Conference PaperPDF Available

Cyber-physical System Security of Vehicle Charging Stations



Content may be subject to copyright.
Cyber-physical System Security of Vehicle
Charging Stations
Raju Gottumukkala
Director of Research, IRI
Assistant Professor, College of
University of Louisiana
Lafayette, USA
Rizwan Merchant
Center for Advanced Computer
University of Louisiana
Lafayette, USA
Adam Tauzin
Electrical and Computer
University of Louisiana
Lafayette, USA
Kaleb Leon
Electrical and Computer
University of Louisiana
Lafayette, USA
Andrew Roche
Instructor, Electrical and
Computer Engineering
University of Louisiana
Lafayette, USA
Paul Darby
Assistant Professor, Electrical
and Computer Engineering
University of Louisiana
Lafayette, USA
Abstract—Electric Vehicle Supply Equipment (EVSE), also
known as charging stations, are available for charging electric
vehicles. EVSE contain computers that are connected to the
Internet. These systems serve important control functions such
as authorization, charging electric vehicles, and connecting to
the local power grid. Charging stations authorize users and
vehicles using RFID cards, Bluetooth, or Wi-Fi. Moreover, there
are many sensing, communication and computational
components in EVSEs that are potentially vulnerable to cyber-
security attacks. We have observed that these vulnerabilities can
be potentially exploited by hackers to compromise the
availability, integrity, and confidentiality of a network of
charging stations, or even the power grid. Given the tremendous
growth in the electric vehicle market in the next few years, it is
important to design dependable charging stations. Designing
trustworthy charging stations require a deeper understanding
of the cyber-physical interactions within the charging station, as
well as how the cyber and physical components affect each other.
This paper presents a cyber-physical system approach to
understanding the interaction of various components within
smart charging equipment. Furthermore, the different types of
vulnerabilities and attacks, and approaches to improve CPS
security are also explained.
I. I
The number of electric vehicles is expected to grow from
3 million to 120 million in the next decade [1]. In the United
States alone, there are 290,000 electric cars on the road, that
represents 69% increase from previous year [2]. The charging
equipment, also known as Electric Vehicle Supply Equipment
(EVSE) (or interchangeably called charging stations in this
paper), provide safe and secure charging to the electric
vehicles, similarly to gas stations. EVSE connected to the
power grid may be managed by a Building Energy
Management System (BEMS), which manages interfacing
between the power grid and EVSE.
Cyber-physical systems (CPS) are engineered systems
built through seamless and secure integration of computation
(i.e., sensing, computing, and networking) and physical
components [3]. Smart systems technologies such as smart
transportation, smart grid, smart vehicles, smart
manufacturing, etc. rely on the fundamentals of this CPS
integration. Smart charging provides a communication
mechanism between the EVSE and the grid that support
power monitoring and management to improve efficiency and
customization of charging schedules. Through better
connectivity and control, smart charging protocols are
designed to reduce costs, aid in balancing peak loads, and
facilitate better integration with different levels of grid
operators and renewable energy sources. Existing EVSEs
have several computing and communication components that
are used to both manage and control the operation of power
equipment. Emerging smart grid technologies additionally
aim to facilitate a two-way power exchange between Plug-in
Electric Vehicles (PEV) and the grid via EVSE, particularly
fast chargers. Moreover, both personal and financial
information is exchanged during smart charging as part of the
authentication process. Hence, the safe and secure operation
of EVSE is of paramount importance to vehicles, people, and
the power grid infrastructure. There are several motivations
for launching an attack on a charging station, ranging from
electricity theft to pranks to more sophisticated attacks that
involve disrupting a network of charging stations by using an
EVSE as an entry point. Attacks could be more serious still
where malware could potentially be spread across a network
of charging stations that could would affect the power grid.
The Society of Automotive Engineers (SAE) has
developed a set of standards and protocols to be implemented
by charging station manufacturers, such as SAE J1772[4][5].
The number of interconnected components in EVSE and the
connectivity with many subsystems (i.e. vehicles, phones,
BEMS, and the power grid), and poorly implemented security
mechanism makes EVSE extremely vulnerable to cyber-
attacks. A recent cybersecurity report from the United States
Department of Energy/Department of Transportation
(DOE/DOT) highlights cyber-security gaps [6] with existing
EVSE infrastructure that includes man-in-the-middle attacks,
payment fraud, privacy, battery damage, Denial of Service
978-1-7281-1457-6/19/$31.00 ©2019 IEEE
(DoS) attacks, and malware spread from PEV to EVSE. The
aforementioned report and recent studies by Rhode [7],
Dalheimer [8], and Shezaf [9] demonstrated deficiencies and
gaps in existing charging infrastructure from the lack of
cyber-security guidelines and testing before they were
deployed. Recent studies have also highlighted how
uncontrolled charging by EVSE can create an imbalance or a
negative effect on the grid.
