A Lightweight Authentication Scheme for V2G Communications: A PUF-Based Approach Ensuring Cyber / Physical Security and Identity / Location Privacy

: Vehicle-to-grid (V2G) technology has become a promising concept for the near future smart grid eco-system. V2G improves smart grid resiliency by enabling two-way communication and electricity ﬂows while reducing the greenhouse gases emission. V2G practicality and stability is strongly based on the exchanged data between electrical vehicles (EVs) and the grid server (GS). However, using communication protocols to exchange vital information leads grid to being vulnerable against various types of attack. To prevent the well-known attacks in V2G network, this paper proposes a privacy-aware authentication scheme that ensures data integrity, conﬁdentiality, users’ identity and location privacy, mutual authentication, and physical security based on physical unclonable function (PUF). Furthermore, the performance analysis shows that the proposed scheme outperforms the state-of-the-art, since EVs only use lightweight cryptographic primitives for every protocol execution.


Introduction
The smart grid has been introduced as a promising concept to improve the traditional power grid in recent years. By enabling two-way communications along with two-way electrical flows using the information and communication technology (ICT), smart grid increases the efficiency, reliability, and better monitoring of the power grid and reduces the emission of greenhouse gases [1][2][3]. However, one of the most important parts of the smart grid to address these goals is vehicle-to-grid (V2G) technology, which has received a significant attention in recent years.
The concept of V2G was initially introduced by Kempton and Tomic in 2005 [4]. More precisely, V2G technology mainly consists of entities that enhance the bi-directional electrical flow between the vehicles and grid. The electrical energy can flow from the grid to the vehicle to charge the vehicle's battery (when the battery is low), or inversely flow from the vehicle to the grid during the peak power demand situations. This bi-directional charging property makes the electric vehicle (EV) as an important component in the V2G eco-system and provides a significant level of resiliency for the smart grid. In a V2G eco-system, an EV needs to charge its battery by drawing electrical power from the grid. For that purpose, EV sends a request to its nearest charge station (CS). After confirming the request by the grid server (GS), EV can charge its battery and pay the price to the selling company. EVs can also deliver power to the grid through a CS in the same way, and get rewards according to

•
The proposed scheme ensures a good range of privacy. The privacy here consists of data and identity privacy against the external adversary, the location privacy of the EVs, and privacy against internal entities. For example, except for a trusted party like GS, any other internal entities like EVs and CSs have not to know each other's secrets and private data.

•
Proposing an efficient and secure protocol that performs the key agreement and data transmission phases simultaneously.

•
Proposing a PUF-based authentication scheme which not only resists against all well-known attacks, such as replay, impersonation, data analysis, data integrity, etc., but is also secure against physical threats.

•
The proposed scheme consumes the lowest computational and communication resources in comparison with the state-of-the-art.
The layout of this paper is organized as follows. Section 2 presents some backgrounds of PUF and explains the system and threat model. Section 3 elaborates the proposed scheme. Sections 4 and 5 analyze the proposed protocol in security and performance terms, respectively. Finally, Section 6 concludes this paper.

Preliminary Backgrounds and Assumptions
In this section, we briefly explain about PUF and its important metrics, and then describe the V2G system model and the correspondence adversary model.

Background of PUF
A PUF can be defined as a unique and unclonable physical feature of an integrated circuit (IC). In recent years, it has become known as the digital fingerprint; as unique as the fingerprints of the human [33]. In general, the most important features of PUF are first: being non-reproducible by the cryptographic primitives; and second: too hard, or impossible, to be cloned physically. This unique property of PUF introduces it as a promising technology in key generation, identification, and authentication problems [34][35][36]. A PUF is particularly considered as a one-way physical function that maps a set of inputs as its challenges to a set of responses as its response. This mapping is mainly based on the complex physical structure of its used circuit. Figure 1 depicts a ring oscillator PUF (ROPUF), which is built with N frequency oscillators, two 2 to 1 multiplexers, two frequency counters, and one comparator [36]. Each of the two counters start counting the number of received cycles from the selected oscillators by the multiplexers during a predefined time interval. After, the values of the frequency counters are compared by the comparator. Based on the comparison result, a random bit will be produced.
The unpredictable and uncontrollable effect of IC manufacturing process results a good range of randomness in PUF responses. If we assume a PUF with challenge C and response R, the most important unique characteristics of this PUF is as follows: • If we input different challenges C 1 , C 2 , . . . , C n to the same PUF, we will obtain different responses R 1 , R 2 , . . . , R n with great distances. The concept of distance here can be considered as an appropriate distance metric while the responses are always considered as bit vectors.

