Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Metrology CloudReference Architectures – Working Package 2
Alexander Oppermann,
WG 8.52 Metrological ICT-Systems,
PTB - Berlin
Outline
• Introduction
• General Objectives
• Working Package Responsibilities
• Working Package Timeline
• Reference Architecture 1: IoT / embedded devices
• Method description
• Challenges
• Reference Architecture 2: Cloud Computing
• Method description
• Challenges
22018-06-12
RA
2Alexander Oppermann Reference Architectures
WP 2: Reference Architectures
3
� Responsibility: PTB Oppermann
� Industry Partners: Bizerba, Diehl Metering, Itron, Sartorius, ESPERA,
Gilbarco Veeder-Root,
� NMI-Partners: RISE, CMI, CEM, METAS,
� Interaction with WPs: WP 1 / 3
� Expected General Outcome:
� Instrument specific adaptation as a prototype for different
measurement instruments according to the needs of the industry
partners.
� Integration in existing Infrastructures
� Realization and a document describing the Elements of the General
Reference Architecture and fulfillment of the WELMEC 7.2 Guide’s
requirements.
RA
Alexander Oppermann Reference Architectures
4
RA
Alexander Oppermann Reference Architectures
Initiate the Digital Transformation
in Legal Metrology
• Develop a metrological reference architecture
• Derive an blueprint for such a reference architecture
• Develop general, harmonized prototype
• Derive individual prototype
General Objectives
Work Packages: Responsibility
5
WP1: Trustworthy Metrological Core Platform (Nordholz / Neumann)
WP2: Reference Architecture (Oppermann)
WP3: Technology based Metrological Support Services (Peters)
WP4: Data based Metrological Support Services (Esche)
Task 1.1: Single Point of Contact (Digital Representation) (Dohlus, Yurchenko, Nischwitz, n.n.)
Task 1.2: Join Infrastructures and Databases (Dohlus, Yurchenko, Neumann, n.n.)
Task 1.3: Metrological Administration, Trust and Security (Wetzlich, Nischwitz, Neumann, n.n.)
Task 2.1: Reference Architectures for IoT Devices (Peters, Nordholz)
Task 2.2: Reference Architectures for distributed Instruments (Oppermann, Nordholz)
Task 3.1: Supporting Repair and subsequent Verification (Peters, Nordholz, Neumann)
Task 3.2: Supporting Software Maintenance / Smart Contracts (Peters, Dohlus, Nordholz)
Task 3.3: Digital Verification Marking (Dohlus, Nischwitz, Neumann, n.n.) / Digital Calibration Certificate?
WP5: Coordination (Thiel)
WP6: Impact (All)
RA
Alexander Oppermann Reference Architectures
Time Line Overview
6
June 2018 36 Monate
Metrologische Dienstleistungen
Prototyps / Connection to Platform
WP2: Reference Architecture (Oppermann)
Task 2.1: Reference Architectures for IoT Devices
Prototyps / Connection to Platform Task 2.2: Reference Architectures for distributed Instruments
RA
Activity 1: Trustworthy Core Platform
Activity 2: Trust & Security Functionality
Activity 4: Risk Analysis
Activity 3: Verification Services
Activity 1: Planning & Observation
Activity 2: Implementation
Activity 2: Implementation
Activity 4: Risk Analysis
Activity 3: Verification Services
Alexander Oppermann Reference Architectures
WP2: General Reference Architectures
7
Instrument Specific
Requirements
Essential Legal
Requirements
Verification
Method
Risk Analysis
„Contemporary“
Threats
Usability
Highest Risk Class
• 14 classes of
EU regulated
instruments
• Several classes of
national regulated
instrumentsTo be
tailored to
General Reference
Architecture
Individual
Risk Class
Technology
Relevant
for LM?