In this paper, we first present EVSE as a CPS, then discuss
and summarize cybersecurity based vulnerabilities, threats
and consequences. We also present methods and future
research directions to improve the CPS security of charging
Most charging stations already implement some form of
information security. However, these information
technology-based methods are limited with respect to
understanding how the controls may affect the overall CPS
security. The primary motivation behind this work in
presenting EVSE as a CPS is to present the cyber-threats and
vulnerabilities in the EVSE design that would affect safe and
secure charging of electric vehicles or the electric grid.
The following are three major cyber-security objectives to
design a cyber-physical system:
Availability: The availability of charging stations is
determined by the active time versus the down time of
the charging services. It is important that a defense is
provided to both monitor, detect, and prevent DoS
attacks, among other types of attacks on charging stations
to maintain high availability.
Integrity: Integrity provides protection against
unauthorized changes to both the data and control
information. The protection needs to be provided against
tampering with information stored (either on the charging
station, centralized server, or the client’s device) or
exchanged between various entities.
Confidentiality: Confidentiality guarantees secrecy is
maintained in data transmission between various parties.
The main types of EVSE are Level 1 (120VAC single-
phase “trickle charge”), Level 2 (240VAC from split-phase),
and Level 3 (up to 500VDC). Level 2 EVSE designed for use
in publicly available charging stations contain considerably
more complex hardware than Level 1 chargers and Level 2
EVSE for private home usage. The availability of more
sophisticated computer hardware also allows Level 2 EVSE
to include more safety protections for charging than most
Level 1 EVSE. An example of this hardware can be seen in
the schematic diagram depicted in Figure 1b. As shown in the
diagram, beyond the equipment needed to actually enable AC
charging, Level 2 EVSE at charging stations require
proprietary Printed Circuit Boards to control a variety of
components and subsystems. For example, many Level 2
EVSE have communication modules used for wireless
communication with a network (typically Wi-Fi, Bluetooth,
and/or cellular), allowing for manufacturers to implement a
number of functions, such as user validation and verification,
price setting by station management, and the reporting of
diagnostic information. EVSE at Level 2 charging stations
also tend to be equipped with indicator LEDs and LCDs that
are used for providing users with feedback on the status of the
station and/or the stage of a charging cycle that is currently
underway, similar to modern gas pumps. It is also common
for EVSE to come equipped with radio-frequency
identification (RFID) scanners that can read credit cards or
EVSE network member cards for the purpose of processing
payments. Although Figure 1 only depicts one main computer
board interfacing with a variety of modules, EVSE may
instead implement several special-purpose boards, such as a
communication board, an LED board, or a user I/O board.
Figure 1: High-level Schematic Diagram of a Generic
Level 2 AC EVSE
The availability of more sophisticated computer hardware
also allows Level 2 EVSE to include more safety protections
for charging than most Level 1 EVSE. Like Level 1 EVSE,
Level 2 EVSE interface with PEVs via a five-lead connector
following the SAE J1772 protocol. Three of the leads,
typically denoted as L1, L2, and GND, are connected to
supply power from the electric grid and are only separated
from a direct grid-to-PEV connection through relays internal
to the EVSE. A combination of three directly connected
voltage taps and three non-invasive current transformer
sensors are used to provide the main computer hardware of
the EVSE with information about the power delivered to a
connected vehicle, allowing for metering that is used to
calculate charge session cost. The other two leads are the pilot
line and the proximity line. The proximity line connects only
to a simple resistor network within the EVSE plug, rather than
its main housing, and it is used by the PEV to determine if a
good connection has been made. The proximity circuit does
not typically communicate with EVSE computer hardware in
any way, although some models include electronic
components in the circuit that prevent a “good connection”
reading on the PEV-end when the EVSE is not ready to
charge. The more important lead is the pilot line, which the
EVSE and PEV use to communicate with each other. When a
station is idling, a 12V DC voltage signal is applied to the
pilot line, but when a PEV completes the circuit through a
physical connection, the EVSE senses this action through a
voltage detector and switches a source generating a 12V
amplitude 1kHz square wave onto the pilot line. An electrical
circuit in the PEV consisting of switches and resistors
responds to EVSE when the square-wave is detected and the
EVSE is able to begin a charge cycle. Should an electrical
problem arise on the grid-side of the EVSE or should the user
suddenly disconnect their vehicle from EVSE in the middle
of a charging session, EVSE computer hardware will open the
relays within a fraction of a second, “depowering” the adapter
to prevent user injury.
