metrology cloud wp1 · metrological administrator for trust ensurance 5. modular security layer....
TRANSCRIPT
![Page 1: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/1.jpg)
Metrology Cloud
WP1
Metrology Cloud Consortium Meeting Year 1
PTB BerlinWP1-Lead: Neumann, Prof. Dr. Nordholz
Dev-Team: Dohlus, Kammeyer, Nischwitz, Wetzlich, Yurchenko
![Page 2: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/2.jpg)
Topics
2
➢ Goals – „Why Metrology Cloud?“
• WP1: Architecture – Desiging a Secure Trust-Network
• WP1: Schema – Data Harmonization
• Introducing:
• MC Consortium Wiki
• MCoaT Demo
• MCoaS
• AuthStick
![Page 3: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/3.jpg)
Project Overview
3
Co-Coordination:
❖ J. Nordholz, 8.55
❖ J. Neumann, 8.52
❖ A. Oppermann, 8.52
❖ D. Peters, 8.54
❖ M. Esche, 8.51
Coordination: F. Thiel
![Page 4: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/4.jpg)
Let‘s talk about people…
4
![Page 5: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/5.jpg)
… how they work …
5
![Page 6: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/6.jpg)
… and how they share data
6
![Page 7: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/7.jpg)
… and how they share data
7
![Page 8: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/8.jpg)
Throwing stakeholders into the mix …
8
![Page 9: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/9.jpg)
… adding in external ressources …
9
![Page 10: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/10.jpg)
… and introducing: the Internet
10
Adding in examplary
labels …
Measuring
Infrastructure
External
Databases
… and finally showing
communication pathways.
This reflects the current state
![Page 11: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/11.jpg)
Switching to Metrology Cloud System …
11
Getting rid of non-uniform
data exchanges …
… build the Metrology Cloud
Net on the set of Nodes …
… and finally show optimized
data flow pathways.
Measuring
Infrastructure
External
DatabasesThis reflects what we aim for
![Page 12: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/12.jpg)
Metrology Cloud Mission Statement
Measuring
Infrastructure
External
Databases
Metrology Cloud Mission Goal
❖ Single-Point-of-Contact: every piece of information is attached to abstracts like the digital represantion of a measuring device or product line
❖ Uniform data structure and interfaces allow for easy and transparent data exchange
❖ Data is shared between stakeholders securely and on the basis of what is minimally needed to satify regulatory demands
![Page 13: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/13.jpg)
Potential Software Update Process
13
1. Update issued
2. Conformity of update
3. Request 4. Ensemble-Test5. Permit
6. Approval
7. Approval
![Page 14: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/14.jpg)
Topics
14
✓ Goals – „Why Metrology Cloud?“
➢ WP1: Architecture – Desiging a Secure Trust-Network
• WP1: Schema – Data Harmonization
• Introducing:
• MC Consortium Wiki
• MCoaT Demo
• MCoaS
• AuthStick
![Page 15: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/15.jpg)
Requirements specification
15
1. Leave control with the data-owner
2. Prevent changes to process-relevant data
3. Fast and secure consensus
4. Metrological administrator for trust ensurance
5. Modular Security Layer
![Page 16: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/16.jpg)
Metrology Cloud Architecture
16
Stakeholder DataOnly process-relevant data is shared
with the MC by copy to the node
Encrypted Databasewith shared schema
Secure Web frontendfor plattform independent access
Immutable Chains (DLT)for logging, access management
and Smart Contract processing
Trusted Metrology Cloud Node
Reference Architecture under
development by
Metrological Administrationvia integrated decentralized hard-
wired contracts and consensus
![Page 17: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/17.jpg)
Architecture Advantages
17
• Technology Open Development
• Using standard web APIs (JSON over https)
• Distributed (Non-centralized) Architecture
• Modern, flexible Security Layer
• Secure, digital Identities for People and Devices
• Verified Smart Process Execution
![Page 18: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/18.jpg)
