Smart Charging of Electric Vehicles

Balancing privacy, security and functionality in public Smart Charging of EVs infrastructures

=+ + + ?

Carlos Montes PortelaIT (privacy and security) Architect

Enexis – Asset Management Innovation ElaadNL – Innovation and Development

OCA Conference – 18th of November 2014

Contents What is Smart Charging all about?

Why do privacy and security (P&S) matter in this context?

How can we approach P&S without loosing focus on functionality?

What measures can we take for a sufficiently secured charging infrastructure?

How and when do we start implementing these measures?

It’s about flexibility…

Who will have most benefits from Smart Charging?

A – Charge Spot Operator

C – E-mobility service providers

B - Driver D - ‘Green’ producer

A

time8AM 6PM

200A

200A

Challenges and opportunities for the DSO

A

time8AM 6PM

200A

200A

The Open Smart Charging Protocol (OSCP) informs about the availably capacity via a forecast per cable

Challenges and opportunities for the DSO

Not realistic?

Challenges and opportunities for the DSO

200A200A200A 200A

500A

A

time

500A

OSCP

Challenges and opportunities for the DSO

Challenges and opportunities for the DSO

uc Capacity forecast based Smart Charging

Smart Charging - EV handling Smart Charging - Capacity Management

Request smart charge (ToD, SoC)

DSO

EV

EMSP

Calculate chargeplan parameters

check E-market (e.g. RES, contraints)

Check local capacity constraints

Execute chargeplan

Energy B2B Market

CSO

Allocate and communicate local capacity forecasts

(FRAND)

Communicate real and desired usage

Measure (and store) actual I/U

Calculate capacity forecast

Analyse weather forecast

«include»

«precedes»

«flow»

«include»

«flow»

«precedes»

«flow»

«flow»«flow»

«precedes»

Contents What is Smart Charging all about?

Why do privacy and security (P&S) matter in this context?

How can we approach P&S without loosing focus on functionality?

What measures can we take for a sufficiently secured charging infrastructure?

How and when do we start implementing these measures?

Many components that come with even more risks…

B – Malware introduced into EV via compromised charge spot

What is the biggest privacy and security risk in Smart Charging?

A – Large number of charge details data revealed

C – DoS attack on charge spot via malicious card

D - …

Risks evolve over time and their calculation is complicated

Charge Spot

Operator

Service Provider

Privacy and security is a balancing act

Contents What is Smart Charging all about?

Why do privacy and security (P&S) matter in this context?

How can we approach P&S without loosing focus on functionality?

What measures can we take for a sufficiently secured charging infrastructure?

How and when do we start implementing these measures?

Start small, grow further from there…

We started with NIST 800-30

• Guidance not a goal on itself

• Goal: balancing P, S and F

Initial assumptions / thoughts:

• Lock should be cheaper than the bicycle

• Value, form and usage of bicycle is evolving…

• Desirable –vs- realizable

Risk assessment

Traditional approach didn’t work fully

Defined measures didn’t tackle

evolving EV market dynamics It is difficult for stakeholders to assess

possible future risks and define

appropriate measures now End-2-end security with many to

many relationships isn’t trivial

Preliminary study to get info on costs (necessary time and

resources)

Stepwise approach: use case analysis

Stepwise approach: evolvability

“The EVDSN variant”

Stepwise approach: evolvability

“The EMSP variant”

Stepwise approach: defining security objectives

Stepwise approach: defining an attacker model

Stepwise approach: risk analysis

Highests risks for the EV charging (risk x impact):• Authentication of EV drivers• Integrity and condentiality of communication between DSO and

CSO, and between CSO and CS• Integrity of the Charge Spot.

Knowing this what should we do?

A – Wait for a big P&S incident to happen

C – Stick to (not so) good old diesel and gasoline

B – Nothing, we are safe D – Find out what the end-2-end security design looks like

Contents What is Smart Charging all about?

Why do privacy and security (P&S) matter in this context?

How can we approach P&S without loosing focus on functionality?

What measures can we take for a sufficiently secured charging infrastructure?

How and when do we start implementing these measures?

An end-2-end security design for EV charging

• Integrity protection on meter readings - securing the integrity of data for smart charging and billing

• Secure communication channels – providing generic confidentiality protection on data (defense-in-depth)

• Customer authentication - securing the customer identity, through stronger authentication

An end-2-end security design for EV charging: integrity protection of the meter

readings

An end-2-end security design for EV charging: integrity protection of the meter

readings

An end-2-end security design for EV charging: integrity protection of the meter

readings

At the meter

At the DSO, CSP, CSO,

Aggregator, etc.

Meter data integrity is protected not in a point-to-point fashion, but it makes

safe distribution of meter data possible to n parties. This is key for futureproofness and

evolvability.

An end-2-end security design for EV charging: secure communication channels

Performance is key in charging infrastructures. Specially at the

charge spot for comfortable interaction with the EV driver.

Report suggests how to implement this (for Soap over

HTTP and JSON)

An end-2-end security design for EV charging: Customer authentication

4 alternatives were analyzed:1. Mechanisms that do not rely on shared secret

or public/private keys to perform authentication, such as the Lamport's login.

2. A GSM-like solution where the EMSP provides the authenticating entity with challenge/ response pairs based on the secret key.

3. Provisioning the RFID-card with a private key and the authenticating entity with the corresponding public key. Certicates can be used to be able to authenticate large numbers of RFID-cards with a single public key. This system is used in the recently deployed wireless payment systems of Dutch banks.

4. A diversied key solution such as the one used for authenticating OV chipcards.

Alternative 3 – Certificate based is advised as it can work without communication from the charge

spot to the back-office and verification can be done with a public key (no sensitive data is

stored for this purpose).

Independent of market model

EmSP

Retailer

Backoffice DSO

OSCPIP

Charge Spot

OCPP Mode 3

Customer

OSCP + security

measures are market

model-agnostic

Independent of market model

Retailer

Backoffice DSO

OSCPEmSP

Charge Spot

OCPP Mode3

IP

Customer

OSCP + security

measures are market

model-agnostic

Contents What is Smart Charging all about?

Why do privacy and security (P&S) matter in this context?

How can we approach P&S without loosing focus on functionality?

What measures can we take for a sufficiently secured charging infrastructure?

How and when do we start implementing these measures?

How can we implement the end-2-end security design in practice?

A – Address this topic in OCA workgroups

C – Through R&D projects like FP7 (EU)

B – Sharing best practices within OCA

D – …

Please contact us at:info@openchargealliance.org

www.openchargealliance.org

Carlos Montes PortelaE: carlos.montes-portela@enexis.nl P: +31 (0)6 52570518