Content uploaded by Vinay Chamola
Author content
All content in this area was uploaded by Vinay Chamola on May 27, 2020
Content may be subject to copyright.
1
Lightweight Mutual Authentication Protocol for
V2G Using Physical Unclonable Function
Gaurang Bansal, Member, IEEE, Naren, Vinay Chamola, Member, IEEE, Biplab Sikdar, Senior Member, IEEE,
Neeraj Kumar, Senior Member, IEEE and Mohsen Guizani, Fellow, IEEE
Abstract—Electric vehicles (EVs) have been slowly replacing
conventional fuel based vehicles since the last decade. EVs are
not only environment-friendly but when used in conjunction
with a smart grid, also open up new possibilities and a Vehicle-
Smart Grid ecosystem, commonly called V2G can be achieved.
This would not only encourage people to switch to environment-
friendly EVs or Plug-in Hybrid Electric Vehicles (PHEVs), but
also positively aid in load management on the power grid, and
present new economic benefits to all the entities involved in
such an ecosystem. Nonetheless, privacy and security remains
a serious concern of smart grids. The devices used in V2G
are tiny, inexpensive, and resource constrained, which renders
them susceptible to multiple attacks. Any protocol designed for
V2G systems must be secure, lightweight, and must protect the
privacy of the vehicle owner. Since EVs and charging stations are
generally not guarded by people, physical security is also a must.
To tackle these issues, we propose Physical Unclonable Functions
(PUF) based Secure User Key-Exchange Authentication (SUKA)
protocol for V2G systems. The proposed protocol uses PUFs to
achieve a two-step mutual authentication between an EV and the
Grid Server. It is lightweight, secure, and privacy preserving.
Simulations show that the proposed protocol performs better
and provides more security features than state-of-the-art V2G
authentication protocols. The security of the proposed protocol
is shown using a formal security model and analysis.
Index Terms—authentication, security, smart grid, V2G, PUF
I. INTRODUCTION
Electric Vehicles’ batteries enable the functionality of V2G
networks. The purpose of V2G is to manage the energy trading
for battery-poweblack electric vehicles as well as the power
grid. This is necessary in order to use the grid’s energy more
efficiently [1]. The electrical energy stored in the EV batteries
can serve as a source for the power grid and other energy
deficient EVs. When the load on the grid is high, the energy
stored in the EVs’ batteries could be used to pump power into
the grid. On the other hand, when the load on the grid is low,
the excess power in the grid could be used to charge the EV
batteries and avoid wastage [2]. V2G networks could also be
used for power regulation [3] or for storing power generated by
Gaurang Bansal, Naren and Vinay Chamola are with the Department of
Electrical and Electronics Engineering, BITS-Pilani, Pilani Campus, India
333031 (e-mail: h20140128@pilani.bits-pilani.ac.in, f2015547@pilani.bits-
pilani.ac.in, vinay.chamola@pilani.bits-pilani.ac.in).
Biplab Sikdar is with the Department of Electrical and Computer Engi-
neering, National University of Singapore, Singapore 119077 (e-mail: bsik-
dar@nus.edu.sg).
Neeraj Kumar is with the Department of Computer Science, Thapar
University, Patiala, India 147004 (e-mail: neeraj.kumar@thapar.edu).
Mohsen Guizani is with the Department of Computer Science, Qatar
University, Doha 2713, Qatar (e-mail: mguizani@ieee.org ).
Digital Object Identifier: XXXXXXXXXXXX
CommunicationFlow
ElectricityFlow
ChargingEV
DischargingEV
Charging
PowerGrid
Discharging
Aggregator
Aggregator
Aggregator
Fig. 1: System model
renewable sources such as wind power [4]. Thus, nowadays,
V2G for smart grids presents great practical applications.
The global demand for electrical power is predicted to climb
82% by the year 2030. Therefore, Power grids are aiming
to reduce the number of additional generators required. They
employ demand-response techniques [5] to reduce power con-
sumption and increase efficiency. Although such techniques
offer many benefits, security and privacy issues remain to be
significant downsides [6, 7]. A lot of information is communi-
cated during energy exchange between a vehicle and a service
provider. However, an adversary could compromise this flow
of information, either by tampering with it or capturing it
entirely [8]. This could lead to unfair or imbalanced energy
transactions between the two parties. Moreover, the victim’s
information (that could be captured) may be used in criminal
activities and targeted advertisements. The devices used in
V2G are inexpensive, small, and simple [9]. The EVs are
usually parked in locations which are easy to access. This
means that an adversary could easily capture the V2G devices
on these vehicles. Therefore, it is important to make V2G
entities/devices secure against physical attacks. For instance,
an adversary could access security keys stored in the device
memory and initiate various attacks. Physical Unclonable
Functions (PUFs) have emerged as a promising solution for
protection against physical attacks. PUFs eliminate the need
to store secret keys in the devices’ memory and rely on the
exchange of challenge-response pairs. The challenge-response
mechanism of PUFs exploits the inherent fabrication or man-
ufacturing process variabilities involved in making integrated
2
circuits (ICs) [10]. The response or output of a PUF depends
on both the input as well as the physical microstructure of
the device [11]. The physical randomness induced through the
fabrication process variations makes each PUF device unique,
i.e., two identical copies can never be made.
In V2G systems, an aggregator is a charging station which
acts as a mediator between the EVs and the power grid. Se-
cure communications in such scenarios require authentication
between the EVs and the aggregator, between aggregator and
the grid, and between EVs and the grid as well. The proposed
Secure User Key-Exchange Authentication (SUKA) protocol
achieves the authentications mentioned above using a two-
stage process. Using pseudonym IDs (PID), the identity of
the vehicle is masked to protect the vehicle owner’s identity
and location. Two different session keys are established in
SUKA, one between the aggregator and the grid, and another
between any EV and the aggregator. These session keys are a
function of the PUFs installed on the aggregator and the EV,
respectively. This ensures the secrecy of the communication
and eliminates the need to store any secret keys in the memo-
ries of the EVs and the aggregator. The proposed protocol uses
simple cryptographic operations, which makes it lightweight
and energy efficient. The number of message exchanges is also
limited, which results in a lower communication overhead. The
major contributions of this paper are highlighted below:
•We propose a security scheme, SUKA, for V2G appli-
cations where both the mobile EVs and the stationary
aggregators are provisioned with PUFs for secure com-
munication.
•SUKA puts the safety of the EV and its owner as top
priority by first achieving authenication of the aggregator
with the power grid server. Only if this is achieved,
the aggregator will be able to accommodate the EV.
Our scheme ensures security even in the case of a
compromised aggregator.
•SUKA ensures mutual authentication, identity protection,
message integrity and is tolerant to man-in-the-middle
(MITM) attacks, impersonation attacks, replay attacks
and node tampering attacks without having to store any
secret keys in the EVs or the stationary aggregators. The
records of EVs cannot be tracked even if the EVs and/or
the stationary aggregators are compromised.
•SUKA establishes different session keys between the EV
and the aggregator, and between aggregator and the power
grid server. These session keys change randomly in each
round of authentication and cannot be accessed by an
adversary even if it gains physical access to both the EV
and the aggregator.
The rest of this paper is organized as follows. Section II
discusses the related work in V2G systems. Section III presents
a brief introduction to PUFs, the network model, security
goals, assumptions for the V2G system, and the notations used
in our paper. Section IV presents our MA protocol (SUKA).
Section V presents a formal security analysis of the proposed
protocol. We analyze the performance of our protocol and
compare it with state-of-the protocols in Section VI and finally
conclude the paper in Section VII.
II. RE LATE D WORK
Kempton and Tomi´
c [12] first conceived the idea of V2G
in 2004. Before the protocols for V2G networks could be
developed, the structure of a V2G network had to be well
defined, and the impact of V2G on the power grid had to be
analyzed. This work was carried out by the authors in [13,
14, 15, 16, 17]. Privacy, secure communication, and efficiency
are among the most important aspects of a V2G protocol
[18]. Privacy preservation in V2G environments has received
considerable attention in the existing literature [19, 20, 21, 22].
