Electric Vehicle User Data-Induced Cyber Attack on Electric Vehicle Charging Station

Electric vehicle (EV) user data (e.g., arrival/departure times and initial/desired state of energy (SOE) of the EV at EV charging stations (EVCSs)) are crucial data based on which the energy management system (EMS) of EVCS calculates the economic charging schedules of EVs according to their preferred charging conditions. In this paper, we present a novel cyber attack via the manipulation of EV user data against the EMS of an EVCS that may result in incorrect electricity costs incurred by the EVCS through distorted charging schedules of EVs. The proposed attack method is formulated as a mixed-integer linear-programming-based bi-level optimization problem that comprises upper- and lower-level optimization problems. At the upper level, malicious EV user data injected into the communication network between the EVs and the EMS of the EVCS are calculated, while a normal operation of the EV charging optimization algorithm in the EMS is ensured at the lower level even if malicious data are delivered from the upper level. The formulated bi-level optimization problem is converted into a single-level optimization problem by replacing the lower-level problem with its corresponding Karush–Kuhn–Tucker conditions. The feasibility of the proposed cyber attack against EVCSs is demonstrated via a simulated scenario in which 40 EVs arrive at an EVCS, which has six charging poles with different charging speeds. The economic impact of such an attack is quantified in terms of the total electricity cost incurred by the EVCS, charging schedule, initial/desired SOE of EVs, and attack effort.


