Abstract:With the advent of clean energy awareness and systems that rely on extensive battery usage, the community has seen an increased interest in the development of more complex and secure Battery Management Systems (BMS). In particular, the inclusion of BMS in modern complex systems like electric vehicles and power grids has presented a new set of securityrelated challenges. A concern is shown when BMS are intended to extend their communication with external system networks, as their interaction can leave many back… Show more
“…The deployment phase primarily depends on the main system architecture, however, it generally contains a central, and a more powerful, certificate authority (CA) device. The certificate derivation phase is straightforward with ECQV and almost identical among different solutions [3], [5], [6], [8]. The session establishment process often differs and depends on the KD and node authentication algorithms.…”
Section: Background On the Security Architecturementioning
confidence: 99%
“…All protocols have been tested with the secp256r1 256-bit EC, with 256-bit level for the SHA and HMAC, and 128-bits for the AES and CMAC. In total, we test four different protocols derived from two groups based on the use of the authentication mechanism, i.e., on those that rely on the use of ECDSA: (i) static ECDSA by Basic et al [5] as S-ECDSA, and (ii) STS from this work, and those that only use the symmetric cryptography authentication without the EC operations: (iii) from Porambage et al [3] as PORAMB, and (iv) from Sciancalepore et al [4] as SCIANC. We also consider the extension of the S-ECDSA protocol, specifically the additional authentication of the ack acknowledgement messages, based on the finished message handling as seen from Porambage et al [3].…”
Section: Implementation and Evaluation A Protocol Performance Evaluationmentioning
confidence: 99%
“…For the evaluation, we compare the proposed STS implementation against the common static ECDSA [2], [5]. For a fair comparison, as to account for the conventional deployment of these protocols in the field, we did not consider the optimization handling for the parallel operation runs argued in Section IV-C.…”
Be it in the IoT or automotive domain, implicit certificates are gaining ever more prominence in constrained embedded devices. They present a resource-efficient security solution against common threat concerns. The computational requirements are not the main issue anymore. The focus is now placed on determining a good balance between the provided security level and the derived threat model. A security aspect that often gets overlooked is the establishment of secure communication sessions, as most design solutions are based only on the use of static key derivation, and therefore, lack the perfect forward secrecy. This leaves the transmitted data open for potential future exposures by having keys tied to the certificates rather than the communication sessions. We aim to patch this gap, by presenting a design that utilizes the Station to Station (STS) protocol with implicit certificates. In addition, we propose potential protocol optimization implementation steps and run a comprehensive study on the performance and security level between the proposed design and the state-of-the-art key derivation protocols. In our comparative study, we show that with a slight computational increase of 20% compared to a static ECDSA key derivation, we are able to mitigate many session-related security vulnerabilities that would otherwise remain open.
“…The deployment phase primarily depends on the main system architecture, however, it generally contains a central, and a more powerful, certificate authority (CA) device. The certificate derivation phase is straightforward with ECQV and almost identical among different solutions [3], [5], [6], [8]. The session establishment process often differs and depends on the KD and node authentication algorithms.…”
Section: Background On the Security Architecturementioning
confidence: 99%
“…All protocols have been tested with the secp256r1 256-bit EC, with 256-bit level for the SHA and HMAC, and 128-bits for the AES and CMAC. In total, we test four different protocols derived from two groups based on the use of the authentication mechanism, i.e., on those that rely on the use of ECDSA: (i) static ECDSA by Basic et al [5] as S-ECDSA, and (ii) STS from this work, and those that only use the symmetric cryptography authentication without the EC operations: (iii) from Porambage et al [3] as PORAMB, and (iv) from Sciancalepore et al [4] as SCIANC. We also consider the extension of the S-ECDSA protocol, specifically the additional authentication of the ack acknowledgement messages, based on the finished message handling as seen from Porambage et al [3].…”
Section: Implementation and Evaluation A Protocol Performance Evaluationmentioning
confidence: 99%
“…For the evaluation, we compare the proposed STS implementation against the common static ECDSA [2], [5]. For a fair comparison, as to account for the conventional deployment of these protocols in the field, we did not consider the optimization handling for the parallel operation runs argued in Section IV-C.…”
Be it in the IoT or automotive domain, implicit certificates are gaining ever more prominence in constrained embedded devices. They present a resource-efficient security solution against common threat concerns. The computational requirements are not the main issue anymore. The focus is now placed on determining a good balance between the provided security level and the derived threat model. A security aspect that often gets overlooked is the establishment of secure communication sessions, as most design solutions are based only on the use of static key derivation, and therefore, lack the perfect forward secrecy. This leaves the transmitted data open for potential future exposures by having keys tied to the certificates rather than the communication sessions. We aim to patch this gap, by presenting a design that utilizes the Station to Station (STS) protocol with implicit certificates. In addition, we propose potential protocol optimization implementation steps and run a comprehensive study on the performance and security level between the proposed design and the state-of-the-art key derivation protocols. In our comparative study, we show that with a slight computational increase of 20% compared to a static ECDSA key derivation, we are able to mitigate many session-related security vulnerabilities that would otherwise remain open.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.