Efficient Privacy-Preserving and Secure Authentication for Electric-Vehicle-to-Electric-Vehicle-Charging System Based on ECQV

Abstract

The use of Electric Vehicles (EVs) is almost inevitable in the near future for the sake of the environment and our plant’s long-term sustainability. The availability of an Electric-Vehicle-Charging Station (EVCS) is the key challenge that owners are worried about. Therefore, we suggest benefiting from individual EVs that have excess energy and are willing to share it with other EVs in order to maximize the availability of EVCSs without the need to rely on the existing charging infrastructure. The Internet of Electric Vehicles (IoEV) is gradually gaining traction, allowing for a more efficient and intelligent transportation system by leveraging these capabilities between EVs. However, the IoEV is considered a trustless environment, with untrustworthy trading partners such as data sellers, buyers, and brokers. Data exchanged between the EV and the Energy AGgregator (EAG) or EV/EV can be used to analyze users’ behavior and compromise their privacy. Thus, a Vehicle-to-Vehicle (V2V)-charging system that is both secure and private must be established. Several V2V-charging systems with security and privacy features have been proposed. However, even if the transmitted communications are entirely anonymous, anonymity alone will not prevent the tracking adversary from reconstructing the target vehicle’s route. These systems frequently fail to find a balance between privacy concerns (e.g., trade traceability to achieve anonymity, and so on) and security measures. In this paper, we propose an efficient privacy-preserving and secure authentication based on Elliptic Curve Qu–Vanstone (ECQV) for a V2V-charging system that fulfils the essential requirements and re-authentication protocol in order to reduce the overhead of future authentication processes. The proposed scheme utilizes the ECQV implicit-certificate mechanism to create credentials and authenticate EVs. The proposed protocols provide efficient security and privacy to EVs, as well as an 88% reduction in computational time through re-authentication, as compared to earlier efforts.

1. Introduction

Rapid changes in the transportation industry have occurred in recent years, with a conscious effort to combat climate change and cut Greenhouse-Gas emissions (GHG). This industry is responsible for almost 30% of the world’s GHG emissions, which in return affects air quality. The electrification of the transportation system is gaining popularity because it has several advantages over vehicles powered by an internal combustion engine (ICE), including the use of sustainable energy, reduction in fossil-fuel dependency and consumption, and being GHG-emission free. Hence, the Electric Vehicle (EV) is a suitable solution for dealing with the energy crisis and climatic change [1].

Several countries such as Saudi Arabia have announced that at least 30% of cars in the capital city will be electric by 2030. China seeks to have 25% of new cars in the country be electric by 2025. On the other hand, the United Kingdom plans to stop selling new fossil-fuel cars by 2030 [2]. In 2020, over 10 million electric cars were on the roads throughout the world with 1.3 million publicly available chargers, with 30% of them being fast chargers. As one can see, the rate of growth of the Electric-Vehicle-Charging Station (EVCS) is noticeably slower than that of EVs. Therefore, the availability of EVCSs is the most significant hurdle, which is known as “range anxiety”, that consumers are concerned about (particularly in the United States and the United Kingdom) according to the climate group’s EV100 members [3]. They are anxious that the EV’s energy will be consumed before it reaches its destination. This effect is accentuated on highways and in remote regions, which currently have inadequate charging infrastructure and where drivers travel longer distances than in cities [4]. As a result, EV drivers may find themselves abandoned on the street with little to no charge as well as no nearby charging stations, with no other option but to wait for a tow truck. As the demand for electric vehicles evolves, EV-charging stations must be strategically positioned and properly utilized [5].

In fact, deploying charging stations in every location is both impractical and expensive. As a result, auxiliary solutions to alleviate such a worry must be found, and the bidirectional energy-transfer capabilities of EVs, particularly Vehicle-to-Vehicle (V2V) energy transfer, should be seriously studied. Whenever it is hard or impossible for an EV to access an EVCS, V2V charging enables a source EV to travel in order to satisfy another EV-charging request without the need to rely on existing charging infrastructure [6]. AAA (a US corporation) has made this idea a reality by introducing a fleet of EV-charging trucks in different cities such as Portland, Seattle, San Francisco, Los Angeles, Denver, Phoenix, and Orlando. All of their trucks have generators and level-two chargers, and only a few have CHAdeMO fast chargers [7].

With the rapid evolution and advancement in vehicular telecommunications and technologies, EVs can now create numerous forms of data. Modern EVs have been enhanced with communication and data-sharing/trading capabilities with their surroundings (V2V and Vehicle-to-Infrastructure (V2I)). As a result of utilizing these capabilities between EVs, the Internet of Electric Vehicles (IoEV) is progressively emerging, enabling a more efficient and intelligent transportation system. However, the IoEV is seen as a trustless ecosystem, in which trading partners such as data sellers, buyers, and brokers are not trustworthy. Payments and data sharing may be a subject of dispute between the trading parties [8].

To achieve a V2V energy transfer, the suppliers and receivers must first be matched. The best-fit EV supplier (to meet the charging needs of the demander EV) must be identified once the demander EV has made a request from within their neighborhood. This may be accomplished through centralized control and EV automation in order to interact and maintain their engagement through a local Energy AGgregator (EAG). During the search process, an EV seeking charging can request energy trading (amount and price) from its local EAG, which in turn chooses a supplier EV from a list of options and then matches it to the demander EV. EVs can pay for the service via the web app (perhaps with the help of third-party services such as banks or electricity companies). However, after the peers’ validation and matching by the EAG, the demander/supplier EV peers must physically meet in order to carry out the actual V2V energy transfer and link their batteries via a specifically designed DC–DC converter or through specified V2V-charging piles. Therefore, these EVs must mutually authenticate each other to ensure that no unauthorized demander/supplier EVs arrive and that the agreed-upon amount of energy can be transferred even though one of the EV’s owners is not onsite [9].

While the EV is attached to the charging supplier (EVCS or other EV), it exchanges information with the EAG in a continuous manner. The EV sends sensitive information to the potentially untrustworthy charging supplier (EVCS or other EV), including the EV’s ID, battery status, energy consumed, or geographic location [10]. Adversaries can utilize the submitted data to deduce other sensitive data, such as the EV’s identification information, identities of its occupants, and travel patterns [11]. Because the EV and the EAG connect over the Internet and V2V communication occurs over Dedicated Short-Range Communications (DSRC), the information they share is susceptible to a variety of attacks. These attacks can lead to EVCS malfunctions, money theft, payment-transaction mistakes, and battery-charging inconsistencies, among many other issues. Eavesdropping attacks, Denial-of-Service (DoS) attacks, replay attacks, impersonation attacks, and Man-In-The-Middle (MTIM) attacks are some of the significant attacks that could occur in EV-charging systems [10].

1.1. Problem Statement

With the massive increase in EV adoption, one of its key issues has indeed been EV charging. Several methods of wireless charging for electric vehicles have been considered (e.g., charging while parked [8] and wireless dynamic charging on the move [9]). In addition to the EV’s transportation service, EVs serve as distributed mobile energy storage and can function as both energy consumer and supplier. Advancement in energy-supply systems, combined with the bidirectional communication of EVs, helps to relieve the issue of the energy demand–supply gap, facilitating the reliable and sustainable fulfilment of ongoing energy needs [7]. The privacy of sensitive data is linked to or includes information about a particular individual. However, fine-grained personal-data collection is frequently required for a specific-use case or to comply with legal obligations. Furthermore, a single data item might not be enough to compromise privacy. However, combining data from multiple actors may enable someone to gain access to extra information and, as a result, compromise an individual’s privacy. Unterweger in [12] identified five privacy breaches (e.g., vehicle identification and personal-data sharing). If another entity (other than the client) can utilize the acquired data for an unintended purpose, then a client’s privacy is breached.

The legal authority issues the EV credential, which allows vehicles to be identified as well as authenticated. However, because this credential contains the EV’s true identification, it provides a method of vehicle tracking. Therefore, the privacy of EVs is threatened during energy-trading processes, as the EV’s sensitive and confidential information can be exposed while interacting with an EVCSs or other EVs. Therefore, a solution that balances secure authentication procedures and anonymous communications (privacy) is essential. In previous blockchain approaches, the transactions of energy trading were publicly stored and verified by all network nodes. Moreover, transaction data could be utilized to initiate privacy-related linkage attacks simply by tying it to other publicly available datasets, and there are a variety of data-mining methods and algorithms that could use raw data to conduct attacks.

In Peer-to-Peer (P2P) energy trading between EVs, privacy is still a concern, despite the great benefits of the blockchain in a trustless environment and the transparency of trading. As a result, designing a safe privacy-preserving mechanism for blockchain-based P2P energy trading among EVs is a major challenge. The first concern is to guarantee privacy while maintaining the anonymity of the EV’s confidential information. The second challenge is to use an acceptable approach to conceal the data and energy-trading patterns of EVs [8]. Similarly, patterns that reveal behavioral information are rarely discussed in publications, and trustworthy third parties are frequently exploited to hide flaws in privacy-related implementation [12].

To address these concerns, an Elliptic Curve Qu–Vanstone (ECQV)-based EV system might be developed, providing EV users with confidentiality and simple authentication. The ECQV implicit certificate is required for mutual authentication, key establishment, and key exchange between IoT devices. Several V2V-charging systems with security and privacy features have been proposed. However, even if the transmitted communications are entirely anonymous, anonymity alone will not prevent the tracking adversary from reconstructing the target vehicle’s route. These systems frequently fail to find a balance between privacy concerns (e.g., trade traceability to achieve anonymity, and so on) and security measures.

1.2. Motivation and Contribution

With the goal of meeting the previously specified security and privacy standards, this paper contributes the following:

• Proposes an authentication scheme for an electric-vehicle-to-electric-vehicle-charging system, which provides more secure mutual authentication and efficient privacy preservation based on ECQV.
• Conducts an informal security analysis to indicate the protocol’s security against numerous attacks.
• Computational costs are compared with other related work, demonstrating that our proposed protocol has a better performance.