Yang et al. have presented a protocol P2in [19] which
achieves privacy for individual electric vehicles (EVs) and the
rewarding scheme which is crucial for proper implementation
of V2G. Liu et al. present their scheme, AP 3A, which is
capable of identifying whether an EV is in its home or visiting
network [20]. AP 3Acommunicates the aggregated power
status of the vehicles connected to an aggregator instead of
revealing individual power status, thus achieving privacy for
each EV. Liu et al. have presented a scheme which identifies
the different roles played by an individual EV, i.e., customer,
storage or generator [22]. In each role, their scheme ROP S
addresses different privacy concerns. Tsai and Lo achieve
mutual authentication and identity protection with the use
of one private key which is given by a third-party anchor.
This enables the smart-meters to quickly authenticate with the
service provider. Abdallah and Shen propose a computation-
ally less intensive privacy-preserving scheme in [24]. They
identify that the authentication of EVs in the V2G system is
specifically problematic. Therefore, the power grid takes the
responsibility of ensuring the confidentiality and integrity of
the communication. By reducing the number of exchanged
messages, they achieve less overhead. Odelu et al. present
a secure authenticated key agreement scheme [25] under the
Canett-Krawczyk adversary (CK-adversary) model for smart
grids. Shen et al. propose a privacy-preserving key agreement
protocol for V2G networks in [26]. Their protocol ensures
security by the use of a session key and ensures privacy using
a self-synchronization mechanism.
Protocols for authentication in V2G environments have been
proposed in [27, 28, 29]. Saxena and Choi have presented an
authentication scheme for large V2G networks where vehicles
move from their home network to other networks as visitors
[30]. They propose a mutual authentication scheme which pro-
tects against impersonation, key-based and data-based attacks.
Tao et al. have presented capacity-aware protocol AccessAuth
in [31] which takes into consideration the capacity limitations
of each V2G network domain, of the EVs, and the mobility of
the EVs for admission control. Based on prior information of
trust between V2G network domains, they present a high-level
authentication model and procedure to ensure that only autho-
rized entities conduct the sessions. Gope and Sikdar have used
one-way noncollision hash functions to propose a lightweight
mutual authentication protocol [32]. Fouda et al. have pro-
posed a lightweight message authentication scheme in [33].
In their scheme, smart meters at different levels in the smart-
grid achieve mutual authentication among themselves, and a
shared session key is established. They achieve lightweight
3
message authentication using this shared session key along
with a hash-based authentication code mechanism. Although
this scheme was presented for smart grid communications, it
can very well be extended to V2G networks.
While many privacy-preserving, lightweight mutual au-
thentication, and key establishment protocols exist for V2G
systems, none of them provide all the required security and
privacy features along with protection against all types of
attacks, especially protection against physical attacks. If a
protocol does provide perfect security, then it either requires
resource-heavy hardware or is computationally complex.
III. NOTATIO NS
Table I lists the notations used in this paper and their
descriptions.
TABLE I: Notations
Notation Description
V, IDVVehicle and its ID
M, IDMAggregator(mediator) and its ID
GGrid Server
kConcatenation operator
⊕XOR operation
FA public non-linear function
{Msg}k
Message Msg is encrypted
using key k
MsgP2Q
Message Msg is sent from
V2G entity Pto Q
MAC(X)Message authentication code
(MAC) of X
NA, NB, NC
NI, NO, NV
Nonces generated
at different stages
(C, K),(C0, K0)
(C00, K 00),(C#, K#)Challenge-response pairs of PUF
IV. PRELIMINARY BACKG ROU ND
A PUF is based on a unique physical property of a device
which is unique as the biometrics of a human. The distin-
guishing attribute of a PUF is that it relies on a physical basis,
making it impossible to reproduce a PUF using cryptographic
primitives. Additionally, the term “physical unclonable” in-
dicates that it is computationally infeasible or difficult to
produce a physically identical PUF [34]. By using PUFs in
an interconnected system such as IoT or V2G systems, every
single device can have its own unique “fingerprint” which
cannot be cloned or reproduced [35]. A PUF behaves like
a mathematical function whose input (challenge) and output
(response) are both in the form of a string of bits. A PUF
function can be represented as:
K=P U F (C)(1)
where the challenge Cis given as input and response, Kis
the corresponding output to that challenge.
PUFs are designed deliberately so that the response to a par-
ticular challenge depends on the individual physical disorder
present in the PUF. Therefore, each PUF response is not only
a function of the challenge applied, but also a function of its
physical disorder. While it is clear that different challenges to
the same PUF will give different responses, PUFs also show
the following unique characteristics with respect to their input
Cand output K:
1) If an input Cis given to the same PUF many times,
it produces the same response Kwith a very high
likelihood.
2) If the same input Cis given to different PUFs, the
responses obtained from each PUF differ greatly from
each other with a very high likelihood.
The characteristics mentioned above apply to non-ideal PUFs.
Due to environmental and circuit noises, a non-ideal PUF
cannot guarantee the exact same response Kfor an input C,
hence the word ‘high likelihood’ was used above. There will
always be some bit-errors depending on the type of PUF used.
Although error correcting techniques such as fuzzy extractors
could be used in order to combat this problem, that would
result in unnecessary overhead for the MA process. Therefore,
the PUFs employed in the proposed protocol have to be ideal
in nature, i.e., without any bit errors. This would ensure 100%
availability of the V2G system.
In the past few years, several types of ideal PUFs have
been developed, which ensure 0% Bit-Error-Rate (BER) over
a wide range of temperature and voltage fluctuations. The
authors of [36] have been able to achieve 0% BER in SRAM
PUFs, the authors of [37] achieved 0% Bit-Error-Rate (BER)
design with their VIA-PUF. Several other works [38, 39, 40]
have also been able to achieve 0% Bit-Error-Rate (BER).
These ICs are very small, measuring just a few millimeters in
dimensions and require just a few Volts (1-5 V) to operate,
which makes them ideal for the V2G scenario. By using
Ideal PUFs with on-board computers in V2G systems, stable
key generation can be achieved without the need for any
dedicated error correction hardware or software components
and thus promise lightweight and high-security performance
when used in V2G systems. However, ideal PUFs have been
developed very recently and have only been fabricated for
research purposes. Techniques to incorporate these PUFs on
the on-board computers of V2G systems, or System-on-Chip
designs (SoCs) with built-in PUFs do not exist at present.
Research and development of such ideal-PUF based solutions
for V2G systems to properly implant PUFs in the on-board
computers of EVs or aggregators can be considered as future
work, but further discussion on this topic is beyond the scope
of this paper.
V. SYSTEM MODEL
A. Network Model
Figure 1 depicts the system model. This model consists of
three entities: EVs, aggregators (or mediators), and the grid.
An aggregator is a charging/discharging station where many
vehicles can come to charge/discharge their batteries. It acts as
a mediator between the EVs and the grid. EVs and aggregators
have limited resources, while the grid has significantly larger
resources. Aggregators and EVs have similar capabilities, but
4
aggregators have slightly larger memory and computation
power. As can be seen in Figure 1, multiple vehicles are
connected to an aggregator, and multiple aggregators connect
to the power grid. Our objective is to develop a mutual
authentication (MA) protocol between EVs and the grid. The
device on every vehicle and aggregator is equipped with a PUF.
Since a vehicle does not communicate directly with the grid,
to achieve MA between these two non-communicating parties,
all the intermediary nodes must be authenticated. Thus, MA
between the grid and a vehicle can be divided as MA between
the aggregator and the grid along with MA between the vehicle
and the aggregator. We assume here that there is no shared
key between a vehicle and its corresponding aggregator or
between an aggregator and the grid. Whenever a new vehicle
wants to register on the network, its challenge-response pair is
stored in the grid server. The grid is the only trusted authority,
and therefore, challenge-response pairs for all vehicles are
stored only in the grid. Nothing else is assumed in further
communication.
