Blockchain-Based Secure Firmware Updates for Electric Vehicle Charging Stations in Web of Things Environments
Abstract
:1. Introduction
2. Literature Review
2.1. Blockchain Applications in the Automotive Sector
2.2. Electric Vehicle Charging Infrastructure
2.3. Security Protocols and Methodologies
2.4. Web of Things Environment
2.5. Research Gaps and Emergent Trends
3. Proposed Framework and Implementation
3.1. Framework Overview
3.2. Blockchain Network Design
3.2.1. Node Roles
- Firmware Vendor Node: Responsible for submitting firmware metadata (hashes, version info) and digital signatures to the ledger. This node might be managed by the OEM or a certified third-party vendor.
- Charging Station Operator Node: Oversees operational aspects such as station management, usage billing, and scheduling. This node verifies the validity of new firmware transactions before broadcasting them to individual stations.
- Regulatory Authority Node: Provides oversight and enforces compliance rules. This node audits transactions in real time, ensuring that only certified firmware versions are approved for deployment.
- Observer Nodes: Entities such as energy providers or research institutions that monitor the ledger for analytics and policy insights. Observer nodes do not propose new blocks but can validate existing ones.
3.2.2. Consensus Mechanism
Algorithm 1 PBFT-Based Firmware Update Consensus |
Require: A set of permissioned nodes N, transaction from vendor node Ensure: All honest nodes agree on or reject it
|
3.3. Firmware Package Management
- Firmware Hash: A unique cryptographic digest (e.g., SHA-256) representing the firmware file’s contents.
- Digital Signature: Generated by the firmware vendor using a private key.
- Version Information: Numerical or semantic identifiers of the firmware release.
- Release Notes: Brief textual description of the changes or security patches.
Smart Contract Logic
- SubmitFirmware(): The firmware vendor calls this function, providing the hash, version, and signature. It checks vendor credentials, verifies the signature, and logs the transaction upon success.
- ApproveFirmware(): Reserved for nodes with regulatory authority. This function sets a status flag, making the firmware hash “officially approved” if it passes compliance checks.
- CheckFirmwareStatus(): Called by charging stations to retrieve the latest approved firmware versions, verifying that the station’s current version is up to date.
3.4. Charging Station Architecture
Algorithm 2 Smart Contract Pseudo-Code for Firmware Submission |
|
3.5. Security Protocols
3.5.1. Public Key Infrastructure
3.5.2. Transport Layer Security
Algorithm 3 Firmware Validation Pseudo-Code at Charging Station |
|
3.5.3. Multifactor Authentication
3.5.4. Additional Attack Vectors
3.6. Implementation and Testing
- Routine Updates: Rolling out a minor software patch across all charging stations.
- Urgent Security Patches: Distributing a high-priority fix to address a critical vulnerability under tight time constraints.
- Malicious Attempt: Attempting to deploy a firmware package signed with a revoked key or an incorrect hash.
- A communication network based on standard MQTT protocols over TLS.
- Blockchain network parameters such as a block time of 5 s and a gas limit of 8 million units per block.
- Simulated network latency averaging 100 ms.
4. Results and Discussion
4.1. Experimental Results
4.2. Discussion
- RQ1: Blockchain ensures firmware integrity through decentralized consensus and cryptographic hashing, mitigating risks of unauthorized modifications.
- RQ2: The framework’s latency (≤30 s) and throughput (15 TPS) remain within operational limits, even at scale, validating its practical viability.
