2.1. PUF-based authentication

Physical Unclonable Functions (PUFs) leverage intrinsic micro-physical variations introduced during the integrated circuit manufacturing process to generate unique, non-replicable responses, making them suitable for device authentication and key generation [8]. Compared to conventional key storage methods, PUFs offer inherent advantages in resisting physical attacks and hardware tampering, which has led to their widespread adoption in resource-constrained environments such as Internet of Things (IoT) devices and edge computing nodes. Yang [9] proposed two lightweight bidirectional authentication protocols based on PUFs and multiple trusted authorities. These protocols employ fuzzy extractors to mitigate noise interference in PUF responses and leverage the lightweight computational characteristics of PUFs to reduce both communication and computation overhead. Additionally, the protocols address camouflage attacks by utilizing the unclonable nature of PUFs. Shlomi et al [10] introduced a vehicle-to-vehicle authentication scheme using instantaneous optical responses in conjunction with radio-based key exchanges. These optical signals are non-forwardable and are derived from certified PUF-based devices embedded in the front and rear of vehicles, enhancing the integrity of inter-vehicle communication.

Despite their advantages, PUFs have known limitations. Machine learning has the potential to predict the response to random challenges through modelling [11]. Gebali [12] mentioned in his review that the reliability of PUFs is affected by environmental factors, and response inconsistency is also one of its main limitations. For this reason, Modarres [13] proposed an efficient lightweight authentication protocol based on noisy PUFs, which combines the properties of noisy PUFs as well as conventional PUFs to address the vulnerability of PUFs to environmental noise and machine learning attacks. However, it is difficult to implement their use of the two types of PUFs to authentication scenarios in electric vehicles.

In summary, while PUF-based authentication provides strong hardware-level protection, it lacks adaptability in the face of behavioral dynamics and environmental variability—highlighting the need for complementary authentication modalities.

2.2. Behavior-based authentication for EV charging service

In recent years, some researchers have also investigated how to utilize user charging behavior for authentication through machine learning and anomaly detection techniques. Kern et al. [14] proposed a hybrid intrusion detection system that combines regression-based prediction with anomaly detection to identify potential security threats during EV charging sessions. By incorporating fine-grained behavioral patterns, the system significantly enhances attack detection accuracy. In 2020, Li and Wang [15] developed a machine learning based algorithm to predict EV users’ dwell time and energy consumption. They proposed the Ensemble Predicting Algorithm (EPA), which improves the performance and reduces the prediction error by 11%. Yu et al [16] used introducing travel chains and logistic regression model to identify the factors that significantly influence charging behavior, and built a prediction model for EV charging behavior based on single and multiple significant influencing factors.

Although behavior feature-based authentication technology shows great potential in EV charging systems, its practical application still faces many challenges, as shown by [15] study that user charging habits may change due to daily changes, new charging stations, or vehicle upgrades, necessitating adaptive systems to maintain accuracy, suggesting that behavior-based methods alone may be insufficient for robust identity verification

2.3. Multi-factor authentication schemes

Based on the above studies, it is evident that single-factor authentication schemes possess inherent limitations. Once the single authentication factor is compromised—whether through spoofing, physical tampering, or behavioral mimicry—the entire authentication process becomes susceptible to failure. Moreover, no existing authentication factor offers absolute security under all conditions.

To address these challenges, researchers have explored multi-factor authentication (MFA) approaches that combine multiple identity dimensions to enhance robustness. Sadri [17] proposed a new two-factor authentication protocol for IoV (Internet of Vehicle), which addressed the shortcomings of IoV authentication that is susceptible to attacks such as sensor capture attacks, user traceability attacks, etc. Al Sibahee et al. [18] combined PUF-based identities, random numbers, and user passwords in their two-factor protocol. This scheme was formally verified under the real-or-random (RoR) model, demonstrating provable security. Subran [19] incorporated human biometrics (particularly fingerprint recognition) into their multi-factor authentication framework to prevent identity theft, man-in-the-middle, and brute-force attacks. The experiments validated the robustness of the proposed scheme compared to traditional single-factor methods.

However, multi-factor authentication often has higher security performance than single factor, however, its authentication scheme may be more cumbersome, which poses a great challenge to the resource-constrained charging pile–EV interaction environment. Therefore, a key research objective is how to design lightweight multi-factor authentication protocols that can be efficiently deployed in such constrained settings without compromising security.

2.4. Digital fingerprint–based methods

Digital fingerprint (DF)–based authentication has recently gained increasing attention in the field of identity verification. This technique generates unique and hard-to-forge digital identifiers by integrating intrinsic hardware characteristics and user-specific behavioral features at both the device and user levels. Compared with multi-factor authentication, DF-based techniques offer lightweight alternatives by enabling identity authentication through the comparison of pre-generated digital identifiers, thereby significantly reducing computational overhead.

