Logo PTB

Metrological ICT-Systems

Working Group 8.52

Profile

With foresighted research and development activities in the field of security architectures and security concepts for measuring instruments subject to legal metrology and cash gaming machines the working group supports and counsels the other working groups with legal tasks.

Topics for research and development are identified according to their economic relevance. A special focus lies on security solutions for fundamental technologies which are enabler for entire technology fields.

Within the framework of technology transfer small and medium sized enterprises (SMEs) benefit from the developed reference architectures.

To top

Research/Development

Reference Architecture for Secure Cloud Computing in Legal Metrology

The reference architecture serves as a framework to guarantee the secure execution of all legal metrology related functions within the cloud. The secure implementation will be guaranteed for all economic operators, i.e. the notified body, the manufacturer, the user and the market surveillance, and thus the trust will be enhanced in a cloud based measuring instrument solutions. The trust in the correct measurement and the correct billing leads further to a broad acceptance of new technologies  for the end-user, who is the reason to be protected by legal metrology in the first place.

 

Cloud solutions are more flexible, scalable and cost-efficient in contrast to traditional classical IT infrastructure. Cost-effectiveness is realized by a higher utilization of the server hardware through virtualization. This leads to less idle hardware and more productive use of existing infrastructure. Further is centralized hardware in data centers more cost-effective in terms of competent IT support and  has only to be paid by used computing time and resources. Thus companies become more flexible and can free financial resources. Furthermore the need to find adequate IT personnel which is able to secure IT infrastructure against current threats can encountered by subcontracting cloud service providers.

 

 

Abbildung 1: Schema der Referenzarchitektur für das sichere und vertrauenswürdige Cloud Computing.

 

 

System architectures will be built in cooperation with the Technische Universität Berlin (TU-Berlin), that profit from a modular design and conform to the requirements of the Measurement Instrument Directive (MID) of the European Union as well as the WELMEC 7.2 Software Guide. Moreover will be a trust chain implemented between the different modules by utilizing a Trusted Execution Environment (TEE) that can guarantee a secure system state. The research in fully homomorphic encryption (FHE) will increase the security of virtual machines (VM) among them and provide protection against unauthorized access and malicious administrators. FHE provides the possibility to compute encrypted data without the need to decrypt it first. The cloud reference architecture builds upon the research and experience of microkernel architecture for measuring instruments, which has been built at the department 8.5 (Peters, 2015). By implementing this technology the measuring instrument is already separated into modules on the lowest level and thus securely processes the measuring data for encryption and transport. The measuring data will be secured by TLS sent to the cloud and received by a dedicated VM and then processed further by different VMs, these are in particular the legally relevant (L) services, the Key & Signature Management (K), Storage Management (S), Download Management (D) and non-legally relevant (N) services.

 

References

Peters, Daniel and Peter, Michael and Seifert, Jean-Pierre and Thiel, Florian. 2015. A Secure System Architecture for Measuring Instruments in Legal Metrology. Computers. 2015, S. 61-86.

 

Contact

 

 

   Alexander Oppermann

   Department 8.5 Metrological Information Technology

   Phone: +49 (0)30 3481-7483

   E-Mail: alexander.oppermann@ptb.de

 

Scientific Publications

A. Oppermann, F. Grasso Toro, F. Thiel, J.-P. Seifert, Secure Cloud Computing: Continuous Anomaly Detection Approach in Legal Metrology. 2018 IEEE International Instrumentation and Measurement Technology Conference (I2MTC 2018), May 14-17, 2018 ISBN:978-1-5386-2222-3/18

A. Oppermann, F. Grasso Toro, F. Thiel, J.-P. Seifert, Secure Cloud Computing: Reference Architecture for Measuring Instrument under Legal Control. Journal Security and Privacy 2018;e18. DOI: 10.1002/spy2.18

Oppermann, A., Toro, F., Thiel, F. and Seifert, J-P., Anomaly Detection Approaches for Secure Cloud Reference Architectures in Legal Metrology. In Proceedings of the 8th International Conference on Cloud Computing and Services Science (CLOSER 2018), pages 549-556 ISBN: 978-989-758-295-0

A.Oppermann, F. Grasso Toro, A. Yurchenko, J.-P.Seifert, Secure Cloud Computing: Communication Protocol for Multithreaded Fully Homomorphic Encryption for Remote Data Processing in IEEE International Symposium on Parallel and Distributed Processing with Applications (IEEE ISPA 2017) (pp. 503-510), DOI: 10.1109/ISPA/IUCC.2017.00084

A. Oppermann, A. Yurchenko, M .Esche, J.-P. Seifert, Secure Cloud Computing: Multithreaded Fully Homomorphic Encryption for Legal Metrology, in International Conference on Intelligent, Secure, and Dependable Systems in Distributed and Cloud Environments (ISDDC 2017) 2017 Oct 25 (pp. 35-54), DOI: https://doi.org/10.1007/978-3-319-69155-8_3, (Best Paper Award)

