Enhancing security in the ISO 15118–20 EV charging system
Ross Porter, Morteza Biglari-Abhari, Benjamin Tan, Duleepa J. Thrimawithana
Abstract
Electric Vehicle (EV) ‘DC Fast Charging’ systems directly connect an EV’s battery to an external charger. A compromised EV charger may damage the EV or be used as part of a demand-side power grid attack. We show that the newest charging standard ISO 15118-20 is not sufficient to prevent charging attacks, as it provides no mechanism to verify charger integrity. We present system and threat models for the attack, before defining an extension to ISO 15118-20 that adds support for firmware integrity verification through remote attestation, while remaining interoperable with non-supporting devices. A proof of concept implementation demonstrates the security improvement by protecting against the specified attack while requiring only 85 bytes of secure storage, 8kB of working memory, and adding less than 0.5 seconds to the length of a charging session. Backwards compatibility with an implementation of the original standard is also demonstrated. • A system and threat model is developed for ISO 15118-20 EV charging • ISO 15118-20 is shown to be insufficient to protect against existing attacks • We develop a remote attestation protocol within ISO 15118-20 to improve security • An experimental platform tests interoperability and evaluates performance overheads