Secure cloud computing in legal metrology

Alexander Oppermann, Technische Universität Berlin, Technische Universität Berlin, Jean-Pierre Seifert
2020
In Europe, all measuring instruments under legal control have to pass a conformity assessment to prove compliance with the European Measuring Instrument Directive (MID). In Germany, the MID is regulated via the German Measures and Verification Act (MessEG) that imposes additional requirements for nationally regulated measuring instruments. According to estimations, about four to six percent of the gross national income in European countries is generated by transactions in Legal Metrology, which
more » ... equals annual turnover of 500 billion Euros. An ongoing transition can be observed from a local and concentrated measuring instrument to a distributed and interconnected one. In recent years Cloud Computing has been developed constantly, overcoming different challenges to mature in the fields of security, stability and reliability. However, a lack of trust and verifiability of outsourced computations are still major hindrances for employing Cloud Computing solutions in sensitive and securityconscious industries. These properties are challenging to protect by classical approaches. In this thesis, a Secure Cloud Reference Architecture for measuring instruments is presented, addressing both requirements and roles of the Legal Metrology framework. Splitting a well contained measuring instrument into a distributed measuring system, creates new challenges to guarantee security and integrity of the measurements. Addressing these challenges, Fully Homomorphic Encryption (FHE) is employed to enable calculations on encrypted measurements. FHE suffers from time intensive and complex computations. However, by introducing multithreading to the employed FHE schema, a significant speed-up in all arithmetic operations is achieved. A secure communication protocol for encrypted data is presented to take account of integrity of encrypted measurements for data in transit. The feasibility of FHE is proven by applying it to real-world tariff-applications in the smart-meter domain. Furthermore, verification methods for the reference architecture are [...]
doi:10.14279/depositonce-9736 fatcat:ihjx5kwf3ne6xfdsiptmjhcmou