The global surge in electric vehicle(EV)adoption is proportionally expanding the EV charging station(EVCS)infrastructure,thereby increasing the attack surface and potential impact of security breaches within this crit...The global surge in electric vehicle(EV)adoption is proportionally expanding the EV charging station(EVCS)infrastructure,thereby increasing the attack surface and potential impact of security breaches within this critical ecosystem.While ISO 15118 standardizes EV-EVCS communication,its underspecified security guidelines and the variability in manufacturers’implementations frequently result in vulnerabilities that can disrupt charging services,compromise user data,or affect power grid stability.This research introduces a systematic black-box fuzzing methodology,accompanied by an open-source tool,to proactively identify and mitigate such security flaws in EVCS firmware operating under ISO 15118.The proposed approach systematically evaluates EVCS behavior by leveraging the state machine defined in the ISO 15118 standard for test case generation and execution,enabling platform-agnostic testing at the application layer.Message sequences,corresponding to valid andmutated traversals of the protocol’s state machine,are generated to uncover logical errors and improper input handling.Themethodology comprises state-aware initial sequence generation,simulated V2G session establishment,targeted message mutation correlated with defined protocol states,and rigorous response analysis to detect anomalies and system crashes.Experimental validation on an open-source EVCS implementation identified five vulnerabilities.These included session integrity weaknesses allowing unauthorized interruptions,billing manipulation through invalid metering data acceptance,and resource exhaustion vulnerabilities from specific parameter malformations leading to denial-of-service.The findings confirm the proposed method’s capability in pinpointing vulnerabilities often overlooked by standard conformance tests,thus offering a robust and practical solution for enhancing the security and resilience of the rapidly growing EV charging infrastructure.展开更多
Since the Internet of Things(IoT) secret information is easy to leak in data transfer,a data secure transmission model based on compressed sensing(CS) and digital watermarking technology is proposed here. Firstly,...Since the Internet of Things(IoT) secret information is easy to leak in data transfer,a data secure transmission model based on compressed sensing(CS) and digital watermarking technology is proposed here. Firstly, for node coding end, the digital watermarking technology is used to embed secret information in the conventional data carrier. Secondly, these data are reused to build the target transfer data by the CS algorithm which are called observed signals. Thirdly, these signals are transmitted to the base station through the wireless channel. After obtaining these observed signals, the decoder reconstructs the data carrier containing privacy information. Finally, the privacy information is obtained by digital watermark extraction algorithm to achieve the secret transmission of signals. By adopting the watermarking and compression sensing to hide secret information in the end of node code, the algorithm complexity and energy consumption are reduced. Meanwhile, the security of secret information is increased.The simulation results show that the method is able to accurately reconstruct the original signal and the energy consumption of the sensor node is also reduced significantly in consideration of the packet loss.展开更多
With the large scale adoption of Internet of Things(IoT)applications in people’s lives and industrial manufacturing processes,IoT security has become an important problem today.IoT security significantly relies on th...With the large scale adoption of Internet of Things(IoT)applications in people’s lives and industrial manufacturing processes,IoT security has become an important problem today.IoT security significantly relies on the security of the underlying hardware chip,which often contains critical information,such as encryption key.To understand existing IoT chip security,this study analyzes the security of an IoT security chip that has obtained an Arm Platform Security Architecture(PSA)Level 2 certification.Our analysis shows that the chip leaks part of the encryption key and presents a considerable security risk.Specifically,we use commodity equipment to collect electromagnetic traces of the chip.Using a statistical T-test,we find that the target chip has physical leakage during the AES encryption process.We further use correlation analysis to locate the detailed encryption interval in the collected electromagnetic trace for the Advanced Encryption Standard(AES)encryption operation.On the basis of the intermediate value correlation analysis,we recover half of the 16-byte AES encryption key.We repeat the process for three different tests;in all the tests,we obtain the same result,and we recover around 8 bytes of the 16-byte AES encryption key.Therefore,experimental results indicate that despite the Arm PSA Level 2 certification,the target security chip still suffers from physical leakage.Upper layer application developers should impose strong security mechanisms in addition to those of the chip itself to ensure IoT application security.展开更多
Attribute-Based Encryption(ABE)secures data by tying decryption rights to user attributes instead of identities,enabling fine-grained access control.However,many ABE schemes are unsuitable for Internet of Things(IoT)d...Attribute-Based Encryption(ABE)secures data by tying decryption rights to user attributes instead of identities,enabling fine-grained access control.However,many ABE schemes are unsuitable for Internet of Things(IoT)due to limited device resources.This paper critically surveys ABE schemes developed specifically for IoT over the past decade,examining their evolution,strengths,limitations,and access control capabilities.It provides insights into their security,effectiveness,and real-world applicability,highlights the current state of ABE in securing IoT data and access,and discusses remaining challenges and open issues.展开更多
基金support of the Korea Internet&Security Agency(KISA)—Information Security Specialized University Support Project(50%)supported by a grant from the Korea Electric Power Corporation(R24XO01-4,50%)for basic research and development projects starting in 2024.
