In June 2026, LiBat (Togi Teknoloji) presented two studies at the IEEE International Workshop on Metrology for Automotive in Brescia, together with a European research consortium that included the University of Geneva, Graz University of Technology, NXP, Virtual Vehicle Research, HES-SO, George Emil Palade University, Musoshi EV, and AI4SEC [1][2]. Both came out of the same Horizon Europe program, OPEVA (Optimization of Electric Vehicle Autonomy), funded through the KDT JU (now the Chips JU) under grant No 101097267.
The two studies are usually read separately. They make more sense together, because they describe the same device facing the same problem. The battery has become a connected computer, and a connected computer that stores energy and helps drive a car has to do two things well. It must prove that its data is genuine, and it must estimate its own state without depending on a remote server.
These are not separate goals. A state estimate is only as reliable as the measurements behind it, so the system has to verify its data before any model uses it, and the model has to be small enough to run on the pack.
The battery became a computer, and a target
A modern BMS does far more than balance cells and open a contactor on overvoltage. It measures, protects, predicts, runs machine-learning models locally, and speaks several protocols at the same time, including CAN, RS485, RS232, and increasingly optical and near-field links to the vehicle and to service tools [8]. Each of those functions is also a way in.
Integrity matters more than secrecy here. Encryption stops an eavesdropper from reading the bus, but it does nothing against false data injection, where an attacker sends a well-formed but forged measurement. The state estimator cannot tell the difference. An injected voltage looks like a real one, and the model treats it as fact [4]. The danger is a forged reading that the AI accepts as genuine.
The threat model in this work is concrete rather than generic. It builds on the CIA triad and NIST Smart Grid guidance to list specific attacks against a pack [3][5]. It also points to a real case that shows why provenance matters. A Tesla once caught fire five minutes into use, traced to a counterfeit battery. The takeaway is that a battery should be able to prove its identity before any system trusts it.
| Attack | CIA impact | Consequence |
|---|---|---|
| DoS / CAN flooding | Availability | Safety messages delayed or dropped |
| False-data injection / MitM | Integrity | AI estimates poisoned with forged telemetry |
| Eavesdropping | Confidentiality | Pack behavior and usage profiled |
| EM jamming | Availability | Bus signaling disrupted at the physical layer |
| Cross-layer takeover | Integrity | Remote firmware swap via Bluetooth or Wi-Fi |
| Counterfeit / hidden module | Integrity | Unverified hardware trusted as genuine |
Every row points the same way. Once the BMS became smart and connected, security could no longer be an afterthought.
Trust has to start in the hardware
If the bus offers no guarantees, trust has to come from below the bus. That is the link between the two studies. Put the root of trust in silicon now, and carry the same principle into the wireless, software-defined future.
The wired side starts with CAN. The protocol that runs the nervous system of almost every EV has no built-in authentication, encryption, or integrity checks. Rather than patch the wire, the architecture places the root of trust in a Trusted Platform Module, a hardware security component standardized by the Trusted Computing Group. The TPM seals keys in hardware, performs a measured boot, and records the integrity of each stage in its Platform Configuration Registers, so tampered firmware fails verification before it can run. Firewalls and an intrusion-detection layer sit above it [6][7]. The hardware that carries this is LiBat's BMS1810 and BMS1820 masters, modular units built to ISO 26262 functional safety, with isolated CAN 2.0b, RS485 and RS232, ±1.6 mV typical cell-voltage accuracy, and passive balancing up to 420 mA per cell. It is designed to host the trust anchor from the start.
The same idea moves into the Software-Defined Vehicle with different mechanisms but the same logic. Here, security sits beneath the application and close to the hardware, instead of being layered on top. There is a Security Layer for key management, device authentication, and secure updates. Below it sits a Communication Management Layer, and beneath that a Hardware Abstraction Layer that controls sensor access and key storage. Local diagnostics use NFC, whose range of a few centimeters is itself a safeguard, since an attacker has to be physically next to the pack. Each session runs mutual authentication, derives a symmetric AES session key, and wraps the data in Secure NDEF format, which adds less than 5% latency over plain NFC. ECQV implicit certificates keep authentication small enough for constrained networks, and a modified Station-to-Station exchange gives each session its own key with perfect forward secrecy. The device keys stay in protected hardware memory and are never transmitted.
The common point across both cases is simple. The root of trust stays in hardware, whether the channel is a copper wire or a beam of light. This also matches where automotive regulation is going. UNECE Regulation No. 155 now requires a certified cybersecurity management system for new vehicle types [14], and a pack whose keys live in hardware and whose data is authenticated end to end is already built for that requirement.
