A project to simulate and mitigate Man-in-the-Middle (MITM) attacks in Electric Vehicle Charging Station (EVCS) environments.
- Raul Lopez
- Nico Sicat
- Enoch Elumba
This project simulates the communication between an Electric Vehicle Charging Station (EVCS) and a Charging Station Management System (CSMS), along with tools to demonstrate MITM attacks and security implementations.
EVCS-Simulation/
├── CSMS.py # Charging Station Management System
├── CSMS_enc.py # Encrypted version of CSMS (Diffie-Hellman + AES)
├── EVCS.py # Electric Vehicle Charging Station
├── EVSE_enc.py # Encrypted version of EVCS (Diffie-Hellman + AES)
├── TCSMS.py # Test CSMS implementation (TLS)
├── TEVCS.py # Test EVCS implementation (TLS)
├── requirements.txt # Python dependencies
├── setup.sh # Setup script
├── MITM_attack.md # MITM attack documentation
├── encryption.md # Encryption documentation
- Python 3.10
- Three Virtual Machines:
- VM1: Debian (CSMS)
- VM2: Debian (EVSE)
- VM3: Kali Linux (Attacker)
- Ettercap (pre-installed on Kali Linux)
Ettercap should be pre-installed on Kali Linux. If not, install it using:
sudo apt update
sudo apt install ettercap-graphical -y- Clone the repository:
git clone [repository-url]
cd EVCS-Simulation- Install Python dependencies:
pip install -r requirements.txt- Run the setup script:
chmod +x setup.sh
./setup.sh-
CSMS VM (Debian):
- Install Debian OS
- Run
CSMS.pyor encrypted versions - Configure network settings
-
EVSE VM (Debian):
- Install Debian OS
- Run
EVCS.pyor encrypted versions - Configure network settings
-
Attacker VM (Kali Linux):
- Install Kali Linux
- Ensure Ettercap is installed
- Configure for network monitoring
-
CSMS VM:
- Modify
self.hostinCSMS.pyto "0.0.0.0" to accept connections from any IP
- Modify
-
EVSE VM:
- Modify
self.hostinEVCS.pyto point to CSMS VM's IP address
- Modify
This implementation uses Transport Layer Security (TLS) with SSH tunneling for MITM protection.
Key Features:
- Certificate-based authentication
- TLS encryption
- SSH tunneling for ARP spoofing mitigation
- Error handling mechanisms
Benefits:
- Secure communication with certificate verification
- Protection against MITM attacks through SSH tunneling
- Data integrity and authenticity verification
- ARP spoofing mitigation in OSI Layer 2
This implementation uses Diffie-Hellman key exchange with AES encryption for secure communication.
Key Features:
- Diffie-Hellman key exchange for secure key sharing
- AES encryption for data protection
- Secure key exchange without direct transmission
- Implementation using cryptography.hazmat.primitives
Benefits:
- Secure key exchange without transmitting the actual key
- Strong encryption through AES
- Protection against unauthorized access
- Data confidentiality and integrity
- Start the CSMS (choose one version):
python3 CSMS.py # Basic version
python3 CSMS_enc.py # Diffie-Hellman + AES version
python3 TCSMS.py # TLS version- Start the EVCS (choose corresponding version):
python3 EVCS.py # Basic version
python3 EVSE_enc.py # Diffie-Hellman + AES version
python3 TEVCS.py # TLS version- See
MITM_attack.mdfor detailed MITM attack setup and execution - See
encryption.mdfor encryption implementation details
This project is for educational purposes only. Do not use these attack demonstrations on production systems or without proper authorization.