Bachelor Thesis
HALMSTAD
UNIVERSITY
IT Forensics and Information Security, 180 credits
Is your electric vehicle plotting against you?
An investigation of the ISO 15118 standard and current security implementations
Digital forensics, 15 credits
Halmstad 2021-06-04
Anthon Berg & Felicia Svantesson
Is your electric vehicle plotting against you?
An investigation of the ISO 15118 standard and current security implementations
Anthon Berg & Felicia Svantesson
Examiner: Urban Bilstrup Supervisor: Eric Järpe
The academy of information technology Halmstad University
Halmstad
June 2021
Abstract
Electric vehicles are revolutionizing the way we travel. Climate change and policies worldwide are pushing the vehicle market towards a more sustainable future through electric vehicles.
However, can these solutions be considered safe and secure? Because of the entirely new attack vector that is charging, many new security concerns are present in this new type of vehicle that did not exist in combustion engine vehicles. Here, a literature study of the current situation surrounding electric vehicle charging and the ISO 15118 standard is presented. In addition to this, a risk analysis of currently implemented solutions for electric vehicle charging is also presented. The purpose is to unveil what weaknesses that are present in modern electric vehicle communication standards and how secure electric vehicles on the road today really are. The results indicate that there are vulnerabilities present in electric vehicles today that require radical improvements to the charging security to provide a safer way of traveling for the future. A list of proposed countermeasures to found vulnerabilities as well as verification methods are also presented as part of this paper. The comprehensive study presented here acts as an excellent foundation for future projects but also for organizations to address critical areas within charging security.
Keywords:
Electric vehicles ISO 15118 Information security Risk analysis
Foreword
We want to extend special thanks to the individuals who have provided their assistance and
guidance through the process of conducting this thesis. We are very grateful to the individuals at
the organization that have allowed us to investigate their systems and provided us with the
necessary information. We would also like to thank our supervisor for all the great advice and
feedback throughout the thesis work.
Table of Contents
1 Introduction ... 1
1.1 Background ... 1
1.2 Purpose ... 3
1.3 Demarcations ... 3
1.4 Problem statements ... 3
1.5 Problematisation of the problem statements ... 4
1.6 Ethical stance... 4
2 Method ... 7
2.1 Research approach... 7
2.2 Literature study ... 8
2.3 Risk analysis ... 8
2.4 Business intelligence ... 9
2.5 Method discussion ... 9
2.6 Method problematization ... 10
2.6.1 Literature study problematization ... 10
2.6.2 Risk analysis problematization ... 11
2.7 Earlier studies and related works ... 11
3 Theory ... 15
3.1 The CIA triad ... 15
3.2 Relevant attack types ... 15
3.2.1 Man-in-the-middle attack... 15
3.2.2 Spoofing attacks ... 16
3.2.3 Injection attacks ... 16
3.2.4 Denial of service attacks ... 16
3.3 Quantum computing ... 17
3.4 The ISO 15118 standard ... 17
3.4.1 Structure of the ISO 15118 standard ... 18
3.4.2 ISO 15118 charging process ... 18
3.5 Authentication through certificates ... 19
3.5.1 Certificate authorities ... 20
3.6 TLS ... 20
3.6.1 TLS handshake... 20
4 Results ... 23
4.1 Literature study: weaknesses within electric vehicles and ISO 15118 ... 23
4.1.1 Conceptual weaknesses in the ISO 15118 standard ... 23
Trusted environments ... 23
Insecure clock synchronization ... 24
The PKI policies are lacking in the standard ... 24
AES-128 might not be quantum computing resistant ... 25
4.1.2 Weaknesses in electric vehicles and ISO 15118 ... 25
Man-in-the-middle attacks on electric vehicles ... 25
The use of insecure CAN buses in electric vehicles ... 26
Injection attacks against electric vehicles ... 27
Spoofing attacks against electric vehicles ... 28
Denial of Service attacks against electric vehicles ... 29
4.2 Risk analysis of electric vehicle cable charging... 29
4.2.1 External analysis ... 30
4.2.2 Investigated risks and consequences ... 30
Risk 1: TLS is not in use for electric vehicles ... 30
Risk 2: Certificates are mostly not in use ... 31
Risk 3: Physical access to the charging inlet is possible ... 31
Risk 4: The EV is vulnerable when listening for a charger ... 32
Risk 5: Scheduling can be exploited to prevent charging or attack the power grid .... 33
Risk 6: Executing commands in the vehicle by malicious traffic ... 33
Risk 7: Insecure CAN buses are used for internal communication between components ... 34
4.2.3 Risk evaluation... 34
Risk evaluation method ... 34
Risk 1: TLS is not in use for electric vehicles ... 36
Risk 2: Certificates are mostly not in use ... 36
Risk 3: Physical access to the charging inlet is possible ... 36
Risk 4: The EV is vulnerable when listening for a charger ... 37
Risk 5: Scheduling can be exploited to prevent charging or attack the power grid .... 37
Risk 6: Executing commands in the vehicle by malicious traffic ... 37
Risk 7: Insecure CAN buses are used for internal communication between
components ... 38
4.2.4 Recommended countermeasures and verification ... 41
Implement TLS as specified in ISO 15118 ... 41
