EVs and the smart grid are a powerhouse combination that enables a host of useful capabilities. However, being connected also entails security risks. EVs present unique cybersecurity challenges, because they can be attacked both electronically and physically.
In a paper published in the IEEE Journal on Selected Areas in Communications, Jianying Zhou and Aldar Chan describe a new security system designed to protect vehicles from combined cyber/physical attacks.
“Most existing authentication systems merely apply cybersecurity schemes directly to the smart grid, leaving gaps in protection,” explains Zhou. “The problem is especially serious for EVs, because the charging infrastructure is publicly open. Anyone could plug in an EV, even if it is stolen.”
In a so-called substitution attack, a criminal can digitally imitate an EV, plugging in their own device while the EV owner pays for the electricity. Chan and Zhou demonstrated a successful substitution attack on an EV charging station, then devised an improvement to the standard challenge-response protocol in order to plug this security loophole.
“Instead of using a single challenge – which is a random number used to test if a user really is who he claims to be – we used one challenge sent through the wireless cyber path and another challenge through a physical path or the charging cable,” says Zhou. “This ensures that the EV is connected physically to the right spot in the power grid, and that it is a real EV meeting existing EV standards.”
In order to achieve physical authentication, Chan and Zhou had to design an onboard hardware mechanism that binds an EV to its digital identity. They were able to embed the challenge number in one of the signaling lines of the charging cable, so existing charging stations don’t need to be modified.