Security of EV-Charging Protocols
This addresses security risks in EV charging infrastructure, which is critical for protecting user data and preventing attacks, but it is incremental as it builds on existing security principles.
The paper analyzes security vulnerabilities in electric vehicle charging protocols in the Netherlands, identifying issues such as lack of end-to-end security and weak authentication, and recommends solutions like mandatory TLS and improved driver authentication methods.
The field of electric vehicle charging involves a complex combination of actors, devices, networks, and protocols. These protocols are being developed without a clear focus on security. In this paper, we give an overview of the main roles and protocols in use in the Netherlands. We describe a clear attacker model and security requirements, show that in light of this many of the protocols have security issues, and provide suggestions on how to address these issues. The most important conclusion is the need for end-to-end security for data in transit and long-term authenticity for data at rest. In addition, we highlight the need for improved authentication of the EV driver, e.g. by using banking cards. For the communication links we advise mandatory use of TLS, standardization of TLS options and configurations, and improved authentication using TLS client certificates.