On the Feasibility of Profiling Electric Vehicles through Charging Data Ankit Gangwaly Aakash Jainy and Mauro Contix

2025-04-24 0 0 682.77KB 9 页 10玖币
侵权投诉
On the Feasibility of Profiling Electric Vehicles
through Charging Data
Ankit Gangwal, Aakash Jain, and Mauro Conti§
International Institute of Information Technology, Hyderabad
§University of Padua
Email: gangwal@iiit.ac.in, aakash.jain@students.iiit.ac.in, mauro.conti@unipd.it
Abstract—Electric vehicles (EVs) represent the long-term
green substitute for traditional fuel-based vehicles. To encourage
EV adoption, the trust of the end-users must be assured.
In this work, we focus on a recently emerging privacy threat
of profiling and identifying EVs via the analog electrical data
exchanged during the EV charging process. The core focus of
our work is to investigate the feasibility of such a threat at scale.
To this end, we first propose an improved EV profiling approach
that outperforms the state-of-the-art EV profiling techniques.
Next, we exhaustively evaluate the performance of our improved
approach to profile EVs in real-world settings. In our evaluations,
we conduct a series of experiments including 25032 charging
sessions from 530 real EVs, sub-sampled datasets with different
data distributions, etc. Our results show that even with our
improved approach, profiling and individually identifying the
growing number of EVs appear extremely difficult in practice;
at least with the analog charging data utilized throughout the
literature. We believe that our findings from this work will further
foster the trust of potential users in the EV ecosystem, and
consequently, encourage EV adoption.
I. INTRODUCTION
The growing concerns related to the climate crisis have
led a global movement to adopt green and renewable energy
for a sustainable future. Electric Vehicles (EVs) represent a
long-term ecological substitute for fossil fuel-based vehicles.
EVs are even perceived as the key patrons for achieving
near zero carbon footprint [26, 27]. Today, EVs are becoming
increasingly popular as well as gaining widespread adoption.
As a representative example, the global sales of EVs in Q1 ’21
were over 2.5 times of their sales in Q1 ’20 [1]. As an
estimate [12], the annual EV sales will reach over 31.1 million
by 2030; which will represent approximately 32% of new car
sales worldwide. Furthermore, some vehicle manufactures have
plans to produce only EVs by 2040 [2].
With the increasing adoption of EVs, the demand for
their charging apparatus, i.e., Electric Vehicle Supply Equip-
ments (EVSEs), is naturally increasing. Although EV charg-
ing equipment can be installed on residential premises, their
absence in public spaces is often seen as a limiting factor,
This is an extended version of our paper in VehicleSec 2023 (co-located
with NDSS Symposium 2023), San Diego, CA.
which restricts EV users to not travel far away from the
charging station. Various governments, as well as industry
players, are working to solve this issue by increasing the
presence of EVSEs in public spaces. For instance, the USA,
Germany, and China have allocated dedicated funds to develop
the EV charging network [12] in their countries. On the
other hand, companies are installing EVSEs in their parking
lots for their employees [26]. Thus, we can expect major
growth in publicly available EVSEs in the coming years that
will reduce infrastructure availability concerns, increase users’
convenience, and may further boost EV adoption.
Unlike the refueling process of conventional vehicles, the
charging process of EVs involves complex communication
protocols and information exchange between users/EVs and
EVSEs infrastructure. To initiate a charging session on a
public EVSE, a user has to book a charging session, negotiate
power requirements, authorize the session and payment for the
service, and finally station the vehicle for the duration of the
charging process. The overall charging process of EVs can
be divided into two parts: (i) resource negotiation phase and
(ii) actual charging phase [17, 20].
As the interactions (between the user and EVSE infras-
tructure) in the former phase involve exchanging private infor-
mation, such interactions are protected by the state-of-the-art
communication protocols and cryptographic mechanisms [3,
14]. The interactions (between EV and EVSE infrastructure)
in the latter phase primarily focus on transferring energy
to recharge the vehicle and do not involve sharing of any
personal information. Therefore, the signals in the charging
phase are neither authenticated nor coded; these signals are
exchanged in the clear. Consequently, an attacker may exploit
such unprotected signals as a side channel to gain information
about the EV, e.g., its battery behavior [23].
Motivation: As the majority of public EVSEs are installed
without proper physical access control or supervision, such
equipments are accessible to anyone [4, 8]. Thus, attackers
targeting EVSE infrastructure can modify [3] EVSE’s physical
port and gather data related to the charging phase of benign
users’ EVs. In fact, recent works [6, 7, 23] demonstrate how to
use such data/signals to profile EVs with certain assumptions.
Such attacks, if possible in real-world settings, can severely
threaten users’ privacy because attacker(s) - who have access
to multiple public EVSEs - can track the movements of users
who use compromised charging stations. In this paper, we
investigate the extent and feasibility of such profiling of EVs
in real-world scenarios. One of the major benefits of such an
investigation is that it will help the community to understand
the actual magnitude of EV profiling threat.
Symposium on Vehicles Security and Privacy (VehicleSec) 2023
27 February 2023, San Diego, CA, USA
ISBN 1-891562-88-6
https://dx.doi.org/10.14722/vehiclesec.2023.23021
www.ndss-symposium.org
arXiv:2210.05433v2 [cs.CR] 14 Feb 2023
The key idea behind EV profiling is that each EV exhibits
unique physical characteristics during a charging session. More
precisely, when the State of Charge (SoC) of the battery
goes above a certain threshold (say, over 60% or 80%), the
current and voltage drawn by the vehicle solely depend on the
battery’s implementation. Therefore, these physical properties
