Safety recommendations for electric vehicle charging stations

Posted date 06/02/2020
Author
INCIBE (INCIBE)
station

The automotive market is being revolutionized due to the fact that some countries are planning on banning the sale of combustion vehicles with a view to a not-so-distant future. This means that more and more charging points will be deployed in order to meet the demand of electric vehicles, so guaranteeing the security of this equipment is of the utmost importance.

Previously, the usage protocols used in the charging stations, and between them and the vehicles, were shown in Secure use of communications and protocols at charging stations. Therefore, in this case, we will focus on the mode of operation and the security measures that should be implemented, given that if an attacker manipulates these stations, they could obtain sensitive information on the characteristics of a charging car, manipulate the flow of electricity, change operating parameters, etc.

Architecture of electric vehicle charging stations

Before learning about security measures to be implemented in the charging stations, it is a good idea to understand the architecture of these stations and their main elements, the charging points (the station itself), the charge point operators (CPO) and the distribution system operators (DSO).

The charging point’s functions are:

  • To provide and control the energy exchanged between the electric vehicle and the charging station by using the Electric Vehicle Supply Equipment (EVSE) component which supplies electricity to the vehicles.
  • To gather specific information regarding the measurements marked by the meter each time an electric vehicle is charged.
  • To establish the appropriate authentication mechanisms in order to identify and authorize electric vehicle users to charge it.
  • To activate remote capabilities (for example, setting the maximum energy allowed by the charging point) to the charging point by means of the local controller component using WAN.

The role and functions of the CPO are:

  • To provide EV users permissions in order to charge.
  • To gather data, processes and measurements.
  • To control the flow of energy allowed between the charging point and the EV based on the data provided by the DSO.
  • To guarantee the stability of the energy source.
  • To provide connection to the CPO.
  • To connect the CPO.

The role and functions of the DSO are:

  • To predict the available capacity.
  • To guarantee the stability of the energy source.

Architecture charging station

- Architecture of a charging station. Source: European Network for Cyber Security. -

In the proposed architecture, we can see how an electric vehicle (EV) connects to the charging station by means of a specific plug defined by the IEC 62196 standard. Once connected, the user must identify themselves in the authentication terminal by means of a Bluetooth mobile application, with specific RFID cards, etc. This authentication will allow the charging point to come online in order to supply and control the energy it sends to the car in order to charge it. In order for the user to know when the car is charged, panels within the charging station itself, notifications on mobile devices, etc. are often used.

Security recommendations

If we want to guarantee the security of electric charging stations or points we need to tackle security from various different points:

  • The security of the communications between the charging point and CPO must be ensured, so that they cannot be intercepted or altered by third parties.
  • Complete a code analysis of both mobile applications developed to interact with the electric charging point and the software installed in the station that will interact with such mobile application.
  • The physical access points of the device must be secure, so that it is impossible to extract any of its internal components, in particular those that could contain a microprocessor or memory.
  • Firmware updates must be supported, so that any vulnerability detected may be corrected.

In order to ensure the aforementioned security measures, the electric vehicle charging stations must comply with the following security measures and recommendations both in their communications and physical access points.

Communications

  • Communications with the CPO through the WAN should be done implementing the use of digital signatures. In this way various security principles are guaranteed, like the message was sent by a known entity (authentication), the message was really sent by who it says it was (non-repudiation) and that the message was not altered by third parties (integrity).
  • Additionally the information should be encrypted by means of TLS in order to ensure the confidentiality of the transmitted information.
  • If a message is detected as having been modified, such message should be rejected. In turn, the device (charging station) should allow for the parties with which it is communicating to be able to verify the integrity of its messages.

ElaadNL scheme

- Communication scheme using certificates and digital signatures. Source: ElaadNL. -

  • The device must be able to detect packet replay attacks and reject such packets. A counter may be used or a nonce may be sent in authentication in order to detect the replay of packets.

A correct management of the system’s events is also recommended so that:

  • Security events of the system are securely stored, preventing their possible alteration by attackers. These events may include user activities, changes in credentials, possible signs of attempted attacks and changes and updates.
  • The events will be sent to a SIEM for their processing.

Physical access points

  • Detection and registration of any attempt to physically manipulate the charging station. For this, it is advisable to have sensors that detect any opening or physical manipulation of the devices that shape the station.
  • Deploy a surveillance system in order to have proof of the physical manipulation the devices have undergone by an attacker.

Furthermore, it is advisable to control logical access, so that users, their roles and credentials are properly managed:

  • To support the updating of credentials and cryptographic keys.
  • To support the use of session time limits and that it is configurable.
  • The device’s passwords should be stored with a salt and using hash mechanisms in order to guarantee the security of credentials.
  • Additionally, a strong password policy will be followed in order to prevent possible dictionary or brute force attacks.
  • For electric vehicle user authentication in the terminal, a token should be used that makes use of the challenge-response mechanism. This token will be identified by means of a single UID.

Firmware updates should also be installed on the device so that:

  • The device can support the remote firmware update.
  • Prior to installing any update, it should be reviewed to check for any modification or possible malware.
  • Prior to installing any update, it should be verified that the source is the official provider or manufacturer.
  • It is advisable to regularly review the devices’ security so that the firmware updates include the solution to possible discovered vulnerabilities.

Finally, at the time of deploying the charging station, it is recommended that a hardening process is followed in the same way that:

  • All services that are not strictly necessary for operation are disabled.
  • Services that have some type of known vulnerability are disabled.
  • Only the communication protocols necessary for the operation of the equipment are used.
  • Direct remote access is only allowed through the WAN interface of the local controller.
  • Unnecessary ports and interfaces must be disabled. In particular, any debug port of the device.
  • The default accounts, such as guest or anonymous, must be deleted. Furthermore, any unnecessary user account from the provider will also be disabled. Remote access to administrator accounts should be not be allowed.

Conclusions

Electric cars and their charging stations are becoming increasingly more present in our lives, so it is important to bear in mind some of the minimum-security requirements discussed in this article.

It is also advisable to assess the proposed recommendations in the development stage and implement them, whenever possible, in order to avoid large expenses in modifying products or suffering attacks once the product is deployed in production. All of these tips allow for increased cybersecurity in charging stations and reduced exposure to both possible physical and logical attacks.