Among the existing studies on digital fingerprints, Eckersley [20] explored the uniqueness of browser fingerprints and pointed out that they can be used to identify devices, but there is a risk that they can be circumvented by users who change their settings or use a new device. Stylios [21] further extended DF technique by incorporating behavioral features, and proposed a continuous authentication scheme that verifies user identity during device interaction. While this scheme improves both security and user experience compared to static authentication schemes, it still faces challenges due to the dynamic nature of user behavior, which may evolve over time or be imitated by sophisticated attackers. Addressing this issue requires the incorporation of stable hardware features and adaptive update mechanisms that ensure robustness against dynamic user.

2.5. Limitations of existing approaches and design motivation

While existing authentication techniques each offer certain advantages, they also present notable limitations when applied independently. Single-factor methods—whether based on hardware properties or user behavior—remain vulnerable to spoofing, physical tampering, or behavioral mimicry. Moreover, no single authentication modality provides sufficient robustness across diverse and dynamic operating conditions commonly found in charging pile–EV interaction scenarios.Multi-factor authentication (MFA) schemes attempt to address these shortcomings by combining multiple identity factors. Although MFA improves security, it often introduces high computational and communication overhead, making it difficult to implement efficiently on resource-constrained charging devices. Similarly, digital fingerprinting offers a lightweight alternative by encoding device and behavioral features into a unified identifier. However, existing DF-based schemes are typically static and rely heavily on user behavior, which may drift over time or be imitated by adaptive adversaries.

These limitations underscore the need for an authentication framework that is not only secure and lightweight but also adaptable to dynamic physical and behavioral conditions. To this end, we propose a novel authentication scheme that integrates the physical uniqueness of PUFs with the temporal variability of EV charging behavior to construct a multi-modal digital fingerprint. A dynamic fingerprint update mechanism is further introduced to maintain long-term authentication validity in the presence of behavior drift and environmental noise. The scheme is tailored for emerging high-power charging scenarios, such as those based on the ChaoJi charging standard [7]. In such contexts, authentication breaches may threaten not only user safety but also the stability of the power infrastructure.

Overall, the pro-posed approach offers a lightweight, scalable, and secure authentication solution de-signed to meet the unique demands of next-generation charging pile–EV interactions in ultra-fast charging environments.

3.1. Puf-auth: A device-level EV-pile authentication based on hardware PUF challenge-response mode

This subsection proposes Puf-Auth, a device-level authentication module based on a hardware PUF-enabled challenge–response protocol. The goal is to establish a unique and tamper-resistant identity for each EV device by leveraging physical randomness embedded in EV’s Battery Management System (BMS). During the registration phase before authentication, the charging pile’s master control unit sends a randomly generated challenge sequence C to EV, which length is n.

(1)

The EV generates a unique response signal Rref based on the unique physical structure of its BMS system as a unique physical identification of EV, and the process of challenge generation and response is shown on the left side of Fig 2.

Download:

• PNG
  larger image
• TIFF
  original image

Fig 2. The Messages Exchange for Puf-Auth.

https://doi.org/10.1371/journal.pone.0344506.g002

(2)

During real-time authentication, as shown on the right side of Fig 2, the charging pile’s master control unit generates a new random challenge sequence, Ctest, and sends it to EV. Once it receives the challenge, it generates a new response sequence Rtest, and returns it to the pile. The pile compares the real-time response Rtest with the baseline response Rref stored during registration, and derives the authentication result by calculating the similarity between the two responses. The similarity is calculated as follows.

(3)

where δ(x,y) is the bit comparison function:

(4)

Meanwhile, since the PUF response is sensitive to charging environmental factors, a certain response tolerance is set to ensure that legitimate devices can still pass the authentication under natural fluctuations. Then the equation for authentication is defined as follows.

(5)

Where, τ is the set similarity threshold, generally take 0.95, ϵ is the tolerance range, according to the actual situation to adjust.

In addition, the module incorporates several defense mechanisms to resist common attacks targeting Puf-Auth as follows.

1. 1, to prevent replay attacks, random salt values Salt ∈ (0, 1) n are embedded in the challenge sequence to generate extended challenges, ensuring that each challenge is unique and unpredictable.
2. 2, to counter machine learning–based modeling attacks, a dynamic challenge rotation strategy is used to avoid the attacker from building a PUF mathematical model through finite challenge-response pairs. After each authentication, a new challenge is randomly selected from the pre-generated challenge pool.
3. 3, to hinder statistical analysis and increase unpredictability, each response bit has a small probability 𝑝 of being randomly flipped during generation. This lightweight obfuscation mechanism reduces response regularity and increases the difficulty of modeling attacks.

