Cyber defense in OCPP for EV charging security risks

Safa Hamdare; David J. Brown; Devki Nandan Jha; Mohammad Aljaidi; Yue Cao; Sushil Kumar; Rupak Kharel; Manish Jugran; Omprakash Kaiwartya

doi:10.1007/s10207-025-01055-7

Cyber defense in OCPP for EV charging security risks

Safa Hamdare, David J. Brown, Devki Nandan Jha, Mohammad Aljaidi, Yue Cao, Sushil Kumar, Rupak Kharel, Manish Jugran, Omprakash Kaiwartya

Research output: Contribution to journal › Article › peer-review

Abstract

The Open Charge Point Protocol (OCPP) is a widely adopted communication standard that enables vendor-independent communication between charging points and Electric Vehicle (EV) charging station management systems. OCPP has significant cyber risks in terms of weak authentication mechanisms and improper session handling, exposing it to potential EV charging-related security threats. The backward incompatibility of the recent version of OCPP also poses challenges in the seamless adoption of the protocol. This paper introduces a comprehensive cyber defense framework to mitigate the security risks associated with OCPP. Through a detailed analysis of its vulnerabilities, the framework proposes targeted enhancements and mitigation strategies to further strengthen its security. The results demonstrate that the proposed OCPP significantly enhances both security and performance, surpassing its predecessor and current state-of-the-art security solutions for EV charging.

Original language	English
Article number	134
Number of pages	25
Journal	International Journal of Information Security
Volume	24
Issue number	3
Early online date	21 May 2025
DOIs	https://doi.org/10.1007/s10207-025-01055-7
Publication status	Published - 1 Jun 2025

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1007/s10207-025-01055-7Licence: CC BY

Cite this

@article{2fd1af77f203416c972faf5456e0be24,

title = "Cyber defense in OCPP for EV charging security risks",

abstract = "The Open Charge Point Protocol (OCPP) is a widely adopted communication standard that enables vendor-independent communication between charging points and Electric Vehicle (EV) charging station management systems. OCPP has significant cyber risks in terms of weak authentication mechanisms and improper session handling, exposing it to potential EV charging-related security threats. The backward incompatibility of the recent version of OCPP also poses challenges in the seamless adoption of the protocol. This paper introduces a comprehensive cyber defense framework to mitigate the security risks associated with OCPP. Through a detailed analysis of its vulnerabilities, the framework proposes targeted enhancements and mitigation strategies to further strengthen its security. The results demonstrate that the proposed OCPP significantly enhances both security and performance, surpassing its predecessor and current state-of-the-art security solutions for EV charging.",

keywords = "cyber secuirty, Electric vehicles, OCPP, secuirty risk",

author = "Safa Hamdare and Brown, {David J.} and Jha, {Devki Nandan} and Mohammad Aljaidi and Yue Cao and Sushil Kumar and Rupak Kharel and Manish Jugran and Omprakash Kaiwartya",

note = "Funding Information: The work is supported by the Computer Science and Informatics Research Centre (CIRC), Nottingham Trent University. Also, The authors extend their appreciation to the Deanship of Scientific Research at Zarqa University, Zarqa, Jordan, for funding this research work. Funding Information: The research work is funded by industry (JMVL Ltd) and Nottingham Trent University, UK. Publisher Copyright: {\textcopyright} The Author(s) 2025.",

year = "2025",

month = jun,

day = "1",

doi = "10.1007/s10207-025-01055-7",

language = "English",

volume = "24",

journal = "International Journal of Information Security",

issn = "1615-5262",

publisher = "Springer Verlag",

number = "3",

}

TY - JOUR

T1 - Cyber defense in OCPP for EV charging security risks

AU - Hamdare, Safa

AU - Brown, David J.

AU - Jha, Devki Nandan

AU - Aljaidi, Mohammad

AU - Cao, Yue

AU - Kumar, Sushil

AU - Kharel, Rupak

AU - Jugran, Manish

AU - Kaiwartya, Omprakash

N1 - Funding Information: The work is supported by the Computer Science and Informatics Research Centre (CIRC), Nottingham Trent University. Also, The authors extend their appreciation to the Deanship of Scientific Research at Zarqa University, Zarqa, Jordan, for funding this research work. Funding Information: The research work is funded by industry (JMVL Ltd) and Nottingham Trent University, UK. Publisher Copyright: © The Author(s) 2025.

PY - 2025/6/1

Y1 - 2025/6/1

N2 - The Open Charge Point Protocol (OCPP) is a widely adopted communication standard that enables vendor-independent communication between charging points and Electric Vehicle (EV) charging station management systems. OCPP has significant cyber risks in terms of weak authentication mechanisms and improper session handling, exposing it to potential EV charging-related security threats. The backward incompatibility of the recent version of OCPP also poses challenges in the seamless adoption of the protocol. This paper introduces a comprehensive cyber defense framework to mitigate the security risks associated with OCPP. Through a detailed analysis of its vulnerabilities, the framework proposes targeted enhancements and mitigation strategies to further strengthen its security. The results demonstrate that the proposed OCPP significantly enhances both security and performance, surpassing its predecessor and current state-of-the-art security solutions for EV charging.

AB - The Open Charge Point Protocol (OCPP) is a widely adopted communication standard that enables vendor-independent communication between charging points and Electric Vehicle (EV) charging station management systems. OCPP has significant cyber risks in terms of weak authentication mechanisms and improper session handling, exposing it to potential EV charging-related security threats. The backward incompatibility of the recent version of OCPP also poses challenges in the seamless adoption of the protocol. This paper introduces a comprehensive cyber defense framework to mitigate the security risks associated with OCPP. Through a detailed analysis of its vulnerabilities, the framework proposes targeted enhancements and mitigation strategies to further strengthen its security. The results demonstrate that the proposed OCPP significantly enhances both security and performance, surpassing its predecessor and current state-of-the-art security solutions for EV charging.

KW - cyber secuirty

KW - Electric vehicles

KW - OCPP

KW - secuirty risk

UR - http://www.scopus.com/inward/record.url?scp=105005947271&partnerID=8YFLogxK

U2 - 10.1007/s10207-025-01055-7

DO - 10.1007/s10207-025-01055-7

M3 - Article

AN - SCOPUS:105005947271

VL - 24

JO - International Journal of Information Security

JF - International Journal of Information Security

SN - 1615-5262

IS - 3

M1 - 134

ER -

Cyber defense in OCPP for EV charging security risks

Abstract

UN SDGs

Access to Document

Other files and links

Cite this