Secure physical charging inlet ... 41
Disable active listening for the charging inlet ... 42
External charging controller that measures strain on the power grid ... 42
Secure the CAN bus with pre-shared keys ... 43
4.2.5 SWOT analysis ... 44
5 Discussion... 45
5.1 Discussion – literature study ... 45
5.1.1 Observed results compared to expected results ... 45
5.1.2 Effects of the chosen method on the results ... 46
5.1.3 Source criticism ... 46
5.2 Discussion – risk analysis ... 47
5.2.1 Observed results compared to expected results ... 47
5.2.2 The gap between standards and real implementations ... 48
5.2.3 Effects of the data collection methods on the results ... 48
6 Conclusion ... 49
6.1 Conclusions based on problem statements ... 49
6.1.1 Which vulnerabilities exist in today’s cable charging systems for electric vehicles? ... 49
6.1.2 How large of a threat are these vulnerabilities to consumers and organizations? .. 49
6.1.3 How should an organization mitigate these weaknesses?... 49
6.1.4 How can implemented mitigation solutions be verified? ... 50
6.2 Future studies on electric vehicle charging security ... 50
References ... 51
Wordlist
ACD Automatic connection device BMS Battery management system CA Certificate authority
CAN bus Controller Area Network bus CCS Combined charging system
CIA Confidentiality, Integrity, Availability DOS Denial of service
EIM External Identification Method EV Electric vehicle
EVCC Electric vehicle communication controller EVSE Electric vehicle supply equipment
FDI False data injection
ISO The International Organization for Standardization
ISO 15118 A communication standard regulating how communication should be carried out when charging an electric vehicle
MITM Man-in-the-middle OBD On-board Diagnostics
OCPP Open Charging point protocol PKI Public key infrastructure RFID Radio Frequency Identification SCMS Smart charging management system SDP SECC Discovery Protocol
SECC Supply equipment communication controller SLAC Signal level attenuation characterization TLS Transport layer security
V2G Vehicle to grid
VAS Value-added services
WPT Wireless power transfer
1
1 Introduction
Ever since humans lived as hunter-gatherers, there has been a need for transport from one place to another. Throughout the years, this has taken many forms. At first, humans traveled by foot, then by horse-and-carriage and nowadays by cars or various other methods. Today, the vast majority of vehicles, both commercially and privately owned, are run through the burning of fossil fuels. However, during the last century, the effects of using this type of energy method have had visible and measurable adverse effects on the environment (Somme, 2016). As the issues surrounding our environment grow more concerning, our society has started to search for alternatives to burning fossil fuels for energy.
A promising alternative today is replacing the combustion engines of yesterday with new and clean electric motors. With electric vehicles making up about 2.6% of global car sales in 2019, this number is bound to grow in the coming years making electric vehicles an increasingly common way to travel (IEA, 2020). However, the digitalization and electrification of the way we travel also bring forth new challenges that need to be addressed. Implementing this technology into vehicles opens new opportunities for hackers and other malicious users to launch
cyberattacks against vehicles. Real-world examples show that various attack methods are
available to malicious parties. These attacks could often have significant consequences affecting both the passenger and driver. One example of such an attack showed that an attacker was even able to take control of the entire vehicle and drive it off the road (Greenberg, 2015). Because of weaknesses like this, security will be of great importance in the future of electric vehicles to continue and evolve our methods of travel. The study conducted here thoroughly investigates the systems used in electric vehicles to find and pin-point weaknesses. This is a first step towards providing safer electric vehicles for the future.
1.1 Background
Electric vehicles have been around for a long time. In fact, some of the first electric vehicles were developed during the first half of the nineteenth century. They have no clear country of origin or inventor. Rather many new inventions around the same time led to the creation of electric cars. Some names worth mentioning regarding the development of early electric cars are William Morrison, Andreas Flocken, Ferdinand Porsche and Thomas Edison who all made contributions within the field.
Electric vehicles entered the market at about the same time as gasoline-driven vehicles in the later parts of the 1800s. During this time, electric vehicles gained some levels of popularity (U.S.
Department of Energy, 2014). They were mainly used within cities and were a preferred method of transport, especially for women at the time. Around this time, there was also some focus on developing hybrid versions of cars. (McFadden, 2020)
The popularity of electric vehicles was however halted when the more affordable Model T from
Henry Ford was released in 1908. This, along with new developments in the field of gasoline-
2 driven cars and the dropping oil prices, led to electric vehicles dropping rapidly in popularity (U.S. Department of Energy, 2014).