Figure 2: The cyber-physical interaction between the
EVSE and the PEV
The computer and sensor hardware of Level 3 EVSE is
like that of Level 2 EVSE. The two primary types of DC fast
charging stations available in the US are those that utilize the
combined charging standard (CCS) expansion to SAE J1772
and those following the Japanese CHAdeMO protocol, with
Tesla Motor’s proprietary Super Chargers, which only work
with their own vehicles, being the third most influential. The
main differences between Level 2 and Level 3 EVSE come
down to charger circuit location, method of PEV-EVSE wired
communication, and physical adapter design. Although the
term “charger” is often erroneously used to refer to EVSE in
publications, including within this paper, all commercially
available Level 3 EVSE contain AC-DC rectifiers and other
charging circuitry within the EVSE itself, whereas Level 2
charging requires such circuitry to be within the PEV. The
physical connectors for CCS EVSE are essentially modified
SAE J1772 connectors that include two large pins that are
used for DC power delivery. CCS EVSE can utilize the pilot
line in a similar way to Level 2 EVSE, although the conductor
can also be repurposed for power line communication (PLC)
with the smart grid. CHAdeMO EVSE connectors feature a
similar set of two large pins to the CCS adapter, but they also
have a higher number of pins in total. Three of these pins are
charge session control pins that function similarly to the pilot
line of SAE J1772, but two of the pins are instead used for
facilitating controller area network (CAN) communication
with vehicles, allowing for more complex wired
communication [10].
An attack surface is an entry point where a multitude of
attacks may be launched. There are two different categories
of entry points that could be used to compromise the security
of an EVSE; namely, network-based entry points and
physical access points, such as through the charging port or
by tampering with the devices’ hardware.
A. Network-based Attacks
Level 2 and Level 3 chargers are typically equipped with
some communication module with either a wireless (i.e.
Bluetooth, Wi-Fi, cellular, etc.) or wired interface. This
communication module enables authorized drivers to initiate
a charge session and communicate the status of charge
session back to the station operator. This communication
happens either through modules in the vehicle, smart phone,
or an RFID card. The vulnerabilities for both short range and
long-range communications are well documented in literature
[11-14]. Compromising the security of any of these network
endpoints (i.e. BEMS, controller server, and station operation
interface) due to poor authentication or lack of encryption has
the potential to affect all the charging stations connected to
the end node. This has the potential to compromise the
confidentiality, and integrity of both data and control
commands, affecting the availability of the charging station,
the charging station controller (or management interface), the
BEMS server, and/or the power grid.
The following are the list of network-based attacks:
Spoofing Attacks: Most wireless communication
protocol-based communications (e.g. RFID, Bluetooth
and Wi-Fi) are prone to spoofing attacks. One common
form of this attack is to compromise the device’s unique
identifier (such as a MAC address) and masquerade as a
legitimate user. This typically happens before the
encryption is established and keys are generated.
Spoofing attacks typically have the ability to (a)
compromise the user’s identity, thereby affecting the
user’s privacy, especially pertaining to any of the user’s
personal information, (b) modify data transmitted,
thereby affecting the integrity of data exchanged. To
create a more serious cyber-physical system based attack
would be implemented by using the user’s identity, and
the charging station advanced programming interface to
launch a DoS attack that affects the availability of the
charging station.
Man-in-the-Middle Attack: With this attack type, the
attacker tries to jam the receiver while still being able to
access the transmitted traffic, allowing the attacker to act
as a relay between the sender and receiver without either
party’s knowledge. Most radio-based communications
are also prone to man-in-the-middle attacks. These
attacks may occur between the nodes (e.g. EVSE, PEV,
BEMS); the attacker essentially has the ability to corrupt
the data, or take complete control over the node, and alter
the status of one of these nodes to relay incorrect
information (e.g., providing incorrect status information
for a charging station). If the communications or the
source code is not obfuscated or encrypted, man-in-the-
middle attacks can be launched easily.
Denial-of-Service: Compromised user and station
credentials may be used to launch very sophisticated
DOS attacks. For example, user credentials can be used
to launch DOS attacks against nodes. Attack variants to
consider are UDP or TCP/IP flood, low-rate DOS, ping
flood, or ICMP flood. These attacks are capable of taking
down a charging station or other nodes in the charging
station ecology.
SQL-Injection Attack: This attack type exploits poor
database implementation to insert, update, or delete
database data. This would allow an attacker to execute
commands that affects users’ ability to charge, modify
the location data for charging stations, or change the
status of a station’s availability, any of which could
create major distress and cause public safety issues.
Malware Attack: Poor security implementation of various
software modules in the charging station and the cloud
may be exploited to launch more sophisticated attacks
that install malware. Malware with with the potential to
launch a more coordinated attack could lead to both the
shutdown of a network of charging stations or even affect
the power grid by activating numerous charging stations
B. Physical Attacks
An attacker with physical access to an EVSE could
theoretically probe the charging station board to eavesdrop on
inter-component communications. This can be done by
physically tampering with the charging station if the tamper
resistance is weak. Since each EVSE may have a different
architecture, the attacker would need to study different
components, understand various communication modules
within the charging station, and have both a microcontroller
and various sniffing/probing tools to gain any valuable
information from their physical access to the charging station.