1.3. Paper Organization

The remainder of the paper is structured as follows: Preliminaries are covered in Section 2. In Section 3, we present a literature review related to the proposed protocol. Section 4 introduces the proposed system. Section 5 discusses the informal security analysis. We compare the security and functional features, as well as the computational cost, to other related schemes in Section 6. Lastly, in Section 7 is the conclusion.

2. Preliminaries

In this section, we discuss the authentication-solution requirements of EV charging, Elliptic-Curve (EC)-based operations, and present the concepts of the Elliptic Curve Qu–Vanstone (ECQV) implicit certificate.

2.1. Solution Requirements

The sustainability and adoption of electric-vehicle-charging systems (including V2V energy trading) require privacy-preserving authentication. Before a V2V-charging system may be deployed, some critical security standards must be addressed. Nevertheless, the current approaches have limitations that pose various problems concerning V2V-charging systems. Thus, the proposed solution should satisfy the parameters listed below:

• Mutual authentication: The system must enable participants to authenticate one another and ensure that communication is built on mutual trust. The demander EV authenticates the supplier EV to confirm its identity and its registration with the electricity OPerator (OP). The supplier EV will simultaneously verify the demander EV’s registration with the OP, using certificates issued by the OP. As a result, the prospect of a masquerade attack should be eliminated [13,14].
• Anonymity: It is the ability to stay anonymous among a group of subjects. The real identity of the EV should not be disclosed to other EVs or the EAG during the V2V-charging process [15]. The ability to keep a subject’s activities untraceable is known as untraceability. Eavesdroppers are unable to deduce or track the activities of the EV [13,14].
• Un-linkability: When an attacker cannot detect if two activities are linked, this is known as un-linkability. Different charging sessions of an EV should be un-linkable, and these different charging sessions should be un-linkable to the EV’s real identity [14,15].
• Traceability: This property enables the trustworthy organization (OP) to identify or disclose the malicious EV’s true identity if necessary [16].
• Perfect forward/backward security: If a long-term private key is compromised, the attacker will not be able to access future/old session keys [17].
• Joint key control: Both the demander and supplier EVs will contribute a random number to generate the session key. Thus, no one other than participating entities receives access to or may obtain any session keys.
• Effective re-authentication: The process whereby the supplier EV re-authenticates the demander EV, if matched again, causes an overhead. Hence, using information provided by a trusted third party (OP) and the EAG, the supplier EV should be able to verify the demander EV just once in the first encounter. For future access, the supplier EV can re-authenticate the demander EV without relying on the OP or EAG.
• Revocation method: If the user’s registration is terminated, or if the EV’s secret key is disclosed, then it is essential to provide the system with a revocation mechanism.
• Attack resistance: Because the connection between EAG/EV and EV/EV is conducted in an insecure environment, an adversary may initiate an attack during the communications. As a result, the proposed solution must be capable of defeating attacks such as modification attacks, impersonation attacks, replay attacks, MITM, etc.
• Non-repudiation: Both the demander and supplier EVs provide proof of delivery in order to thwart participation denial. This is required to ensure that any dispute is resolved fairly [14].

2.2. Elliptic-Curve-Based Operations

Elliptic-Curve Cryptography (ECC) can be used to design the most lightweight public-key cryptographic systems. The algebraic form of ECs over finite fields is the foundation for ECC. In the finite field $F_p$, the curve is characterized by $E_{p\left(a,b\right)}$ and is determined using the formula $y^2=x^3+ax+b$, in which $a$ and $b$ are both constants $\in$ field $F_p$ and $\mathsf{\Delta }=4a^3+27b^2\ne 0$. The $G$ stands for the base point constructor of the curve ($E_{p\left(a,b\right)}$) of prime order $q$. An additive group is formed by all points on $E_{p\left(a,b\right)}$, plus the infinite point. ECC has two main operations: addition and multiplication. The addition operation of two points results in a new EC point $R$, such that $P1+P2=R$. The EC scalar multiplication of $r$ $\in$ $F_p$ with EC point $P$ results in a new EC point $R$, such that $R=rP=\left(R_x, R_y\right)$ where $R_x, R_y$ $\in F_p$ [18].

2.3. ECQV Implicit Certificates

The implicit authentication of the ECQV mechanism offers the advantages of a lightweight certificate, faster computation, and is more suitable for resource-constrained Internet-of-Things (IoT) devices than traditional certificates (such as X.509 certificates) [19]. A traditional certificate demands a signature-verification technique, but an implicit certificate demands a public-key-extraction process, and the latter is significantly faster. The ECQV technique, which is based on Elliptic-Curve Cryptography, is used to create ECQV implicit certificates [20]. The private key can only be derived by the party requesting the security material, therefore not even the Certificate Authority (CA) can access it. Hence, the mechanism is safe from key-escrow attacks. Furthermore, a secure channel is not necessary during the procedure because all variables can be provided via an open channel [21].

3. Literature Review

In this section, we look at some of the most significant security and privacy-preserving V2V-charging solutions. The benefits and drawbacks of various existing security methods, as well as the efforts made in this study to solve the related difficulties, are outlined. The main objective of this work is to develop a secure, privacy-preserving authentication strategy for V2V charging that includes an efficient re-authentication strategy to minimize the authentication-process overhead. Prior work in the fields of security and privacy systems has been investigated to achieve the desired result.

The majority of research [6,22,23,24,25,26] on V2V charging/discharging concentrates on scheduling and coordination algorithms, as well as pricing mechanisms to reduce charging time and expense [27]. An EV-charging model was proposed by Kim et al. (2018) that matches the EV with either an EVCS or another EV in order to charge. They came to the conclusion that collaborating with EVs and CSs is preferable to depending only on EVCSs or V2V [22]. To solve the navigation and matching challenges in cooperative V2V charging, Li et al. (2019) proposed a framework for intelligent V2V navigation [23]. Li et al. (2018) similarly proposed a direct V2V matching for energy trading [24]. The concept of mobile EVCSs (charging trucks) to satisfy EV needs was considered in Kabir et al.’s (2020) routing model [6]. The concern of EV privacy preservation in V2V matching led Yucel et al. (2018) to present a model to address privacy-related issues (mainly location privacy) for a standard stable environment [25] and dynamic environment [26]. Several studies [28,29] used symmetric keys to improve authentication performance but did not guarantee anonymity preservation. Moreover, to preserve the EV’s privacy from third-party nodes, Portunes [30] used utility-issued pseudonyms; however, the utility was aware of the linking map between the pseudonyms and real identity.

The basic Diffie–Hellman (DH) key-agreement protocol is a widely known and deployed protocol to thwart eavesdropping [31]. However, it is also known for being vulnerable to active MITM attacks. This has led to the utilization of different versions of DH which add authentication to both entities to mitigate this kind of attack. Roberts et al. (2017) presented a framework for V2V-charging authentication; they used a secure key-exchange (SKE) protocol to eliminate the use and storage of certificates. This authentication technique enables the participating EVs (supplier and demander) to mutually authenticate each other. Furthermore, it protects against several attacks other than MITM. However, one of the main drawbacks of this protocol is not taking into consideration the EV’s privacy protection (such as anonymity, un-linkability, and traceability) [32].

Blockchain technology has been used in some previous research [8,27,33,34,35,36,37,38,39,40] to decentralize the complex energy-economy networks and P2P energy trade. Blockchain technologies are now mainly led by industry, giving the domain a slightly distinct perspective than previous academic areas. It faces some confusion in terms of pseudonymity, privacy and anonymity. For example, Bitcoin [41] provides pseudonymous transactions; since it is a distributed global public ledger, pseudonyms can be de-anonymized by analyzing blockchain-usage trends [42]. Blockchain technology offers globally verifiable proof of transactions in a distributed database (DB) depending on the time stamps of its transactions and messages. The trustworthiness of these proofs is provided by the underlying cryptographic techniques of hash functions and digital signatures [43].

To maintain and hide the real identity of an EV, every new session the EV can generate a new pair of addresses (pseudonyms) using the relevant public/private keys. Similarly, Aitzhan and Svetinovic (2016) introduced a distributed V2V energy-trading model that offers anonymity and un-linkability. In their model, EVs with excess energy can sell it to other EVs by sending a broadcast to all network nodes, and EVs who are interested in buying the energy can perform the matching procedure according to the price and amount. This may paralyze EVs by flooding them with unwanted requests from different nodes, especially with large numbers of EVs [33].

Kang et al. (2017) likewise used pseudonyms to ensure EVs’ anonymity in a consortium blockchain-based V2V energy-trading system. The elliptic-curve-digital-signature algorithm (ECDSA) is used to initialize the system, and network nodes must register with the TA to obtain their credentials (public/private-key pairs and certificates) [34].

Nevertheless, the distributed system faces several challenges, including high communication overheads throughout the transaction-synchronization process. Due to frequent transactions between P2P nodes, state synchronization becomes inconsistent. A blockchain-based software-defined-network (SDN) framework is being developed by Chaudhary et al. (2019) to overcome these challenges. The underlying SDN architecture reduces network latency and provides real-time service by reducing end-to-end delays. In the framework, each EV has a wallet that serves as an energy-trading account. The wallet is produced by combining the genuine wallet address with a random pseudonym (salt value) to ensure the transaction’s un-linkability. The scheme resists several attacks and provides non-repudiation. However, to be able to trade energy between two EVs, there must be a third EV that works as both an energy broker and a minor node, and the energy trading must happen at a specific location (charging station). These pre-conditions are not convenient after taking into consideration the mobility of EVs; additionally, the specified area may be full, or no other EVs (minor node) may be available. Moreover, the framework does not provide an anonymity feature for participating EVs. In addition, this scheme employs SHA-1 (160 bits), which provides minimal communication costs whilst being vulnerable to collision attacks [35].

