Figure 2 - uploaded by Raju Gottumukkala
Content may be subject to copyright.
The cyber-physical interaction between the EVSE and the PEV

The cyber-physical interaction between the EVSE and the PEV

Citations

... During the charging mechanism, Electric Vehicles (EV) are susceptible to several attacks via charging infrastructure. Additionally, the smart grid may be attacked by utilizing a charging system [33]. ...
Article
Full-text available
In-vehicle communication has become an integral part of today's driving environment considering the growing add-ons of sensor-centric communication and computing devices inside a vehicle for a range of purposes including vehicle monitoring, physical wiring reduction, and driving efficiency. However, related literature on cyber security for in-vehicle communication systems is still lacking potential dedicated solutions for in-vehicle cyber risks. Existing solutions are mainly relying on protocol-specific security techniques and lacking an overall security framework for in-vehicle communication. In this context, this paper critically explores the literature on cyber security for in-vehicle communication focusing on technical architecture, methodologies, challenges, and possible solutions. In-vehicle communication network architecture is presented considering key components, interfaces, and related technologies. The protocols for in-vehicle communication have been classified based on their characteristics, and usage type. Security solutions for in-vehicle communication have been critically reviewed considering machine learning, cryptography, and port-centric techniques. A multi-layer secure framework is also developed as a protocol and use case-independent in-vehicle communication solution. Finally, open challenges and future dimensions of research for in-vehicle communication cyber security are highlighted as observations and recommendations .
... Other work has been conducted in network-based intrusion detection systems. Moroson and Pop introduced a neural network that was trained on six months of data to detect malicious OCPP traffic [191]. INL has developed a safety instrumented system (SIS) intrusion detection framework to monitor EV charger operations and properties [141]. ...
Article
Full-text available
Worldwide growth in electric vehicle use is prompting new installations of private and public electric vehicle supply equipment (EVSE). EVSE devices support the electrification of the transportation industry but also represent a linchpin for power systems and transportation infrastructures. Cybersecurity researchers have recently identified several vulnerabilities that exist in EVSE devices, communications to electric vehicles (EVs), and upstream services, such as EVSE vendor cloud services, third party systems, and grid operators. The potential impact of attacks on these systems stretches from localized, relatively minor effects to long-term national disruptions. Fortunately, there is a strong and expanding collection of information technology (IT) and operational technology (OT) cybersecurity best practices that may be applied to the EVSE environment to secure this equipment. In this paper, we survey publicly disclosed EVSE vulnerabilities, the impact of EV charger cyberattacks, and proposed security protections for EV charging technologies.
... To support such ancillary backup services, as well as to charge their battery resources, EVs connect to the electric grid via charging stations. According to [75], EV charging stations (EVCS) perform the following tasks. First, they authenticate the vehicles, and then they either charge them or connect them to the main grid where they can be utilized as adhoc energy storage. ...
Preprint
Full-text available
The digitalization and decentralization of the electric power grid are key thrusts towards an economically and environmentally sustainable future. Towards this goal, distributed energy resources (DER), including rooftop solar panels, battery storage, electric vehicles, etc., are becoming ubiquitous in power systems, effectively replacing fossil-fuel based generation. Power utilities benefit from DERs as they minimize transmission costs, provide voltage support through ancillary services, and reduce operational risks via their autonomous operation. Similarly, DERs grant users and aggregators control over the power they produce and consume. Apart from their sustainability and operational objectives, the cybersecurity of DER-supported power systems is of cardinal importance. DERs are interconnected, interoperable, and support remotely controllable features, thus, their cybersecurity should be thoroughly considered. DER communication dependencies and the diversity of DER architectures (e.g., hardware/software components of embedded devices, inverters, controllable loads, etc.) widen the threat surface and aggravate the cybersecurity posture of power systems. In this work, we focus on security oversights that reside in the cyber and physical layers of DERs and can jeopardize grid operations. We analyze adversarial capabilities and objectives when manipulating DER assets, and then present how protocol and device -level vulnerabilities can materialize into cyberattacks impacting power system operations. Finally, we provide mitigation strategies to thwart adversaries and directions for future DER cybersecurity.
... For instance, in 2019, security experts identified three vulnerabilities in an electric vehicle charging station [24]. Such vulnerabilities are concerning since these charging stations are connected to the electric grid [25][26][27]. The electric grid itself is vulnerable to attack; for example, Soltan et al. [28] demonstrate that high-wattage devices can be used to launch an attack on the electric grid. ...
