The growing awareness of environmental sustain-ability has led to new investments in the field of electric vehicles. One of the most expensive and important components of electric vehicles are their batteries, with battery management systems (BMS) being responsible for their control. New regulations, such as those of the European Union, aim to introduce battery passports as a way to track battery lifecycle from manufacturing, over second-life use, to recycling. Given the vast amount of data generated during the lifecycle of a battery, the current research is focused on combining BMS with cloud connectivity. However, not much research has yet been done in the area of BMS cloud security and secure data logging. To address this gap, we propose a novel solution for secure BMS data acquisition for on-premise and cloud environments. In this paper, we make two main contributions: a secure data structure for BMS logging and a secure architecture for transferring BMS data from its source to cloud and end systems. We demonstrate the feasibility of the design by developing a prototype with real components and evaluate it in terms of security and performance.

Wireless battery management systems (BMSs) are increasingly being considered for modern applications. The ever-increasing complexity and production costs of BMS modules and wired connections resulted in a necessity for new ideas and approaches. Despite this growing trend, there is a lack of generic solutions focused on battery cells’ sensor readout, where wireless communication allows for a more flexible and cost-efficient sensor installation in battery packs. Many wireless technologies, such as those that use the 2.4GHz frequency band, suffer from interference and other limitations. In this article, we present an alternative approach to communication in BMS that relies on the use of near field communication (NFC) technology for battery sensor readouts. As an answer to the rising concern over the counterfeited battery packs, we consider an authentication schema for battery pack validation. We further consider security measures for the processed and stored BMS status data. To show that a general BMS application can make use of our design, we implement a BMS demonstrator using the targeted components. We further test the demonstrator on the technical and functional level, by also performing evaluation on its performance, energy usage, and a security threat model.

Battery management systems (BMS) are becoming increasingly important in the modern age, where clean energy awareness is getting more prominent. They are responsible for controlling large battery packs in modern electric vehicles. Today, conventional solutions rely only on a wired design, which adds manufacturing cost and complexity. Recent research has considered wireless solutions for the BMS. However, it is still challenging to develop a solution that considers both the active in-vehicle and the external second-life applications. The battery passport initiative aims to keep track of the batteries, both during active and inactive use cases. There is a need to provide a secure design while considering energy and cost-efficient solutions. We aim to fill this gap by proposing a wireless solution based on near-field communication (NFC) that extends previous work and provides a unified architecture for both use cases. To provide protection against common wireless threats, an advanced security analysis is performed, as well as a system design analysis for the wake-up process that reduces the daily power consumption of the stored battery packs from milli- to microwatts.

Implicit certificates are gaining ever more prominence in constrained embedded devices, in both the internet of things (IoT) and automotive domains. They present a resource-efficient security solution against common threat concerns. The computational requirements are not the main issue anymore, with the focus now shifting to determining a good balance between the provided security level and the derived threat model. A security aspect that often gets overlooked is the establishment of secure communication sessions, as most design solutions are based only on the use of static key derivation, and therefore lack the perfect forward secrecy. This leaves the transmitted data open for potential future exposures as keys are tied to the certificates rather than the communication sessions. We aim to close this gap and present a design that utilizes the Station to Station (STS) protocol with implicit certificates. In addition, we propose potential protocol optimization implementation steps and run a comprehensive study on the performance and security level between the proposed design and the state-of-the-art key derivation protocols. In our comparative study, we show that we are able to mitigate many session-related security vulnerabilities that would otherwise remain open with only a slight computational increase of 20% compared to a static elliptic curve digital signature algorithm (ECDSA) key derivation.

With the advent of clean energy awareness and systems that rely on extensive battery use, Battery Management Systems (BMSs) have seen an increased inclusion in modern complex systems like electric vehicles and power grids. This has presented a new set of security-related challenges. Security concerns arise when BMSs are intended to extend their communication with external systems, as their interaction can leave many backdoors open that potential attackers could exploit. Consequently, we explore and propose a security architecture solution intended for the authentication and session key establishment between BMS and other system devices. The aim of the proposed architecture is to be applicable in different industrial settings and systems, while at the same time keeping the design lightweight in nature. To achieve this, we use the implicit certificates with the ECQV schema. We show the applicability of the design through a security and performance analysis of our implemented test setup.