I. INTRODUCTION
Transportation electrification through which fossil-fuel vehicles are replaced by electric vehicles (EVs) is becoming feasible owing to the environmental and economic advantages of EVs [1]. Compared to fossil-fuel vehicles, EVs can reduce carbon pollution, greenhouse gas emissions, and the consumption of fossil resources. Furthermore, EVs are utilized as flexible loads to conduct peak shaving and voltage regulation by controlling their charging and discharging capabilities through the vehicle-to-grid technology, thereby maintaining a stable operation of the power distribution grid [2]. For transportation electrification, EV charging stations (EVCSs) constitute a crucial equipment through which EVs charge their desired power from the power distribution grid. To achieve transportation electrification along with the afore-mentioned advantages of EVs, it is necessary to develop a system for EVCS operators to manage the charging schedules of EVs to minimize their electricity charging costs while maintaining the charging preferences of EV users [3].
Energy management systems (EMSs) for EVCS constitute a core technology for EVCS operators to conduct optimal charging scheduling of EVs that charge their power via charging poles at the EVCS. In general, an optimization algorithm is implemented in the EMS to calculate the optimal charging schedules of EVs by minimizing the costs incurred by the EVCS while purchasing electricity from power utilities according to the charging preferences of EV users [4]. To this end, two types of data need to be embedded into the optimization algorithm of EMSs prior to its execution. The first type corresponds to static data, which include the VOLUME , 2019 number and type of charging poles of the EVCS (these poles can have different charging speeds) as well as the time-of-use (TOU) pricing tariff. The second type represents dynamically varying data of heterogeneous EV users, which are transmitted through the communication network from EV users to the EMS of an EVCS via their mobile phones. These dynamically varying data for each EV user include i) the predicted arrival time and initial state of energy (SOE) of the EV when the EV arrives at the EVCS, and ii) the preferred departure time and desired SOE of the EV when the EV departs from the EVCS.
The mobile communication network employed for communication between EVs and the EMSs of EVCSs may be vulnerable to potential cyber attacks that compromise the mobile phones of EV users, as illustrated in Fig. 1. The adversary can penetrate the communication channels in cellular or Wi-Fi wireless networks and inject malicious data into the aforementioned second type of EV user data. Consequently, the manipulated EV user data may lead to the malfunction of the optimization algorithm in the EMS of an EVCS, thereby increasing the total electricity cost incurred by the EVCS by distorting the EV charging schedules. The primary goal of this study is to propose a novel cyber attack strategy in which the adversary increases the electricity cost incurred by the EVCS by manipulating EV user data and investigate the economic impact of the operation of EVCS subject to such an attack.
Given that EVCSs and EVs are tightly coupled through an advanced information and communication technology (ICT) for efficient EV charging and stable operation of the power distribution grid, numerous previous studies have explored various types of cyber threat models, which exploit the vulnerability of ICT networks, and developed methods for detecting and mitigating such threats. In [5]- [7], three types of confidentiality-integrity-availability cyber attacks on EVCSs, namely eavesdropping attack (confidentiality attack), manin-the-middle attack (integrity attack), and denial-of-service attack (availability attack), were introduced, and the risk assessment of EVCSs subject to these attacks was conducted. In [8], a risk assessment framework for large-scale EVCSs was developed to evaluate the vulnerability of EVCSs to cyber attacks on the communication between EVCSs and electric utilities. Various cyber attacks on EVs and EVCSs were presented in [9]; herein, cyber attacks were classified according to the type of exchanged data among the EVs, EV aggregators, and EVCS control centers. A novel data-driven cyber attack strategy was proposed in [10] in which the adversary manipulates EVs and the EVCS loads to yield frequency instability in the electric power grid using available data from power grid, EVCSs, and EVs. In [11], a cyber attack for manipulation of the SOE of EVs was presented, and a method for estimating the manipulated SOE was developed using a back-propagation neural network based on experimental data. In [12], the impact of cyber attacks on the transportation system, electric power grid, and EVCSs was discussed, and some guidelines to protect the EV charging network from cyber attacks were introduced. The vulnerability of the onboard charger hardware of an EV to data integrity attacks was investigated in [13] wherein the adversary disrupts the main charger controller logic and battery management system by performing fake communication between the charging controller and electronic control units. In [14], [15], new attack strategies to distort the communication protocol, in particular the open charge point protocol, between the EMS of an EVCS and the EVCS control center were introduced. Here, the adversary following the attack strategy misleads the EVCS operator, causing incorrect authentication of new EV users and dispatching incorrect charging commands to EVs. More recently, a cyber attack based on the manipulation of EV charging and discharging against a power grid was investigated in [16]. It was verified that because of the high reactive power demand of EVs, the manipulation of EV load has a greater detrimental impact on the power grid operation than that of the residential load. A concise review of various cyber attacks on EVs and EVCSs and the risk assessment of power grid operation subject to such attacks is provided in [17]. In contrast with attack models and corresponding attack impact analysis, various defending algorithms that detect cyber attacks on EVs and EVCSs and mitigate the impact of such attacks have been developed. Data-driven approaches were adopted for the detection of cyber attack against i) EVs using a machine learning method based on the transient physical characteristics of EVs [18], and ii) EVCSs using deep neural networks and long-short-term memory methods [19]. In [20], a mixed-integer linear programming (MILP)-based optimization model was presented to minimize the risk of attack propagation by isolating a group of compromised EVCSs. A new attack mitigation approach using cyber insurance was proposed in [21] in which the risk of EVs to cyber attack is transferred by cyber insurance to a third party so that the EVs are always assigned the best charging/discharging price. In [22], a cyber attack that targets the inter-area stability of the power grid through the malfunction of EVCSs was considered, and a two-stage defending method for EVCSs was developed for attack detection using a back-propagation neural network scheme. Attack mitigation through the deletion of adversarial requests from EVCSs was also proposed.
However, previous studies have neither formulated a mathematical attack strategy via the manipulation of EV user data to cause malfunction of the EMS of an EVCS nor conducted attack impact analysis. To the best of our knowledge, the present study is the first of its kind aiming to develop a manin-the-middle attack method based on a bi-level optimization problem in which the adversary stealthily injects malicious data into the EV user data and causes a malfunction of the EMS, thereby increasing the total electricity cost incurred by the EVCS owing to the manipulated EV charging schedule. The main contributions of this study can be summarized as follows: 1) We propose a cyber attack on the EV charging optimization algorithm deployed in the EMS of an EVCS. The adversary distorts the charging schedules of EVs at the EVCS by stealthily manipulating the EV user data (arrival/departure times and initial/desired SOE of EVs at the EVCS), which are transmitted from EVs to the EVCS, thereby increasing the total electricity cost incurred by the EVCS. 2) We address the proposed attack method using a bilevel optimization problem that comprises upper-and lowerlevel optimization problems. In the former, malicious data injected into the EV user data are calculated to distort the EV charging schedule with minimum attack effort. In the latter, the EV charging optimization algorithm is ensured to be executed normally even if malicious data are calculated from the former. We then reformulate the bi-level optimization problem into a singlelevel optimization problem by replacing the lower-level problem with its Karush-Kuhn-Tucker (KKT) conditions. 3) We validate the feasibility and performance of the proposed attack method through a simulation scenario in which 40 EVs charge power via charging poles with different charging speeds at an EVCS during one day. Numerical examples confirm that the proposed attack method has a detrimental economic impact on the EVCS operation by manipulating the EV charging schedule in terms of the total electricity cost incurred by the EVCS and charging energy of EVs.
The remainder of this paper is organized as follows. Section II introduces a system model for the charging of multiple EVs at an EVCS and an EV charging optimization problem with an attack model. Section III presents a mathematical formulation of the proposed attack strategy using both bi-level and single-level optimization problems. Section IV presents numerical examples that demonstrate the performance of the proposed attack method. Finally, conclusions and future research directions are drawn in Section V.

