Secu ecurity rity of EV f EV-charging charging Erik Poll Radboud University Nijmegen C-DAX is funded by the European Union's Seventh Framework Programme (FP7-ICT-2011-8) under grant agreement n ° 318708
EV EV ch char arging: ging: th the e good od an and th the e bad ad The good: potential for load balancing by scheduling EV charging – or even discharging – to match supply and demand The bad: need for congestion management - managing EV charging within limited local capacity of the line limited capacity NB two verify different reasons to (re)schedule EV charging! Erik Poll – Radboud University Nijmegen 2
EV EV ch char arging: ging: th the e ugly complexity: many parties involved big active impact on grid (and grid stability) esp. compared to much more passive smart metering (if smart meters do not have remote off-switch) privacy all the headaches of public transport card & smart meter? = + Erik Poll – Radboud University Nijmegen 3
Pa Parti ties es invo volve lved DSO (Distribution System Operator): regional utility company EMSP (E-Mobility Service Provider): electricity supplier with whom EV owner has a contract CSO (Charge Spot Operator) manages Charge Spots for customers of several EMSPs Energy supplier supplied electricity to ESMPs to sell on to its customers CSIO (Charge Spot Infrastructure Operator) performs on-line maintenance of charge spots for CSO Some of these roles may be performed by the same company; precise market model still in flux. Billing could involve roaming charges as for mobile phones. Erik Poll – Radboud University Nijmegen 4
Sm Smar art t ch chargi arging ng – wh whole le pict cture ure ESMP billing CSIO Mode 3 OCSP OCPP CSO SO DSO DSO charge spot cost consideration: does charge spot contain a smart meter of the DSO? substa station tion smart meter Erik Poll – Radboud University Nijmegen 5
Pr Priva vacy cy Lots of interesting potential for aggregation, eg to bill the ESMP, the CSO only needs to know total usage per ESMP, not which individual customers are involved to bill clients, the ESMP only needs to know total usage of a client, not where and when this client used this to monitor & manage the grid, the DSO only needs to know (aggregated) usage, not which client of which ESMP is involved Erik Poll – Radboud University Nijmegen 6
EV EV ch char arging ging – th the e DS DSO p per ersp spectiv ective DSO has to manage limited capacity of the line Simple solution: fixed max. capacity per house and charge spot • Downside: inflexible & restrictive, hence requiring huge investment in thicker cables Better solution: do congestion management by varying capacity available for EVs over time charge spot DSO DSO substa station tion smart limited capacity meter Erik Poll – Radboud University Nijmegen 7
Smar Sm art t ch chargi arging ng usi sing ng OCS CSP DSO informs CSO of available capacity, per 15 min. interval based on historical data & weather forecast Major cost saving in required physical infrastructure (ie. cables) charge OCSP OCPP spot CSO SO DSO DSO substa station tion smart meter Erik Poll – Radboud University Nijmegen 8
EV EV ch char arging ging – th the e CS CSO & & EM EMSP SP per ersp spectiv ective Customers of an EMSP can use public charge spots of any Charge Spot Operator. User authenticated using an RFID card billing energy gy EMSP suppl pplier ier billing authentication billing charge spot CSO SO Erik Poll – Radboud University Nijmegen 9
ESMP charge OCSP OCPP spot CSO SO DSO DSO Mode 3 substa station tion smart meter Erik Poll – Radboud University Nijmegen 10
Ce Centra tral Interoperabil teroperability ity Reg egister ster (C (CIR) ESMP ESMP ESMP CIR CIR charge OCSP OCPP spot CSO SO DSO DSO CSO SO DSO DSO Mode 3 CSO SO DSO DSO substa station tion smart meter Erik Poll – Radboud University Nijmegen 11
Pr Problem lem 1: 1: we weak ak au authentication thentication Authentication of customers uses only the serial number of the Mifare Classic RFID card. This can be eavesdropped & replayed, so cards are trivial to clone More general concern: security of Mifare Classic was already broken prior to the intro of EV charging. Why did nobody pick up on this in the design or before roll-out? Erik Poll – Radboud University Nijmegen 12
Pr Problem lem 2: 2: lac ack of en end-to to-end end se secu curity ty The discussion of security in OCPP and OSCP standards is limited This is the only mention of security anywhere in OCPP standard, on the very last (200 th !) page + using a standard security solution such as TLS is a good idea – securing this link might not provide end-to- end security we want… Erik Poll – Radboud University Nijmegen 13
Limi mitati tations ons of se secu cure e tu tunne nnels ls Using secure communication tunnels (and then using standard solutions such as TLS) is a good idea! However, these have their limits.... 1. Concatenated secure tunnels do not provide end-to-end security. Eg no end-to-end security between A and C below A B C TLS TLS as C will have to trust B! • so tunnels also do not work for one-to-many communication 2. TLS does not provide convenient non-repudation . For C to prove to a third party that B sent some data, it would have to log the entire TLS session Erik Poll – Radboud University Nijmegen 14
Sm Smar art t ch chargi arging ng – se secu curing ing one e link ESMP CIR CIR charge OCSP OCPP spot CSO SO DSO DSO Mode 3 substa station tion smart meter Erik Poll – Radboud University Nijmegen 15
Sm Smar art t ch chargi arging ng – se secu curing ing tw two links? s? ESMP CIR CIR charge OCSP OCPP spot CSO SO DSO DSO Mode 3 substa station tion smart meter Erik Poll – Radboud University Nijmegen 16
Sm Smar art t ch chargi arging ng – se secu curing ing al all links? s? ESMPs still DSOs still ESMP have to trust have to trust CSOs to provide CSOs to provide correct data correct data CIR CIR charge OCSP OCPP spot CSO SO DSO DSO Mode 3 substa station tion smart meter Erik Poll – Radboud University Nijmegen 17
Solution: “data - centric” security Instead of (better still, in addition to) securing the communication links, secure the data being sent • ie. sign or MAC the data This does provide end-to-end security, across any number of communicating parties Nice example of this: the ISO15118 standard supports this, by having , meter reading signed by both the EV and the charge spot Work in progress: pilot by E-Laad on more secure RFID card for authentication, which will also sign meter reading records for charging session Erik Poll – Radboud University Nijmegen 18
Co Conclus clusions ions Lots of parties exchanging information, incl. billing information and information important to manage the grid Lots of scope for privacy concerns & solutions Do use secure tunnels, but don’t assume that this will automatically provide the end-to-end security needed • smart grid standard are right to stress end-to-end security, but precisely what does it mean in a specific context? Ie. also secure the data, not just the communication tunnels Erik Poll – Radboud University Nijmegen 19
Recommend
More recommend