Privacy-Preserving Architecture for EV Charging and Billing

Abstract

The development and deployment of Electric Vehicle (EV) technologies is receiving a great deal of attention from the scientific community, industry representatives, and policy-makers alike. As a result, EV technologies have advanced considerably over the past years and the global adoption rate of EVs is steadily increasing. The past developments in the EV sector, however, were mostly driven by environmental and/or financial goals and have largely neglected the important topics of security and privacy. The lacking consideration of these topics is especially obvious in the processes of EV charging and billing. Due to the highly security- and privacy sensitive nature of these processes, this situation results in an unacceptable level of risk to EV users and is arguably not compliant to contemporary data protection law, i.e., the General Data Protection Regulation (GDPR). This thesis assesses popular, open source EV charging protocols and identifies the involved personal data. Furthermore, a detailed security- and privacy threat analysis is conducted based on the STRIDE (for security) and LINDDUN (for privacy) methodologies showing, for instance, the high risk of an adversary being able to build movement profiles of EV users. In order to address the identified threats, this thesis propose a privacy-preserving architecture for the charging and billing of EVs. The proposed architecture aims to protect the security of an EV user’s payment credentials based on trusted computing methods as well as protect the privacy of users based on a concept for unlinkable charge authorizations. The architecture is designed to provide its protections even under consideration of powerful physical-access adversaries and curious operators while being compatible with the existing definitions of roles and processes in EV charging to the fullest extent possible. The architecture is implemented as a proof-of-concept to show its feasibility and evaluated with respect to the identified threats. The evaluation shows the appropriateness of the solution for the use case, its high degree of compatibility to the current EV charging protocols, and the high level of security- and privacy protections it can provide. The proposed architecture is argued to be an ideal candidate for protecting the charging and billing of EVs especially under consideration of the GDPR’s strict provisions.