The server on the power grid starts with a set of initial
challenge-response pairs, (C, K)for each aggregator and
(C00, K 00)for each EV. The aggregator acquires this initial
set (C00, K 00)for the EV once the aggregator itself mutually
authenticated with the grid server. To set up a new aggregator
in a location or to deploy a new vehicle or on the roads,
initialization involves the initial set (C00, K 00)/(C, K)to be
sent to the power grid server using a secure channel. This
initialization can be done using a time-based one-time pass-
word algorithm (TOTP) [41] and an operator using a password.
After this exchange, the aggregator or vehicle can function
on its own without needing any operator or secure channel.
The grid server stores the actual identity IDM/I DV, and their
corresponding challenge response pairs, (C, K)and (C”, K”),
for each aggregator and vehicle, while the aggregators or
vehicles themselves do not store anything. At the end of the
protocol, the ID of the EV, IDV, is replaced with pseudo-
identities for further exchanges.
We assume that an adversary can get hold of any commu-
nication that is happening between the EV and the aggregator
or the aggregator and the grid. An adversary has the power
to change, manipulate, and hide the data. It can inject new
packets, store the old messages, initiate a session, or pretend
to be a valid device. The objective of an attacker or adversary
is to gain access to the grid without being noticed. Adversaries
may be EV owners who want to exploit the V2G system in
order to cheat the service provider to charge their vehicles
for free or to get more money from the service provider when
they supply power to the grid from their EV. They may also be
rogue or unauthorized aggregators set up to cheat EV owners
by charging very high prices or not paying the EV owner
for the power they acquire. Such aggregators may also be
selling personal information of the EV owner to third-party
entities for the purpose advertisements. Adversaries may also
be criminals who may want to track the location/behaviour of
an EV owner by recording the aggregators visited by the EV
or criminals who may want to authenticate with the aggregator
with some other EV’s identity in order to escape the payment.
If an unauthorized or potentially dangerous entity manages
to authenticate with the grid server, it may disrupt energy
transactions and cause economic damage. Therefore, this paper
proposes a MA protocol that is resistant to various attacks such
as replay attacks, man-in-the-middle attacks, impersonation
attacks, etc.
B. Security Goals
1) Confidentiality: The energy transaction data must not
be visible to any unauthorized entity. For this, commu-
nication must be secret throughout, i.e., end-to-end. If
an unauthorized entity from either within the system
such as vehicles authenticated with other aggregators
or the currently connected aggregator gains access to
the messages which contain energy transaction details,
it must be impossible to make sense of it.
2) Message Integrity: It must be possible for the smart
grid server to verify if the message it receives from
the aggregator has been tampered with or compromised.
Since EVs and the grid server do not communicate
directly, the aggregator must also be able to do the same
for the messages received from the EVs.
3) Identity privacy: It must be impossible for an unautho-
rized entity to get hold of any personal information of the
vehicle owner of an EV. Even if an unauthorized entity
eavesdrops on the data exchanged within the V2G system,
it must not be able to figure out that the data is from a
particular vehicle or that two transactions are from the
same vehicle.
4) Authentication: Before any energy transaction can be
made, the aggregator must be authenticated with the grid
server. The aggregator must also be authenticated with
the vehicle, thus preventing any false energy exchanges.
C. Assumptions
The assumptions made in this paper are as follows:
•PUF is a small hardware component that is present with
each participating device and is unique.
•The communication between a device and its PUF is
secure and tamper-proof.
•The grid is considered as a trusted authority and has
sufficient resources. On the other hand, EVs have limited
resources in terms of memory and computation power.
VI. PRO PO SE D MUT UAL AUTHENTICATION PROTOCOL
This section presents the proposed mutual authentication
protocol between the vehicle and the grid. Mutual authentica-
tion between the vehicle and the grid can be divided as mutual
authentication between:
•Aggregator and grid.
•Vehicle and aggregator.
A. Mutual Authentication Between Aggregator and Grid
Server
1) When a vehicle wants to make a transaction, the aggre-
gator must authenticate the vehicle. The vehicle sends its
ID (IDV) along with a randomly generated nonce (NV)
to the aggregator with MsgV2M={IDV, NV}.
5
EV Aggregator
.
IDV,NV
.
.
Grid
Server
IDM,NI
SelectIDM
GeneratenonceNI
Checkif(IDM)exists?
Checkif(NI)isfresh?
Corresponding(C,K)frommemory
GeneratenonceNB
M1=NIXORF(K0,NB)
M2=NBXORF(K1,M1)
M3=M1XORF(K2,M2)
......
Mm-1=Mm-3XORF(Km-2,Mm-2)
Mm=Mm-2XORF(Km-1,Mm-1)
M=(Mm||Mm-1)XORKm
N=mXORK0
C,M,N,MAC(IDM||M||m||NB)
Evaluate K = PUF(C)
m=NXORK0
CalculateMmandMm-1usingKmXORM
Mm-2=MmXORF(Km-1,Mm-1)
......
CalculateNBandverifyMAC
Generate(C',K')pairandnonceNC
M'i=K'iXORKi
M''=M'0||M'1||.......M'm
N'=NCXORK0
SessionKey(Sk)=F(K0,NB)XORF(K0,NC)
C',M'',N,N',MAC(IDM||M''||m||NC||Sk)
Calculate:
NCusingN'andK0
K'iusingM'iandKi
VerifyMAC
Store(C',K')
SessionKey(Sk)=F(K0,NB)XORF(K0,NC)
EncodeusingSessionKey
Fig. 2: Mutual authentication between aggregator and the power grid server.
2) The aggregator generates another random number, i.e.,
nonce (NI), and sends it along with its ID (IDM) to the
grid server with MsgM2G={IDM, NI}.
3) The first stage of our protocol begins with the aggre-
gator authenticating with the power grid server. This is
shown in Figure 2. The grid server receives a message
(MsgM2G={IDM, NI}) from the aggregator. It checks
if IDMexists in its memory and whether NIis fresh. If
either of the conditions fails, the authentication request
initiated by aggregator is terminated. Using IDM, it finds
the corresponding challenge-response pair (C, K)(Kcan
be split into m+ 1 sub-strings) in its memory:
K= (K0, K1, K2,· · · , Km)
It also generates a nonce (NB). To encrypt the message,
the server uses a block-based encryption mechanism with
mrounds. Let Fbe any non-linear function which is
public to everyone. Thus, even an adversary can know
what Fis. It can be verified that the security of the
protocol does not depend on F. The grid server then
computes the following:
M1=NI⊕F(K0, NB)
M2=NB⊕F(K1, M1)
Mi=Mi−2⊕F(Ki−1, Mi−1),3≤i<m
Mm=Mm−1⊕F(Km−1, Mm−1)
M= (Mm−1||Mm)⊕Km
N=m⊕K0
4) The grid server sends C,M,Nalong with a MAC
(message authentication code) to the aggregator IDM,
as shown just after the first block under grid server in
6
c
EV Aggregator
IDV,NV
.
Grid
Server
IDM,NI
SelectIDM
GeneratenonceNI
DecryptwithSk
GeneratenonceNA
D1=NVXORF(K''0,NA)
D2=NAXORF(K''1,D1)
D3=D1XORF(K''2,D2)
......
Dm-1=Dm-3XORF(K''m-2,Dm-2)
Dm=Dm-2XORF(K''m-1,Dm-1)
D=(Dm||Dm-1)XORK''m
P=mXORK''0
E([C'',K''],Sk)
EvaluateK''=PUF(C'')
m=PXORK''0
CalculateDmandDm-1usingK''mXORD
Dm-2=DmXORF(K''m-1,Dm-1)
......
CalculateNAandverifyMAC
Generate(C#,K#)pairandnonceNO
P'=NOXORK''0
SessionKey(Sk2)=F(K''0,NA)XORF(K''0,NO)
PIDV=IDVXORK''0
P',E([C#,K#,PIDV],Sk2)
MAC(IDV||m||NO||Sk2)
Calculate:
NOusingP'andK''0
SessionKey(Sk2)=F(K''0,NA)XORF(K''0,NO))
VerifyMAC
C'',D,P,MAC(IDV||D||m||NA)
Mutual Authentication Established
Session Key (Sk)
IDV,NV
SessionKeyEstablished
DecryptwithSkfollowedbySk2
toobtainandstore(C#,K#)andPIDV
E([E([C#,K#,PIDV],Sk2),Sk2],Sk)
Checkif(IDV)exists?