文摘The global surge in electric vehicle(EV)adoption is proportionally expanding the EV charging station(EVCS)infrastructure,thereby increasing the attack surface and potential impact of security breaches within this critical ecosystem.While ISO 15118 standardizes EV-EVCS communication,its underspecified security guidelines and the variability in manufacturers’implementations frequently result in vulnerabilities that can disrupt charging services,compromise user data,or affect power grid stability.This research introduces a systematic black-box fuzzing methodology,accompanied by an open-source tool,to proactively identify and mitigate such security flaws in EVCS firmware operating under ISO 15118.The proposed approach systematically evaluates EVCS behavior by leveraging the state machine defined in the ISO 15118 standard for test case generation and execution,enabling platform-agnostic testing at the application layer.Message sequences,corresponding to valid andmutated traversals of the protocol’s state machine,are generated to uncover logical errors and improper input handling.Themethodology comprises state-aware initial sequence generation,simulated V2G session establishment,targeted message mutation correlated with defined protocol states,and rigorous response analysis to detect anomalies and system crashes.Experimental validation on an open-source EVCS implementation identified five vulnerabilities.These included session integrity weaknesses allowing unauthorized interruptions,billing manipulation through invalid metering data acceptance,and resource exhaustion vulnerabilities from specific parameter malformations leading to denial-of-service.The findings confirm the proposed method’s capability in pinpointing vulnerabilities often overlooked by standard conformance tests,thus offering a robust and practical solution for enhancing the security and resilience of the rapidly growing EV charging infrastructure.
基金Supported by the Foundation of Tianjin for Science and Technology Innovation(10FDZDGX00400,11ZCKFGX00900)Key Project of Educational Reform Foundation of Tianjin Municipal Education Commission(C03-0809)
文摘Since the Internet of Things(IoT) secret information is easy to leak in data transfer,a data secure transmission model based on compressed sensing(CS) and digital watermarking technology is proposed here. Firstly, for node coding end, the digital watermarking technology is used to embed secret information in the conventional data carrier. Secondly, these data are reused to build the target transfer data by the CS algorithm which are called observed signals. Thirdly, these signals are transmitted to the base station through the wireless channel. After obtaining these observed signals, the decoder reconstructs the data carrier containing privacy information. Finally, the privacy information is obtained by digital watermark extraction algorithm to achieve the secret transmission of signals. By adopting the watermarking and compression sensing to hide secret information in the end of node code, the algorithm complexity and energy consumption are reduced. Meanwhile, the security of secret information is increased.The simulation results show that the method is able to accurately reconstruct the original signal and the energy consumption of the sensor node is also reduced significantly in consideration of the packet loss.
基金This work was partially supported by the National Natural Science Foundation of China(Nos.61872243 and U1713212)Guangdong Basic and Applied Basic Research Foundation(No.2020A1515011489)+1 种基金the Natural Science Foundation of Guangdong Province-Outstanding Youth Program(No.2019B151502018)Shenzhen Science and Technology Innovation Commission(No.R2020A045).
文摘With the large scale adoption of Internet of Things(IoT)applications in people’s lives and industrial manufacturing processes,IoT security has become an important problem today.IoT security significantly relies on the security of the underlying hardware chip,which often contains critical information,such as encryption key.To understand existing IoT chip security,this study analyzes the security of an IoT security chip that has obtained an Arm Platform Security Architecture(PSA)Level 2 certification.Our analysis shows that the chip leaks part of the encryption key and presents a considerable security risk.Specifically,we use commodity equipment to collect electromagnetic traces of the chip.Using a statistical T-test,we find that the target chip has physical leakage during the AES encryption process.We further use correlation analysis to locate the detailed encryption interval in the collected electromagnetic trace for the Advanced Encryption Standard(AES)encryption operation.On the basis of the intermediate value correlation analysis,we recover half of the 16-byte AES encryption key.We repeat the process for three different tests;in all the tests,we obtain the same result,and we recover around 8 bytes of the 16-byte AES encryption key.Therefore,experimental results indicate that despite the Arm PSA Level 2 certification,the target security chip still suffers from physical leakage.Upper layer application developers should impose strong security mechanisms in addition to those of the chip itself to ensure IoT application security.
文摘Attribute-Based Encryption(ABE)secures data by tying decryption rights to user attributes instead of identities,enabling fine-grained access control.However,many ABE schemes are unsuitable for Internet of Things(IoT)due to limited device resources.This paper critically surveys ABE schemes developed specifically for IoT over the past decade,examining their evolution,strengths,limitations,and access control capabilities.It provides insights into their security,effectiveness,and real-world applicability,highlights the current state of ABE in securing IoT data and access,and discusses remaining challenges and open issues.
