![Page 1: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/1.jpg)
Security and Privacy in the current e-mobility charging infrastructure
Open Charging Cloud
![Page 2: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/2.jpg)
Where?
When?
How to pay?
![Page 3: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/3.jpg)
![Page 4: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/4.jpg)
(Mobile) Internet
Internet
Charging
Station
Operator
e-Mobility
Provider 1
e-Mobility
Provider 2
Energy
Provider
E-Mobility Network Architecture
Charging Station
![Page 5: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/5.jpg)
(Mobile) Internet
Internet
Charging
Station
Operator
e-Mobility
Provider 1
e-Mobility
Provider 2
Energy
Provider
E-Mobility Network Architecture
Roaming Provider
Charging Station
![Page 6: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/6.jpg)
(Mobile) Internet
Internet
Charging
Station
Operator
e-Mobility
Provider 1
e-Mobility
Provider 2
Energy
Provider
E-Mobility Network Architecture
Roaming Provider
![Page 7: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/7.jpg)
Fuckup Level 1
![Page 8: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/8.jpg)
(Mobile) Internet
Internet
Charging
Station
Operator
e-Mobility
Provider 1
e-Mobility
Provider 2
Energy
Provider
E-Mobility Network Architecture
Roaming Provider
IoT Toaster Now with up to 64 Ampere AC!
![Page 9: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/9.jpg)
Fuckup Level 2
Someone „just“ stopped “smart charging” 10000 e-cars
![Page 10: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/10.jpg)
Fuckup Level 3
Lät meh fix se EIoT vor u!
![Page 11: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/11.jpg)
Fuckup Level 4
![Page 12: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/12.jpg)
Fuckup Level n
![Page 13: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/13.jpg)
Network Architecture for charging e-vehicles
![Page 14: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/14.jpg)
Open Charge Point Protocol
Open Charge
Point Interface
Charging
Station
Operator
e-Mobility
Provider 1
e-Mobility
Provider 2
Charging Station
Energy
Provider
E-Mobility Network Architecture
ISO/IEC 15118
![Page 15: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/15.jpg)
Open Charge Point Protocol Charging
Station
Operator
e-Mobility
Provider 1
e-Mobility
Provider 2
Charging Station
Energy
Provider
E-Mobility Network Architecture
Roaming Provider
Open InterCharge Protocol Open Clearing House Protocol
ISO/IEC 15118
![Page 16: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/16.jpg)
OCPP Land Charging
Station
Operator
Charging Station
• Current version: OCPP v1.6 http://www.openchargealliance.org
• Worldwide utility-driven de facto ICT standard
to manage charge points located in the streets
• HTTP/SOAP on both devices… • …or HTTP/WebSocket/JSON
Open Charge Point Protocol
E-Mobility Network Architecture
![Page 17: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/17.jpg)
OCPP Land Charging
Station
Operator
Charging Station
• Suggests use of TLS with client certs and VPNs/Private APNs when SOAP is used
• Discourages use of TLS because of communication overhead and client cert management complexity
• No standardized methods to manage network setting, certs, CA certs, … most operators rely on network security or proprietary protocols
Open Charge Point Protocol
E-Mobility Network Architecture
→ There is no practical security at all!
![Page 18: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/18.jpg)
OCPP Land Charging
Station
Operator
Charging Station
• What about firmware updates? <soap:Envelope xmlns:soap = "http://www.w3.org/2003/05/soap-envelope" xmlns:wsa = "http://www.w3.org/2005/08/addressing" xmlns:ns = "urn://Ocpp/Cp/2015/10/"> <soap:Body> <ns:updateFirmwareRequest> <ns:retrieveDate>?</ns:retrieveDate> <ns:location>?</ns:location> <ns:retries>?</ns:retries> <!--Optional:--> <ns:retryInterval>?</ns:retryInterval> <!--Optional:--> </ns:updateFirmwareRequest> </soap:Body> </soap:Envelope>
Open Charge Point Protocol
E-Mobility Network Architecture
→ No security against even accidental mistakes
![Page 19: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/19.jpg)
OCPP Land Charging
Station
Operator
Charging Station
Conclusions • Physical access to charging stations is easy • Security against external attacks is low • Own one and your are in their internal
network without any further security
Open Charge Point Protocol
E-Mobility Network Architecture
![Page 20: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/20.jpg)
Local & Remote Authentication at a Charging Station
![Page 21: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/21.jpg)
Open Charge Point Protocol Charging
Station
Operator
Charging Station
Local Authentication via PnC or RFID
Roaming Provider
e-Mobility
Provider 1
e-Mobility
Provider 2
PnC
Energy
Provider
![Page 22: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/22.jpg)
Open Charge Point Protocol Charging
Station
Operator
Charging Station
Local Authentication via PnC or RFID
Roaming Provider
e-Mobility
Provider 1
e-Mobility
Provider 2
PnC
• ISO/IEC 15118 Plug-and-Charge Authentication is based on e-Mobility Account/Contract Identification (eMAId / EVCOID) (online authentication)… …and/or certificates installed in the e-vehicles (offline authentication, both have privacy issues)
• Very complex standard, from physical up to the data layer… thus not widely supported!