3.2. CB-auth: A user-level EV-pile authentication based on EV charging behavior features

This subsection proposes CB-Auth, an adaptive and dynamic authentication module based on electric vehicle (EV) charging behavior. The module begins by extracting key behavioral features from historical charging data and representing them as a feature vector B, which serves as the behavioral baseline of the EV user. It consists of statistical representations (i.e., frequency, average value, and ratio) of key behavioral attributes across spatio-temporal patterns, charging demand, and interaction dynamics. The values of each of these dimensions can be obtained by aggregating EV’s historical charging data, and the specific feature extraction method is described in Appendix A in S1 File.

(6)

The sliding window technique is used to save the most recent S charging records and update the behavior baseline vector in real time. Let the spatio-temporal features of the EV user during this period be t_j, L_j, the charging demand features be Q_j, fj, and the interaction dynamics features Φ_ratio,j. The current behavioral baseline vector, denoted as B_base, is constructed by aggregating these features across the window. B_base is continuously updated when the sliding window slides forward to ensure adaptability to recent behavioral patterns.

(7)

During the charging process, the charging pile obtains the EV user’s current charging behavior features Btest in real time:

(8)

The degree of behavioral consistency is calculated by finding the probability value of the current behavior in the historical distribution. A low probability indicates a deviation from typical behavioral patterns and may suggest a potential anomaly. To quantify this deviation, the negative logarithm of the probability is introduced as an anomaly score. If the probability of the current behavior x is high, the anomaly score ∆_X takes a small value, and vice versa, ∆_X takes a large value.

Based on the importance of different features, weights ω_X are assigned to each feature to calculate the weighted deviation score ∆:

(9)

Where ω_t + ω_L + ω_Q + ω_f = 1. A larger value of ∆ indicates a higher risk of abnormal behavior. If ∆ is close to 0, it indicates that the current behavior highly matches the historical pattern.

Subsequently, based on the set of historical anomaly scores from the user’s most recent S charging sessions, denoted as {∆₁,∆₂,...,∆_S}, its mean μ_∆ and standard deviation σ_∆ are calculated. The proposed behavior-based authentication does not assume that an EV user’s raw charging behavior features (e.g., time, location, or demand) follow a normal distribution. Each user may exhibit distinct and potentially multi-modal behavior patterns, which constitute the inherent behavioral profile on which authentication is based. The dynamic threshold is defined as τ_∆:

(10)

For each new charging record, μ_∆ and σ_∆ are recalculated to ensure that the thresholds are adapted to the user’s latest behavior patterns. The authentication decision relies on a deviation score that quantifies how far a current charging event departs from the user’s own established behavioral profile. Thresholds are defined relative to the dispersion of this deviation score for each individual user, allowing the authentication process to adapt to different levels of behavioral variability across users. Based on the comparison results of the composite score ∆ and the dynamic threshold τ_∆, different levels of security responses are triggered. If ∆ ≤ 0.3τ_∆, it is regarded as low risk and no additional authentication is required. In the actual data, 0.3 is a good threshold under which almost all attackers’ forged data can be excluded. If 0.3τ_∆ < ∆ ≤ τ_∆, it is regarded as medium risk and triggers a light secondary validation. If ∆ > τ_∆, it means this authentication deviation is beyond 3σ, which is statistically a small probability event. The behavior data of normal users almost never appear, so it is treated as high risk. Immediately block the charging request, force the PUF hardware to re-authenticate, and trigger the digital fingerprint update process.

Non-parametric approaches such as percentile- or IQR-based thresholds were not adopted because they inherently label a fixed proportion of observations as anomalous, even when all behaviors remain close to the user’s typical pattern. In contrast, the proposed variance-adaptive thresholding strategy permits all observations to be treated as low risk when user behavior is stable, which better aligns.

3.3. PufCB-auth: A multi-factor EV-pile authentication based on digital fingerprint integrated PUF with charging behavior features

Building upon the two-factor authentication integrated PUF responses with user charging behavior features, this subsection proposes a unified digital fingerprinting scheme, referred to as PufCB-Auth. This scheme supports rapid, lightweight authentication and is well-suited for resource-constrained EV-pile interaction environments, while also providing adaptability to physical and behavioral dynamics.

