Principal Investigators
Sabrina Rodriguez
Nathan Millwater
Inclusive Dates 
04/01/2024 to 12/01/2025

Background

The ISO 15118 standard, which enables smart charging for electric vehicles, facilitates the exchange of identification and authorization information directly through the charging cable. In the U.S., the deployment of electric vehicle supply equipment (EVSE) experienced rapid growth, exceeding 55% in 2021, largely fueled by financial incentives. However, as the automotive industry integrates new technological advancements, charging infrastructure remains vulnerable to cyberattacks. This project focused on analyzing the authentication and authorization processes within ISO 15118.

Diagram showing flow of communication between EV, EVSE, and backend servers

Figure 1: PnC model showing communication channels between the EV, EVSE, and backend servers that process payment.

Approach

Southwest Research Institute (SwRI) owns a configurable DC charger and has acquired Plug-and-Charge (PnC)-enabled vehicles along with certificates. Using this setup, the project team explored attacks on communication protocols and Public Key Infrastructure (PKI) certificates, while also identifying ways to enhance the security of the Vehicle-to-Grid (V2G) ecosystem. The research involved a thorough analysis of the certificate exchange process between electric vehicles and charging infrastructure, focusing on payment authentication. Additionally, the study examined critical aspects of PKI operations, including certificate issuance, management, and revocation, to bolster the V2G ecosystem’s protection against cyberattacks.

Diagram showing PKI tree-topology examples

Figure 2: PKI tree-topology example shows root CA, tier 1/2 sub-CA and leaf certificates which are used to authenticate the vehicle and facilitate payment for charging.

Accomplishments

Southwest Research Institute (SwRI) installed a programmable DC fast charger as part of its testing infrastructure. To enhance functionality, SwRI developed a custom interface designed to manipulate Vehicle-to-Grid (V2G) communication and control flow. This setup enabled comprehensive penetration testing of electric vehicle Transport Layer Security (TLS) implementations, successfully uncovering vulnerabilities in handshake processes and certificate exchanges. Additionally, SwRI’s equipment is capable of supporting unofficial high-voltage discharging for specific electric vehicle models, further expanding its testing capabilities.

Presentations

Rodriguez, S. “Understanding the EVSE Ecosystem: Strategic Cyber Initiatives and Guidance for Advancing Secure Fast Charging.” International Battery Seminar & Exhibit, Orlando, Florida, March 3, 2025.