Scribd Logo
Upload

Welcome to Scribd!

  • 21 views

    V2 GEvil

    Uploaded by

    Muntu33
    Twin System Model using advanced tools

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    V2 GEvil

    Uploaded by

    Muntu33
    21 views78 pages
    Twin System Model using advanced tools

    Original Title

    V2GEvil

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Twin System Model using advanced tools

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    21 views78 pages

    V2 GEvil

    Uploaded by

    Muntu33
    Twin System Model using advanced tools

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 78

    V 2 GEvil

    2
    GoAls of tHis taLk

    3
    Kapitola 1
    IntroduCtion to vEhiclE Cyber SecurIty
    The State of aUtomotive CyBer Security

    5
    The State of aUtomotive CyBer Security

    6
    Introduction to EV
    EVCC ECU 1..n BMS

    V
    A
    V
    CAN

    IMD
    HV-Bat

    7
    Introduction to EV

    8
    Kapitola 2
    Charging
    Charging Basics I

    10
    Charging Basics II

    11
    Charging Basics III

    12
    Charging Basics III - AC Type 2

    CP PP

    AC Neutral AC Phase 1

    AC Phase 3 AC Phase 2

    PE

    13
    Charging Basics III - CCS Type 2
    CP PP

    PE

    DC+ DC-

    14
    Charging Basics IV
    EV EVSE

    Communication

    DC + -
    Charging Power
    ECU Electronics

    Onboard
    Charger

    15
    Charging communication I

    16
    Charging communication II

    17
    Charging communication III

    18
    Kapitola 3
    Low Level Communication
    Low Level Communication I

    Voltage State Description


    +12V State A No coupler engagement, no EV is connected to EVSE
    +9V (1kHz PWM) State B Coupler engagement detected (EV is connected to the EVSE), but EV not
    ready for charging. EVSE does not supply energy.
    +6V (1kHz PWM) State C EV is connected and ready for charging. EVSE supplies energy.
    +3V (1kHz PWM) State D EV is connected and ready for charging. EVSE supplies energy.
    Ventilation is required.
    0V State E Short of CP to PE on the EVSE, no power supply.
    -12V State F Charging station is not available.

    20
    Low Level Communication II

    Duty Cycle Description


    Duty cycle > 97% Charging is not allowed.
    96% < duty cycle 97% Maximum current consumption for AC charging is 80 A.
    85% < duty cycle 96% Available current = (dutycycle - 64) * 2A.
    10% duty cycle 85% Available current = dutycycle * 0.6A.
    8% duty cycle < 10% Maximum current consumption for AC charging is 6 A.
    7% < duty cycle < 8% Charging is not allowed.
    3% duty cycle 7% Force use of high-level communication protocol (ISO 15118
    or DIN 70121). If pilot function wire is used for digital
    communication, then the duty cycle 5 % shall be used.
    Duty cycle < 3% Charging is not allowed.

    21
    Low Level Communication III

    22
    Kapitola 4
    High Level Communication
    High Level Communication I

    24
    High Level Communication II

    25
    ISO 15118 I

    26
    ISO 15118 vs IEC 61851
    Application layer messages (V2G message)
    SDP (SECC Discovery Proto.)

    EXI

    V2GTP

    UDP, TCP, TLS

    IP

    HomePlug GreenPHY
    PWM Resistive Signaling

    27
    ISO 15118 II

    28
    ISO 15118 III

    29
    IEC 61851

    V2G Comm. Flow

    V2GTP
    messages

    30
    V2GTP Message - PDU

    31
    V2GTP Message - header
    Protocol Version

    Inverse Protocol
    Version
    Header
    Payload Type Payload Length
    Field

    32
    V2G PDU Payload Types

    33
    V2G Comm. Flow - SDP

    SDP Request
    Security,
    Transport Proto.

    34
    SDP request

    0x9000

    Security Transport Protocol


    • 0x00 == TLS • 0x00 == TCP
    • 0x10 == No TSL • 0x10 == Reserved for UDP
    35 • Rest == Reserved • Rest == Reserved
    V2G Comm. Flow - SDP

    SDP Request
    Security,
    Transport Proto.

    SDP Response IP address,


    Port,
    Security,
    Transport Proto.

    36
    SDP response

    0x9001

    IPv6 Address Transport


    Port Security
    Proto.
    37
    V2G Comm. Flow - SDP

    SDP Request
    Security,
    Transport Proto.

    SDP Response IP address,


    Port,
    Security,
    Transport Proto.

    V2G EXI messages

    38
    EXI encoded V2G Message

    39
    EXI encoded V2G Message concept
    Shared
    Knowledge
    ISO 15118
    Schema-Informed
    EXI EXI Grammars EXI
    Grammars Grammars

    Data
    EXI Structure Structures
    Structure
    Coding Coding
    Data
    DOM
    Structures

    Content Content
    Coding Coding XML doc.

    EVCC SECC
    40
    EXI encoded V2G Message Example
    Plain XML representation of a SessionSetupRes

    EXI data stream representation of the SessionSetupRes


    80 98 02 0C 0C 4C 8C CD 0D 4D 8D D1 E0 00 39 19 49 04 C8 CD 14 D0 D5 08 DC E1 0C 80

    41
    V2G application layer protocol handshake

    AppProtocol, supportedAppProtocolReq
    ProtocolNamespace,
    VersionNumberMajor, SchemaID,
    VersionNumberMinor, supportedAppProtocolRes Priority
    SchemaID,
    Priority

    42
    V2G application layer protocol handshake

    43
    V2G application layer messages

    44
    V2G application layer messages

    45
    Kapitola 5
    Testing Environment
    V2G Board Setup I
    dLAN® Green PHY Module

    47
    V2G Board Setup II

    48
    V2G Board Setup III

    49
    V2G Board Setup III

    50
    V2G Testing Environment

    51
    Kapitola 6
    V2GEvil Intro
    V2GEvil - Architecture

    53
    V2GEvil - Functionality I

    54
    V2GEvil - Functionality II

    55
    V2GEvil - Functionality III

    56
    V2GEvil - Functionality IV

    57
    Kapitola 6
    DEMO TIME
    V2GEvil Sniffer
    60
    Sniffer module I

    61
    Sniffer module II

    62
    V2GEvil Enumerator
    64
    Enumerator module

    65
    V2GEvil Fuzzer
    67
    Fuzzer module

    68
    Fuzzer module

    69
    Fuzzer module

    70
    Fuzzer module

    71
    Fuzzer module

    72
    Fuzzer module

    73
    Fuzzer module

    74
    Kapitola 7
    The eNd
    Further enhancements

    76
    Conclusion

    77
    To be released after DEFCON32

    Thank yoU FoR Your Attention

    Pavel Khunt Thomas Sermpinis

    You might also like