Contact to the Stakeholder-Architecture
18
Metrology
Cloud
All data to be shared
with the MC can be
pushed to the node
Generating
TrustDatabase / storage
Web services Intranet
Database connector
Remote
infrastructure
External
data sources
Database interface
![Page 19: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/19.jpg)
MC Node Building Blocks
19
DLT
PKI
Log Book
ConMan
BL
DB
M-Admin
Access-M
Web UI
![Page 20: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/20.jpg)
MC Development
20
Frontend
Database
Access Rights Management
Admin-Service
BusinessLogic
MC Software Framework / MC Utils / MC Build Environment
Backend Logging
Inspector
Connection Manager
Public Key Infrastructure
Distributed Ledger Technology
Schema Wiki
Auth Stick
![Page 21: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/21.jpg)
Task for the MC Eco-System
21
Node platform
Testing
Hardware platform
Certification of Smart Contracts
Smart Contracts
Initial configuration and deployment
Data import and export adapter
Existing, proprietary databases
Frontend
a willing institution
respective stakeholder
![Page 22: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/22.jpg)
Topics
22
✓ Goals – „Why Metrology Cloud?“
✓ WP1: Architecture – Desiging a Secure Trust-Network
➢ WP1: Schema – Data Harmonization
• Introducing:
• MC Consortium Wiki
• MCoaT Demo
• MCoaS
• AuthStick
![Page 23: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/23.jpg)
Schema Harmonization - Motivation
23
![Page 24: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/24.jpg)
Schema Harmonization - Motivation
24
???
EVP
?
?
![Page 25: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/25.jpg)
Schema Harmonization - Motivation
25
??
?
??
![Page 26: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/26.jpg)
Schema Harmonization - Motivation
26
![Page 27: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/27.jpg)
Schema Harmonization - Motivation
27
How do we achieve?
→ The Metrology Cloud Consortium Wiki
![Page 28: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/28.jpg)
Topics
28
✓ Goals – „Why Metrology Cloud?“
✓ WP1: Architecture – Desiging a Secure Trust-Network
✓ WP1: Schema – Data Harmonization
➢ Introducing:
➢ MC Consortium Wiki
• MCoaT Demo
• MCoaS
• AuthStick
![Page 29: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/29.jpg)
Schema Harmonization - Wiki
29
dev rev main
Three stages: „dev“, „rev“, „main“
❖ dev [Develop] - working space
❖ rev [Review] - voting process
❖ main [Accepted] - accepted schema
![Page 30: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/30.jpg)
Schema Harmonization - Wiki
30
Metrology Cloud Consortium Wiki
process related data
❖ Unifying / Defining relevant tables / columns/keys
names / types / keys
❖ Collaborative schema design
❖ Allows working on the schema for process- and data-experts
❖ Decision History and data dictionary as output
❖ Direct export to Demonstrator MC2.0+
➢ https://wiki.metrologycloud.eu/
![Page 31: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/31.jpg)
Schema Harmonization - Wiki
31
![Page 32: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/32.jpg)
Schema Harmonization - Wiki
32
![Page 33: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/33.jpg)
Schema Harmonization - Wiki
33
![Page 34: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/34.jpg)
Schema Harmonization - Wiki
34
![Page 35: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/35.jpg)
Topics
35
✓ Goals – „Why Metrology Cloud?“
✓ WP1: Architecture – Desiging a Secure Trust-Network
✓ WP1: Schema – Data Harmonization
➢ Introducing:
✓ MC Consortium Wiki
➢ MCoaT Demo
• MCoaS
• AuthStick
![Page 36: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/36.jpg)
MCoaT
Metrology Cloud on a Table
Metrology Cloud Consortium Meeting Year 1
PTB BerlinWP1-Lead: Neumann, Prof. Dr. Nordholz
Dev-Team: Dohlus, Kammeyer, Nischwitz, Wetzlich, Yurchenko
![Page 37: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/37.jpg)
Metrology Cloud Demonstrators
37
![Page 38: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/38.jpg)
Metrology Cloud on a Table
38
Secure, process related data exchange between partners
❖ Input data
❖ Set access rights
❖ Query data / check
