Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

OCPPStorm: A comprehensive fuzzing tool for OCPP implementations

Coppoletta, Gaetano, Kaur, Amanjot, Valizadeh, Nima, Rana, Omer ORCID: https://orcid.org/0000-0003-3597-2646, Gjomemo, Rigel and Venkatakrishnan, V. N. 2024. OCPPStorm: A comprehensive fuzzing tool for OCPP implementations. Presented at: The Network and Distributed System Security (NDSS) Symposium 2024, San Diego, CA, USA, 26 Feb - 1 March 2024. Vehicle Security (alongside NDSS Symposium).

[thumbnail of vehiclesec2024-69-paper-v2.pdf]
Preview
 PDF - Accepted Post-Print Version
Download (353kB) | Preview

Abstract

In the last decade, electric vehicles (EVs) have moved from a niche of the transportation sector to its most innovative, dynamic, and growing sector. The associated EV charging infrastructure is closely following behind. One of the main components of such infrastructure is the Open Charge Point Protocol (OCPP), which defines the messages exchanged between charging stations and central management systems owned by charging companies. This paper presents OCPPStorm, a tool for testing the security of OCPP implementations. OCPPStorm is designed as a black box testing tool, in order to be able to deal with different implementations, independently of their deployment peculiarities, platforms, or languages used. In particular, OCPPStorm applies fuzzing techniques to the OCPP messages to identify errors in the message management and find vulnerabilities among those errors. It’s efficacy is demonstrated through extensive testing on two open-source OCPP systems, revealing its proficiency in uncovering critical security flaws, among which 5 confirmed CVEs and 7 under review. OCPPSTorm’s goal is to bolster the methodological approach to OCPP security testing, thereby reinforcing the reliability and safety of the EV charging ecosystem.

Item Type: Conference or Workshop Item (Paper)
Status: Published
Schools: Computer Science & Informatics
Funders: EPSRC
Date of First Compliant Deposit: 3 October 2024
Date of Acceptance: 3 January 2024
Last Modified: 07 Nov 2024 10:15
URI: https://orca.cardiff.ac.uk/id/eprint/172592

Actions (repository staff only)

Edit Item Edit Item
Download Statistics

Downloads

Downloads per month over past year

View more statistics

CORE (COnnecting REpositories)


Maintained by Cardiff University Information Services