Security and privacy issues of physical objects in the IoT: Challenges and opportunities

In the Internet of Things (IoT), security and privacy issues of physical objects are crucial to the related applications. In order to clarify the complicated security and privacy issues, the life cycle of a physical object is divided into three stages of pre-working, in-working, and post-working. On this basis, a physical object-based security architecture for the IoT is put forward. According to the security architecture, security and privacy requirements and related protecting technologies for physical objects in different working stages are analyzed in detail. Considering the development of IoT technologies, potential security and privacy challenges that IoT objects may face in the pervasive computing environment are summarized. At the same time, possible directions for dealing with these challenges are also pointed out

Authentication Scheme for Flexible Charging and Discharging of Mobile Vehicles in the V2G Networks

Navigating security and privacy challenges is one of the crucial requirements in the vehicle-to-grid (V2G) network. Since electric vehicles (EVs) need to provide their private information to aggregators/servers when charging/discharging at different charging stations, privacy of the vehicle owners can be compromised if the information is misused, traced, or revealed. In a wide V2G network, where vehicles can move outside of their home network to visiting networks, security and privacy become even more challenging due to untrusted entities in the visiting networks. Although some privacy-preserving solutions were proposed in the literature to tackle this problem, they do not protect against well-known security attacks and generate a huge overhead. Therefore, we propose a mutual authentication scheme to preserve privacy of the EV's information from aggregators/servers in the home as well as distributed visiting V2G networks. Our scheme, based on a bilinear pairing technique with an accumulator performing batch verification, yields higher system efficiency, defeats various security attacks, and maintains untraceability, forward privacy, and identity anonymity. A performance analysis shows that our scheme, in comparison with the existing solutions, significantly generates lower communication and computation overheads in the home and centralized V2G networks, and comparable overheads in the distributed visiting V2G networks

An efficient privacy-preserving authentication scheme for energy internet-based vehicle-to-grid communication

The energy Internet (EI) represents a new electric grid infrastructure that uses computing and communication to transform legacy power grids into systems that support open innovation. EI provides bidirectional communication for analysis and improvement of energy usage between service providers and customers. To ensure a secure, reliable, and efficient operation, the EI should be protected from cyber attacks. Thus, secure and efficient key establishment is an important issue for this Internet-based smart grid environment. In this paper, we propose an efficient privacy-preserving authentication scheme for EI-based vehicle-to-grid communication using lightweight cryptographic primitives such as one-way non-collision hash functions. In our proposed scheme, a customer can securely access services provided by the service provider using a symmetric key established between them. Detailed security and performance analysis of our proposed scheme are presented to show that it is resilient against many security attacks, cost effective in computation and communication, and provides an efficient solution for the EI

A Privacy-Preserving Method with Flexible Charging Schedules for Electric Vehicles in the Smart Grid

The Smart Grid (SG) is an emerging modernized electrical power system with advanced monitoring and control mechanism, and improved faulttolerance. The SG converges traditional power grid with a bidirectional communication and information system into the same infrastructure. Electric Vehicles (EVs), with their energy storage capacity and bidirectional communication capability, are envisioned to be an essential component of the SG. EVs can play the role of distributed energy resources by storing energy in off-peak hours and providing energy to the grid during peak hours or system contingencies. The energy stored by an EV is equivalent to the average energy drawn by multiple residential houses. As a result, simultaneous charging by a large number of EVs can create sudden energy imbalance in the grid. The mismatch between the energy generation and demand can create cascading faults resulting in load shedding. To prevent such situation, EVs are required to pre-schedule charging events at a Charging Station (CS). To efficiently manage a scheduled event, an EV is required to transmit information such as a valid ID, state-of-charge, distance from a CS, location, speed, etc. However, the data transmitted by an EV can be used to reveal information such as the movement of the vehicle, visits to a hospital, time to arrive at office, etc. The transmitted information can be used to create profiles of the owners of the EVs, breaching their location privacy. In the existing literature, it is recommended to use pseudonyms for different transactions by an EV to achieve location privacy. The majority of the works in the literature are based on anonymous authentication mechanism, where missing a charging event by an EV is considered as malicious and the corresponding EV is penalized (e.g., blacklisted). However, missing a charging event may happen due to many valid reasons and flexibility of scheduling can encourage consumer participation. On the other hand, missing charging events results in monetary loss to the CSs. In this thesis, an authentication method is developed to provide anonymity to EVs. The proposed method also addresses the cost-effectiveness of flexibility in charging events for the EVs and the CSs. A network setup that sub-divides a regional area into smaller zones to achieve better privacy, is proposed. A MATLAB simulation is designed to demonstrate the Degree of Anonymity (DoA) achieved in different stages of the proposed method and the optimal number of missed charging events. Additionally, a method to determine sub-division of zones from the simulation results, is studied

Towards Cyber Security for Low-Carbon Transportation: Overview, Challenges and Future Directions