❖ Software update
❖ Conformity assessment
❖ Connections to MIs
Possible Actions Supported Processes
MI connected via
external system
MI connected
via the Internet
Consortium Consensus on
Harmonized Schema
Metrology Cloud on a Stick
![Page 39: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/39.jpg)
MCoaT architecture
39
Node
Simulation
User
Interface
Demo
System
NOW
FINAL
Full Webfrontend
Now: User-Interface running
on same system as Node
Later: regular Web-Frontent
![Page 40: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/40.jpg)
MCoaT architecture
40
I
n
t
e
r
n
e
t
Manufacturer
NMI
Market Surveillance
User
• 4 Stakeholder
Nodes
• 2 Measuring
Devices
![Page 41: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/41.jpg)
❖MIs connected to the Metrology Cloud
❖directly to a node
❖via some network (i.e. the Internet)
❖Speak different protocols
❖OPCUA
❖REST/JSON
❖XML
41
Interfacing with MIs
![Page 42: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/42.jpg)
❖Rock Pi 4B + 7’’ display
❖Full OPCUA support
❖Retrieve measurement data
❖Query version and log data
❖Perform software update
❖Use as research and development platform for secure MI
designs using our hypervisor
42
MCoaT MI
![Page 43: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/43.jpg)
UI Picture
43
![Page 44: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/44.jpg)
Demo Database
44
Field Type Description
MIID Integer Measuring Instrument ID
Name Varchar Name of the device
Manufacturer Varchar Manufacturer of the device
Munit Varchar Measured Unit
PicID Integer FK to Files-table / picture-file
ProdYear Integer Year of production
lastUpdate TimeStamp Time of last update to DR
isVerified Boolean State of verification marking
DocuID Integer FK to Files-table / document-file
Link Varchar Link to Measuring Instrument
Field Type Description
FileID Integer ID for every stored file
FileLocation Varchar Path / location on disc
FileTypeID Integer FK to FileTypes-Table
Measuring_Instruments Files
Field Type Description
FileTypeID Integer ID for every file-type to be stored
FileTypeDesc Varchar Describtion of file-type
File_Types
?
![Page 45: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/45.jpg)
Example Low Level Process I
45
Query data
by MIID
Query for
specific MIID
Select * From
Measuring_Instruments
where MIID = X
Home-Node
Returning
result-sets
Stitching result-sets and
displaying result to user
Home-Node
![Page 46: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/46.jpg)
46
Example Low Level Process II
Update data
by MIID and by Field
Update for
specific MIID
Home-Node
Connect only to
relevant node
or device
Home-Node
Report
success
Which node to
contact depends
on field chosen
for update
+ new Value
Inform user / display new value
Update value
![Page 47: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/47.jpg)
47
Example Low Level Process III
Update rights
By Field
Update for
specific MIID
Home-Node
+ new State
Report success / display new state
![Page 48: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/48.jpg)
High-Level Processes for MCoaT
48
Software Update and subsequent reverification
Start Process
Input:
• New version number
• Target-MIID
Assess Conformity
Accept Update Reverification
Apply Update
Respective MC-Users are
required to advance process
Result:
• Device updated
• Report success
![Page 49: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/49.jpg)
Administration for MCoaT
49
Key Management Access Rights
Management
Process Monitoring
For
MIs
With
inth
eM
C
Software Update Communication Profile Management
of DigRep
![Page 50: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/50.jpg)
MCoaT Presenat n
50
The MCoaT Demonstrator
The PTB
Metrology Cloud WP1 Team
proudly presents
![Page 51: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/51.jpg)
Topics
51
✓ Goals – „Why Metrology Cloud?“
✓ WP1: Architecture – Desiging a Secure Trust-Network
✓ WP1: Schema – Data Harmonization
➢ Introducing:
✓ MC Consortium Wiki
✓ MCoaT Demo
➢ MCoaS
• AuthStick
![Page 52: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/52.jpg)
You don‘t need to be a software expert
52
❖ All features
shown by
MCoaT are
integrated into
MCoaS
❖ Boot up VM
from USB and
start discovering
