IEEE Access (Jan 2024)

Ephemeral Secret Leakage-Free ID-Role-Based Access Control Authentication and Key Exchange Protocol for Securing Electric Vehicle Data

  • Amang Sudarsono,
  • Rahardhita Widyatra Sudibyo,
  • Idris Winarno,
  • Mike Yuliana

DOI
https://doi.org/10.1109/ACCESS.2024.3450903
Journal volume & issue
Vol. 12
pp. 120961 – 120978

Abstract

Read online

Role-based Access Control (RBAC) promises an efficient authorization management system in accessing resources including electric vehicle (EV) data stored in the cloud server. In this EV data security implementation, access control has to be strong and efficient with respect to EV user authentication information, thus access control mechanism mandatorily relies on authentication as the system access prerequisite. In this work, identity-based cryptography (IBC) is incorporated with RBAC to invent an EV user role-based access control immersed in his/her identity as an internal EV user’s authentication and key exchange. Contribution to our work is in a simple way involving only the EV user’s signature to verify simultaneously both important aspects of authentication and authorization. In this case, authentication is carried out based on identity while authorization is activated based on EV user’s role. We formally prove that the proposed protocol satisfies the security requirements of both authentication and authorization outright by verifying EV user’s signature. The evaluation results show that the total computational cost for authentication and key exchange process between EV user and the server is practical enough and it only consumes approximately 800 ms.

Keywords