SAE J 2931 7-2017 Security for Plug-In Electric Vehicle Communications.pdf

1、_ SAE Technical Standards Board Rules provide that: “This report is published by SAE to advance the state of technical and engineering sciences. The use of this report is entirely voluntary, and its applicability and suitability for any particular use, including any patent infringement arising there

2、from, is the sole responsibility of the user.” SAE reviews each technical report at least every five years at which time it may be revised, reaffirmed, stabilized, or cancelled. SAE invites your written comments and suggestions. Copyright 2017 SAE International All rights reserved. No part of this p

3、ublication may be reproduced, stored in a retrieval system or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of SAE. TO PLACE A DOCUMENT ORDER: Tel: 877-606-7323 (inside USA and Canada) Tel: +1 724-776-497

4、0 (outside USA) Fax: 724-776-0790 Email: CustomerServicesae.org SAE WEB ADDRESS: http:/www.sae.org SAE values your input. To provide feedback on this Technical Report, please visit http:/standards.sae.org/J2931/7_201710 SURFACE VEHICLE INFORMATION REPORT J2931/7 OCT2017 Issued 2017-10 Security for P

5、lug-In Electric Vehicle Communications RATIONALE With the Smart Grids transformation of the electric system to a two-way flow of electricity and information, the information technology (IT) and telecommunications infrastructures have become critical to the energy sector infrastructure. Therefore, th

6、e management and protection of systems and components of these infrastructures must also be addressed by an increasingly diverse energy sector. To achieve this requires that security be designed in at the architectural level of the PEV, EVSE and other aspects of this SAE document. SAE INTERNATIONAL

7、J2931/7 OCT2017 Page 2 of 65 TABLE OF CONTENTS 1. SCOPE 6 1.1 Purpose . 6 2. APPLICABLE DOCUMENTS 6 2.1 SAE Publications . 6 2.2 ISO-IEC Publications 7 2.3 NIST Publications 7 2.4 Other Publications . 7 3. DEFINITIONS . 8 4. LOGICAL ARCHITECTURE AND INTERFACES OF THE PLUG-IN ELECTRIC VEHICLE . 10 4.

8、1 Logical Architecture Overview 10 4.2 Logical Interface Scenario 11 5. REQUIREMENTS . 16 5.1 General Considerations and Assumptions 16 5.2 Basic Requirements 17 5.3 Vehicle Owner Specific Requirements 20 5.3.1 Authentication . 20 5.3.2 Authorization . 20 5.3.3 Non-Repudiation . 20 5.3.4 Accountabil

9、ity 20 5.3.5 Data Integrity . 20 5.3.6 Confidentiality 20 5.3.7 Privacy. 20 5.3.8 Availability . 20 5.3.9 Smart Applications 21 5.3.10 Wireless Communications. 21 5.4 Vehicle Operator Specific Requirements 21 5.4.1 Authentication . 21 5.4.2 Authorization . 21 5.4.3 Non-Repudiation . 21 5.4.4 Account

10、ability 21 5.4.5 Data Integrity . 21 5.4.6 Confidentiality 21 5.4.7 Privacy. 21 5.4.8 Availability . 22 5.5 Vehicle Maintenance Personnel Specific Requirements 22 5.5.1 Authentication . 22 5.5.2 Authorization . 22 5.5.3 Non-Repudiation . 22 5.5.4 Accountability 22 5.5.5 Data Integrity . 22 5.5.6 Con

11、fidentiality 22 5.5.7 Privacy. 22 5.5.8 Availability . 23 5.6 Vehicle Passenger Specific Requirements . 23 5.6.1 Authentication . 23 5.6.2 Authorization . 23 5.6.3 Non-Repudiation . 23 5.6.4 Accountability 23 5.6.5 Data Integrity . 23 5.6.6 Confidentiality 23 5.6.7 Privacy. 23 5.6.8 Availability . 2

12、3 5.6.9 Locks and Controls . 23 5.6.10 Smart Applications 23 SAE INTERNATIONAL J2931/7 OCT2017 Page 3 of 65 5.7 Utility Specific Requirements 24 5.7.1 Authentication . 24 5.7.2 Authorization . 24 5.7.3 Non-Repudiation . 24 5.7.4 Accountability 24 5.7.5 Data Integrity . 24 5.7.6 Confidentiality 24 5.