•
If we input same challenge, C, to the same PUF in different situations (n times), we will obtain identical responses R 1 = R 2 = . . . = R n with great possibility.
The first, second, and third properties are named as diffuseness, reliability, and uniqueness, respectively. These three properties alongside the randomness are the most important features of PUF. However, since there are always some errors in different PUF evaluations, the reliability of PUF is usually less than 100%. On the other hand, error correcting methods like fuzzy extractors as a combating tool facing this problem, will cost in considerable overheads for PUF-based authentication schemes [37][38][39]. Nonetheless, several PUFs have been proposed in recent years, with 100% reliability over different situations of temperature and supply voltage [40][41][42][43][44]. Although using these kinds of ideal PUFs usually leads to increasing expenses, using them in countable numbers by a prosperous company (like CS investors) will be reasonable. As a result, by considering ideal PUFs for V2G communications, a stable and promising key generation approach will be achieved. Figure 2 indicates a typical V2G network model. A V2G network mainly consists of three entities in a specific area: (many) EVs, (several) CSs, and (one) GS. EVs are personal electrical vehicles that may want to charge/discharge their batteries through a CS very often. They have limited computational and storage capacities, and, as might be expected, have adequate hardware protection [31]. On the other hand, CSs are electrical charge stations belongs to some private or public companies, which are located in the open without considerable hardware protection. Each CS is equipped with a PUF that is embedded with its communication board. The communication between a CS and its PUF is assumed to be secure and tamper-proof. Although the CSs may have limited computational resources, they have slightly more computational capacity than EVs. GS is a grid server with a high computational and storage capacities. It has large database including different information of all legal entities, i.e., the registered EVs and CSs. GS is considered as trusted party in the grid that has access to all private information and makes the final decisions about the electricity and information flows.

Threats Facing V2G System
Although all the steps of registering the EVs and CSs by the GS is done through a secure channel, all the packets have to transmitted through an insecure channel during the authentication phase. Therefore, it makes the communication protocols between all entities vulnerable to different kinds of attack. There are some kinds of attacks have been introduced in recent years. For example, Dolev-Yao proposed a threat model (DY model) for V2G [45], in which a malicious adversary is able to eavesdrop on, modify, or remove the transmitted packets in the insecure communication link. However, to the best of our knowledge, the greatest number of attacks and threats facing a V2G system is considered in this paper. For example, an adversary may impersonate her/himself to any entity in the grid and then tries to abuse the situation. In addition, she/he may replay the older packets to an entity or disrupt the network by performing the denial-of-service (DoS) attack. She/he may also intentionally alter the packets or tries to discover a confidential data. The privacy of the EVs are another important concern that has to be considered with caution. In the V2G network, not only an adversary may want to breach of privacy of EVs, but other legal entities may also want to access each other's private data. These malicious legal entities may be some EVs who want to charge their batteries for free, or sell their energy for higher price. Furthermore, a malicious legal entity can be a CS who wants to obtain private information about EVs and sell it to someone concerned about this information. Last but not least, an adversary may get physically access to a device's memory and try to obtain the important stored secrets. This paper proposes a privacy-preserving authentication protocol to protect the all V2G entities' information, identity, and location privacy in all mentioned aspects.

Methodology
The proposed PUF-based authentication scheme is elaborated in this section. We divide the proposed protocol into two main phases: installation phase and authentication phase. The following subsections present each phase in detail. Furthermore, all the notations in this paper are shown in Table 1 with their meanings.