![Page 23: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/23.jpg)
Open Charge Point Protocol Charging
Station
Operator
Charging Station
Local Authentication via PnC or RFID
Roaming Provider
e-Mobility
Provider 1
e-Mobility
Provider 2
PnC
• Authentication based solely on the unique Id of RFID card. → easy to wiretap and spoof, free-energy
• Often MiFare Classic is used → easy to clone
RFID
![Page 24: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/24.jpg)
Open Charge Point Protocol Charging
Station
Operator
Charging Station
Roaming Provider
e-Mobility
Provider 1
e-Mobility
Provider 2
RFID
PnC
Local Authentication via PnC or RFID Flat RFID Id schema means the related e-mobility provider is unknown and RFID Id + charging station Id is broadcasted to any e-mobility / roaming provider → EV driver tracking for noobs
![Page 25: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/25.jpg)
Open Charge Point Protocol Charging
Station
Operator
Charging Station
Roaming Provider
Open Charge Point Protocol
e-Mobility
Provider 1
e-Mobility
Provider 2
RFID
PnC
Local Authentication via PnC or RFID <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:ns ="urn://Ocpp/Cs/2015/10/"> <soap:Header> <ns:chargeBoxIdentity>?</ns:chargeBoxIdentity> </soap:Header> <soap:Body> <ns:authorizeRequest> <ns:idTag>CAFEBABE23</ns:idTag> </ns:authorizeRequest> </soap:Body> </soap:Envelope>
![Page 26: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/26.jpg)
PnC Open Charge
Point Protocol Charging
Station
Operator
Charging Station
Roaming Provider
Open InterCharge Protocol
e-Mobility
Provider 1
e-Mobility
Provider 2
RFID
Local Authentication via PnC or RFID
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:v2 ="http://www.hubject.com/b2b/services/authorization/v2.0" xmlns:v21 ="http://www.hubject.com/b2b/services/commontypes/v2.0"> <soapenv:Header/> <soapenv:Body> <v2:eRoamingAuthorizeStart> <v2:SessionID>?</v2:SessionID> <!--Optional:--> <v2:EVSEID>DE*GEF*1234567*1</v2:EVSEID> <!--Optional:--> <v2:PartnerProductID>AC1</v2:PartnerProductID> <!--Optional:--> <v2:Identification> <v21:RFIDmifarefamilyIdentification> <v21:UID>CAFEBABE23</v21:UID> </v21:RFIDmifarefamilyIdentification> </v2:Identification> </v2:eRoamingAuthorizeStart> </soapenv:Body> </soapenv:Envelope>
![Page 27: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/27.jpg)
PnC Open Charge
Point Protocol Charging
Station
Operator
Charging Station
Open Charge Point Interface
e-Mobility
Provider 1
e-Mobility
Provider 2
RFID
Local Authentication via PnC or RFID POST /ocpi/emsp/2.0/tokens/{token_uid}/authorize { “location_id”, … “evse_uids”, […] “connector_ids”, […] }
![Page 28: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/28.jpg)
Open Charge Point Protocol Charging
Station
Operator
Charging Station
Roaming Provider
Open Clearing House Protocol
e-Mobility
Provider 1
e-Mobility
Provider 2
RFID
PnC
Local Authentication via PnC or RFID
![Page 29: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/29.jpg)
Open Charge Point Protocol Charging
Station
Operator
Charging Station
Roaming Provider
OCHP, OICP, OCPI
e-Mobility
Provider 1
e-Mobility
Provider 2
PnC
Local Authentication via PnC or RFID • RFID Id is checked against a local whitelists → Ids of 10000s of customers in 10000s of IoT devices in 10000s of streets → Loose one and replace all RFID tokens
RFID
![Page 30: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/30.jpg)
Open Charge Point Protocol Charging
Station
Operator
Charging Station
Roaming Provider
e-Mobility
Provider 1