The digital fingerprint is generated by the baseline integration of PUF physical features and user charging behavior features. Firstly, the recent S historical PUF responses are statistically analyzed, and the mean value of the PUF responses, Ravg, is computed as the physical features of the PUF module of the on-board battery:

(11)

The trusted hardware identifier DPUF is generated by hashing the average of recent S PUF responses R_avg, as follows:

(12)

Based on the sliding window technique, the EV user’s spatio-temporal features are extracted from the most recent S charging records as in Eq. (7) to form the current behavior baseline vector B. The unique fingerprint df is generated by concatenating the PUF-derived identifier DPUF with the behavioral baseline Bbase and then hashing the combined vector as follows.

(13)

3.4. Enhanced PufCB-auth based on continuous digital fingerprint update

In order to avoid the digital fingerprint to be invalidated due to changes in hardware and behavior features, we propose an enhanced version of PufCB-Auth through a continuous digital fingerprint update mechanism triggered by the following three conditions.

Time update condition: mandatory update every fixed period T (e.g., 30 days).

Anomaly detection update condition: deviation score ∆ exceeds the threshold τ_∆, or the system detects a high-frequency alarm.

PUF response drift update condition: the PUF response similarity decreases less than the threshold value due to environmental disturbances.

When the respective update condition is triggered, the system generates a new fingerprint and replaces the old one according to the following steps:

At the hardware layer, the system counts the most recent S PUF responses and computes the statistical mean value of the new PUF response, R_{avg_new}, as the updated physical characteristic of the device, to generate the new identification D_PUF-new and update the behavior baseline B_new from the most recent S charging records

Compute the new PUF identifier with the updated behavior baseline and hash to get the new digital fingerprint:

(14)

To prevent data leakage or tampering, the system uses symmetric encryption to protect the new fingerprint and replace the old fingerprint, and subsequently record the update event in the security log to achieve traceability and non-tampering.

To prevent update poisoning and denial-of-service (DoS) attacks, the proposed fingerprint update mechanism is designed with strict admission and rate-control policies. For behavior-based authentication, newly observed high-risk charging behaviors do not directly trigger profile updates. Only historical charging records that have previously passed authentication are eligible for inclusion in the update dataset, while high-risk observations are used exclusively for risk assessment. This design prevents adversarial or abnormal behavior from contaminating the behavior profile, even under repeated attack attempts.

To accommodate legitimate long-term behavior evolution, profile updates are rate-limited and executed only at controlled frequencies. When update triggers occur excessively, the system escalates to an auxiliary verification stage requiring explicit user confirmation. If verification fails, the authentication process is locked and no update is performed; only after successful confirmation are corresponding records admitted into the update dataset.

For hardware-derived identity factors, such as analog PUF responses, physical characteristics are expected to evolve gradually due to aging or environmental variation. Accordingly, physical feature updates are performed conservatively using only recent authentication-passed records. If significant deviation persists even after incorporating recent legitimate data, the system interprets this as evidence of device replacement or impersonation rather than benign drift, and the device is rejected instead of being adaptively accommodated.

4.1. Evaluation setup

The experimental evaluation is conducted on a controlled simulation and emulation platform designed to reproduce electric vehicle charging and authentication scenarios. Hardware-level identity information is emulated using simulated PUF responses derived from heterogeneous physical channels, following the PUF construction and noise modeling described in Section 3 and Appendix B in S1 File. In our target deployment, the “PUF factor” is instantiated from inherent, device-specific micro-variations of the EV Battery Management System (BMS), which provide challenge–response style uniqueness similar to PUF behavior. Rather than assuming a specific conventional silicon PUF primitive (e.g., SRAM PUF or ring oscillator PUF), we model this factor as a BMS-derived PUF-like hardware fingerprint. This implementation is intended to evaluate the authentication framework and its robustness to noise/drift, rather than to benchmark a particular silicon PUF circuit. The proposed framework is compatible with standard PUF primitives if available in a production BMS/ECU.

Charging behavior data are synthetically generated to simulate long-term user charging patterns under different usage habits and environmental conditions. Behavioral features are extracted from generated charging sessions and evaluated in a continuous authentication setting, where authentication decisions are made throughout the charging process rather than at a single handshake. This unified experimental framework allows systematic evaluation of hardware-based authentication, behavior-based authentication, and their combination under identical conditions.

Two representative lightweight authentication approaches are selected as external baselines for comparison. The first baseline is a PUF-based authentication scheme designed for Internet of Vehicles environments, which relies exclusively on hardware-level challenge–response behavior to establish device identity. This type of scheme represents PUF-only authentication paradigms that emphasize unclonability and low computational overhead but do not account for user behavior dynamics or long-term interaction patterns.