The complexity of the architecture varies greatly between
EVSE. All Level 2 and Level 3 charging stations have a
microcontroller to control the functions required by an EVSE,
and many are equipped with a Real Time Operating System
(RTOS), typically running Linux-kernel. Various hardware
tools exist to extract firmware through Universal
Asynchronous Receiver-Transmitter (UART) or Joint Test
Action Group (JTAG) interfaces. Specific types of attacks
include the following:
Physical & Side-channel attacks: Physical attacks involve
getting access to the chip-level components in order to
manipulate and interfere with the system internals. In
conjunction with this attack type, there are also Side-
channel attacks that involves reverse engineering a chip
by observing the timing information, power
consumption, and electromagnetic leaks. Using this
information, it is possible to retrieve sensitive data, such
as encryption keys used in communications or data being
communicated throughout the electronics. These attacks
are very hard to implement and require expensive
Interception-based attacks: This type of attack involves
eavesdropping on sensitive data to compromise user’s
privacy and confidentiality. This is accomplished by
using probing techniques to access and monitor the data
on the ports of the physical hardware. In addition, i can
also be used to intercept a pushed update to the EVSE
and potentially alter the update before being flashed to
the system.
Modification attacks: This attack type compromises
software integrity by exploiting detected vulnerabilities.
For example, the act of using a buffer overflow to
overwrite stack memory, thereby transferring control to
malicious program, would constitute as a modification
C. Hybrid Attacks
By using various permutations of network and physical
attacks, it is possible to launch even more sophisticated
attacks. For instance, should an attacker have access to the
cloud service, an EVSE could be authorized to start a
charging session with an unauthorized vehicle. For EVSE that
lack properly implemented SAE J1772 protocol-based PEV-
EVSE handshaking upon contact, physically modifying the
EVSE’s adapter plug allows a Level 2 charging session to be
activated without the presence of a vehicle. Combining these
two attacks allows a charging station adapter plug to be
energized remotely, which could either enable non-PEV
devices to receive energy through the EVSE or, more
seriously, potentially electrocute the next patron of the
The different attacks that can be formed from the
combination of physical and cyber network attacks are
diverse and numerous, with many such attacks being
incredibly detrimental to the normal operation of an EVSE
and the safety of its users.
Charging stations are being deployed very widely, with
limited standards for securing this infrastructure. Given that
charging station security and availability indirectly affects
both the power grid and the transportation sector, it is
important to have strong cybersecurity guidelines to
implement them. Some of the guidelines were adopted from
the embedded system security best practices, but most of
these are unique to charging stations.
A. Secure by Design
Designing a secure charging station goes well beyond
securing individual system components. This is because
charging stations interface with multiple systems, including
vehicles, smart phones, energy infrastructure, and the cloud.
This naturally expands the threat vectors that could be
potentially exploited by attackers. The security design of
charging station should identify all the threat vectors (both
cyber and physical) as well as the vulnerabilities and the risk
that these threats would pose to people, vehicles, and
infrastructure. The design should include both hardware and
software components. EVSE designers need to factor in the
variety of possible threats and consider appropriate mitigation
strategies. Various graphical and formal models such as
Petrinets, data flow diagrams, discrete-event simulations,
CPS models [14-17] can be used to both verify and evaluate
the safety and security properties of the design. In addition,
there needs to be clean isolation on the hardware and software
to prevent unauthorized access or eavesdropping of protected
information and control signals.
B. Software Security
The software in charging station includes software running on
the board that sends control signals to the charging station,
the charging station management interface, the mobile
applications, and application programming interface
provided by the charging stations. Most charging stations also
provide a charging station server that communicates with the
station over the internet. Secure by design principles applies
to the software architecture for charging station to identify the
security loopholes that make these systems vulnerable [14].
Given the complex and tight integration of hardware and
software, some of the software attacks could also be done
through hardware. Many countermeasures are available to
authenticate and validate software at different steps such as
preventing software tampering, and securing bootstrapping.
C. Hardware Security
The microprocessors used in charging stations typically have
low computational power that prevents them from
implementing strong encryption. Adding secure co-
processors like cryptographic hardware accelerators [15] will
prevent tampering of hardware. Secure co-processors provide
high performance crypto support that stores keys much more
securely, despite foreseeable physical or logical attacks. The
Federal Information Processing Standard (FIPS 140-2)
provides four levels of physical security implementation
guidelines that could be adopted to design rigorous hardware
D. Tamper Monitoring and Resistance
Malicious software can exploit software and operating system
loopholes to install malware that will affect the normal
operation of the system. Tamper resistance measures to
protect against physical and side-channel attacks include
physical protection to prevent tampering, BUS encryption,
circuit implementation where the power characteristics are
data independent, and aggressive shielding of chips on the
board. In addition to tamper protection, it is also important to
monitor and log critical activities to both prevent and
investigate cyber-security related vulnerabilities.
V. C
Currently there are many open issues to resolve in
ensuring the securing of the process of charging electric
vehicles with their respective EVSEs. Attacks (either cyber
or physical in nature) against a PEV or its surrounding
infrastructure, including EVSE and the power grid, could
have bad consequences in terms of affecting safe and secure
charging process. Therefore, it is of paramount importance to
secure both the hardware and software of the overall cyber-
physical system for smart charging by developing hardware
and software more resilient to attack and exploitation.
The project team acknowledges the support of DOE and
INL for support of this work.
