Background
The ISO 15118 standard (smart charging) is possible due to the exchange of identification and authorization information over the charging cable. The development and deployment of electric vehicle supply equipment (EVSE) in the U.S. surged (in 2021, growth was greater than 55%), driven by financial incentives. However, as the automotive industry adapts to new tech advancements, infrastructure faces frequent attacks due to immature cyber-physical system security practices. Early secure communication methods often suffer from misconfigurations or shortcuts. This project examined the authentication and authorization phases of ISO 15118 communication.
Figure 1: PnC model showing communication channels between the EV, EVSE, and backend servers that process payment.
Approach
SwRI owns a configurable DC Charger and obtained Plug-n-Charge (PnC)-capable vehicles and contract certificates. Utilizing this toolset, the project team investigated the feasibility of attacks against the communication protocols/Public Key Infrastructure (PKI) certificates while exploring measures to enhance the security of the Vehicle-to-Grid (V2G) ecosystem. This research included a detailed examination of the certificate exchange between EVs and charging infrastructure for payment purposes. The analysis also explored key aspects of PKI operations, such as certificate issuance, management, and revocation, to ensure the V2G ecosystem is protected against cyberattacks.
Figure 2: PKI tree-topology example shows root CA, tier 1/2 sub-CA and leaf certificates which are used to authenticate the vehicle and facilitate payment for charging.
Accomplishments
Comprehensive penetration testing of EV TLS implementations was performed, effectively identifying weaknesses within the handshake and certificate exchanges. This was enabled by obtaining and installing a programmable DC Fast Charger at SwRI. To complement this installation, SwRI developed a custom interface to manipulate V2G communication and control flow. Furthermore, SwRI’s equipment supports unofficial high voltage discharging of select EVs.
Presentations
Rodriguez, S. “Understanding the EVSE Ecosystem: Strategic Cyber Initiatives and Guidance for Advancing Secure Fast Charging.” International Battery Seminar & Exhibit, Orlando, Florida, March 3, 2025.