The second baseline is a behavior-driven authentication scheme (L2AI), which performs authentication by modeling charging behavior characteristics and detecting deviations from learned behavior profiles. This approach focuses on identifying abnormal or malicious behavior without incorporating hardware-derived identity information. Together, these two baselines represent hardware-centric and behavior-centric authentication paradigms, respectively, and serve as references for evaluating the security coverage and robustness of different design choices.

4.2. Comparison with state-of-the-art lightweight authentication schemes

This section compares the proposed scheme with representative state-of-the-art lightweight authentication schemes from the literature. The comparison focuses on efficiency-related metrics and security capability coverage, as defined in Section 4.3.

Specifically, we first introduce a unified adversary model and security evaluation methodology to ensure that different schemes are assessed under comparable assumptions. We then compare communication, computational, and storage overheads to evaluate deployment feasibility on constrained devices. Finally, security performance is analyzed through a detailed comparison of attack resistance and adversarial capability requirements, with particular attention to long-term impersonation and behavior mimicry threats that are not fully addressed by conventional one-time authentication schemes.By structuring the comparison in this manner, this section aims to provide a fair, transparent, and reproducible assessment of how different lightweight authentication designs balance security coverage and implementation efficiency, while explicitly avoiding misleading conclusions drawn from incompatible evaluation metrics.

4.2.2. Security analysis and attack coverage comparison.

Based on the unified threat model defined in Section 5.4.1, this subsection analyzes how different authentication schemes respond to representative attack behaviors that naturally arise under the assumed adversarial capabilities (C1–C5). For each attack category, we first explain why the attack is feasible under the threat model, and then examine the protection mechanisms and limitations of each scheme.

1. 1) Replay attacks: Under capability C1, the adversary can eavesdrop and record authentication messages exchanged over the public channel, making replay attacks a fundamental threat in open charging environments. The PUF-MAP scheme mitigates replay attacks by binding authentication tokens to fresh challenges and nonces, ensuring that previously observed responses cannot be reused in a different session. Similarly, L2AI employs timestamps and random numbers in its authentication messages, which invalidate replayed messages outside their validity window. The proposed PufCB-Auth scheme inherits this protection by using session-specific PUF challenges and freshness parameters. Therefore, simple replay of recorded messages is insufficient to pass authentication in all considered schemes.
2. 2) MITM attacks: MITM attacks also stem from the network control capability (C1), where the adversary attempts to intercept and manipulate messages during authentication. In the PUF-MAP scheme, MITM resistance is achieved by cryptographically binding authentication messages to unpredictable PUF challenge–response pairs, preventing an adversary from modifying messages without invalidating verification. L2AI similarly relies on one-way hash computations and shared secrets to ensure message integrity during authentication exchanges. PufCB-Auth provides equivalent session-level protection against MITM attacks. In addition, because authentication decisions depend on both hardware-derived PUF responses and behavior-derived fingerprints, message manipulation alone cannot enable sustained authentication unless the adversary also satisfies the independent identity factors.
3. 3) Impersonation Attacks: Impersonation attacks arise from capability C2, where the adversary attempts to masquerade as a legitimate EV or charging pile. In PUF-MAP schemes, successful impersonation requires the adversary to accurately reproduce or model the target device’s PUF responses. As long as the PUF remains unclonable and secret, impersonation is considered infeasible. In L2AI, impersonation resistance is primarily based on protecting credentials and biometric-related information. Once these factors are compromised, the scheme does not introduce additional independent barriers to prevent impersonation. In contrast, PufCB-Auth increases the impersonation threshold by requiring both correct PUF behavior and consistency in long-term charging behavior. Even if one factor is compromised, impersonation cannot be sustained without simultaneously satisfying the other, independent factor.
4. 4) Partial device capture: Under capability C3, the adversary may extract partial information from a compromised device, such as stored parameters, helper data, or transient authentication states, without fully controlling the device or replicating its physical characteristics. In PUF-MAP schemes, the impact of partial device capture depends on the scope of leaked information. Although secret keys are not explicitly stored, auxiliary data and protocol states may still be exposed, which can reduce the security margin and facilitate repeated authentication attempts under certain conditions. In L2AI, authentication relies on stored credentials and biohash-related parameters. Once such information is partially leaked, a single compromised factor may be sufficient to enable impersonation, as no independent hardware-rooted identity is required. In contrast, PufCB-Auth mitigates partial device capture by eliminating single points of failure. Even if stored behavior-related parameters are exposed, successful authentication still requires uncontaminated PUF responses and sustained behavior consistency, which cannot be reproduced solely from leaked data. As a result, the scheme provides stronger resilience against partial device compromise.
5. 5) Behavior mimicry and long-term masquerading: Capability C4 enables the adversary to observe and manipulate long-term charging behavior, leading to behavior mimicry and long-term masquerading attacks.Neither PUF-MAP schemes nor L2AI explicitly address behavior mimicry, as authentication is completed during session initiation and does not consider post-authentication behavior. Consequently, once initial authentication is passed, these schemes do not detect sustained masquerading attempts. PufCB-Auth explicitly targets this threat by introducing continuous authentication throughout the charging process. By periodically validating behavior consistency in conjunction with hardware identity, the scheme limits the adversary’s ability to maintain long-term masquerade through short-term imitation or injected records.
6. 6) Privacy leakage: Under capabilities C1 and C4, adversaries may infer sensitive information by observing authentication messages or behavior-related data. PUF-MAP schemes typically transmit identity-related tokens and challenge–response information, which may enable limited inference if identifiers are reused. L2AI employs pseudo-identities but may still expose behavioral or contextual attributes during authorization. PufCB-Auth reduces privacy leakage by transmitting only compact, non-invertible behavior descriptors and pseudonymous identifiers, rather than raw charging trajectories or precise location data, thereby limiting information exposure under passive observation.