e-Mobility
Provider 2
Remote Authentication via Smart Phone
![Page 31: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/31.jpg)
Open Charge Point Protocol Charging
Station
Operator
Charging Station
Roaming Provider
e-Mobility
Provider 1
e-Mobility
Provider 2
Remote Authentication via Smart Phone
Open InterCharge Protocol
<soapenv:Envelope xmlns:soapenv ="http://schemas.xmlsoap.org/soap/envelope/" xmlns:Authorization="http://www.hubject.com/b2b/services/authorization/v2.0" xmlns:CommonTypes ="http://www.hubject.com/b2b/services/commontypes/v2.0"> <soapenv:Body> <Authorization:eRoamingAuthorizeRemoteStart> <Authorization:SessionID>?</Authorization:SessionID> <!--Optional:--> <Authorization:PartnerProductID>?</Authorization:PartnerProductID> <!--Optional:--> <Authorization:EVSEID>DE*GEF*123456789*1</Authorization:EVSEID> <Authorization:Identification> <CommonTypes:RemoteIdentification> <CommonTypes:EVCOID>DE-GDF-123456789-X</CommonTypes:EVCOID> </CommonTypes:RemoteIdentification> </Authorization:Identification> </Authorization:eRoamingAuthorizeRemoteStart> </soapenv:Body> </soapenv:Envelope>
![Page 32: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/32.jpg)
Open Charge Point Protocol Charging
Station
Operator
Charging Station
Roaming Provider
e-Mobility
Provider 1
e-Mobility
Provider 2
Remote Authentication via Smart Phone
Open Charge Point Protocol
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa ="http://www.w3.org/2005/08/addressing" xmlns:ns ="urn://Ocpp/Cp/2015/10/"> <soap:Body> <ns:remoteStartTransactionRequest> <ns:connectorId>1</ns:connectorId> <!--Optional:--> <ns:idTag>DE-GDF-123456789-X</ns:idTag> <ns:chargingProfile /> <!--Optional:--> </ns:remoteStartTransactionRequest> </soap:Body> </soap:Envelope>
![Page 33: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/33.jpg)
Open Charge Point Protocol Charging
Station
Operator
Charging Station
Roaming Provider
e-Mobility
Provider 1
e-Mobility
Provider 2
Remote Authentication via Smart Phone
Open Clearing House Protocol
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns ="http://ochp.eu/1.4"> <soapenv:Body> <ns:SelectEvseRequest> <ns:evseId>DE*GEF*123456789*1</ns:evseId> <ns:contractId>DE-GDF-123456789-X</ns:contractId> <!--Optional:--> <ns:reserveUntil> <ns:DateTime>?</ns:DateTime> </ns:reserveUntil> </ns:SelectEvseRequest> </soapenv:Body> </soapenv:Envelope>
![Page 34: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/34.jpg)
Open Charge Point Protocol Charging
Station
Operator
Charging Station
Roaming Provider
e-Mobility
Provider 1
e-Mobility
Provider 2
Remote Authentication via Smart Phone
![Page 35: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/35.jpg)
Little sisters are watching!
![Page 36: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/36.jpg)
They are willing to change…
Stiftung Datenschutz agrees that it seems very likely, that the current e-mobility charging infrastructure violates privacy laws.
![Page 37: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/37.jpg)
Maybe a better future…
![Page 38: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/38.jpg)
Sadly, in the past it did not work out very well…
![Page 39: Security and Privacy in the current e-mobility charging infrastructure](https://reader031.vdocuments.us/reader031/viewer/2022022202/58802c121a28ab9f0f8b597b/html5/thumbnails/39.jpg)
Open Charging Cloud GraphDefined GmbH
[email protected] PGP/GPG 065B 20E3 1FDC C624 C438 907D D977 5D7B 13F6 7088 https://open.charging.cloud
Twitter: @OCCloud GitHub: OpenChargingCloud