A. SYSTEM MODEL
Let us consider a situation in which multiple EVs with different charging conditions and EV user preferences are charged at a single EVCS having three different charging power levels (i.e., Levels 1, 2, and 3). The EVCS is connected to power distribution system, which is managed by distribution system operator (DSO). In this study, DSO provides the EVCS with the TOU pricing signal, using which the EVCS purchases power from the distribution grid and supplies it to EVs connected to the EVCS. The EV charging scenario comprises the following two steps: Step 1) Before the EVs arrive at their targeted EVCS, EV users send their private charging information using their mobile phones through a communication network to the EVCS.
Step 2) Using the information received from the EV users in Step 1), the EMS in the EVCS schedules optimal charging powers for EVs that arrive at the EVCS and assigns optimal charging poles. In Step 1), vector D j encoding the private charging information delivered by the EV user j ∈ J contains four types of data: In (1), a j and d j represent the predicted arrival and desired departure times of EV j at the EVCS, respectively; SOE I j is the predicted initial SOE of EV j when it arrives at the EVCS; SOE D j is the minimum threshold for the desired SOE level of EV j when it departs from the EVCS. In this study, we assume that the predicted and desired data of EV users are quite accurate. In Step 2), we assume that the EVCS has multiple charging poles i ∈ I = I (1) I (2) I (3) that are categorized into three types of charging poles with different maximum charging limits: i ∈ I (1) for Level-1 charging (50 kW), i ∈ I (2) for Level-2 charging (100 kW), and i ∈ I (3) for Level-3 charging (200 kW). The EVCS is assumed to be equipped with an optimization-based EMS to achieve economic operation. Under TOU pricing tariff, the EMS assists the EVCS operator to minimize the total charging cost of EVs (i.e., the total cost suffered by the EVCS while purchasing electricity from power utilities) through the optimal charging scheduling and charging pole assignment for EVs according to the predicted EV charging condition and desired comfort level of the EV user. Note that the EMS requires various types of input data to economically operate the EVCS and completely satisfy EV user preferences. These input data include the maximum SOE (SOE max j ) of each EV j and the maximum charging power (P max i ) at charging pole i along with the private user data of EV j (D j ) defined in Step 1). The EMS includes an EV charging optimization module based on the aforementioned input data. The mathematical model is detailed in the next subsection.