the MC
❖ 4 nodes on a
stick or 4 sticks
as MCoaT
![Page 53: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/53.jpg)
Metrology Cloud On a Stick
53
User-advantages:❖ easy to start❖ no risk for user❖ no influence on other systems❖ Updates on Metrology Cloud
website
Get your first MC experiences easily
![Page 54: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/54.jpg)
Topics
54
✓ Goals – „Why Metrology Cloud?“
✓ WP1: Architecture – Desiging a Secure Trust-Network
✓ WP1: Schema – Data Harmonization
➢ Introducing:
✓ MC Consortium Wiki
✓ MCoaT Demo
➢ MCoaS
• AuthStick
![Page 55: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/55.jpg)
Secure authentication: requirements
55
Security aspects:
❖ cryptographic keys never leave the device
❖ A combination of factors appears to be a safer solution
❖ requested factor combination depends on security level
for operation
❖ Dynamical scoring-system
❖ 1-time logout-passwords
Usability requirements:
❖ all interfaces in one single gadget
❖ supports different devices:
❖ mobile phone
❖ pc/notebook
❖ tablet
Security Usability
![Page 56: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/56.jpg)
From requirements to prototype
56
enter password on touchscreen[weakest factor]
use a NFC key fob [medium factor]
use the fingerprint authentification[strong factor]
posession of the USB-key[weak factor]
Requirements System design First prototype
![Page 57: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/57.jpg)
Possible realisation
57
- Multi factor authentication with weighted factors
- Fingerprint sensor on the dongle allows secure authentication without
password entry
- USB-Dongle with NFC-interface for PC and mobile devices
- Small touch display allows password entry
Image sources:Mobiltelefon: https://cdn.tutsplus.com/mobile/uploads/2013/05/[email protected]: https://d2v9y0dukr6mq2.cloudfront.net/video/thumbnail/uh59Wh0/finger-1-icon-cartoon-illustration-hand-drawn-animation-transparent_nyfxqs7y__F0004.png
![Page 58: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/58.jpg)
Physikalisch-Technische Bundesanstalt
Braunschweig und Berlin
Abbestrasse 2-12
10587 Berlin
Maximilian Dohlus
Telefon:030 3481-7485
E-Mail: [email protected]
Thank you for your attention!
Questions?
![Page 59: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/59.jpg)
Demo Recovery
59
![Page 60: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/60.jpg)
Demo Recovery
60
![Page 61: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/61.jpg)
Demo Recovery
61
![Page 62: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/62.jpg)
Demo Recovery
62
![Page 63: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/63.jpg)
Demo Recovery
63
![Page 64: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/64.jpg)
Demo Recovery
64
![Page 65: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/65.jpg)
Demo Recovery
65
![Page 66: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/66.jpg)
Demo Recovery
66
![Page 67: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/67.jpg)
Demo Recovery
67
![Page 68: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/68.jpg)
Demo Recovery
68
![Page 69: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/69.jpg)
Demo Recovery
69
![Page 70: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/70.jpg)
Demo Recovery
70
![Page 71: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/71.jpg)
Demo Recovery
71
![Page 72: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/72.jpg)
Demo Recovery
72
![Page 73: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/73.jpg)
Demo Recovery
73
![Page 74: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/74.jpg)
Demo Recovery
74
![Page 75: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/75.jpg)
Demo Recovery
75
![Page 76: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/76.jpg)
Demo Recovery
76
![Page 77: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/77.jpg)
Demo Recovery
77
![Page 78: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/78.jpg)
Demo Recovery
78
![Page 79: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/79.jpg)
Demo Recovery
79
![Page 80: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/80.jpg)
MC Node Architecture
80
Metrological