Oppermann, Alexander and Seifert, Jean-Pierre and Thiel, Florian. 2016.  Secure Cloud Reference Architectures for Measuring Instruments under Legal Control, accepted for Closer 2016, 6th  International Conference on Cloud Computing and Services Science, 23.-25. April, (2016)

Oppermann, Alexander and Seifert, Jean-Pierre and Thiel, Florian. 2016. Distributed Metrological Sensors managed by a secure Cloud-Infrastructure, accepted for 18. GMA/ITG Fachtagung, Sensoren und Messsysteme 2016, Nürnberg, 10.-11. Mai, (2016)

Security and Standardisation in Smart Grid


In order to provide effective operations for smart grids, a large amount of transmissions such as measurement data and, as well as control information are required. In doing so, the secure data transmission, i.e. confidentiality, integrity, authenticity as well as non-repudiation of the data must be guaranteed. At the same time, the security procedures should be as seamless as possible integrated into existing systems and processes. With in the scope of the “European Metrology Research Programme” (EMRP) in a research project “ENG63 GridSens sensor network metrology for the determination of electrical grid characteristics” these issues are addressed in a specific work package “Security and standardization”.

In addition to the system security the work package is also devoted to address the matter of changing dynamic behaviour of the over all system be given by additional security components. The focal points of the work package include:

  • Reviewing existing security solutions
  • Development of a generic data model
  • Investigation of dynamic behaviours of the security solutions
  • To prepare concrete proposals for the area of state estimation in smart grid

 

The research project is conducted in close collaboration with the Institute of Electrical Power Engineering and Energy Systems of the Technical University of Clausthal. This affords an opportunity to develop and assemble a secure distributed measurement system in an existing low voltage microgrid,  as well as to test this system in different topologies of the microgrid.

In particular a universal sensor was developed. The sensor, which is based on commercially available sensors for measuring electrical parameters in low voltage network, is extended with functions for cryptographic protection of data. In addition, different interfaces are available for communication in different networks.

With this sensor the impacts caused by different data transfer protocols, security architectures and data models in the smart grid on the reaction and response time can be examined.

 

Figure 1: Structure of the Measuring Sensor

Publications

G. Rietveld and N. Zisky et al., Measurement Infrastructure to Support the Reliable Operation of Smart Electrical Grids, IEEE Transaction on Instrumentation and measurement, Vol. 64, No. 6, 1355 - 1363, June 2015, DOI: 10.1109/TIM.2015.2406056 

G. Rietveld and N. Zisky et al., Smart Grid Metrology to Support Reliable Electricity Supply,  Conference on Precision Electromagnetic Measurements,  Rio de Janeiro, Brazil,  pp. 680-681, (2014), ISBN 978-1-4799-5205-2, DOI: 10.1109/CPEM.2014.6898568

Y. Su, J. Neumann, Konzept zur Untersuchung des dynamischen Verhaltens von Messsensoren in Energienetzen mit hohen Anforderungen an die Systemsicherheit,
PTB-Mitteilungen 125 (2015), Heft 3, S. 48-52, doi: 10.7795/310.20150399, ISSN 0030-834X

Sicherheitsanker für Messgeräte

 

Smartcards haben sich als eine günstige hardwareorientierte Möglichkeit erwiesen, um in bereits existierenden Lösungen Sicherheitsfunktionen als Modul nachzurüsten und in neuen Entwicklungen sicherheitsrelevante Funktionalitäten in diesen zu kapseln.

Mit der zunehmenden Vernetzung von Messgeräten steigen die Anforderungen an die Sicherheit der Datenübertragung und an den Schutz der Messdaten gegen unbeabsichtigte Veränderung oder gezielte Manipulation. Mit dem Einsatz von geeigneten Sicherheitsmodulen, die insbesondere moderner kryptografische Methoden einsetzen, können diese Ziele erreicht werden. Das Implementieren kryptografischer Algorithmen erfordert entsprechendes Spezialwissen und setzt eine geeignete Hardware voraus, welche das Gerät gegen gängige Bedrohungen wie Seitenkanalattacken oder nichtsanktioniertes Auslesen von Speicherbereichen schützt.

Die PTB hat gemeinsam mit Industriepartnern modulare Konzepte entwickelt und umgesetzt, die es erlauben Messgeräte sicher und kostengünstig zu entwickeln. Dabei erfolgte eine Trennung zwischen dem Messgerät und einem Sicherheitsmodul,. Dafür bieten sich Smartcards an, die entsprechend evaluiert sind und in hoher Stückzahl langfristig zur Verfügung stehen. Diese können auf verschiedene Art und Weise in modernen Messgeräten eingesetzt werden.

