Vulnerability Assessment of EV Roaming Protocol OCPI Based on OWASP API Security Risks

Abstract

Abstract— The usage of electric vehicles (EV) continues to increase, supported by the rapid growth of EV charging infrastructure. This has driven widespread adoption of the OCPI protocol, which removes barriers to charging services and facilitates roaming between service providers. However, due to high market demand and the accelerated deployment of charging stations, OCPI protocol implementations often focus solely on functionality, with little attention paid to cybersecurity aspects. In this research, we present a vulnerability assessment of OCPI protocol implementation based on OWASP Top Ten - API Security Risks to minimize risks. Our method involves threat modeling to identify threats, attacks, vulnerabilities, and preventive measures that can impact OCPI implementation. We identified 27 potential threats in OCPI implementation and categorized them according to the risks listed in OWASP Top Ten. This assessment provides a basis for improving security standards in OCPI implementation for a safer future.