Establishing and maintaining a public blockchain among EVs with restricted resources and energy is extremely expensive in the energy market, and the consensus efficiency for all engaged EVs is not encouraging. Furthermore, a private blockchain is managed by a single company, and while it is still a centralized network, it cannot guarantee the accuracy of transaction data. Therefore, Sun et al. (2020) utilized a consortium blockchain to provide security and privacy to a V2V-charging system. ECC and asymmetric algorithms were used to initialize the system. However, the scheme allows energy-node fog (EFN) to generate the EV’s public/private-key pair and store it along with other credentials in the account area. Since the EV’s real identity and sensitive information are not protected, this could lead to security and privacy breaches if the account area became compromised [27].

In another aspect where the EVs can act as energy sellers or buyers to the local EAG, Yahaya et al. (2020) applied consortium blockchain to provide security and privacy for energy trading between entities. The ECDSA, SHA-256, and Boneh–Boyen short signature were used to initialize the system. The participating entities must register with the trusted authority (TA) to obtain their certificates and public/private-key pairs [36]. Similarly, Li and Hu (2019) proposed a V2V energy-trading system based on a consortium blockchain. The asymmetric encryption algorithm offers security, and a set of anonymous key pairs offers privacy. The scheme verifies the entity’s signature to ensure mutual authentication between the EV and EAG, accordingly, and the EAG performs the V2V matching and pre-selects a charging pile for the matched pair. However, it does not provide a mechanism to mutually authenticate the arriving EVs [37].

One of the privacy-protection schemes is the k-anonymity technique, which depends on k EVs to confuse the adversary. Using this technique, Long et al. (2020) proposed a blockchain-based P2P energy-trading scheme to solve the location-privacy issue. The system entities (EVs and EAGs) must register with the TA to obtain their credentials (public/private-key pairs). The TA’s signature on the entity’s public key is used to verify its legality. However, both private-key generation and verification mechanisms threaten the system’s security [38].

To hide trading patterns in EVs, a blockchain-based privacy-preserving approach was offered by Sadiq et al. (2021). They applied bilinear pairing and pseudonyms to provide security and privacy for the EV in a V2V energy-trading system. The demander EV requests energy trading from the roadside unit (RSU), which in turn authenticates the demander EV and assigns a token to its pseudo-ID. The RSU broadcasts the request to the pool of EVs, and the supplier EV that is willing to trade energy shall respond to it. The RSU plays the role of matcher between demander/supplier EVs and assigns token to them. Whenever they arrive at the scheduled charging pile, they authenticate themselves using these tokens. The scheme resists several attacks and provides privacy features such as anonymity and traceability (as the mapping between the EV’s real and pseudo-identity is known by the TA only). However, the TA is responsible for the EV’s private-key generation, which is not secure (if the TA is compromised, then it could lead to the compromise of all EVs). Moreover, the tokens used for authentication are generated by the RSU without both EVs’ contributions, which allows other entities to gain access to the service [8].

Javed et al. (2021) proposed a V2V energy-trading scheme based on blockchain technology. Their scheme includes both public and private blockchain network characteristics. Therefore, it demands prior permission, making the network more secure and preventing malicious nodes from joining. They rely on the TA to issue the EV’s unique identity and public/private-key pairs which could compromise the EV’s security. The scheme uses the EV’s identity to authenticate to the local EAG. However, this is insufficient as there are chances of identity theft (it is rather an identification mechanism than authentication). Hence, the system lacks initial security and privacy requirements in terms of mutual authentication and anonymity [39].

In the blockchain-enabled Internet of Vehicles (BIoV), Cui et al. (2020) introduced a vehicle-to-vehicle (V2V) energy-trading mechanism based on Bayesian game pricing to guarantee security, trustworthiness, and reliability. The scheme utilizes a certificate authority (CA) for entity registration (EVs and RSUs) and issues their credentials (certificates and public/private-key pairs). Entities prove their authenticity to each other using digital certificates [44].

Among all the security requirements, authentication stands out as the most important, considering it is the first line of defense against malicious attacks. Symmetric-key-based authentication and public-key-based authentication are the two types of authentication protocols. Asymmetric cryptography, commonly referred to as public cryptography, is a mechanism for encryption and decryption that uses a key pair, namely public/private keys [45]. On the other hand, symmetric-key cryptography relies on a single key that may be used for both encryption and decryption [46].

It has been proven that in symmetric-key-based authentication systems, such as in [32], simply using XOR and hash operations can provide mutual authentication to participating EVs. However, privacy preservation fails to ensure the EV’s anonymity, traceability, and un-linkability. Moreover, there is no re-authentication mechanism to reduce communication overhead in the authentication process.

Furthermore, according to [47], the group-signature-authentication technique used in [38] has some limitations that need to be assessed during system design, including the distribution mechanism of the private key to the group of EVs, the requirement for the constant changing of the group’s public/private-key pairs, and the key-management mechanism.

Anonymity, pseudonymity, and encryption technology are used in many security protection solutions in V2V networks today. Recent studies and protocols such as [8] used traditional procedures such as bilinear pairings to address the issue of anonymity. These solutions need a significant amount of processing power as well as a significant amount of communication overhead, both of which have a huge impact on the performance–security trade-off [48].

To provide security and anonymity, several blockchain-based electric-vehicle-charging solutions have been introduced. Studies [8,27,34,36,38,39,40] used a certificate to initially register and authenticate, but the EV’s public/private-key pair is generated by the TA, which makes these schemes vulnerable to key-escrow attacks. Whilst blockchain is a promising technology for P2P energy trading, there are still several issues that need to be addressed before it can be widely adopted. These issues involve scalability and security as the number of individuals using P2P energy trading grows. There are also issues related to transaction and verification cost: only ten transactions per second can be processed via blockchain while VISA can process 20,000 transactions per second. Moreover, the individual’s transaction fees and storage costs will raise the overall expense of the blockchain. Development cost, regularization, and government limitations are other issues that blockchain systems need to solve [49].

While authentication is an unavoidable prerequisite for secure communication on vehicular ad hoc networks (VANETs), privacy preservation is also a critical requirement that must not be overlooked. The ability of a person to selectively reveal information to specific people or organizations is known as privacy. During authentication, the EV’s name, address, location, and other information required to issue the certificate should not be exposed to anyone except the relevant authority, such as the CA/TA. As a result, the authentication mechanism must maintain the EV’s privacy and privacy-preserving features such as location tracking, anonymity, un-linkability, and traceability [50].

Due to the resource constraints of IoT devices and the latency-critical nature of VANET applications, Ha et al. (2016) presented an implicit-authentication method based on ECQV. The ECQV implicit certificate is essential for mutual authentication, key generation, and key exchange between IoT devices. Through a computational test, they were able to show that traditional certificates are less suitable for use in resource-constrained IoT devices than ECQV implicit certificates [20]. The impact of authentication overhead in latency-critical apps on EV-driver safety, as well as the extent of this impact, were investigated in Baee et al.’s (2019) study. They also showed that verifying certificates using ECDSA and ECQV over the NIST P-256 curve is a practical solution [51].

Other essential privacy-preserving criteria in VANETs, such as un-linkability and traceability, were overlooked when the prior V2V-charging schemes were designed. Moreover, after observation, we found that the principle of token-based re-authentication for valid EVs in a limited amount of time had been neglected. To our knowledge, no study has used ECQV to authenticate EVs in V2V-charging systems, and we are the first to propose it. As a result, we introduce a lightweight ECQV-based authentication protocol for V2V-charging systems that ensure efficient and secure authentication, re-authentication, and ensure that EV’s privacy is not violated.

4. Proposed System

The proposed authentication protocols that meet the solution requirements are presented in this section. The proposed system’s focus on authentication as payment is outside the scope of this study. The notations used for this scheme’s phases are listed in

Table 1. Notations.

Notations	Meaning
EV	Electric vehicle
$E{V}_D/E{V}_S$	Demander/Supplier electric vehicle
EAG	Energy aggregator
OP	Electricity operator
$E_p$	Elliptic curve (EC) over a finite field, where $p$ is a large prime number
G	Base point in $E_p$ with order $n$
$i{d}_{EV}$,$i{d}_{EAG}$	Real identity of EV/EAG
$k_x, R_x$	EC key pair for entity $x$
$S_x$	Private-key-construction data of entity $x$
$Cer{t}_x$	Certificates of entity $x$
$Si{g}_x$ ($y$)	Signing a message $y$ with entity $x$’s private key
$P{K}_x \left(y\right)$	Encrypting a message $y$ with entity $x$’s public key
$A_x$	Authenticator of entity $x$
$A{H}_x$	Hash of authenticator of entity $x$
$T_x$	Time stamp generated by $x$
TL	Time life
$e$	Hash of certificate
$P{K}_x, P{R}_x$	Public key/Private key for entity $x$
RK, RK’	Registration key between EV and OP/EAG and OP
$Ai{d}_i$	$i\mathrm{th}$ Anonymous identity of EV issued by OP
$Ai{d}_{No}$	Counter of $Ai{d}_i$, incremented by EV
$N_x$	Nonce generated by $x$
$A{T}_{EV}^{EAG}$	An authorization token, issued by EAG to EV
$K_{EV-EAG}$	Symmetric master key shared between EV and EAG
$I{K}_{EV-EAG}$	Symmetric initial key shared between EV and EAG
$T{K}_{EV-EAG}$	Symmetric temporary key shared between EV and EAG
$S{K}_{EV-EAG}$	Symmetric session key shared between EV and EAG
$H(.)$	One-way hash function
$\left(y,x\right)$	Concatenation operation

. The scheme phases are: (1) initialization, (2) registration, (3) authentication, and (4) charging.