Remove the wire
One way to remove a class of attacks is to remove the medium they rely on. In a conventional pack, the Cell Management Controllers are wired in a daisy chain to a central Battery Management Controller and out to the vehicle. That copper radiates and picks up electromagnetic interference, fails mechanically, and gives an attacker a physical surface to work with. The software-defined design replaces the harness with a Serial Infrared Link, an optical channel between controllers.
Going optical removes EMI and wiring faults, and because light is not affected by radio interference, it also closes the EM-jamming path that the CAN-side threat model lists as an availability risk [11].
The results are reported with their limits rather than as a clean success. Across a thermal sweep from -40 to +75 °C, a lens-focused 5 cm link and a short 20 cm polycarbonate waveguide stayed stable. Direct over-air transmission and a long 50 cm waveguide did not hold up. As the temperature rose, thermal deformation tilted the beam past the receiver's incidence angle and packet loss climbed toward 100%. Optical geometry is a design constraint to respect, not something that works in every layout. The mechanical-shock result is clearer. Under a vibration sweep from 5 to 2000 Hz at up to 3200% of standard test levels, the link showed no lasting communication failure.
| Optical link configuration | Thermal outcome (−40 to +75 °C) |
|---|---|
| Lens-focused, 5 cm | Stable |
| Short polycarbonate waveguide, 20 cm | Stable |
| Direct over-air | Degrades to up to 100% packet loss |
| Long waveguide, 50 cm | Degrades to up to 100% packet loss |
Within its geometric limits, an optical link inside the pack can be more robust and harder to attack than the harness it replaces [12].
Intelligence that runs on the pack
Trusted data is only half of it. The other half is estimation that is accurate, small, and cheap enough to run on the pack, so the result never has to leave the device that produced it. Both studies follow the same idea. Build a heavy, accurate model once, then compress it until it fits an edge power budget.
State of Charge is handled by pairing physics with a small neural network. An Extended Kalman Filter, working on a dual-polarization equivalent-circuit model, produces high-quality estimates, and those estimates train a compact feedforward network of roughly 600 parameters. The network runs only on data the security layer has already verified, and it stays accurate across the full temperature range. Its best case is 0.64% error at 25 °C, and it holds under 1.3% from 5 to 45 °C.
| State of Charge accuracy | RMSE | Max error |
|---|---|---|
| 25 °C (best case) | 0.64% | 2.42% |
| 5 °C | 1.15 to 1.28% | 3.85 to 3.89% |
| 45 °C | 0.77 to 0.92% | 1.93 to 2.22% |
State of Health follows the same compress-to-the-edge idea through knowledge distillation and quantization. A large XGBoost model learns capacity fade accurately, teaches a much smaller student network, and the student is shrunk again with INT8 quantization. What remains is small enough to run on a Google Coral edge board while staying accurate on data it has never seen. The figures are in the table below.
| Edge SoH model | Value |
|---|---|
| Model size | 22.4 KB |
| Inference time | 0.0046 ms |
| Energy per prediction | 0.0091 mJ |
| Validation accuracy | R² 0.999985 |
| Capacity-fade tracking | 69 Ah → 55 Ah (MAE 0.0821 Ah) |
Running estimation on the pack is a security decision as much as a latency one [9][10]. A local model needs no connection, makes no cloud round trip, and exposes no telemetry stream for an attacker to intercept. The same choice that makes the model efficient also keeps the data private.
Why this matters now
Regulation is moving in the same direction. The EU Battery Regulation, (EU) 2023/1542, introduces a digital battery passport. From February 2027, EV, light-means-of-transport, and larger industrial batteries sold in the EU will have to carry accessible, documented data on performance, durability, and state of health [13]. A passport is only as trustworthy as the data behind it, and a battery whose state estimates run on a hardware-rooted, end-to-end-authenticated stack can stand behind those numbers in a way a cloud-dependent, unauthenticated pipeline cannot.
Functional safety pushes the same way. ISO 26262, the standard the BMS1810 and BMS1820 are designed against, assumes the numbers coming off the pack are real, and its safety case depends on the integrity of those measurements [15]. Much of the AI-BMS literature takes that integrity for granted, optimizing model accuracy while assuming the input is honest. This work reverses the order. It verifies the data first, then estimates.
That order is the point of the Software-Defined Vehicle era. As more of the car becomes software, the attack surface grows, and so does the case for putting security in hardware and intelligence at the edge [8][12]. The two studies are two stages of one plan. Secure the wire today with a hardware root of trust on CAN, then remove the wire and move the estimation onto the cell, with keys held in silicon and data authenticated end to end throughout.
That is the battery LiBat is building. It is trustworthy because the security lives in the hardware, and intelligent because the estimation runs on the pack.