[1] DiChristopher, T, Electric vehicles will grow from 3 million to 125
million by 2030, International Energy Agency forecasts, CNBC
Article, retrieved 12/15/2018 URL:
[2] Ayre, J. Electric Car Demand Growing, Global Market Hits 740,000
Units, URL:
[3] Rajkumar, Ragunathan, et al. "Cyber-physical systems: the next
computing revolution." Design Automation Conference (DAC), 2010
47th ACM/IEEE. IEEE, 2010..
[4] Falvo, Maria Carmen, et al. "EV charging stations and modes:
International standards." Power Electronics, Electrical Drives,
Automation and Motion (SPEEDAM), 2014 International Symposium
on. IEEE, 2014..
[5] Foley, A. M., I. J. Winning, and BP Ó. Gallachóir. "State-of-the-art in
electric vehicle charging infrastructure." Vehicle Power and Propulsion
Conference (VPPC), 2010 IEEE. IEEE, 2010.
[6] Harnett, Kevin, et al. DOE/DHS/DOT Volpe Technical Meeting on
Electric Vehicle and Charging Station Cybersecurity Report. No. DOT-
VNTSC-DOE-18-01. John A. Volpe National Transportation Systems
Center (US), 2018.
[7] Rhode, K. Electric Vehicle Cyber Research SANS Automotive
Cybersecurity Workshop, 2017
[8] Shezaf, O., Who can hack a plug? The Infosec Risks of Charging
Electric Cars, 2013, Accessed December 2018.
[9] Fearn, F. Kaspersky, V3 news, “Warning over electric car charging”,
January 2018. Accessed December 2018.
[10] Toepfer, C. "SAE electric vehicle conductive charge coupler, SAE
J1772." Society of Automotive Engineers (2009).
[11] Francis, Lishoy, et al. "Practical NFC peer-to-peer relay attack using
mobile phones." International Workshop on Radio Frequency
Identification: Security and Privacy Issues. Springer, Berlin,
Heidelberg, 2010.
[12] Checkoway, Stephen, et al. "Comprehensive experimental analyses of
automotive attack surfaces." USENIX Security Symposium. 2011.
[13] Hager, Creighton T., and Scott F. MidKiff. "An analysis of Bluetooth
security vulnerabilities." Wireless Communications and Networking,
2003. WCNC 2003. 2003 IEEE. Vol. 3. IEEE, 2003.
[14] Kocher, Paul, et al. "Security as a new dimension in embedded system
design." Proceedings of the 41st annual Design Automation
Conference. ACM, 2004.
[15] Khelladi, Lyes, et al. "On security issues in embedded systems:
challenges and solutions." International Journal of Information and
Computer Security 2.2 (2008): 140-174.
[16] Wan, Kaiyu, K. L. Man, and D. Hughes. "Specification, Analyzing
Challenges and Approaches for Cyber-Physical Systems (CPS)."
Engineering Letters 18.3 (2010).
[17] Orojloo, Hamed, and Mohammad Abdollahi Azgomi. "A method for
modeling and evaluation of the security of cyber-physical systems."
Information Security and Cryptology (ISCISC), 2014 11th
International ISC Conference on. IEEE, 2014.
[18] Wan, Kaiyu, K. L. Man, and D. Hughes. "Towards a unified framework
for cyber-physical systems (cps)." Cryptography and Network Security,
Data Mining and Knowledge Discovery, E-Commerce & Its
Applications and Embedded Systems (CDEE), 2010 First ACIS
International Symposium on. IEEE, 2010.
[19] Wu, Wenbo, Rui Kang, and Zi Li. "Risk assessment method for cyber
security of cyber physical systems." Reliability Systems Engineering
(ICRSE), 2015 First International Conference on. IEEE, 2015.
... Pratt et al. [53] devised security principles to prevent cyber attacks against the EVCS and the power grid. Antoun et al. [54] and Gottumukkala et al. [55] presented a theoretical overview of cyber threats associated with the EV charging ecosystem components. Fraiji et al. [56] surveyed the security of the Internet-of-Electric-Vehicles (IoEV) pointing out cyber attacks that can be used to disrupt its operations. ...
Conference Paper
Full-text available
Electric Vehicle Charging Management Systems (EVCMS) are a collection of specialized software that allow users to remotely operate Electric Vehicle Charging Stations (EVCS). With the increasing number of deployed EVCS to support the growing global EV fleet, the number of EVCMS are consequently growing, which introduces a new attack surface. In this paper , we propose a novel multi-stage framework, ChargePrint, to discover Internet-connected EVCMS and investigate their security posture. ChargePrint leverages identifiers extracted from a small seed of EVCMS to extend the capabilities of device search engines through iterative fingerprinting and a combination of classification and clustering approaches. Using initial seeds from 1,800 discovered hosts that deployed 9 distinct EVCMS, we identified 27,439 online EVCS instrumented by 44 unique EVCMS. Consequently, our in-depth security analysis highlights the insecurity of the deployed EVCMS by uncovering 120 0-day vulnerabilities, which shed light on the feasibility of cyber attacks against the EVCS, its users, and the connected power grid. Finally, while we recommend countermeasures to mitigate future threats, we contribute to the security of the EVCS ecosystem by conducting a Coordinated Vulnerability Disclosure (CVD) effort with system developers/vendors who acknowledged and assigned the discovered vulnerabilities more than 20 CVE-IDs.
