With the rapid adoption of electric vehicles, the number of EV charging stations has increased significantly. As of recent data, there are millions of charging points globally, handling vast amounts of data during operation. These EV charging stations, as Internet of Things (IoT) devices, transmit critical information such as user authentication, payment details, and energy consumption data. However, this data transmission is vulnerable to malicious attacks and leakage, posing risks to user privacy and system integrity. Given that EV charging stations often rely on embedded systems with limited computational resources and memory, traditional encryption methods like standard AES (Advanced Encryption Standard) or 3DES (Triple Data Encryption Standard) may not be efficient due to their high resource demands. To address this, we propose a lightweight AES algorithm tailored for EV charging station data encryption, focusing on reducing memory usage and improving encryption speed while maintaining security.
In this study, we enhance the standard AES-128 algorithm, which processes data in 128-bit blocks over 10 rounds, by optimizing two key stages: byte substitution and mix columns. For byte substitution, we introduce a simplified S-box that reduces storage requirements from 512 bytes to just 16 bytes, making it more suitable for resource-constrained EV charging station environments. In the mix columns stage, we employ lookup tables and simplified functions to minimize complex arithmetic operations in the Galois field, thereby accelerating encryption. Additionally, to bolster security, we integrate a Logistic chaotic map for key generation, which produces highly random and unpredictable keys, mitigating the risk of brute-force attacks that could compromise fixed keys in EV charging station systems. Our experiments conducted on actual EV charging station hardware demonstrate that the improved lightweight AES algorithm outperforms standard AES and 3DES in terms of encryption time, memory consumption, and security metrics like avalanche effect and balance standard.
The fundamental principles of our approach build upon the AES algorithm, a symmetric encryption standard chosen for its simplicity and robustness. AES operates on 128-bit data blocks, with key lengths of 128, 192, or 256 bits, corresponding to 10, 12, or 14 rounds of processing, respectively. For EV charging station applications, we focus on the 128-bit key version with 10 rounds, as it strikes a balance between security and efficiency. Each round in AES consists of four stages: byte substitution, shift rows, mix columns, and add round key, except for the final round which omits the mix columns stage. The input data is arranged in a 4×4 matrix, and each transformation is applied to this state matrix. For instance, in byte substitution, each byte in the matrix is replaced using an S-box, which is a predefined substitution table. The standard S-box is a 256-byte array that maps each possible byte value to a new value through a nonlinear transformation, enhancing confusion in the cipher. However, this large S-box can be burdensome for EV charging station devices with limited memory.
To illustrate the byte substitution process, consider a byte value in the state matrix, represented in hexadecimal. For example, a byte ‘0x8e’ would be split into its high and low nibbles (8 and e), and the S-box would output a new value based on these indices. In the standard AES, this involves a 256-byte S-box for encryption and another for decryption, totaling 512 bytes of storage. In our lightweight version, we reduce this to a single 16-byte S-box that uses a linear descending sequence from 0xf to 0x0, as shown in Table 1. This simplification significantly cuts memory usage while maintaining adequate security for EV charging station data.
| Index | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | a | b | c | d | e | f |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Value | f | e | d | c | b | a | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
In the shift rows stage, the rows of the state matrix are rotated left by 0, 1, 2, and 3 positions for rows 0 to 3, respectively. This adds diffusion to the cipher. For the mix columns stage, which is computationally intensive, we optimize it by using a lookup table for multiplication in the Galois field GF(2^8). The standard mix columns operation involves matrix multiplication where each column of the state matrix is transformed using a fixed matrix. The transformation for a column j can be represented as:
$$
\begin{aligned}
s_{0,j}’ &= (2 \cdot s_{0,j}) \oplus (3 \cdot s_{1,j}) \oplus s_{2,j} \oplus s_{3,j} \\
s_{1,j}’ &= s_{0,j} \oplus (2 \cdot s_{1,j}) \oplus (3 \cdot s_{2,j}) \oplus s_{3,j} \\
s_{2,j}’ &= s_{0,j} \oplus s_{1,j} \oplus (2 \cdot s_{2,j}) \oplus (3 \cdot s_{3,j}) \\
s_{3,j}’ &= (3 \cdot s_{0,j}) \oplus s_{1,j} \oplus s_{2,j} \oplus (2 \cdot s_{3,j})
\end{aligned}
$$
Here, the multiplication is performed in GF(2^8), which typically requires complex arithmetic. In our lightweight approach, we precompute a 256-byte lookup table for multiplication by 2 in GF(2^8), and then derive other multiplications (e.g., by 3, 9, 11, 13, 14) through combinations of table lookups and XOR operations. For example, multiplication by 3 can be implemented as (2 · value) ⊕ value, using the lookup table. This reduces the computational overhead and speeds up the process for EV charging station systems, where efficiency is critical.
For key generation, we employ a Logistic chaotic map to enhance security. The Logistic map is a nonlinear dynamic system defined by the equation:
$$ X_{n+1} = r \cdot X_n \cdot (1 – X_n) $$
where \( r \) is the control parameter and \( X_n \) is the value at iteration n. For chaotic behavior, \( r \) is set between 3.57 and 4.00, and \( X_n \) is in the range (0,1). We use the current system time as a seed to initialize random values for \( X_0 \) and \( r \), then iterate the map 100 times to eliminate transient effects. Subsequent iterations generate a chaotic sequence, from which we extract a 16-byte key by trimming the sequence to ensure each byte falls between 0 and 255. This method produces keys with high randomness, making them resistant to prediction and suitable for securing data in EV charging station communications.