References
- [1]E. Dincer, T. Baykal, M. Atav, U. Aggez, J. Burki, N. A. Nijdam, T. Lenard, A. Collen and D. Hrvanovic, "A Robust and Trusted Smart Battery Paradigm: Evaluating Environmental Resilience, CAN Bus Security, and FNN-Based Diagnostics," IEEE International Workshop on Metrology for Automotive (MetroAutomotive), Brescia, Italy, 2026.
- [2]E. Dincer, T. Baykal, W. Prochazka, F. Scherr, D. Hrvanovic and O. Oztin, "A Software-Defined Architecture for Secure Optical Communication and Edge-Based State Estimation in Automotive BMS," IEEE International Workshop on Metrology for Automotive (MetroAutomotive), Brescia, Italy, 2026.
- [3]J. Ye et al., "Cyber-Physical Security of Powertrain Systems in Modern Electric Vehicles: Vulnerabilities, Challenges, and Future Visions," IEEE Journal of Emerging and Selected Topics in Power Electronics, vol. 9, no. 4, pp. 4639-4657, Aug. 2021.
- [4]S. Murlidharan, V. Ravulakole, J. Karnati and H. Malik, "Battery Management System: Threat Modeling, Vulnerability Analysis, and Cybersecurity Strategy," IEEE Access, vol. 13, pp. 37198-37220, 2025.
- [5]F. Naseri, Z. Kazemi, P. G. Larsen, M. M. Arefi and E. Schaltz, "Cyber-Physical Cloud Battery Management Systems: Review of Security Aspects," Batteries, vol. 9, no. 7, 382, 2023.
- [6]C. Plappert, D. Lorych, M. Eckel, L. Jager, A. Fuchs and R. Heddergott, "Evaluating the applicability of hardware trust anchors for automotive applications," Computers & Security, vol. 135, 103514, 2023.
- [7]L. Crocetti, D. Di Rienzo, A. Verani, F. Baronti, R. Roncella and R. Saletti, "A Novel and Robust Security Approach for Authentication, Integrity, and Confidentiality of Lithium-ion Battery Management Systems," 2023 IEEE 3rd Int. Conf. on Industrial Electronics for Sustainable Energy Systems (IESES), Shanghai, China, 2023, pp. 1-6.
- [8]P. Rahmani, S. Chakraborty, I. Mele, T. Katrasnik, S. Bernhard, S. Pruefling, S. Wilkins and O. Hegazy, "Driving the future: A comprehensive review of automotive battery management system technologies, and future trends," Journal of Power Sources, vol. 629, 235827, 2025.
- [9]S. S. Madani, Y. Shabeer, M. Fowler, S. Panchal, H. Chaoui, S. Mekhilef, S. X. Dou and K. See, "Artificial Intelligence and Digital Twin Technologies for Intelligent Lithium-Ion Battery Management Systems: A Comprehensive Review of State Estimation, Lifecycle Optimization, and Cloud-Edge Integration," Batteries, vol. 11, no. 8, 298, 2025.
- [10]G. R. Sylvestrin, J. N. Maciel, M. L. M. Amorim, J. P. Carmo, J. A. Afonso, S. F. Lopes and O. H. Ando Junior, "State of the Art in Electric Batteries State-of-Health (SoH) Estimation with Machine Learning: A Review," Energies, vol. 18, no. 3, 746, 2025.
- [11]Z. Cao, W. Gao, Y. Fu and C. Mi, "Wireless Battery Management Systems: Innovations, Challenges, and Future Perspectives," Energies, vol. 17, no. 13, 3277, 2024.
- [12]M. Haeberle et al., "Softwarization of Automotive E/E Architectures: A Software-Defined Networking Approach," 2020 IEEE Vehicular Networking Conf. (VNC), 2020, pp. 1-8.
- [13]European Parliament and Council of the European Union, "Regulation (EU) 2023/1542 of the European Parliament and of the Council of 12 July 2023 concerning batteries and waste batteries, amending Directive 2008/98/EC and Regulation (EU) 2019/1020 and repealing Directive 2006/66/EC," Official Journal of the European Union, L 191, pp. 1-117, 28 July 2023. (Battery passport obligation under Article 77 applies from 18 February 2027.)
- [14]United Nations Economic Commission for Europe (UNECE), "UN Regulation No. 155 - Uniform provisions concerning the approval of vehicles with regards to cyber security and cyber security management system," UNECE, 2021 (entered into force 22 January 2021).
- [15]International Organization for Standardization, "ISO 26262:2018 — Road vehicles — Functional safety," ISO, Geneva, Switzerland, 2018.
