This page is fully or partially automatically translated.

Send message to

Do you want to send the message without a subject?
Please note that your message can be maximum 1000 characters long
Special characters '<', '>' are not allowed in subject and message
reCaptcha is invalid.
reCaptcha failed because of a problem with the server.

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

Forums it-sa Expo 2023 Knowledge Forum C

How secure is the communication between charging station and electric car?

Security Testing of High-Level Charging Communication for eMobility

calendar_today Thu, 12.10.2023, 11:30 - 11:45

event_available On site

place Knowledge Forum C

Action description





Legislation, standards, regulations Industry 4.0 / IoT / Edge Computing Network Security / Patch Management

Key Facts

  • TLS (Transport Layer Security) DIN EN ISO 15118



This action is part of the event Forums it-sa Expo 2023

Action description

Since mid-2022, vehicle manufacturers have had to demonstrate cybersecurity when registering a new vehicle type in accordance with UNECE 155. As a result, they must now effectively secure the integrity and authenticity of communication between ECUs and between the vehicle and back-end systems.
Since Ethernet communications typically use TLS (Transport Layer Security) for protocol security, test systems must be developed for TLS implementation that not only secure functional aspects, but also test for cybersecurity vulnerabilities.
Cyberattacks on connectivity are becoming scalable and can lead to major negative impacts for automakers and their suppliers. UNECE Working Group 29 has therefore proposed regulations on cybersecurity - Regulation 155 - and software update management - Regulation 156 - which came into force at the beginning of 2021, creating a paradigm shift in the automotive industry in all participating member states. They stipulate, for example, that identified risks must be mitigated and extensive testing must be carried out.
Charging communication also falls under this regulation. Procedures such as Plug & Charge for charging and payment at public charging stations require encrypted communication in accordance with DIN EN ISO 15118.
However, the communication interfaces required for this also significantly increase the attack surface for potential hackers or cybercriminals. For example, attacks can cause a general disruption of the charging infrastructure, all the way to tapping identities that can be used for various types of fraud.
Testing the TLS interface
When server and client systems communicate with each other, securing these connections is now essential. It must be possible to prove at any time who was or is connected to whom, to encrypt the transmitted data so that third parties cannot read or modify it. These network connections use cryptographic technologies. In this context, the implementation as well as the correct use of existing libraries is a major challenge. 
When testing the TLS implementation, the following aspects must be taken into account:
- Conformance to the standard: conformance of the functional behavior to both RFC standards and the functional requirements of the automotive application, for example according to the ISO 15118 standard, must be ensured so that vehicle components can communicate with each other interoperably. 
- Configuration: The available variety of configuration options is so extensive that loopholes for attackers can arise both during integration and during subsequent configuration of the vehicle component. Verification of the configuration should ensure that it is secure in the sense of the requirements, for example according to the ISO 15118 standard or the BSI checklists. This includes, for example, the cipher suites used (according to ISO 15118, for example, only 2 specified cipher suites may be used)
- Tests for correct implementation: A robust protocol implementation should also be checked, for example in the event of manipulation of the message sequence or checking the padding for correctness.

... read more

Language: German

Questions and Answers: No


show more

This content or feature is available to the it-sa 365 community. 
Please register or log in with your login data.