... As the interactions (between the user and EVSE infrastructure) in the former phase involve exchanging private information, such interactions are protected by the state-of-the-art communication protocols and cryptographic mechanisms [8,9]. The interactions (between EV and EVSE infrastructure) in the latter phase primarily focus on transferring energy to recharge the vehicle and do not involve sharing of any personal information. ...
Full-text available
Electric vehicles (EVs) represent the long-term green substitute for traditional fuel-based vehicles. To encourage EV adoption, the trust of the end-users must be assured. In this work, we focus on a recently emerging privacy threat of profiling and identifying EVs via the analog electrical data exchanged during the EV charging process. The core focus of our work is to investigate the feasibility of such a threat at scale. To this end, we first propose an improved EV profiling approach that outperforms the state-of-the-art EV profiling techniques. Next, we exhaustively evaluate the performance of our improved approach to profile EVs in real-world settings. In our evaluations, we conduct a series of experiments including 25032 charging sessions from 530 real EVs, sub-sampled datasets with different data distributions, etc. Our results show that even with our improved approach, profiling and individually identifying the growing number of EVs is not viable in practice; at least with the analog charging data utilized throughout the literature. We believe that our findings from this work will further foster the trust of potential users in the EV ecosystem, and consequently, encourage EV adoption.
... During the charging mechanism, Electric Vehicles (EV) are susceptible to several attacks via charging infrastructure. Additionally, the smart grid may be attacked by utilizing a charging system [33]. ...
Full-text available
In-vehicle communication has become an integral part of today's driving environment considering the growing add-ons of sensor-centric communication and computing devices inside a vehicle for a range of purposes including vehicle monitoring, physical wiring reduction, and driving efficiency. However, related literature on cyber security for in-vehicle communication systems is still lacking potential dedicated solutions for in-vehicle cyber risks. Existing solutions are mainly relying on protocol-specific security techniques and lacking an overall security framework for in-vehicle communication. In this context, this paper critically explores the literature on cyber security for in-vehicle communication focusing on technical architecture, methodologies, challenges, and possible solutions. In-vehicle communication network architecture is presented considering key components, interfaces, and related technologies. The protocols for in-vehicle communication have been classified based on their characteristics, and usage type. Security solutions for in-vehicle communication have been critically reviewed considering machine learning, cryptography, and port-centric techniques. A multi-layer secure framework is also developed as a protocol and use case-independent in-vehicle communication solution. Finally, open challenges and future dimensions of research for in-vehicle communication cyber security are highlighted as observations and recommendations .
... The EV charging ecosystem and IoT-connected high wattage devices have recently received much attention from the research community. Indeed, [Antoun 2020; Alcaraz et al. 2017;Gottumukkala et al. 2019;Fraiji et al. 2018] investigated plausible cyber attacks and threats in an IoT-enabled EV charging infrastructure, especially when the widely used message protocol OCPP is still not secured. These works demonstrated that the manipulation of the EV ecosystem is possible through compromising the communication protocols and technologies, and eventually creating sizeable consequences on the grid performance. ...
In this work, we investigate that the abundance of Electric Vehicles (EVs) can be exploited to target the stability of the power grid. Through a cyber attack that compromises a lot of available EVs and their charging infrastructure, we present a realistic coordinated switching attack that initiates inter-area oscillations between different areas of the power grid. The threat model as well as linearized state-space representation of the grid are formulated to illustrate possible consequences of the attack. Two variations of switching attack are considered, namely, switching of EV charging and discharging power into grid. Moreover, two possible attack strategies are also considered (i) using an insider to reveal the accurate system parameters and (ii) using reconnaissance activities in the absence of the grid parameters. In the former strategy, the system equations are used to compute the required knowledge to launch the attack. However, a stealthy system identification technique, which is tailored based on Eigenvalue Realization Algorithm (ERA), is proposed in latter strategy to calculate the required data for attack execution. The two-area Kundur, 39-Bus New England, and the Australian 5-area power grids are used to demonstrate the attack strategies and their consequences. The collected results demonstrate that by manipulation of EV charging stations and launching a coordinated switching attack to those portions of load, inter-area oscillations can be initiated. Finally, to protect the grid from this anticipated attack, a Support Vector Machine (SVM) based framework is proposed to detect and eliminate this attack even before being executed.
... Other work has been conducted in network-based intrusion detection systems. Moroson and Pop introduced a neural network that was trained on six months of data to detect malicious OCPP traffic [191]. INL has developed a safety instrumented system (SIS) intrusion detection framework to monitor EV charger operations and properties [141]. ...
