A quantitative framework for physical cybersecurity in public EVSE systems

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-09-25 DOI:10.1016/j.cose.2025.104685

Ahmet Kilic

{"title":"A quantitative framework for physical cybersecurity in public EVSE systems","authors":"Ahmet Kilic","doi":"10.1016/j.cose.2025.104685","DOIUrl":null,"url":null,"abstract":"<div><div>Public Electric Vehicle Supply Equipment (EVSE) is increasingly exposed to physical cyberattacks due to its open, unattended, and hardware-accessible deployment in critical infrastructure. Despite growing connectivity, there is a lack of structured and quantitative methodologies to assess the risks arising from physical manipulations targeting components such as power supplies, USB ports, and RFID readers.</div><div>This study introduces HO-PHYSICS (Holistic Physical Cybersecurity Systematics), a novel framework designed to identify, model, and quantitatively evaluate physical cyber threats in public EVSE environments. The framework consists of three integrated components: (1) Hybrid Threat Structuring (HTS) for modeling attack trees with physical and logical nodes, (2) Attack Potential Evaluation (APE) for multi-criteria risk scoring, and (3) Simulative System Stress Testing (S3T) based on dynamic MATLAB/Simulink simulations.</div><div>To validate the framework, three representative attack scenarios are examined: PSU manipulation, RFID spoofing, and USB-based sabotage. The corresponding APE scores range from 23 to 30 (out of 50), indicating high feasibility and low detectability. Time-based simulations confirm critical system risks and enable a structured derivation of mitigation strategies.</div><div>The developed framework bridges a methodological gap between normative security standards and operational risk analysis. It offers a transferable tool for researchers, infrastructure operators, and regulators to assess and improve physical cybersecurity in EVSE systems.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"159 ","pages":"Article 104685"},"PeriodicalIF":5.4000,"publicationDate":"2025-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825003748","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Public Electric Vehicle Supply Equipment (EVSE) is increasingly exposed to physical cyberattacks due to its open, unattended, and hardware-accessible deployment in critical infrastructure. Despite growing connectivity, there is a lack of structured and quantitative methodologies to assess the risks arising from physical manipulations targeting components such as power supplies, USB ports, and RFID readers.

This study introduces HO-PHYSICS (Holistic Physical Cybersecurity Systematics), a novel framework designed to identify, model, and quantitatively evaluate physical cyber threats in public EVSE environments. The framework consists of three integrated components: (1) Hybrid Threat Structuring (HTS) for modeling attack trees with physical and logical nodes, (2) Attack Potential Evaluation (APE) for multi-criteria risk scoring, and (3) Simulative System Stress Testing (S3T) based on dynamic MATLAB/Simulink simulations.

To validate the framework, three representative attack scenarios are examined: PSU manipulation, RFID spoofing, and USB-based sabotage. The corresponding APE scores range from 23 to 30 (out of 50), indicating high feasibility and low detectability. Time-based simulations confirm critical system risks and enable a structured derivation of mitigation strategies.

The developed framework bridges a methodological gap between normative security standards and operational risk analysis. It offers a transferable tool for researchers, infrastructure operators, and regulators to assess and improve physical cybersecurity in EVSE systems.

查看原文本刊更多论文

公共EVSE系统中物理网络安全的定量框架

公共电动汽车供电设备（EVSE）由于其在关键基础设施中的开放、无人值守和硬件可访问的部署，越来越容易受到物理网络攻击。尽管连通性不断增长，但缺乏结构化和定量的方法来评估针对电源、USB端口和RFID读取器等组件的物理操作所产生的风险。本研究引入了HO-PHYSICS（整体物理网络安全系统学），这是一个新的框架，旨在识别、建模和定量评估公共EVSE环境中的物理网络威胁。该框架由三个集成组件组成：(1)混合威胁结构（HTS），用于对具有物理和逻辑节点的攻击树建模；(2)攻击潜力评估（APE），用于多准则风险评分；(3)基于MATLAB/Simulink动态仿真的仿真系统压力测试（S3T）。为了验证该框架，研究了三种典型的攻击场景：PSU操纵、RFID欺骗和基于usb的破坏。相应的APE得分在23到30之间（满分50分），表明高可行性和低可检测性。基于时间的模拟确认了关键的系统风险，并能够结构化地推导缓解策略。开发的框架弥合了规范性安全标准和操作风险分析之间的方法差距。它为研究人员、基础设施运营商和监管机构提供了一种可转移的工具，以评估和改善EVSE系统的物理网络安全。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.