OCPPStorm: A Comprehensive Fuzzing Tool for OCPP Implementations

In the context of escalating electric vehicle (EV) adoption, the development of a robust charging infrastructure emerges as a critical enabler. At the heart of this infrastructure lies the Open Charge Point Protocol (OCPP), serving as a standardized communication interface between electric vehicle charging stations and central systems. Historically, the security scrutiny of OCPP has been executed in a sporadic and unsystematic fashion. Addressing this lacuna, this thesis presents OCPPStorm, a black-box fuzzer designed to navigate the security landscape of OCPP with precision and agility. OCPPStorm is architected to be indifferent to the programming language, thus making it inherently versatile for applications across various OCPP implementations. OCPPStorm implements a suite of fuzzing mechanisms, distinguished by their velocity and efficiency, to detect and delineate bugs and security vulnerabilities within OCPP systems. OCPPStorm is evaluated through rigorous testing across two different open source OCPP implementations, highlighting the tool's capability to transcend language and structural boundaries. The primary objective of this research is to elevate the methodological rigor in security testing of OCPP implementations, advancing the frontier of protocol security in the EV charging domain. OCPPStorm, with its rapid and comprehensive fuzzing techniques, serves as a vanguard in this endeavor, providing a scalable and effective framework for enhancing the security OCPP implementations. OCPPStorm utilizes information extracted from the official OCPP documentation and evaluates OCPP implementations sourced from public repositories on GitHub, ensuring the research did not involve human subjects.