Addressing Security in OCPP: Protection Against Man-in-the-Middle Attacks

摘要

The Open Charge Point Protocol (OCPP) is a communication standard for the exchange of data between a Charge Point (CP) and the Central Server (CS) in the electric vehicle domain. This protocol is envisioned to offer interoperability between the different manufacturers of charging points, network systems and IT back-end vendors. However, the current version of the specification is quite vague in terms of handling security and privacy, which results in a set of non-addressed threats, which we look at in this paper. Specifically, this paper focuses on Man-in-the-Middle attacks between the CP and the CS that may expose sensitive data of special interest to the various stake-holders involved in this context. As a counter-measure, we present a feasible solution and assess its behaviour in a simulator. The inclusion of additional security mechanisms is also studied, in compliance with the IEC 62351 standard.