Regular charging of electric vehicles leaves a data trail which could be exploited by malicious agents, German researchers have said.
When charging an electric vehicle, the user provides a RFID card as proof of identity at the charging station, thus transmitting personal data into the accounting system. If the customer is not anonymous and, at the same time, it is known which charging stations he has been using, this information can be used to create a movement profile.
"Experience has shown that problems that are not identified until late, such as data trails of mobile phone users, are often rooted deeply within a technology’s actual design," said Tilman Frosch, a systems security researcher at the Ruhr-Universität Bochum, Germany. "In new technological areas such as electromobility, it is therefore vital to ensure that data security is incorporated into the design from the outset."
Frosch and his colleagues have proposed a system that would enable concealing the location of the charging stations when the accounting data are forwarded to the electricity supplier. However, simply leaving out this information is not an option. If, for example, a user wants to appeal against his or her invoice in court, certain location-related data, such as metre numbers, are necessary to resolve the issue.
The researchers have proposed using so called group signature schemes which would make it impossible to identify individual charging stations as those would be grouped into clusters with each cluster provided with a digital signature, preventing identification of individual stations. The group signatures would be managed by trusted third parties to ensure no unauthorised individuals gain access to the sensitive data such as the name of the actual charging station that has generated the signature.