---
_id: '11165'
abstract:
- lang: eng
text: The reduction of CO2 emissions caused by auto-mobile traffic relies on the
development of electric mobility infrastructure which in turn relies on efficient
communication between charge points, used to connect electric vehicles to the
power network, and central systems, used to manage users and transactions. The
Open Charge Point Protocol (OCPP) is an open communication protocol designed to
connect charge points to a central system. An important aspect of the communication
between these entities is the security of the connection. It is conceivable, for
instance, that an adversary could compromise a central system to attack charge
points.This work devises three different attack scenarios which could be executed
by a malicious OCPP central system to attack an OCPP charge point. It also assesses
the feasibility and potential consequences of such attacks. Additionally, it presents
an approach of an "evil" OCPP server implementation, based on the SteVe server
which was originally developed at the RWTH Aachen. The "evil" OCPP server implements
various attack scenarios and is intended to be used for penetration testing of
OCPP charge points that connect to the central system via WebSockets/JSON or SOAP/XML.
author:
- first_name: Lisa Helene
full_name: Gebauer, Lisa Helene
id: '76524'
last_name: Gebauer
- first_name: Henning
full_name: Trsek, Henning
id: '1486'
last_name: Trsek
orcid: 0000-0002-0133-0656
- first_name: Georg
full_name: Lukas, Georg
last_name: Lukas
citation:
ama: 'Gebauer LH, Trsek H, Lukas G. Evil SteVe: An Approach to Simplify Penetration
Testing of OCPP Charge Points. In: 2022 IEEE 27th International Conference
on Emerging Technologies and Factory Automation (ETFA). IEEE; 2022. doi:10.1109/ETFA52439.2022.9921430'
apa: 'Gebauer, L. H., Trsek, H., & Lukas, G. (2022). Evil SteVe: An Approach
to Simplify Penetration Testing of OCPP Charge Points. 2022 IEEE 27th International
Conference on Emerging Technologies and Factory Automation (ETFA). 27th International
Conference on Emerging Technologies and Factory Automation (ETFA), Stuttgart.
https://doi.org/10.1109/ETFA52439.2022.9921430'
bjps: 'Gebauer LH, Trsek H and Lukas G (2022) Evil SteVe: An Approach to
Simplify Penetration Testing of OCPP Charge Points. 2022 IEEE 27th International
Conference on Emerging Technologies and Factory Automation (ETFA). Piscataway,
NJ: IEEE.'
chicago: 'Gebauer, Lisa Helene, Henning Trsek, and Georg Lukas. “Evil SteVe: An
Approach to Simplify Penetration Testing of OCPP Charge Points.” In 2022 IEEE
27th International Conference on Emerging Technologies and Factory Automation
(ETFA). Piscataway, NJ: IEEE, 2022. https://doi.org/10.1109/ETFA52439.2022.9921430.'
chicago-de: 'Gebauer, Lisa Helene, Henning Trsek und Georg Lukas. 2022. Evil SteVe:
An Approach to Simplify Penetration Testing of OCPP Charge Points. In: 2022
IEEE 27th International Conference on Emerging Technologies and Factory Automation
(ETFA). Piscataway, NJ: IEEE. doi:10.1109/ETFA52439.2022.9921430,
.'
din1505-2-1: 'Gebauer, Lisa Helene
; Trsek, Henning ; Lukas,
Georg: Evil SteVe: An Approach to Simplify Penetration Testing of OCPP
Charge Points. In: 2022 IEEE 27th International Conference on Emerging Technologies
and Factory Automation (ETFA). Piscataway, NJ : IEEE, 2022'
havard: 'L.H. Gebauer, H. Trsek, G. Lukas, Evil SteVe: An Approach to Simplify Penetration
Testing of OCPP Charge Points, in: 2022 IEEE 27th International Conference on
Emerging Technologies and Factory Automation (ETFA), IEEE, Piscataway, NJ, 2022.'
ieee: 'L. H. Gebauer, H. Trsek, and G. Lukas, “Evil SteVe: An Approach to Simplify
Penetration Testing of OCPP Charge Points,” presented at the 27th International
Conference on Emerging Technologies and Factory Automation (ETFA), Stuttgart,
2022. doi: 10.1109/ETFA52439.2022.9921430.'
mla: 'Gebauer, Lisa Helene, et al. “Evil SteVe: An Approach to Simplify Penetration
Testing of OCPP Charge Points.” 2022 IEEE 27th International Conference on
Emerging Technologies and Factory Automation (ETFA), IEEE, 2022, https://doi.org/10.1109/ETFA52439.2022.9921430.'