By 1935, electric vehicles were almost completely gone as gasoline and steam-driven vehicles took over. This lasted until the oil crisis in the 1970s. After this, the focus started to gradually shift towards electric cars once again (McFadden, 2020). Their popularity and use have also resurged due to technological developments in recent years (U.S. Department of Energy, 2014).
As mentioned previously, the percentage of sold electric vehicles is only expected to grow as the market calls for more green alternatives to counter the negative environmental effects of CO
2emissions.
During recent years not only electric vehicles have seen a rise in popularity but also connected vehicles as a whole. Modern vehicles make use of a wide range of features to make traveling more convenient for the person riding the vehicle. Often, these features make use of or require a connection to the internet or some other device. This has enabled attackers to exploit and use these new features for malicious intents. According to the 2020 Global Automotive Cyber Security Report (Upstream Security, 2020), the number of cyberattacks against vehicles grew by 99% in just 2018.
Connecting a car to the internet opens many new vulnerabilities that did not exist some years ago. As this is a relatively new phenomenon, it has opened up an entirely new market. The focus on making sure that the charging process proceeds flawlessly is something that is becoming increasingly important. Companies and organizations have realized that they need to implement better security solutions to stay up to date with the current level of cybersecurity in the world.
The fact that charging opens up an entirely new attack vector that was not present previously makes this aspect critical from a security perspective. Charging is a large and important aspect of the security around electric vehicles and will probably continue to need to be focused on in the future. With the many new options for connectivity and features being implemented into vehicles today, the risks of these features being used for attacks increases.
Apart from the development of the electric vehicle and the need for better solutions, the focus on cybersecurity and security in general has become a subject that has grown exceptionally.
Although security in general has always been focused on throughout history in different ways, the concept and need for cybersecurity have only recently become an essential part of everyday life.
The need for professional cybersecurity first started in the early days of the internet, when malicious code began spreading across networks. Back then, some solutions to fixing the problem and restoring security were simply shutting down the entire internet by disconnecting regional networks, which gave time to clean infected networks and computers (La Trobe
University, 2018). Nowadays, such drastic measures are not needed as IT and cybersecurity have evolved quite a bit.
In recent years an increasing interest has been noted in the field of cybersecurity within different
vehicles. With new attacks and exploits being devised regularly, it is evident that this is a field in
which a great amount of effort must be spent on securing our vehicles and the way we travel.
3 This is very much true for electric vehicles, which in addition to all the connected features of a combustion-engine vehicle, also need to charge in order to operate. This opens up a wide range of possibilities that may not even exist for regular fuel-driven vehicles. Some relevant earlier studies are further discussed in part 2.7 when more relevant concepts have been introduced.
1.2 Purpose
The purpose of this thesis is to expand further the knowledge about the security surrounding the charging of electric vehicles with a greater focus on actual current implementations. Another purpose is to provide a security perspective on the ISO standard 15118 and existing weaknesses based on earlier studies and literature. In addition to this, a risk analysis of a currently used implementation of cable charging in electric vehicles is also performed. This risk analysis is conducted through a partnership with an organization in the industry. The aim is to give a greater understanding of what the security situation is currently like in the field of electric vehicles and what needs to be improved for greater security in future implementations.
1.3 Demarcations
In order to limit the scope, some limitations and demarcations have been made. One such limitation is that the focus is only on security surrounding the charging of electric vehicles through cable, and more specifically with combined charging systems (CCS). Because of this, Wi-Fi-based charging and other similar means of charging are not focused on. That being said, similar security measures may still be necessary for other types of charging. The literature study conducted in this paper also focuses on the ISO 15118 standard and no other alternatives. The risk analysis is limited in its scope as not all implementations of charging security are
investigated. This is because the scope of investigating multiple organizations charging implementations would be too large for this bachelor's thesis.
1.4 Problem statements
This thesis investigates and discusses the current and near-future implementations of cable charging for electric vehicles. This is done to better understand the field and how secure and robust currently implemented solutions are. The paper focuses on highlighting solutions
currently in use and how they may be lacking in security. This is achieved through studying the results from earlier studies around the charging of electric vehicles and the ISO 15118 standard.
In addition to this, a risk analysis is conducted targeting a real-life implementation of electric vehicle charging. This study only investigates vulnerabilities related to cybersecurity and not any other weaknesses that may be present related to other fields. The problem statements that are answered through this report are specified below.
1. Which vulnerabilities exist in today’s cable charging systems for electric vehicles?
4 2. How large of a threat are these vulnerabilities to consumers and organizations?