- which can differ from one EV to another - can be used to
create signatures of EV batteries; consequently, the signature
of EVs. Authors in work [23] demonstrate modeling the
behavior of EV batteries from their charging data. Their work
extracts features from analog charging signals and uses that
information for battery profiling via clustering-based approach.
EVScout attack (originally EVScout1.0 [7], and recently EVS-
cout2.0 [6]) further improved such profiling of EVs by utilizing
different machine learning techniques.
Contributions: In this paper, we begin with improving the
state-of-the-art of EV profiling. To understand the impact of
the improved EV profiling approach at scale in the real world,
we emphasize on the multi-class classification (contrary to
binary classification considered in the state-of-the-art profiling
approach) to evaluate its efficacy in profiling/identifying a
particular EV. Furthermore, we consider datasets that vary in
size, balancing, and distribution to closely simulate different
settings. The major contributions of this paper are as follows:
1) We propose an improved EV profiling approach that
outperforms the state-of-the-art, i.e., EVScout.
2) We exhaustively evaluate the quality of our improved
approach at scale by considering a significantly large
dataset of charging sessions from real EVs as well as
different classification techniques, etc.
Organization: The remainder of this paper is organized as
follows. Section II presents a brief summary of the funda-
mental concepts related to our work. Section III explains our
threat model and attack infrastructure. Section IV elucidates
the implementation details of our approach. Section V reports
our experimental evaluations. Section VI comments on the
limitations of the current practices to profile EVs. Section VII
concludes the paper.
II. BACKGROUND
The concept of using electric or analog data for the
purpose of user profiling has been extensively studied in the
literature [11]. The central aspect of the EV charging system is
the EVSE infrastructure. A central control unit is responsible
for monitoring the operation of all EVSEs connected to a par-
ticular grid. These operations include appropriate scheduling
of charging processes (keeping track of power availability and
maximum allowed load for the network, etc.) and constituting a
gateway for secure communication between the grid and an EV
(to allow user authentication, etc.). It is important to note that
EVSEs are typically part of a complex network, where they can
communicate with each other, an EV, or the control unit via
appropriate communication interfaces. Such communications
happen over a secure channel that can be wireless or wired.
An EV user must be connected to the control center via a
car or mobile application. The security considerations of this
communication network is addressed by strong cryptographic
tools and mechanisms [13].
The physical port on EVSEs that connects it to an EV is
built upon SAE J1772 Standard [25] (cf. Fig. 1). According
to this standard, a port consists of five lead connectors. Out
of these five leads, three are are connected to the grid via
relays while the other two leads are used for signaling. In
particular, these two leads individually carry proximity signal
and pilot signal. The proximity signal verifies whether the
physical connection between the EV and EVSE’s port is safe
and that the communication or charging can proceed. On the
other hand, the pilot signal serves as a communication medium
between the EV and EVSE to signal charging level, etc.
The charging characteristics of the battery units used in
EVs also play a part in the profiling process. Most battery
units deployed in EVs today are lithium-ion batteries [9].
The charging process for standard lithium-ion batteries is
distinctive, where the drawn current and voltage follow a
fixed profile [20]. In particular, its charging process can be
of two types, i.e., Constant Power/Constant Voltage (CP/CV)
and Constant Current/Constant Voltage (CC/CV). In this work,
we only consider the latter as sufficient data is not publicly
available for CP/CV charging-based EVs. The CC/CV charg-
ing method consists of two phases:
1) Constant Current: It is the primary phase of charging,
during which the current passed remains constant while
the voltage across the battery terminals varies.
2) Constant Voltage: It is the latter phase of charging, during
which the current passed drops while the voltage across
the battery terminals remains constant.
The transition from the CC to CV phase is roughly preset,
but it is also ascribed by the state and condition of the
EV’s battery. Such transition threshold varies between 60%
and 80% of the battery’s SoC. Similar to the state-of-the-
art, our approach utilizes analog signal data (e.g., current
and pilot signals) obtained from the CC/CV charging phases
for EV profiling. Nonetheless, our work differs in various
aspects, including an improved profiling algorithm, modeling,
classification approach, etc.
III. THREAT MODEL
EV profiling attacks (e.g., EVScout [6, 7]) present in the
literature assume that an attacker is capable of installing a
physical device - typically over EVSEs’ physical port - to
intercept the analog signals exchanged between EVSEs and
EVs. With such a device in place, the attacker(s) can intercept,
record, or transmit the observed signals to the attacker(s),
where they can process the collected signals. It is worth
mentioning that if such a device has wireless transmission
capabilities, then tracing the original attacker(s) can become
even more difficult. By tampering multiple EVSEs, the at-
tacker(s) can have access to multiple charging sessions of
different (often, even the same) EVs. Therefore, the attacker(s)
can exploit such charging data to profile the unique charging
behavior of an EV’s battery; which essentially means the
profile of that EV.
The data obtained by such a data collection practice will be
unlabeled because the extracted signal is analog in nature and
does not contain any personally identifying details. Manual
monitoring, utilizing cameras, or collusion with local staff
can make the attack sophisticated. Nevertheless, by gathering
2
摘要:

