A source of enormous hope for the health of the planet is emerging: the automotive industry is shifting toward Electric Vehicles (EVs). With steady support from governments and leading automakers, nearly 10% of all new cars sold in 2021 were electric, bringing the total number of electric cars on the world’s roads to about 16.5 million.
One of the biggest challenges facing the EV industry, however, is the rollout of the charging infrastructure and the setup of an open and secure charging ecosystem. If EVs are to be successful, customers must be confident that charging is as easy as traditional refueling. Yet, the entire EV ecosystem is already attracting considerable attention from hackers and cybercriminals. So, how do you make sure it’s secure?
Let’s dive into the topic to learn more.
What is EV Plug and Charge?
How does EV Plug and Charge work?
What are the different segments of the EV Plug and Charge value chain?
What threats does unsecured Plug and Charge pose?
How do Plug and Charge security threats affect EV users?
What is a Vehicle-to-Grid (V2G) system?
What standards support a Vehicle-to-Grid (V2G) communication interface?
What are ISO 15118-2 and ISO 15118-20?
What is Public Key Infrastructure (PKI)?
How can securing with Public Key Infrastructure (PKI) limit Plug and Charge security threats?
How does PKI for Plug and Charge work?
What is Key & Credentials technology and how does it work?
Let’s talk!
Plug and Charge is the standard that enables the automated and secure charging of EVs. It works independently of the car brand, energy providers, energy contracts, or even the country a user is traveling in. Security and privacy are provided by strong authentication of all parties, to ensure that customers are billed for what they consume.
Once plugged into a charging station, the energy contracts installed into an EV are authenticated and the user is authorized to recharge its EV battery. In the most recent versions of the standard, ISO 15118-20, the vehicle is also authenticated and can have multiple contracts, so that the most convenient tariff is chosen before charging.
The driver doesn’t need to do anything – no pin codes, no credit cards are required to initiate the process. Once the vehicle is plugged in, it all happens automatically.
There are seven strategic actors included:
Each of these seven actors contributes to the application of Plug and Charge, affecting the efficiency of the ecosystem. By protecting it with cybersecurity, you can ensure that there are no bad actors that can interfere.
As is true with any innovative technology, also EV Plug and Charge – if not secured – is subject to some serious threats. These include:
When using an unsecured Plug and Charge station – or an unsecured vehicle – EV users can have their personal details (e.g., credit card numbers) and sensitive metering data (energy consumption) stolen and used to their disadvantage. More worryingly, the safety of the overall charging operation can be threatened. In case of an attack on the entire network, EV users will be left stranded.
Vehicle-to-Grid, or V2G, is a system in which EVs sell electricity to the power grid. It is used when an EV is plugged-in to charge and isn’t using the electricity stored in its battery. Sending electricity back to the electrical grid at a time of increased demand helps reduce pressure on the mainframe. Considering the tense geopolitical situation, an interesting application might be consumers using their EVs as intermediate energy storage to survive blackouts or electricity scarcity.
There are minimum standards set out by the International Electrotechnical Commission (IEC) and the International Organization for Standardization (ISO) that all companies providing EV charging stations should abide by to ensure system security These include:
ISO 15118-2 and ISO 15118-20 are a set of international standards that describe a V2G communication interface. These standards support elements critical to integrating connected cars with smart-grid infrastructure.
Protection of the Plug and Charge communications between EVs and charging stations is defined in ISO 15118-2, which was recently upgraded with ISO 15118-20. An X.509 Public Key Infrastructure (PKI) underpins the overall security architecture to enable a scalable, secure, interoperable and open ecosystem. The security solutions defined by ISO 15118-2 and 15118-20 extend beyond the charging stations to also include billing contracts issued by mobility operators.
PKI is a scalable security architecture based on public key cryptography. It is used to build and maintain trust within a complex network ecosystem, whereby devices trust digital certificates that are distributed via trusted Certification Authorities (CA). As an established technology, a PKI solution is also adopted by ISO 15118 to ensure that EVs, charging points, mobility operators and other parties can authenticate each other and operate securely.
The underlying security protocols of Plug and Charge limit threats by utilizing asymmetric cryptography with PKI. They are designed to address the major threats affecting the interface between EV users and charging stations, focusing on:
How does PKI for Plug and Charge work? (click to enlarge)
In essence, the Plug and Charge security is ensured through a combination of both symmetric (singular key for both encryption and decryption) and asymmetric (private key encryption with public key decryption) cryptographic algorithms. In a PKI, after authenticating themselves through a secure handshake, public and private keys are used to agree on a random session key.
Once a participant is enrolled, they receive a certificate that gives them a strong identity recognized and trusted across the EV ecosystem. It works very much like a passport: the PKI, functioning similarly to an embassy (Certification Authority), issues a passport (certificate) to the user (device). When the passport is checked at the border control (server), the outcome is decided on the spot, rather than having to check with the embassy every time. The device certificate is recognized by the other party and immediately trusted if found authentic.
The asymmetric public key embedded in the certificate is used for authentication and encryption of the data, in every communication that the participant is involved with.
The process takes place in three steps:
Keys & Credentials is a managed PKI service that enables secure authentication and authorization via Plug and Charge. It works in accordance with ISO 15118-2 and ISO 15118-20 and in compliance with the security rules applicable to the EV ecosystem. It establishes trust between the EVs, charging stations and mobility service providers/operators, enabling secure V2G communication. Keys & Credentials is a solution offered by Irdeto.
Electric Vehicle Plug and Charge is an exciting new technology that brings with itself a safer and smoother charging experience. But it also allows for creating a reliable and open energy marketplace.
Want to join the revolution? Reach out to us now to start a conversation.
CharIN Testival brought together titans of the automotive world to test and push the limits of EV interoperability and security.
EV drivers are now able to effortlessly locate and access charging points, pay for parking and charge their vehicles directly from their in-car media...
The EV charging ecosystem involves many stakeholders, technologies and standards. Interoperability is at the heart of this ecosystem, providing a...