Table 1 summarizes the resistance of the considered schemes to representative attack categories under the unified threat model.

Download:

• PNG
  larger image
• TIFF
  original image

Table 1. Summary of Security Analysis and Attack Coverage Comparison.

https://doi.org/10.1371/journal.pone.0344506.t001

4.3. Efficiency analysis and overhead comparison

This section compares the proposed PufCB-Auth scheme with L2AI and PUF-MAP, in terms of communication overhead and computational cost. The comparison focuses on the authentication phase, which is the most time-critical stage in real-time EV charging scenarios.

4.3.1. Communication overhead.

Communication overhead is evaluated by the number of message exchanges and the total transmitted data size during one authentication session.

PufCB-Auth adopts a lightweight PUF-based challenge–response mechanism and performs behavior authentication locally, requiring only two message rounds (challenge and response). PUF-MAP involves interactions among vehicle, RSU, and branch TA, resulting in three to four communication rounds. L2AI requires user–gateway–server–blockchain interactions, leading to at least four rounds, sometimes more due to authorization token validation. Let:

1. ∣C∣denote the PUF challenge length (128 bits),
2. ∣R∣denote the PUF response length (128 bits),
3. ∣H∣denote a hash output (160 bits).

Based on the protocol descriptions:

PufCB-Auth transmits only ∣C∣ + ∣R∣ = 256 bits per session. PUF-MAP additionally transmits helper data, identities, and hash values, totaling approximately 640–768 bits. L2AI exchanges multiple hashes, Biohash outputs, authorization tokens, and blockchain indices, resulting in more than 1,000 bits per authentication session.

As shown in Table 2, PufCB-Auth reduces communication overhead by 60–75% compared with L2AI, which is critical for ultra-fast ChaoJi charging scenarios where authentication latency directly affects system safety and efficiency.

Download:

• PNG
  larger image
• TIFF
  original image

Table 2. Communication overhead comparison.

https://doi.org/10.1371/journal.pone.0344506.t002

4.3.2. Computational overhead.

Computational cost is evaluated using the number of cryptographic and lightweight operations executed during authentication. Following common practice, the cost is expressed as the number of basic operations:

1. T_h: one-way hash
2. T_xor: XOR operation
3. T_PUF: PUF response generation
4. T_FE: fuzzy extractor operation
5. T_BC: blockchain-related processing

Based on protocol workflows, PufCB-Auth requires 1 × T_PUF, 1 × hamming distance computation and lightweight probability and weighted-sum calculation; PUF-MAP requires 1 × T_PUF, 1 × T_FE, 3 or 4 × T_h, and multiple XOR operations; L2AI requires: 6–8 × T_h, biohash computation, token generation and verification, and blockchain read/write operations. Table 3 shows the comparison of the computing overhead of the three protocols.

Download:

• PNG
  larger image
• TIFF
  original image

Table 3. Computational overhead comparison.

https://doi.org/10.1371/journal.pone.0344506.t003

PufCB-Auth avoids all heavy cryptographic primitives and centralized processing, achieving the lowest computational complexity among the three schemes.

4.3.3. Storage overhead.

This subsection evaluates the storage requirements of PufCB-Auth, L2AI, and PUF-MAP by analyzing the long-term security parameters stored at participating entities.

Following common practice, only persistent parameters required for authentication are considered, while ephemeral session variables are excluded. The storage cost is measured in bits and includes: identity-related parameters, cryptographic keys or helper data, authentication tokens or indices. Let:

1. ∣ID∣ = 128 bits,
2. ∣H∣ = 160 bits (hash output),
3. ∣K∣ = 128 bits (key or PUF response),
4. ∣P∣ = 128 bits (helper data).