Checkif(NV)isfresh?
EncryptCorresponding(C'',K'')withSk
Fig. 3: Mutual authentication between electric vehicle and the aggregator.
Figure 2. The MAC is used to verify a few security
essentials. The first parameter in the MAC is to identify
the correct aggregator. Data integrity is ensured by the
second and third parameters. The freshness of the source
(grid server in this case) is identified by NB, which is
the last parameter. We use the same approach in the later
stages of the protocol as well.
5) On receiving the message from the grid server, aggregator
IDMgenerates the key Kas given in (1) using received
challenge Cas the input to its PUF. Then, the aggregator
calculates m, as shown below:
m=N⊕K0.(2)
6) Using mand K, it then finds NBas shown in the
following equations by applying the same transformations
used in encryption operations of step 3.
7
Mm−1||Mm=M⊕Km
Mi−2=Mi⊕F(Ki−1, Mi−1),3≤i<m
NB=M2⊕F(K1, M1)
NI=M1⊕F(K0, NB).
The aggregator uses the MAC to verify the source of the
message, checks if its integrity has been compromised,
and determines whether the message is fresh or not.
If it fails to verify these security traits, authentication
is terminated by the aggregator. Else, a nonce NCis
generated. For future authentication, it generates a new
random challenge-response pair (C0, K0)using its PUF
and split K0into m+ 1 sub-strings:
K0= (K0
0, K0
1, K0
2,· · · , K0
m).
It then calculates M0
i,M00,N0and session key Skas
follows:
M0
i=K0
i⊕Ki
M00 =M0
0||M0
1||.....||M0
m
N0=NC⊕K0
Sk=F(K0, NB)⊕F(K0, NC).
7) Then, the aggregator sends C0,M00,N,N0, as well as the
MAC to the grid server. Next, it erases interim variables
from its memory. This time the MAC includes a fifth
parameter which is the session key, Sk. This ensures that
both aggregator and grid server have the same session
key.
8) On receiving the message from the aggregator, the grid
server calculates NCusing N0and K0, obtains K0using
Mand K, and stores (C0, K0)in its memory. Then,
it calculates the session key, Skand verifies the MAC.
With the session key now established, MA between an
aggregator and the grid server is complete.
NC=N0⊕K0
K0
i=M0
i⊕Ki
Sk=F(K0, NB)⊕F(K0, NC)
B. Mutual Authentication between Vehicle and Aggregator
Mutual Authentication between Vehicle and Aggregator of
the proposed protocol is quite similar to Mutual Authentication
between Aggregator and Grid. Therefore, we only discuss the
key differences here, while the entire protocol is presented in
Fig. 3. The protocol for aggregator and grid server establishing
a session key Skbetween themselves, is shown as a small
box in Figure 3. The key difference of this stage is that, in
the first block under the EV, as shown in Figure 3, the EV
then calculates its new pseudonym or pseudo-ID, P IDV, to
be used the next time it wants to authenticate. This ensures
identity protection because an adversary will not be able to
figure out whether a previous transaction belonged to the same
EV or not. The pseudo-ID of the EV is also sent to the grid
server in message MsgM2G.
P I DV=IDV⊕K00
0
MsgM2G=E([E([C#, K#, P I DV], Sk2), Sk2], Sk)
The grid server decrypts message MsgM2Gwith Skto ob-
tain E([C#, K#, P I DV], Sk2)and Sk2. Next, it decrypts
E([C#, K#, P I DV], Sk2)with Sk2to obtain and store in
its memory the new challenge-response pair of the vehicle
(C#, K#), and the new pseudo-ID P I DV. If any hijacker
tries to tamper with the aggregator device, its PUF will be
destroyed and the protocol will not proceed to this stage.
Therefore, the adversary will not be able to access the new
pseudo-ID.
VII. SECURITY ANALYSIS
In this section, we formally show that our MA protocol is
secure. We use Mao and Boyd logic [42] which is extensively
used for security analysis of protocols. In our analysis, we
denote vehicle IDV, aggregator I DM, and the grid server by
V,M, and G, respectively.
A. Mao-Boyd Logic
The basic building blocks of Mao-Boyd Logic listed below
are necessary to understand the protocol verification.
1) A B:Abelieves Bis legitimate and that it may
function correspondingly.
2) A
K
|∼ B:Aencrypted Busing key K.
3) AK
/ B:Asees Busing decipherment key K.
4) AK
↔B:Kis a valid shared key between entities Aand
B.
5) #(N): Nonce Nis new and fresh.
6) sup(P):Pis a credible and reliable entity.
7) A/ kM: Entity Adoes not have access to message M.
In our proof we use several inference rules of Mao and Boyd
logic which are listed in Table II. In the rules, ‘V’ represents
the logical AND of two statements. If P,Qare statements,
and the inference of their logical AND is statement R, it is
written in Mao and Boyd logic as R
PVQ.
B. Security Analysis
First, let us consider the MA between an aggregator and
the power grid server. We first prove the statement “Mis
convinced NBis a valid shared key between Mand G”. The
following proof is summarized in Mao and Boyd logic in Fig.
4a. The challenge-response pair of M,(C, K)is stored in
G, therefore it can be said that “Mand Ghave a well-kept
secret K”. In Mao and Boyd logic, this is written as shown in
equation (i). Using K, the aggregator is able to decipher the
variable Min message 3 of the protocol and obtain NBand
NI. Therefore, “Msees NIwith decipherment key K” which
is (ii) and “Msees NBwith decipherment key K” which is
(vi).
M M K
↔G(i)
MK
/ NI(ii)
8
M M
NB
↔G
M{M,G}c/kNB
M G {M,G}c/kNB
M G MK
↔G
M#(NI)V
M G
K
|∼NI
M M K
↔GVMK
/NI
VM G {M}c/kNBV
M G
K
|∼NB
M M K
↔GVMK
/NB
VM sup(G)
VM sup(G)V
M#(NB)
M#(NI)VM/NIRNB
MK
/NIRNB
(a) Proof for: “Mis convinced that NBas a valid shared key between Mand G”.
M M
NC
↔G
M{M,G}c/kNC
M M K
↔GVM Gc/kNCVM
K
|∼NC
VM#(NC)
(b) Proof for: “Mis convinced that NCis
a valid shared key between Mand G”.
G M
NC
↔G
G{M,G}c/kNC
G M {M ,G}c/kNC
G M M K
↔G
G#(NB)V
G M
K
|∼NB
G M K
↔GVGK
/ NB
VG M {G}c/kNCV
G M
K
|∼NC
G M K
↔GVGK
/ NC
VG sup(M)
V
G#(NC)
G#(NB)VG/NBRNC
GK
/ NBRNC
(c) Proof for: “Gis convinced that NCis a valid shared key between Mand G”.
G M
NB
↔G
G{M,G}c/kNB
G M K
↔GVG Mc/kNBVG
K
|∼NB
VG#(NB)
(d) Proof for: “Gis convinced that NBis
a valid shared key between Mand G”.
G MK0
↔G
G{M,G}c/kK0
G M {M ,G}c/kK0
G M M K
↔G
G#(NB)V
G M
K
|∼NB
G M K
↔GVGK
/ NB
VG M {G}c/kK0V
G M
K
|∼K0
G M K
↔GVGK
/ K0
VG sup(M)
V
G#(K0)
G#(NB)VG/NBRK0
GK
/ NBRK0
(e) Proof for: “Gis convinced that K0is a valid shared key between Mand G”.
M MK0
↔G
M{M,G}c/kK0
M M K
↔GVM Gc/kK0VM
K
|∼K0
VM#(K0)
(f) Proof for: “Mis convinced that K0is
a valid shared key between Mand G”.