4.1. System Architecture

Our solution constitutes an electricity operator (OP), energy aggregator (EAG), electric vehicles (EVs), and smart meter. The proposed architecture is demonstrated in Figure 1, and the following list states the entities in our scheme:

• OP: Any entity (EV or EAG) attempting to join the V2V-charging system must register its identifying information via the OP, which is the initializer of the proposed protocol. Since the OP acts as a certificate producer (trusted third party), authorized EVs can acquire access to other EVs’ energy-trading services and establish trust between them. Furthermore, the OP has the authority to reveal the identities of malicious or misbehaving entities.
• EAG: A data aggregator is a smart device or a collection of connected devices that gathers an available EV’s energy information during charging. It acts as an energy broker and matcher to handle V2V energy-trading requests. Additionally, it manages energy trading and offers wireless communication to EVs and EVCSs. The EAG has an authentication mechanism in place in order to identify authorized EVs and coordinate V2V charging.
• EV: Electric vehicles are smart devices that submit charging requests to the EAG and mutually confirm the EV’s legitimacy to use its services (charging). Depending on their energy needs, EVs act as either energy supplier ($E{V}_S$), demander ($E{V}_D$), or idle EV (do not participate in energy trading). EVs can interact with EAGs for energy trading thanks to the onboard unit’s (OBU) communication and computing capabilities. The $E{V}_S$ offers its excess energy to other electric vehicles in need and receives an incentive in return. Moreover, when the $E{V}_D$ demands energy, it makes a request to the local EAGs. We assume that the communication takes place in this environment via the dedicated-short-range-communication (DSRC) protocol, and the Internet and EV have a controlled-area-network (CAN) bus linked to the charging port.
• Smart meter: It is a device that is used to keep track of and compute the amount of energy exchanged between energy nodes. According to smart-meter statistics, energy demanders pay the suppliers the corresponding amount. For the proposed solution, it is considered that each EV has a smart meter installed within the vehicle. We presume that the EV’s smart meter has a tamper-resistant seal. We assume that the EAG is responsible for reading the traded energy from each EV’s smart meter, and accordingly generates the payment method.

Without the OP’s intervention, the EAG first verifies the EVs ($E{V}_D$/$E{V}_S$) through their $A_{EV}$ signed by the OP and the $Ai{d}_i$ by the EV. Before $E{V}_D$/$E{V}_S$ matching, the EAG authenticates both participants to prevent malicious vehicles from accessing the system. After successful matching and arriving at the scheduled location, the $E{V}_S$ authenticates $E{V}_D$ using the $Ai{d}_{i-D}$ token signed by the OP and $E{V}_D$. On the other hand, the $E{V}_D$ authenticates $E{V}_S$ using the $Ai{d}_{i-S}$ signed by the OP and $E{V}_S$ in order to thwart impersonation attacks. The proposed approach uses ECQV, symmetry, and PKC to establish mutual authentication between $E{V}_D$/$E{V}_S$. The proposed solution allows the reuse of $A{T}_D^S$ for effective re-authentication (similar to [52] and our previous study). The $E{V}_S$ issues $A{T}_D^S$ once it has authenticated $E{V}_D$. Using $A{T}_D^S$ shortens the time it takes to verify $Ai{d}_{i-D}$ in a future charge request. The shortage of public EVCSs is the primary issue in the EV-charging infrastructure. EV owners can share (sell) their vehicle’s excess energy with other EVs in need. In exchange, EV owners can gain incentives by sharing their energy with other EVs.

4.2. Initialization Phase

To set up the network, the OP performs system initialization, which is outlined below:

Step 1

The OP chooses the base point $G$ on the elliptic curve $E_p$ with order $n$, with $n$ being a large prime number. It chooses the curve coefficients $a$ and $b$, $q$ for the field size and $h$ for the cofactor, where $hn$ is the elliptic curve’s number of points (these are the domain parameters for an elliptic curve).

Step 2

A hash function that has been approved $H(.)$ is chosen. During the certificate-request/generation operations, the OP and certificate requester pick the random-number generator that will be used to generate the private keys.

Step 3

The elliptic curve domain parameters are coupled with an EC key pair ($P{R}_{OP}, P{K}_{OP}$) that the OP obtains (constructed in step 1).

Step 4

The EV and EAG acquire the EC domain parameters $H(.)$ and $P{K}_{OP}$ (OP’s public key) in an authentic manner.

4.3. Registration Phase

When an entity (EV or EAG) wishes to use the charging system, they must first create their identities and public/private-key pair. Afterwards, from the OP, they obtain the relevant certificate, authenticator, private-key-construction data, and anonymous identity (for EV only).

4.3.1. EV Registration

Figure 2 illustrates the EV-registration process, which is described in detail below:

Step 1

The EV picks its identity $i{d}_{EV}$ and creates an EC key pair ($k_{EV}, R_{EV}$), with $k_{EV}$ ${ϵ}_R \left[1, \dots , n-1\right]$ and $R_{EV}=k_{EV}.G$. To maintain integrity, it calculates $I_{EV}=h\left(R_{EV}, i{d}_{EV}, N_{EV}\right)$, then encrypts $\left\{i{d}_{EV}, R_{EV}, N_{EV}, I_{EV}\right\}$ with $P{K}_{OP}$ (OP’s public key) and sends it to the OP.

Step 2

The OP uses its private key $P{R}_{OP}$ to obtain the message’s content and verifies $I_{EV}$. Then, it selects $k {ϵ}_R \left[1, \dots , n-1\right]$ and constructs the implicit certificate for the EV ($Cer{t}_{EV}=R_{EV}+kG$). It computes the hash of the certificate $e=h\left(Cer{t}_{EV}\right)$ and the EV’s private-key-construction data $S_{EV}=ek+P{R}_{OP}\left(mod n\right)$. To produce the EV’s pseudo-identity, the OP uses Formula (1) and signs it with the OP’s private key, where the EV’s real identity is hidden with $P{K}_{OP}$ to ensure anonymity, and the pseudo-identity $Ai{d}_i$ is negotiated to be sequentially incremented ($Ai{d}_{No}$) by the EV itself each time it demands a service. Using Formula (2), the OP computes the EV’s authenticator, which contains the issued $Cer{t}_{EV}$, $Ai{d}_i$, as well as its time life ($TL$) signed by the OP’s private key. To maintain integrity, it calculates $A{H}_{EV}=H\left(A_{EV}\right)$. It then calculates a registration key (temporary key) $RK=h(R_{EV},N_{EV}, P{K}_{OP})$ that is exclusively shared by the OP and EV. Then, it encrypts $\left\{A_{EV}, A{H}_{EV}, Ai{d}_i,S_{EV}\right\}$ with $RK$ and sends it to the EV. Finally, the OP should destroy $R_{EV}$, $k$, and $S_{EV}$ to hinder the adversary from obtaining the EV’s secret key.

$$Ai{d}_i=\left\{\left(Si{g}_{OP}\left( P{K}_{OP}\left(i{d}_{EV}\right), TL\right)\right), Ai{d}_{No}\right\}$$

(1)

$$A_{EV}=\left\{Si{g}_{OP}\left(Cer{t}_{EV}, TL, i{d}_{OP}, P{K}_{OP}(i{d}_{EV})\right)\right\}$$

(2)

Step 3

The EV calculates the shared registration key $RK=h(R_{EV},N_{EV}, P{K}_{OP})$ to obtain $A_{EV}, Ai{d}_i$, uses the OP’s public key to verify them, and checks $A{H}_{EV}$. It computes $e=h\left(Cer{t}_{EV}\right)$, and uses Formulas (3) and (4) to construct its private/public-key pair $P{R}_{EV}$/$P{K}_{EV}$.

$$P{R}_{EV}=e.k_{EV}+S_{EV}\left(mod n\right)$$

(3)

$$P{K}_{EV}=e.Cer{t}_{EV}+P{K}_{OP}$$

(4)

To confirm that $P{K}_{EV}$ is valid, it computes $PK{{}^{\prime }}_{EV}=P{R}_{EV}.G$ and then checks if $P{K}_{EV}==PK{{}^{\prime }}_{EV}$ as follows:

$$P{R}_{EV}=e.k_{EV}+S_{EV}\left(mod n\right)$$

From step 18 of Figure 2

$$=e.k_{EV}+\left(e.k+{PR}_{OP}\left(\mathit{mod} n\right)\right)$$

From step 9 of Figure 2

$$=e.(k_{EV}+k)+P{R}_{OP}(mod n)$$

(5)

$${\mathit{Cert}}_{EV}={ R}_{EV}+ \mathit{kG}$$

From step 7 of Figure 2

$$={ k}_{EV}.G+ k.G$$

From step 3 of Figure 2

$$=(k_{EV}+k).G$$

(6)

$${PK}_{EV}= e.{\mathit{Cert}}_{EV}+{ PK}_{OP}$$

From step 19 of Figure 2

$$= e.(k_{EV}+k).G+{ PR}_{OP}.G$$

From Formula (6)

$$= e.((k_{EV}+k)+{ PR}_{OP}).G$$

From Formula (5)

$$=P{R}_{EV }.G$$

(7)

Following the confirmation of $P{K}_{EV}==PK{{}^{\prime }}_{EV}$, the EV signs $Ai{d}_i$ using its own private key. Lastly, the EV encrypts $\{A_{EV}$, $Ai{d}_i\}$ with $P{K}_{EV}$ and stores it in the onboard-unit (OBU) memory, and to thwart adversary acquisition of the EV’s private key, the EV destroys $R_{EV}$, $k_{EV}$, and $S_{EV}$.

4.3.2. EAG Registration

Figure 3 illustrates the EAG-registration process, which is broken down as follows:

Step 1

The EAG picks its identity $i{d}_{EAG}$, and creates the EC key pair ($k_{EAG}, R_{EAG}$) with $k_{EAG}$ ${ϵ}_R \left[1, \dots , n-1\right]$ and $R_{EAG}=k_{EAG}.G$. To maintain integrity, it calculates $I_{EAG}=h\left(R_{EAG}, i{d}_{EAG}, N_{EAG}\right)$. Then, it encrypts $\left\{i{d}_{EAG}, R_{EAG}, N_{EAG}, I_{EAG}\right\}$ with $P{K}_{OP}$ and sends it to the OP.