3. How should an organization mitigate these weaknesses?
4. How can implemented mitigation solutions be verified?
These problem statements together provide a picture of how secure electric vehicles are at the time of conducting this study. In addition to this, the problem statements show how urgent each risk or vulnerability is to consumers and organizations as well as how different risks should be mitigated. These problem statements are chosen to provide a new perspective and complement the existing studies within the field of electric vehicle charging security. Existing studies have investigated different aspects of electric vehicle charging, such as the power grid, the charging station and the ISO 15118 standard. Because of this, these problem statements provide a new point of view towards the vehicle and how secure the actual vehicle is at this point in time.
1.5 Problematisation of the problem statements
Regarding the problem statements presented, some limitations and issues need to be addressed before considering the results.
The first issue is that electric vehicles exist in many different forms and are produced by many different companies. Even though there exist standards for how the charging of electric vehicles should work, there is still space for companies and organizations to implement their own
solutions to a certain degree. This has led to a field in which different organizations can suffer from different security issues regarding the charging even though the same standard might be followed. This also means that the results presented might give a somewhat one-sided picture of the area, as not all current implementations of electric vehicle charging are investigated and analyzed. Therefore, the results presented cannot be considered a description of all security flaws in all electric vehicle charging systems without carrying out any type of analysis of different organizations' systems.
Another issue regarding the problem statements is that the area of technology that is being investigated is constantly changing and evolving rapidly. Because of this, the results might become outdated quickly as new technical solutions are implemented and old ones are no longer used. This problem cannot be solved during the course of conducting this study but must instead be solved by continuing to evaluate the situation and conducting new studies as time goes on.
1.6 Ethical stance
It is important to note that the vulnerabilities and risks being discussed in this thesis may expose
significant threats to organizations and individuals using the vehicles. This is the case since
specific details surrounding certain risks may be exposed to malicious parties, increasing the risk
5
of the vulnerability being exploited. Therefore, some details surrounding certain risks are omitted
from the final paper to protect vulnerabilities from being exploited, leading to potential harm to
companies or individuals.
6
7
2 Method
Several different methods are used. The first method used is that of a literature study. The focus of the literature study is to explore what the future implementation of the ISO 15118 standard will bring and what it will mean for EV cable charging security. In addition to this, different already existing weaknesses in electric vehicle charging are investigated through existing literature on the subject. During this part, different earlier studies and conclusions surrounding electric vehicle charging and the ISO 15118 standard are analyzed and put into perspective to produce a full view of the standard. Weaknesses that have already been discovered and discussed by sources are also explored to present a more complete view of the area.
The second method used to investigate the field around EV cable charging is that of a risk analysis. This part of the study aims to identify and analyze the flaws and issues currently
present in existing EV charging systems. This part complements the literature study and provides a new perspective on the area surrounding EV charging security. The risk analysis highlights current security flaws and their impact and how they can be resolved in the future.
Along with this, a SWOT analysis is also produced to present different strengths, weaknesses, opportunities and threats within the investigated field. This is a way to assess a company’s position and a way to develop strategic planning. It is also done to create awareness. This awareness is achieved by assessing internal and external factors but also by estimating current and future potential within the field. (Schooley, 2019)
2.1 Research approach
A mainly qualitative research approach is used in order to answer the problem statements set up around the investigated area. This means that the methods used through this thesis collect data through exploring different interpretations of the subject rather than facts and numerical data.
This type of study can often include elements that are not measurable but rather provide a perspective on a subject through discussion. An example of this could be investigating different individual's thoughts surrounding a subject. According to Trost (2010), a qualitative study is applicable where individuals' ways of thinking around a subject or identifying patterns are being studied.
This approach is well suited to the study at hand since no practical examinations of systems are carried out. Therefore, the information acquired is mainly based on earlier works within the field and discussions with individuals in the industry.
However, some parts of the study are quantitative. These parts mainly relate to the estimation
and grading of risks. In addition to the scores generated for each risk, a quantitative severity
score is also calculated based on these two scores.
8
2.2 Literature study
The study consists partially of a literature study to present a broad view of the investigated subject. The use of a literature study means that the data collected and presented is already pre- existent due to previous research that has been performed and published. The literature study mainly uses information and data collected through various sources on the internet. The search engines used to collect relevant information were mainly the Onesearch search engine available from the Halmstad University library, IEEE Xplore, Web of Science and Google Scholar. Apart from this, Google has also been used to search for information to some degree. All of the sources used have been cross-referenced to make sure that they are reliable and well-suited to the subject of the thesis. Some of the phrases used to search for information were “electric vehicle ISO 15118 vulnerabilities”, "electric vehicle security", “ISO 15118 standard conceptual weakness”
and other similar phrases.
Apart from using the internet to search for sources, some books are also used. The information used in the literature study is centered on trying to gain a deeper understanding of the subject.
This is used to reach results and draw conclusions in the later parts of the study.
2.3 Risk analysis
According to Kaminskiy et al., (2016), a risk analysis is a measurement of the potential loss. It also shows the magnitude of any possible loss from or to a system. Some risk analyses can be done by directly measuring the statistics of previously existing historical data of losses. This is the case when such data on losses are already available for analysis.