Fig. 4: Proof for authentication between aggregator and power grid server
V V
NA
↔M
V{V,M }c/kNA
V M {V ,M}c/kNA
V M V K00
↔M
V#(NV)V
V M
K00
|∼NV
V V K00
↔MVVK00
/ NV
VV M {V}c/kNAV
V M
K00
|∼NA
V V K00
↔MVVK00
/ NA
VV sup(M)
VV sup(M)V
V#(NA)
V#(NV)VV /NVRNA
VK00
/ NVRNA
(a) Proof for: “Vis convinced that NAas a valid shared key between Vand M”.
V V
NO
↔M
V{V,M }c/kNO
V V K00
↔MVV Mc/kNOVV
K00
|∼NO
VV#(NO)
(b) Proof for: “Vis convinced that NOis
a valid shared key between Vand M”.
M V
NO
↔M
M{V,M }c/kNO
M V {V ,M}c/kNO
M V V K00
↔M
M#(NA)V
M V
K00
|∼NA
M V K00
↔MVMK00
/ NA
VM V {M}c/kNOV
M V
K00
|∼NO
M V K00
↔MVMK00
/ NO
VM sup(V)
V
M#(NO)
M#(NA)VM/NARNO
MK00
/ NARNO
(c) Proof for: “Mis convinced that NOis a valid shared key between Vand M”.
M V
NA
↔M
M{V,M }c/kNA
M V K00
↔MVM V c/kNAVM
K00
|∼NA
VM#(NA)
(d) Proof for: “Mis convinced that NAis
a valid shared key between Vand M”.
M V K#
↔M
M{V,M }c/kK#
M V {V ,M}c/kK#
M V V K00
↔M
M#(NA)V
M V
K00
|∼NA
M V K00
↔MVMK00
/ NA
VM V {M}c/kK#V
M V
K00
|∼K#
M V K00
↔MVMK00
/ K#
VM sup(V)
V
M#(K#)
M#(NA)VM/NARK#
MK00
/ NARK#
(e) Proof for: “Mis convinced that K#is a valid shared key between Vand M”.
V V K#
↔M
V{V,M }c/kK#
V V K00
↔MVV Mc/kK#VV
K00
|∼K#
VV#(K#)
(f) Proof for: “Vis convinced that K#is
a valid shared key between Vand M”.
Fig. 5: Proof for authentication between EV and aggregator
9
TABLE II
Name Inference Rule
Authentication rule
P Q
K
|∼M
P P K
↔QVPK
/ M
Nonce-verification rule
P Q P K
↔Q
P#(M)VP Q
K
|∼M
Confidentiality rule
P(S∪{Q})c/kM
P P K
↔QVP Sc/kMVP
K
|∼M
Super-principal rule
P X
P Q X VP sup(Q)
Intuitive rule P /M
PK
/ M
Good Key rule
P P K
↔Q
P{P,Q}c/kKVP#(K)
Fresh rule
P#(N)
P#(M)VP /NRM
Applying the authentication rule to statements (i) and (ii),
we obtain “Mbelieves Gencrypted NIusing key K” which
is (iii). Since Mgenerates a new nonce NIeach time, we
can say “Mbelieves NIis new and fresh” which is (iv). On
applying the nonce-verification rule to (iii) and (iv) we obtain
(v) which is “Mis convinced that Gis convinced that Kis
a well-kept secret between Mand G”.
M G
K
|∼ NI(iii)
M#(NI)(iv)
M G M K
↔G(v)
We then apply authentication rule to (i) and (vi), to obtain
(vii) which is “Mis convinced that Gencrypted NBusing
K”. Since Ggenerates a new nonce NBeach time, Mis
knows that no one apart from Gcould have seen NB. Thus,
we have the statement “Mis convinced that Gis convinced
that no one other than Mhas access to NB” which is (viii).
Applying the confidentiality rule to (v), (vii) and (viii) we get
(ix) which states “Mis convinced that Gis convinced that no
one other than Mand Bhas access to NB”.
MK
/ NB(vi)
M G
K
|∼ NB(vii)
M G {M}c/kNB(viii)
M G {M, G}c/kNB(ix)
It is assumed in the protocol that Gis a credible and reliable
entity and Mbelieves this as fact. Hence, the statement
“Mbelieves that Gis a credible and reliable entity (super-
principal)” which is (x). Next, we apply the super-principal
rule to statements (ix) and (x), to obtain (xi) which is “Mis
convinced that no one other than Mand Ghas access to NB”.
To proceed further we need to understand a few definitions and
rules of message idealization from [42] which are discussed
in the Appendix.
In message 2 of the Fig. 2 Msends NIto G. As a response,
Gsends NBin message 3 by encrypting it inside variable
M. By deciphering variable M,Gobtains nonces NIand
NB. Therefore, according to the message idealization rules
presented in the appendix, NIcan be considered as a challenge
and NBcan be considered its response. Note that these are not
the same challenge-response pair (C, K)of the PUF. Thus we
arrive at the statement “Mcan see the replied challenge NI
and the response NBwith decipherment key K” which is (xii).
On applying the intuitive rule to (xii), we get (xiii) which is
“Mcan see the replied challenge NIand the response NB”.
M sup(G)(x)
M{M, G}c/kNB(xi)
MK
/ NIRNB(xii)
M / NIRNB(xiii)
We then apply the fresh rule to (iv) and (xiii), we obtain
statement (xiv) which is “Mbelieves NBis new and fresh”.
M#(NB)(xiv)
M M NB
↔G(xv)
Finally, we apply the good-key rule to statements (x), (xi)
and (xiv) to prove the statement “Mis convinced that NBis
a valid shared key between Mand G”.
In a similar manner the proof for “Gis convinced that
NBis a valid shared key Mand G” is shown in Fig. 4d.
The statements “Mis convinced that NCis a valid shared
key between Mand G” and “Gis convinced that NCis
a valid shared key between Mand G” are shown in Fig.
4b and Fig. 4c respectively. The statements “Mis convinced
that K0is a valid secret key between Mand G” and “Gis
convinced that K0is a valid secret key between Mand G” are
shown in Fig. 4f and Fig. 4e respectively. In these figures, the
logical AND operation between two statements is represented
by a ‘V’. Thus, we have shown that an adversary cannot see
NB,NCor K0. The three variables NB,NCand K0are
critical because without them an adversary cannot decipher the
communicated data. The Mao Boyd formal proof discussed
above has proven the secrecy of NB,NCand K0which is
10
regardless of the kind of attack used by the adversary such
as man-in-the-middle (MITM) attack, masquerade attack, or
replay attack. In a very similar manner, the Mao and Boyd
logic proofs for the MA between the EV and the aggregator
can be obtained to establish that the critical variables of this
stage, i.e, NA,NOand K00 cannot be obtained by an adversary,
the proofs of which are shown in Fig. 5a - 5f. Note that
even if an attacker physically hijacks the aggregator or the
EV, by virtue of the property of PUF discussed in section I,
it is ensured that the adversary cannot obtain the legitimate
challenge-response pairs. Additionally, there are no secrets
stored on the aggregator or the EV itself. Thus, physical
security and protection against node tampering attack are also
guaranteed. Untraceablity is ensured by using a pseudo-ID,
P I DVas shown in Fig. 3.
The parameters used in generating the session key Skare
K0,NBand NCand the parameters used in generating session
key Sk2are K00
0,NAand NO. The nonces NB,NC,NAand
NOare cryptographic nonces which are randomly generated in
every session. As already discussed in section VI, the freshness
of the nonce is a necessary condition which is checked at
several stages of the MA protocol. Unless freshness is verified,
MA does not take place. In addition, the challenge response
pairs used in the protocol (C, K),(C0, K0),(C”, K ”) and
(C#, K#)are all randomly generated. First a challenge is
randomly generated and its corresponding PUF response is
obtained. The output of a PUF depends both on the physical
disorder as well as the applied challenge, hence the response
obtained for each challenge will not only be random, but also
very different from each other. Therefore K0and K00
0will
change randomly in each authentication round. The combined
effect of the randomness of these variables and the non-
linearity of the function Fguarantee that a unique session
key is obtained in each round for both stages of the protocol.