5. Future Research Directions
5.1. Scalability Enhancements
5.2. Post-Quantum Cryptography
5.3. Hardware-Assisted Security
5.4. Cross-Chain Interoperability
5.5. Human-Centric Design
6. Conclusions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Acknowledgments
Conflicts of Interest
References
- Piduru, B.R. Automotive customer experiences: Cybersecurity considerations in connected vehicles. Int. J. Mach. Learn. Cybern. (IJMLC) 2023, 1, 46–57. [Google Scholar]
- Tanaji, B.A.; Roychowdhury, S. A Survey of Cybersecurity Challenges and Mitigation Techniques for Connected and Autonomous Vehicles. IEEE Trans. Intell. Veh. 2024, 11, 1–18. [Google Scholar] [CrossRef]
- Chatterjee, U.; Ray, S.; Khan, M.K.; Dasgupta, M.; Chen, C.M. An ECC-based lightweight remote user authentication and key management scheme for IoT communication in context of fog computing. Computing 2022, 104, 1359–1395. [Google Scholar] [CrossRef]
- Mbakoyiannis, D.; Tomoutzoglou, O.; Kornaros, G. Secure over-the-air firmware updating for automotive electronic control units. In Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing, Limassol, Cyprus, 8–12 April 2019; pp. 174–181. [Google Scholar]
- Gür, G.; Kalla, A.; De Alwis, C.; Pham, Q.V.; Ngo, K.H.; Liyanage, M.; Porambage, P. Integration of ICN and MEC in 5G and beyond networks: Mutual benefits, use cases, challenges, standardization, and future research. IEEE Open J. Commun. Soc. 2022, 3, 1382–1412. [Google Scholar] [CrossRef]
- Zhang, L.; Hang, L.; Zu, K.; Wang, Y.; Yang, K. Dynamic Vehicle Reputation Consensus: Enhancing IoV Communication with a Blockchain Algorithm. IEEE Trans. Veh. Technol. 2024, 74, 4788–4806. [Google Scholar] [CrossRef]
- Khor, J.H.; Sidorov, M.; Ong, M.T.; Chua, S.Y. Public blockchain-based data integrity verification for low-power IoT devices. IEEE Internet Things J. 2023, 10, 13056–13064. [Google Scholar] [CrossRef]
- Krichen, M. Formal methods and validation techniques for ensuring automotive systems security. Information 2023, 14, 666. [Google Scholar] [CrossRef]
- Xiong, R.; Ren, W.; Hao, X.; He, J.; Choo, K.K.R. Bdim: A blockchain-based decentralized identity management scheme for large scale internet of things. IEEE Internet Things J. 2023, 10, 22581–22590. [Google Scholar] [CrossRef]
- Oh, H.; Ivezic, N.; Nieman, S.T. Standards-based semantic integration of manufacturing information: Past, present, and future. J. Manuf. Syst. 2019, 52, 184–197. [Google Scholar]
- Iqbal, A.; Ullah, F.; Anwar, H.; Kwak, K.S.; Imran, M.; Jamal, W.; Rahman, A. Interoperable Internet-of-Things platform for smart home system using Web-of-Objects and cloud. Sustain. Cities Soc. 2018, 38, 636–646. [Google Scholar] [CrossRef]
- Zaino, R.; Ahmed, V.; Alhammadi, A.M.; Alghoush, M. Electric vehicle adoption: A comprehensive systematic review of technological, environmental, organizational and policy impacts. World Electr. Veh. J. 2024, 15, 375. [Google Scholar] [CrossRef]
- Hamdare, S.; Kaiwartya, O.; Aljaidi, M.; Jugran, M.; Cao, Y.; Kumar, S.; Lloret, J. Cybersecurity risk analysis of electric vehicles charging stations. Sensors 2023, 23, 6716. [Google Scholar] [CrossRef] [PubMed]
- Johnson, J.; Anderson, B.; Wright, B.; Quiroz, J.; Berg, T.; Graves, R.; Hardy, K. Cybersecurity for Electric Vehicle Charging Infrastructure (No. SAND2022-9315); Sandia National Lab (SNL-NM): Albuquerque, NM, USA, 2022. [Google Scholar]
- Miehle, D.; Henze, D.; Seitz, A.; Luckow, A.; Bruegge, B. PartChain: A decentralized traceability application for multi-tier supply chain networks in the automotive industry. In Proceedings of the 2019 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPCON), Newark, CA, USA, 4–9 April 2019; pp. 140–145. [Google Scholar]
- Alsadi, M.; Arshad, J.; Ali, J.; Prince, A.; Shishank, S. TruCert: Blockchain-based trustworthy product certification within autonomous automotive supply chains. Comput. Electr. Eng. 2023, 109, 108738. [Google Scholar] [CrossRef]