PufCB-Auth should store PUF hardware and sliding window behavior statistics on EV side, store reference PUF response R_ref(128bits) and behavior fingerprint template on charging pile side. Total persistent storage per EV–pile pair is approximately: S_PufCB−Auth ≈ 128 + 128 = 256 bits; PUF-MAP should store helper data for fuzzy extractor (PPP, 128 bits), identity and hash-related parameters on vehicle side, store vehicle ID, PUF-derived key, hash values and authentication records on RSU/ TA side, The total storage requirement per vehicle is approximately: S_PUF-MAP ≈ | ID | + | K | + | P | + | H | = 128 + 128 + 128 + 160 = 544 bits. L2AI should store pseudo-identity, biohash output, authorization token, Hash-derived secret values on user device/ smart card, store access control records, token indices, user authentication metadata on server/ blockchain. The total storage requirement per user is at least: S_L2AI≥3 | H | + | Biohash | + | Token | ≈ 3 × 160 + 128 + 128 = 736 bits. In practice, the blockchain-related metadata further increases the storage overhead.

As shown in Table 4, PufCB-Auth reduces storage overhead by ≈53% compared with PUF-MAP and by ≈65% compared with L2AI, making it more suitable for embedded EV and charging pile devices with limited memory resources.

Download:

• PNG
  larger image
• TIFF
  original image

Table 4. Storage overhead comparison.

https://doi.org/10.1371/journal.pone.0344506.t004

4.4. Robustness under noise and behavior drift

This subsection evaluates the robustness of the proposed authentication framework under practical disturbances, including measurement noise and long-term behavior drift. The purpose of this evaluation is to assess the stability and usability of authentication decisions in realistic operating environments, rather than to demonstrate cryptographic security properties.

4.4.1. Ablation experiment.

This section introduces how to conduct ablation experiments of PUF-Auth and CB-Auth.

To simulate real-world deployment conditions, we construct a hardware prototype that emulates the BMS (Battery Management System) of an EV as described in section 4.1. To test the resistance of PUF features against hardware-level cloning, one Device Under Test (DUT) and five cloned devices—constructed using identical hardware models and components—were used as the experimental setup. The response similarity distributions across all devices are shown in Fig 3. Most of the cloned devices produced responses with similarities ranging from 105/128–116/128 while And the similarity of PUF response keys tested by DUT equipment is 122/128 or above, so we set 0.95 as the authentication pass criteria for each test.

Download:

• PNG
  larger image
• TIFF
  original image

Fig 3. Statistical Result of Frequency Disbution of Key Similarity for Similar Device Simulation.

https://doi.org/10.1371/journal.pone.0344506.g003

For PUF-Auth, the authentication pass rate was tested under normal environment, temperature fluctuation (−20°C ~ 60°C) and voltage perturbation (±5%) and vibration interference respectively, used the DUT. Each perturbation type was tested 200 times, respectively and 0.95 is token as the authentication threshold.

For CB-Auth, we set S = 100 for the parameter to systematically define the behavioral baseline window, which is a relatively appropriate amount of data in the actual operation data. It is enough to summarize the behavior and habits of users in the recent one to three months, and can be adjusted appropriately for different user groups. It is a suitable amount of data in actual operational data which is sufficient to summarize the user’s behavior habits in the past one to three months and can be adjusted for different user groups. The uniform standard is used for each EV user’s behavior score to ensure consistent evaluation. The scoring is defined as follows.

(15)

The expriment simulates the following four representative attack types, i.e., Attack 1-Power theft attack, cterized by abnormally high charging frequency and random geographic location jumps; Attack 2-Battery replacement attack, indicated by a mismatch between reported battery characteristics (e.g., charging power) and usual charging locations; Attack 3-Location forgery attack, characterized by static GPS coordinates lacking typical random offsets; Attack 4-Abnormal interruption attack, identified by a significantly increased frequency of session terminations compared to historical user behavior. For evaluation, 200 normal charging records were generated for each of five EV users under consistent parameter settings. In addition, 50 attack samples per attack type (totaling 200 attack samples) were randomly mixed into the EV users’ normal data, resulting in 240 records per user (200 normal + 40 attack samples). We passed the certification for low-risk data, but refused to pass the certification for high-risk data. Medium risk data needs to be further judged in combination with the user’s recent data change trend.

