[{"language":[{"iso":"eng"}],"title":"Evil SteVe: An Approach to Simplify Penetration Testing of OCPP Charge Points","author":[{"last_name":"Gebauer","id":"76524","full_name":"Gebauer, Lisa Helene","first_name":"Lisa Helene"},{"orcid":"0000-0002-0133-0656","first_name":"Henning","id":"1486","full_name":"Trsek, Henning","last_name":"Trsek"},{"first_name":"Georg","full_name":"Lukas, Georg","last_name":"Lukas"}],"_id":"11165","department":[{"_id":"DEP5023"}],"user_id":"83781","publisher":"IEEE","date_updated":"2024-03-05T14:17:17Z","type":"conference","date_created":"2024-03-01T14:36:19Z","doi":"10.1109/ETFA52439.2022.9921430","year":"2022","status":"public","publication":"2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA)","conference":{"name":"27th International Conference on Emerging Technologies and Factory Automation (ETFA)","location":"Stuttgart","end_date":"2022-09-09","start_date":"2022-09-06"},"place":"Piscataway, NJ","citation":{"chicago":"Gebauer, Lisa Helene, Henning Trsek, and Georg Lukas. “Evil SteVe: An Approach to Simplify Penetration Testing of OCPP Charge Points.” In <i>2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA)</i>. Piscataway, NJ: IEEE, 2022. <a href=\"https://doi.org/10.1109/ETFA52439.2022.9921430\">https://doi.org/10.1109/ETFA52439.2022.9921430</a>.","chicago-de":"Gebauer, Lisa Helene, Henning Trsek und Georg Lukas. 2022. Evil SteVe: An Approach to Simplify Penetration Testing of OCPP Charge Points. In: <i>2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA)</i>. Piscataway, NJ: IEEE. doi:<a href=\"https://doi.org/10.1109/ETFA52439.2022.9921430\">10.1109/ETFA52439.2022.9921430</a>, .","van":"Gebauer LH, Trsek H, Lukas G. Evil SteVe: An Approach to Simplify Penetration Testing of OCPP Charge Points. In: 2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA). Piscataway, NJ: IEEE; 2022.","short":"L.H. Gebauer, H. Trsek, G. Lukas, in: 2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA), IEEE, Piscataway, NJ, 2022.","bjps":"<b>Gebauer LH, Trsek H and Lukas G</b> (2022) Evil SteVe: An Approach to Simplify Penetration Testing of OCPP Charge Points. <i>2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA)</i>. Piscataway, NJ: IEEE.","mla":"Gebauer, Lisa Helene, et al. “Evil SteVe: An Approach to Simplify Penetration Testing of OCPP Charge Points.” <i>2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA)</i>, IEEE, 2022, <a href=\"https://doi.org/10.1109/ETFA52439.2022.9921430\">https://doi.org/10.1109/ETFA52439.2022.9921430</a>.","ama":"Gebauer LH, Trsek H, Lukas G. Evil SteVe: An Approach to Simplify Penetration Testing of OCPP Charge Points. In: <i>2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA)</i>. IEEE; 2022. doi:<a href=\"https://doi.org/10.1109/ETFA52439.2022.9921430\">10.1109/ETFA52439.2022.9921430</a>","ufg":"<b>Gebauer, Lisa Helene/Trsek, Henning/Lukas, Georg</b>: Evil SteVe: An Approach to Simplify Penetration Testing of OCPP Charge Points, in: o. Hg.: 2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA), Piscataway, NJ 2022.","din1505-2-1":"<span style=\"font-variant:small-caps;\">Gebauer, Lisa Helene</span> ; <span style=\"font-variant:small-caps;\">Trsek, Henning</span> ; <span style=\"font-variant:small-caps;\">Lukas, Georg</span>: Evil SteVe: An Approach to Simplify Penetration Testing of OCPP Charge Points. In: <i>2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA)</i>. Piscataway, NJ : IEEE, 2022","apa":"Gebauer, L. H., Trsek, H., &#38; Lukas, G. (2022). Evil SteVe: An Approach to Simplify Penetration Testing of OCPP Charge Points. <i>2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA)</i>. 27th International Conference on Emerging Technologies and Factory Automation (ETFA), Stuttgart. <a href=\"https://doi.org/10.1109/ETFA52439.2022.9921430\">https://doi.org/10.1109/ETFA52439.2022.9921430</a>","ieee":"L. H. Gebauer, H. Trsek, and G. Lukas, “Evil SteVe: An Approach to Simplify Penetration Testing of OCPP Charge Points,” presented at the 27th International Conference on Emerging Technologies and Factory Automation (ETFA), Stuttgart, 2022. doi: <a href=\"https://doi.org/10.1109/ETFA52439.2022.9921430\">10.1109/ETFA52439.2022.9921430</a>.","havard":"L.H. Gebauer, H. Trsek, G. Lukas, Evil SteVe: An Approach to Simplify Penetration Testing of OCPP Charge Points, in: 2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA), IEEE, Piscataway, NJ, 2022."