If there is no previous data on actual losses, a loss model can be created, which is done by using different types of risk analysis methods. After a model has been produced, the risks can then be predicted. There are many cases where previous data of loss is not available, which means a need to produce a model of different risks and their impact.
The use of risk analysis has advanced in the last centuries, but the concept has been around for a long time. It has been used to choose the best path to take when put in front of a decision. Risk analysis applies to many different parts of society and has been applied to new technological developments in recent years. This new era has also led to new types of vulnerabilities and risks.
Because of this, new risk analysis and decision-support tools that address these uncertainties have become more critical than ever. (Aven, 2012)
Though there are different ways to perform a risk analysis, generally it consists of three
elements. These elements are risk assessment, risk management and risk communication. These three parts interact and overlap many times during the risk analysis process.
Risk assessment consists of two major parts: determining the likelihood of an undesirable event
and evaluating the consequence of the said event. These steps can be performed by looking at
previous data to understand how a similar situation might play out. The risk assessment is
usually divided into two parts; a step where the risks are identified and ranked. Another step is
where they are evaluated, where the consequences are also mentioned.
9 Risk management means that the risks and the factors contributing to them are controlled
through various steps. This is done to potentially minimize the loss. In the risk management step, the risks presented during the risk assessment step are looked at and decided how they should be handled. This is mainly done to minimize potential harmful incidents or failures.
Risk communication is the final step and implies that the people responsible for making the decisions are informed about the risks and consequences. This includes risk assessors, risk managers and other parties who may be interested. During this step, the decisions regarding how to handle the risks can be discussed. This can, for example, include transferring, mitigating or minimizing the risk. (Kaminskiy et al., 2016)
2.4 Business intelligence
In order to perform a risk analysis, a view of the current situation must be obtained and analyzed.
This part is called business intelligence or external analysis and is done by collecting data about a specific subject. This data is then analyzed to get a clear view of how the situation appears around a subject. There exist different ways of performing external analysis and obtaining the needed data.
One way is to perform trend monitoring. This is one of the main points of business intelligence and works by analyzing current trends at this current point in time. It can be described as a predictable direction or series of events and closely follows change in many different societal areas. This can mean many different changes, for example, economic changes or changes of values. Trends are also observable in many different organizations and industries (Wahlström, 2004). In the study being carried out, the trend monitoring can be considered the information gathered in the literature study, as this part deals with current trends and available data.
Performing external analysis within a field is a crucial step when it comes to conducting a risk analysis. As much of this study focuses on providing a view of the area around electric vehicle charging security, the external analysis plays a vital role. The literature study conducted acts partially as an external analysis for the risk analysis as the literature study aims to provide a view of the area. According to Wahlström (2004), the following steps of the risk analysis become easier once the external analysis is completed. External analysis can also be helpful when trying to predict how the future of a specific area will develop. This is especially important for specific fields, such as fields that change and develop rapidly.
2.5 Method discussion
The methods of literature study and risk analysis have been chosen since they provide a picture
of the current situation surrounding cybersecurity in EV cable charging as well as an analysis of
what the future within the area may bring in terms of security. Another reason these methods
were chosen is that there is currently a lack of studies investigating security implementations
used by organizations and companies today. Therefore, the risk analysis of the solutions used by
10 a company in the industry provides a new and desired perspective on the subject of EV charging security.
The literature study takes advantage of the large number of already existing research surrounding the ISO 15118 standard and different EV charging weaknesses in order to provide a
comprehensive picture of the existing flaws in EV charging and the standard. This part also aims to present a gathered view of how secure the ISO 15118 standard is and what security flaws may need to be addressed in future versions. Because of the large number of existing studies, it is necessary to gather the results of these studies and present a collected view of the situation surrounding EV charging as well as the security implementations from the ISO 15118 standard.
The risk analysis is then used to complement the literature study and the already existing works with an example of current security implementations and the flaws that exist within them. The risk analysis investigates a real organization within the electric vehicle industry. It aims to identify the risks and security threats towards their solutions at the current point in time. This highlights both the increase in security that the ISO 15118 standard brings when fully
implemented, as well as what the current EV security situation is like at the moment.
Combining these methods helps gather the information surrounding near-future communication standards like ISO 15118 and provides a new perspective on the current EV charging situation.
Together these paint a picture of how secure EV cable charging is today and what changes need to be made to these systems in the future.
2.6 Method problematization
Different methods will always have positive and negative aspects to them. Some issues related to the chosen methods may need to be considered when using or analyzing the result of a study.
Because of this, some of the problems surrounding the chosen methods are discussed below.
2.6.1 Literature study problematization
A literature study is based on the literature that exists within an area or a field. Because of this, many different sources are used to conduct the study, and each one may have a particular perspective on the subject or hold a specific opinion. Therefore, the process of reviewing and investigating different sources becomes vital when using different sources to provide a result or a conclusion. Each source needs to be reviewed so that any motives of the author can be
understood and that the results can be used reliably and correctly.
