Secure Cloud Computing: Reference Architecture for Measuring Instrument under Legal Control

Correspondence Alexander Oppermann, Department 8.5 Metrological IT, Physikalisch-Technische Bundesanstalt (PTB), Abbestraße 2-12, 10587 Berlin, Germany. Email: alexander.oppermann@ptb.de In Europe, measuring instruments under legal control are responsible for an annual turnover of 500 billion Euros and contribute a significant part to the economy including establishing trust between all stakeholders. In this article, a secure cloud reference architecture for measuring instruments is presented, addressing both requirements and roles in the Legal Metrology framework. With the introduction of Cloud Computing in Legal Metrology, a new role of a Cloud Service Provider has to be established. The general approach of the reference architecture shall be evaluated to determine if Cloud Computing can be integrated into the legal framework. In a bottom-up approach, each layer of the cloud is addressed and carefully tested against the essential requirements for Legal Metrology. Splitting a well-contained measuring instrument into a distributed measuring system creates new challenges guaranteeing security and integrity of the measurements. Addressing these problems, technologies such as fully homomorphic encryption are evaluated, improved, and implemented to enable calculations on encrypted measurements. In addition, a secure communication protocol for encrypted data is presented to address the demand of integrity of encrypted measurements throughout their lifecycle. Lastly, a continuous monitoring approach is presented to detect anomalies and to classify the system behavior depending on their severity and impact into three categories: green, yellow, and red.

[1]  Michael Brenner,et al.  Rechnen mit verschlüsselten Programmen und Daten , 2012 .

[2]  Florian Thiel,et al.  Software risk assessment for measuring instruments in legal metrology , 2015, 2015 Federated Conference on Computer Science and Information Systems (FedCSIS).

[3]  Alexander Oppermann,et al.  Secure Cloud Computing: Multithreaded Fully Homomorphic Encryption for Legal Metrology , 2017, ISDDC.

[4]  Yael Tauman Kalai,et al.  Improved Delegation of Computation using Fully Homomorphic Encryption , 2010, IACR Cryptol. ePrint Arch..

[5]  Mi Lu Arithmetic and Logic in Computer Systems: Lu/Arithmetic and Logic in Computer Systems , 2005 .

[6]  R. Cramer,et al.  Linear Zero-Knowledgde. A Note on Efficient Zero-Knowledge Proofs and Arguments , 1996 .

[7]  Peter Kilpatrick,et al.  A Lightweight Tool for Anomaly Detection in Cloud Data Centres , 2015, CLOSER.

[8]  A. Déom,et al.  [The international system of units (SI)]. , 1979, Zeitschrift fur Krankenpflege. Revue suisse des infirmieres.

[9]  Michael Brenner,et al.  Poster: an implementation of the fully homomorphic smart-vercauteren crypto-system , 2011, CCS '11.

[10]  Christine Bachoc,et al.  Lattice-Based Cryptography , 2016 .

[11]  Frederik Vercauteren,et al.  Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes , 2010, Public Key Cryptography.

[12]  Florian Thiel,et al.  Achieving Software Security for Measuring Instruments under Legal Control , 2014, FedCSIS.

[13]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[14]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[15]  Alexander Oppermann,et al.  Secure Cloud Reference Architectures for Measuring Instruments under Legal Control , 2016, CLOSER.

[16]  Klaus Wehrle,et al.  Maintaining User Control While Storing and Processing Sensor Data in the Cloud , 2013, Int. J. Grid High Perform. Comput..

[17]  George Karypis,et al.  Introduction to Parallel Computing Solution Manual , 2003 .

[18]  Jonas Repschläger,et al.  Innovative Architektur f ür sicheres Cloud Computing: Beispiel eines Cloud-Ecosystems im Gesundheitswesen , 2012, GI-Jahrestagung.

[19]  Craig Gentry,et al.  Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.

[20]  Arnold Monitzer,et al.  A novel set of measures against insider attacks - sealed cloud , 2013, Open Identity Summit.

[21]  Florian Thiel,et al.  Cloud Computing in Legal Metrology , 2015 .

[22]  J. Prins Directive 2003/98/EC of the European Parliament and of the Council , 2006 .

[23]  Federico Grasso Toro,et al.  Representation of attacker motivation in software risk assessment using attack probability trees , 2017, 2017 Federated Conference on Computer Science and Information Systems (FedCSIS).

[24]  J. H. van de Pol Lattice-based cryptography , 2011 .