The ISO 15118 security layer is the set of cryptographic and certificate-based mechanisms that protects communication between an EV and an EVSE during an ISO 15118 charging session. It provides authentication, confidentiality, and integrity, enabling features like Plug & Charge while reducing the risk of spoofing, tampering, or session hijacking.
What Is the ISO 15118 Security Layer?
ISO 15118 does not rely on “trust by proximity.” Instead, it uses a dedicated security architecture to ensure the EV and charger can communicate securely, including:
– Mutual authentication (EV and EVSE prove identity)
– Encrypted communication to protect sensitive session data
– Message integrity to prevent tampering
– Certificate-based authorization for Plug & Charge contracts
This security layer sits above the basic electrical handshake and enables secure digital trust between vehicle, charger, and the broader ecosystem.
Why the Security Layer Matters in EV Charging
EV charging is a connected transaction that can involve billing, identity, and remote system integration. The ISO 15118 security layer helps:
– Prevent impersonation (fake vehicle or fake charger attacks)
– Reduce risk of unauthorized charging and billing fraud
– Protect user and contract data from interception
– Enable Plug & Charge without RFID cards or apps
– Support trusted interoperability across roaming and operator systems
For operators, it strengthens reliability and trust in automated authorization workflows.
Core Building Blocks
The ISO 15118 security layer typically relies on:
Public Key Infrastructure (PKI)
A PKI issues and manages certificates that establish trust:
– Certificates bind identities (vehicle, contract, charger) to cryptographic keys
– Trust chains validate certificates back to trusted authorities
– Policies define how certificates are issued, revoked, and audited
Digital certificates and keys
Security depends on protected credentials:
– EVs store contract certificates used for Plug & Charge authorization
– EVSEs may use certificates to authenticate and secure communication
– Private keys must be protected from extraction and cloning
Secure session establishment
During a session:
– The EV and EVSE negotiate a secure channel
– Certificates are presented and validated
– Encrypted communication is established for the ISO 15118 message exchange
Plug & Charge authorization
With Plug & Charge:
– The EV presents a valid contract identity
– The EVSE accepts or rejects based on certificate validation and backend authorization rules
– Billing is linked to the contract behind the certificate rather than a local RFID/app action
Lifecycle and Operational Considerations
Security is not only “during the session.” It depends on end-to-end credential governance:
– Certificate provisioning (vehicle delivery, contract activation)
– Certificate renewal and rotation to avoid expiry outages
– Revocation handling to block compromised credentials
– Backend mapping of contract identities to billing accounts
– Monitoring and audit trails for abnormal authorization patterns
Weak lifecycle processes can create real-world failures (e.g., sessions failing due to expired certificates).
Security Layer vs Charger-to-Backend Security
The ISO 15118 security layer protects EV ↔ EVSE communication. It is separate from (but must align with):
– OCPP security (charger ↔ CPMS), typically using TLS and certificate management
– Backend identity and authorization controls for roaming and billing
– Device hardening and secure updates (e.g., secure boot, firmware signing)
A secure Plug & Charge ecosystem needs both secure EV↔EVSE communication and secure backend operations.
Implementation Risks and Best Practices
Key risks include:
– Poor key protection (cloned identities)
– Certificate expiry and renewal failures causing session start issues
– Inconsistent trust chain configuration between EVSE, backend, and roaming partners
– Weak incident handling for compromised credentials
Common best practices:
– Use hardware-backed key storage where possible (hardware root of trust)
– Implement robust certificate management with monitoring and alerting
– Stage and validate updates in a secure update pipeline
– Maintain clear incident procedures for certificate revocation and rollback
Related Glossary Terms
ISO 15118
Plug & Charge
Public Key Infrastructure (PKI)
Certificate Management
Encrypted Communications
Hardware Root of Trust
Secure Boot
Firmware Signing
OCPP
Interoperability Billing