A zero trust and blockchain-based defense model for smart electric vehicle chargers

Abstract

Electric vehicles (EVs) have rapidly developed over the last decade due to their environmental benefits. As a key component of EVs, electric vehicle chargers are becoming increasingly digital and intelligent. However, due to the vast attack surface and the lack of systematic study, EV chargers and charging management cloud platforms are facing cyber security problems. These problems include weak cryptographic mechanisms, insecure data communication, and malicious firmware attacks. Through specific vulnerabilities, attackers can tamper with the data communication or replay network requests between EV chargers and cloud platforms. It will cause threats such as user-level privacy leakage, power fluctuations in the smart grid, and damage to Electric vehicles, damaging public life and property safety. Given the above, this paper proposes a security protection scheme incorporating blockchain, zero trust, and ShangMi cryptographic (SM) algorithms. The scheme uses Hyperledger Fabric for key management and trust evaluation event storage to guarantee the authenticity, non-repudiation, and tamper-proof of keys and events. In addition, zero trust is applied to secure valuable resources and enforce identity and access management (IAM) for accessing entities. We adopt the dynamic trust evaluation method to assess the trustworthiness of accessing entities in real time to implement dynamic authorization. Furthermore, the SM algorithms SM2, SM3, and SM4 are used to protect data confidentiality, integrity, and authenticity. Experimental results demonstrate that our scheme can effectively resist replay and tampering attacks, securing data communication between EV chargers and cloud platforms. And the performance of the cryptographic algorithm, blockchain system, and Secure Sockets Layer (SSL) meets Chinese national and industry standards.