VIII. COMPARISON AND ANALYSI S
A. Security Goals And Protection Against Various Attacks
A comparison of the security features of our protocol with
a different state of the art protocols currently in use in V2G
systems is presented in Table III. “3” indicates that the
protocol possesses a feature or is secure against an attack. A
blank indicates that the protocol lacks a feature or is insecure
against an attack. All the mentioned protocols provide MA
except [24]. Without MA, a participating entity can neither
verify if it is sending a message to a trusted entity, nor can
it verify if the message it received is from a trusted entity.
With MA, both the sending and receiving parties can be
sure of each other’s authenticity. Identity protection is not
provided by the protocol in [23]. Consequently, an attacker
may easily figure out the real identity of the EV by looking
at the usage data. The protocols in [20] and [22] do not
provide message integrity. Our protocol uses MAC to ensure
this. All the entities (EVs, aggregators and grid server) can
easily detect any tampering in the messages they receive. The
protocol in [20] is vulnerable to man-in-the-middle attacks. An
adversary may insert itself between the communication of an
EV and the aggregator, or between the aggregator and the grid
server and gain control of the communication between them.
The protocols in [19], [20] and [22] are vulnerable against
impersonation attacks. The protocols in [20] and [22] are not
secure against replay attacks. The protocols in [20] and [23] do
not provide session key security. Physical security is provided
only by the proposed protocol (SUKA). As mentioned in
Section V-B, an attacker that captures an EV device must
not be able to gather any secrets. As also mentioned in
Section I, almost all authentication protocols proposed in the
literature require that the EVs store at least one secret in their
memory, if not more. Such storing of secrets on any device
renders the protocols vulnerable to physical attacks. The MA
protocol proposed in this paper has two features which make it
resistant to any physical attacks: (i) EVs and aggregators need
not store any secrets in their memory; (ii) there is a secure
communication between the EV’s microcontroller and its PUF
since they are both on the same chip [43]. Thus, even though
an attacker may physically capture the device, it would be
impossible for them to extract any secrets. Therefore, SUKA
is resilient against physical attacks. The papers in [19], [20]
[22], [24] and [31] do not provide a formal security proof for
their proposed protocols.
B. Computation Overhead
In Table IV, we present a comparison of the computation
costs of our protocol with some state-of-the-art protocols
which have a similar system model as ours. The comparison
is for the case where one EV is authenticating with the grid.
The number of cryptographic operations, pairing operations,
encryption/decryption, hash operations, MAC computations
and PUF executions are listed for one round of authentication,
setting m= 3. Our protocol uses only 33 cryptographic
operations (which include XOR, addition, scalar multiplication
and exponential computation) compared to 37 in [30] and 36 in
[20]. Our protocol uses zero pairing operations. While [20] has
only 2 encryption/decryption operations and 4 MAC/HMAC
computations, it has 9 hash function computations while
ours has zero. Although [30] has no encryption/decryption
operations or MAC/HMAC computations, it has 16 hash
computations while ours has none. While there is no physical
security in [19], [20] and [30], our protocol is physically
secured by the use of PUFs, which requires 2 operations. We
argue that the overall performance of our protocol is much
better due to lesser computation overhead and far superior
security features.
C. Performance Comparison
We simulated the operations carried out by an EV in the
security schemes of [19], [30] and [20], all of which have a
similar system model as SUKA. The simulations were carried
out in Python 2.7 on a PC with Intel Core i5-5200U processor
with 8GB DDR3 RAM. Fig. 6, shows the time consumed by
the EV in every round of authentication in the considered
schemes. The EV consumes 3.682 ms, 3.072 ms, 2.022 ms
in the security schemes of [19], [30] and [20] respectively
whereas only 0.845 ms in SUKA. Therefore, SUKA is more
efficient than state-of-the-art security schemes.
11
TABLE III: Comparison of Security Features
Features [18] [19] [20] [22] [23] [24] [31] SUKA
Mutual Authentication 33333 33
Identity Protection 3 3 3 3 3 3 3
Message Integrity 3 3 3 3 3 3
Man-In-The-Middle Attack 33 33333
Impersonation Attack 3 3 3 3 3
Replay Attack 3 3 3 3 3 3
Session Key Security 3 3 3 3 3 3
Physical Security 3
Formal Security Proof 3 3 3
TABLE IV: Comparison of computation overhead
Operations [19] [20] [30] SUKA
Cryptographic operations
(⊕, +, scalar multiplication
and exponent)
81 36 37 33
Pairing 19 - - -
Encryption/Decryption - 2 - 6
Hash (H) 6 9 16 -
MAC/HMAC 7 4 - 8
PUF - - - 2
[19] [30] [20] SUKA
Schemes Considered
0
0.5
1
1.5
2
2.5
3
3.5
4
Time Consumed (in seconds)
10-3
Fig. 6: Comparison of time consumed by EV for MA in SUKA
and the security schemes of [19], [30] and [20].
IX. CONCLUSION
This paper proposed MA protocols for the two stages or
steps which arise in a V2G system: (i) For MA between
the aggregator and the grid server, and (ii) for MA between
EV and aggregator. The proposed protocol (SUKA) uses a
challenge-response architecture, which is enabled by PUFs.
This gives our proposed protocol the advantage of not having
to store any secret information in EVs and aggregators. Secrets
are stored only in the grid server. Only one challenge-response
pair is stored in the server for every EV. Two session keys are
established when an EV wants to authenticate with the grid
server: one session key between the aggregator and the grid
server, and another one between the EV and the aggregator. We
showed that SUKA achieves MA, identity protection, message
integrity, physical security, and session key security along
with protection against various attacks such as MITM attacks,
replay attacks and impersonation attacks. SUKA is proven
formally secure by Mao and Boyd logic and uses simple
computations, which makes it very efficient and fast. Hence,
the proposed protocol is a viable solution for upcoming V2G
systems.
X. AC KN OWLEDGEMENT
This research was supported in part by Singapore Ministry
of Education Academic Research Fund Tier 1 (R-263-000-
D62-114).
APPENDIX
A. Rules of Message Idealization
•A message without any symbols is called an atomic
message (AM).
•If an AM is sent at one stage of the protocol by a node
and received by the same node in another stage of the
protocol, it is called a challenge.
•Achallenge sent to its originating node is called a replied
challenge.
•If an AM and a response are sent together by a single
node for the first time, it is called a response.
•AMs which are not challenges or responses are treated as
nonsense and are discarded.
•In case an AM qualifies as a challenge and response in a
single line, it is considered a response.
•Areplied challenge and its response together is denoted
as Response RRC.
REFERENCES
[1] B. K. Sovacool and R. F. Hirsh, “Beyond batteries: An examination of
the benefits and barriers to plug-in hybrid electric vehicles (phevs) and
a vehicle-to-grid (v2g) transition,” Energy Policy, vol. 37, no. 3, pp.
1095–1103, 2009.
[2] C. D. White and K. M. Zhang, “Using vehicle-to-grid technology
for frequency regulation and peak-load reduction,” Journal of Power
Sources, vol. 196, no. 8, pp. 3972–3980, 2011.
[3] H. Liu, Z. Hu, Y. Song, and J. Lin, “Decentralized vehicle-to-grid control
for primary frequency regulation considering charging demands,” IEEE
Transactions on Power Systems, vol. 28, no. 3, pp. 3480–3489, 2013.
[4] H. Lund and W. Kempton, “Integration of renewable energy into the
transport and electricity sectors through v2g,” Energy policy, vol. 36,
no. 9, pp. 3578–3587, 2008.
[5] L. Gelazanskas and K. A. Gamage, “Demand side management in smart
grid: A review and proposals for future direction,” Sustainable Cities and
Society, vol. 11, pp. 22–30, 2014.
12
[6] H. Wang, B. Qin, Q. Wu, L. Xu, and J. Domingo-Ferrer, “Tpp: Traceable
privacy-preserving communication and precise reward for vehicle-to-grid
networks in smart grids,” IEEE Transactions on Information Forensics
and Security, vol. 10, no. 11, pp. 2340–2351, 2015.
[7] V. Hassija, V. Chamola, V. Saxena, D. Jain, P. Goyal, and B. Sikdar,
“A Survey on IoT Security: Application Areas, Security Threats, and
Solution Architectures,” IEEE Access, vol. 7, pp. 82721–82 743, 2019.