13、7.7 Privacy. 24 5.7.8 Availability . 25 5.8 Energy Services Interface Specific Requirements 25 5.8.1 Authentication . 25 5.8.2 Authorization . 25 5.8.3 Non-Repudiation . 25 5.8.4 Accountability 25 5.8.5 Data Integrity . 25 5.8.6 Confidentiality 25 5.8.7 Privacy. 25 5.8.8 Availability . 26 5.9 Energy

14、 Management System Specific Requirements 26 5.9.1 Authentication . 26 5.9.2 Authorization . 26 5.9.3 Non-Repudiation . 26 5.9.4 Accountability 26 5.9.5 Data Integrity . 26 5.9.6 Confidentiality 26 5.9.7 Privacy. 26 5.9.8 Availability . 26 5.9.9 Firmware Updates . 27 5.10 Electric Vehicle Supply Equi

15、pment Specific Requirements 27 5.10.1 Authentication . 27 5.10.2 Authorization . 27 5.10.3 Non-Repudiation . 27 5.10.4 Accountability 27 5.10.5 Data Integrity . 27 5.10.6 Confidentiality 27 5.10.7 Privacy. 27 5.10.8 Availability . 27 5.10.9 Tamper Resistance . 28 5.11 End User Measurement Device Spe

16、cific Requirements . 28 5.11.1 Authentication . 29 5.11.2 Authorization . 29 5.11.3 Non-Repudiation . 29 5.11.4 Accountability 29 5.11.5 Data Integrity . 30 5.11.6 Confidentiality 30 5.11.7 Privacy. 30 5.11.8 Availability . 30 5.11.9 Tamper Resistance . 30 5.12 Vehicle Manufacturer Specific Requirem

17、ents . 30 5.12.1 Authentication . 30 5.12.2 Authorization . 30 5.12.3 Non-Repudiation . 30 5.12.4 Accountability 30 5.12.5 Data Integrity . 30 5.12.6 Confidentiality 30 5.12.7 Privacy. 30 5.12.8 Availability . 30 5.12.9 Supply Chain Security . 30 5.13 Public Key Infrastructure (PKI) Requirements 31

18、5.13.1 Certificates 31 SAE INTERNATIONAL J2931/7 OCT2017 Page 4 of 65 5.13.2 Private Keys 31 5.13.3 Root Certificate Authority (Root CA) . 31 5.13.4 Certificate Revocation . 31 5.13.5 Transport Layer Security (TLS) Protocol 31 5.13.6 Cipher Suites . 31 6. USE CASES 31 6.1 Use Cases Based on Charging

19、 Locations 31 6.2 Use Cases Based on Payments . 39 6.2.1 Anonymous Payment 39 6.2.2 Non-Anonymous Payment at EVSE . 40 6.2.3 Non-Anonymous Payment with Secondary Actor . 41 6.3 Use Cases Based on the Interaction between EVSE and the Customer Energy Management System (CEMS) 41 6.3.1 Facility Manageme

20、nt Dashboard 42 6.3.2 Tenant Notification 42 6.3.3 Equipment Maintenance Operation 43 6.3.4 Load Balancing . 43 6.3.5 Demand Response . 44 6.3.6 Best Price Charging 46 6.3.7 Charge Time Management . 46 6.3.8 Access Control 47 6.3.9 Manage Access Privileges 48 6.3.10 Fleet Management 49 6.3.11 Advanc

21、ed Diagnostics. 49 6.3.12 Vehicle to Building Storage and Regulation . 50 6.4 Use Case Based on the Location of the End Use Measurement Device (EUMD) . 51 6.5 Use Case Based on Wireless Charging 53 6.5.1 Wireless Charger Discovery . 53 6.5.2 Vehicle Alignment . 54 6.6 Other Use Cases . 55 6.6.1 Hack

