RELIABILITY – SECURITY – PRIVACY: EV Overlay Networks - Deep Dive v1.0
Download as PPTX, PDF0 likes13 views
The document discusses the reliability, security, and privacy of electric vehicle (EV) overlay networks, emphasizing the need for enhanced security settings and management for effective communication. It outlines techniques for improving operational reliability through metric-based routing and edge computing while addressing complications of in-network application state. Solutions proposed include recording request routes and sharing state among local controllers to facilitate easier debugging and uphold user roles against vendor backdoors.
![CSMS
CS
1. Solution: Record the route of requests, overwrite the
return route of responses via source routing
LC 1
LC 2
LC 3
Record Route:
[ CS, LC 1,
CSMS ]
Source
Route:
[ LC 1,
CS ]](https://image.slidesharecdn.com/icnc24evoverlaynetworks-deepdive-241028154000-d9928e61/85/RELIABILITY-SECURITY-PRIVACY-EV-Overlay-Networks-Deep-Dive-v1-0-12-320.jpg)
![CSMS
CS
3. Solution: Use 1. + 2. together to make the debugging of
daily operational issues a lot easier
LC 1
LC 2
LC 3
Record Route:
[ CS, LC 1,
CSMS ]
Source
Route:
[ LC 1,
CS ]](https://image.slidesharecdn.com/icnc24evoverlaynetworks-deepdive-241028154000-d9928e61/85/RELIABILITY-SECURITY-PRIVACY-EV-Overlay-Networks-Deep-Dive-v1-0-14-320.jpg)
![CSMS
CS
Encapsulate plain Modbus/TCP within a subset of OCPP and
give energy meters a device model, secure data transport, …
LC 1
LC 2
LC 3
Record Route:
[ CS, LC 1,
CSMS ]
Source
Route:
[ LC 1,
CS ]
Outdated
Modbus/
TCP](https://image.slidesharecdn.com/icnc24evoverlaynetworks-deepdive-241028154000-d9928e61/85/RELIABILITY-SECURITY-PRIVACY-EV-Overlay-Networks-Deep-Dive-v1-0-17-320.jpg)
RELIABILITY – SECURITY – PRIVACY: EV Overlay Networks - Deep Dive v1.0
- 1. EV Overlay Networks RELIABILITY – SECURITY – PRIVACY Deep Dive v1.0
- 2. CSMS EMP CS No matter how much you invest… The reliability of a single network link is always limited
- 3. CSMS EMP CS For software updates, migrations & to avoid vendor-lock-in… You want indirection of any communication to 3rd parties Hub GW
- 4. CSMS EMP CS 1…n Many stations at a shared location getting the norm You want edge computing and aggregation of communication GW 1…n LC 1…n Hub 1…n
- 5. CSMS CS Multiple links allow you to define metrics & collect statistics Reliability++ through metric-based routing of messages LC 1 LC 2 LC 3 - link capacity up/down - transmission delay up/down - packet loss up/down - link priority - link weight
- 6. CSMS CS Charging Stations do not need to change anything, but should Everyone else must use Overlay Transport Mode and signatures LC 1 LC 2 LC 3 OCPP Overlay Transport OCPP Classic Transport
- 7. CSMS CS Reliability++ requires better security settings & management So, we want to define exactly what we forward, reject or drop LC 1 LC 2 LC 3 ? request ✓ CS is known ✓ TransactionEventRequest ❌ Digital Signature
- 8. CSMS CS Local Controllers have firewalling/filter rules and device profile defining which requests/responses/messages are allowed LC 1 LC 2 LC 3 ? request ✓ CS is known ❌ SetPropertyRequest ✓ Digital Signature
- 9. CSMS CS Networking people do not really like in-network application state Yet, in EV infrastructure exactly THIS is the design goal LC 1 LC 2 LC 3 request State: RequestId #1234 from CS to CSMS
- 10. CSMS CS Local Controllers are edge computing devices to improve safety, security, offline-behaviour, … LC 1 LC 2 LC 3 request State: There is a transaction on CS Current consumption: 10 kW / 2 kWh
- 11. CSMS CS Asymmetric routing in combination with in-network state can easily become tricky and hard to debug LC 1 LC 2 LC 3 ? request response
- 12. CSMS CS 1. Solution: Record the route of requests, overwrite the return route of responses via source routing LC 1 LC 2 LC 3 Record Route: [ CS, LC 1, CSMS ] Source Route: [ LC 1, CS ]
- 13. CSMS CS 2. Solution: Share state via messages between a defined subset of known Local Controllers LC 1 LC 2 LC 3
- 14. CSMS CS 3. Solution: Use 1. + 2. together to make the debugging of daily operational issues a lot easier LC 1 LC 2 LC 3 Record Route: [ CS, LC 1, CSMS ] Source Route: [ LC 1, CS ]
- 15. Deprecate all those work arounds and backdoors Use HTTP Web Socket Binary Streams for FirmwareUpdates, … LC 2 LC 3 Insecure Firmware FTP Insecure Logs HTTP ❌ ❌ CSMS CS LC 1 Public Clouds Vendor Backdoor ❌ ❌
- 16. Also vendors have to respect OCPP User Roles and thus can be locked out of critical infrastructure! LC 2 LC 3 Insecure Firmware FTP Insecure Logs HTTP ❌ ❌ CSMS CS LC 1 Public Clouds Vendor Backdoor ❌ ❌
- 17. CSMS CS Encapsulate plain Modbus/TCP within a subset of OCPP and give energy meters a device model, secure data transport, … LC 1 LC 2 LC 3 Record Route: [ CS, LC 1, CSMS ] Source Route: [ LC 1, CS ] Outdated Modbus/ TCP