I know where you charged last summer
RUB researchers develop privacy-enhancing solutions for charging electric cars
by Tilman Frosch
January 31, 2014
In 2011, the German newspaper “Die ZEIT” published the movement profile of Malte Spitz, a Green Party politician, that had been extracted from his mobile phone data, thus drawing the public’s attention to this technology’s major drawback. Each mobile phone user leaves a data trail behind and can therefore be traced. The same thing might be in store for electric car users. And yet it all seems so simple: hold your RFID card over the charging station’s reader or connect the plug (fig. 1). Charging an electric car is straightforward and, according to the Federal Government’s plans, will become routine for at least one million people from 2020 on. However, each charging is accompanied by a plethora of complex processes that happen in the background; the system saves information on when and where charging took place and by which customer – a privacy hazard. Electric cars are charged more often than conventional cars are fuelled up, because the expensive car battery should not be completely discharged. Electric car dealers therefore often advise their clients to recharge whenever possible.
The user’s RFID card is proof of identity at the charging station. Thus, location-related and personal data find their way into the billing system. © RUBIN, photo: Nelle
Experience has shown that problems that are not identified until late, such as data trails of mobile phone users, are often rooted deeply within a technology’s actual design. In new technological areas such as electromobility, it is therefore vital to ensure that data security is incorporated into the design from the outset. In the course of the project “SecMobil”, supported by the German Federal Ministry of Economics and Technology, we are researching secure electromobility solutions. An important aspect is a privacy-enhancing charging infrastructure. Just like roaming in mobile communication, customers will be able to charge their cars at the stations of different providers who clear the costs via a clearing house.
The simplest solution would be if customers were anonymous. They could pay for the energy for their electric cars in cash, would not leave a data trail and nothing would have to be cleared, as the money would end up directly at the provider who supplied the electricity. However, cash logistics results in costs for the charging station providers. If the charging stations are spread across a large area in the public space, a central pick-up point for a cash transport service does not exist. Rather, the transport service would have to call at each station individually. These costs can be avoided if customers simply identified themselves at the charging station with their RFID card and received an invoice at the end of each month. Each utility company does already have the infrastructure necessary for issuing invoices. Therefore, customers are known by name and address.
If the customer cannot remain anonymous, is it possible for the charging station to be so? Our aim is to transfer and store the accounting data authentically, without the provider being able to track where the charging took place. The tools we use for this purpose are cryptographic methods, i.e. efficient encryption methods and modern digital signatures.
At the same time, we must also consider the legal aspects. If, for example, a user wants to appeal against his or her invoice in court, certain location-related data, such as the metre numbers, are necessary to resolve the issue. Using these data, one can determine if the energy metre at a charging station had been correctly calibrated and, consequently, if it had measured the customer’s energy consumption correctly. If we want to apply our system in practice, we have to reconcile data protection and data security with legal regulations. To this end, we are collaborating with project partners from the Institute for Mining and Energy Law as well as with colleagues from the Faculty of Law who deal with IT law.
An important legal aspect is the following: the charging station provider must be able to prove that he had sold a certain energy volume to a customer. Digital signatures are frequently used in order to provide such a proof and to ensure that a message or a data set has not been altered. The individual providing such a signature thus confirms that they are the sender. In order to prove that the billing data is correct, the public charging station would transmit a digital signature alongside the billing data to the provider. Unless there is a legal dispute, the provider would not have to know which station has actually generated those data. He only requires proof that the correct data were transmitted by one of the authorised stations.
Secure, privacy-enhancing and convenient to use: the RUB researchers’ system enables customers to use charging stations of different electricity suppliers. The data for the invoice are transmitted via the Tor network (info 1) to the clearing house. A digital signature confirms the validity of the data. As this is a group signature, the customer cannot be directly linked to one particular charging station. © petovarga/Fotolia.com, oliman1st/Fotolia.com, denis_pc/Fotolia.com
In addition to conventional digital signatures, our toolbox of cryptographic methods also contains group signature schemes. In these schemes there are no individual authorised senders, but groups thereof. However, there are mechanisms in place to determine which authorised group member, i.e. which charging station, has generated the signature. In order to be able to discover fradulent use, many group signature schemes operate with a trusted third party, a so-called opener, which may be described as a kind of notary. That opener alone is permitted to open an additionally secured section of the signature. That section contains the name of the actual group member, namely the charging station that has generated the signature.
For our system (fig. 2), we have chosen eXtremely Small Group Signatures (XSGS). XSGS require little storage space and the process is comparably fast. We then modified the signature scheme to be able to comply with legal requirements: through a slight modification, location-related data such as metre numbers can be incorporated into that section of the signature that only the opener can decrypt. They are thus cryptographically protected, while it is possible, at the same time, to legally solve potential disputes regarding billing data with the opener’s aid.
This is how the Tor network, a so-called Onion Routing system, works. © RUBIN/jet_spider – iStock/opka – Fotolia.com
Data transfer from the charging station to the clearing house is protected by a provable secure version of the encryption protocol TLS. To ensure that the charging station’s anonymity is not compromised on the network level, we use the Tor network in order to conceal the sender of the respective message (fig. 3).
For the customers, such a system works pretty much like an itemised telephone bill: the default is that the energy supplier does not know the individual charging processes; with the customer’s permission or by special court order, the complete data regarding the individual processes may be disclosed.
At present, our solution is in an early prototype stage. Charging infrastructure for electric cars, too, is worldwide in its infancy – an ideal opportunity to incorporate data protection and data security into the design process.
TLS: TRANSPORT LAYER SECURITY
The security protocol Transport Layer Security (TLS) is utilised, for example, to protect online banking transactions. If a HTTP connection is TLS-protected, the web browser usually displays a small lock symbol in the address bar. The TLS version deployed here (TLS-DHE) ensures high security standards. In practice, weaker TLS versions are still being used, but TLS-DHE is becoming increasingly prevalent.
ONION ROUTING WITH THE TOR NETWORK
The Tor network is the most popular Onion Routing system today. Here is how Onion Routing works in simple terms: Mr A would like to tip off the cartel office anonymously. He puts his message in an envelope and addresses it to the cartel office. He then puts that envelope together with a request to forward it to that address into a second envelope and addresses it to Mrs D. That envelope (plus the request to forward it) is put into yet another envelope and addressed to Mr C. He repeats that step another time with another envelope, addressed to Mrs B. Mrs B receives the envelope, opens it and does as requested by A, i.e. she forwards the letter it contains. Mr C, who receives the letter from B, does the same. Eventually, Mrs D sends the letter to the cartel office. Since every participant knows only their respective predecessor and successor, the final recipient does not know the initial sender. Instead of envelopes, Onion Routing networks deploy powerful encryption that can only be decrypted by the respective addressee.