Trust your BMS: Designing a Lightweight Authentication Architecture for Industrial Networks

Abstract: With the advent of clean energy awareness and systems that rely on extensive battery usage, the community has seen an increased interest in the development of more complex and secure Battery Management Systems (BMS). In particular, the inclusion of BMS in modern complex systems like electric vehicles and power grids has presented a new set of securityrelated challenges. A concern is shown when BMS are intended to extend their communication with external system networks, as their interaction can leave many back… Show more

“…The deployment phase primarily depends on the main system architecture, however, it generally contains a central, and a more powerful, certificate authority (CA) device. The certificate derivation phase is straightforward with ECQV and almost identical among different solutions [3], [5], [6], [8]. The session establishment process often differs and depends on the KD and node authentication algorithms.…”

“…All protocols have been tested with the secp256r1 256-bit EC, with 256-bit level for the SHA and HMAC, and 128-bits for the AES and CMAC. In total, we test four different protocols derived from two groups based on the use of the authentication mechanism, i.e., on those that rely on the use of ECDSA: (i) static ECDSA by Basic et al [5] as S-ECDSA, and (ii) STS from this work, and those that only use the symmetric cryptography authentication without the EC operations: (iii) from Porambage et al [3] as PORAMB, and (iv) from Sciancalepore et al [4] as SCIANC. We also consider the extension of the S-ECDSA protocol, specifically the additional authentication of the ack acknowledgement messages, based on the finished message handling as seen from Porambage et al [3].…”

“…For the evaluation, we compare the proposed STS implementation against the common static ECDSA [2], [5]. For a fair comparison, as to account for the conventional deployment of these protocols in the field, we did not consider the optimization handling for the parallel operation runs argued in Section IV-C.…”

Establishing Dynamic Secure Sessions for ECQV Implicit Certificates in Embedded Systems

“…The deployment phase primarily depends on the main system architecture, however, it generally contains a central, and a more powerful, certificate authority (CA) device. The certificate derivation phase is straightforward with ECQV and almost identical among different solutions [3], [5], [6], [8]. The session establishment process often differs and depends on the KD and node authentication algorithms.…”

“…All protocols have been tested with the secp256r1 256-bit EC, with 256-bit level for the SHA and HMAC, and 128-bits for the AES and CMAC. In total, we test four different protocols derived from two groups based on the use of the authentication mechanism, i.e., on those that rely on the use of ECDSA: (i) static ECDSA by Basic et al [5] as S-ECDSA, and (ii) STS from this work, and those that only use the symmetric cryptography authentication without the EC operations: (iii) from Porambage et al [3] as PORAMB, and (iv) from Sciancalepore et al [4] as SCIANC. We also consider the extension of the S-ECDSA protocol, specifically the additional authentication of the ack acknowledgement messages, based on the finished message handling as seen from Porambage et al [3].…”

“…For the evaluation, we compare the proposed STS implementation against the common static ECDSA [2], [5]. For a fair comparison, as to account for the conventional deployment of these protocols in the field, we did not consider the optimization handling for the parallel operation runs argued in Section IV-C.…”

Establishing Dynamic Secure Sessions for ECQV Implicit Certificates in Embedded Systems

Secure Data Acquisition for Battery Management Systems