Exploring EVesto's Strategy for Secret Rotation
20 September 2023
As the adoption of electric vehicle (EV) chargers continues to surge, it’s crucial to recognize the escalating security risks associated with these devices. Numerous studies highlight the potential threats of using chargers without passwords or relying on unsecured HTTP connections. Thankfully, the potential for charger firmware to mitigate these risks is high and largely depends on Charge Point Management System (CPMS) capabilities. EVesto, developed using the ‘security by design’ principle, is here to transform the landscape.
The ‘Security by Design’ Principle
In essence, this principle means that security best practices are integral at every stage of development, right from the conception of the idea to its operational phase. The ‘security by design’ approach is embedded in the software code and extends to supporting security features for EV chargers.
Rotating Secrets: A Key Security Feature
One such feature is ‘rotating secrets,’ a prevalent practice in software development and cloud services. This procedure involves maintaining two secrets – let’s term them Secret A and Secret B. Initially, the device gets configured with Secret A. When the secret is due for a change or compromised, the device switches to Secret B. Secret A can then be safely discarded and regenerated, completing a full cycle of secret rotation.
EVesto’s Strategy for Secret Rotation
When an EV charger is onboarded on the EVesto platform, it receives two secrets – Secret A and Secret B. Initially, the charger gets provisioned with Secret A. Most chargers support the OCPP security profile 2, defined by the Open Charge Alliance in ‘Improved Security for OCPP 1.6-J,’ which enables the ChangeConfiguration command. From the EVesto portal, the new secret is provisioned using this command, followed by a Reset. Once the charger reconnects, Secret A can be rotated within the portal, enhancing the security of the charger.
Automating Secret Rotation: The Next Step
While this is a critical first step towards increasing security capabilities on the EVesto platform, the subsequent phase would be automating the secret rotation. This step could significantly enhance the security level of your CPMS connection. With several new features in the pipeline, we’re excited about the transformative potential that EVesto brings to the charger security space. Stay tuned as we share more updates and innovations in the coming weeks.
As EV chargers become integral to our everyday lives, ensuring their security is paramount. With innovative solutions like EVesto, developed using the ‘security by design’ principle and advanced features such as secret rotation, we can navigate these challenges and secure a safer, smarter future for EV charging.