... These results will be updated month by month and require the stakeholders and managers to take action to enhance and improve the system. Increased Electricity Prices e. 10 Cyber Security Practices Become Outdated e. 11 Implementation Goes Over Budget e. 12 Implementation Takes Longer Than Expected e. 13 Government Policy Changes e.14 Shortage Of Production Materials e. 15 New/Increased Number of Suppliers e. 16 Increased Renewable Energy Dependence e. 17 Counterfeit Product in Supply Chain e. 18 Change In Worldwide Energy Stance e. 19 Development Of Newer, More Advanced Hardware Security e. 20 Development Of More Powerful Chargers e. 21 Increased EV Purchase Subsidies e. 22 Versatility Of Charging Locations e. 23 Denial Of Service e. 24 Attacks On IoT Service e. 25 Ransomware e. 26 Unauthorized Access Attacks e. 27 Data Collection: Phishing, Spamming, Spoofing e. 28 User Authentication Issues e. 29 Poorly Encrypted Data/No Data Encryption e. 30 Limiting Employee Access to Hardware e. 31 Pilot Testing of Services to Ensure Security Functionality e. 32 Auditability/Ease of Monitoring System Activity e. 33 Development Of More Advanced Blockchain Storage/Distributed Data Storage e. 34 Physical Disruption of Charging Networks e. 35 Denial Of Service Attacks e. 36 Reliable And Resilient Power Grid e. 37 Charging Infrastructure Capacity e.i On the other hand, if the baseline rank is toward the right side of the bar and received the lowest rank, it means that the initiative improves in rank under different scenarios [41]. For instance, initiative x.07. ...
Article
Future electric vehicles and associated vehicle-to-grid (V2G) infrastructure, including vehicle charging stations and network communications, face a variety of cybersecurity threats. The threats include disruptions of the supply chains and operations of the embedded hardware devices of these systems. Systemic and principled approaches are needed in which the security and trust relationships among V2G systems, charger systems, and communications networks are characterized. Furthermore, there is a need for guidance in allocating resources to improve system security, resilience, and trust. Thus, this paper develops a framework to address the emergent and future conditions that are most disruptive to the security of the embedded devices of fleet electric-vehicle (EV) chargers and their networks. The innovation of this paper is to account for hybrid cybersecurity threats to the interests of system owners, operators, and users, addressing scenario-based preferences for rapidly advancing technologies. There is a demonstration with fleet electric vehicles providing logistics services, shared bidirectional chargers, and communications infrastructure.
... Cyberattack methods are examined in four different attack layers and it is given as a diagram of which attacks can occur in which layer. The purpose here is to take security measures against possible attacks (Gottumukkala et al., 2019;Fraiji et al., 2018;Özarpa, 2021;Huang,2011). ...
Conference Paper
Full-text available
Smart grids are a rapid development with the development of technologies in recent years. With the development of smart grids, many sectors have started to become as smart as technology and digitalization. In smart grids, electric vehicles, smart homes, solar panels, wind farms, factories, nuclear power plants, etc. exists. Smart grids are one of the sectors that rapidly adapt to technology development. The most important issue in smart grids is the flow control of data in SCADA systems and online data collection in data. It is a part of smart grids in electric vehicles and contains significant risks in terms of safety. With the widespread use of electric vehicles, safety problems and risks on these vehicles become important. Cyber-attacks that may occur on these vehicles may cause the vehicles to become completely unusable. The prevalence of electric vehicles is not only the safety problems in vehicles, but also the safety of charging stations, and their risks should be analyzed. This study, it is aimed to analyze the architecture, safety problems, and risks of electric vehicles. Also, this study, it is aimed to examine the security problems and analyze the risks in terms of cyber-attacks in electric vehicles, which are a part of smart grids. When analyzing risks, it can be revealed by examining and analyzing the security events that are or may be experienced. In this study, cyber-attacks will be detected and the measures to be taken will also be given.
... Researchers listed and characterized exploitable backdoors of the EV charging infrastructure; however, they lack the impact analysis of attacks and detection and mitigation strategies [17]. Authors [18] presented a system approach to list the interactions between various cyber-physical components inside the smart EVSE and few approaches to improve its cyber-physical security. This research work also lacks the analysis of the impact on EV charging and any proactive detection techniques. ...
... Likewise, cyber threats targeting different players in an EVSE are presented, lacking impact analysis and mitigation techniques [20]. Apparently, most of the research [17][18][19][20] in EVSE cybersecurity is limited to vulnerability analysis and risk assessment; and unable to explain the exact quantifiable effects on the physical system from the cyber-initiated attack. The literature also lacks the proactive attack detection strategy such as IDS [13] and post-attack specifications to deal with the attack in standalone EVSE or fleet. ...
