Automotive Security Architectures for Plug & Charge with a Central Trusted Platform Module

The rapid adoption of Electric Vehicles (EVs) and their integration into ecosystems with uncertain security underscores the need for robust cybersecurity such as zero-trust architectures. Plug and Charge (PnC), defined in ISO 15118-20, is vulnerable without hardware-based protection. This risk increases in zonal vehicle architectures, where multiple Electronic Control Units (ECUs) share resources, making centralized security critical. We propose a centralized Trusted Platform Module (TPM) 2.0 as a hardware trust anchor for PnC. Unlike local solutions, our architecture consolidates cryptographic operations within a single TPM 2.0 on a High Performance Controller (HPC), enabling secure key generation, storage, and usage for multiple ECUs. The methodology integrates one TPM 2.0 into the EcoG-io/ISO15118 framework and emulates Electric Vehicle Communication Controller (EVCC) and Supply Equipment Communication Controller (SECC) using Raspberry Pi devices. By generating and managing keys inside the TPM, the approach eliminates private key exposure and ensures ISO 15118-20 compliance. The solution offers enhanced security through a single hardware root of trust and simplified scalability for zonal architectures. Compared to local TPMs, one centralized TPM 2.0 lowers hardware costs, streamlines maintenance, and enables resource sharing.