Gaetano Coppoletta (University of Illinois Chicago), Rigel Gjomemo (Discovery Partners Institute, University of Illinois), Amanjot Kaur, Nima Valizadeh (Cardiff University), Venkat Venkatakrishnan (Discovery Partners Institute, University of Illinois), Omer Rana (Cardiff University)

In the last decade, electric vehicles (EVs) have moved from a niche of the transportation sector to its most innovative, dynamic, and growing sector. The associated EV charging infrastructure is closely following behind. One of the main components of such infrastructure is the Open Charge Point Protocol (OCPP), which defines the messages exchanged between charging stations and central management systems owned by charging companies. This paper presents OCPPStorm, a tool for testing the security of OCPP implementations. OCPPStorm is designed as a black box testing tool, in order to be able to deal with different implementations, independently of their deployment peculiarities, platforms, or languages used. In particular, OCPPStorm applies fuzzing techniques to the OCPP messages to identify errors in the message management and find vulnerabilities among those errors. It’s efficacy is demonstrated through extensive testing on two open-source OCPP systems, revealing its proficiency in uncovering critical security flaws, among which 5 confirmed CVEs and 7 under review. OCPPSTorm’s goal is to bolster the methodological approach to OCPP security testing, thereby reinforcing the reliability and safety of the EV charging ecosystem.

View More Papers

FP-Fed: Privacy-Preserving Federated Detection of Browser Fingerprinting

Meenatchi Sundaram Muthu Selva Annamalai (University College London), Igor Bilogrevic (Google), Emiliano De Cristofaro (University of California, Riverside)

Read More

Attributions for ML-based ICS Anomaly Detection: From Theory to...

Clement Fung (Carnegie Mellon University), Eric Zeng (Carnegie Mellon University), Lujo Bauer (Carnegie Mellon University)

Read More

Improving the Robustness of Transformer-based Large Language Models with...

Lujia Shen (Zhejiang University), Yuwen Pu (Zhejiang University), Shouling Ji (Zhejiang University), Changjiang Li (Penn State), Xuhong Zhang (Zhejiang University), Chunpeng Ge (Shandong University), Ting Wang (Penn State)

Read More

Detecting Voice Cloning Attacks via Timbre Watermarking

Chang Liu (University of Science and Technology of China), Jie Zhang (Nanyang Technological University), Tianwei Zhang (Nanyang Technological University), Xi Yang (University of Science and Technology of China), Weiming Zhang (University of Science and Technology of China), NengHai Yu (University of Science and Technology of China)

Read More