4.4.2. PufCB-Auth’s authentication performance comparison with single-factor Schemes’.

To verify the effectiveness of our multi-factor fusion authentication scheme (i.e., PufCB-Auth), this experiment compares its performance against two single-factor baselines, i.e.,PUF-only (Puf-Auth) and behavior-only (CB-Auth) authentication. The goal is to evaluate whether combining hardware-level identity and behavior-based anomaly detection offers measurable advantages in terms of accuracy, robustness, and adaptability, especially under environmental interference and behavioral deviations.

To perform the comparison, we simulate five distinct users, and each assigned a unique combination of a PUF hardware profile and a charging behavior model. For each user, 300 normal charging samples are generated under the premise of unchanged parameters and 200 attack samples (distributed across four typical attack types). In parallel, the three authentication schemes (i.e., PufCB-Auth, Puf-Auth and CB-Auth) are tested under both standard and disturbed environments (e.g., temperature and voltage variations). The digital fingerprint is generated follow the method described in Section 3.3. The authentication succeeds if the fingerprint matches the expected value within a defined tolerance.

Tables 5 and 6 have shown the performance results across the three schemes. Under normal environmental conditions, Puf-Auth maintains nearly 100% user acceptance, but it lacks the capability to detect behavioral anomalies. Conversely, CB-Auth shows good attack detection performance (>90%) but is subject to user-dependent variation, for example, for “simulated user C”, its authentication performance is significantly lower than that of other individuals. PufCB-Auth achieves a balanced trade-off, with authentication pass rates above 97% and attack detection rates exceeding 93% across all users. This demonstrates that fusing PUF and behavior features not only enhances detection coverage but also mitigates the individual limitations of each single-factor method.

Download:

• PNG
  larger image
• TIFF
  original image

Table 5. Authentication Performance Comparison Between Single-Factor and Multi-Factor Schemes under Normal Environment.

https://doi.org/10.1371/journal.pone.0344506.t005

Download:

• PNG
  larger image
• TIFF
  original image

Table 6. Authentication Performance Comparison Between Single-Factor and Multi-Factor Schemes under Disturbed Environment.

https://doi.org/10.1371/journal.pone.0344506.t006

Under disturbed environments, the performance gap becomes more pronounced: Puf-Auth suffers a significant drop in user acceptance due to environmental sensitivity, while CB-Auth maintain relatively stable performance but are constrained by limited generalization. In contrast, PufCB-Auth consistently maintains high performance by leveraging the complementary strengths of both feature types.

4.4.3. Enhanced PufCB-Auth’s performance comparison with single-factor schemes and PufCB-auth before feature update.

This section evaluates the performance gain achieved through Enhanced PufCB-Auth, which is designed to ensure the long-term validity and adaptability of the digital fingerprint as device states and user behaviors evolve.

The digital fingerprint is updated according to the conditions described in Section 3.4. Once meeting the update conditions, the updated features is used to re-authenticate. If the authentication still fails through the updated features, then it is judged as abnormal behavior. To assess the effectiveness of this update mechanism, the test conditions is the same as in Section 4.6.2, but this time compare authentication results before and after performing the feature update. The same five users, 300 normal samples, and 200 attack samples per user are used in both normal and disturbed environments, and the test results are shown in Table 7 and Table 8.

Download:

• PNG
  larger image
• TIFF
  original image

Table 7. Authentication Performance Before and After Feature Update in Normal Environment.

https://doi.org/10.1371/journal.pone.0344506.t007

Download:

• PNG
  larger image
• TIFF
  original image

Table 8. Authentication Performance Before and After Feature Update in disturbed environment.

https://doi.org/10.1371/journal.pone.0344506.t008

The experimental results demonstrate that the feature update mechanism significantly improves the performance of three schemes, where PufCB-Auth has shown the most consistent and balanced gains. As shown in Table 6, under stable environmental conditions, PufCB-Auth achieves user adoption rates between 97.3% and 100%, and attack detection rates ranging from 91.5% to 96.5% across all five simulated users.

Under disturbed environments, as presented in Table 8, the advantages of the update mechanism become even more pronounced. PufCB-Auth maintains consistently high user adoption rates ranging from 97.0% to 99.3%, along with strong attack detection performance between 91.5% and 96.5%, despite the presence of temperature and voltage fluctuations. In contrast, although Puf-Auth recovers high pass rates through reference profile updates, it cannot still detect behavioral anomalies. Likewise, CB-Auth benefits from behavior model recalibration but still shows sensitivity to individual user variability.

The findings confirm that the feature update mechanism is essential not only for preserving long-term effectiveness but also for enhancing the robustness and adaptability of the PUF-based authentication schemes. In essence, the update mechanism enables continuous identity verification over time and effectively addresses gradual shifts in user behavior and PUF drift.