Re-thinking Privacy: Strengthening Anonymity in Electric Vehicle Plug-and-Charge Communication

Rethinking Privacy & Strengthening Anonymity in Electric Vehicle Plug & Charge Communication

Key Concepts:

• ISO 15118: The primary communication protocol for Plug & Charge EV charging, enabling authentication, billing, and vehicle-to-grid services.
• Plug & Charge: Automated authentication and charging initiation without driver intervention.
• TLS (Transport Layer Security): A cryptographic protocol providing secure communication channels, currently used in ISO 15118.
• X.509 Certificates: Digital certificates used for authentication and identity verification within the e-mobility ecosystem.
• Proximity Pilot (PP): A communication pin on the EV connector enabling communication between the charging station and the vehicle.
• Power Line Communication (PLC): A digital communication technique used in modern EVs for communication with charging points.
• 3GPP AKA (Authentication and Key Agreement): A mobile network authentication protocol inspiring the proposed solution.
• Tamarind Improver: A formal verification tool used to prove the security of the proposed protocol.
• ASGCM, SHA-2, SHA-3, ASCON: Contemporary cryptographic algorithms evaluated for performance.
• E-mobility Service Provider (eMSP): The entity responsible for managing charging sessions, billing, and user authentication.
• Charging Point Operator (CPO): The entity operating and maintaining the charging infrastructure.

1. Introduction & Background on EV Charging

The webinar, presented by Natmi Arachi, a PhD student at the Canadian Institute for Cyber Security, focused on privacy vulnerabilities in Electric Vehicle (EV) Plug & Charge communication. The presentation highlighted the rapid growth of the EV market (increasing from <5% in 2018 to nearly 20% in 2023, projected to reach 50% by 2030) and the corresponding expansion of the attack surface. The research aims to secure and preserve privacy within EV charging protocols.

2. Electric Vehicle Types & Connector Standards

Three main EV types were outlined: Battery Electric Vehicles (BEVs), Plug-in Hybrid Electric Vehicles (PHEVs), and Hybrid Electric Vehicles (HEVs). The research focuses on BEVs and PHEVs, capable of external charging. Different connector types (AC vs. DC, varying by geographical region and voltage) were discussed, emphasizing the role of the Proximity Pilot (PP) pin (Pin 4) in enabling communication between the EV and the charging point. Modern EVs utilize Power Line Communication (PLC) for digital data exchange.

3. Communication Protocols in EV Charging

The presentation detailed the communication protocols involved in EV charging. ISO 15118 is the dominant protocol for EV-to-charging point communication, supporting charging, billing, and vehicle-to-grid services. Back-end communication between the charging point, e-mobility service provider (eMSP), and other entities utilizes protocols like OCPP, OCPI, and OCP. The research specifically focuses on ISO 15118 and the communication between the EV, charging point, and eMSP. The automated authentication process within ISO 15118, while convenient, introduces security concerns.

4. Security & Privacy Concerns in ISO 15118

The current ISO 15118 protocol relies on X.509 digital certificates and TLS channels for security. However, the presentation argues that sharing certificates and identity information with the charging point (considered a "trusted but curious" entity) creates significant privacy risks. Potential attacks include:

• Charging Session Linking Attacks: Utilizing TLS session resumption tokens to link multiple charging sessions and track EV behavior.
• Charging Point Surveillance & EV Profiling: Malicious charging points misusing EV certificates to track and profile EV owners.
• EV Fingerprinting: Identifying EVs based on unique TLS parameters.

Recent incidents, including a 2023 ransomware attack on a European charging network and a data breach at Digital Charging Solutions (September 2023), underscore the real-world implications of these vulnerabilities. The core issue is the exposure of Personally Identifiable Information (PII) during the charging process.

5. Proposed Solution: A Secure Anonymous Hybrid Authentication Protocol

To address these concerns, Natmi Arachi and her team developed a secure and anonymous hybrid authentication protocol inspired by the 3GPP AKA protocol. Key features include:

• Anonymous Certificate Exchange: Concealing the EV’s identity from the charging point.
• Hybrid Key Agreement: Utilizing key encapsulation and decapsulation techniques.
• Authenticated Encrypted and Associated Data (AEAD): Ensuring secure key exchange.
• Session Key Derivation: Establishing a secure session between the EV and charging point.

The protocol maintains the existing ISO 15118 message sequence, minimizing implementation complexity. It avoids reliance on TLS authentication, eliminating associated vulnerabilities. The eMSP generates authentication vectors that do not contain any PII, providing anonymity.

6. Implementation & Evaluation

The protocol was implemented and tested in a testbed environment:

• EV: Raspberry Pi 4 Model B (2GB RAM)
• Charging Point & eMSP: Desktop environment (Intel i7, 16GB RAM)
• Cryptographic Libraries: Crypto++, MBTLS, OpenSSL 3.0.5
• Elliptic Curve: NISTP 256

Performance was evaluated using 27 different combinations of contemporary cryptographic algorithms (ASGCM, SHA-2, SHA-3, ASCON). Results showed that the ASCON cipher suite performed best on the resource-constrained Raspberry Pi, while the ASGCM/SHA-2 combination was optimal for the desktop environment. The protocol’s security was formally verified using the Tamarind Improver.

7. Formal Verification & Security Proof

The protocol's security was formally verified using the Tamarind Improver, demonstrating its resistance to various attacks. This provides a mathematical guarantee of the protocol's security properties.

8. Conclusion & Future Directions

The research concludes that rethinking privacy is crucial in e-mobility, making it a core design principle rather than an afterthought. The proposed protocol offers a viable solution for enhancing privacy in ISO 15118 Plug & Charge communication. The key takeaway is the need to prioritize privacy-preserving authentication mechanisms in EV charging infrastructure to mitigate the risks of data breaches and protect user information.

Notable Quote:

“It’s time to rethink privacy in e-mobility, making it a core design principle not an afterthought.” – Natmi Arachi.