OntheFeasibilityofProlingElectricVehiclesthroughChargingDataAnkitGangwaly,AakashJainy,andMauroContixyInternationalInstituteofInformationTechnology,HyderabadxUniversityofPaduaEmail:gangwal@iiit.ac.in,aakash.jain@students.iiit.ac.in,mauro.conti@unipd.itAbstract—Electricvehicles(EVs)representthelong-t...

展开>> 收起<<
On the Feasibility of Profiling Electric Vehicles through Charging Data Ankit Gangwaly Aakash Jainy and Mauro Contix.pdf

共9页,预览2页

还剩页未读, 继续阅读

声明:本站为文档C2C交易模式,即用户上传的文档直接被用户下载,本站只是中间服务平台,本站所有文档下载所得的收益归上传人(含作者)所有。玖贝云文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私,请立即通知玖贝云文库,我们立即给予删除!

相关推荐

更多
立即下载
分类:图书资源 价格:10玖币 属性:9 页 大小:682.77KB 格式:PDF 时间:2025-04-24

开通VIP享超值会员特权

  • 多端同步记录
  • 高速下载文档
  • 免费文档工具
  • 分享文档赚钱
  • 每日登录抽奖
  • 优质衍生服务

作者详情

相关内容

更多

热门标签

人际关系 配电装置 动力学连接体 力的合成 高考理综 全宋诗作者索引 公务员考试
/ 9
评分 收藏
分享
立即下载
客服
关注