short: 'L.H. Gebauer, H. Trsek, G. Lukas, in: 2022 IEEE 27th International Conference
on Emerging Technologies and Factory Automation (ETFA), IEEE, Piscataway, NJ,
2022.'
ufg: 'Gebauer, Lisa Helene/Trsek, Henning/Lukas, Georg: Evil SteVe: An Approach
to Simplify Penetration Testing of OCPP Charge Points, in: o. Hg.: 2022 IEEE 27th
International Conference on Emerging Technologies and Factory Automation (ETFA),
Piscataway, NJ 2022.'
van: 'Gebauer LH, Trsek H, Lukas G. Evil SteVe: An Approach to Simplify Penetration
Testing of OCPP Charge Points. In: 2022 IEEE 27th International Conference on
Emerging Technologies and Factory Automation (ETFA). Piscataway, NJ: IEEE; 2022.'
conference:
end_date: 2022-09-09
location: Stuttgart
name: 27th International Conference on Emerging Technologies and Factory Automation
(ETFA)
start_date: 2022-09-06
date_created: 2024-03-01T14:36:19Z
date_updated: 2024-03-05T14:17:17Z
department:
- _id: DEP5023
doi: 10.1109/ETFA52439.2022.9921430
language:
- iso: eng
place: Piscataway, NJ
publication: 2022 IEEE 27th International Conference on Emerging Technologies and
Factory Automation (ETFA)
publication_identifier:
isbn:
- '9781665499965'
publication_status: published
publisher: IEEE
status: public
title: 'Evil SteVe: An Approach to Simplify Penetration Testing of OCPP Charge Points'
type: conference
user_id: '83781'
year: '2022'
...
---
_id: '12793'
abstract:
- lang: eng
text: Securing factory communication to protect corporate data is an important concern
in the context of the Industrial Internet of Things (IIoT). Various cryptographic
protocols can be used to establish secure communication channels. One of these
protocols is the Transport Layer Security 1.3 (TLS 1.3) protocol. A key component
of the TLS handshake protocol is the Elliptic Curve Diffie-Hellman Key Exchange
(ECDHKE), a public key cryptosystem used to exchange keys over insecure channels
which can be based on a number of standardized elliptic curves. A special form
of elliptic curves are Montgomery curves which are advantageous compared to more
traditional Weierstrass curves due to their fast arithmetic. This is especially
important when the ECDHKE is performed on embedded devices and in time-critical
situations. In this work, the performance of ECDHKE implementations using standardized
Montgomery curves Curve25519 and Curve448 included in the wolfSSL library are
evaluated on an embedded 32-bit STM32L476RG Nucleo development board designed
by STMicroelectronics. The benchmark results show that using Curve25519 with around
220ms for the key pair generation and the key agreement respectively is approximately
75% faster than using Curve448 with around 900ms for each of the algorithms, which
can be attributed to their differing security levels. These results suggest that
the algorithms might not be fast enough for time critical situations.
author:
- first_name: Lisa Helene
full_name: Gebauer, Lisa Helene
id: '76524'
last_name: Gebauer
- first_name: Henning
full_name: Trsek, Henning
id: '1486'
last_name: Trsek
orcid: 0000-0002-0133-0656
- first_name: Stefan
full_name: Heiss, Stefan
id: '1031'
last_name: Heiss
citation:
ama: Gebauer LH, Trsek H, Heiss S. Secure Communication in Factories - Benchmarking
Elliptic Curve Diffie-Hellman Key Exchange Implementations on an Embedded System.
(inIT /TH-OWL, Università degli studi di Pavia , eds.). IEEE; 2022:207-210. doi:10.1109/wfcs53837.2022.9779189
apa: Gebauer, L. H., Trsek, H., & Heiss, S. (2022). Secure Communication in
Factories - Benchmarking Elliptic Curve Diffie-Hellman Key Exchange Implementations
on an Embedded System. In inIT /TH-OWL & Università degli studi di Pavia (Eds.),
2022 IEEE 18th International Conference on Factory Communication Systems (WFCS)
(pp. 207–210). IEEE. https://doi.org/10.1109/wfcs53837.2022.9779189
bjps: 'Gebauer LH, Trsek H and Heiss S (2022) Secure Communication in
Factories - Benchmarking Elliptic Curve Diffie-Hellman Key Exchange Implementations
on an Embedded System, inIT /TH-OWL and Università degli studi di Pavia (eds).