Article
Full-text available
Abstract The surging usage of electric vehicles (EVs) demand the robust deployment of trustworthy electric vehicle charging station (EVCS) with millisecond range latency and massive machine to machine communications where 5G could act. However, 5G suffers from inherent protocols, hardware, and software vulnerabilities that seriously threaten the communicating entities' cyber‐physical security. To overcome these limitations in the EVCS system, this paper analyses the impact of False Data Injection (FDI) and Distributed Denial of Services (DDoS) attacks on the operation of EVCS. This work is an extension of the previously published conference paper about the EVCS. As new features, this paper simulates the FDI attack and the syn flood DDoS attacks on 5G enabled remote Supervisory Control and Data Acquisition (SCADA) system that controls the solar photovoltaics (PV) controller, Battery Energy Storage (BES) controller, and EV controller of the EVCS. The extent of delay has been increased to more than 500 ms with the severe DDoS attack via 5G. The attacks make the EVCS system oscillate or shift the DC operating point. The frequency of oscillation, its damping, and the system's resiliency are found to be related to the attacks' intensity and the target controller. Finally, the novel stacked Long Short‐Term Memory (LSTM) based intrusion detection systems (IDS) are proposed solely based on the electrical fingerprint. This model can detect the stealthy cyberattacks that bypass the cyber layer and go unnoticed in the monitoring system with nearly 100% detection accuracy.
... In the latter case, the standard ISO 15118 [14] is exploited to create a secure communication link, implying that both EV and EVSE must be able to encrypt messages. The overall system has been analyzed in literature from a CPS (Cyber-Physical System) security point of view, and several threats have been identified [5], [15]. However, security and privacy analysis should also focus on the charging phase. ...
... Utilizing modules in the EV or smartphone, the user can communicate with the EVSE and, in turn, with the power supplier. Current implementations of EVSEs are organized in three levels [15], [17]. Level 1 and 2 use a 5 lead connector based on SAE J1772 standard [18], where 3 leads are connected to the grid via relays in the EVSE. ...
Preprint
Full-text available
EVs (Electric Vehicles) represent a green alternative to traditional fuel-powered vehicles. To enforce their widespread use, both the technical development and the security of users shall be guaranteed. Privacy of users represents one of the possible threats impairing EVs adoption. In particular, recent works showed the feasibility of identifying EVs based on the current exchanged during the charging phase. In fact, while the resource negotiation phase runs over secure communication protocols, the signal exchanged during the actual charging contains features peculiar to each EV. A suitable feature extractor can hence associate such features to each EV, in what is commonly known as profiling. In this paper, we propose EVScout2.0, an extended and improved version of our previously proposed framework to profile EVs based on their charging behavior. By exploiting the current and pilot signals exchanged during the charging phase, our scheme is able to extract features peculiar for each EV, allowing hence for their profiling. We implemented and tested EVScout2.0 over a set of real-world measurements considering over 7500 charging sessions from a total of 137 EVs. In particular, numerical results show the superiority of EVScout2.0 with respect to the previous version. EVScout2.0 can profile EVs, attaining a maximum of 0.88 recall and 0.88 precision. To the best of the authors' knowledge, these results set a new benchmark for upcoming privacy research for large datasets of EVs.
... The dispersed locations of EVSEs along with their bidirectional energy exchange capabilities and their oblivious nature for malicious requests make of them an appealing surface to initiate switching attacks which can remain stealthy from the operator. To the best of our knowledge, prior work did not consider the unique capabilities of EVSEs in the execution procedure of the switching attacks; however, other types of cyber-physical attacks initiated from the EVSE network have been already investigated in [2], [6], [7] and [8]. These works demonstrated the manipulation of OCPP messages to create sizeable consequences on the grid performance and provided some directions to deal with these issues. ...
... The controller state-space parameters then can be obtained by solving inequalities described in (6) and (7). A feasible design specifications for the problem exists if two positive definite matrices P LM I = X and the controller K(s) can be found as the solution of these equations. ...