On the other hand, exploring many existing studies within an area may provide a cost-effective
method for individuals or organizations to investigate a subject. Moreover, the fact that an area
has been tried and explored repeatedly can display clearly for the reader what is well-known and
what is less known within a field.
11 2.6.2 Risk analysis problematization
By using risk analysis as a method, a clear view of the investigated field and the issues within it may be achieved. Many of the risks affecting an area can be found and evaluated through this method. Therefore, the results of this method can be used as a kind of guiding light for decision- makers when deciding how to continue development within a field. This being said, a risk analysis can also be a valuable tool for an organization or company to identify and prepare for different risks affecting their product or service. Another positive aspect surrounding risk analysis is that it is an excellent way to present the found risks and related countermeasures to individuals who might not have much experience within the area.
However, this method has some shortcomings, for example, the fact that a hypothetical risk model must be created in some cases. This can be because not enough earlier data exists to go on. By doing this, there cannot be complete certainty that the risk model is completely accurate, and therefore the risks presented in it can change or vary to some degree. If the risk analysis is instead based on earlier cases, this can result in the risks presented being more accurate to the actual situation and consequently render a more rewarding result. Another issue surrounding technological risk analysis is that technology within specific fields changes rapidly. This makes the risk analysis inaccurate or outdated very quickly. Therefore, many risk analyses need to be conducted in the future to provide a continuous perspective on the risks against an organization or a product.
2.7 Earlier studies and related works
Several previous studies exist within the field of electric vehicle charging. These studies differ from the one presented here in a couple of distinct ways. In particular, the study at hand is focused on investigating a single organization's security solutions when it comes to charging.
Many of the existing studies on the subject instead focus on investigating standards that regulate the security surrounding charging or have a more general objective. The type of study described here aims to present a better picture of the current situation in the area regarding the actual state- of-the-art security implementations. Moreover, observations and conclusions from other related works are gathered and presented in an organized way through a literature study. Some earlier works that investigate close subjects are listed and shortly described below.
”Är du och din elbil skyddad vid laddning via laddstolpe?” Alfredsson & Brettmar (2020)
The bachelor’s thesis above aims to present a comparison between the two communication
standards ISO 15118 and OCPP. Additionally, three interviews were carried out with individuals
from the industry where these individuals had the opportunity to give their opinions and answer
questions about the future of electric vehicle charging. This differs in some significant ways
from the study presented in this paper. The main differences are that this study will not be aimed
at comparing two different standards but rather to analyze one standard. Furthermore, the results
will be complemented with a risk analysis of the current state of charging based on actual
implementations used by an organization in the field of electric vehicles.
12
“Cybersecurity of Smart Electric Vehicle Charging: A Power Grid Perspective” Acharya et al. (2020)
The study has a similar objective to that of the study at hand. The paper discusses different types of attacks that may target electric vehicles and how they work. Some of the attacks described are purely hypothetical but could pose a significant threat to the power grid if ever carried out.
Though this work discusses several different potential vulnerabilities and different parts of the charging process, it has an overall focus on consequences for the power grid and not for the electric vehicle or charger. Some of the themes discussed are the vehicles, the charging systems and the power grid. This differs from the current study in the way that the focus will mainly be on the electric vehicle and not on the power grid.
“The Security of Charging Protocol between Charging Piles and Electric Vehicles” Xu et al.
(2019)
Like some of the other earlier works, a primary objective with the study above is to find different threats regarding the charging of electric vehicles. The focus is aimed towards finding
vulnerabilities specifically in the charger and not in the vehicle. Another focus in the paper is different charging protocols and how they can open for vulnerabilities in different ways. This differs from the study at hand as the focus will be on the vehicle's security and not the charger.
“Cybersecurity of Onboard Charging Systems for Electric Vehicles—Review, Challenges and Countermeasures” Chandwani et al. (2020)
The focus of the authors presented above is to discuss and analyze different parts of the charging process of electric vehicles. Several different threats against both the software and hardware levels are discussed, and some countermeasures proposed. This differs from the current study in some areas. For example, it has a more significant focus on mathematical and technical issues surrounding charging security. It also goes into great detail surrounding electricity and current, which the study at hand will not.
“A threat analysis of the vehicle-to-grid charging protocol ISO 15118” Bao et al. (2017) This work presents a comprehensive view of the ISO 15118 standard. It discusses various threats and vulnerabilities along with how they can be avoided or mitigated. This has similar traits to this thesis, as they both deal with the ISO 15118 standard. However, the current study will discuss the ISO 15118 standard but also explore currently existing vulnerabilities within electric vehicle charging and not just in relation to the standard.
