Security issues in a distributed Internet-enabled metrology system like iMET would be of vital importance, should the customers have enough confidence in the system to request the services offered. Accreditation authorities would also require a certain level of confidence in the systems security to accept it being used.
The system should have built in mechanisms to:
The security issues that have to be considered to ensure the above comprises data integrity for measurement procedure communication and calibration results, confidentiality for measurement data and data system, authentication of customer and calibration authority, authentication of measurement instruments and necessary real-time availability of the system.
The customers need to be certain that measurement data and customer related information is treated confidentially. They also need to be confidant that no one could cause damage to their instruments and that no additional threats are introduced to their data systems due to the introduction of the measurement system in their network.
Accreditation authorities are concerned about data integrity and measurement traceability and also about how the measurement procedures are performed, controlled and documented. Calibration laboratories are accredited by the standard ISO/IEC/EN 17025, and this standard states requirements regarding the calibration procedure, documentation and competence for parties involved in the calibration process. Calibration authorities (e.g. Justervesenet) would of course, as the part offering the service, be concerned with all these tasks, but in addition special concerns are with the safety of their travelling standards and the availability of all the necessary elements in the set-up. Another point of interest is whether the system could add extra uncertainties to the measurement results. In this thesis the focus on this should be limited to whether there could be any uncertainty components added due to the measurement software and communication system and we will not deal with measurement uncertainties components introduced by e.g. transportation of the standard. All these security issues should be considered, and if possible adequate levels of security should be defined, and the system should be evaluated against these.
Attack trees, as a concept for describing the security of systems, was first introduced in the literature by Bruce Schneier in 1999 [4]. They provide a semi-formal mechanism for identifying attack pathways for computer systems and networks. The basic idea of an attack tree is to visualize and to some extent quantify (in terms of cost for the attacker) different possible attacks against a system. This is done by defining the root node of the tree as the attack goal, and then identifying possible attack ways as leaf nodes. This gives us a picture of the overall risk of security breaches to the system, and makes it possible to identify the cheapest or most likely attacks, and thereby also where to put the effort.
In this thesis work we have chosen to use the attack tree method for the investigation of security in a distributed Internet-enabled metrology system, and part of the work will also be to analyse the suitability of such a method for this kind of systems.
There are several ongoing activities internationally, addressing Internet-enabled metrology, this is further addressed in chapter 2. The main idea in most of these works, as it is for the iMET-system (which will be the system focused on in this thesis), is that the unit under test (UUT) is not moved from the owner’s laboratory. Instead a calibrated standard, e.g. an electrical multimeter, is transferred to the laboratory from a reference laboratory (e.g. an national measurement institute, NMI), and the calibration process is then controlled directly by the reference laboratory.
There are many advantages to this approach. Since the UUT is never moved, the uncertainty associated with the transport of the UUT is eliminated. The reference laboratory often has much better understanding of the transport uncertainty of the calibrated standard, so the uncertainties due to transportation will presumably be smaller than for the traditional system
The calibrations are performed in the owner’s environment ensuring that measurement results accurately reflect the conditions relevant to the owner’s situation. Transportation cost could also be reduced, especially if using a scheme where the standard is transported to several customers successively. Up till now, the main focus in most of the ongoing activities has been on functionality of the systems. Security issues are addressed in some projects, but there is still a lack of understanding of several of the security issues that should be addressed.
The iMET system provides a flexible and general solution for an Internet-enabled application, and has been designed to support current and future requirements for flexibility in network architecture. In contrast with most of the ongoing activities in other countries, the iMET system is designed to support different metrological activities and not one specific service.
Several security concerns have been addressed in the design and implementation of the system, but for customers and accreditation authorities, an assessment of the security level would be of vital importance. The goal of this master thesis should be to contribute to the general acceptance of Internet-enabled metrology as a means of dissemination of calibration values. This should be done by demonstrating assessment of a system designed for distributed Internet-enabled metrology. This assessment should comprise an overall evaluation of different security concerns generally applicable for distributed Internet-enabled metrology systems, and hopefully give a better understanding of threats and vulnerabilities in such systems in general. For the iMET system, the assessment would lead to a better understanding of security concerns related to this specific system, and possibly suggest feasible mitigation strategies for the system. By using the attack trees method for describing and evaluating security issues in this system, we are also hoping to contribute to the understanding of suitability of this method in security assessment. In particular we hope to show how this method could provide an understanding based on cost-effort evaluation of where to put the effort to increase security in the system.
Research questions
