OCPPStorm: A Comprehensive Fuzzing Tool for OCPP Implementations

The modern world of digital communication hinges on the reliability and security of its underlying protocols. Among these, the Open Charge Point Protocol (OCPP) stands out as a cornerstone for electric vehicle charging stations. However, ensuring its robustness requires systematic testing against potential vulnerabilities. Enter OCPPStorm, a sophisticated fuzzer tailored for the OCPP protocol. This research presents a comprehensive dive into OCPPStorm and its triad of fuzzing techniques. First, the Random Fuzzer serves as a foundational mechanism, autonomously selecting OCPP message types, fuzzing, and subsequently dispatching them to a central system for response analysis. The State Machine Fuzzer takes a more structured approach, permitting users to input correct sequences of OCPP messages that emulate a "state machine". This empowers users to define and fuzz common OCPP message sequences, bridging the gap between theoretical testing and real-world communication patterns. Lastly, the Isla Fuzzer, a result of integrating the Isla Message Generator with OCPPStorm, employs the Isla library coupled with meticulously crafted grammars and constraints. Together, these techniques fortify OCPPStorm's ability to identify bugs and security issues in OCPP implementations, shining a light on vulnerabilities while offering avenues for enhancements. In its entirety, this thesis underscores the critical importance of exhaustive protocol testing and sets the benchmark for future endeavors in the realm of OCPP security.