To evaluate our improved lightweight AES algorithm, we conducted experiments on an EV charging station equipped with an embedded processor. We encrypted operational data transmitted to the cloud platform and measured performance metrics including encryption time, memory consumption, and security attributes like avalanche effect and balance standard. For comparison, we also tested standard AES and 3DES algorithms under the same conditions. The input data sizes varied from 10 to 512 bytes, representing typical payloads in EV charging station scenarios.
Encryption time was measured by executing each algorithm 100 times for each data size and calculating the average time. The results, summarized in Table 2, show that our lightweight AES consistently outperforms the others. For instance, with 512-byte data, lightweight AES took 622 ms, compared to 863 ms for standard AES and 959 ms for 3DES. This represents a 25.19% improvement over standard AES and a 36.92% improvement over 3DES, highlighting the efficiency gains from our optimizations. The reduced complexity in byte substitution and mix columns stages allows for faster processing, which is essential for real-time data encryption in EV charging stations.
| Data Size (Bytes) | Lightweight AES (ms) | Standard AES (ms) | 3DES (ms) |
|---|---|---|---|
| 10 | 162 | 201 | 254 |
| 32 | 195 | 258 | 308 |
| 64 | 224 | 296 | 345 |
| 128 | 276 | 382 | 467 |
| 256 | 433 | 600 | 693 |
| 512 | 622 | 863 | 959 |
Memory consumption was assessed by compiling the algorithms in C using Keil5 with identical optimization levels. We recorded the program memory (code size) and dynamic memory (runtime usage). As shown in Table 3, lightweight AES requires only 5860 bytes of program memory, which is 24.24% less than standard AES (7735 bytes) and 29.61% less than 3DES (8325 bytes). Similarly, dynamic memory usage is 524 bytes for lightweight AES, representing reductions of 54.83% and 56.59% compared to standard AES (1160 bytes) and 3DES (1207 bytes), respectively. These savings are achieved through the simplified S-box and efficient mix columns implementation, making the algorithm more adaptable to the constrained environments of EV charging stations.
| Algorithm | Program Memory (Bytes) | Dynamic Memory (Bytes) |
|---|---|---|
| Lightweight AES | 5860 | 524 |
| Standard AES | 7735 | 1160 |
| 3DES | 8325 | 1207 |
Security analysis focused on the avalanche effect and balance standard, which are critical for assessing encryption strength. The avalanche effect measures how small changes in the input or key lead to significant changes in the output. We tested this by encrypting 256-byte data with keys having Hamming distances from 1 to 5, performing 500 trials for each distance. The average avalanche effect, calculated as the ratio of changed bits to total bits, was 0.516 for lightweight AES, compared to 0.504 for standard AES and 0.496 for 3DES (Table 4). This indicates that lightweight AES provides better diffusion, enhancing security for EV charging station data against differential attacks.
| Algorithm | Total Bits | Changed Bits | Avalanche Effect |
|---|---|---|---|
| Lightweight AES | 256 | 132 | 0.516 |
| Standard AES | 256 | 129 | 0.504 |
| 3DES | 256 | 127 | 0.496 |
The balance standard evaluates the distribution of 0s and 1s in the ciphertext, which should be nearly equal to prevent statistical attacks. We encrypted 500 sets of 128-byte (1024-bit) data and computed the average proportions of 0s and 1s. As presented in Table 5, lightweight AES achieved a distribution of 48.44% 0s and 51.56% 1s, showing a smaller disparity than standard AES (47.66% 0s, 52.34% 1s) and 3DES (47.07% 0s, 52.93% 1s). This balanced output confirms the robustness of our S-box design and its suitability for EV charging station encryption, where data integrity is paramount.
| Algorithm | Percentage of 0s | Percentage of 1s |
|---|---|---|
| Lightweight AES | 48.44% | 51.56% |
| Standard AES | 47.66% | 52.34% |
| 3DES | 47.07% | 52.93% |
Furthermore, we tested the randomness of keys generated using the Logistic chaotic map against those from a software-based pseudorandom number generator (PRNG) commonly used in embedded systems like EV charging stations. Using the dieharder test suite in Python, we performed 500 trials for various statistical tests. The chaotic keys passed all tests, including frequency test, runs test, and linear complexity test, whereas the PRNG keys failed in frequency, runs, and linear complexity tests due to biases in bit distribution. This underscores the superiority of chaotic keys in providing unpredictable and secure encryption for EV charging station applications, reducing the risk of key compromise in resource-limited settings.
In conclusion, our improved lightweight AES algorithm demonstrates significant advantages for EV charging station data encryption. By optimizing the byte substitution and mix columns stages, we reduce encryption time and memory consumption while maintaining high security levels. The integration of Logistic chaotic mapping for key generation enhances randomness and resistance to attacks. Experimental results confirm that lightweight AES is well-suited for the computational constraints of EV charging stations, offering faster encryption, lower resource usage, and robust security properties. Future work could explore further optimizations for even more resource-constrained environments or integrate additional chaotic maps for enhanced key management. This approach ensures that EV charging stations can securely handle data transmission, supporting the growing infrastructure for electric vehicles.