[8] G. K. Verma, B. B. Singh, N. Kumar, and V. Chamola, “CB-CAS:
Certificate-Based Efficient Signature Scheme with Compact Aggregation
for Industrial Internet of Things Environment,” IEEE Internet of Things
Journal, vol. PP, no. c, pp. 1–1, 2019.
[9] A. Abdallah and X. Shen, “Lightweight Security and Privacy-Preserving
Scheme for V2G Connection,” in 2015 IEEE Global Communications
Conference (GLOBECOM). IEEE, dec 2015, pp. 1–7. [Online].
Available: http://ieeexplore.ieee.org/document/7417592/
[10] S. Devadas, E. Suh, S. Paral, R. Sowell, T. Ziola, and V. Khandelwal,
“Design and Implementation of PUF-Based ”Unclonable” RFID ICs
for Anti-Counterfeiting and Security Applications,” in 2008 IEEE
International Conference on RFID. IEEE, apr 2008, pp. 58–64.
[Online]. Available: https://ieeexplore.ieee.org/document/4519377/
[11] J. Guajardo, S. S. Kumar, G.-J. Schrijen, and P. Tuyls, “Brand
and IP protection with physical unclonable functions,” in 2008
IEEE International Symposium on Circuits and Systems. IEEE, may
2008, pp. 3186–3189. [Online]. Available: http://ieeexplore.ieee.org/
document/4542135/
[12] W. Kempton and J. T. Tomi´
c, “Vehicle-to-grid power fundamentals:
Calculating capacity and net revenue,” Journal of Power Sources, vol.
144, pp. 268–279, 2005. [Online]. Available: http://www.udel.edu/V2G.
[13] Sekyung Han, Soohee Han, and K. Sezaki, “Development of an
Optimal Vehicle-to-Grid Aggregator for Frequency Regulation,” IEEE
Transactions on Smart Grid, vol. 1, no. 1, pp. 65–72, jun 2010.
[Online]. Available: http://ieeexplore.ieee.org/document/5446440/
[14] F. Kennel, D. Gorges, and S. Liu, “Energy management for smart grids
with electric vehicles based on hierarchical MPC,” IEEE Transactions
on Industrial Informatics, vol. 9, no. 3, pp. 1528–1537, 2013.
[15] C. Guille and G. Gross, “A conceptual framework for the
vehicle-to-grid (V2G) implementation,” Energy Policy, vol. 37,
no. 11, pp. 4379–4390, nov 2009. [Online]. Available: https:
//www.sciencedirect.com/science/article/pii/S0301421509003978
[16] B. K. Sovacool and R. F. Hirsh, “Beyond batteries: An examination of
the benefits and barriers to plug-in hybrid electric vehicles (PHEVs)
and a vehicle-to-grid (V2G) transition,” 2008. [Online]. Available:
www.elsevier.com/locate/enpol
[17] L. Pieltain Fern´
andez, T. G´
omez San Rom´
an, R. Cossent, C. Mateo
Domingo, and P. Fr´
ıas, “Assessment of the impact of plug-in electric
vehicles on distribution networks,” IEEE Transactions on Power Sys-
tems, vol. 26, no. 1, pp. 206–213, 2011.
[18] N. Saxena, S. Grijalva, V. Chukwuka, and A. V. Vasilakos, “Network Se-
curity and Privacy Challenges in Smart Vehicle-to-Grid,” IEEE Wireless
Communications, vol. 24, no. 4, pp. 88–98, 2017.
[19] Z. Yang, S. Yu, W. Lou, and C. Liu, “$Pˆ{2}$: Privacy-
Preserving Communication and Precise Reward Architecture for
V2G Networks in Smart Grid,” IEEE Transactions on Smart
Grid, vol. 2, no. 4, pp. 697–706, dec 2011. [Online]. Available:
http://ieeexplore.ieee.org/document/5771586/
[20] H. Liu, H. Ning, Y. Zhang, and L. T. Yang, “Aggregated-proofs based
privacy-preserving authentication for V2G networks in the smart grid,”
IEEE Transactions on Smart Grid, vol. 3, no. 4, pp. 1722–1733, 2012.
[21] H.-R. Tseng, “A secure and privacy-preserving communication protocol
for V2G networks,” in 2012 IEEE Wireless Communications and
Networking Conference (WCNC). IEEE, apr 2012, pp. 2706–2711.
[Online]. Available: http://ieeexplore.ieee.org/document/6214259/
[22] H. Liu, H. Ning, Y. Zhang, Q. Xiong, and L. T. Yang, “Role-dependent
privacy preservation for secure v2g networks in the smart grid,” IEEE
Transactions on Information Forensics and Security, vol. 9, no. 2, pp.
208–220, feb 2014.
[23] J. L. Tsai and N. W. Lo, “Secure Anonymous Key Distribution Scheme
for Smart Grid,” IEEE Transactions on Smart Grid, vol. 7, no. 2, pp.
906–914, mar 2016.
[24] A. Abdallah and X. Shen, “Lightweight Authentication and Privacy-
Preserving Scheme for V2G Connections,” IEEE Transactions on Ve-
hicular Technology, vol. 66, no. 3, pp. 2615–2629, 2017.
[25] V. Odelu, A. K. Das, M. Wazid, and M. Conti, “Provably Secure Au-
thenticated Key Agreement Scheme for Smart Grid,” IEEE Transactions
on Smart Grid, vol. 9, no. 3, pp. 1900–1910, may 2018.
[26] J. Shen, T. Zhou, F. Wei, X. Sun, and Y. Xiang, “Privacy-preserving
and lightweight key agreement protocol for V2G in the social internet
of things,” IEEE Internet of Things Journal, vol. 5, no. 4, pp. 2526–2536,
aug 2018.
[27] H. Guo, Y. Wu, F. Bao, H. Chen, and M. Ma, “UBAPV2G: A unique
batch authentication protocol for vehicle-to-grid communications,” IEEE
Transactions on Smart Grid, vol. 2, no. 4, pp. 707–714, 2011.
[28] H. Liu, H. Ning, Y. Zhang, and M. Guizani, “Battery status-aware au-
thentication scheme for V2G networks in smart grid,” IEEE Transactions
on Smart Grid, vol. 4, no. 1, pp. 99–110, 2013.
[29] J. Chen, Y. Zhang, and W. Su, “An anonymous authentication scheme
for plug-in electric vehicles joining to charging/discharging station in
vehicle-to-Grid (V2G) networks,” China Communications, vol. 12, no. 3,
pp. 9–19, 2015.
[30] N. Saxena and B. J. Choi, “Authentication Scheme for Flexible Charging
and Discharging of Mobile Vehicles in the V2G Networks,” IEEE
Transactions on Information Forensics and Security, vol. 11, no. 7, pp.
1438–1452, jul 2016.
[31] M. Tao, K. Ota, M. Dong, and Z. Qian, “AccessAuth: Capacity-aware
security access authentication in federated-IoT-enabled V2G networks,”
J. Parallel Distrib. Comput., vol. 118, pp. 107–117, 2018. [Online].
Available: https://doi.org/10.1016/j.jpdc.2017.09.004
[32] P. Gope and B. Sikdar, “Lightweight and Privacy-Friendly Spatial Data
Aggregation for Secure Power Supply and Demand Management in
Smart Grids,” IEEE Transactions on Information Forensics and Security,
vol. 14, no. 6, pp. 1554–1566, jun 2019.
[33] M. M. Fouda, Z. M. Fadlullah, N. Kato, R. Lu, and X. S. Shen, “A
lightweight message authentication scheme for smart grid communica-
tions,” IEEE Transactions on Smart Grid, vol. 2, no. 4, pp. 675–685,
2011.
[34] Q. Chen, G. Csaba, P. Lugli, U. Schlichtmann, and U. Ruhrmair,
“The Bistable Ring PUF: A new architecture for strong Physical
Unclonable Functions,” in 2011 IEEE International Symposium on
Hardware-Oriented Security and Trust. IEEE, jun 2011, pp. 134–141.