Installation Phase
In this phase, every vehicle (e.g., j-th vehicle is considered as EV j ) and charge station (CS n ) has to be registered by GS. First, for EVs' registrations, EV j sends a given value as its identity (ID 0 j ) to GS. After receiving ID 0 j , GS generates a random number r 0 j and then calculates K 1 j = h r 0 j ID 0 j as a secret key for EV j , where h is a collision-resistant one-way hash function. Furthermore, GS computes another hash value ID 1 j = h K 1 j ID 0 j as EV j 's new identity, and sends K 1 j and ID 1 j to EV j . Finally, GS stores K 1 j and ID 1 j in EV j 's corresponding row in its database. On the other side, EV j stores K 1 j and ID 1 j in its non-volatile memory (NVM) after receiving them.
For CSs' registrations, CS n first generates a given value as its identity (ID n ) and sends it to GS. Afterward, GS generates a challenge C 1 n and sends it to CS n . Then, CS n produces a response R 1 n by inputting the received challenge (C 1 n ) to its PUF and sends its location, LOC n , and its response, R 1 n , to GS. Meanwhile, CS n removes the CRP from its NVM. As mentioned before, since CS is located in the open without (enough) hardware protection, it is necessary for CS to not store any secret or vital data in its memory, to prevent physical attacks. Finally, GS stores CRP 1 n , LOC n , and ID n in a row of database that belongs to CS n .

Authentication Phase
At the very beginning of starting i-th authentication (after the registration phase) for drawing power from the grid or deliver power back to it, EV j encrypts its current location and private data (such as battery status, type of service, and payment records) using its shared key K i j , as E i1 TS to CS n (its nearest charge station). At this step, CS n only checks if TS is fresh and then sends the received packet with its ID, i.e., E i1 j , V i1 j , ID i j , TS &{ID n } to the GS. GS first checks if ID n is a valid ID and TS is a fresh timestamp. If so, it then finds the corresponding location and CRP, i.e., LOC n , C i n , and R i n within its database. Furthermore, GS locates ID i j in its database and j passes the verification and GS finds CS n as a proper charge station for EV j by comparing LOC i j and LOC n , it generates a hash value V i2 n = h C i n R i n TS and sends V i2 n , C i n , TS to CS n . CS n first uses its PUF and C i n to generate R i n , and then verifies V i2 n = h C i n R i n TS . If the verification is passed, it computes a new challenge and response, C i+1 n ID n TS for encrypting R i+1 n and for being verified by GS, respectively. Finally, CS n sends V i3 n , E i2 n , TS to the GS. After receiving this packet and checking the freshness of the timestamp, GS acts as follows: • Decrypts R i+1 n using R i n and E i2 n i.e., R i+1 n = E i2 n R i n . Now, GS has the new key (R i+1 n ) to communicates with CS n in the future authentication phase. • Computes the new challenge as the same of CS n , i.e., C i+1 n ID n TS . GS goes to the next step only if the verification is passed.

•
Generates two pseudo-random number r i1 GS and r i2 GS .

•
Computes the new key for EV j as K i+1 j = h r i1 GS K i j . GS and EV j will use it for future authentication. • Generates a pseudo-random number as new ID for EV j named ID i+1 j .

•
Encrypts the message for CS n using R i j and r i2 GS as E i3 n = m i n r i2 GS r i2 GS R i n .
• Encrypts the message for EV j using K i j and r i1 GS as E i4 Computes hash values for CS n 's and EV j 's side verification as V i4 n = h m i n r i2 GS R i n TS and Replaces new parameters i.e. C i+1 n , R i+1 n , K i+1 j , and ID i+1 j with the previous ones.
• Sends the packet E i3 n , V i4 n , E i4 j , V i5 j , TS to CS n .
CS n first checks the freshness of the timestamp and then decrypts its message (m i n ) and r i2 GS as m i n r i2 GS r i2 GS = E i3 n R i n . It is worth mentioning that only CS n can decrypt the plaintext m i n and r i2 GS , because no one except CS n and GS gets access to R i n . Now, by decrypting m i n and r i2 GS , CS n verifies V i4 n by computing V i4 n = h m i n r i2 GS R i n TS . If the verification is passed, it removes all the old and new CRPs and secrets from its memory and sends E i4 j , V i5 j , TS to EV j . After verifying the freshness of the received packet, EV j decrypts the message from GS using its secret key, K i j as After that, it verifies the authority of the sender by checking if V i5 j = h m i j ID i+1 j r i1 GS K i j TS holds or not. If the verification is passed, EV j accepts the message otherwise, it discards it. Furthermore, EV j computes its new key K i+1 j = h r i1 GS K i j , and its new ID , for future authentication. Finally, EV j stores K i+1 j and ID i+1 j , and removes K i j and ID i j from its memory. Figure 3 demonstrates a general schema of the proposed protocol. It is worth mentioning that if the output length of the used hash function (SHA-256) is 256 bits, the length size of TS is considered 32 bits, m i j , ID i j , m i n , ID i n , r i2 GS is considered 64 bits, LOC i j , D i j , R i n , r i1 GS is considered 128 bits, K i j , E i j , V i j , E i n , V i n is considered 256 bits, and C i n is considered 530 bits. Therefore, all operands of the Exclusive OR (XOR) operations have same size.
As a brief conclusion, a mutual authentication between GS and CS, and GS and EV is established, and their future keys are agreed in one execution of the proposed protocol. Furthermore, because only EV j and GS has access to K i j , any CS (nor external adversary) cannot get access EV j 's confidential message, current location, and new identity. Therefore, our proposed protocol can provide a good range of privacy for the users in the grid. Last but not least, using PUF leads to ensuring the physical security of the charge stations. More details of the security and performance analysis of the proposed scheme is presented in the following sections.

