Abstract
The increase of electric vehicles has exacerbated the need for adequate security measures in the electric vehicle charging ecosystem (EVCE). Integrating IT services into the electric vehicle charging infrastructure exposes it to several new attack vectors. In this paper, we apply a vulnerability analysis method to assess the current security posture of the internet-connected EVCE components. Our method is based on penetration testing principles using open-source cybersecurity search engines. Using this method, we gathered security-related information apparently associated with eight charging station vendors and three management systems, and we found 13 vulnerable technologies containing 81 vulnerabilities. Based on the information provided by vulnerability databases, we classified the threats according to the STRIDE model and analyzed the potential consequences of the vulnerabilities in terms of the security properties that can be violated.
Supported by Vinnova through the project Sustainable Energy with Adaptive Security (2021-01683) and RICS Centre on Resilient Information and Control Systems financed by Swedish Civil Contingencies Agency (MSB).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Acharya, S., Dvorkin, Y., Pandžić, H., Karri, R.: Cybersecurity of smart electric vehicle charging: a power grid perspective. IEEE Access 8, 214434–214453 (2020)
Alcaraz, C., Cumplido, J., Trivino, A.: OCPP in the spotlight: threats and countermeasures for electric vehicle charging infrastructures 40. Int. J. Inf. Secur. 1–27 (2023)
Ashley, T., Gourisetti, S.N.G., Brown, N., Bonebrake, C.: Aggregate attack surface management for network discovery of operational technology. Comput. Secur. 123, 102939 (2022)
Baggott, S.S., Santos, J.R.: A risk analysis framework for cyber security and critical infrastructure protection of the us electric power grid. Risk Anal. 40(9), 1744–1761 (2020)
Casola, V., De Benedictis, A., Rak, M., Villano, U.: Toward the automation of threat modeling and risk assessment in IoT systems. Internet Things 7, 100056 (2019)
ElHussini, H., Assi, C., Moussa, B., Atallah, R., Ghrayeb, A.: A tale of two entities: contextualizing the security of electric vehicle charging stations on the power grid. ACM Trans. Internet Things 2(2) (2021). https://doi.org/10.1145/3437258
Gautam, M., Bhusal, N., Benidris, M.: Concept of smart charging management system and its consensus on cybersecurity (2020)
Ghafouri, M., Kabir, E., Moussa, B., Assi, C.: Coordinated charging and discharging of electric vehicles: a new class of switching attacks. ACM Trans. Cyber-Phys. Syst. (TCPS) 6(3), 1–26 (2022)
Gonzalez-Granadillo, G., et al.: Dynamic risk management response system to handle cyber threats. Futur. Gener. Comput. Syst. 83, 535–552 (2018)
Gottumukkala, R., Merchant, R., Tauzin, A., Leon, K., Roche, A., Darby, P.: Cyber-physical system security of vehicle charging stations. In: 2019 IEEE Green Technologies Conference (GreenTech), pp. 1–5. IEEE (2019)
Hamdare, S., et al.: Cybersecurity risk analysis of electric vehicles charging stations. Sensors 23(15), 6716 (2023)
Heiding, F., Süren, E., Olegård, J., Lagerström, R.: Penetration testing of connected households. Comput. Secur. 126, 103067 (2023)
Johnson, J., et al.: Cybersecurity for electric vehicle charging infrastructure. Technical report, Sandia National Lab. (SNL-NM), Albuquerque, NM (United States) (2022)
Johnson, J., Berg, T., Anderson, B., Wright, B.: Review of electric vehicle charger cybersecurity vulnerabilities, potential impacts, and defenses. Energies 15(11), 3931 (2022)
Katsikas, S., et al.: A hybrid dynamic risk analysis methodology for cyber-physical systems. In: Katsikas, S., et al. (eds.) ESORICS 2022. LNCS, vol. 13785, pp. 134–152. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-25460-4_8
