解决OCPP中的安全问题:防止中间人攻击

2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS) Pub Date : 2018-02-01 DOI:10.1109/NTMS.2018.8328675

J. E. Rubio, Cristina Alcaraz, Javier López

{"title":"解决OCPP中的安全问题:防止中间人攻击","authors":"J. E. Rubio, Cristina Alcaraz, Javier López","doi":"10.1109/NTMS.2018.8328675","DOIUrl":null,"url":null,"abstract":"The Open Charge Point Protocol (OCPP) is a communication standard for the exchange of data between a Charge Point (CP) and the Central Server (CS) in the electric vehicle domain. This protocol is envisioned to offer interoperability between the different manufacturers of charging points, network systems and IT back-end vendors. However, the current version of the specification is quite vague in terms of handling security and privacy, which results in a set of non-addressed threats, which we look at in this paper. Specifically, this paper focuses on Man-in-the-Middle attacks between the CP and the CS that may expose sensitive data of special interest to the various stake-holders involved in this context. As a counter-measure, we present a feasible solution and assess its behaviour in a simulator. The inclusion of additional security mechanisms is also studied, in compliance with the IEC 62351 standard.","PeriodicalId":140704,"journal":{"name":"2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS)","volume":"60 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"29","resultStr":"{\"title\":\"Addressing Security in OCPP: Protection Against Man-in-the-Middle Attacks\",\"authors\":\"J. E. Rubio, Cristina Alcaraz, Javier López\",\"doi\":\"10.1109/NTMS.2018.8328675\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The Open Charge Point Protocol (OCPP) is a communication standard for the exchange of data between a Charge Point (CP) and the Central Server (CS) in the electric vehicle domain. This protocol is envisioned to offer interoperability between the different manufacturers of charging points, network systems and IT back-end vendors. However, the current version of the specification is quite vague in terms of handling security and privacy, which results in a set of non-addressed threats, which we look at in this paper. Specifically, this paper focuses on Man-in-the-Middle attacks between the CP and the CS that may expose sensitive data of special interest to the various stake-holders involved in this context. As a counter-measure, we present a feasible solution and assess its behaviour in a simulator. The inclusion of additional security mechanisms is also studied, in compliance with the IEC 62351 standard.\",\"PeriodicalId\":140704,\"journal\":{\"name\":\"2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS)\",\"volume\":\"60 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-02-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"29\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NTMS.2018.8328675\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NTMS.2018.8328675","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 29

摘要

开放充电点协议(OCPP)是电动汽车领域充电点(CP)与中央服务器(CS)之间数据交换的通信标准。该协议旨在为不同的充电点制造商、网络系统和IT后端供应商之间提供互操作性。然而，规范的当前版本在处理安全和隐私方面相当模糊，这导致了一系列未解决的威胁，我们将在本文中讨论这些威胁。具体来说，本文关注的是CP和CS之间的中间人攻击，这种攻击可能会将特殊利益的敏感数据暴露给这种情况下涉及的各种利益相关者。作为应对措施，我们提出了一个可行的解决方案，并在模拟器中评估了其行为。还研究了符合IEC 62351标准的附加安全机制。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Addressing Security in OCPP: Protection Against Man-in-the-Middle Attacks

The Open Charge Point Protocol (OCPP) is a communication standard for the exchange of data between a Charge Point (CP) and the Central Server (CS) in the electric vehicle domain. This protocol is envisioned to offer interoperability between the different manufacturers of charging points, network systems and IT back-end vendors. However, the current version of the specification is quite vague in terms of handling security and privacy, which results in a set of non-addressed threats, which we look at in this paper. Specifically, this paper focuses on Man-in-the-Middle attacks between the CP and the CS that may expose sensitive data of special interest to the various stake-holders involved in this context. As a counter-measure, we present a feasible solution and assess its behaviour in a simulator. The inclusion of additional security mechanisms is also studied, in compliance with the IEC 62351 standard.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS)

自引率

0.00%

发文量