Blog

Electric vehicle Plug and Charge technology 101 - Irdeto Insights

Written by Juha Hytönen | Sep 13, 2022 4:00:00 AM

A source of enormous hope for the health of the planet is emerging: the automotive industry is shifting toward Electric Vehicles (EVs). With steady support from governments and leading automakers, nearly 10% of all new cars sold in 2021 were electric, bringing the total number of electric cars on the world’s roads to about 16.5 million.

One of the biggest challenges facing the EV industry, however, is the rollout of the charging infrastructure and the setup of an open and secure charging ecosystem. If EVs are to be successful, customers must be confident that charging is as easy as traditional refueling. Yet, the entire EV ecosystem is already attracting considerable attention from hackers and cybercriminals. So, how do you make sure it’s secure?

Let’s dive into the topic to learn more.

Table of Contents

What is EV Plug and Charge?
How does EV Plug and Charge work?
What are the different segments of the EV Plug and Charge value chain?
What threats does unsecured Plug and Charge pose?
How do Plug and Charge security threats affect EV users?
What is a Vehicle-to-Grid (V2G) system?
What standards support a Vehicle-to-Grid (V2G) communication interface?
What are ISO 15118-2 and ISO 15118-20?
What is Public Key Infrastructure (PKI)?
How can securing with Public Key Infrastructure (PKI) limit Plug and Charge security threats?
How does PKI for Plug and Charge work?
What is Key & Credentials technology and how does it work?
Let’s talk!

What is EV Plug and Charge? 

Plug and Charge is the standard that enables the automated and secure charging of EVs. It works independently of the car brand, energy providers, energy contracts, or even the country a user is traveling in. Security and privacy are provided by strong authentication of all parties, to ensure that customers are billed for what they consume.

How does EV Plug and Charge work?

Once plugged into a charging station, the energy contracts installed into an EV are authenticated and the user is authorized to recharge its EV battery. In the most recent versions of the standard, ISO 15118-20, the vehicle is also authenticated and can have multiple contracts, so that the most convenient tariff is chosen before charging.

The driver doesn’t need to do anything – no pin codes, no credit cards are required to initiate the process. Once the vehicle is plugged in, it all happens automatically.

What are the different segments of the EV Plug and Charge value chain? 

There are seven strategic actors included:

  1. Energy Provisioning
  2. EV Manufacturer
  3. Installation & Field Services
  4. Site Ownership
  5. Asset Ownership
  6. Charging Station Operator (CSO)
  7. Electric Mobility Service Provider (eMSP).

Each of these seven actors contributes to the application of Plug and Charge, affecting the efficiency of the ecosystem. By protecting it with cybersecurity, you can ensure that there are no bad actors that can interfere.

What threats does unsecured Plug and Charge pose? 

As is true with any innovative technology, also EV Plug and Charge – if not secured – is subject to some serious threats. These include:

  • Stealing data – Hackers can spoof signals between the vehicle and the charger to steal, e.g., sensitive personal and transactional data.
  • Stealing energy from the grid – Hackers can access the power grid without paying to charge their own cars, or to charge EV batteries that they can sell to other EV users.
  • Hacking charging stations – While hacking of a single station may appear to have limited impact, all stations belong to a vast network. They are controlled by the charging operators via central back-ends and connected to other parties in the ecosystem. Taking control over a single station is the ideal springboard to attack and compromise the rest of the system. Attacks may be aimed at ransomware, compromise of personal data and financial information. It may even usher in a new era of energy piracy and free-for-all charging.
  • Infecting electric vehicles – A hacked charging station can be used to infect plugged-in vehicles and reprogram them for different attacks.
  • Attacking the energy grid – Hacking Plug and Charge infrastructure could allow for attacks on the national energy grid, e.g., through fake overloading or Distributed Denial-of-Service (DDoS).

How do Plug and Charge security threats affect EV users? 

When using an unsecured Plug and Charge station – or an unsecured vehicle – EV users can have their personal details (e.g., credit card numbers) and sensitive metering data (energy consumption) stolen and used to their disadvantage. More worryingly, the safety of the overall charging operation can be threatened. In case of an attack on the entire network, EV users will be left stranded.

What is a Vehicle-to-Grid (V2G) system? 

Vehicle-to-Grid, or V2G, is a system in which EVs sell electricity to the power grid. It is used when an EV is plugged-in to charge and isn’t using the electricity stored in its battery. Sending electricity back to the electrical grid at a time of increased demand helps reduce pressure on the mainframe. Considering the tense geopolitical situation, an interesting application might be consumers using their EVs as intermediate energy storage to survive blackouts or electricity scarcity.