Security Analysis
In this section, we discuss how the proposed protocol in this paper can resist against different kinds of attack.

Resistance to Eavesdropping and Message Analysis Attack
This kind of attack targets the confidentiality of the vital data, where an adversary may eavesdrop on the communication link and attempt to obtain the transmitted information between EV j and CS n , or CS n and GS. There are no security problems concerning the hashed values or non-encrypted data i.e., V i1 j , ID i j , TS, ID n , V i2 n , C i n , V i3 n , V i4 n , and V i5 j . However, she/he may try to decrypt the encrypted packets, i.e., E i1 j , E i2 n , E i3 n , and E i4 j to get access to private data or secret parameters. While the E i1 j , E i2 n , E i3 n , and E i4 j are encrypted by K i j and R i n , the adversary has to know them to obtain the plaintext. Since K i j is one-time pad secret key known by only EV j and GS, and R i n is a PUF response; a true random and unpredictable key known by only CS n and GS, the adversary will have no chance to discover the encrypted packets. Furthermore, the cryptographic keys (K i j and R i n ) in this paper are updated for every protocol execution that significantly mitigates the vulnerability of the protocol against the brute-force attack. As a result, the proposed scheme is secure against message analysis attack and provides a good level confidentiality.

Resistance to Message Altering Attack
In this kind of attack, an adversary may modify a message, and then send it to one of the entities in the network. For example, if she/he tries to alter E i1 j to E i1 * * j , or more specific, LOC i j and D i j to LOC i * * j and D i * * j , she/he has to compute a hash value V i1 * * j = h LOC i * * j D i * * j K i j ID i j TS to pass the verification. Since the used one-way cryptographic hash function is collision-resistant and the adversary has no access to K i j , her/his chance will be negligible to compute a hash for passing the verification. Therefore, the receiving entity (GS in this case) finds out if the message is altered and discards the received packet. The same is true for E i2 n , E i3 n , and E i4 j , when the adversary tries to alter the corresponding messages. Furthermore, the proposed protocol is secure against a message altering attack, and can provide a good level of message integrity.

Resistance to Impersonation and Message Injection Attack
In this kind of attack, the adversary attempts to impersonate her/himself as a legal entity and then injects her/his forged message. For that, she/he has to compute a hash value to pass the verification as an authorized source of the message. For instance, if she/he tries to impersonate EV j , she/he has to compute a hash value V i1 * * j to pass the verification at the GS side, i.e., V i1 * * j = h LOC i j D i j K i j ID i j TS . Since she/he has no access to K i j , and because of the collision-resistant property of one-way cryptographic hash function, the chance for her/his success will be negligible. Furthermore, if she/he tries to impersonate CS n and inject a forged message to GS, she/he should get access R i n or collide a proper hash value to pass the verification. However, both of them are very hard or impossible for a probabilistic polynomial time (PPT) adversary. By the same analysis, it will be too hard or impossible for PPT adversary to impersonate GS in the proposed protocol. Therefore, our proposed scheme is secure against impersonation and message injection attack.

