Table of Contents
Fetching ...

Streamlining Plug-and-Charge Authorization for Electric Vehicles with OAuth2 and OIDC

Jonas Primbs, Dustin Kern, Michael Menth, Christoph Krauß

TL;DR

This paper tackles the complexity and non-uniformity of Plug-and-Charge credential installation in ISO 15118 and proposes an OAuth 2.0–based streamlined flow using the Device Authorization Grant and Rich Authorization Requests to enable fine-grained, cross-device authorization. It introduces a mobile UA app, an OAuth authorization server and contract certificate service, and an HSM-backed EV credential provisioning process, complemented by an OIDC extension for payment integration. A proof-of-concept implementation and performance measurements demonstrate feasibility on modest hardware, while a formal security analysis with the Tamarin prover verifies strong authentication properties for credential installation. The approach reduces PKI complexity, enhances usability, supports flexible constraints (e.g., time/cost limits), and provides a formally verifiable blueprint that could extend beyond EV charging scenarios.

Abstract

The Plug-and-Charge (PnC) process defined by ISO 15118 standardizes automated Electric Vehicle (EV) charging by enabling automatic installation of credentials and use for authentication between EV and Charge Point (CP). However, the current credential installation process is non-uniform, relies on a complex Public Key Infrastructure (PKI), lacks support for fine-grained authorization parameters, and is not very user-friendly. In this paper, we propose a streamlined approach to the initial charging authorization process by leveraging the OAuth Device Authorization Grant and Rich Authorization Requests. The proposed solution reduces technical complexity, simplifies credential installation, introduces flexible authorization constraints (e.g., time- and cost-based), and facilitates payment through OpenID Connect (OIDC). We present a proof-of-concept implementation along with performance evaluations and conduct a symbolic protocol verification using the Tamarin prover. Furthermore, our approach solves the issue of OAuth's cross-device authorization, making it suitable as a formally proven blueprint in contexts beyond EV charging.

Streamlining Plug-and-Charge Authorization for Electric Vehicles with OAuth2 and OIDC

TL;DR

This paper tackles the complexity and non-uniformity of Plug-and-Charge credential installation in ISO 15118 and proposes an OAuth 2.0–based streamlined flow using the Device Authorization Grant and Rich Authorization Requests to enable fine-grained, cross-device authorization. It introduces a mobile UA app, an OAuth authorization server and contract certificate service, and an HSM-backed EV credential provisioning process, complemented by an OIDC extension for payment integration. A proof-of-concept implementation and performance measurements demonstrate feasibility on modest hardware, while a formal security analysis with the Tamarin prover verifies strong authentication properties for credential installation. The approach reduces PKI complexity, enhances usability, supports flexible constraints (e.g., time/cost limits), and provides a formally verifiable blueprint that could extend beyond EV charging scenarios.

Abstract

The Plug-and-Charge (PnC) process defined by ISO 15118 standardizes automated Electric Vehicle (EV) charging by enabling automatic installation of credentials and use for authentication between EV and Charge Point (CP). However, the current credential installation process is non-uniform, relies on a complex Public Key Infrastructure (PKI), lacks support for fine-grained authorization parameters, and is not very user-friendly. In this paper, we propose a streamlined approach to the initial charging authorization process by leveraging the OAuth Device Authorization Grant and Rich Authorization Requests. The proposed solution reduces technical complexity, simplifies credential installation, introduces flexible authorization constraints (e.g., time- and cost-based), and facilitates payment through OpenID Connect (OIDC). We present a proof-of-concept implementation along with performance evaluations and conduct a symbolic protocol verification using the Tamarin prover. Furthermore, our approach solves the issue of OAuth's cross-device authorization, making it suitable as a formally proven blueprint in contexts beyond EV charging.
Paper Structure (31 sections, 14 figures, 2 tables)

This paper contains 31 sections, 14 figures, 2 tables.

Figures (14)

  • Figure 1: *EV charging architecture.
  • Figure 2: ISO 15118 *PKI (cf. iso2).
  • Figure 5: High-level overview of protocol flow.
  • Figure 6: Step 1: UA connects to EV via BLE.
  • Figure 7: Step 2: UA requests configuration from EV.
  • ...and 9 more figures

Theorems & Definitions (1)

  • definition thmcounterdefinition: Injective agreement