What standards support a V2G communication interface? 

There are minimum standards set out by the International Electrotechnical Commission (IEC) and the International Organization for Standardization (ISO) that all companies providing EV charging stations should abide by to ensure system security These include:

  • IEC 62351 series defines the requirements for implementing security technologies in the operational environment. These include objects for network and system management, Role-Based Access Control (RBAC), cryptographic key management and security event logging.
  • IEC 62443 sets security standards for the secure development of Industrial Automation and Control Systems (IACS). It provides a thorough and systematic set of cybersecurity recommendations and is used to defend industrial networks against cybersecurity threats.
  • ISO 15118-2 and ISO 15118-20 work together, supporting the EV to grid interface.

What are ISO 15118-2 and ISO 15118-20? 

ISO 15118-2 and ISO 15118-20 are a set of international standards that describe a V2G communication interface. These standards support elements critical to integrating connected cars with smart-grid infrastructure.

Protection of the Plug and Charge communications between EVs and charging stations is defined in ISO 15118-2, which was recently upgraded with ISO 15118-20. An X.509 Public Key Infrastructure (PKI) underpins the overall security architecture to enable a scalable, secure, interoperable and open ecosystem. The security solutions defined by ISO 15118-2 and 15118-20 extend beyond the charging stations to also include billing contracts issued by mobility operators.

What is Public Key Infrastructure (PKI)? 

PKI is a scalable security architecture based on public key cryptography. It is used to build and maintain trust within a complex network ecosystem, whereby devices trust digital certificates that are distributed via trusted Certification Authorities (CA). As an established technology, a PKI solution is also adopted by ISO 15118 to ensure that EVs, charging points, mobility operators and other parties can authenticate each other and operate securely.

How can securing with PKI limit Plug and Charge security threats? 

The underlying security protocols of Plug and Charge limit threats by utilizing asymmetric cryptography with PKI. They are designed to address the major threats affecting the interface between EV users and charging stations, focusing on:

  • Data security – Confidentiality is critical not only for user confidence, but also for service providers who need to adhere to data security regulations, and for preventing extraction of information that could be used in attacks. Under ISO 15118, all data is encrypted in-transit using Transport Layer Security (TLS) and strong ciphers.
  • Secure authentication – Trusted digital certificates issued within a PKI ensure the integrity of both parties before any data is exchanged. PKI digital certificates are exchanged before each TLS session but are also used to authenticate contract certificates within ISO 15118.
  • Data integrity – TLS is also used to ensure that all data sent between the communicating parties hasn’t been tampered with in transit.

How does PKI for Plug and Charge work?

How does PKI for Plug and Charge work? (click to enlarge)

In essence, the Plug and Charge security is ensured through a combination of both symmetric (singular key for both encryption and decryption) and asymmetric (private key encryption with public key decryption) cryptographic algorithms. In a PKI, after authenticating themselves through a secure handshake, public and private keys are used to agree on a random session key.

Once a participant is enrolled, they receive a certificate that gives them a strong identity recognized and trusted across the EV ecosystem. It works very much like a passport: the PKI, functioning similarly to an embassy (Certification Authority), issues a passport (certificate) to the user (device). When the passport is checked at the border control (server), the outcome is decided on the spot, rather than having to check with the embassy every time. The device certificate is recognized by the other party and immediately trusted if found authentic.

The asymmetric public key embedded in the certificate is used for authentication and encryption of the data, in every communication that the participant is involved with.

The process takes place in three steps:

  1. Each party inspects the certificate of the other party and authenticates it as legitimate within the ecosystem. That authentication includes also a revocation check, to cover the possibility that the certificate was revoked since it was issued.
  2. Using an Elliptic Curve Diffie-Hellman (ECDH) protocol, a common session key is agreed upon and shared.
  3. The data is exchanged using a symmetric key algorithm, in encrypted and authenticated form. The actual detail of the algorithm depends on the cipher suites agreed during the handshake.

What is Key & Credentials technology and how does it work? 

Keys & Credentials is a managed PKI service that enables secure authentication and authorization via Plug and Charge. It works in accordance with ISO 15118-2 and ISO 15118-20 and in compliance with the security rules applicable to the EV ecosystem. It establishes trust between the EVs, charging stations and mobility service providers/operators, enabling secure V2G communication. Keys & Credentials is a solution offered by Irdeto.

Let’s talk! 

Electric Vehicle Plug and Charge is an exciting new technology that brings with itself a safer and smoother charging experience. But it also allows for creating a reliable and open energy marketplace.

Want to join the revolution? Reach out to us now to start a conversation.