B. EV CHARGING OPTIMIZATION MODEL
For each EV j, at a scheduling time k ∈ K := {t, t + 1, . . . , t + h − 1} with a scheduling unit time ∆t and prediction horizon h, the EV charging algorithm is formulated in terms of the following MILP optimization problem: This MILP optimization problem aims to minimize the objective function in (2), which is the total electricity charging cost calculated using the TOU price C k and charging power P j,k for all EVs during the prediction horizon h. Equation (3) represents the dynamics of the SOE for EV j at a future time k + 1 in terms of the SOE at current time k and charging power P j,k with scheduling unit time ∆t. Equations (4) and (5) describe the constraints on the SOE with an initial SOE (SOE I j ) when EV j arrives at the EVCS at time k along with the maximum SOE (SOE max j ) and with a desired SOE (SOE D j ) when EV j completes its charging at the end of the prediction horizon, respectively. The EV charging power is limited by the maximum charging power P max i at charging pole i with the three different charging levels defined in (6), where b ch i,j,k represents the binary decision variable that determines the charging status of EV j at charging pole i ("1" for charging; "0" otherwise). Equation (7) states that EV j is not fully charged at time k Here, is a sufficiently small positive number. Equation (8) guarantees that each charging pole i is at most connected to one EV at time k. According to (9), the charging process of EV j at charging pole i can be allowed only when the EV stays at the EVCS (i.e., b s j,k = 1). Equation (10) allows for consecutive or no consecutive charging of the EV at times k − 1 and k depending on the non-fully charging status b nf j,k , The binary decision variables are defined in (11).
Finally, the decision variables for the EV charging optimization problem in (2)-(11) are expressed as where a j and d j denote the arrival and departure times of EV j at the EVCS, respectively. In this study, the charging window T w j of EV j at the EVCS is defined as d j − a j and includes its charging time T c j (i.e., T c j ⊂ T w j ). In general, bi-level optimization problems are hard to be solved by the commercial optimization solvers. To resolve this issue, as described in Section III, the proposed bilevel optimization-based attack strategy needs to be transformed into a single-level optimization problem by replacing the lower-level optimization problem (i.e., EV charging optimization problem defined by (2)-(11)) with its KKT conditions. Evidently, the optimal solution of the singlelevel optimization problem is readily calculated by many available optimization solvers. However, no KKT conditions for the MILP optimization problem exist because the MILP optimization problem is convex no longer. Therefore, the MILP-optimization-based EV charging problem should be converted into a convex linear-programming-based optimization problem by relaxing the binary decision variables in (11) with continuous variables as follows: In the relaxed EV charging optimization problem, all variable vectors (α, β, γ, χ, λ, θ, ζ, ρ, ξ, and ν) associated with the equality and inequality constraints represent Lagrangian multipliers with non-negative values. The Lagrangian multiplier vector of the inequality constraint having both the upper and lower limits is expressed as the corresponding Lagrangian multiplier subvectors. For example, vector β in constraint (4) is decomposed into two subvectors, i.e., β = [β + , β − ], where β + and β − correspond to the upper and lower limits of the inequality constraint, respectively.

C. PROPOSED ATTACK MODEL AND ASSUMPTIONS
As illustrated in Fig. 2, we consider a scenario in which an adversary stealthily injects malicious data into the EV data (i.e., arrival/depareture times and initial/desired SOE) that are transmitted via a communication network from the EV users' mobile phones to the EMS of the EVCS. In this attack scenario, the EV data manipulated by the adversary are fed into the EV charging optimization algorithm of the EMS described in Section II-B as input data, thereby leading to changes in its optimal solution (e.g., an increase in the total electricity cost incurred by the EVCS through a distorted EV charging schedule).
For a successful attack based on the proposed attack strategy, the adversary needs to satisfy the following assumptions: • The adversary is capable of breaching a mobile communication network and compromising mobile phones of EV users by monitoring and manipulating their data. • The adversary can formulate an EV charging optimization problem and calculate its optimal solution with the knowledge of the EVCS operating conditions, including the number and type of charging poles with different charging speeds and the TOU pricing tariff.

III. MATHEMATICAL FORMULATION OF CYBER ATTACK ON EVCS
In this section, we present an optimization problem that describes an EV user data-induced cyber attack on an EVCS. Section III-A introduces a bi-level optimization attack formulation that comprises upper-and lower-level optimization problems. In the bi-level optimization problem, the upperand lower-level problems correspond to the adversary and EVCS operator, respectively. In Section III-B, the bi-level optimization attack problem formulated in Section III-A is transformed into an equivalent single-level optimization problem using the KKT conditions of the lower-level optimization problem.

A. BILEVEL OPTIMIZATION MODEL FOR THE PROPOSED EVCS ATTACK
The proposed attack strategy is formulated as the following bi-level MILP optimization problem with multi-objective function and constraints: Upper level s.t.