Kern, D., Krauß, C.: Analysis of e-mobility-based threats to power grid resilience. In: Proceedings of the 5th ACM Computer Science in Cars Symposium, pp. 1–12 (2021)
Kern, D., Krauß, C.: Detection of e-mobility-based attacks on the power grid. In: 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 352–365 (2023). https://doi.org/10.1109/DSN58367.2023.00042
Kure, H.I., Islam, S., Razzaque, M.A.: An integrated cyber security risk management approach for a cyber-physical system. Appl. Sci. 8(6), 898 (2018)
Lee, S., Park, Y., Lim, H., Shon, T.: Study on analysis of security vulnerabilities and countermeasures in ISO/IEC 15118 based electric vehicle charging technology. In: 2014 International Conference on IT Convergence and Security (ICITCS), pp. 1–4. IEEE (2014)
Müller, N., Heussen, K., Afzal, Z., Ekstedt, M., Eliasson, P.: Threat scenarios and monitoring requirements for cyber-physical systems of flexibility markets. In: 2022 IEEE PES Generation, Transmission and Distribution Conference and Exposition–Latin America, pp. 1–6. IEEE (2022)
Nasr, T., Torabi, S., Bou-Harb, E., Fachkha, C., Assi, C.: ChargePrint: a framework for internet-scale discovery and security analysis of EV charging management systems (2023)
Nasr, T., Torabi, S., Bou-Harb, E., Fachkha, C., Assi, C.: Power jacking your station: in-depth security analysis of electric vehicle charging station management systems. Comput. Secur. 112, 102511 (2022)
Sarieddine, K., Sayed, M., Torabi, S., Atallah, R., Assi, C.: Investigating the security of EV charging mobile applications as an attack surface (2022). https://dl.acm.org/doi/10.1145/3609508
Sayed, M.A., Atallah, R., Assi, C., Debbabi, M.: Electric vehicle attack impact on power grid operation. Int. J. Electr. Power Energy Syst. 137, 107784 (2022)
Shevchenko, N., Chick, T.A., O’Riordan, P., Scanlon, T.P., Woody, C.: Threat modeling: a summary of available methods. Technical report, Carnegie Mellon University Software Engineering Institute (2018)
Shrestha, M., Johansen, C., Noll, J., Roverso, D.: A methodology for security classification applied to smart grid infrastructures. Int. J. Crit. Infrastruct. Prot. 28, 100342 (2020)
Skarga-Bandurova, I., Kotsiuba, I., Biloborodova, T.: Cyber security of electric vehicle charging infrastructure: Open issues and recommendations. In: 2022 IEEE International Conference on Big Data (Big Data), pp. 3099–3106. IEEE (2022)
Süren, E., Heiding, F., Olegård, J., Lagerström, R.: PatrIoT: practical and agile threat research for IoT. Int. J. Inf. Secur. 22(1), 213–233 (2023)
Tuma, K., Scandariato, R.: Two architectural threat analysis techniques compared. In: Cuesta, C.E., Garlan, D., Pérez, J. (eds.) ECSA 2018. LNCS, vol. 11048, pp. 347–363. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00761-4_23
UcedaVelez, T., Morana, M.M.: Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis, 1st edn. Wiley, Chicester (2015)
Zhdanova, M., Urbansky, J., Hagemeier, A., Zelle, D., Herrmann, I., Höffner, D.: Local power grids at risk–an experimental and simulation-based analysis of attacks on vehicle-to-grid communication. In: Proceedings of the 38th Annual Computer Security Applications Conference, pp. 42–55 (2022)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Plaka, R., Asplund, M., Nadjm-Tehrani, S. (2024). Vulnerability Analysis of an Electric Vehicle Charging Ecosystem. In: Pickl, S., Hämmerli, B., Mattila, P., Sevillano, A. (eds) Critical Information Infrastructures Security. CRITIS 2023. Lecture Notes in Computer Science, vol 14599. Springer, Cham. https://doi.org/10.1007/978-3-031-62139-0_9
Download citation
DOI: https://doi.org/10.1007/978-3-031-62139-0_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-62138-3
Online ISBN: 978-3-031-62139-0
eBook Packages: Computer ScienceComputer Science (R0)