Security Aspects of ISO 15118 Plug and Charge Payment
By: Jakob Löw , Vishwa Vasu , Thomas Hutzelmann and more
Potential Business Impact:
Lets cars steal electric charges from others.
For the rise of electric vehicles, especially for long-distance driving, minimizing charging times is vital. While multiple standards for DC fast charging exist, the leading standard in Europe is ISO 15118. In theory, this standard is accompanied by a variety of security controls, ensuring the authenticity and confidentiality of charging communication, as well as the exchange of payment information. In practice, these security controls are insufficient for effectively securing charging communication. In this paper, we go through all security controls defined in ISO 15118 and demonstrate their shortcomings. Most notably, we present a previously unpublished vulnerability in the plug and charge functionality of ISO 15118. We provide a proof-of-concept implementation of this vulnerability, which, allows a vehicle to be charged while a second, victim vehicle is billed for it. Additionally, we define an alternative plug and charge authentication scheme, which requires fewer efforts towards certificate enrollment and promises to be more resilient and future-proof. Our findings should be considered when implementing and advancing the standard, as the mitigation of the discovered vulnerability is critical for the security of fast charging.
Similar Papers
Streamlining Plug-and-Charge Authorization for Electric Vehicles with OAuth2 and OIDC
Cryptography and Security
Makes electric car charging automatic and easy.
Profiling Electric Vehicles via Early Charging Voltage Patterns
Cryptography and Security
Stops electric cars from being stolen while charging.
Addressing Weak Authentication like RFID, NFC in EVs and EVCs using AI-powered Adaptive Authentication
Cryptography and Security
Secures electric cars from hackers using smart AI.