1) UPPER LEVEL
In the upper level (14)- (20), the adversary calculates four types of malicious data (∆SOE I j , ∆SOE D j , ∆a j , and ∆d j ) that are injected into the user data of EV j. The malicious data calculated at the upper level are fed into the EV charging optimization problem at the lower level to simultaneously maximize the total electricity cost incurred by the EVCS and minimize the attack effort while maintaining undetectable conditions along with limited attack capability. The first term in the multi-objective function (14) for the proposed attack represents the total electricity charging cost for all EVs, whereas the second term represents the total number of injected malicious data, where b a j is equal to one when the data for EV j are manipulated; otherwise, b a j is equal to zero. In the second term of the multi-objective function, ω denotes a penalty for the attack effort. A smaller ω leads to a larger number of b a j = 1, thereby wasting more attack effort; however, it allows the adversary to further increase the total electricity charging cost.
The magnitudes of the injected malicious SOE data, i.e., ∆SOE I j and ∆SOE D j , are limited by the attack limit factor τ in (15) and (16), respectively. Equation (17) ensures that these malicious data are undetected by both the EV user and EVCS operator; it can be derived from the following VOLUME , 2019 inequality constraints (27), (28): where the manipulated initial and desired SOE data are respectively defined as Equation (27) guarantees that the manipulation of the SOE data is undetected by the EV user. This is because the sum of the attack-related charging energy (SOE D,a j − SOE I,a j ) and the attack-free initial SOE (SOE I j ) is still larger than or equal to the desired SOE level. In addition, the right-hand side of (27) should be limited by SOE max j , as expressed in (28). This inequality constraint makes the EVCS operator believe that the EV charging optimization algorithm is carried out correctly. Finally, the constraints (27) and (28) along with the additional inequality constraint SOE D,a j ≤ SOE max j become equivalent to the constraint (17).
The magnitudes of the injected malicious data, i.e., ∆a j and ∆d j , are limited by the attack limit factor κ in (18) and (19), respectively, when the attack is initiated with b a j = 1. Note that ∆a j and ∆d j should be set as nonnegative (∆a j ≥ 0) and non-positive (∆d j ≤ 0) integers, respectively. This is because, under an attack with ∆a j < 0 or ∆d j > 0, the EV charging optimization problem may calculate the charging schedule earlier than a j or later than d j ; however, the EV actually arrives or departs at a j or d j . As a result, this phenomenon allows the EVCS operator to readily detect such abnormal situations. Equation (20) represents the binary status of an EV that stays at the EVCS (i.e., b s,a j,k = 1) between the manipulated arrival (a j + ∆a j ) and departure (d j +∆d j ) times. In contrast to the fact that b s j,k in (12) without attack is a fixed parameter, b s,a j,k is a variable that changes with ∆a j and ∆d j . Equation (20) can be relaxed using the following linear equality and two linear inequality constraints with a large positive number M s : In (31), b s,a j,k is expressed in terms of two auxiliary binary variables, i.e., b s,a* j,k and b s,a** j,k , and they are limited by the manipulated arrival and departure times, respectively, as described in (32) and (33). Fig. 3 illustrates a conceptual diagram that explains how to derive the upper and lower bounds of two auxiliary binary variables.

2) LOWER LEVEL
The lower level (21)-(26) corresponds to the EV charging optimization problem that is introduced in Section II-B. In the lower-level problem, four constraints of the EV charging optimization problem are modified according to (22)-(25), including four types of malicious data (∆SOE I j , ∆SOE D j , ∆a j , ∆d j ) that are transferred from the upper level.

B. SINGLE-LEVEL OPTIMIZATION MODEL FOR THE PROPOSED EVCS ATTACK
This subsection presents the transformation of the bilevel-MILP-optimization-based attack method, described in the previous subsection, into a single-level optimization problem. A key part of this transformation is that the KKT conditions of the lower-level optimization problem are derived and merged into the upper-level optimization problem as its constraints.
Given the vectors for decision variables x and data d, an optimization problem with linear equality constraints (Ax = d) and linear inequality constraints (Bx ≤ d) is expressed as s.t.
Let us denote the Lagrangian function as L( ). Subsequently, the following KKT conditions are derived: 1) First-order optimality conditions: Detailed expressions for the KKT conditions of the lower level in the proposed bi-level optimization attack problem are presented in the subsequent subsections.
By differentiating the Lagrangian function of the EV charging optimization problem associated with the lower level, the following first-order optimality conditions are obtained:

2) PRIMAL FEASIBILITY CONDITIONS
The primal feasibility conditions include all equality and inequality constraints of the lower-level problem:

3) COMPLEMENTARY SLACKNESS CONDITIONS
The complementary slackness conditions are expressed in the multiplication form of the inequality constraints and their corresponding Lagrangian multipliers.
Finally, using the aforementioned KKT conditions, the proposed bi-level attack optimization problem can be reformulated in terms of the following single-level optimization problem:

IV. NUMERICAL EXAMPLES A. SIMULATION SETUP
We set up a simulation environment in which 40 EVs with different charging information and preferences communicate with the EMS of an EVCS before they arrive at the EVCS. Upon arrival, the EVs charge power via the charging poles of the EVCS according to the charging schedule calculated by the EMS. The arrival/departure times of each EV were randomly distributed based on a discrete uniform distribution during one day. The EVCS was assumed to be equipped with six charging poles, three pairs of which correspond to different maximum charging power capacities as follows: P max i = 50 kW for i = 1, 2 ∈ I (1) (Level 1), P max i = 100 kW for i = 3, 4 ∈ I (2) (Level 2), and P max i = 200 kW for i = 5, 6 ∈ I (3) (Level 3). As illustrated in Fig. 4, under TOU tariff, the EV charging optimization algorithm in the EMS calculates the optimal charging schedules of EVs by minimizing their electricity charging cost. For simplicity, the preferred charging window (T w j = d j − a j ) and maximum/initial/desired SOE (SOE max j /SOE I j /SOE D j ) for each EV j were identically set as T w j = 2.5 h, SOE max j = 72.6 kWh, SOE I j = 0.2 × SOE max j kWh, and SOE D j = 0.9 × SOE max j kWh. In the upper level of the bi-level optimization attack problem, the penalty (ω) for the attack effort, the attack limit factor (τ ) of the SOE, and the attack limit factor (κ) of arrival/departure times were set to 0.1, 0.2, and 3, respectively. In the lower level of the bi-level optimization attack problem, the value of associated with a non-fully charging status of the EV was set to 10 −7 . The values of M s and M c associated with the EV stay and relaxation of the complementary slackness condition were identically set to 10 6 . The simulation was conducted for 24 h with a 15-min scheduling resolution (i.e., ∆t = 15 min) and a predicted horizon h = 16 (i.e., 4 h). The proposed attack strategy was simulated in a computer (AMD Rygen 7 2700X Eight-Core Processor clocking at 3.7 GHz and 32 GB of RAM) using the IBM ILOG CPLEX Optimization Studio 12.8 solver through MATLAB R2018b.

B. ATTACK RESULTS OF ELECTRICITY COST OF EVCS AND CHARGING ENERGY OF EV
In this subsection, we present a quantification of the impact of the proposed EVCS attack on the total electricity cost and the amount of charging energy scheduled by the EMS of the EVCS. Fig. 5 illustrates two cumulative electricity costs incurred by the EVCS without and with attack over the entire charging scheduling period. Note from this figure that the cumulative electricity cost with attack becomes higher than that without attack after the scheduling period 02:30. Eventually, the total electricity costs without and with attack reach 183.98 $ and 196.73 $ at the end of the scheduling period, respectively. Thus, we can conclude that the proposed attack method can successfully increase the electricity cost for the EVCS by stealthily injecting malicious data into the EV user data. Fig. 6 compares the cumulative electricity costs for the EVCS without and with attack in seven different TOU-price time blocks. Each of these time blocks has an identical price, as indicated in Fig. 4. Note from this figure that a significantly increasing electricity cost due to the attack can be identified at two TOU-price time blocks, namely (00 : 00 ∼ 08 : 00)  Charging windows (T w j ) and charging times (T c j ) from EV31 to EV40 around the scheduling period 22:00 without attack. and (16 : 00 ∼ 22 : 00). This result derives from the following two characteristics of the adversary using the proposed attack strategy: (C1) Unbinding SOE constraint attack: The adversary increases the amount of EV charging energy to a level greater than its original initial/desired SOE level, thereby generating the unbinding SOE constraint. Here, the unbinding SOE constraint implies that SOE j,k and SOE j,t+h do not hit their original lower limits (SOE I j and SOE D j ) in the constraints (22) and (23). (C2) Time shiftable attack: The adversary moves the EV charging schedule to a higher TOU-price time block, thereby leading to an increase in the electricity cost incurred by the EVCS. An increasing electricity cost in the time period (00 : 00 ∼ 08 : 00) due to the attack derives from attack (C1), which increases the amount of EV charging energy from 660.66 kWh to 718.74 kWh. In this time period, the TOU price is identical. Thus, attack (C2) has no impact on the electricity cost incurred by the EVCS. By contrast, the time period (16 : 00 ∼ 22 : 00) includes two different TOU prices: 0.12 $/kWh at (16 : 00 ∼ 21 : 00) and 0.05 $/kWh at 22 : 00. As depicted in Fig. 6, an increase in the electricity cost due to the attack is much higher in the time period (16 : 00 ∼ 22 : 00) than in the time period (00 : 00 ∼ 08 : 00). This is because both attacks (C1) and (C2) occur in the time period (16 : 00 ∼ 22 : 00), whereas only attack (C1) occurs in the time period (00 : 00 ∼ 08 : 00). Specifically, such attack consequence in the time period (16 : 00 ∼ 22 : 00) results from the following two attack characteristics: i) for attack (C1), the amount of charging energy increases from 203.28 kWh to 226.70 kWh, and ii) for attack (C2), the charging schedules for three EVs (EV20, EV34, and EV37) are shifted to higher TOU-price time blocks as follows: from  22 : 00 is a boundary between a high TOU price (before 22 : 00) and a low TOU price (after 22 : 00). We first verify from a comparison of Figs. 7 and 8 that T w 34 for EV34 shrinks with the reduced departure time of EV34 owing to the attack. In the shrunken charging window, the charging schedule of EV34 is shifted from a low TOU-price time period to a high one without changing the charging pole and charging duration. By contrast, no manipulation of T w 37 for EV37 is conducted by the adversary as illustrated in Figs. 7 and 8. However, T c 37 for EV37 becomes longer and includes a high TOU-price time period. This phenomenon stems from the fact that T w 40 for EV40 shrinks by the adversary, which requires a faster charging pole to maintain the desired SOE level of EV40. Consequently, Level-1 and Level-3 charging poles allocated for EV40 and EV37 prior to the attack are switched with each other by the adversary to provide EV40 with a satisfactory charging service. Evidently, EV37 spends a longer charging time via the slower Level-1 charging pole.

