With or Without Blockchain? Towards a Decentralized, SSI-based eRoaming Architecture

Fragmentation and limited accessibility of charging infrastructure impede the adoption of electric vehicles. To improve the availability of charging infrastructure independent of providers, eRoaming offers a promising solution. Yet, current eRoaming systems are typically centralized, which raises concerns of market power concentration. While the use of blockchain technology can obviate such concerns, it comes with significant privacy challenges. To address these challenges, we explore a combination of blockchain with self-sovereign identity. Specifically, we apply a design science research approach, which helps us to identify requirements, derive a conceptual architecture, and deduce design principles for decentralized eRoaming and beyond. We find that blockchain may best leverage its benefits when it takes a backseat as a public registry for legal entities. Moreover, we find that the use of self-sovereign identities could improve compliance with privacy regulations, but they should not be overused

Engineering Trustworthy Systems by Minimizing and Strengthening their TCBs using Trusted Computing

The Trusted Computing Base (TCB) describes the part of an IT system that is responsible for enforcing a certain security property of the system. In order to engineer a trustworthy system, the TCB must be as secure as possible. This can be achieved by reducing the number, size and complexity of components that are part of the TCB and by using hardened components as part of the TCB. Worst case scenario is for the TCB to span the complete IT system. Best case is for the TCB to be reduced to only a strengthened Root of Trust such as a Hardware Security Module (HSM). One such very secure HSMs with many capabilities is the Trusted Platform Module (TPM). This thesis demonstrates how the TCB of a system can be largely or even solely reduced to the TPM for a variety of security policies, especially in the embedded domain. The examined scenarios include the policies for securing of device resident data at rest also during firmware updates, the enforcement of firmware product lines at runtime, the securing of payment credentials in Plug and Charge controllers, the recording of audit trails over attestation data and a very generic role-based access management. In order to allow evaluating these different solutions, the notion of a dynamic lifecycle dimension for a TCB is introduced. Furthermore, an approach towards engineering such systems based on a formal framework is presented. These scenarios provide evidence for the potential to enforce even complex security policies in small and thus strong TCBs. The approach for implementing those policies can often be inspired by a formal methods based engineering process or by means of additive functional engineering, where a base system is expanded by increased functionality in each step. In either case, a trustworthy system with high assurance capabilities can be achieved

Anonymous charging and billing of electric vehicles

None of the existing and upcoming Plug-and-Charge (PnC) related standards define privacy-preserving measures for protecting privacy-sensitive charging and billing data to prevent attacks such as the generation of movement profiles. To address this issue, we analyze PnC protocols with respect to privacy, identify requirements for privacy-preserving PnC solutions, and propose a PnC protocol extension enabling users to charge Electric Vehicle (EV) anonymously and service providers to securely bill their customers. Our approach addresses the complete PnC process chain and is based on a Direct Anonymous Attestation (DAA) protocol using a Trusted Platform Module (TPM) in the vehicle. Our analysis shows that our approach effectively protects the customers privacy while introducing only minimal additional protocol overhead