Resistance to Replay Attack
In the proposed scheme, each EV, EV j , sends its packet E i1 j , V i1 j , ID i j , TS to CS and GS, where TS is a fresh time stamp, ID i j securely varies for each run of protocol, and V i1 j is equal to h LOC i j D i j K i j ID i j TS . Here, when an adversary tries to replay the old messages, her/his replayed message will be detected by GS during the verification of V i1 j . Similarly, when she/he tries to replay a packet between CS and GS, her/his attempt will be detected because of hashing the fresh time timestamp and updated secret values. Therefore, the proposed protocol can resist replay attack.

Resistance to DoS Attack
In this kind of attack, an adversary may overload the network by sending waste and false packets to the all entities of the protocol. She/he may force the targeted party to spend unnecessary or a lot of computations or store vain messages and consequently prevent them from receiving the authentic messages. In our proposed scheme, every entity immediately verifies the received packets by bogus packet in i-th authentication phase, it can easily discards it by executing one hash operation to compute Similarly, CS needs to run one PUF and one hash operation, and EV needs to run on hash operation to discard the bogus messages. Here, the computation cost of logical XOR or locating at database has been ignored. As a result, the proposed protocol has shown a good resistance against DoS attack where an adversary who tries to perform this attack, cannot overload the V2G network.

Resistance to Physical Attack
In this kind of attack, an adversary may attempt to get physically access to a device including the encryption system and then try to obtain the stored secrets on that device's memory. When the adversary successes to perform physical attack, she/he can easily perform various kinds of attacks. It is a reasonable assumption that GS and EVs may have enough hardware protection to prevent the adversaries getting easily access to their devices' memory [32]. However, the CSs are usually located in the open, an adversary can easily capture its memory and obtain the important stored secrets. To prevent this kind of attack, we have used PUF for every CS in the network which causes the CSs remove all the secret parameters after each protocol execution. Therefore, the adversary will obtain nothing after getting access to CS's memory, which makes the proposed protocol secure against the physical attack.

User Privacy Protection
In our proposed protocol, GS generates a new ID for EV j at each authentication phase and sends it securely to EV j (E i4 j = m i j ID i+1 j r i1 GS r i1 GS K i j ). Therefore, EV j uses its ID only once, which it receives securely at the authentication phase. As a result, EV j will have a level of good privacy not only against the external adversaries, but also against corresponding CS and other vehicles within the grid. In other words, only GS is aware of EVs' activities in our protocol. Furthermore, in each EV j 's request to charge/discharge its battery, LOC i j is encrypted by K i j (E i1 j = LOC i j D i j K i j ). Since K i j is only owned by EV j and GS, no other entity will be aware of EV j 's location. As a result, the proposed protocol ensures the ID and location privacy for users.

Performance Evaluation and Comparison
In this section, we evaluate the performance of the proposed protocols and compare them with the closely-related and the most recent and outperforming authentication schemes presented in [29][30][31][32], in terms of communication overhead and computational cost. Furthermore, we provide a feature-based comparison where the security and functionality characterizations of our proposed protocol is compared with other schemes proposed in [29][30][31][32].

Communication Overhead
The total communication overhead of our proposed scheme consists of four parts: the transmitted packets from EV j to CS n , CS n to GS, GS to CS n , and CS n to EV j . The communication overhead for EV j to CS n data transmission is E i1 where |X| indicates the bit-length of message X. The communication overhead for CS n to GS data transmission is The communication overhead for CS n to EV j data transmission is E i4 j + V i5 j + |TS| = 68 B. Therefore, the total communication overhead of our proposed scheme in each protocol execution is 360 B. Figure 4 demonstrates the communication cost of our scheme in comparison with the proposed ones in [29][30][31][32]. According to this Figure 4, our protocol could outperform the proposed schemes in [29,31,32]. The communication cost of proposed scheme in [30] is less than ours, however, the authors of [30] did not consider the communications between CS and GS. Furthermore, our scheme is the only protocol among the proposed ones in [29][30][31][32], which transmits confidential data packets along each the authentication process, which leads to increasing the communication overhead. For having more comprehensive comparison with the scheme proposed in [30], if we only consider the communications between EV and CS, and ignore the confidential data packets in the communication link, then the overall communication of our scheme is 80 B (<<212 B). As a result, and in a nutshell, we can say that the proposed protocol in this paper has good performance in communication overhead.

