Lightweight Multifactor Authentication and Key Agreement Scheme in Vehicle-to-Grid Networks

Download PDF
Open Webpage

Yangfan Liang, Hong Sun, Xianchao Zhang, Qi Xie, Gao Liu, Zhiquan Liu, Zhiyuan Tan, Yining Liu

Published: 01 Jan 2025, Last Modified: 06 Jan 2026IEEE Transactions on Vehicular TechnologyEveryoneRevisionsCC BY-SA 4.0
Abstract: Vehicle-to-Grid (V2G) networks must exchange sensitive data across open wireless links, yet existing Authentication and Key Agreement (AKA) schemes remain vulnerable to computational overload, single-factor compromise, physical tampering, and de-synchronization. We propose a lightweight multi-factor AKA scheme that overcomes these limitations while matching the tight resource budget of on-board units and Charging Stations (CSs). The design uses only inexpensive primitives, hash, XOR, Physical Unclonable Function (PUF), and fuzzy extractors, so every cryptographic step can be executed on low-end controllers. Four factors (identity, password, biometrics, and PUF entropy) are jointly bound, guaranteeing that impersonation remains infeasible even if an attacker compromises up to $n\!-\!1$ factors. To ensure physical security with modeling resistance, the scheme avoids storing raw PUF responses on the device. Instead, it retains only the challenge and helper data, embedding the extracted secret within non-invertible hash functions. This strategy thwarts state-of-the-art modeling attacks that rely on harvesting large challenge-response datasets, while fuzzy extractors absorb PUF noise and preserve reliability without auxiliary hardware. Synchronization is maintained through a dual-state cache $\lbrace S^{\rm{old}}, S^{\rm{new}}\rbrace$ kept on both Electric Vehicles (EVs) and CSs, so legitimate nodes remain aligned even if an adversary suppresses in-flight messages. Comprehensive security analysis, security verification, and performance evaluation show that the proposed scheme achieves mutual authentication, forward-secure key agreement, password friendliness, conditional anonymity, unlinkability, and resistance to guessing, replay, physical, modeling, and de-synchronization attacks, at a lower computation and communication cost than recent alternatives.