Electronic payment system will protect the privacy of customers recharging their electric vehicles
Electric vehicles are becoming more popular due to their environmental credentials and relatively low running costs. However, most existing electric vehicles need to be recharged every 100 to 150 kilometers, with each recharge potentially exposing information related to a customer's payment and location. Now, researchers at A*STAR have described a new system that would allow quick and easy money transfers at electric vehicle charging stations, without jeopardizing customer privacy.
"Cybersecurity is an important factor for payment systems, but it is often ignored by users or administrators until the system is being attacked," says researcher Joseph Liu from the A*STAR Institute for Infocomm Research in Singapore. "No one should have their daily habits or behavior traced without their consent."
The recharging of electric vehicles presents unique challenges for privacy, not least because some cars with solar panels are able to sell electricity back to the grid, meaning payments flow in both directions. Without tight security, payment companies or hackers could monitor where and when cars are charged, gaining insight into people's lifestyles that could be exploited for targeted spam marketing.
"Some popular electronic payment systems like credit cards do not provide any privacy, while other systems like prepaid cash cards may not be suitable for large payments, or are not insured against card loss," says Liu. "Cash is anonymous, but requires expensive machines to keep cash stores secure from thieves."
The new system developed by Liu and co-workers is based on an in-car unit that resembles a smartphone or tablet and, along with a range of security benefits, allows two-way anonymous payments for recharging. Users can instantly shut down their accounts and retrieve unused credit. Also, if their car is stolen they can revoke the location privacy to help police trace the car. In the event of a dispute between a user and a supplier, either party can submit the claims to an independent judging authority for investigation.
The researchers tested their system by simulating three different types of attack: a hacker trying to track the transactions of an honest user, a user trying to underpay for services, and a supplier trying to slander an honest user. The system proved robust against all three attacks.