In modern systems that rely on the use of battery management systems (BMS), longevity and the re-use of battery packs have always been important topics of discussion. These battery packs would require warehouse storage together with adequate monitoring and configuration prior to their reintegration into new systems. Traditional use of wired connections can be very cumbersome, and sometimes even impossible, due to the outer layers and packaging. To circumvent these issues, we propose an extension to the conventional BMS design that incorporates the use of near field communication (NFC) for the purpose of wireless battery pack status readout. Additionally, to ensure that these packs are only managed by authenticated devices and that the data communicated with is protected against outside eavesdropping and tampering, we present a solution in the form of a lightweight security layer on top of the NFC protocol. To show the feasibility of our design, an accompanying prototype has been implemented and evaluated.

In the last several years, wireless Battery Management Systems (BMS) have slowly become a topic of interest from both academia and industry. It came from a necessity derived from the increased production and use in different systems, including electric vehicles. Wireless communication allows for a more flexible and cost-efficient sensor installation in battery packs. However, many wireless technologies, such as those that use the 2.4 GHz frequency band, suffer from interference limitations that need to be addressed. In this paper, we present an alternative approach to communication in BMS that relies on the use of Near Field Communication (NFC) technology for battery sensor readouts. Due to a vital concern over the counterfeited battery pack products, security measures are also considered. To this end, we propose the use of an effective and easy to integrate authentication schema that is supported by dedicated NFC devices. To test the usability of our design, a demonstrator using the targeted devices was implemented and evaluated.

With the advent of modern embedded systems, logging as a process is becoming more and more prevalent for diagnostic and analytic services. Traditionally, storage and managing of the logged data are generally kept as a part of one entity together with the main logic components. In systems that implement network connections, this activity is usually handled over a remote device. However, enabling remote connection is still considered a limiting factor for many embedded devices due to the demanding production cost. A significant challenge is presented to vendors who need to decide how the data will be extracted and handled for an embedded platform during the design concept phase. It is generally desirable that logging memory modules are able to be addressed as separate units. These devices need to be appropriately secured and verifiable on a different system since data compromise can lead to enormous privacy and even financial losses. In this paper, we present two patterns. First, a pattern that allows flexible logging operation design in terms of module and interface responsibility separation. Second, a pattern for the design of secure logging processes during the utilization of constrained embedded devices. The introduced patterns fulfil the following conditions: (i) flexibility – design is independent of the chip vendors making the logging memory modules easily replaceable, (ii) self-sufficiency – every logging controller is maintained as a separate entity in a decentralized topology, (iii) security – through providing authenticity, confidentiality, and integrity by means of using a dedicated security module.

An increasing amount of sensory data, often of confidential nature, is exchanged day by day: from the sensor and actuator layers over smart gateways to the business logic and analytics level. Robust yet efficient security measures play an essential role in this interaction. However, the complexity of securely connecting different building blocks of a distributed, multi-layered systems is considerable. Security methodologies are often applied at a late stage of system development, posing problems such as inappropriate security levels, performance issues, and longer time-to-market cycles. Addressing possible security properties already in the design phase of a security-critical system helps to mitigate these problems. In this paper, we discuss a distributed, multi-layered IoT data collection system that enables data aggregation and exchange from the embedded level up to different cloud instances while supporting end-to-end secured communication. The system was designed in the course of a case study where we used a design-space-exploration tool for identifying secure processes in regard to key management and distribution. Based on our analysis results, a distributed proof of concept was developed. Subsequently, the most critical processes of the individual layers were evaluated regarding security and execution speed.

—Nowadays, sensor networks are widely used. To create new hardware for these networks, simulations are used. These simulations help during the design of the sensor nodes by providing information about internal states, power usage, and expected lifetime. They are useful to design one piece of hardware, however they are cumbersome when multiple of such hardware simulation instances need to interact with each other. This paper explores the possibility of starting multiple instances of a hardware simulation and connecting these via a simulation of the environment they will be used in.