},"publication_identifier":{"isbn":["9781665499965"]},"abstract":[{"lang":"eng","text":"The reduction of CO2 emissions caused by auto-mobile traffic relies on the development of electric mobility infrastructure which in turn relies on efficient communication between charge points, used to connect electric vehicles to the power network, and central systems, used to manage users and transactions. The Open Charge Point Protocol (OCPP) is an open communication protocol designed to connect charge points to a central system. An important aspect of the communication between these entities is the security of the connection. It is conceivable, for instance, that an adversary could compromise a central system to attack charge points.This work devises three different attack scenarios which could be executed by a malicious OCPP central system to attack an OCPP charge point. It also assesses the feasibility and potential consequences of such attacks. Additionally, it presents an approach of an \"evil\" OCPP server implementation, based on the SteVe server which was originally developed at the RWTH Aachen. The \"evil\" OCPP server implements various attack scenarios and is intended to be used for penetration testing of OCPP charge points that connect to the central system via WebSockets/JSON or SOAP/XML."}],"publication_status":"published"},{"doi":"10.1109/wfcs53837.2022.9779189","corporate_editor":["inIT /TH-OWL","Università degli studi di Pavia "],"year":"2022","status":"public","publication":"2022 IEEE 18th International Conference on Factory Communication Systems (WFCS)","conference":{"start_date":"2022-04-27","name":"18th IEEE International Workshop on Factory Communication Systems (WFCS) - Communication in Automation","location":"Pavia, ITALY","end_date":"2022-04-29"},"place":"[Piscataway, NJ]","citation":{"ufg":"<b>Gebauer, Lisa Helene/Trsek, Henning/Heiss, Stefan</b>: Secure Communication in Factories - Benchmarking Elliptic Curve Diffie-Hellman Key Exchange Implementations on an Embedded System, hg. von inIT /TH-OWL, Università degli studi di Pavia , [Piscataway, NJ] 2022.","mla":"Gebauer, Lisa Helene, et al. “Secure Communication in Factories - Benchmarking Elliptic Curve Diffie-Hellman Key Exchange Implementations on an Embedded System.” <i>2022 IEEE 18th International Conference on Factory Communication Systems (WFCS)</i>, edited by inIT /TH-OWL and Università degli studi di Pavia , IEEE, 2022, pp. 207–10, <a href=\"https://doi.org/10.1109/wfcs53837.2022.9779189\">https://doi.org/10.1109/wfcs53837.2022.9779189</a>.","ama":"Gebauer LH, Trsek H, Heiss S. <i>Secure Communication in Factories - Benchmarking Elliptic Curve Diffie-Hellman Key Exchange Implementations on an Embedded System</i>. (inIT /TH-OWL, Università degli studi di Pavia , eds.). IEEE; 2022:207-210. doi:<a href=\"https://doi.org/10.1109/wfcs53837.2022.9779189\">10.1109/wfcs53837.2022.9779189</a>","chicago-de":"Gebauer, Lisa Helene, Henning Trsek und Stefan Heiss. 2022. <i>Secure Communication in Factories - Benchmarking Elliptic Curve Diffie-Hellman Key Exchange Implementations on an Embedded System</i>. Hg. von inIT /TH-OWL und Università degli studi di Pavia . <i>2022 IEEE 18th International Conference on Factory Communication Systems (WFCS)</i>. [Piscataway, NJ]: IEEE. doi:<a href=\"https://doi.org/10.1109/wfcs53837.2022.9779189\">10.1109/wfcs53837.2022.9779189</a>, .","chicago":"Gebauer, Lisa Helene, Henning Trsek, and Stefan Heiss. <i>Secure Communication in Factories - Benchmarking Elliptic Curve Diffie-Hellman Key Exchange Implementations on an Embedded System</i>. Edited by inIT /TH-OWL and Università degli studi di Pavia . <i>2022 IEEE 18th International Conference on Factory Communication Systems (WFCS)</i>. [Piscataway, NJ]: IEEE, 2022. <a href=\"https://doi.org/10.1109/wfcs53837.2022.9779189\">https://doi.org/10.1109/wfcs53837.2022.9779189</a>.","bjps":"<b>Gebauer LH, Trsek H and Heiss S</b> (2022) <i>Secure Communication in Factories - Benchmarking Elliptic Curve Diffie-Hellman Key Exchange Implementations on an Embedded System</i>, inIT /TH-OWL and Università degli studi di Pavia  (eds). [Piscataway, NJ]: IEEE.","short":"L.H. Gebauer, H. Trsek, S. Heiss, Secure Communication in Factories - Benchmarking Elliptic Curve Diffie-Hellman Key Exchange Implementations on an Embedded System, IEEE, [Piscataway, NJ], 2022.","van":"Gebauer LH, Trsek H, Heiss S. Secure Communication in Factories - Benchmarking Elliptic Curve Diffie-Hellman Key Exchange Implementations on an Embedded System. inIT /TH-OWL, Università degli studi di Pavia , editors. 