The case for ISO 15118 and OCPP 2.0: preventative solutions to hacking charging infrastructure

author
Marc Mültin
updated
June 7, 2022
published
January 17, 2018
Event date

Table of contents

RFID card technology is not working. Sure, it is the most widely used tool to charge electric vehicles but, at the same time, insecure RFID cards put both vehicles and drivers at incredible risk to hackers. Electric vehicle charging stations haven’t yet been widely adopted and already, they are being successfully hacked.The good news is: a solution exists. The e-mobility industry simply needs to implement it. In this post, we’ll look how current charging practices place users at extreme risk for financial fraud and what’s being done (and not done) to combat it. We’ll also cover preventative measures you can take right now to avoid the security breach and widespread loss of user trust, and pave the way for seamless adoption of e-mobility around the world.

Putting users at risk: potential for fraudulent billing due to insecure RFID cards

Europe’s largest association of hackers, the Chaos Computer Club (CCC), held their 34th annual Chaos Communication Congress in Germany this past December. There, CCC member Mathias Dalheimer’s talk isolated current RFID cards as simply not secure. RFID technology is supposed to identify and authorise users for a charging session, but instead it leaves leeway for financial fraud.

Dalheimer proved this through use cases in which hackers easily get access to the interior of a charging station, manipulate their configuration data and make counterfeit RFID cards to steal users’ account information. He said that it’s rather trivial for hackers to make counterfeit copies of RFID cards with the data gained from the charging station and fraudulently bill transactions to the unprotected accounts of countless users.

Sadly, this security risk has existed for years and shows no sign of letting up thanks to lack of motivation and inaction by the charging infrastructure industry.

The majority of mobility operators, the companies with whom you conclude a charging contract with, and Charging Station Operators (CPOs) continue to use MIFARE Classic RFID cards. A CCC talk given back in 2007 already demonstrated that the weak crypto implementation of MIFARE Classic technology could be hacked within a few simple steps, making it trivial to copy any other MIFARE Classic RFID card.

What’s worse is that companies had the chance to switch to the more secure MIFARE DESFire RFID cards long ago. Had they applied the cryptographic security mechanism that comes with those MIFARE DESFire cards, we wouldn’t be at this worrisome juncture.

Lack of encryption on unique IDs as single authentication tokens leaves users exposed  

More troubling still: most CPOs use only the Universal Unique Identifier (UUID) stored on each RFID card to identify and authorise users for a charging process; the UUID is a publicly readable token and isn’t protected by any cryptographic mechanism whatsoever. A hacker can simply hold their fake copy of a user’s RFID card to the charging station’s reader and the counterfeit-copy of a user’s UUID will be communicated to the CPO’s backend IT system using the widespread Open Charge Point Protocol (OCPP). The CPO then uses this faulty user data to bill mobility operators for unlimited charging that the user did not authorise.

Dalheimer points out that OCPP version 1.5, as it is used at most charging stations, does not use a digital signature-based authentication procedure and therefore has a level of data security that is essentially non-existent. He adds that hacking the UUIDs of countless previous charging sessions is as simple as using a screwdriver to open the charging station and plugging in a USB stick. Add a programmable RFID card to the mix and using other people’s accounts for fraudulent charging sessions becomes nearly effortless.  

Since charging processes are often only billed on a monthly basis, the user is confronted with the problem of having to challenge unauthorised charging processes in the end.

Mr. Dalheimer is right to be sounding the alarm. He called for the e-mobility industry to meet the following demands:

  • Raise security of charging stations
  • Offer more secure payment and identification methods
  • Protect relevant data within a single charging cycle and beyond 

On the eve of widespread adoption of the electric car, it is irresponsible for companies to knowingly wait for “enough” cases of financial fraud and user upset to finally change course and implement a more secure technology. Especially when that technology already exists.

The case for ISO 15118: mitigate the risk of hackers across charging infrastructure

As welcome as I find his alarm, I’m surprised Mr. Dalheimer hasn’t realised that a responsible faction of the e-mobility industry is already using a tested solution that meets his demands. That is: ISO 15118, an internationally standardised Vehicle-to-Grid (V2G) communication interface.

Mr. Dalheimer detailed numerous concerning use cases of hackers infiltrating EV charging and billing. The promising technology of ISO 15118 and its convenient, tamper-free Plug & Charge identification mechanism have made these scenarios a thing of the past for companies like Innogy SE (acting as a CPO) and Daimler, who implement this technology in their Smart Electric Drive vehicles.  