22、ing of Electric Vehicle Firmware . 55 6.6.2 Hacking of Utility Backend Database Storing User Information 55 6.6.3 Hacking of Protocol Translation Module . 56 6.6.4 Hacking Wireless Communications 57 6.6.5 Hacking the EVSE Network 57 6.6.6 Hacking into the Firmware Responsible for DC Charging Protoco

23、l 58 7. NETWORK SECURITY . 58 7.1 Inadequate Integrity Checking 58 7.2 Inadequate Network Segregation . 59 7.3 Inappropriate Protocol Selection . 60 7.4 Insufficient Redundancy 60 7.5 Physical Access to the Device 60 8. SOFTWARE VULNERABILITIES . 61 8.1 Code Quality Vulnerability (CWE-398) 61 8.2 Au

24、thentication Vulnerability (CWE-287) 61 8.3 Authorization Vulnerability (CWE-284) . 61 8.4 Cryptographic Vulnerability (CWE-310) 62 8.5 Input and Output Validation (CWE-20 and CWE-116) 62 8.6 Logging and Auditing Vulnerability (CWE-778 and CWe-779) . 62 8.7 Sensitive Data Protection Vulnerability (C

25、WE-199) 63 8.8 Session Management Vulnerability (CWE-718) . 63 8.9 Mobile Code Vulnerability (CWE-490) 63 8.10 Potential Mitigation for the Vulnerabilities Mentioned Above 64 SAE INTERNATIONAL J2931/7 OCT2017 Page 5 of 65 9. EMERGING TECHNOLOGIES . 65 10. NOTES 65 10.1 Revision Indicator 65 Figure 1

26、 Logical interfaces for an EVSE and PEV 11 Figure 2 28 Figure 3 28 Figure 4 28 Figure 5 29 Figure 6 29 Figure 7 64 Table 1 11 Table 2 19 Table 3 32 Table 4 33 Table 5 34 Table 6 36 Table 7 37 Table 8 39 Table 9 40 Table 10 41 Table 11 42 Table 12 42 Table 13 43 Table 14 43 Table 15 44 Table 16 46 Ta

27、ble 17 46 Table 18 47 Table 19 48 Table 20 49 Table 21 49 Table 22 50 Table 23 51 Table 24 52 Table 25 52 Table 26 53 Table 27 54 Table 28 55 Table 29 55 Table 30 56 Table 31 57 Table 32 57 Table 33 58 SAE INTERNATIONAL J2931/7 OCT2017 Page 6 of 65 1. SCOPE This SAE Information Report J2931/7 establ

28、ishes the security requirements for digital communication between Plug-In Electric Vehicles (PEV), the Electric Vehicle Supply Equipment (EVSE) and the utility, ESI, Advanced Metering Infrastructure (AMI) and/or Home Area Network (HAN). 1.1 Purpose The purpose of SAE J2931/7 is to define the securit

29、y requirements for the digital communications between the following: 1. Direct wired point to point communication between PEV and EVSE as end devices This mode is required for DC Fast Charging or DC DER as defined by SAE J2847/2. This mode could also be used for smart charging, DER operation, or oth

30、er purposes when the EVSE represents the combined PEV-EVSE to a remote entity and the PEV is completely isolated as with ISO 15118. This mode is used with SAE J3072. 2. Direct wireless point to point communication between PEV and EVSE as end devices This mode would be used for wireless power transfe

31、r as defined by SAE J2847/6. 3. Internet communication between PEV and a remote end device by way of the EVSE This mode would be used for smart charging (SAE J2847/1) and with onboard inverters (SAE J2847/3). This mode could also be used to engage with a customer with a wireless or wired connection

32、to the internet. 4. PEV engages a remote end device using telematics link This mode uses a vehicle manufacturer telematics link which exchanges information with an end device using the internet. 5. PEV uses direct wired connection to end device or internet other than by charging port It may be possi

33、ble to connect the PEV directly to the internet or end device for maintenance or other purposes which could corrupt the PEV software associated with PEV interaction with the EPS. It is possible that the PEV could use a Wi-Fi link rather than the wired connection through the EVSE to engage the HAN. F

34、or this document, the latest version of NISTIR 7628 (Guidelines for Smart Grid Cyber Security) will serve as a reference to define and map the security requirements for the digital communications for Plug-in Electric Vehicles. 2. APPLICABLE DOCUMENTS The following publications form a part of this sp

