Logo PTB

Metrological ICT-Stystems

Working Group 8.52

Reference Architecture for Secure Cloud Computing in Legal Metrology

 

The reference architecture serves as a framework to guarantee the secure execution of all legal metrology related functions within the cloud. The secure implementation will be guaranteed for all economic operators, i.e. the notified body, the manufacturer, the user and the market surveillance, and thus the trust will be enhanced in a cloud based measuring instrument solutions. The trust in the correct measurement and the correct billing leads further to a broad acceptance of new technologies  for the end-user, who is the reason to be protected by legal metrology in the first place.

Cloud solutions are more flexible, scalable and cost-efficient in contrast to traditional classical IT infrastructure. Cost-effectiveness is realized by a higher utilization of the server hardware through virtualization. This leads to less idle hardware and more productive use of existing infrastructure. Further is centralized hardware in data centers more cost-effective in terms of competent IT support and  has only to be paid by used computing time and resources. Thus companies become more flexible and can free financial resources. Furthermore the need to find adequate IT personnel which is able to secure IT infrastructure against current threats can encountered by subcontracting cloud service providers.

 

 

Figure 1: Schema of the reference architecture for secure and trustworthy cloud computing.

 

System architectures will be built in cooperation with the Technische Universität Berlin (TU-Berlin), that profit from a modular design and conform to the requirements of the Measurement Instrument Directive (MID) of the European Union as well as the WELMEC 7.2 Software Guide. Moreover will be a trust chain implemented between the different modules by utilizing a Trusted Execution Environment (TEE) that can guarantee a secure system state. The research in fully homomorphic encryption (FHE) will increase the security of virtual machines (VM) among them and provide protection against unauthorized access and malicious administrators. FHE provides the possibility to compute encrypted data without the need to decrypt it first. The cloud reference architecture builds upon the research and experience of microkernel architecture for measuring instruments, which has been built at the department 8.5 (Peters, 2015). By implementing this technology the measuring instrument is already separated into modules on the lowest level and thus securely processes the measuring data for encryption and transport. The measuring data will be secured by TLS sent to the cloud and received by a dedicated VM and then processed further by different VMs, these are in particular the legally relevant (L) services, the Key & Signature Management (K), Storage Management (S), Download Management (D) and non-legally relevant (N) services.

 

References

Peters, Daniel and Peter, Michael and Seifert, Jean-Pierre and Thiel, Florian. 2015. A Secure System Architecture for Measuring Instruments in Legal Metrology. Computers. 2015, S. 61-86.

 

Contact

 

 

   Alexander Oppermann

   Department 8.5 Metrological Information Technology

   Phone: +49 (0)30 3481-7483

   E-Mail: alexander.oppermann@ptb.de

 

Publications

 

A. Oppermann, F. Grasso Toro, F. Thiel, J.-P. Seifert, Secure Cloud Computing: Continuous Anomaly Detection Approach in Legal Metrology. 2018 IEEE International Instrumentation and Measurement Technology Conference (I2MTC 2018), May 14-17, 2018 ISBN:978-1-5386-2222-3/18

A. Oppermann, F. Grasso Toro, F. Thiel, J.-P. Seifert, Secure Cloud Computing: Reference Architecture for Measuring Instrument under Legal Control. Journal Security and Privacy 2018;e18. DOI: 10.1002/spy2.18

Oppermann, A., Toro, F., Thiel, F. and Seifert, J-P., Anomaly Detection Approaches for Secure Cloud Reference Architectures in Legal Metrology. In Proceedings of the 8th International Conference on Cloud Computing and Services Science (CLOSER 2018), pages 549-556 ISBN: 978-989-758-295-0

A.Oppermann, F. Grasso Toro, A. Yurchenko, J.-P.Seifert, Secure Cloud Computing: Communication Protocol for Multithreaded Fully Homomorphic Encryption for Remote Data Processing in IEEE International Symposium on Parallel and Distributed Processing with Applications (IEEE ISPA 2017) (pp. 503-510), DOI: 10.1109/ISPA/IUCC.2017.00084

A. Oppermann, A. Yurchenko, M .Esche, J.-P. Seifert, Secure Cloud Computing: Multithreaded Fully Homomorphic Encryption for Legal Metrology, in International Conference on Intelligent, Secure, and Dependable Systems in Distributed and Cloud Environments (ISDDC 2017) 2017 Oct 25 (pp. 35-54), DOI: https://doi.org/10.1007/978-3-319-69155-8_3, (Best Paper Award)

Oppermann, Alexander and Seifert, Jean-Pierre and Thiel, Florian. 2016.  Secure Cloud Reference Architectures for Measuring Instruments under Legal Control, accepted for Closer 2016, 6th  International Conference on Cloud Computing and Services Science, 23.-25. April, (2016)

Oppermann, Alexander and Seifert, Jean-Pierre and Thiel, Florian. 2016. Distributed Metrological Sensors managed by a secure Cloud-Infrastructure, accepted for 18. GMA/ITG Fachtagung, Sensoren und Messsysteme 2016, Nürnberg, 10.-11. Mai, (2016)