[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content
Springer Nature Link
Log in

HoneyEVSE: An Honeypot to Emulate Electric Vehicle Supply Equipments

  • Conference paper
  • First Online:
Computer Security. ESORICS 2023 International Workshops (ESORICS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14398))

Included in the following conference series:

  • 491 Accesses

Abstract

To fight climate change, new “green” technology are emerging, most of them using electricity as a power source. Among the solutions, Electric Vehicles (EVs) represent a central asset in the future transport system. EVs require a complex infrastructure to enable the so-called Vehicle-to-Grid (V2G) paradigm to manage the charging process between the smart grid and the EV. In this paradigm, the Electric Vehicle Supply Equipment (EVSE), or charging station, is the end device that authenticates the vehicle and delivers the power to charge it. However, since an EVSE is publicly exposed and connected to the Internet, recent works show how an attacker with physical tampering and remote access can target an EVSE, exposing the security of the entire infrastructure and the final user. For this reason, it is important to develop novel strategies to secure such infrastructures.

In this paper we present HoneyEVSE, the first honeypot conceived to simulate an EVSE. HoneyEVSE can simulate with high fidelity the EV charging process and, at the same time, enables a user to interact with it through a dashboard. Furthermore, based on other charging columns exposed on the Internet, we emulate the login and device information pages to increase user engagement. We exposed HoneyEVSE for 30 days to the Internet to assess its capability and measured the interaction received with its Shodan Honeyscore. Results show that HoneyEVSE can successfully evade the Shodan honeyscore metric while attracting a high number of interactions on the exposed services.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 49.99
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 59.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Repository: https://github.com/spritz-group/HoneyEVSE.

  2. 2.

    https://github.com/jasonzissman/TimeMe.js.

References

  1. GreyNoise Intelligence. https://greynoise.io/

  2. Openenergymonitor. https://openenergymonitor.org/. Accessed 05 Aug 2023

  3. Vsix Internet Exchange Point. https://www.vsix.it/. Accessed 15 May 2023

  4. GridPot Github Project (2015). https://github.com/sk4ld/gridpot. Accessed 02 May 2023

  5. What is Evse? (2023). https://ev-lectron.com/blogs/blog/what-is-evse. Accessed 03 Aug 2023

  6. Baker, R., Martinovic, I.: Losing the car keys: wireless PHY-layer insecurity in EV charging. In: USENIX (2019)

    Google Scholar 

  7. Barbieri, G., Conti, M., Tippenhauer, N.O., Turrin, F.: Assessing the use of insecure ICS protocols via IXP network traffic analysis. In: 2021 International Conference on Computer Communications and Networks (ICCCN), pp. 1–9 (2021). https://doi.org/10.1109/ICCCN52240.2021.9522219

  8. Brighente, A., Conti, M., Donadel, D., Turrin, F.: Evscout2. 0: electric vehicle profiling through charging profile. ACM Trans. Cyber Phys. Syst. (2021)

    Google Scholar 

  9. Buschlinger, L., Springer, M., Zhdanova, M.: Plug-and-patch: secure value added services for electric vehicle charging. ACM Int. Conf. Proc. Ser. (2019)

    Google Scholar 

  10. Cenys, A., Rainys, D., Radvilavicius, L., Bielko, A.: Development of honeypot system emulating functions of database server. Tech. rep, Semiconductor Physics Inst Vilnius (Lithuania) (2004)

    Google Scholar 

  11. Conti, M., Donadel, D., Poovendran, R., Turrin, F.: EVExchange: a relay attack on electric vehicle charging system. In: Atluri, V., Di Pietro, R., Jensen, C.D., Meng, W. (eds.) ESORICS 2022, pp. 488–508. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-17140-6_24

  12. Conti, M., Trolese, F., Turrin, F.: Icspot: a high-interaction honeypot for industrial control systems. In: 2022 International Symposium on Networks, Computers and Communications (ISNCC), pp. 1–4. IEEE (2022)

    Google Scholar 

  13. Franco, J., Aris, A., Canberk, B., Uluagac, A.S.: A survey of honeypots and honeynets for internet of things, industrial internet of things, and cyber-physical systems. IEEE Commun. Surv. Tutor. 23(4), 2351–2383 (2021)

    Article  Google Scholar 

  14. Garofalaki, Z., Kosmanos, D., Moschoyiannis, S., Kallergis, D., Douligeris, C.: Electric vehicle charging: a survey on the security issues and challenges of the open charge point protocol (OCPP). IEEE Commun. Surv. Tutor. (2022)

    Google Scholar 

  15. Road Vehicles—Vehicle-to-Grid Communication Interface—Part 1: General information and use-case definition. Standard, International Organization for Standardization, Geneva (2019)

    Google Scholar 

  16. Road Vehicles—Vehicle-to-Grid Communication Interface—Part 2: Network and application protocol requirements. Standard, International Organization for Standardization, Geneva (2014)

    Google Scholar 

  17. Johansson, D., Lee, Z.J., Sharma, S.: ACN Portal (2021). https://github.com/zach401/acnportal

  18. Köhler, S., Baker, R., Strohmeier, M., Martinovic, I.: Brokenwire: wireless disruption of ccs electric vehicle charging. arXiv preprint arXiv:2202.02104 (2022)

  19. Lee, Z., Sharma, S., Johansson, D., Low, S.: ACN-sim: an open-source simulator for data-driven electric vehicle charging research. IEEE Trans. Smart Grid PP (2020). https://doi.org/10.1109/TSG.2021.3103156

