The case for ISO 15118 and OCPP 2.0: preventative solutions to hacking charging infrastructure
Charging infrastructure • 17. January 2018
RFID card technology is not working. Sure, it is the most widely used tool to charge electric vehicles but, at the same time, unsecure RFID cards put both vehicles and drivers at incredible risk to hackers. Electric vehicle charging stations haven’t yet been widely adopted and already, they are being successfully hacked.
The good news is: a solution exists. The e-mobility industry simply needs to implement it. In this post, we’ll look how current charging practices place users at extreme risk for financial fraud and what’s being done (and not done) to combat it. We’ll also cover preventative measures you can take right now to avoid the security breach and widespread loss of user trust, and pave the way for seamless adoption of e-mobility around the world.
This article is outlined as follows:
- Putting users at risk: potential for fraudulent billing due to insecure RFID cards
- Lack of encryption on unique IDs as single authentication tokens leaves users exposed
- The case for ISO 15118: mitigate the risk of hackers across charging infrastructure
- OCPP 2.0: The secure and ISO 15118-compliant successor of OCPP 1.5 and 1.6
- Learn about ISO 15118 and try out the open-source project RISE V2G
Putting users at risk: potential for fraudulent billing due to insecure RFID cards
Europe’s largest association of hackers, the Chaos Computer Club (CCC), held their 34th annual Chaos Communication Congress in Germany this past December. There, CCC member Mathias Dalheimer’s talk isolated current RFID cards as simply not secure. RFID technology is supposed to identify and authorize users for a charging session, but instead it leaves leeway for financial fraud.
Dalheimer proved this through use cases in which hackers easily get access to the interior of a charging station, manipulate their configuration data and make counterfeit RFID cards to steal users’ account information. He said that it’s rather trivial for hackers to make counterfeit copies of RFID cards with the data gained from the charging station and fraudulently bill transactions to the unprotected accounts of countless users.
Sadly, this security risk has existed for years and shows no sign of letting up thanks to lack of motivation and inaction by the charging infrastructure industry.
The majority of mobility operators, the companies with whom you conclude a charging contract with, and Charging Station Operators (CPOs) continue to use MIFARE Classic RFID cards. A CCC talk given back in 2007 already demonstrated that the weak crypto implementation of MIFARE Classic technology could be hacked within a few simple steps, making it trivial to copy any other MIFARE Classic RFID card.
What’s worse is that companies had the chance to switch to the more secure MIFARE DESFire RFID cards long ago. Had they applied the cryptographic security mechanism that comes with those MIFARE DESFire cards, we wouldn’t be at this worrisome juncture.
Lack of encryption on unique IDs as single authentication tokens leaves users exposed
More troubling still: most CPOs use only the Universal Unique Identifier (UUID) stored on each RFID card to identify and authorize users for a charging process; the UUID is a publicly readable token and isn’t protected by any cryptographic mechanism whatsoever. A hacker can simply hold their fake copy of a user’s RFID card to the charging station’s reader and the counterfeit-copy of a user’s UUID will be communicated to the CPO’s backend IT system using the widespread Open Charge Point Protocol (OCPP). The CPO then uses this faulty user data to bill mobility operators for unlimited charging that the user did not authorize.
Dalheimer points out that OCPP version 1.5, as it is used at most charging stations, does not use a digital signature-based authentication procedure and therefore has a level of data security that is essentially non-existent. He adds that hacking the UUIDs of countless previous charging sessions is as simple as using a screwdriver to open the charging station and plugging in a USB stick. Add a programmable RFID card to the mix and using other people’s accounts for fraudulent charging sessions becomes nearly effortless.
Since charging processes are often only billed on a monthly basis, the user is confronted with the problem of having to challenge unauthorized charging processes in the end.
Mr. Dalheimer is right to be sounding the alarm. He called for the e-mobility industry to meet the following demands:
- Raise security of charging stations
- Offer more secure payment and identification methods
- Protect relevant data within a single charging cycle and beyond
On the eve of widespread adoption of the electric car, it is irresponsible for companies to knowingly wait for “enough” cases of financial fraud and user upset to finally change course and implement a more secure technology. Especially when that technology already exists.
The case for ISO 15118: mitigate the risk of hackers across charging infrastructure
As welcome as I find his alarm, I’m surprised Mr. Dalheimer hasn’t realized that a responsible faction of the e-mobility industry is already using a tested solution that meets his demands. That is: ISO 15118, an internationally standardized Vehicle-to-Grid (V2G) communication interface.
Mr. Dalheimer detailed numerous concerning use cases of hackers infiltrating EV charging and billing. The promising technology of ISO 15118 and its convenient, tamper-free Plug & Charge identification mechanism have made these scenarios a thing of the past for companies like Innogy SE (acting as a CPO) and Daimler, who implement this technology in their Smart Electric Drive vehicles.
Allow me to show you what a secure charging session looks like:
Within the ISO 15118 framework, users choose their form of identification. They can opt to use External Identification Means (EIM) if necessary, which requires them to present an RFID card to the charging station’s reader, scan a QR code or manually insert a credit card for identification and payment.
For users concerned about protecting their data, they also have the option to select Plug & Charge instead. With the future-proofed Plug & Charge feature, the only user action required is to plug the charging cable from the EV to the charging station. All aspects of authentication, authorization, intelligent load control, and billing are taken care of automatically.
This advanced technology is based on public key infrastructures (PKIs) with digital certificates and digital signatures secured by a hybrid crypto system of symmetric and asymmetric encryption algorithms.
Transport Layer Security (TLS) is mandatory for Plug & Charge to establish a secured communication channel between the EV and the charging station. For EIM identification, the first edition of ISO 15118 also allows unencrypted data transmission. Yet, when the second edition comes out in 2019, TLS will be mandatory in all cases.
Additionally, XML-based digital signatures ensure that the authenticity and integrity of the exchanged data is still protected when sent from the charging station to the CPO and from there to other market players, like your mobility operator.
OCPP 2.0: The secure and ISO 15118-compliant successor of OCPP 1.5 and 1.6
Mr. Dalheimer makes the case that the current version of OCPP is worryingly unsecure. While he gave a thorough description of the enormous risk, he again overlooked the solution already on the market: OCPP version 2.0.
Just before his December 2017 talk, the Open Charge Alliance (OCA) published OCPP 2.0 for a public review. As a member of both the ISO 15118 standardization body and the OCA, I helped to draft OCPP 2.0 and made sure that ISO 15118 data structures and security features are built right into this charging station management protocol. I am confident that this is the forward-looking resolution to the inherent data security risks within the industry’s current charging infrastructure.
In an ideal world, all charging stations would have ISO 15118-compliant features and total interoperability, not just for ease of engineers and manufactures but most importantly: drivers. At the end of his talk, Dalheimer proposes that the e-mobility community comes together to create solutions that solve this potential catastrophe of data security getting hacked all over the world. I agree. But there is no need to go back to the drawing board.
The solution to data security is here. The longer we delay taking action, the more we risk losing the money and trust of growing numbers of drivers and early adopters all over the world. We are in a pivotal moment for the future of e-mobility and it is time for players industry-wide to embrace ISO 15118 and related protocols like OCPP 2.0.
Learn about ISO 15118 and try out the open-source project RISE V2G
To learn more about the inner mechanics of ISO 15118, take a look at my eBook, the ISO 15118 Manual. Sign up for the V2G Clarity newsletter for a free and extensive excerpt of the manual.
To gain practical experience with ISO 15118 and its Plug & Charge feature, take a look at RISE V2G – an intensively tested reference implementation of ISO 15118 that is highly appreciated by companies and research institutions worldwide. A perfect starting guide for RISE V2G is the free RISE V2G Basics online course called “Revolutionize Electric Vehicle Charging – With Plug & Charge Powered by RISE V2G”.
I have long envisioned the day when electric vehicles finally outnumber the gas guzzlers currently polluting our environment. My hope is that this vision becomes reality within the next ten years – at least as far as new registration figures are concerned. I’ll do everything I can with my work to facilitate this goal.
Contact me anytime via email or the chat box in the lower right corner with questions, comments and feedback.
Sign up at the bottom of this page for the V2G Clarity newsletter and get these topics and more delivered right to your inbox. No spam guarantee.