Computer Science in Cars SymposiumPlug-and-Charge (PnC) standards such as ISO 15118-20 enable the charging of Electric Vehicles (EVs) with (nearly) no user intervention by storing authentication credentials directly in the vehicle. However, these credentials are generated in backend ...
HIP: HSM-based identities for plug-and-charge
ARES '20: Proceedings of the 15th International Conference on Availability, Reliability and SecurityPlug-and-Charge (PnC) standards such as ISO 15118 enable Electric Vehicle (EV) authentication against Charge Points (CPs) without driver intervention. Credentials are stored in the vehicle itself making methods using RFID cards obsolete. However, ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
August 2023
1440 pages
ISBN:9798400707728
DOI:10.1145/3600160
Copyright © 2023 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 29 August 2023
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ARES 2023
ARES 2023: The 18th International Conference on Availability, Reliability and Security
August 29 - September 1, 2023
Benevento, Italy
Acceptance Rates
Overall Acceptance Rate 228 of 451 submissions, 51%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 721Total Downloads
- Downloads (Last 12 months)639
- Downloads (Last 6 weeks)68
Reflects downloads up to 23 Jan 2025
Other Metrics
Citations
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML FormatLogin options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in