So eignen sich Smartcards als reine Signatur- und Verifikationseinheit mit mehreren Schlüsselpaaren zur Umsetzung einer End-zu-Ende Sicherung (Direct Trust) z.B. in Verbrauchsmessgeräten wie Elektrizitäts- und Gaszähler [1], oder zum Schutz von Registrierkassen und Taxametern zum Schutz vor Manipulationen [2, 3]. In letzteren wurde es durch Bereitstellen eines zusätzlichen Programmpaketes ermöglicht, zusätzlich zum Signieren von Messdaten, auch schützenswerte Parameter, wie z.B. Sequenzzähler, direkt in der Smartcard zu aktualisieren und aufzubewahren.
Moderne Smartcards, wie die in einem Projekt zum Schaffen einer Ladeinfrastruktur für Elektromobile (OBM-On Board Metering) [4] getesteten JCOP Smartcard erlauben es auch komplexere Anwendungen direkt in die Smartcard zu verlagern. Das Projekt OBM beschäftigte sich insbesondere mit der sicheren Rechteverwaltung für den Betrieb und die Parametrierung der eingesetzten Messgeräte. Für den Einsatz im Fahrzeugbereich war von Vorteil, dass Smartcards in verschiedenen Bauformen zu Verfügung stehen und so auch fest in Messgeräten verbaut werden können.

Abbildung 1 WLAN-Kommunikationsmodul mit erweiterten Sicherheitsfunktionen auf Basis einer Smartcard

 

 

Veröffentlichungen

[1] Lo Iacono, L.; Ruland, C.; Zisky, N.,
Secure transfer of measurement data in open systems,
Computer standards and interfaces, 28, 311-326, doi: 10.1016/j.csi.2005.07.010, (2006)

[2] Zisky, N.; Wolff, J.; Neuhaus, M. ,
INSIKA - A new approach against tax frauds at electronic cash registers,
Web proceedings of the e-Smart 2009 conference (2009)

[3] Wolff, J.; Zisky, N.; Neuhaus, M.,
Proposal for an IT security standard for preventing tax fraud in cash registers,
ISSE 2009 Information Security Solutions Europe Conference 2009, Den Haag, 2009

[4] http://projekt-obm.net

Technologietransfer

Sicherheit für netzangebundene regulierte Messgeräte (Link folgt)

 

 

To top

Services

The working group provides technical counseling for manufacturer, national metrology institutes, market surveillance authorities and all PTB’s departments specialized on the testing of the physical properties of the measuring instruments. With this services the working group helps closing technology gaps and to support innovations.

To top

Information

  1. A. Oppermann, F. Grasso Toro, F. Thiel, J.-P. Seifert, Secure Cloud Computing: Continuous Anomaly Detection Approach in Legal Metrology. 2018 IEEE International Instrumentation and Measurement Technology Conference (I2MTC 2018), May 14-17, 2018 ISBN:978-1-5386-2222-3/18
  2. A. Oppermann, F. Grasso Toro, F. Thiel, J.-P. Seifert, Secure Cloud Computing: Reference Architecture for Measuring Instrument under Legal Control. Journal Security and Privacy 2018;e18. DOI: 10.1002/spy2.18
  3. Oppermann, A., Toro, F., Thiel, F. and Seifert, J-P., Anomaly Detection Approaches for Secure Cloud Reference Architectures in Legal Metrology. In Proceedings of the 8th International Conference on Cloud Computing and Services Science (CLOSER 2018), pages 549-556 ISBN: 978-989-758-295-0
  4. A.Oppermann, F. Grasso Toro, A. Yurchenko, J.-P.Seifert, Secure Cloud Computing: Communication Protocol for Multithreaded Fully Homomorphic Encryption for Remote Data Processing in IEEE International Symposium on Parallel and Distributed Processing with Applications (IEEE ISPA 2017) (pp. 503-510), DOI: 10.1109/ISPA/IUCC.2017.00084
  5. A. Oppermann, A. Yurchenko, M .Esche, J.-P. Seifert, Secure Cloud Computing: Multithreaded Fully Homomorphic Encryption for Legal Metrology, in International Conference on Intelligent, Secure, and Dependable Systems in Distributed and Cloud Environments (ISDDC 2017) 2017 Oct 25 (pp. 35-54), DOI: https://doi.org/10.1007/978-3-319-69155-8_3, (Best Paper Award)
  6. A.Oppermann, J.-P.Seifert, F.Thiel, Secure Cloud Reference Architectures for Measuring Instruments under Legal Control, in Proceedings of the 6th International Conference on Cloud Computing and Services Science (CLOSER 2016) - Volume 1, pages 289-294, 23.-25. April, (2016), ISBN: 978-989-758-182-3
  7. A.Oppermann, J.-P. Seifert, F.Thiel, Distributed Metrological Sensors managed by a secure Cloud-Infrastructure, 18. GMA/ITG Fachtagung, Sensoren und Messsysteme 2016, Nürnberg, 10.-11. Mai, (2016), ISBN: 978-3-9816876-0-6, DOI: 10.5162/sensoren2016/P7.5
  8. Y. Su, J. Neumann, Konzept zur Untersuchung des dynamischen Verhaltens von Messsensoren in Energienetzen mit hohen Anforderungen an die Systemsicherheit, PTB-Mitteilungen 125 (2015), Heft 3, S. 48-52, doi: 10.7795/310.20150399, ISSN 0030-834X
  9. F.Thiel, M.Esche, D.Peters, U.Grottker, Cloud Computing in Legal Metrology, 17th International Congress of Metrology, 16001 (2016), DOI: 10.1051/metrology/201516001, EDPScience (2015)

To top