Computational Cost
In this section, we calculate the computational cost of our protocol and compare it with the schemes presented in [29][30][31][32]. Since GS is assumed to be a server with high computing power, we only consider computational costs for EV and CS sides. For calculating the execution time of each cryptographic operator, the advantage of ArduinoLibs cryptographic library [46] has been taken. For simulating the cryptographic operators on an EV, an ARM Cortex-M3 microcontroller board named AT91SAM3 × 8E has been used, which is equipped with 512 kB flash memory and 96 kB SRAM, and has a clock speed of 84 MHz. To compute the execution times for a CS, the cryptographic operations have been conducted on a 64-bit operating system with processor Intel ® Core™ i7-3612QM CPU @2.10 GHz and 6 GB (5.86 GB usable) RAM. The computed execution time of each cryptographic operation for EV and CS is demonstrated in Table 2. In addition, to compute the execution time of a PUF, we have considered the execution time of 128-bit Arbiter PUF on [47] AT91SAM3X8E. Since the execution time of a Chebyshev polynomial operation is one third of a point multiplication of the elliptic curve [48,49], we computed this value by dividing elliptic curve point multiplication run-time by three, without losing of any generality. In Table 2, T h , T rng , T PUF , T mul , T add , T Chev , T MAC , T m , T enc , T dec , , T Pol , and T Fst represent the execution time of SHA-256 hash function, a pseudo-random number generation, 128-bit Arbiter PUF key generation, an elliptic curve point multiplication, an elliptic curve point addition, the Chebyshev polynomial computation, one MAC operation, a multiplication, AES encryption, AES decryption, and Feistel structure-based encryption, respectively. By discarding the computation complexity of logical XOR, our proposed protocol only executes three one-way hash functions in EV side. This ultra-lightweight design of protocol makes it very proper for EV side communication because of its constrained processing resources. Furthermore, our proposed protocol burdens CS only four one-way hash functions and two PUF operations, which takes a little time for CS (a fraction of one millisecond). Note that CS is usually considered an entity that has slightly more computational power than EV. Tables 3 and 4 demonstrate the number of cryptographic operators used in each protocol run-time for the EV and CS, respectively. According to Table 3, the proposed protocol has the lowest computational cost in the EV side. According to Table 4, although the proposed scheme is the second superior scheme in CS computational cost, it is still far better than the other schemes. Figure 5 depicts the EV side, CS side, and total computational cost of our proposed protocol, in comparison with the ones presented in [29][30][31][32]. As a result, it can be concluded that our scheme has an excellent performance in term of computational cost, especially (best) in the EV side.

Characteristics Comparison
In this section, we present some important security and functional features of our protocol and compare them with the proposed schemes in [29][30][31][32] as demonstrated in Table 5. In this paper F 1 represents data confidentiality, F 2 represents data integrity, F 3 represents replay attack resistance, F 4 represents DoS attack resistance, F 5 represents physical attack resistance, F 6 represents enabling two-way communication, F 7 represents providing identity privacy against external adversary, F 8 represents providing location privacy against external adversary, F 9 represents ensuring privacy of the users against other legal entities in the network, F 10 represents ultra-lightweight design, and F 11 represents providing mutual authentication. Furthermore, the symbols , , and NA specified for each feature in Table 5 indicate ensuring corresponding feature, not ensuring corresponding feature, and that feature has not been investigated, respectively. According to Table 5, the proposed protocol in this paper provides all mentioned important features of the V2G network.  [29] NA NA [30] NA NA NA [31] NA NA NA [32] NA NA Ours

Conclusions
In this paper, we proposed a PUF-based secure authenticated protocol for V2G communications. We modeled a V2G network with three main entities, i.e., EVs, CSs, and GS, and a PPT adversary that can perform different kinds of attacks. The security analysis showed that our scheme may resist all possible known attacks, including eavesdropping and message analysis attack, message altering attack, impersonation and message injection attack, replay attack, DoS attack, physical attack, and different kinds of attack against identity and location privacy. Furthermore, the performance evaluations showed that our protocol has a good performance in communication overhead and excellent performance in computational cost. Especially seeing as each EV only needs to execute only three one-way hash function in our protocol. In addition, we saw, in the feature-based comparison section, that the proposed scheme ensured all important features related to V2G network. As a result, our scheme could create a good trade-off between security and efficiency and propose a real-time and secure authenticated protocol for V2G communications.