35、ecification to the extent specified herein. Unless otherwise indicated, the latest issue of SAE publications shall apply. 2.1 SAE Publications Available from SAE International, 400 Commonwealth Drive, Warrendale, PA 15096-0001, Tel: 877-606-7323 (inside USA and Canada) or +1 724-776-4970 (outside US

36、A), www.sae.org. SAE J1772 SAE Electric Vehicle and Plug in Hybrid Electric Vehicle Conductive Charge Coupler SAE J2836/1 Use Cases for Communication Between Plug-in Vehicles and the Utility Grid SAE J2836/2 Use Cases for Communication between Plug-in Vehicles and Off-Board DC Charger SAE J2836/6 Us

37、e Cases for Wireless Charging Communication for Plug-in Electric Vehicles SAE INTERNATIONAL J2931/7 OCT2017 Page 7 of 65 SAE J2847/1 Communication for Smart Charging of Plug-in Electric Vehicles using Smart Energy Profile 2.0 SAE J2847/2 Communication Between Plug-In Vehicles and Off-Board DC Charge

38、rs SAE J2931/1 Digital Communications for Plug-in Electric Vehicles 2.2 ISO-IEC Publications Copies of these documents are available online at http:/webstore.ansi.org/. ISO/IEC/CD 15118-1 Vehicle to grid communication interface - Part 1: General information and use-case definition 2.3 NIST Publicati

39、ons Available from NIST, 100 Bureau Drive, Stop 1070, Gaithersburg, MD 20899-1070, Tel: 301-975-6478, www.nist.gov. NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements NISTIR 7628 Guidelines for Smart Grid Cyber

40、Security: Vol. 2, Privacy and the Smart Grid NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 3, Supportive Analyses and References SP 800-98 Guidelines for Securing Radio Frequency Identification (RFID) Systems FIPS 140-2 Security Requirements for Cryptographic Modules 2.4 Other Publicati

41、ons IEC/TS 62351-1 Power systems management and associated information exchange - Data and communications security - Part 1: Communication network and system security - Introduction to security issues IEC/TS 62351-8 Power systems management and associated information exchange - Data and communicatio

42、ns security - Part 8: Role-Based Access Control IEC/TR 62351-10 Power systems management and associated information exchange - Data and communications security - Part 10: Security Architecture IEC/TR 62351-12 Power systems management and associated information exchange - Data and communications secu

43、rity - Part 12: Resilience and Security Recommendations for Power Systems with DER IEC 62443-3-3 Industrial communication networks - Network and system security - Part 3-3: System security requirements and security levels CIGRE D2.3 Security architecture principles for digital systems in Electric Po

44、wer Utilities EPUs IEC 15118 Road vehicles - Vehicle to grid communication interface Analysis on Cryptographic Module Validation Testing for Side-Channel Attacks (Journal of Security Engineering) Analysis on Cryptographic Module Validation Testing for Side-Channel Attacks (Journal of Security Engine

45、ering) - http:/www.sersc.org/journals/JSE/vol7_no4_2010/3.pdf, National Institute of Standards and Technology, Advanced Encryption Standard (AES), Federal Information Processing Standards Publication 197, November 26, 2001. National Institute of Standards and Technology, Recommendation for Block Cip

46、her Modes of Operation, Methods and Techniques, Special Publication 800-38A, December 2001. National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices, Special Publication 800-38E, January 2010. SAE INTE

47、RNATIONAL J2931/7 OCT2017 Page 8 of 65 National Institute of Standards and Technology, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, Special Publication 800-67, May 2004. National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation

48、, Methods and Techniques, Special Publication 800-38A, December 2001. Appendix E references Modes of Triple-DES. National Institute of Standards and Technology, Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, Special Publication 800-131A Revision 1, November 201

49、5. National Institute of Standards and Technology, Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186-3, June 2009 (DSA, RSA2 and ECDSA2). National Institute of Standards and Technology, Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186-2, January 2000 with Change Notice 1 (DSA, RSA and ECDSA). RSA Laboratories, PKC