Review of ISO 15118-20 with TLS1.3 for Secure and Trustworthy EV Charging Infrastructure
DOI:
https://doi.org/10.53907/enpesj.v6i1.358Keywords:
EV Charging, Cybersecurity, ISO 15118, TLS, Cyber-attackAbstract
Electric Vehicle Supply Equipment (EVSE) and the communication protocols that support it are essential to modern electric mobility, yet they remain vulnerable to significant cyber-physical risks. These risks largely arise from fragmented security adoption and the inconsistent use of Transport Layer Security (TLS). This paper reviews and analyses the security enhancements introduced by ISO 15118-20, with particular emphasis on the requirement for mandatory, mutually authenticated TLS 1.3 to secure end-to-end electric vehicle charging communication. Through an examination of protocol message flows and a synthesis of documented vulnerabilities, the study shows how stronger cryptographic enforcement, certificate-based authentication, and encrypted control signalling reduce the risks of replay, impersonation, man-in-the-middle, and backend exploitation attacks. The analysis also highlights the cyber-physical consequences of communication failures, demonstrating how protocol-level disruptions can result in wider operational risks. As a promoting solution, the paper concludes that the consistent implementation of ISO 15118-20, supported by effective certificate lifecycle management, is essential for developing resilient and trustworthy EV charging infrastructure. While additional advanced security approaches may further strengthen system robustness, future research is required to address additional technical, operational, and environmental factors not covered in this study.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 ENP Engineering Science Journal

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Articles published under a Publisher Office user license are protected by copyright. Users may access, download, copy, translate, text and data mine the articles for non-commercial purposes provided that users:
- Cite the article using an appropriate bibliographic citation (i.e. author(s), journal, article title, volume, issue, page numbers, DOI and the link to the definitive published version)
- Maintain the integrity of the article
- Retain copyright notices and links to these terms and conditions so it is clear to other users what can and cannot be done with the article
- Ensure that, for any content in the article that is identified as belonging to a third party, any re-use complies with the copyright policies of that third party
- Any translations, for which a prior translation agreement with Publisher Office has not been established, must prominently display the statement: "This is an unofficial translation of an article that appeared in a Publisher Office publication. Publisher Office has not endorsed this translation."
This is a non commercial license where the use of published articles for commercial purposes is prohibited. Commercial purposes include:
- Copying or downloading articles, or linking to such postings, for further redistribution, sale or licensing, for a fee
- Copying, downloading or posting by a site or service that incorporates advertising with such content
- The inclusion or incorporation of article content in other works or services (other than normal quotations with an appropriate citation) that is then available for sale or licensing, for a fee
- Use of articles or article content (other than normal quotations with appropriate citation) by for-profit organizations for promotional purposes, whether for a fee or otherwise.
- Use for the purposes of monetary reward by means of sale, resale, license, loan, transfer or other form of commercial exploitation.