[Online]. Available: http://ieeexplore.ieee.org/document/5955011/
[35] T. Alladi, V. Chamola, B. Sikdar, and K.-k. R. Choo, “Consumer IoT
: Security Vulnerability Case Studies and Solutions Consumer IoT :
Security Vulnerability Case Studies and Solutions,” no. October, 2019.
[36] S. Pandey, S. Deyati, A. Singh, and A. Chatterjee, “Noise-resilient sram
physically unclonable function design for security,” in 2016 IEEE 25th
Asian Test Symposium (ATS). IEEE, 2016, pp. 55–60.
[37] D. Jeon, J. H. Baek, D. K. Kim, and B.-D. Choi, “Towards zero bit-
error-rate physical unclonable function: Mismatch-based vs. physical-
based approaches in standard cmos technology,” in 2015 Euromicro
Conference on Digital System Design. IEEE, 2015, pp. 407–414.
[38] K.-H. Chuang, E. Bury, R. Degraeve, B. Kaczer, D. Linten, and
I. Verbauwhede, “A physically unclonable function using soft oxide
breakdown featuring 0% native ber and 51.8 fj/bit in 40-nm cmos,”
IEEE Journal of Solid-State Circuits, vol. 54, no. 10, pp. 2765–2776,
2019.
[39] X. Lu, L. Hong, and K. Sengupta, “Cmos optical pufs using noise-
immune process-sensitive photonic crystals incorporating passive vari-
ations for robustness,” IEEE Journal of Solid-State Circuits, vol. 53,
no. 9, pp. 2709–2721, 2018.
[40] W.-C. Wang, Y. Yona, S. N. Diggavi, and P. Gupta, “Design and
analysis of stability-guaranteed pufs,” IEEE Transactions on Information
Forensics and Security, vol. 13, no. 4, pp. 978–992, 2017.
[41] D. M’Raihi, S. Machani, M. Pei, and J. Rydell, “Totp: Time-based one-
time password algorithm,” Internet Request for Comments, 2011.
[42] W. Mao and C. Boyd, “Towards formal analysis of security protocols,”
in [1993] Proceedings Computer Security Foundations Workshop
VI. IEEE Comput. Soc. Press, pp. 147–158. [Online]. Available:
http://ieeexplore.ieee.org/document/246631/
[43] S. Sutar, A. Raha, and V. Raghunathan, “Memory-based combination
pufs for device authentication in embedded systems,” IEEE Transactions
on Multi-Scale Computing Systems, vol. 4, no. 4, pp. 793–810, 2018.
13
Gaurang Bansal received the B.E. & M.E. de-
gree in Computer Science from Birla Institute of
Technology and Science, Pilani, India, in 2018
and 2020 respectively. He has authored more than
10 publications in top tier confences and Journals
like IEEE INFOCOM, IEEE Globecom, IEEE ICC,
IEEE Transaction on Vehicular Technology, IEEE
Systems Journal. His research interests include the
IoT security, network security and distributed com-
puting.
Naren is currently pursuing his B.E in Electri-
cal and Electronics Engineering, and M.Sc (Hons)
in Physics with the Birla Institute of Technology
and Science (Pilani). He has completed projects on
Quark-Gluon Plasma, Superconductivity, hardware
security techniques in IoT and electromagnetic radi-
ation pollution. His other research interests include
IoT, Industry 4.0, and security provisioning in V2G,
UAV and Medical IoT networks.
Vinay Chamola received the B.E. degree in elec-
trical and electronics engineering and master’s de-
gree in communication engineering from the Birla
Institute of Technology and Science, Pilani, India, in
2010 and 2013, respectively. He received his Ph.D.
degree in electrical and computer engineering from
the National University of Singapore, Singapore, in
2016. In 2015, he was a Visiting Researcher with the
Autonomous Networks Research Group (ANRG),
University of Southern California, Los Angeles, CA,
USA. He also worked as a post-doctoral research
fellow at the National University of Singapore, Singapore where he worked
in the area of Internet of Things. He is currently Assistant Professor with
the Department of Electrical and Electronics Engineering, BITS-Pilani, Pilani
Campus where he heads the Internet of Things Research Group / Lab. He
has over 45 publications in high ranked SCI Journals including more than
25 IEEE Transaction and Journal articles. His works have been published in
Journals like IEEE Transactions on Communications,IEEE Transactions on
Vehicular Technology,IEEE Journal on Selected Areas in Communications,
IEEE Communications Magazine etc. Furthermore, his works have been
accepted and presented in reputed conferences like IEEE INFOCOM, IEEE
GLOBECOM, IEEE ICC, IEEE PerCom to name a few. His research interests
include IoT Security, Blockchain, 5G network management and addressing
research issues in VANETs and UAV networks. He has served as a reviewer
for several IEEE/Elsevier Journals. He is a Guest Editor in Computer
Communication, Elsevier. He also serves as an Associate Editor for the IET
Quantum Communications and Frontiers in Communications and Networks.
Biplab Sikdar (S’98–M’02–SM’09) received the
B.Tech. degree in electronics and communication
engineering from North Eastern Hill University,
Shillong, India, in 1996, the M.Tech. degree in
electrical engineering from the Indian Institute of
Technology Kanpur, Kanpur, India, in 1998, and the
Ph.D. degree in electrical engineering from Rensse-
laer Polytechnic Institute, Troy, NY, USA, in 2001.
He is currently an Associate Professor with the
Department of Electrical and Computer Engineering,
National University of Singapore, Singapore. His
current research interests include wireless network, and security for Internet of
Things and cyberphysical systems. Dr. Sikdar served as an Associate Editor for
the IEEE TRANSACTIONS ON COMMUNICATIONS from 2007 to 2012.
He currently serves as an Associate Editor for the IEEE TRANSACTIONS
ON MOBILE COMPUTING.
Neeraj Kumar received the Ph.D. degree in com-
puter science and engineering from Shri Mata
Vaishno Devi University, Katra, India. He is cur-
rently with the Department of Computer Science and
Engineering, Thapar University, Patiala, India. He
has authored or coauthored more than 300 technical
research papers in leading journals such as the IEEE
TII, IEEE TIE, IEEE TDSC, the IEEE TWPS,
IEEE SYSTEMS JOURNAL, IEEE COMMUNI-
CATIONS MAGAZINE, the IEEE WIRELESS
COMMUNICATIONS MAGAZINE, the IEEE NET-
WORK MAGAZINE, and conferences. His research interests include mo-
bile computing, parallel/distributed computing, multiagent systems, service-
oriented computing, routing and security issues in mobile ad hoc, and sensor
and mesh networks.
Mohsen Guizani (S’85–M’89–SM’99–F’09) re-
ceived the B.S. (with distinction) and M.S. degrees
in electrical engineering, the M.S. and Ph.D. degrees
in computer engineering from Syracuse University,
Syracuse, NY, USA, in 1984, 1986, 1987, and
1990, respectively. He is currently a Professor at the
Computer Science and Engineering Department in
Qatar University, Qatar. Previously, he served in dif-
ferent academic and administrative positions at the
University of Idaho, Western Michigan University,
University of West Florida, University of Missouri-
Kansas City, University of Colorado-Boulder, and Syracuse University. His
research interests include wireless communications and mobile computing,
computer networks, mobile cloud computing, security, and smart grid. He
is currently the Editor-in-Chief of the IEEE Network Magazine, and the
Founder and Editor-in-Chief of Wireless Communications and Mobile Com-
puting journal (Wiley). He is the author of nine books and more than 500
publications in refereed journals and conferences. He received the 2017 IEEE
Communications Society WTC Recognition Award as well as the 2018 AdHoc
Technical Committee Recognition Award for his contribution to outstanding
research in wireless communications and Ad-Hoc Sensor networks. He was
the Chair of the IEEE Communications Society Wireless Technical Committee
and the Chair of the TAOS Technical Committee. He served as the IEEE
Computer Society Distinguished Speaker and is currently the IEEE ComSoc
Distinguished Lecturer. He is a Fellow of IEEE and a Senior Member of
ACM.