Administration
Access Rights Authorisation
Signing
DLT
Logging
Encryption PKI
![Page 81: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/81.jpg)
Public Key Infrastructures - PKI
81
❖ Smart contracts
❖ Distributed ledgers
❖ Digital document signing
❖ Confidential data exchange
between nodes
❖ Secure user authentication
and communication
![Page 82: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/82.jpg)
PKI – DLT-based Approach
82
Consensus Block:
• approved by voting
• contains rootlike CA-cert
![Page 83: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/83.jpg)
Metrological Administration Tasks
83
Software Update
Monitoring of operational Processes
Communication
Change and Administrative
Processes
Profile management of the Digital
Representations
Information Security Management (ISMS)
Key Management (PKI)
Incident Management
Certificate and Access Rights Management
Metrological
Administration
![Page 84: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/84.jpg)
MCoat Initial State
84
Table with 4 Nodes and 2 Measuring Instrument placeholders
4 Nodes represent 4 main stakeholders (one Node each):
❖ Manufacturers
❖ PTB/NMI
❖ Market Surveillance
❖ Users
2 physical Measuring Instrument placeholders:
❖ IoT-MI
❖ MI connected only to USER-Node
All devices show their picture/logo, a log window (small) and an action
window (mainly):
❖ MIs display new states after update in action window
❖ Nodes use action window for MC-GUI
ICON
Action
windowLog
![Page 85: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/85.jpg)
Initial Data
85
MIID Name Manufacturer MUnit PicID ProdYear LastUpdate isVerified DocuID Link
1Future-Scale 3000
Future Corp. Ltd. Weight 5 200901.01.2019 11:11:11
TRUE 6
2Future-Scale 4000
Future Corp. Ltd. Weight 4 201201.01.2019 11:11:11
TRUE 7
3Future-Scale 5000
Future Corp. Ltd. Weight 3 201501.01.2019 11:11:11
FALSE 8
4Future-Scale 6000
Future Corp. Ltd. Weight 2 201801.01.2019 11:11:11
TRUE 9
5Future-Scale 7000
Future Corp. Ltd. Weight 1 202101.01.2019 11:11:11
FALSE 10
Measuring_Instruments
FileTypeID FileTypeDescribtion
1 Pictures
2 Documentation
File_
TypesEntries of Files-table can
be determined from this.
![Page 86: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/86.jpg)
Division of data
86
Fixed for all nodes: File_Types-table, Files-table
Data mirrored over all nodes
Data split vertically: Measuring_Instruments-table
MIID, Name, Manufacturer, DocuID, ProdYear
MIID, MUnit
MIID, isVerified, lastUpdate
MIID, picID
MIID, CurrentVersion (data directly from device)
Data relevant for
Digital Representation
![Page 87: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/87.jpg)
87
Processes IV
Update rights
By Device (MIID)
Update for
specific MIID
Home-Node
Connect to
specified device
Home-Node
Report
success
+ new State
Inform user / display new value
Update access rights
Only for
User
Measuring
device
![Page 88: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/88.jpg)
Schema Harmonization - Motivation
88
How do we achieve?
→ The Metrology Cloud Consortium Wiki
![Page 89: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/89.jpg)
Conceivable Authentication Mechanism
89
❖ Multi factor authentication with weighted factors
❖ Secure authentication with fingerprint sensor on the dongle
❖ No passwords!
❖ USB-Dongle with NFC-interface for PC and mobile devices
Image sources:Mobiltelefon: https://cdn.tutsplus.com/mobile/uploads/2013/05/[email protected]: https://d2v9y0dukr6mq2.cloudfront.net/video/thumbnail/uh59Wh0/finger-1-icon-cartoon-illustration-hand-drawn-animation-transparent_nyfxqs7y__F0004.pngDongle: https://upload.wikimedia.org/wikipedia/commons/b/b6/U2F.USB-Token.jpg
![Page 90: Metrology Cloud WP1 · Metrological administrator for trust ensurance 5. Modular Security Layer. Metrology Cloud Architecture 16 Stakeholder Data Only process-relevant data is shared](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe41636b2e96f66fb666b51/html5/thumbnails/90.jpg)
MC on a Stick
90
Development-advantages:❖ local feature testing❖ comfortable debugging❖ easy recovery
User-advantages:❖ self-contained VM-image ❖ easy to install❖ no risk for user❖ no influence on other systems❖ testable in VM or real HW
Get your first MC experiences easily