HIP-20: Integration of Vehicle-HSM-Generated Credentials into Plug-and-Charge Infrastructure

“…To address the requirements from Section 3, we propose an extension for protocols of the PnC charging architecture to enable privacy-preserving charge authorization and billing. We use a TPM in an EV for protecting ISO 15118 credentials similar to [19] and extend this solution with a TPM-based DAA scheme [61] (adapted to be compatible with the PnC architecture) to provide unlinkability of personal data whenever possible. Notably, the use of a TPM is a suitable option in this context, since TPMs have already seen adoption in the automotive industry [26] and moreover the current draft of the next version of ISO 15118 [29] already offers explicit support for a TPM (based on the concept of [16]).…”

“…Our privacy-extension requires five different types of TPM keys (cf. Table 2): (i) an endorsement credential (EC) key pair following the Trusted Computing Group's endorsement credential profile [56], (ii) a provisioning credential (P C) key pair following [19], (iii) a DAA contract credential (CC DAA ) key pair following that of the DAA key in [61] with the addition of an authorization policy, (iv) a session contract credential (CC Sess ) key pair (generated anew for every communication session), and (v) a symmetric eMAID key (SK eM AID ) defined for the generation of Hash-based Message Authentication Code (HMAC)-based charge authorization values.…”

“…Additionally, eMSPs need to receive the intended auth-Policy of a CC DAA key pair in a trustworthy manner for the TPM's credential protection mechanism. Using the method from [19], this trust can be provided by an inclusion of EC pk and the intended authPolicy in the EV's provisioning certificate P C cert , which is signed by the OEM and verifiable by eMSPs, via a non-critical Subject Information Access (SIA) extension as shown in Fig. 2a.…”

“…Initialization of the EV: EV initialization requires the steps for preparation of a TPM for ISO 15118 use from [19]; i.e., the OEM instructs the EV's TPM to generate the EC and P C key pairs some time before the initial delivery. The OEM reads out the respective public keys, i.e., EC pk and P C pk , and generates the provisioning certificate P C cert for P C pk including EC pk and P ol Auth (i.e., a TPM2_PolicyAuthorize for the OEM's public key OEM pk ; cf.…”

“…security-, and privacy properties. Using a TPM in EVs, e.g., for securing an EV's PnC credentials, has been discussed in [16][17][18][19]. However, privacy is not considered and no formal security analysis is conducted.…”

Integrating Privacy into the Electric Vehicle Charging Architecture

“…To address the requirements from Section 3, we propose an extension for protocols of the PnC charging architecture to enable privacy-preserving charge authorization and billing. We use a TPM in an EV for protecting ISO 15118 credentials similar to [19] and extend this solution with a TPM-based DAA scheme [61] (adapted to be compatible with the PnC architecture) to provide unlinkability of personal data whenever possible. Notably, the use of a TPM is a suitable option in this context, since TPMs have already seen adoption in the automotive industry [26] and moreover the current draft of the next version of ISO 15118 [29] already offers explicit support for a TPM (based on the concept of [16]).…”

“…Our privacy-extension requires five different types of TPM keys (cf. Table 2): (i) an endorsement credential (EC) key pair following the Trusted Computing Group's endorsement credential profile [56], (ii) a provisioning credential (P C) key pair following [19], (iii) a DAA contract credential (CC DAA ) key pair following that of the DAA key in [61] with the addition of an authorization policy, (iv) a session contract credential (CC Sess ) key pair (generated anew for every communication session), and (v) a symmetric eMAID key (SK eM AID ) defined for the generation of Hash-based Message Authentication Code (HMAC)-based charge authorization values.…”

“…Additionally, eMSPs need to receive the intended auth-Policy of a CC DAA key pair in a trustworthy manner for the TPM's credential protection mechanism. Using the method from [19], this trust can be provided by an inclusion of EC pk and the intended authPolicy in the EV's provisioning certificate P C cert , which is signed by the OEM and verifiable by eMSPs, via a non-critical Subject Information Access (SIA) extension as shown in Fig. 2a.…”

“…Initialization of the EV: EV initialization requires the steps for preparation of a TPM for ISO 15118 use from [19]; i.e., the OEM instructs the EV's TPM to generate the EC and P C key pairs some time before the initial delivery. The OEM reads out the respective public keys, i.e., EC pk and P C pk , and generates the provisioning certificate P C cert for P C pk including EC pk and P ol Auth (i.e., a TPM2_PolicyAuthorize for the OEM's public key OEM pk ; cf.…”

“…security-, and privacy properties. Using a TPM in EVs, e.g., for securing an EV's PnC credentials, has been discussed in [16][17][18][19]. However, privacy is not considered and no formal security analysis is conducted.…”

Integrating Privacy into the Electric Vehicle Charging Architecture

QuantumCharge: Post-Quantum Cryptography for Electric Vehicle Charging

Self-sovereign Identity for Electric Vehicle Charging