Step 2

The OP uses its private key $P{R}_{OP}$ to obtain the message’s content and verifies $I_{EAG}$. Then, it selects $k {ϵ}_R \left[1, \dots , n-1\right]$ and constructs the implicit certificate for the EAG ($Cer{t}_{EAG}=R_{EAG}+kG$). It computes the hash of the certificate $e=h\left(Cer{t}_{EAG}\right)$ and the EAG’s private-key-construction data $S_{EAG}=ek+P{R}_{OP}\left(mod n\right)$. Using Formula (8), the OP computes the EAG’s authenticator, which contains the issued $Cer{t}_{EAG}$, $i{d}_{EAG}$, as well as its time life ($TL$) signed by the OP’s private key. To maintain integrity, it calculates $A{H}_{EAG}=H\left(A_{EAG}\right)$. Then, it calculates a registration key (temporary key) $RK{}^{\prime }=h(R_{EAG},N_{EAG}, P{K}_{OP})$ that is exclusively shared by the OP and EAG. Then, it encrypts $\left\{A_{EAG}, A{H}_{EAG},S_{EAG}\right\}$ with $RK{}^{\prime }$ and sends it to the EAG. Finally, the OP should destroy $R_{EAG}$, $k$, and $S_{EAG}$ to hinder an adversary from obtaining the EAG’s secret key.

$$A_{EAG}=\left\{(Si{g}_{OP}\left(Cer{t}_{EAG}, TL, i{d}_{EAG}\right))\right\}$$

(8)

Step 3

The EAG calculates the shared registration key $RK{}^{\prime }=h(R_{EAG},N_{EAG}, P{K}_{OP})$ to obtain $A_{EAG}$, uses the OP’s public key to verify it, and checks $A{H}_{EAG}$. It computes $e=h\left(Cer{t}_{EAG}\right)$ and uses Formulas (9) and (10) to construct its private/public-key pair $P{R}_{EAG}$/$P{K}_{EAG}$.

$$P{R}_{EAG}=e.k_{EAG}+S_{EAG}\left(mod n\right)$$

(9)

$$P{K}_{EAG}=e.Cer{t}_{EAG}+P{K}_{OP}$$

(10)

To confirm that $P{K}_{EAG}$ is valid, it computes $PK{{}^{\prime }}_{EAG}=P{R}_{EAG}.G$, then checks if $P{K}_{EAG}==PK{{}^{\prime }}_{EAG}$ as follows:

$${\mathit{PR}}_{\mathit{EAG}}=e.k_{\mathit{EAG}}+{ S}_{\mathit{EAG}}\left(\mathit{mod} n\right)$$

From step 17 of Figure 3

$$=e.k_{\mathit{EAG}}+\left(e.k+{\mathit{PR}}_{\mathit{OP}}\left(\mathit{mod} n\right)\right)$$

From step 9 of Figure 3

$$=e.(k_{EAG}+k)+P{R}_{OP}(mod n)$$

(11)

$${\mathit{Cert}}_{\mathit{EAG}}={ R}_{\mathit{EAG}}+ \mathit{kG}$$

From step 7 of Figure 3

$$={ k}_{\mathit{EAG}}.G+ k.G$$

From step 3 of Figure 3

$$=(k_{EAG}+k).G$$

(12)

$${\mathit{PK}}_{\mathit{EAG}}= e.{\mathit{Cert}}_{\mathit{EAG}}+{ \mathit{PK}}_{\mathit{OP}}$$

From step 18 of Figure 3

$$= e.(k_{\mathit{EAG}}+k).G+{ \mathit{PR}}_{\mathit{OP}}.G$$

From Formula (12)

$$= e.((k_{\mathit{EAG}}+k)+{ \mathit{PR}}_{\mathit{OP}}).G$$

From Formula (11)

$$=P{R}_{EAG }.G$$

(13)

Following the confirmation of $P{K}_{EAG}==PK{{}^{\prime }}_{EAG}$, the EAG encrypts $\left\{A_{EAG}\right\}$ with $P{K}_{EAG}$ and stores it in memory, and to thwart adversary acquisition of the EAG’s private key, the EAG destroys $R_{EAG}$, $k_{EAG}$, and $S_{EAG}$.

4.4. Authentication Phase

Whenever an EV wants to use the V2V-charging system, the $E{V}_D$ and $E{V}_S$ must authenticate each other and establish a session key. The authentication process can be divided into two categories: First is the mutual authentication, for which the $E{V}_D$ and $E{V}_S$ have not yet built trust between them. As a result, they rely on information provided by a third source that they can trust (OP). Second is lightweight re-authentication, in which the $E{V}_D$ and $E{V}_S$ authenticate each other without the involvement of a third party (OP).

4.4.1. Mutual-Authentication Protocol

The mutual-authentication process is initially conducted once, whereby the $E{V}_S$ depends on the OP’s information to authenticate the $E{V}_D$, unless $Ai{d}_{i-D}$ is expired. The procedure is illustrated in Figure 4, and is as follows:

Step 1

The $E{V}_D$ generates the charging request $C{H}_{EV}=Si{g}_{EV-D}\left(amoun{t}_D, pric{e}_D, distanc{e}_D, TL\right)$, a random number $N_{EV-D}$, and a time stamp $T_{EV-D}$, where “$amoun{t}_D$” states the amount of power needed, “$pric{e}_D$” states the price $E{V}_D$ is willing to pay for the traded energy, and “$distanc{e}_D$” states $E{V}_D$’s distance from the local EAG in order to maintain its current location privacy. To obtain a unique anonymous identity for the session, the $E{V}_D$ sequentially increments the $Ai{d}_{i-D}$ counter (adds 1 to the previous $E{V}_D$’s pseudo-ID) and hashes it. The $E{V}_D$ signs $C{H}_{EV}$ using its private key, encrypts $\left\{C{H}_{EV-D}, A_{EV-D},Ai{d}_{i-D}, N_{EV-D}, T_{EV-D}\right\}$ with $P{K}_{EAG}$, and sends it to the local EAG.

Step 2

The EAG decrypts the message using its own private key $P{R}_{EAG}$ to retrieve the content. It uses the OP’s signature to verify $A_{EV-D}$ and checks $T_{EV-D}$ to ensure it is not a replayed message. Then, it computes $e_{EV-D}=h\left(Cer{t}_{EV-D}\right)$ to extract the $E{V}_D$’s public key $P{K}_{EV-D}=e_{EV-D}.Cer{t}_{EV-D}+P{K}_{OP}$. It verifies $Ai{d}_{i-D}$ by $E{V}_D$’s signature along with the OP’s signature. After verification, the EAG generates a supply request $S{B}_{EV}=Si{g}_{EAG}\left(amoun{t}_D, pric{e}_D,TL\right)$ and broadcasts it to nearby EVs.

Step 3

Nearby EVs that receive the $S{B}_{EV}$ verify the supply request through the EAG’s signature, and EVs with excess energy that are interested in selling it to other EVs generate a random number $N_{EV-S}$, a time stamp $T_{EV-S}$, and $RS{P}_{EV-S}=Si{g}_{EV-S}\left(amoun{t}_S, pric{e}_S,TL\right)$, where “$amoun{t}_S$” is the amount of energy $E{V}_S$ is offering to sell, and “$pric{e}_S$” states the price that $E{V}_S$ is demanding for the traded energy. The $E{V}_S$ signs $RS{P}_{EV-S}$ using its private key and encrypts $\left\{A_{EV-S},Ai{d}_{i-S}, N_{EV-S}, T_{EV-S}, RS{P}_{EV-S}\right\}$ with $P{K}_{EAG}$, then sends it to the local EAG.

Step 4

The EAG decrypts the message using its own private key $P{R}_{EAG}$ to retrieve the content. Then, it uses the OP’s signature to verify $A_{EV-S}$ and checks $T_{EV-S}$ to ensure it is not a replayed message. It computes $e_{EV-S}=h\left(Cer{t}_{EV-S}\right)$ to extract the $E{V}_S$’s public key $P{K}_{EV-S}=e_{EV-S}. Cer{t}_{EV-S}+P{K}_{OP}$. It verifies $Ai{d}_{i-S}$ by the $E{V}_S$’s signature along with OP’s signature. The EAG matches $E{V}_D$ to the best-fit $E{V}_S$ and schedules a V2V-charging location ($Lo{c}_{D-S}$) for them. After matching, the EAG computes $X_{EV}$ and temporary keys $T{K}_{EV-EAG}$ for both sides. For $E{V}_D$, the EAG computes $X_{EV-D}=h\left(P{K}_{EV-S}, N_{EV-S}, T_{EV-S}\right)$ to be further used in the $E{V}_D$/$E{V}_S$ mutual authentication, and computes $T{K}_{EV-D-EAG}=h\left(i{d}_{EAG}, N_{EV-D}, T_{EV-D}\right)$ to protect the transmission of $\left\{P{K}_{EV-S}, X_{EV-D},Ai{d}_{i-S},Lo{c}_{D-S}\right\}$ to $E{V}_D$. For $E{V}_S$, the EAG compute $X_{EV-S}=h\left(P{K}_{EV-D}, N_{EV-D}, T_{EV-D}\right)$ to be further used in $E{V}_D$/$E{V}_S$ mutual authentication, and computes $T{K}_{EV-S-EAG}=h\left(i{d}_{EAG}, N_{EV-S}, T_{EV-S}\right)$ to protect the transmission of $\left\{P{K}_{EV-D}, X_{EV-S},Ai{d}_{i-D},Lo{c}_{D-S}\right\}$ to $E{V}_S$.

