Tell Me How You Re-Charge, I Will Tell You Where You Drove To

Abstract

Charging an EV (Electric Vehicle) comprises two phases: a) resource negotiation, and b) actual charging. While the former phase runs over secure communication protocols, the latter is usually assumed not to be a threat to security and privacy. However, we believe that the physical signals exchanged between the EV and the EVSE (Electric Vehicle Supply Equipment) represent information that a malicious user could exploit for profiling. Furthermore, as a large number of EVSEs has been deployed in public places to ease out-of-home EV charging, an attacker might easily have physical access to unsecured data. In this paper, we propose EVScout, a novel attack to profile EVs during the charging process. By exploiting the physical signals exchanged by the EV and the EVSE as a side-channel to extract information, EVScout builds a set of features peculiar for each EV. As an EVScout component, we also propose a novel feature extraction framework, based on the intrinsic characteristics of EV batteries, to identify features from the exchanged electric current. We implemented and tested EVScout over a set of real-world measurements (considering 100 charging sessions of 22 EVs). Numerical results show that EVScout could profile EVs, attaining a maximum of 0.9 recall and 0.85 precision. To the best of authors’ knowledge, these results set a benchmark for upcoming privacy research for EVs.