Full-text available
Worldwide growth in electric vehicle use is prompting new installations of private and public electric vehicle supply equipment (EVSE). EVSE devices support the electrification of the transportation industry but also represent a linchpin for power systems and transportation infrastructures. Cybersecurity researchers have recently identified several vulnerabilities that exist in EVSE devices, communications to electric vehicles (EVs), and upstream services, such as EVSE vendor cloud services, third party systems, and grid operators. The potential impact of attacks on these systems stretches from localized, relatively minor effects to long-term national disruptions. Fortunately, there is a strong and expanding collection of information technology (IT) and operational technology (OT) cybersecurity best practices that may be applied to the EVSE environment to secure this equipment. In this paper, we survey publicly disclosed EVSE vulnerabilities, the impact of EV charger cyberattacks, and proposed security protections for EV charging technologies.
... Given that EVCSs and EVs are tightly coupled through an advanced information and communication technology (ICT) for efficient EV charging and stable operation of the power distribution grid, numerous previous studies have explored various types of cyber threat models, which exploit the vulnerability of ICT networks, and developed methods for detecting and mitigating such threats. In [5]- [7], three types of confidentiality-integrity-availability cyber attacks on EVCSs, namely eavesdropping attack (confidentiality attack), man-in-the-middle attack (integrity attack), and denial-of-service attack (availability attack), were introduced, and the risk assessment of EVCSs subject to these attacks was conducted. In [8], a risk assessment framework for large-scale EVCSs was developed to evaluate the vulnerability of EVCSs to cyber attacks on the communication between EVCSs and electric utilities. ...
Full-text available
Electric vehicle (EV) user data (e.g., arrival/departure times and initial/desired state of energy (SOE) of the EV at EV charging stations (EVCSs)) are crucial data based on which the energy management system (EMS) of EVCS calculates the economic charging schedules of EVs according to their preferred charging conditions. In this paper, we present a novel cyber attack via the manipulation of EV user data against the EMS of an EVCS that may result in incorrect electricity costs incurred by the EVCS through distorted charging schedules of EVs. The proposed attack method is formulated as a mixed-integer linear-programming-based bi-level optimization problem that comprises upper- and lower-level optimization problems. At the upper level, malicious EV user data injected into the communication network between the EVs and the EMS of the EVCS are calculated, while a normal operation of the EV charging optimization algorithm in the EMS is ensured at the lower level even if malicious data are delivered from the upper level. The formulated bi-level optimization problem is converted into a single-level optimization problem by replacing the lower-level problem with its corresponding Karush–Kuhn–Tucker conditions. The feasibility of the proposed cyber attack against EVCSs is demonstrated via a simulated scenario in which 40 EVs arrive at an EVCS, which has six charging poles with different charging speeds. The economic impact of such an attack is quantified in terms of the total electricity cost incurred by the EVCS, charging schedule, initial/desired SOE of EVs, and attack effort.
Electric Vehicles (EVs) represent a green alternative to traditional fuel-powered vehicles. To enforce their widespread use, both the technical development and the security of users shall be guaranteed. Users’ privacy represents a possible threat that impairs the adoption of EVs. In particular, recent works showed the feasibility of identifying EVs based on the current exchanged during the charging phase. In fact, while the resource negotiation phase runs over secure communication protocols, the signal exchanged during the actual charging contains features peculiar to each EV. In what is commonly known as profiling, a suitable feature extractor can associate such features to each EV. In this paper, we propose EVScout2.0 , an extended and improved version of our previously proposed framework to profile EVs based on their charging behavior. By exploiting the current and pilot signals exchanged during the charging phase, our scheme can extract features peculiar for each EV, hence allowing their profiling. We implemented and tested EVScout2.0 over a set of real-world measurements considering over 7500 charging sessions from a total of 137 EVs. In particular, numerical results show the superiority of EVScout2.0 with respect to the previous version. EVScout2.0 can profile EVs, attaining a maximum of 0.88 for both recall and precision scores in the case of a balanced dataset. To the best of the authors’ knowledge, these results set a new benchmark for upcoming privacy research for large datasets of EVs.
In recent years, the deployment of charging infrastructures has been increasing exponentially due to the high energy demand of electric vehicles, forming complex charging networks. These networks pave the way for the emergence of new unknown threats in both the energy and transportation sectors. Economic damages and energy theft are the most frequent risks in these environments. Thus, this paper aims to present a solution capable of accurately detecting unforeseen events and possible fraud threats that arise during charging sessions at charging stations through the current capabilities of the Machine Learning (ML) algorithms. However, these algorithms have the drawback of not fitting well in large networks and generating a high number of false positives and negatives, mainly due to the mismatch with the distribution of data over time. For that reason, a Collaborative Anomaly Detection System for Charging Stations (here referred to as CADS4CS) is proposed as an optimization measure. CADS4CS has a central analysis unit that coordinates a group of independent anomaly detection systems to provide greater accuracy using a voting algorithm. In addition, CADS4CS has the feature of continuously retraining ML models in a collaborative manner to ensure that they are adjusted to the distribution of the data. To validate the approach, different use cases and practical studies are addressed to demonstrate the effectiveness and efficiency of the solution.
