Defining security for the EV charging infrastructure

For most vehicle owners today, refueling means a short stop at a gas station before continuing their journey. Electric vehicles (EV) are changing this paradigm. EVs require more time to charge, so a quick stop is out of the question.

However, the variety of charging locations offsets the time invested. Drivers are no longer tied to gas stations. They have plenty of idle time during the day to charge vehicles at work, while shopping or at home.

Charging points are termed Electric Vehicle Supply Equipment (EVSE) and provide the electrical equipment needed to deliver safe charging. A public EVSE must also include a secure payment mechanism. Infrastructure of this kind requires security to ensure customer data is protected from hackers.

While this may seem obvious, it seems some corners have been cut in the rush to get charging infrastructure installed. In early 2022, the website address for a CPO in the UK was redirected, causing inappropriate content to appear on the user interface. Research undertaken by security consulting and testing services provider, Pen Test Partners, indicates a lack of security on a range of domestic and public chargers.

Security in charging infrastructure shouldn’t be an issue. The ISO 15118 standard “Road Vehicles -- Vehicle to Grid Communication Interface,” includes network and application protocol requirements in Part 2 (ISO 151118:2) since 2014. This was updated in 2022 with the release of part 20 (ISO 151118:20), which further tightened the security requirements.

Too many cards and apps

For those who are not yet EV owners, the concept of recharging the vehicle seems simple enough on the face of it. Like a smartphone, you plug it in to charge overnight or while at work. The core difference is that payment for the energy isn’t automatically associated with the consumer. Charging Point Operators (CPOs) have chosen to ride the tech trend, forcing EV owners to register and install a multiplicity of apps to enable access and payment. Some charging points even require a dedicated RFID card issued by the EVSE operator. But all this seems a little absurd when the vehicle itself could identify the user.

Since its inception, a feature known as “Plug and Charge” has been part of ISO 15118:2. The idea behind this was to enable the EV to be used as the authenticating element in the system. Simply plugging in the EV would be enough to automate billing without the need to register or install apps. Authentication functions much like secure HTTPS is used to access secure websites. Successful authentication results in a padlock in the address bar. For this to work, each secure website has a certificate issued by a certificate authority (CA). When accessing the site, your browser can confirm that the site belongs to the actual owner, thus confirming its authenticity.

In an EV, the process works the other way round. The vehicle needs to prove its identity so that the CPO can determine the owner, ensure they have a contract in place, and bill the user for the energy provided.

This type of security relies on X.509 Public Key Infrastructure (PKI) and Transport Layer Security (TLS) in the communication at the transport and application layer. To support it, the vehicle’s original equipment manufacturer (OEM) must provide each vehicle with a certificate during manufacture. With a certificate, CPOs cannot prove the identity of the EV. Unfortunately, only one contract was supported for this purpose in ISO 15118-2, stopping EV owners from registering with multiple CPOs

Multi-contract handling and improved security

Thanks to improvements in the definition of ISO 15118:20, support is now in place for multi-contract handling. EVs can thus prove they have a contract to use a charging point in a commercial building, another for a public car park, and those installed at their place of work. Precisely how the driver adds and manages these contracts is an implementation issue for the OEMs, but the capability is there.

Another exciting development is vehicle-to-grid (V2G), whereby the EV’s battery is used to inject power back into the power grid. As part of a joined-up approach to reducing reliance on fossil fuels, the thousands of EVs connected to charging points could be used to power homes and buildings and even help with balancing energy demand. Again, the contract handling ensures that drivers are reimbursed for their contributions. Robust security is also required to ensure bad actors cannot hack the system and overload the grid by injecting energy when it isn’t required.

While V2G is attractive to utility companies, a balance must be made between leveraging this energy source and ensuring EV owners have enough charge to complete their journey. This is handled by the Scheduled mode and newly introduced Dynamic mode of ISO 15118:20. Scheduled mode enables the EV to negotiate a power profile with the EVSE, sharing information on the charge state, the power limits of the EVSE and the driver's planned time to continue their journey. With Dynamic mode, control and responsibility for the driver’s mobility needs are delegated to the EVSE. The advantage here is that utility operators can respond more rapidly when balancing the grid.

Further improvements include making the use of TLS during communication mandatory and strengthening the encryption used. Previously, TLS was only required for Plug and Charge, leaving RFID and app-based authentication methods potentially unsecured.

Implementing ISO 15118:20 securely

Manufacturers of charging points, EV OEMs and their sub-suppliers are now in need of clever solutions to implement EVSE security to the standards required. Not only does this require implementing TLS during communication, but it also needs a robust approach to storing the secrets associated with the certificates used. It is also sensible to ensure that only trusted and authenticated sources can apply firmware updates.

EVSE equipment is also at risk from physical attack due to being installed in public but potentially rarely frequented locations. Thus, the implementation must also consider that equipment may be tampered with or even stolen to analyze and break security nationwide.

NXP is well known for its automotive solutions as well as its security products. Its S32G2 AEC-Q100 qualified vehicle networking processor family, which has AUTOSAR software support, provides high-performance real-time processing, network acceleration and hardware security. This latter capability is rolled into a Hardware Security Engine (HSE), a tamperproof section of the device with a dedicated Arm Cortex-M7 core, RAM and ROM.

Features include an AES engine for encryption and decryption, and a public key cryptography engine to accelerate RSA operations when generating and verifying signatures. The HSE also provides a strict secure boot capability, where the firmware is verified before execution, or parallel verification, where checking occurs as the application code is executed.

Existing EVSE designs may benefit by retrofitting a secure element (SE), a stand-alone chip that offers ready-to-use security. NXP’s EdgeLock SE050 family offers Common Criteria EAL 6+ certified security, protecting a broad array of attack scenarios. With pre-implemented cryptographic algorithms and protocols that support ISO 15118, coupled with a software support package, it reduces time-to-market while allowing you to retain your current microcontroller.

No excuse for poor EV charger security

Like most new technologies, e-mobility comes with a learning curve. The industry is still figuring out what impact electrical energy, rather than fossil fuels, will have on all aspects of vehicle ownership. As you would expect, international standard development organizations like ISO tackled the issue of security during charging from the beginning. However, now that the technology is being used more widely, use cases are becoming clear.

V2G is also gradually being integrated into the latest models of vehicles and EVSEs, something that wasn’t the case at the inception of ISO 15118-2. Furthermore, weaknesses in the original standard were highlighted by how CPOs want to offer services such as Plug and Charge.

With the publication of ISO 15118:20, OEMs and EVSE manufacturers have a much clearer definition of how to provide what users want from EV charging and how to tackle the related security challenges. For its part, the semiconductor industry is providing a range of advanced, highly secure solutions, available as both standalone devices and integrated into microcontrollers. Coupled with evaluation boards, software, and support from Avnet Silica, design engineers are well-positioned to protect the EV ecosystem from hackers and bad actors when charging their vehicles.

Follow Avnet Silica on LinkedIn

• Road Vehicles – Vehicle to grid communication interface
• NXP solutions for automotive and secure EV charging