Dynamic Wireless Power Transfer (DWPT) can be used for on-demand recharging of Electric Vehicles (EV) while driving. However, DWPT raises numerous security and privacy concerns. Recently, researchers demonstrated that DWPT systems are vulnerable to adversarial attacks. In an EV charging scenario, an attacker can prevent the authorized customer from charging, obtain a free charge by billing a victim user and track a target vehicle. State-of-the-art authentication schemes relying on centralized solutions are either vulnerable to various attacks or have high computational complexity, making them unsuitable for a dynamic scenario. In this paper, we propose Quick Electric Vehicle SEcure Charging (QEVSEC), a novel, secure, and efficient authentication protocol for the dynamic charging of EVs. Our idea for QEVSEC originates from multiple vulnerabilities we found in the state-of-the-art protocol that allows tracking of user activity and is susceptible to replay attacks. Based on these observations, the proposed protocol solves these issues and achieves lower computational complexity by using only primitive cryptographic operations in a very short message exchange. QEVSEC provides scalability and a reduced cost in each iteration, thus lowering the impact on the power needed from the grid.

翻译：动态无线电力传输（DWPT）可用于电动汽车行驶过程中的按需充电，但其引发了诸多安全与隐私问题。近期研究表明，DWPT系统易受对抗性攻击。在电动汽车充电场景中，攻击者可能阻止授权用户充电、通过将费用计入受害者账户实现免费充电，或追踪目标车辆。现有依赖中心化解决方案的认证协议，要么易受多种攻击，要么计算复杂度较高，难以适用于动态场景。本文提出一种面向电动汽车动态充电的新型安全高效认证协议——快速电动汽车安全充电协议（QEVSEC）。QEVSEC的设计灵感源于我们发现现有先进协议中存在允许用户活动追踪且易受重放攻击的多重漏洞。基于上述观察，所提协议通过极短消息交换中仅使用原始密码学操作，解决了上述问题并降低了计算复杂度。QEVSEC在每次迭代中均具备可扩展性与低成本特性，从而减轻了对电网供电需求的冲击。