These earlier studies will serve as a base for this thesis both in the literature study and in the risk
analysis part. Even if some of the studies mentioned in this section explore subjects that differ
13
from that of this study or focus on different areas, the conclusions and results found in these
studies provide an essential foundation.
14
15
3 Theory
In order to fully understand the results and discussions in later parts of this report, some terminology and technological concepts need to be explained and discussed. In this part of the thesis, different concepts are introduced and explained in some detail. This section of the report acts as a foundation for the arguments and conclusions presented later.
3.1 The CIA triad
The CIA triad is a series of three terms that are used when defining different security solutions and which aspects of security they affect. These terms are confidentiality, integrity and
availability. The triad is also functional when developing new solutions or managing security within an organization. It offers three main concepts that need to be balanced to obtain security on different levels. It is also worth mentioning that different aspects of the CIA triad may be more or less important depending on what is to be protected and what is required of the protected entity. For example, a system that requires very high confidentiality may not need to be as easily accessible. The terms that the CIA triad is an acronym for are described below.
Confidentiality refers to the secrecy of the protected entity. High confidentiality means that the protected entity is only accessible to the parties that should be able to have access and no one else.
Integrity defines how well protected an entity is from tampering or modification by unauthorized parties. Integrity can also be seen as the part of the triad that deals with the legitimacy of the protected entity and that it remains in a correct state.
Availability is the term that defines how easily accessible an entity is to parties that have the authorization to access it. An example of high availability is a system that consistently allows legitimate users to log in without making the process a hassle for users.
3.2 Relevant attack types
In this section, some relevant types of attacks are defined and described. A large number of different attacks and variants of attacks exist within the field of cybersecurity. Certain attack types are more common than others and different attacks may be used to reach different goals.
This section describes several attacks that are common within cybersecurity and may present a threat to electric vehicles. This is in order to give a basic understanding of what the concept of each attack is.
3.2.1 Man-in-the-middle attack
One of these attacks is the so-called man-in-the-middle attack (MITM). This attack type is one of
the most well-known attacks when it comes to cybersecurity. The scenario in which a MITM
attack can be performed usually involves two communicating parties where the malicious party
is situated between the parties. The attacker can then use this position in which traffic has to
16 travel through their device to gain access to the communication between the two parties. The attacker can use this position to manipulate traffic on its way to the receiver or simply to eavesdrop. This influences both the integrity and the confidentiality of the data. (Conti et al., 2016)
3.2.2 Spoofing attacks
Another form of attack is the so-called spoofing attack, or just spoofing. This means that a malicious party is disguising itself as a trusted source. By doing so, they can gain access to data or information that is confidential. This can be done through a wide range of methods. Some examples of such methods are through the use of fake websites, phone calls, e-mails, IP addresses and servers. The result of these attacks can be severe and cause an economic loss (Bhaskari et al., 2011). These attacks are often carried out by using names from a well-known, trusted parties to fool individuals. This is sometimes enough to make the victim give up
information or take an action that might lead to compromised or stolen data (Malwarebytes, n.d).
The concept of spoofing is described by the organization Malwarebytes (n.d.) through the quote below.
“Spoofing, as it pertains to cybersecurity, is when someone or something pretends to be something else in an attempt to gain our confidence, get access to our systems, steal data, steal money, or spread malware.” (Malwarebytes, n.d)
3.2.3 Injection attacks
An injection attack is a form of attack that works by injecting malicious code into a program or scenario in which it can cause damage or extract data. An attacker can, for example, submit malicious input which will cause a web application to perform unauthorized actions. This can result in confidential information being exposed or admin access being granted to attackers.
There exists many different forms of injection attacks. Some types are SQL injection, code injection, cross-site scripting, false data injection and command injection which all aim to inject commands into a system. (Pauli & White, 2013)
These types of attacks are not only one of the most damaging types of web application attacks but are also quite common. Another issue with injection attacks is the size of the attack surface.
An attack like this has the possibility of affecting a large number of people (Muscat, 2019). An attack like this would mainly affect the integrity of the data.
3.2.4 Denial of service attacks
A denial of service (DOS) attack is a type of attack that is based on preventing legitimate users from accessing a service or a product during a window of time. Many different versions and modifications of DOS attacks exist but preventing legitimate access to a resource is most commonly the primary goal of this type of attack. There are two main types of DOS attacks:
flooding attacks and crashing attacks. As can be gathered from the name, a flooding attack aims
17 to flood a target with traffic forcing them to slow down or shut down operations. A crashing attack instead aims to exploit some weakness within a system to force it to crash. (Paloalto networks, n.d.) A DOS attack would mainly affect the availability of the data.
3.3 Quantum computing
Quantum computers combine computer science with quantum mechanics. This is a new type of computer that can solve complex problems that the computers of today do not have the
computational power to deal with. While today’s computers work by manipulating individual bits that store binary information, quantum computers use quantum bits or so-called qubits.