C. IMPACT OF PARAMETERS IN THE UPPER-LEVEL PROBLEM ON THE EVCS ATTACK
In this subsection, we present an assessment of the attack performance subject to the parameters associated with the attack capability of the adversary in the upper-level problem. Table 1 lists the results of the attack performance with different attack effort penalties (ω) and attack limit factors (τ ) of the initial and desired SOE data in terms of the total electricity cost/charging energy and the number of attacked EVs. As expected, the results in this table indicate that a smaller ω leads to a larger total electricity cost and charging VOLUME , 2019 energy at the expense of the attack effort with an increasing number of attacked EVs. Another observation is that for an attack with ω = 0.3, the adversary manipulates data of 28 EVs out of 40 EVs, whereas no attack occurs on 12 EVs (EVs1∼12). The reason for this fact can be explained as follows. In the simulation setup, the charging windows of EVs1∼10 belonged to the cheapest TOU-price time block, i.e., (00 : 00 ∼ 08 : 00), prior to the attack. Because their charging windows only shrink within the cheapest price time block due to the attack, no time-shiftable attack (C2), described in Section IV-B, was initiated to increase the total electricity cost for the EVCS. In addition, the charging windows of EV11 and EV12 prior to the attack were identically set to (05 : 45 ∼ 08 : 15), which includes two different TOU prices. Even if the adversary obtains a room (i.e., time interval with higher TOU price) to initiate a time-shiftable attack, the attack room (08 : 00 ∼ 08 : 15) for EV11 and EV12 will be smaller than that for the other EVs (e.g., (20 : 00 ∼ 21 : 45) for EV34 and EV37). Furthermore, given that most of the charging windows for EVs1∼12 correspond to the cheapest TOU-price time block, the impact of the unbinding SOE constraint attack (C1) defined in Section IV-B is not very significant.
Note also from Table 1 that a larger τ results in a larger total electricity cost and charging energy along with an increasing number of attacked EVs. This observation is natural because more manipulation of the initial/desired SOE data owing to larger τ leads to more charging of EVs, thereby increasing the total electricity cost for the EVCS. In addition, Table 1 indicates that the number of attacked EVs with τ = 0.1 is smaller than that with τ = 0.2 and τ = 0.3. Our simulation results demonstrate that the adversary with τ = 0.1 performs no attack on EVs1∼12, which is consistent with the result when ω = 0.3. This observation implies that the adversary with insufficiently manipulated SOE data fails to completely conduct the unbinding SOE constraint attack (C1) and time-shiftable attack (C2).