In recent years, low-carbon transportation has become an indispensable part as sustainable development strategies of various countries, and plays a very important responsibility in promoting low-carbon cities. However, the security of low-carbon transportation has been threatened from various ways. For example, denial of service attacks pose a great threat to the electric vehicles and vehicle-to-grid networks. To minimize these threats, several methods have been proposed to defense against them. Yet, these methods are only for certain types of scenarios or attacks. Therefore, this review addresses security aspect from holistic view, provides the overview, challenges and future directions of cyber security technologies in low-carbon transportation. Firstly, based on the concept and importance of low-carbon transportation, this review positions the low-carbon transportation services. Then, with the perspective of network architecture and communication mode, this review classifies its typical attack risks. The corresponding defense technologies and relevant security suggestions are further reviewed from perspective of data security, network management security and network application security. Finally, in view of the long term development of low-carbon transportation, future research directions have been concerned.Comment: 34 pages, 6 figures, accepted by journal Renewable and Sustainable Energy Review

AccessAuth : Capacity-aware security access authentication in federated-IoT-enabled V2G networks

Vehicle-to-Grid (V2G) systems promoted by the federated Internet of Things (IoT) technology will be ubiquitous in the future; therefore, it is crucial to provide trusted, flexible and efficient operations for V2G services using high-quality measures for security and privacy. These can be achieved by access and authority authentication. This paper presents a lightweight protocol for capacity-based security access authentication named AccessAuth. Considering the overload probability and system capacity constraints of the V2G network domain, as well as the mobility of electric vehicles, the ideal number of admissible access requests is first calculated adaptively for each V2G network domain to actively achieve capacity-based access admission control. Subsequently, to provide mutual authentication and maintain the data privacy of admitted sessions, by considering whether there is prior knowledge of the trust relationship between the relevant V2G network domains, a high-level authentication model with specific authentication procedures is presented to enforce strict access authentication such that the sessions are conducted only by authorized requesters. Additionally, efficient session revocation with forward security and session recovery with no extra authentication delay are also discussed. Finally, analytical and evaluation results are presented to demonstrate the performance of AccessAuth

PAP: A Privacy-Preserving Authentication Scheme with Anonymous Payment for V2G Networks

Vehicle-to-grid (V2G) networks, as an emerging smart grid paradigm, can be integrated with renewable energy resources to provide power services and manage electricity demands. When accessing electricity services, an electric vehicle(EV) typically provides authentication or/and payment information containing identifying data to a service provider, which raises privacy concerns as malicious entities might trace EV activity or exploit personal information. Although numerous anonymous authentication and payment schemes have been presented for V2G networks, no such privacy-preserving scheme supports authentication and payment simultaneously. Therefore, this paper is the first to present a privacy-preserving authentication scheme with anonymous payment for V2G networks (PAP, for short). In addition, this scheme also supports accountability and revocability, which are practical features to prevent malicious behavior; minimal attribute disclosure, which maximizes the privacy of EV when responding to the service provider\u27s flexible access policies; payment binding, which guarantees the accountability in the payment phase; user-controlled linkability, which enables EV to decide whether different authentication sessions are linkable for continuous services. On the performance side, we implement PAP with the pairing cryptography library, then evaluate it on different hardware platforms, showing that it is essential for V2G applications

Privacy-Preserving Multi-Quality Charging in V2G network

Vehicle-to-grid (V2G) network, which provides electricity charging service to the electric vehicles (EVs), is an essential part of the smart grid (SG). It can not only effectively reduce the greenhouse gas emission but also significantly enhance the efficiency of the power grid. Due to the limitation of the local electricity resource, the quality of charging service can be hardly guaranteed for every EV in V2G network. To this end, the multi-quality charging is introduced to provide quality-guaranteed service (QGS) to the qualified EVs and best effort service (BES) to the other EVs. To perform the multi-quality charging, the evaluation on the EV's attributes is necessary to determine which level of charging service can be offered to the EV. However, the EV owner's privacy such as real identity, lifestyle, location, and sensitive information in the attributes may be violated during the evaluation and authentication. In this thesis, a privacy-preserving multi-quality charging (PMQC) scheme for V2G network is proposed to evaluate the EV's attributes, authenticate its service eligibility and generate its bill without revealing the EV's private information. Specifically, by adopting ciphertext-policy attribute based encryption (CP-ABE), the EV can be evaluated to have proper charging service without disclosing its attribute privacy. By utilizing group signature, the EV's real identity is kept confidential during the authentication and the bill generation. By hiding the EV's real identity, the EV owner's lifestyle privacy and location privacy are also preserved. Security analysis demonstrates that PMQC can achieve the EV's privacy preservation, fine-grained access control on the EVs for QGS, traceability of the EV's real identity and secure revocation on the EV's service eligibility. Performance evaluation result shows that PMQC can achieve higher efficiency in authentication and verification compared with other schemes in terms of computation overhead. Based on PMQC, the EV's computation overhead and storage overhead can be further reduced in the extended privacy-preserving multi-quality charging (ePMQC) scheme.4 month