[Piscataway, NJ]: IEEE.'
chicago: 'Gebauer, Lisa Helene, Henning Trsek, and Stefan Heiss. Secure Communication
in Factories - Benchmarking Elliptic Curve Diffie-Hellman Key Exchange Implementations
on an Embedded System. Edited by inIT /TH-OWL and Università degli studi di
Pavia . 2022 IEEE 18th International Conference on Factory Communication Systems
(WFCS). [Piscataway, NJ]: IEEE, 2022. https://doi.org/10.1109/wfcs53837.2022.9779189.'
chicago-de: 'Gebauer, Lisa Helene, Henning Trsek und Stefan Heiss. 2022. Secure
Communication in Factories - Benchmarking Elliptic Curve Diffie-Hellman Key Exchange
Implementations on an Embedded System. Hg. von inIT /TH-OWL und Università
degli studi di Pavia . 2022 IEEE 18th International Conference on Factory Communication
Systems (WFCS). [Piscataway, NJ]: IEEE. doi:10.1109/wfcs53837.2022.9779189,
.'
din1505-2-1: 'Gebauer, Lisa Helene
; Trsek, Henning ; Heiss,
Stefan ; inIT /TH-OWL ; Università degli studi di Pavia (Hrsg.):
Secure Communication in Factories - Benchmarking Elliptic Curve Diffie-Hellman
Key Exchange Implementations on an Embedded System. [Piscataway, NJ] : IEEE,
2022'
havard: L.H. Gebauer, H. Trsek, S. Heiss, Secure Communication in Factories - Benchmarking
Elliptic Curve Diffie-Hellman Key Exchange Implementations on an Embedded System,
IEEE, [Piscataway, NJ], 2022.
ieee: 'L. H. Gebauer, H. Trsek, and S. Heiss, Secure Communication in Factories
- Benchmarking Elliptic Curve Diffie-Hellman Key Exchange Implementations on an
Embedded System. [Piscataway, NJ]: IEEE, 2022, pp. 207–210. doi: 10.1109/wfcs53837.2022.9779189.'
mla: Gebauer, Lisa Helene, et al. “Secure Communication in Factories - Benchmarking
Elliptic Curve Diffie-Hellman Key Exchange Implementations on an Embedded System.”
2022 IEEE 18th International Conference on Factory Communication Systems (WFCS),
edited by inIT /TH-OWL and Università degli studi di Pavia , IEEE, 2022, pp. 207–10,
https://doi.org/10.1109/wfcs53837.2022.9779189.
short: L.H. Gebauer, H. Trsek, S. Heiss, Secure Communication in Factories - Benchmarking
Elliptic Curve Diffie-Hellman Key Exchange Implementations on an Embedded System,
IEEE, [Piscataway, NJ], 2022.
ufg: 'Gebauer, Lisa Helene/Trsek, Henning/Heiss, Stefan: Secure Communication
in Factories - Benchmarking Elliptic Curve Diffie-Hellman Key Exchange Implementations
on an Embedded System, hg. von inIT /TH-OWL, Università degli studi di Pavia ,
[Piscataway, NJ] 2022.'
van: 'Gebauer LH, Trsek H, Heiss S. Secure Communication in Factories - Benchmarking
Elliptic Curve Diffie-Hellman Key Exchange Implementations on an Embedded System.
inIT /TH-OWL, Università degli studi di Pavia , editors. 2022 IEEE 18th International
Conference on Factory Communication Systems (WFCS). [Piscataway, NJ]: IEEE; 2022.'
conference:
end_date: 2022-04-29
location: Pavia, ITALY
name: 18th IEEE International Workshop on Factory Communication Systems (WFCS) -
Communication in Automation
start_date: 2022-04-27
corporate_editor:
- inIT /TH-OWL
- 'Università degli studi di Pavia '
date_created: 2025-04-15T09:36:32Z
date_updated: 2025-04-15T09:42:27Z
department:
- _id: DEP5023
- _id: DEP5000
doi: 10.1109/wfcs53837.2022.9779189
keyword:
- secure
- factory communication
- elliptic curves
- ECDHKE
- performance
- embedded
language:
- iso: eng
page: 207-210
place: '[Piscataway, NJ]'
publication: 2022 IEEE 18th International Conference on Factory Communication Systems
(WFCS)
publication_identifier:
eisbn:
- 978-1-6654-1086-1
isbn:
- 978-1-6654-1087-8
publication_status: published
publisher: IEEE
status: public
title: Secure Communication in Factories - Benchmarking Elliptic Curve Diffie-Hellman
Key Exchange Implementations on an Embedded System
type: conference_editor_article
user_id: '83781'
year: '2022'
...