D. IMPACT OF PARAMETERS IN THE LOWER-LEVEL PROBLEM ON THE EVCS ATTACK
In this subsection, we present an investigation of the attack performance subject to the parameters in the EV charging optimization problem associated with the lower-level problem. Fig. 9 illustrates the results of the total electricity cost and charging energy under different initial and desired SOE conditions without and with attack. In this figure, the x-axis corresponds to five pairs of (a D , a I ) that represent multiplicative coefficients for the calculation of the desired and initial SOEs, respectively. Using these multiplicative coefficients,   First, note from Fig. 9 that the total electricity cost and charging energy increase significantly because of the attack for the five different pairs of initial and desired SOEs. Note also that as the gap between SOE D j and SOE I j increases, the total electricity cost and charging energy for both scenarios without and with attack increase; the three groups can be ranked in the decreasing order of total electricity cost and charging energy as follows: Group III > Group II > Group I. Additionally, for Groups I and III without attack, no change in the total electricity cost and charging energy occurs even if the values of a I and a D vary. This is because the gap between SOE D j and SOE I j for each Group I and III is identical. However, as illustrated in the attack results for Groups I and III in Fig. 9, a change in the total electricity cost and charging energy takes place due to the attack even if the identical gap between SOE D j and SOE I j is maintained with varying a I and a D . Table 2 presents the gap between the total electricity cost for with and without attack scenarios along with the average computation time of the proposed bilevel attack optimization method in terms of prediction horizon h for the EV charging optimization problem. Note from this table that the electricity cost gap due to the attack increases with increasing h. This is because the adversary can obtain more attack room to manipulate the EV user data in a longer prediction horizon. In addition, as expected, Table 2 indicates that the average computation time for the proposed bilevel attack optimization problem during the entire scheduling periods increases as the value of h increases. From the perspective of computational complexity, the proposed attack method is feasible because its computation time presents a scheduling resolution of below 15 min for the EV charging optimization problem.
Lastly, our proposed bi-level attack optimization problem is limited to provide suboptimal solutions due to the following two aspects i) the utilization of the KKT conditions of the relaxed MILP problem at the lower level and ii) non-optimal selection of the value of M in the big-M method as reported in [23], [24]. An important extension of our work here would be to develop a more optimal attack strategy that addresses the aforementioned limitations, and it is referred to as a future work.
The main observations from the simulation analysis can be summarized as follows: • The proposed attack successfully increases the total electricity cost for the EVCS while stealthily bypassing the EVCS operator and EV users under undetectable conditions of SOE data manipulation. • An increase in the total electricity cost for the EVCS due to the proposed attack derives from two types of attack characteristics: i) unbinding SOE constraint attack and ii) time-shiftable attack. • An unbinding SOE constraint attack increases the amount of EV charging energy, whereas a time-shiftable attack shifts the EV charging time period to a higher TOU-price time period; therefore, both attacks increase the total electricity cost incurred by the EVCS. • The increase in the attack effort and attack limit factor results in less and more electricity cost suffered by the EVCS, respectively. • The proposed attack leads to higher electricity costs for the EVCS as the gap between the desired SOE and initial SOE becomes larger prior to the attack . • The EV charging optimization problem with a larger value of the prediction horizon is more susceptible to the proposed attack and requires more computation time to solve the proposed bilevel attack optimization problem.

V. CONCLUSIONS
In this study, we considered a situation in which EVCS purchases power from the distribution grid under the TOU pricing tariff sent by DSO and supplies it to EVs connected to the EVCS. In this situation, we proposed a cyber attack on EVCS, which increases the total electricity cost incurred by the EVCS by causing a malfunction in the EV charging optimization algorithm through the manipulation of EV user data (arrival/departure times and initial/desired SOE of EVs at the EVCS) transmitted from the EVs to the EVCS. We formulated such a cyber attack in terms of a bi-level optimization problem comprising upper-and lower-level problems. In the upper-level problem, malicious data injected into the EV user data are calculated to simultaneously maximize the total electricity cost for the EVCS and minimize the attack effort.
In the lower-level problem, the EV charging optimization algorithm yields the distorted charging schedules of EVs using manipulated EV user data delivered from the upper level. Subsequently, we transformed the bi-level attack optimization problem into a single-level optimization problem by replacing the lower-level problem with its KKT conditions. Simulation results indicate the feasibility and detrimental impact of the proposed attack strategy on the EVCS operation in terms of the total electricity cost of EVCS, the charging schedule and initial/desired SOE of EVs, attack effort, and computation time of the proposed attack strategy.
In the future, we plan to present a new cyber attack on multiple EVCSs located in a realistic power distribution system. Vulnerability assessment of both EVCS and power distribution system operations for such a cyber attack will be conducted in terms of the real and reactive charging powers of EVs as well as the nodal voltage magnitude along the distribution feeder.