The rapid adoption of Electric Vehicle Charging Networks (EVCNs) in smart city and IoT ecosystems has introduced new cyber-physical attack surfaces at the edge or physical layer, where charging sessions and control signals flow between electric vehicles (EVs) and charging stations. In these distributed environments, ensuring the authenticity and integrity of charging signals is critical for safety, billing, and grid stability. A pressing challenge for EVCNs is their susceptibility to Man-in-the-Middle (MitM) and relay attacks that intercept, delay, or modify charging signals to spoof vehicle responses or manipulate energy flows. Conventional digital defences-cryptographic protocols and signature-based detectors-often miss timing- and energy-based manipulations that emulate valid traffic patterns. This paper addresses that gap by proposing a hybrid cyber-physical detection framework that integrates Energy-Timing Watermarking (ETW) with a privacy-preserving federated learning engine (FedFox). ETW embeds subtle, verifiable perturbations into the charging energy/timing profile, creating a physical watermark that a legitimate EV response must reproduce a relay/MitM adversary cannot reliably mimic this physical fingerprint. FedFox enables collaborative, decentralized model training across charging stations without sharing raw telemetry, improving detection robustness while preserving user privacy. We evaluate the approach on a proxy IoT intrusion dataset adapted for MitM scenarios and simulate federated rounds with ETW client validation. The proposed ETW-FedFox framework is designed specifically to target relay and MitM attacks, and, when evaluated on the IoTID20 proxy dataset with synthetic ETW-like features, achieves approximately 99.7% accuracy and 99.85% F1-score with low false-positive rates. These results demonstrate that, under the assumed synthetic feature model, combining lightweight physical-layer-inspired Watermarking with Federated learning can effectively separate benign and malicious traffic. This paper introduces the ETW-FedFox architecture and proves its ability to detect anomalies based on the IoTID20 proxy dataset, which simulates EVCS-like IoT traffic. While the ETW design is physical-layer-oriented, the current evaluation does not yet include a physically connected EV battery/BMS; real EVCS experiments are left as important future work.
Biswas et al. (Fri,) studied this question.