Step 5

Both $E{V}_S$/$E{V}_D$ generate their corresponding temporary keys $T{K}_{EV-EAG}$ to retrieve the content of the message. $E{V}_D$ retrieves the matched $E{V}_S$’s public key and verifies its $Ai{d}_{i-S}$ by the $E{V}_S$’s signature and $P{K}_{EV-S}$ that is included in it along with the OP’s signature. When both $E{V}_S$ and $E{V}_D$ arrive at the specified location ($Lo{c}_{D-S}$), $E{V}_D$ generates a new random number $N{{}^{\prime }}_{EV-D}$ and time stamp $T{{}^{\prime }}_{EV-D}$. It then generates the shared master key $K_{EV-D\_S}$ and the first initial key $I{K}_{EV-D-S}$ using Formulas (14) and (15), respectively. Then, it encrypts $\left\{Ai{d}_{i-D}, N{{}^{\prime }}_{EV-D}, T{{}^{\prime }}_{EV-D}\right\}$ with $I{K}_{EV-D-S}$ and sends it to $E{V}_S$ over DSRC.

$$K_{EV-D\_S}=P{R}_{EV-D} . P{K}_{EV-S}=P{R}_{EV-D} . P{R}_{EV-S} .G$$

(14)

$$I{K}_{EV-D-S}=h\left(P{K}_{EV-S}, X_{EV-D},K_{EV-D\_S}\right)$$

(15)

Step 6

$E{V}_S$ generates $X{{}^{\prime }}_{EV-D}=h\left(P{K}_{EV-S}, N_{EV-S}, T_{EV-S}\right)$, the master key $K_{EV-D\_S}$ and the first initial key $I{K}_{EV-D-S}$ using Formulas (14) and (15), respectively. It retrieves $N{{}^{\prime }}_{EV-D}$ and verifies $Ai{d}_{i-D}$ by $E{V}_D$’s signature along with the OP’s signature, and checks the validity of $T{{}^{\prime }}_{EV-D}$ to ensure it is not a replayed message. To obtain a unique anonymous identity for this session, $E{V}_S$ sequentially increments the $Ai{d}_{i-S}$ counter (adds 1 to the previous $E{V}_S$’s pseudo-ID) and hashes it. After verification, $E{V}_S$ generates a new random number $N{{}^{\prime }}_{EV-S}$, a time stamp $T{{}^{\prime }}_{EV-S}$, and the second initial key $I{K}_{EV-S-D}$ using Formula (16). $E{V}_S$ generates $A{T}_D^S$, which is the authorization token for $E{V}_D$, and the session key $S{K}_{EV-D\_S}$ using Formulas (17) and (18), respectively. Then, it sends it to $E{V}_D$ $\left\{A{T}_D^S, {T^{\prime }}_{EV-S}\right\}$ encrypted by $I{K}_{EV-S-D}$, and begins the V2V-charging service for $E{V}_D$, which is protected by $S{K}_{EV-D\_S}$. Lastly, it updates the $Ai{d}_{i-S}$ in the memory.

$$I{K}_{EV-S-D}=h\left(P{K}_{EV-D}, X_{EV-S},K_{EV-D\_S}\right)$$

(16)

$$A{T}_D^S=\{Si{g}_{EV-S}(A{T}_{No}, TL, Ai{d}_{i-S}, P{K}_{EV-S}\left(P{K}_{EV-D}, K_{EV-D_S}\right))\}$$

(17)

$$S{K}_{EV-D\_S}=h\left(K_{EV-D\_S},A{T}_{No}, P{K}_{EV-D}, N{{}^{\prime }}_{EV-D}\right)$$

(18)

Step 7

$E{V}_D$ generates $X{{}^{\prime }}_{EV-S}=h\left(P{K}_{EV-D}, N_{EV-D}, T_{EV-D}\right)$ and the second initial key $I{K}_{EV-S-D}$ using Formula (16) to retrieve $A{T}_D^S$, and checks the validity of ${T^{\prime }}_{EV-S}$. Then, using Formula (18), it generates the session key to be used during the charging session. Lastly, it stores the $A{T}_D^S$ issued by $E{V}_S$ and updates the $Ai{d}_{i-S}$ in the memory. By the completion of this procedure, $E{V}_S$ and $E{V}_D$ will have a trust relationship established and will no longer need to rely on the OP for future session authentication.

4.4.2. Lightweight Mutual-Re-Authentication Protocol

As previously stated, at this point, $E{V}_S$ and $E{V}_D$ should have built a relationship of trust. They can now immediately authenticate each other in future V2V-charging services. This phase (re-authentication phase) can only be used when the $E{V}_D$ has a valid $A{T}_D^S$ and has been scheduled for the same $E{V}_S$ within the last 12 h. Moreover, recalculating all the parameters for a new session key when the user is already trusted is wasteful and time- and energy-consuming. Due to EV mobility, $E{V}_D$ utilizes its local EAG to match its V2V request. If the previous $E{V}_S$ is available and within the EAG’s area, $E{V}_S$ and $E{V}_D$ shall be matched. The following is a full description of the process of effective re-authentication as shown in Figure 5:

Step 1

$E{V}_D$ generates the charging request $C{H}_{EV}=Si{g}_{EV-D}\left(amoun{t}_D, pric{e}_D, distanc{e}_D, TL,Ai{d}_{i-S}\right)$, a random number $N_{EV-D}$, and a time stamp $T_{EV-D}$, where “$amoun{t}_D$” states the amount of power needed, “$pric{e}_D$” states the price $E{V}_D$ is willing to pay for the traded energy, and “$distanc{e}_D$” states $E{V}_D$’s distance from the local EAG in order to maintain its current location privacy. To obtain a unique anonymous identity for this session, $E{V}_D$ sequentially increments the $Ai{d}_{i-D}$ counter (adds 1 to the previous $E{V}_D$’s pseudo-ID) and hashes it. However, since $E{V}_D$ has a valid authorization token $A{T}_D^S$, this time it includes the $Ai{d}_{i-S}$ of the corresponding $E{V}_S$ in the request. $E{V}_D$ signs $C{H}_{EV}$ using its private key and encrypts $\left\{C{H}_{EV-D}, A_{EV-D}, Ai{d}_{i-D}, N_{EV-D}, T_{EV-D}\right\}$ with $P{K}_{EAG}$, then sends it to the local EAG.

Step 2

The EAG decrypts the message using its own private key $P{R}_{EAG}$ to retrieve the content. Then, it uses the OP’s signature to verify $A_{EV-D}$, and checks $T_{EV-D}$ to ensure it is not a replayed message. It computes $e_{EV-D}=h\left(Cer{t}_{EV-D}\right)$ to extract $E{V}_D$’s public key $P{K}_{EV-D}=e_{EV-D}.Cer{t}_{EV-D}+P{K}_{OP}$. Next, it verifies ${Aid}_{i-D}$ by $E{V}_D$’s signature along with the OP’s signature. The EAG checks if the specified $E{V}_S$ is available within its area. After verification, the EAG generates a supply request $S{B}_{EV}=Si{g}_{EAG}\left(amoun{t}_D, pric{e}_D,TL\right)$. and sends it to that $E{V}_S$.

Step 3

The $E{V}_S$ that received the $S{B}_{EV}$ verifies the supply request through the EAG’s signature, and if the $E{V}_S$ has excess energy and is interested in selling it to the other $E{V}_D$, then it generates a time stamp $T_{EV-S}$ and $RS{P}_{EV-S}=Si{g}_{EV-S}\left(amoun{t}_S, pric{e}_S,TL\right)$, where “$amoun{t}_S$” is the amount of energy $E{V}_S$ is offering to sell, and “$pric{e}_S$” states the price $E{V}_S$ is demanding for the traded energy. $E{V}_S$ signs $RS{P}_{EV-S}$ using its private key and encrypts $\left\{A_{EV-S},Ai{d}_{i-S}, T_{EV-S}, RS{P}_{EV-S}\right\}$ with $P{K}_{EAG}$, then sends it to the local EAG.

Step 4

The EAG decrypts the message using its own private key $P{R}_{EAG}$ to retrieve the content. Then, it uses the OP’s signature to verify $A_{EV-S}$, and checks $T_{EV-S}$ to ensure it is not a replayed message. It computes $e_{EV-S}=h\left(Cer{t}_{EV-S}\right)$ to extract $E{V}_S$’s public key $P{K}_{EV-S}=e_{EV-S}.Cer{t}_{EV-S}+P{K}_{OP}$. Next, it verifies $Ai{d}_{i-S}$ by $E{V}_S$’s signature along with the OP’s signature. The EAG matches $E{V}_D$ to $E{V}_S$ and schedules a V2V-charging location ($Lo{c}_{D-S}$) for them. After matching, the EAG computes temporary keys $T{K}_{EV-EAG}$ for both sides. For $E{V}_D$, the EAG computes $T{K}_{EV-D-EAG}=h\left(i{d}_{EAG}, N_{EV-D}, T_{EV-D}\right)$ to protect the transmission of $\left\{P{K}_{EV-S}, Ai{d}_{i-S},Lo{c}_{D-S}\right\}$ to $E{V}_D$. For $E{V}_S$, the EAG compute $T{K}_{EV-S-EAG}=h\left(i{d}_{EAG}, N_{EV-S}, T_{EV-S}\right)$ to protect the transmission of $\left\{P{K}_{EV-D},Ai{d}_{i-D},Lo{c}_{D-S}\right\}$ to $E{V}_S$.

Step 5

Both $E{V}_S$/$E{V}_D$ generate their corresponding temporary keys $T{K}_{EV-EAG}$ to retrieve the content of the message. $E{V}_D$ retrieves the matched $E{V}_S$’s public key and verifies its $Ai{d}_{i-S}$ with the one included within $A{T}_D^S$. When both $E{V}_S$ and $E{V}_D$ arrive at the specified location ($Lo{c}_{D-S}$), $E{V}_D$ generates new random numbers, $N{{}^{\prime }}_{EV-D}$ and $N{{}^{″}}_{EV-D}$, and computes the previous session key using Formula (18), to be used in $Ai{d}_{i-D}, N{{}^{″}}_{EV-D}, T{{}^{\prime }}_{EV-D}$ encryption, and sends $A{T}_D^S$, $N{{}^{\prime }}_{EV-D}$, and $S{K}_{EV-D\_S} \left\{Ai{d}_{i-D}, N{{}^{″}}_{EV-D}, T{{}^{\prime }}_{EV-D}\right\}$ to $E{V}_S$ over DSRC.