Risk Class: A- F
(EAL)
Connective Element
RA
Focus on IoT-Devices
and distributed Systems
Alexander Oppermann Reference Architectures
Main Goal: Individual Prototype
8
Instrument Specific
Reference
Architecture
Provide Architectures for new Technologies to
support Conformity Assessment and Verification
Manufacturer’s
Associations / User
Individual
Realisation
Individual
Manufacturers
RA
General
Reference
Architecture
New
Technology
relevant for LM
Prototype
Alexander Oppermann Reference Architectures
“Security by Design”:
• Strong separation via µ-Kernel,
• Maximal individualisation
• Long term security
Publication:1. D. Peters, M. Peter , J.-P. Seifert, F. Thiel: A Secure System Architecture for Measuring Instruments in Legal Metrology. Computers -
Open Access Journal 4(2), 61-86, 2015
2. D. Peters, F. Thiel, J.-P. Seifert et. al. : Software Security Frameworks and Rules for Measuring Instruments under Legal Control, SPI,
Baveno, Italy, May 7-10, (2017)
3. J. Fischer, D. Peters, A Practical Succinct Data Structure for Tree-Like Graphs, WALCOM: Algorithms and Computation, LNCS, Springer
International Publishing, ISBN: 978-3-319-15611-8
RA 1 - IoT, Embedded Devices
10
Cooperation: TU Berlin
RA
Alexander Oppermann Reference Architectures
RA 1 - Virtualization
� Attacks can be contained via virtualization
within a VM
� GPOS is isolated and communicate through the
microkernel –> well defined interfaces
� Via this isolation attacks are very difficult to
carry out.
RA
11Alexander Oppermann Reference Architectures
RA 1 - Challenges
� Separation of legally relevant software from non-legal relevant software
� Update routine for non-legal relevant software without recertification
� Remote maintenance via software inspector
RA
12Alexander Oppermann Reference Architectures
• Transition to distributed and virtualised components
• Supply of data based services
Server - HardwareP
roce
ssin
g
Sto
rag
e
Se
rvic
es
Hypervisor
VM1 VM2 VMn
Sensor1
Sensorn
Com-
unit
Com-
unit
...
...
Display1
Displayn
...
[kg], [A], [m3], [kWh]
Encryption of
measurement data
Processing of encrypted measurement data
Saving of encrypted measurement data
Decryption of
measurement data
RA
13Alexander Oppermann Reference Architectures
RA 2: Cloud Computing
RA 2: Cloud ComputingCooperation: TU Berlin
Offers a secure and trustful data processing environment within the Cloud via “Fully Homomorphic
Encryption”.
Publication:1. A. Oppermann, F. Grasso Toro, F. Thiel, J.-P. Seifert, Secure Cloud Computing: Reference Architecture for Measuring Instrument
under Legal Control. Journal Security and Privacy 2018;e18. DOI: 10.1002/spy2.18
2. A. Oppermann, A. Yurchenko, M .Esche, J.-P. Seifert, Secure Cloud Computing: Multithreaded Fully Homomorphic Encryption for
Legal Metrology, in (ISDDC 2017) 2017 Oct 25 (pp. 35-54), DOI: https://doi.org/10.1007/978-3-319-69155-8_3,
3. A.Oppermann, J.-P.Seifert, F. Thiel, Secure Cloud Reference Architectures for Measuring Instruments under Legal Control, 6th
International Conference on Cloud Computing and Services Science, 23.-25. April, (2016)
15
Infrastructure: Platform:
RA
Alexander Oppermann Reference Architectures
RA 2 – Virtualization / Microservices
� Separation via subnetworks (LM – Network, Ingress & Egress Network) on
IaaS level
� Each metrological core functionality has its own VM
� Further separation via Microservices (MS) which allows a high scalability and
flexibility on Paas level
� MS: Reduction of SLOC to minimize attack potential of faulty
implementation.
RA
16Alexander Oppermann Reference Architectures
RA 2 – Challenges
� On Premise vs Off Premise Solution
� Unknown role of Cloud Service Provider / administrator role
� Continuous anomaly detection for legal relevant software processes
RA
17Alexander Oppermann Reference Architectures
Physikalisch-Technische Bundesanstalt
Braunschweig und Berlin
Abbestr. 2-12
10587 Berlin
Alexander Oppermann
Telephone: +49 30 3481-7483
E-Mail: [email protected]
Thank You for your Attention
Questions?
RA
General Concerns about Cloud Computing?
Is Cloud Computing disrupted by bad weather?
1Citrix Cloud Confusion Survey - http://s3.amazonaws.com/legacy.icmp/additional/citrix-cloud-survey-guide.pdf
In 2012, a survey states1 that 51% Americans out 1000 think: Y E S .
Availability of Cloud Computing Services?
Strong correlation between availability and power outages: 99,9974% or 13,43 minutes1
2https://cloudharmony.com/status-in-eu
Strong redundancy of Storage: 100% Availability2
Higher security niveau through certification like ISO/IEC 27001
Is Cloud Computing secure?
Security updates with technical support
20/21