- Auer, S.; Nagler, S.; Mazumdar, S.; Mukkamala, R.R. Towards blockchain-IoT based shared mobility: Car-sharing and leasing as a case study. J. Netw. Comput. Appl. 2022, 200, 103316. [Google Scholar] [CrossRef]
- Yeasmin, S.; Haque, A.; Sayegh, A. A novel and failsafe blockchain framework for secure OTA updates in connected autonomous vehicles. Veh. Commun. 2023, 43, 100658. [Google Scholar] [CrossRef]
- Kovacevic, A.; Gligoric, N. Enhancing Security of Automotive OTA Firmware Updates via Decentralized Identifiers and Distributed Ledger Technology. Electronics 2024, 13, 4640. [Google Scholar] [CrossRef]
- Thangam, S.; Chakkaravarthy, S.S. An Edge Enabled Region-oriented DAG-based Distributed Ledger System for Secure V2X Communication. Ksii Trans. Internet Inf. Syst. (TIIS) 2024, 18, 2253–2280. [Google Scholar]
- Anthony Jnr, B.; Abbas Petersen, S.; Ahlers, D.; Krogstie, J. Big data driven multi-tier architecture for electric mobility as a service in smart cities: A design science approach. Int. J. Energy Sect. Manag. 2020, 14, 1023–1047. [Google Scholar] [CrossRef]
- Cao, Y.; Kaiwartya, O.; Wang, R.; Jiang, T.; Cao, Y.; Aslam, N.; Sexton, G. Toward efficient, scalable, and coordinated on-the-move EV charging management. IEEE Wirel. Commun. 2017, 24, 66–73. [Google Scholar] [CrossRef]
- Nasr, T.; Torabi, S.; Bou-Harb, E.; Fachkha, C.; Assi, C. Power jacking your station: In-depth security analysis of electric vehicle charging station management systems. Comput. Secur. 2022, 112, 102511. [Google Scholar] [CrossRef]
- Chinthamu, N.; Prasad, M.; Chinchawade, A.J.; Liyakat, K.K.S.; Deepti, K.; Karukuri, M.; Kumar, C.M. Self-Secure firmware model for Blockchain-Enabled IOT environment to Embedded system. Eur. Chem. Bull. 2023, 12, S3. [Google Scholar]
- Rashmi, R.V.; Karthikeyan, A. Secure boot of embedded applications-a review. In Proceedings of the 2018 Second International Conference on Electronics, Communication and Aerospace Technology (ICECA), Coimbatore, India, 29–31 March 2018; pp. 291–298. [Google Scholar]
- Gentile, A.F.; Macrì, D.; Carnì, D.L.; Greco, E.; Lamonaca, F. A performance analysis of security protocols for distributed measurement systems based on internet of things with constrained hardware and open source infrastructures. Sensors 2024, 24, 2781. [Google Scholar] [CrossRef]
- Narayana Gowda, S. Electric Vehicle Integration for Grid Services Using AI, Optimization, and Blockchain. Ph.D. Thesis, University of California (UCLA), Los Angeles, CA, USA, 2024. [Google Scholar]
- Abdunabi, R.; Al Amin, M.; Basnet, R. An authorization framework for body area network: A policy verification and smart contract-based integrity assurance approach. J. Comput. Secur. 2025, 21, 0926227X241296435. [Google Scholar] [CrossRef]
- Dorokhova, M.; Vianin, J.; Alder, J.M.; Ballif, C.; Wyrsch, N.; Wannier, D. A blockchain-supported framework for charging management of electric vehicles. Energies 2021, 14, 7144. [Google Scholar] [CrossRef]
- Martín-Fernández, F.; Caballero-Gil, P.; Caballero-Gil, C. Authentication based on non-interactive zero-knowledge proofs for the internet of things. Sensors 2016, 16, 75. [Google Scholar] [CrossRef] [PubMed]
- Guinard, D.D.; Trifa, V.M. Building the Web of Things: With Examples in Node. js and Raspberry pi; Simon and Schuster: New York, NY, USA, 2016. [Google Scholar]
- Sciullo, L.; Gigli, L.; Montori, F.; Trotta, A.; Di Felice, M. A survey on the web of things. IEEE Access 2022, 10, 47570–47596. [Google Scholar] [CrossRef]
- Du, M.; Wang, K.; Liu, Y.; Qian, K.; Sun, Y.; Xu, W.; Guo, S. Spacechain: A three-dimensional blockchain architecture for IoT security. IEEE Wirel. Commun. 2020, 27, 38–45. [Google Scholar] [CrossRef]
- Campbell Sr, R. Evaluation of post-quantum distributed ledger cryptography. J. Br. Blockchain Assoc. 2019, 2, 21. [Google Scholar] [CrossRef]
- Jabbar, S.; Khan, M.; Silva, B.N.; Han, K. A REST-based industrial web of things’ framework for smart warehousing. J. Supercomput. 2018, 74, 4419–4433. [Google Scholar] [CrossRef]