Step 6

$E{V}_S$ verifies the validity of $A{T}_D^S$ through the signature $Si{g}_{EV-S}$ using $P{K}_{EV-S}$ and $TL$. It decrypts the $A{T}_D^S$ using $P{R}_{EV-S}$ to retrieve $P{K}_{EV-D}, K_{EV-D\_S}$. $E{V}_S$ needs to compute $S{K}_{EV-D\_S}$ to obtain $Ai{d}_{i-D}, N{{}^{″}}_{EV-D}, T{{}^{\prime }}_{EV-D}$, and to ensure that the $A{T}_D^S$ was sent by the authorized $E{V}_D$. To obtain a unique anonymous identity for this session, $E{V}_S$ sequentially increments the $Ai{d}_{i-S}$ counter (adds 1 to the previous $E{V}_S$’s pseudo-ID) and hashes it. Then, it uses $A{T}_{No}, Ai{d}_{No-D},N{{}^{″}}_{EV-D}, T{{}^{\prime }}_{EV-D}$ to generate the temporary key $T{K}_{EV-D\_S}$ using Formula (19). It then generates $N_{EV-S}$, $T{{}^{\prime }}_{EV-S}$, and a new session key $SK{{}^{\prime }}_{EV-D\_S}$ such as in Formula (20). $E{V}_S$ then sends $\left\{N_{EV-S}, T{{}^{\prime }}_{EV-S}\right\}$ encrypted by $T{K}_{EV-D\_S}$ to $E{V}_D$ and begins the V2V-charging service for $E{V}_D$, which is protected by $SK{{}^{\prime }}_{EV-D\_S}$. Lastly, it updates the $Ai{d}_{i-S}$ in the memory.

$$T{K}_{EV-D\_S}=h\left(A{T}_{No}, Ai{d}_{No-D},N{{}^{″}}_{EV-D}, T{{}^{\prime }}_{EV-D}\right)$$

(19)

$$SK{{}^{\prime }}_{EV-D\_S}=h\left(T{K}_{EV-D\_S}, K_{EV-D\_S}, P{K}_{EV-D}, N_{EV-S}\right)$$

(20)

Step 7

$E{V}_D$ generates the $T{K}_{EV-D\_S}$ to retrieve $N_{EV-S}$ and verifies $T{{}^{\prime }}_{EV-S}$. Then, it generates $SK{{}^{\prime }}_{EV-D\_S}$ using Formula (20), to be used during the charging session, and updates $Ai{d}_{i-D}$.

4.5. V2V-Charging Phase

After successful authentication, $E{V}_D$ connects with the OBU through the CAN bus to unlock the vehicle’s charging port. $E{V}_S$ now plugs its vehicle to $E{V}_D$ and begins charging it. The CHAdeMO protocol, which is utilized by Nissan, Toyota, and others, is an example of how to conduct V2V charging after authentication [53]. The $E{V}_S$ can use CHAdeMO to initiate and control the charging energy-transfer process by interacting with the $E{V}_D$ over the CAN bus. $E{V}_D$ acts as if it is linked to a fast-charging station when it is using this protocol. When the $E{V}_D$ stops charging, the operation is finished. Our proposed scheme focuses on providing a secure authentication mechanism for V2V-charging systems. Hence, we assume that payment might be handled by other schemes since it is beyond our scope.

4.6. Revocation Protocol

The proposed scheme includes a revocation technique to protect entities from impersonation and MITM attacks, as well as to notify them that a parameter is no longer trustworthy, even before its validity period expires. Due to EV mobility and the short lifetime of $A{T}_D^S$ (12 h and can only be used once), it is hard to revoke it. However, the $Ai{d}_i$ token is revoked if the EV suspects it was stolen by an adversary. The procedure for revocation of $Ai{d}_i$is as follows:

Step 1

The EV creates the revocation request for $Ai{d}_i$’s, $Re{v}_{EV-id}=\left\{P{K}_{OP}\left(Si{g}_{EV},Ai{d}_i, RevAid, T_{EV}\right)\right\}$, uses the OP’s public key $P{K}_{OP}$ to encrypt it, and forwards it to the OP.

Step 2

The OP uses its private key $P{R}_{OP}$ to decrypt the revocation request, then verifies $Si{g}_{EV}$ using $P{K}_{EV}$ and $Si{g}_{OP}$, which is within $Ai{d}_i$. The OP should also check whether $T_{EV}$ is valid in order to avoid a replay attack. Finally, the OP changes the status of $Ai{d}_i$ to revoked. Because the EV’s signature is required, the adversary cannot create a fake revocation request.

5. Security Analysis

In this section, we discuss the security analysis of the proposed protocol and carry out informal analysis.

5.1. Informal Security Analysis

The proposed protocol is examined to prove that it meets the design solution requirements.

5.1.1. Mutual Authentication

In the authentication phase, the $E{V}_D$ can ensure that it interacts with the legitimately matched $E{V}_S$ through the validation of the OP’s and $E{V}_S$ signatures on the $Ai{d}_{i-S}$, which is forwarded by the EAG after verification, and through the second initial key $I{K}_{EV-S-D}$, which is constructed by $E{V}_D$’s parameter ($N_{EV-D}, T_{EV-D}$) and submitted to the EAG for a charging request. The $E{V}_S$ can also validate $E{V}_D$ by the OP’s and $E{V}_D$ signatures on the $Ai{d}_{i-D}$, which is forwarded by the EAG after verification, and by the first initial key $I{K}_{EV-D-S}$, which is constructed by $E{V}_S$’s parameter ($N_{EV-S}, T_{EV-S}$) and submitted to the EAG for a trading response. Unlike [37], where they either settled for EV and EAG mutual authentication and did not allow authentication between arriving EVs, or [39], where they used the EV’s identity for authentication purposes (it is rather an identification mechanism than authentication), our proposed protocol ensures mutual authentication for both EV/EAG and EV/EV interactions.

5.1.2. Anonymity

Both the $E{V}_D$/$E{V}_S$ real identities $i{d}_{EV}$ are concealed and encrypted by the OP’s public key $P{K}_{OP}\left(i{d}_{EV}\right)$ within the $Ai{d}_i$, which is created during the registration stage; only the OP has authority to access it in the case of necessity. Hence, $i{d}_{EV}$ cannot be disclosed by either the EAG or any other party (EVs), unlike in [32,39], where they used the EV’s real identity for V2V authentication.

5.1.3. Un-Linkability

Both $E{V}_D$/$E{V}_S$ will have an automatically updated anonymous identity $Ai{d}_i$for each charging session. As the $Ai{d}_i$ is issued by the OP, each V2V-charging request from $E{V}_D$ sequentially increments the previous $Ai{d}_i$ (adds 1), unlike [8,32], where they either used the EV’s real identity or the same pseudo-ID for every new charging request. These strategies allow the adversary to track and compromise the privacy of the targeted EV. However, the proposed protocol sessions cannot be linked to each other as they hold different identities. However, as the proposed protocol utilizes different identities for each session, it thwarts the linkage attacks (cannot be linked together).

5.1.4. Traceability

Even though the real identity of the EV is concealed through encryption $P{K}_{OP}\left(i{d}_{EV}\right)$, the OP is the only entity in the scheme that can reveal $i{d}_{EV}$, so as to maintain the order in the system. In the case of a malicious or misbehaving EV, there is a necessity for $i{d}_{EV}$ disclosure. To secure the system and to function as required by all parties, anonymity should not be absolute, unlike in [38], where they utilized the k-anonymity technique to solve location-privacy issues. However, this technique prevents the TA from knowing the identity of malicious EVs. Our proposed protocol ensures the EV’s anonymity, but at the same time gives the OP the ability to trace it if necessary.

5.1.5. Forward/Backward Security

In the event that an adversary obtains any $S{K}_{EV-D\_S}$, the confidentiality of future/old session keys ($S{K}_{EV-D\_S}$) should not be compromised. For the authentication phase, dynamic session keys are created, which comprise a unique random number $N{{}^{\prime }}_{EV-D}.$ A symmetric initial key ($I{K}_{EV-D-S}$) protect the transmission of $N{{}^{\prime }}_{EV-D}$. For the re-authentication phase, $SK{{}^{\prime }}_{EV-D\_S}$ contains a unique random number $N_{EV-S}$. A symmetric temporary key ($T{K}_{EV-D\_S}$) protects the $N_{EV-S}$, which dynamically updates with a new unique random number $N{{}^{″}}_{EV-D}$ in every new session. Moreover, since the shared master key $K_{EV-D\_S}$ is a long-lasting key (generated from the participant’s $P{K}_{EV}$ and $P{R}_{EV}$), it is eliminated from the encryption of any transmitted message between $E{V}_D$/$E{V}_S$. Each session generates a unique session key; if an adversary can deduce a session key, that key is only legitimate for the current communication. As a result, the proposed protocol ensures both forward and backward security, unlike other schemes such as in [36,44], where they obtained their public/private-key pair from the TA, which threatens the secrecy of their long-term keys and the security of their sessions.

5.1.6. Joint Key Control

The session key $S{K}_{EV-D\_S}$ of the authentication phase and the new session key $SK{{}^{\prime }}_{EV-D\_S}$ for re-authentication, including random numbers $N$, are created by both parties ($E{V}_D$/$E{V}_S$) without the assistance of other parties, even the OP. Moreover, the shared master key $K_{EV-D\_S}$ is created from the combination of both parties’ ($E{V}_D$/$E{V}_S$) private and public keys, therefore only these two parties can obtain the master key. Thus, the proposed protocol allows for cooperative key control, unlike [8,39], where the session key is issued by the RSU or TA.

5.1.7. Non-Repudiation

The demand and supply requests ($C{H}_{EV-D}$, $S{B}_{EV}$, $RS{P}_{EV-S}$) are signed by the sender. As the sender’s signature is needed, participating entities cannot deny the delivery of these requests. Moreover, an adversary cannot generate fake requests as a signature is required.