While quantum computers are relatively new, the theory of quantum computing has been around for quite some time. Practical developments have progressed since around the 1980s and now scientists are closer than ever to creating this new type of computer. (IBM, n.d)
The field of quantum computing is quickly growing and evolving. This field combines mathematics, computer science and physics. By combining computer theory with quantum theory, performing tasks that were thought to be impossible or infeasible is now closer to being within reach. By using quantum computers, solving problems in a faster and more effective way is sometimes possible. (Kaye et al., 2020)
Quantum computers and their abilities are well debated. However, they are expected to threaten some of the cryptographic protocols available and in use today if they become a reality. If
quantum computers capable of handling thousands of qubits ever arrive, some believe that, some of the most commonly used encryption systems will become obsolete overnight (Mavroeidis et al., 2018). Even agencies such as NSA (National Security Agency) have made official statements about the future of cryptographic protocols and the demand to adapt to quantum-safe options or post-quantum cryptographic algorithms. (Stanger, 2020)
3.4 The ISO 15118 standard
This section aims to describe what the ISO 15118 standard is and what it implies for electric vehicles and their charging process. Some specific details about the charging process and how it is structured according to the standard is also explained.
ISO standards are made on an international scale and therefore aim to provide a standard within an area globally. The ISO 15118 standard is a series of documents that describes and specifies requirements surrounding vehicle to charging station communication. The standard also covers vehicle to grid (V2G) communication where the vehicle will be able to communicate with the grid and other parties involved in the transfer of electric energy (V2G Clarity, 2019). The correct and complete implementation of this standard will bring increased security in the form of TLS encryption as well as authorization with certificates. In addition to this, other features such as automatic payment management will also be available. Even though this is the case,
organizations may decide not to fully implement all the requirements of the standard. Therefore,
they may still be vulnerable based on specific weaknesses. V2G Clarity, which is an organization
18 dedicated to educating about the ISO 15118 standard, describes the standard in the following way.
“In a nutshell, ISO 15118 is an international standard that outlines the digital communication protocol that an electric vehicle (EV) and charging station should use to recharge the EV’s high- voltage battery. As part of the Combined Charging System (CCS), ISO 15118 covers all
charging-related use cases across the globe. This includes wired (AC and DC) and wireless charging applications and the pantographs that are used to charge larger vehicles like buses.”
(V2G Clarity, 2019)
3.4.1 Structure of the ISO 15118 standard
The ISO 15118 standard is divided into a series of documents. Each document in the family of standards deals with a specific area of the standard. A list of all the documents in the ISO 15118 standard family, that are currently available or in development from the iso.org website at the time of this report, can be found below.
ISO 15118-1 General information and use-case definitions ISO 15118-2 Network and application protocol requirements ISO 15118-3 Physical and data link layer requirements ISO/CD
15118-4
Network and application protocol conformance test (under development)
ISO 15118-5 Physical and data link layer conformance test
ISO 15118-8 Physical layer and data link layer requirements for wireless communication ISO 15118-9 Physical and data link layer conformance test for wireless communication
(under development)
ISO 15118-20 2nd generation network and application protocol requirements (under development)
Table 1: A table displaying the different documents that are part of the ISO 15118 standard family. The ISO 15118 standard is divided into multiple different documents handling different subjects and aspects of the standard.
3.4.2 ISO 15118 charging process
The ISO 15118 charging process is briefly described in ISO 15118-1 (2019). In this part of the standard, the charging process of an electric vehicle is described through 8 different use case groups. These groups are ordered as A–H and each one describes a certain part of the charging process. These case groups describe the necessary parts that need to be included in a charging session in order to carry out all the required steps described in the ISO 15118 standard. Some additions were made to the different use case elements in the updated version of the standard in 2019. These changes included the new case element groups P and I. These groups address
necessary steps when a vehicle uses WTP or ACDs in order to charge. Apart from these changes,
the steps remain the same as in previous versions. A flowchart displaying the charging process
according to the ISO 15118-1:2019 standard can be found below. (ISO, 2019)
19
3.5 Authentication through certificates
Digital certificates are implemented by means of public-key encryption. This means that a public key and a private key are generated and can be used to encrypt and decrypt messages. A digital certificate is a file that contains this public key which is made available to everyone. As for the private key, it is kept secret by the owner and can be used for the signature or encryption of files, documents, or other such items. The public key can then be used to verify that the signature is correct and prove that the other party does indeed hold the correct private key and their identity.
In addition to this, the public key can be used by individuals to send confidential information to the private key holder. This is possible since anyone can find and use the public key, but only the private key holder can decrypt the message. (SSL.com, 2020)
Figure 1: ISO 15118 charging process flowchart showing the process which occurs during charging. In this image, the process is listed from A-I. Each part describes a specific part of the charging process. In order to carry out the necessary parts that are required by the ISO standard
these steps need to be included.