Allow me to show you what a secure charging session looks like:

Within the ISO 15118 framework, users choose their form of identification. They can opt to use External Identification Means (EIM) if necessary, which requires them to present an RFID card to the charging station’s reader, scan a QR code or manually insert a credit card for identification and payment.

For users concerned about protecting their data, they also have the option to select Plug & Charge instead. With the future-proofed Plug & Charge feature, the only user action required is to plug the charging cable from the EV to the charging station. All aspects of authentication, authorisation, intelligent load control, and billing are taken care of automatically.

This advanced technology is based on public key infrastructures (PKIs) with digital certificates and digital signatures secured by a hybrid crypto system of symmetric and asymmetric encryption algorithms.

Transport Layer Security (TLS) is mandatory for Plug & Charge to establish a secured communication channel between the EV and the charging station. For EIM identification, the first edition of ISO 15118 also allows unencrypted data transmission. Yet, when the second edition comes out in 2019, TLS will be mandatory in all cases.

Additionally, XML-based digital signatures ensure that the authenticity and integrity of the exchanged data is still protected when sent from the charging station to the CPO and from there to other market players, like your mobility operator.

OCPP 2.0: the securer and ISO 15118-compliant successor of OCPP 1.5 and 1.6

Mr. Dalheimer makes the case that the current version of OCPP is worryingly insecure. While he gave a thorough description of the enormous risk, he again overlooked the solution already on the market: OCPP version 2.0.  

Just before his December 2017 talk, the Open Charge Alliance (OCA) published OCPP 2.0 for a public review. As a member of both the ISO 15118 standardisation body and the OCA, I helped to draft OCPP 2.0 and made sure that ISO 15118 data structures and security features are built right into this charging station management protocol. I am confident that this is the forward-looking resolution to the inherent data security risks within the industry’s current charging infrastructure.

In an ideal world, all charging stations would have ISO 15118-compliant features and total interoperability, not just for ease of engineers and manufactures but most importantly: drivers. At the end of his talk, Dalheimer proposes that the e-mobility community comes together to create solutions that solve this potential catastrophe of data security getting hacked all over the world. I agree. But there is no need to go back to the drawing board.

The solution to data security is here. The longer we delay taking action, the more we risk losing the money and trust of growing numbers of drivers and early adopters all over the world. We are in a pivotal moment for the future of e-mobility and it is time for players industry-wide to embrace ISO 15118 and related protocols like OCPP 2.0.

Learn about ISO 15118 and try out the open-source project RISE V2G

To learn more about the inner mechanics of ISO 15118, take a look at my eBook, the ISO 15118 Manual. Sign up for the V2G Clarity newsletter for a free and extensive excerpt of the manual.

To gain practical experience with ISO 15118 and its Plug & Charge feature, take a look at RISE V2G (GitHub) – an intensively tested reference implementation of ISO 15118 that is highly appreciated by companies and research institutions worldwide. A perfect starting guide for RISE V2G is the free RISE V2G Basics online course called “Revolutionize Electric Vehicle Charging – With Plug & Charge Powered by RISE V2G”.

I have long envisioned the day when electric vehicles finally outnumber the gas guzzlers currently polluting our environment. My hope is that this vision becomes reality within the next ten years – at least as far as new registration figures are concerned. I’ll do everything I can with my work to facilitate this goal.
Contact me anytime via email or the chat box in the lower right corner with questions, comments and feedback.  

Sign up at the bottom of this page for the V2G Clarity newsletter and get these topics and more delivered right to your inbox. No spam guarantee.

Button Text
Marc Mültin
January 17, 2018

An e-book for beginners and experts alike. Reduces the steep learning curve of ISO 15118 by providing a comprehensive and easy-to-understand access to the Vehicle-to-Grid communication protocol. Written by our founder, one of the few co-authors of ISO 15118, this e-book has fast become standard literature in the industry.

Single User

Personal

All the knowledge you need to become an ISO 15118 expert

£410

  • Saves you many days of tiresome trial and error
  • Helps you to really understand ISO 15118
  • Free updates delivered to your inbox
Buy now
Multiple users

Business

Are you interested in copies for your colleagues or students? We offer company-wide licenses as well as licenses for academic libraries.

£1640

  • Train your team on this future-proof technology
  • Provide access to students of e-mobility tech
  • Ensure updates for each employee / student
  • Unlimited number of copies included in purchase
Request now

Want to try before you buy?