5.1.8. Effective Re-Authentication

To reduce the required amount of time spent and to minimize the cost each time $E{V}_S$ re-authenticates $E{V}_D$, it issues an authorization token ($A{T}_D^S$) with a lifetime of 48 h and a single usage. For initial authentication, $E{V}_S$ depends on the information provided by the OP (trusted third party) to authenticate $E{V}_D$ once at the first encounter. After that, $E{V}_S$ can directly authenticate $E{V}_D$ without reliance on the OP’s information, as long as it holds a valid $A{T}_D^S$ (valid for one use only), unlike the previous schemes [8,27,32,33,34,35,36,37,38,39,40]. Hence, the proposed protocol allows both parties to establish full trust between them ($E{V}_D$/$E{V}_S$).

5.1.9. Revocation Functionality

To prevent an adversary from misusing stolen token $Ai{d}_i$, or if the EV suspects its$Ai{d}_i$ has been stolen, it can use the revocation protocol to notify OP. Additionally, the token will be regarded as revoked if the EV reports to the OP to revoke its $Ai{d}_i$. The pseudonyms supplied by the service provider were not revocable in related works.

5.1.10. Resist MITM/Replay Attack

In case an adversary acquires $A_{EV-D}$, the $E{V}_D$ private key is needed to produce the shared master key ($K_{EV-D\_S}$) for $E{V}_S$ authentication to be successful. On the other hand, if the adversary acquires $A{T}_D^S$, the possibility to retrieve the master key ($K_{EV-D\_S}$) is zero, as it is included within $A{T}_D^S$ and encrypted using the $E{V}_S$ public key. As a result, without $K_{EV-D\_S}$, the adversary will be unable to produce the session key necessary for an MITM attack. Furthermore, in each communication between the parties, random time stamps and numbers are transmitted to ensure that previous sessions cannot be replayed. Therefore, the proposed protocol protects against replay attacks.

5.1.11. Resist Impersonation Attack

The solution tokens $A_{EV},$ $Ai{d}_i$or $A{T}_D^S$ cannot be generated by an adversary with the EV or OP name since they require the issuer’s signature. Since the issuer’s signature needs to be verified, the $A_{EV},$ $Ai{d}_i$and $A{T}_D^S$ counterfeit is doubtful. Therefore, the proposed protocol prevents an adversary from launching impersonation attacks.

6. Comparison with Related Schemes

In this section, the proposed scheme is compared to similar systems in terms of security and functionality, as well as computational cost. These are recent V2V-charging-system schemes that emphasize secure EV-to-EV communication.

6.1. Security and Functional-Feature Comparison

Table 2. Security feature comparison of proposed protocols and other related works.

Feature/Approach	Sadiq et al. [8]	Sun et al. [27]	Roberts et al. [32]	Aitzhan and Svetinovic [33]	Kang et al. [34]	Chaudhary et al. [35]	Yahaya et al. [36]	Li and Hu [37]	Long et al. [38]	Javed et al. [39]	Cui et al. [44]	Proposed
	2021	2020	2017	2016	2017	2019	2020	2019	2020	2021	2020	2022
Mutual Authentication	✓	✓	✓	✓	✓	✓	✓	×	✓	×	✓	✓
Forward security	×	×	✓	✓	×	×	×	×	×	×	×	✓
Anonymity	✓	×	×	✓	✓	×	×	✓	✓	×	✓	✓
Resist replay attack	✓	✓	✓	✓	✓	✓	✓	✓	×	✓	✓	✓
Resist impersonation attack	✓	×	✓	✓	✓	✓	✓	✓	×	✓	✓	✓
Resist MITM attack	×	×	✓	✓	×	✓	✓	✓	✓	×	×	✓
Un-linkability	×	×	×	✓	✓	✓	✓	✓	×	×	×	✓
Traceability	✓	✓	×	✓	✓	✓	✓	✓	×	✓	×	✓
Effective Re-authentication	×	×	×	×	×	×	×	×	×	×	×	✓
Revocation method	×	×	×	×	×	×	×	×	×	×	×	✓
Joint key control	×	×	×	×	×	×	×	×	×	×	×	✓
Non-Repudation	✓	✓	×	✓	×	✓	✓	✓	✓	✓	✓	✓
Number of Messages (EV)	2	1	5	2	2	3	1	1	1	2	1	2

summarizes the evaluation of the proposed system’s security and functional aspects as well as those of related systems. The solutions in [8,27,34,38,39,40] are vulnerable to well-known attacks. Additionally, the solutions in [8,27,32,36,37,38,39,40] are inappropriate for V2V charging because they lack critical security and privacy features such as forward security, un-linkability, traceability, and effective re-authentication. In [32,35], more messages are required, which raises the communication channel’s overhead. In comparison to previous studies, our proposed scheme meets all the solution requirements.

6.2. Computational Cost Comparison

This section calculates the authentication protocols’ computing overhead based on all the operations provided by the protocols. The EAG has sufficient capabilities to conduct all needed processes due to its high degree of performance. Contrary to the EAG, the EV’s memory and computational resources are limited. Therefore, we must concentrate on the cost of EV computation. The time calculations are based on [54,55], as they stated that a one-way hash function ($T_h$) takes $\approx$ 0.0023 milliseconds (ms), the elliptic-curve encryption ($T_{enc-ecc}$) takes $\approx$ 0.43 ms, the symmetric encryption ($T_{sym}$) takes $\approx$ 0.0046 ms, the scalar multiplication ($T_{sm}$) takes $\approx$ 2.226 ms, and modular exponentiation ($T_{me}$) takes $\approx$ 3.85 ms.

Table 3. Operation’s Timing [54,55].

Notation/ Operation	${\mathit{T}}_{\mathit{e}\mathit{n}\mathit{c}-\mathit{e}\mathit{c}\mathit{c}}/$ Elliptic-Curve Encryption	${\mathit{T}}_{\mathit{h}}/\mathbf{Hash}$	${\mathit{T}}_{\mathit{s}\mathit{y}\mathit{m}}/$ Symmetric	${\mathit{T}}_{\mathit{s}\mathit{m}}/$ Scalar Multiplication	${\mathit{T}}_{\mathit{m}\mathit{e}}/$Modular Exponentiation
Time (ms)	0.43	0.0023	0.0046	2.226	3.85

presents a summary of the timing operations. The computational costs of the proposed protocol and related works are compared in

Table 4. Computational-cost comparison.

Approach/Efficiency Feature	Computational Cost of EV
	Authentication Phase	Re-Authentication Phase
Roberts et al. ‘s scheme [32]	$T_{me}+3T_h\approx 3.8569 \mathrm{ms}$	$T_{me}+3T_h\approx 3.8569 \mathrm{ms}$
Proposed scheme	$T_{enc-ecc}+5T_h+4T_{sym}+2T_{sm} \approx 1.3439 \mathrm{ms}$	$T_{enc-ecc}+4T_h+4T_{sym} \approx 0.4576 \mathrm{ms}$

and Figure 6.

In Roberts et al.’s scheme [32], the authentication phase of the EVs takes $\approx 3.8569$ ms ($T_{me}+3T_h$). The proposed protocol requires $\approx$ $1.3439$ ms ($T_{enc-ecc}+5T_h+4T_{sym}+2T_{sm}$), and it provides better security and privacy preservation for the EV as well as a 65% improvement in computational cost. For the re-authentication process of the EV, the proposed protocol requires $\approx 0.4576$ ms ($T_{enc-ecc}+4T_h+4T_{sym}$), while Roberts et al.’s scheme [32] requires $\approx 3.8569$ ms ($T_{me}+3T_h$). Hence, the proposed re-authentication protocol’s computational cost is roughly 88% lower than the earlier protocol. Given the capabilities of the EV, it is evident that the proposed protocol outperforms the previous protocol.

6.3. Limitations

This section highlights the shortcomings of the proposed solution. This study is limited to the centralized authentication methods of communicating entities for EV-charging systems, hence any other model is not included. Furthermore, we are developing the EV-charging-authentication protocol, which focuses on secure key exchange and privacy protection. As a result, our protocol may not be suitable for all VANET architectures that require more advanced algorithms and are capable of managing systems with higher computational complexity. Additionally, our method attempts to preserve the privacy requirements (anonymity, un-linkability, and traceability) of the EVs involved in the communication, as well as secure key exchange and mutual authentication between entities. The scope of this study does not include EV-charging-service scheduling, routing, coordination, actual energy trading, or payment methods. The following are the study’s limitations:

• The proposed scheme does not consider any parameter that is sent (between entities) and is not relevant to the authentication process in terms of shared key, identity, or security parameters.
• The proposed scheme is limited to the proposed EV-charging architecture, and any IoV architecture that can outperform EV-charging systems in terms of performance is not considered.
• The proposed scheme is a centralized authentication protocol; other authentication models, such as distributed and hybrid, were not investigated.
• The proposed scheme combines asymmetric and symmetric key structures, so any authentication technique based solely on the symmetric-key structure was not considered.

7. Conclusions

In this paper, we propose a privacy-preserving and secure authentication scheme for V2V-charging systems. The scheme fulfils the fundamental requirements as well as a re-authentication protocol to reduce future authentication-process overhead. The ECQV mechanism’s implicit authentication has been utilized to obtain the benefit of a small certificate and faster computation, which is better suited to resource-constrained Internet-of-Things (IoT) devices than a traditional certificate. Informal security analysis was used to show that the proposed protocols can accomplish mutual authentication and meet the solution requirements. The comparison with related work shows that the proposed scheme achieves approximately 65% efficiency in terms of authentication computational cost, and it provides better security and privacy preservation for the EV. Moreover, the proposed re-authentication protocol outperforms Roberts et al.’s scheme [32], with a nearly 88% reduction. For future work, we consider working on an authentication protocol for vehicles selling excess energy to the grid, since it will help EV-charging infrastructure maximize the energy offered during peak hours. In addition, we consider exploring emerging techniques (such as blockchain), how these emerging techniques can comply with ECQV algorithm, and hybrid models in EV-charging authentication.