  20. Lee, Z.J., Li, T., Low, S.H.: ACN-data: analysis and applications of an open EV charging dataset. In: Proceedings of the Tenth ACM International Conference on Future Energy Systems, pp. 139–149 (2019)

    Google Scholar 

  21. López-Morales, E., Rubio, C., Doupé, A., Shoshitaishvili, Y., Bao, T., Ahn, G.J.: Honeyplc: A Next-Generation Honeypot for Industrial Control Systems, pp. 279–291 (2020). https://doi.org/10.1145/3372297.3423356

  22. Luo, T., Xu, Z., Jin, X., Jia, Y., Ouyang, X.: Iotcandyjar: towards an intelligent-interaction honeypot for IoT devices. Black Hat 2017, 1–11 (2017)

    Google Scholar 

  23. Mashima, D., Li, Y., Chen, B.: Who’s scanning our smart grid? empirical study on honeypot data. In: 2019 IEEE Global Communications Conference (GLOBECOM), pp. 1–6. IEEE (2019)

    Google Scholar 

  24. Matherly, J.: Complete Guide to Shodan. https://ia800705.us.archive.org/17/items/shodan-book-extras/shodan/shodan.pdf

  25. Matherly, J.: Complete Guide to Shodan (2016). https://ia800705.us.archive.org/17/items/shodan-book-extras/shodan/shodan.pdf

  26. Murillo, A.F., Cómbita, L.F., Gonzalez, A.C., Rueda, S., Cardenas, A.A., Quijano, N.: A virtual environment for industrial control systems: a nonlinear use-case in attack detection, identification, and response. In: Proceedings of the 4th Annual Industrial Control System Security Workshop, pp. 25–32 (2018)

    Google Scholar 

  27. Nasr, T., Torabi, S., Bou-Harb, E., Fachkha, C., Assi, C.: Chargeprint: a framework for internet-scale discovery and security analysis of EV charging management systems. In: NDSS (2023)

    Google Scholar 

  28. Panda, S., Rass, S., Moschoyiannis, S., Liang, K., Loukas, G., Panaousis, E.: Honeycar: a framework to configure honeypot vulnerabilities on the internet of vehicles. IEEE Access 10, 104671–104685 (2022). https://doi.org/10.1109/ACCESS.2022.3210117

    Article  Google Scholar 

  29. Petre, C.A., Korodi, A.: Honeypot inside an OPC UA wrapper for water pumping stations. In: 2019 22nd International Conference on Control Systems and Computer Science (CSCS), pp. 72–77. IEEE (2019)

    Google Scholar 

  30. Provos, N.: Honeyd: a virtual honeypot daemon (extended abstract) (2003)

    Google Scholar 

  31. Rahmatullah, D.K., Nasution, S.M., Azmi, F.: Implementation of low interaction web server honeypot using cubieboard. In: 2016 International Conference on Control, Electronics, Renewable Energy and Communications (ICCEREC), pp. 127–131. IEEE (2016)

    Google Scholar 

  32. Sharma, S., Kaul, A.: A survey on intrusion detection systems and honeypot based proactive security mechanisms in vanets and vanet cloud. Vehicul. Commun. 12, 138–164 (2018)

    Article  Google Scholar 

  33. Statista. Electric Vehicles - Worldwide (2023). https://www.statista.com/outlook/mmo/electric-vehicles/worldwide. Accessed Apr 2023

Download references

Acknowledgment

We thank VSIX [3] for enabling us to install the honeypot and collect data at their IXP.

Author information

Authors and Affiliations

  1. University of Padova, Padua, Italy

    Massimiliano Baldo, Tommaso Bianchi, Mauro Conti, Alessio Trevisan & Federico Turrin

Authors
  1. Massimiliano Baldo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tommaso Bianchi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mauro Conti
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Alessio Trevisan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Federico Turrin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Massimiliano Baldo .

Editor information

Editors and Affiliations

  1. Norwegian University of Science and Technology, Gjøvik, Norway

    Sokratis Katsikas

  2. Polytechnique Montréal, Montreal, QC, Canada

    Frédéric Cuppens

  3. Polytechnique Montréal, Montreal, QC, Canada

    Nora Cuppens-Boulahia

  4. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

  5. Télécom SudParis, Palaiseau, France

    Joaquin Garcia-Alfaro

  6. Universitat Autonoma de Barcelona, Bellaterra, Spain

    Guillermo Navarro-Arribas

  7. University of Murcia, Murcia, Spain

    Pantaleone Nespoli

  8. University of the Aegean, Mytilene, Greece

    Christos Kalloniatis

  9. University of Toronto, Toronto, ON, Canada

    John Mylopoulos

  10. Georgia Institute of Technology, Atlanta, GA, USA

    Annie Antón

  11. University of Piraeus, Piraeus, Greece

    Stefanos Gritzalis

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Baldo, M., Bianchi, T., Conti, M., Trevisan, A., Turrin, F. (2024). HoneyEVSE: An Honeypot to Emulate Electric Vehicle Supply Equipments. In: Katsikas, S., et al. Computer Security. ESORICS 2023 International Workshops. ESORICS 2023. Lecture Notes in Computer Science, vol 14398. Springer, Cham. https://doi.org/10.1007/978-3-031-54204-6_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-54204-6_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-54203-9

  • Online ISBN: 978-3-031-54204-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation