Abstract

The adoption of electric vehicles (EVs) has seen a significant rise in recent years, driven by the need to reduce greenhouse gas emissions and create greener cities. This has led to the development of a new EV charging ecosystem, composed of both physical and cyber systems. The physical layer consists of high-wattage IoT charging equipment and the power grid, while the cyber layer provides access and flexibility.

As the EV ecosystem has advanced, securing it has become crucial due to its critical role in providing essential services. The inter-connectivity of charging equipment and the lack of standardization make the system an attractive target for cyber attacks, with the potential to disrupt and destabilize the power grid. Khaled Sarieddine's research contributions aim to address these security challenges. The thesis provides a comprehensive analysis of the EV ecosystem, starting with a detailed literature review and the creation of a real-time co-simulation testbed that includes both cyber and physical layer components. The research develops an advanced fingerprinting technique to identify EV charging stations (EVCSs) in the wild and investigates the malware threat landscape, discovering Mirai-infected EVCSs. It also examines mobile applications as a potential attack vector against the power grid, identifying vulnerabilities that could be exploited to initiate unlawful charging sessions. Furthermore, the research assesses the security of OCPP backends worldwide, uncovering 6 zero-day vulnerabilities in each of 16 vendors studied. These vulnerabilities impact the infrastructure's confidentiality, integrity, and availability (CIA triad). To mitigate the limitations of centralized detection algorithms, the research develops an edge-based detection mechanism to identify oscillatory load attacks that leverage both physical and cyber layer features. By addressing these security challenges, this research contributes to the development of a more secure and resilient EV charging ecosystem, ensuring the reliable and safe provision of essential services to individuals and businesses.