2022 IEEE 18th International Conference on Factory Communication Systems (WFCS). [Piscataway, NJ]: IEEE; 2022.","ieee":"L. H. Gebauer, H. Trsek, and S. Heiss, <i>Secure Communication in Factories - Benchmarking Elliptic Curve Diffie-Hellman Key Exchange Implementations on an Embedded System</i>. [Piscataway, NJ]: IEEE, 2022, pp. 207–210. doi: <a href=\"https://doi.org/10.1109/wfcs53837.2022.9779189\">10.1109/wfcs53837.2022.9779189</a>.","apa":"Gebauer, L. H., Trsek, H., &#38; Heiss, S. (2022). Secure Communication in Factories - Benchmarking Elliptic Curve Diffie-Hellman Key Exchange Implementations on an Embedded System. In inIT /TH-OWL &#38; Università degli studi di Pavia  (Eds.), <i>2022 IEEE 18th International Conference on Factory Communication Systems (WFCS)</i> (pp. 207–210). IEEE. <a href=\"https://doi.org/10.1109/wfcs53837.2022.9779189\">https://doi.org/10.1109/wfcs53837.2022.9779189</a>","havard":"L.H. Gebauer, H. Trsek, S. Heiss, Secure Communication in Factories - Benchmarking Elliptic Curve Diffie-Hellman Key Exchange Implementations on an Embedded System, IEEE, [Piscataway, NJ], 2022.","din1505-2-1":"<span style=\"font-variant:small-caps;\">Gebauer, Lisa Helene</span> ; <span style=\"font-variant:small-caps;\">Trsek, Henning</span> ; <span style=\"font-variant:small-caps;\">Heiss, Stefan</span> ; <span style=\"font-variant:small-caps;\">inIT /TH-OWL</span> ; <span style=\"font-variant:small-caps;\">Università degli studi di Pavia </span> (Hrsg.): <i>Secure Communication in Factories - Benchmarking Elliptic Curve Diffie-Hellman Key Exchange Implementations on an Embedded System</i>. [Piscataway, NJ] : IEEE, 2022"},"publication_identifier":{"eisbn":["978-1-6654-1086-1"],"isbn":["978-1-6654-1087-8"]},"abstract":[{"lang":"eng","text":"Securing factory communication to protect corporate data is an important concern in the context of the Industrial Internet of Things (IIoT). Various cryptographic protocols can be used to establish secure communication channels. One of these protocols is the Transport Layer Security 1.3 (TLS 1.3) protocol. A key component of the TLS handshake protocol is the Elliptic Curve Diffie-Hellman Key Exchange (ECDHKE), a public key cryptosystem used to exchange keys over insecure channels which can be based on a number of standardized elliptic curves. A special form of elliptic curves are Montgomery curves which are advantageous compared to more traditional Weierstrass curves due to their fast arithmetic. This is especially important when the ECDHKE is performed on embedded devices and in time-critical situations. In this work, the performance of ECDHKE implementations using standardized Montgomery curves Curve25519 and Curve448 included in the wolfSSL library are evaluated on an embedded 32-bit STM32L476RG Nucleo development board designed by STMicroelectronics. The benchmark results show that using Curve25519 with around 220ms for the key pair generation and the key agreement respectively is approximately 75% faster than using Curve448 with around 900ms for each of the algorithms, which can be attributed to their differing security levels. These results suggest that the algorithms might not be fast enough for time critical situations."}],"publication_status":"published","language":[{"iso":"eng"}],"page":"207-210","title":"Secure Communication in Factories - Benchmarking Elliptic Curve Diffie-Hellman Key Exchange Implementations on an Embedded System","author":[{"last_name":"Gebauer","id":"76524","full_name":"Gebauer, Lisa Helene","first_name":"Lisa Helene"},{"last_name":"Trsek","orcid":"0000-0002-0133-0656","first_name":"Henning","id":"1486","full_name":"Trsek, Henning"},{"last_name":"Heiss","first_name":"Stefan","id":"1031","full_name":"Heiss, Stefan"}],"_id":"12793","keyword":["secure","factory communication","elliptic curves","ECDHKE","performance","embedded"],"department":[{"_id":"DEP5023"},{"_id":"DEP5000"}],"user_id":"83781","publisher":"IEEE","date_updated":"2025-04-15T09:42:27Z","type":"conference_editor_article","date_created":"2025-04-15T09:36:32Z"}]