- De Rubertis, A.; Mainetti, L.; Mighali, V.; Patrono, L.; Sergi, I.; Stefanizzi, M.L.; Pascali, S. Performance evaluation of end-to-end security protocols in an internet of things. In Proceedings of the 2013 21st International Conference on Software, Telecommunications and Computer Networks-(SoftCOM 2013) 2013, Split, Croatia, 18–20 September 2013; pp. 1–6. [Google Scholar]
- Al-Saif, N.; Ahmad, R.W.; Salah, K.; Yaqoob, I.; Jayaraman, R.; Omar, M. Blockchain for electric vehicles energy trading: Requirements, opportunities, and challenges. IEEE Access 2021, 9, 156947–156961. [Google Scholar] [CrossRef]
- Meshcheryakov, Y.; Melman, A.; Evsutin, O.; Morozov, V.; Koucheryavy, Y. On performance of PBFT blockchain consensus algorithm for IoT-applications with constrained devices. IEEE Access 2021, 9, 80559–80570. [Google Scholar] [CrossRef]
- Anderson, R. Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd ed.; Wiley: Hoboken, NJ, USA, 2020. [Google Scholar]
- Bansal, G.; Dua, A.; Aujla, G.S.; Singh, M.; Kumar, N. SmartChain: A smart and scalable blockchain consortium for smart grid systems. In Proceedings of the 2019 IEEE International Conference on Communications Workshops (ICC Workshops), Shanghai, China, 20–24 May 2019; pp. 1–6. [Google Scholar]
- Chen, Y.; Li, M.; Zhu, X.; Fang, K.; Ren, Q.; Guo, T.; Deng, Y. An improved algorithm for practical byzantine fault tolerance to large-scale consortium chain. Inf. Processing Manag. 2022, 59, 102884. [Google Scholar] [CrossRef]
- Luo, H.; Yang, X.; Yu, H.; Sun, G.; Lei, B.; Guizani, M. Performance analysis and comparison of nonideal wireless PBFT and RAFT consensus networks in 6G communications. IEEE Internet Things J. 2023, 11, 9752–9765. [Google Scholar] [CrossRef]
- Garofalaki, Z.; Kosmanos, D.; Moschoyiannis, S.; Kallergis, D.; Douligeris, C. Electric vehicle charging: A survey on the security issues and challenges of the open charge point protocol (OCPP). IEEE Commun. Surv. Tutor. 2022, 24, 1504–1533. [Google Scholar] [CrossRef]
- Baza, M.; Nabil, M.; Lasla, N.; Fidan, K.; Mahmoud, M.; Abdallah, M. Blockchain-based firmware update scheme tailored for autonomous vehicles. In Proceedings of the 2019 IEEE Wireless Communications and Networking Conference (WCNC), Marrakesh, Morocco, 15–18 April 2019; pp. 1–7. [Google Scholar]
Test Scenario | Centralized | Blockchain-Based | Overhead (%) |
---|---|---|---|
Routine Update | 8.5 min | 9.8 min | 15% |
Urgent Patch | 6.2 min | 7.5 min | 21% |
Malicious Attempt | Allowed | Rejected | - |
Criterion | Centralized | Federated Identity | Blockchain-Based (Proposed) |
---|---|---|---|
Resilience to Single Point of Failure | Low | Moderate | High |
Auditability | Low | Moderate | High |
Implementation Complexity | Low | Moderate | High |
Performance Overhead | Low | Moderate | Moderate/High |
Scalability (up to 1000 vehicles) | Poor | Moderate | Good |
Security Against Quantum Attacks | Not addressed | Not addressed | Future Work |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2025 by the author. Published by MDPI on behalf of the World Electric Vehicle Association. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Aldweesh, A. Blockchain-Based Secure Firmware Updates for Electric Vehicle Charging Stations in Web of Things Environments. World Electr. Veh. J. 2025, 16, 226. https://doi.org/10.3390/wevj16040226
Aldweesh A. Blockchain-Based Secure Firmware Updates for Electric Vehicle Charging Stations in Web of Things Environments. World Electric Vehicle Journal. 2025; 16(4):226. https://doi.org/10.3390/wevj16040226
Chicago/Turabian StyleAldweesh, Amjad. 2025. "Blockchain-Based Secure Firmware Updates for Electric Vehicle Charging Stations in Web of Things Environments" World Electric Vehicle Journal 16, no. 4: 226. https://doi.org/10.3390/wevj16040226
APA StyleAldweesh, A. (2025). Blockchain-Based Secure Firmware Updates for Electric Vehicle Charging Stations in Web of Things Environments. World Electric Vehicle Journal, 16(4), 226. https://doi.org/10.3390/wevj16040226