Get an extract from each chapter to see the quality and in-depth information you’ll get in the full e-book. The ISO 15118 Manual definitely helps you grow your expertise and positioning in the e-mobility market.

Provide your name and email address to get it delivered to your inbox.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Join a group of experts in the know

Since we have published our ISO 15118 Manual it has been purchased by the biggest names in our industry and has become standard literature.

as well as Daimler, Porsche, Shell, Tritium, and many more...

As we were intensively implementing and testing
ISO 15118, we noticed there was a lack of overview of Plug & Charge and the whole supply chain amongst
our stakeholders.

Our training with Marc helped us achieve a much better understanding of the whole ecosystem. It led to constructive discussions on the requirements and concept of ISO 15118 in general.

Angelika Neuleitner,

charging system Specialist at Ionity

Working with recognized standards is the right way forward for the integration of electric vehicles into the grid, and we value Switch’s strong experience with the ISO 15118 standard.

We were able to leverage Marc’s insights to corner some of the keys issues pertinent to V2G in the published standard that needed to be addressed.

Hamza Lemsaddek,

Director embedded solutions at Nuvve Corporation

Attending Switch’s intensive two day training with the team gave us a deep dive into ISO 15118 and the different use cases.

We were able to validate our design with regards to the ecosystem and beyond. We now have a head start for the development of our next generation chargers and are able to support our customers for the deployment of the equipment all over Europe.

Johan Devos,

business development Manager at ENOvates

Certificate handling in ISO 15118 is a quite complex issue. Marc’s well prepared one-day course on this topic and his deep knowledge helped us to train our team and speed up the development of the ISO 15118 Plug & Charge
charging controller.

Johannes Bergmann,

eMobility Charging Systems DEVELOPER at SIEMENS AG

When I was working with students on ISO 15118 projects, Marc's courses tremendously helped in getting students to understand the standard quickly and dive into coding without hesitation. Marc's crystal-clear explanations with eye-catching graphics will make you an EV charging expert in one week.

Minho Shin,

Professor at Myongji University

In two exciting training days, Marc quickly and effectively explained ISO15118 communication to our experienced development team. In addition to the in-depth technical knowledge, the information about the communication standards that are still being established is very valuable. The training will definitely help us to make the implementation more effective.

Reinhard Starzinger,

Project Manager Electric Mobility AT Keba AG

Device Management
DEF:

Device Management

With OCPP 2.0.1 and the new device model concept, a station can automatically describe its full layout and capabilities to the cloud-based CSMS. This allows for plug-and-play installation of a charging station. It also lets the CSMS read and control any component remotely.

Sara
DEF:

Sara

Sara stands for Station Analytics and Remote Administration

OCA
DEF:

OCA

The Open Charge Alliance is the official body that specifies OCPP 2.0.1 and defines a set of certification profiles. Each profile tests a certain set of functionalities. Depending on the functionality of your charger or CSMS, you might want to certify for either a subset or all of these profiles.

CI/CD
DEF:

CI/CD

Continuous Integration / Continuous Deployment (CI/CD)

Scotti
DEF:

Scotti

Scotti stands for Simple Compliance Testing Tool for Interoperability.

EXI
DEF:

EXI

Efficient XML Interchange (EXI) is a very compact representation of XML. All ISO 15118 messages are defined in XML. EXI improves serialisation and parsing speed on embedded devices (like an EV and a charging station controller) and allows more efficient use of memory and battery life, compared to standard (textual) XML.

MQTT
DEF:

MQTT

The Message Queuing Telemetry Transport (MQTT) is a lightweight, publish-subscribe network protocol that transports messages between devices.

CSMS
DEF:

CSMS

A CSMS is a cloud-based management system operated by the company that is managing the charging stations. A charging station connects to a CSMS using OCPP (Open Charge Point Protocol).

ACD-P
DEF:

ACD-P

Automated Connection Device (ACD), a conductive charging concept that doesn't require a person to plug in the charging cable. A first implementation is ACD-P, where 'P' stands for 'pantograph' charging of buses.

PLC
DEF:

PLC

Power line communication, a communication technology that enables sending data over existing power cables.

SLAC
DEF:

SLAC

Signal Level Attenuation Characterisation (SLAC) is based on power line communication (specifically HomePlug Green PHY) and is a protocol to establish the data link between the EV and the charging station via the charging cable.

CPO
DEF:

CPO

Charge Point Operator, the entity monitoring and managing an EV charger network.