@article {Alcaraz2023b, title = {OCPP in the spotlight: threats and countermeasures for electric vehicle charging infrastructures 4.0}, journal = {International Journal of Information Security}, year = {In Press}, publisher = {Springer}, address = {Springer Verlag}, abstract = {

Undoubtedly, Industry 4.0 in the energy sector improves the conditions for automation, generation and distribution of energy, increasing the rate of electric vehicle manufacturing in recent years. As a result, more grid-connected charging infrastructures are being installed, whose charging stations (CSs) can follow standardized architectures, such as the one proposed by the open charge point protocol (OCPP). The most recent version of this protocol is v.2.0.1, which includes new security measures at device and communication level to cover those security issues identified in previous versions. Therefore, this paper analyzes OCPP-v2.0.1 to determine whether the new functions may still be susceptible to specific cyber and physical threats, and especially when CSs may be connected to microgrids. To formalize the study, we first adapted the well-known threat analysis methodology, STRIDE, to identify and classify threats in terms of control and energy, and subsequently we combine it with DREAD for risk assessment. The analyses indicate that, although OCPP-v2.0.1 has evolved, potential security risks still remain, requiring greater protection in the future.

}, issn = {1615-5262}, doi = {https://doi.org/10.1007/s10207-023-00698-8}, url = {https://link.springer.com/article/10.1007/s10207-023-00698-8}, author = {Cristina Alcaraz and Jesus Cumplido and Alicia Trivi{\~n}o} } @article {AlcarazLopezWolthusen2017, title = {OCPP Protocol: Security Threats and Challenges}, journal = {IEEE Transactions on Smart Grid}, volume = {8}, year = {2017}, month = {02/2017}, pages = {2452 - 2459}, publisher = {IEEE}, abstract = {

One benefit postulated for the adoption of Electric Vehicles (EVs) is their\ ability to act as stabilizing entities in smart grids through bi-directional charging,\ allowing local or global smoothing of peaks and imbalances. This benefit,\ however, hinges indirectly on the reliability and security of the power flows\ thus achieved. Therefore this paper studies key security properties of the alreadydeployed\ Open Charge Point Protocol (OCPP) specifying communication between\ charging points and energy management systems. It is argued that possible subversion\ or malicious endpoints in the protocol can also lead to destabilization of\ power networks. Whilst reviewing these aspects, we focus, from a theoretical and\ practical standpoint, on attacks that interfere with resource reservation originating\ with the EV, which may also be initiated by a man in the middle, energy theft or\ fraud. Such attacks may even be replicated widely, resulting in over- or undershooting\ of power network provisioning, or the (total/partial) disintegration of the\ integrity and stability of power networks.

}, keywords = {Charging Infrastructure, Cyber Security, Cyber- Physical Systems, OCPP, Smart Grid}, issn = {1949-3053 }, doi = {https://doi.org/10.1109/TSG.2017.2669647}, author = {Cristina Alcaraz and Javier Lopez and Stephen Wolthunsen} } @article {rosado2009c, title = {Obtaining Security Requirements for a Mobile Grid System}, journal = {International Journal of Grid and High Performance Computing}, volume = {1}, year = {2009}, month = {Jan 2009}, pages = {1-17}, publisher = {IGI-Global}, abstract = {

Mobile Grid includes the characteristics of the Grid systems together with the peculiarities of Mobile Computing, withthe additional feature of supporting mobile users and resources ina seamless, transparent, secure and efficient way. Security ofthese systems, due to their distributed and open nature, isconsidered a topic of great interest. We are elaborating amethodology of development to build secure mobile grid systemsconsidering security on all life cycle. In this paper we present thepractical results applying our methodology to a real case,specifically we apply the part of security requirements analysis toobtain and identify security requirements of a specific applicationfollowing a set of tasks defined for helping us in the definition,identification and specification of the security requirements onour case study. The methodology will help us to build a securegrid application in a systematic and iterative way.

}, issn = {1938-0259}, doi = {10.4018/IJGHPC}, author = {David G. Rosado and Eduardo Fernandez-Medina and Javier Lopez} } @article {Zhou2005, title = {Optimised Multi-Party Certified Email Protocols}, journal = {Information Management \& Computer Security Journal}, volume = {13}, number = {5}, year = {2005}, pages = {350-366}, abstract = {

As a value-added service to deliver important data over the Internet with guaranteed receipt for each successful delivery, certified email has been discussed for years and a number of research papers appeared in the literature. But most of them deal with the two-party scenarios, i.e., there are only one sender and one recipient. In some applications, however, the same certified message may need to be sent to a set of recipients. In this paper, we presents two optimized multi-party certified email protocols. They have three major features. (1) A sender could notify multiple recipients of the same information while only those recipients who acknowledged are able to get the information. (2) Both the sender and the recipients can end a protocol run at any time without breach of fairness. (3) The exchange protocols are optimized, each of which have only three steps.

}, keywords = {Communication technologies, Telecommunications, Value added}, issn = {0968- 5227}, author = {Jianying Zhou and Jose A. Onieva and Javier Lopez} }