Article
The new surge of interest towards mass integration of Electric Vehicles (EVs) in distribution smart grids can expose the high-voltage grid to instability conditions, for instance, through cyber threats initiated from the residential or public EV Supply Equipment (EVSE). This paper (i) investigates the impact of switching attacks on EV charging infrastructure and their impacts on the inter-area stability of the transmission grid, and (ii) proposes a two-stage detection and mitigation technique for those attacks. Initially, we demonstrate that leveraging the existing vulnerabilities in charging stations’ cyberspace and the topology of the grid, an adversary can switch the injected or absorbed power of EVs with inter-area frequency and cause a blackout by destabilizing the angular speed of the grid’s generators. Then, a Back Propagation Neural Network (BPNN) scheme is designed and hosted at the central management system (CMS) of a public EVSE network. Using this BPNN scheme, the switching attacks are accurately detected by analyzing the features of charging/discharging requests. Moreover, the detected attacks are mitigated by delaying or discarding the request execution. Finally, to cope with the conditions where the residential chargers are under-attack, or when the BPNN fails to provide accurate detection, a wide area H∞ controller is designed to keep the angular speed of the synchronous generators within the acceptable limits. The effectiveness of the proposed techniques is evaluated using two-area Kundur and 5-area Australian grids.
... Researchers listed and characterized exploitable backdoors of the EV charging infrastructure; however, they lack the impact analysis of attacks and detection and mitigation strategies [17]. Authors [18] presented a system approach to list the interactions between various cyber-physical components inside the smart EVSE and few approaches to improve its cyber-physical security. This research work also lacks the analysis of the impact on EV charging and any proactive detection techniques. ...
... Likewise, cyber threats targeting different players in an EVSE are presented, lacking impact analysis and mitigation techniques [20]. Apparently, most of the research [17][18][19][20] in EVSE cybersecurity is limited to vulnerability analysis and risk assessment; and unable to explain the exact quantifiable effects on the physical system from the cyber-initiated attack. The literature also lacks the proactive attack detection strategy such as IDS [13] and post-attack specifications to deal with the attack in standalone EVSE or fleet. ...
Preprint
Full-text available
The surging usage of electric vehicles (EVs) demand the robust deployment of trustworthy electric vehicle charging station (EVCS) with millisecond range latency and massive machine to machine communications where 5G could act. However, 5G suffers from inherent protocols, hardware, and software vulnerabilities that seriously threaten the communicating entities' cyber-physical security. To overcome these limitations in the EVCS system, this paper analyses the impact of False Data Injection (FDI) and Distributed Denial of Services (DDoS) attacks on the operation of EVCS. This work is an extension of our previously published conference paper about the EVCS. As new features, this paper simulates the FDI attack and the syn flood DDoS attacks on 5G enabled remote Supervisory Control and Data Acquisition (SCADA) system that controls the solar photovoltaics (PV) controller, Battery Energy Storage (BES) controller, and EV controller of the EVCS. The attacks make the EVCS system oscillate or shift the DC operating point. The frequency of oscillation, its damping, and the system's resiliency are found to be related to the attacks' intensity and target controller. Finally, we propose the novel stacked Long Short-Term Memory (LSTM) based intrusion detection systems (IDS) solely based on the electrical fingerprint. This model can detect the stealthy cyberattacks that bypass the cyber layer and go unnoticed in the monitoring system with nearly 100% detection accuracy.
... Antoun et al. [3] presented a theoretical survey highlighting possible attacks targeting different players in the charging scenario and the countermeasures proposed in the literature. Other studies focus instead on a particular target, for instance, on the channel between the charging piles and the electric vehicles [38] or the security of the charging station [19]. However, the majority of the studies are limited on the attack presentation, without a real implementation. ...
Preprint
Full-text available
The impact of global warming and the imperative to limit climate change have stimulated the need to develop new solutions based on renewable energy sources. One of the emerging trends in this endeavor are the Electric Vehicles (EVs), which use electricity instead of traditional fossil fuels as a power source, relying on the Vehicle-to-Grid (V2G) paradigm. The novelty of such a paradigm requires careful analysis to avoid malicious attempts. An attacker can exploit several surfaces, such as the remote connection between the Distribution Grid and Charging Supply or the authentication system between the charging Supply Equipment and the Electric Vehicles. However, V2G architecture's high cost and complexity in implementation can restrain this field's research capability. In this paper, we approach this limitation by proposing MiniV2G, an open-source emulator to simulate Electric Vehicle Charging (EVC) built on top of Mininet and RiseV2G. MiniV2G is particularly suitable for security researchers to study and test real V2G charging scenarios. MiniV2G can reproduce with high fidelity a V2G architecture to easily simulate an EV charging process. Finally, we present a MiniV2G application and show how MiniV2G can be used to study V2G communication and develop attacks and countermeasures that can be applied to real systems. Since we believe our tool can be of great help for research in this field, we also made it freely available.