A Proof-of-Concept for Token-Based Authentication for Secure EV Charging

Electric vehicles (EVs) start to be part of the urban environment. But still, the potential success of EVs is decelerated mostly because of long charging durations, and low user convenience when charging at different locations. Thus, the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) jointly develop international specifications for convenient and standardized charging management based on Vehicle-to-Grid (V2G) communication. As V2G communication has to be trustworthy, the draft standard ISO/IEC 15118 foresees several security mechanisms, mostly based on proven technologies like Transport Layer Security (TLS) and Public Key Infrastructure (PKI). Specifically, to enable Plug & Charge (PnC) in a secure way, automated authentication and authorization services are required. The standard proposes per-vehicle key stores as well as automatic certificate installation and update for charging contracts. However, the user has no freedom of choice after deciding for an e-Mobility Operator (eMO). From this model, the authors propose a token-based approach for removable credentials that increases the flexibility and user-friendliness and does not limit the subscription of a contract to one dedicated vehicle. Using this token, the user can even carry multiple charging contracts to benefit from the diversity of contract conditions and support various charging situations, e.g. at home, in the office, or at public places. The authors introduce the concept of the eMID (e-Mobility ID) and explore security aspects by reporting from a TVRA security analysis. By the eMID concept, the authors are able to show higher flexibility and user-friendliness on top of the approach of ISO/IEC 15118.