Penetration of pure electric vehicles (EVs) in smart microgrids makes it essential to optimally manage their charging patterns and provide some ancillary services such as peak-load reduction, congestion management, frequency regulation, management of uncertainties associated with renewable energy sources, and zero exhaust emissions. These functionalities depend on the cyber-physical security of data collected from various EVs management centers. Hence, this chapter addresses the cyber-physical challenges of the EVs smart charging systems, the attack patterns and impacts in power grids, and the attacker-defender model.KeywordsCybersecurityData privacyElectric vehicles (EVs)Smart microgridElectric vehicle supply equipment (EVSE)Charging patternsAncillary servicesCyber-physical securityCyber-physical challengesDataEVs management centersAttack patternsAttack impactsPower gridsAttacker-defender model
Conference Paper
Full-text available
In recent years, Electric vehicles (EVs) are receiving significant attention as an environmental-sustainable and cost-effective substitute of vehicles with internal combustion engine, for the solution of the dependence from fossil fuels and for the saving of Green-House Gasses emission The present paper deals with an overview on different types of EVs charging stations and a comparison between the related European and American Standards. The work includes also a summary on possible types of Energy Storage Systems (ESSs), that are important for the integration of EVs fast charging stations of the last generation in smart grids. Finally a brief analysis on the possible electrical layout for the ESS integration in EVs charging system, proposed in literature, is reported.
Conference Paper
Full-text available
The international introduction of electric vehicles (EVs) will see a change in private passenger car usage, operation and management. There are many stakeholders, but currently it appears that the automotive industry is focused on EV manufacture, governments and policy makers have highlighted the potential environmental and job creation opportunities while the electricity sector is preparing for an additional electrical load on the grid system. If the deployment of EVs is to be successful the introduction of international EV standards, universal charging hardware infrastructure, associated universal peripherals and user-friendly software on public and private property is necessary. The focus of this paper is to establish the state-of-the-art in EV charging infrastructure, which includes a review of existing and proposed international standards, best practice and guidelines under consideration or recommendation.
Conference Paper
Full-text available
Cyber-physical systems (CPS) are physical and engineered systems whose operations are monitored, coordinated, controlled and integrated by a computing and communication core. Just as the internet transformed how humans interact with one another, cyber-physical systems will transform how we interact with the physical world around us. Many grand challenges await in the economically vital domains of transportation, health-care, manufacturing, agriculture, energy, defense, aerospace and buildings. The design, construction and verification of cyber-physical systems pose a multitude of technical challenges that must be addressed by a cross-disciplinary community of researchers and educators.
Conference Paper
Cyber security is one of the most important risks for all types of cyber-physical systems (CPS). To evaluate the cyber security risk of CPS, a quantitative hierarchized assessment model consists of attack severity, attack success probability and attack consequence is proposed, which can assess the risk caused by an ongoing attack at host level and system level. Then the definitions and calculation methods of the three indexes are discussed in detail. Finally, this paper gives the risk assessment algorithm which describes the steps of implementation. Numerical example shows that the model can response to the attack timely and obtain the system security risk change curve. So that it can help users response to the risk timely. The risk change curve can also be used to predict the risk for the future time.
Quantitative evaluation of security has always been one of the challenges in the field of computer security. The integration of computing and communication technologies with physical components, has introduced a variety of new security risks, which threaten cyber-physical components. It is possible that an attacker damage a physical component with cyber attack. In this paper, we propose a new approach for modeling and quantitative evaluation of the security of cyber-physical systems (CPS). The proposed method, considers those cyber attacks that can lead to physical damages. The factors impacting attacker's decision-making in the process of cyber attack to cyber-physical system are also taken into account. Furthermore, for describing the attacker and the system behaviors over time, the uniform probability distributions are used in a state-based semi-Markov chain (SMC) model. The security analysis is carried out for mean time to security failure (MTTSF), steady-state security, and steady-state physical availability.
Cyber-Physical Systems (CPS) integrate computation with physical processes. By merging computing and communication with physical processes CPS allows computer systems to monitor and interact with the physical world. However, today's computing and networking abstractions do not adequately reflect the properties of the physical world. This shortcoming necessitates the development of effective methods and tools for analyzing and designing CPS. This paper analyzes the limitation of the current tools and method and proposes a unified framework for designing, simulating, and verifying CPS.
Conference Paper
NFC is a standardised technology providing short-range RFID communication channels for mobile devices. Peer-to-peer applications for mobile devices are receiving increased interest and in some cases these services are relying on NFC communication. It has been suggested that NFC systems are particularly vulnerable to relay attacks, and that the attacker's proxy devices could even be implemented using off-the-shelf NFC-enabled devices. This paper describes how a relay attack can be implemented against systems using legitimate peer-to-peer NFC commu- nication by developing and installing suitable MIDlets on the attacker's own NFC-enabled mobile phones. The attack does not need to access secure program memory nor use any code signing, and can use publicly available APIs. We go on to discuss how relay attack countermeasures using device location could be used in the mobile environment. These countermeasures could also be applied to prevent relay attacks on con- tactless applications using 'passive' NFC on mobile phones.