European Eichrecht
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Subtitle |
| |
| Title of Series | ||
| Number of Parts | 542 | |
| Author | ||
| License | CC Attribution 2.0 Belgium: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/61479 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
FOSDEM 2023302 / 542
2
5
10
14
15
16
22
24
27
29
31
36
43
48
56
63
74
78
83
87
89
95
96
99
104
106
107
117
119
121
122
125
126
128
130
132
134
135
136
141
143
146
148
152
155
157
159
161
165
166
168
170
173
176
180
181
185
191
194
196
197
198
199
206
207
209
210
211
212
216
219
220
227
228
229
231
232
233
236
250
252
256
258
260
263
264
267
271
273
275
276
278
282
286
292
293
298
299
300
302
312
316
321
322
324
339
341
342
343
344
351
352
354
355
356
357
359
369
370
372
373
376
378
379
380
382
383
387
390
394
395
401
405
406
410
411
413
415
416
421
426
430
437
438
440
441
443
444
445
446
448
449
450
451
458
464
468
472
475
476
479
481
493
494
498
499
502
509
513
516
517
520
522
524
525
531
534
535
537
538
541
00:00
Information privacyCollaborationismInformation securityGoodness of fitGroup actionFamilyPhysical lawBitComputer animation
00:35
Computer scienceAreaGoodness of fitOpen setOpen sourceConvex hullEndliche ModelltheorieUniverse (mathematics)Mobile WebComputer animation
01:02
Triangle1 (number)Open sourceWorkstation <Musikinstrument>Device driverComputer animation
01:55
AuthorizationDevice driverFood energyWeb pageOperator (mathematics)CollisionMultiplication signInformation securityCausalityInformation privacy1 (number)SpacetimeWorkstation <Musikinstrument>ResultantSystem identificationPoint (geometry)FreewareView (database)CybersexInternet service providerDevice driverAuthorizationComputer animation
02:38
MeasurementCryptographyWorld Wide Web ConsortiumDistribution (mathematics)Food energyOperator (mathematics)Workstation <Musikinstrument>Structural loadPower (physics)Key (cryptography)Information securityWebsiteMeasurementMechanism designCryptographyDevice driverDistribution (mathematics)Process (computing)Remote procedure callCellular automatonDirection (geometry)Service (economics)Maxima and minimaPerturbation theoryComputer animation
04:06
Direction (geometry)Maxima and minimaGateway (telecommunications)Physical systemElectronic signatureProjective planeTerm (mathematics)MetreWorkstation <Musikinstrument>AnalogyProcess (computing)InternetworkingLatent heatMIDIFood energyAdditionResultantPhysical lawPublic-key infrastructureMeasurementComputer networkPublic-key cryptographyReading (process)Metric systemTrusted ComputingDreizehnHypermedia19 (number)CryptographyComputer animation
05:27
Virtuelles privates NetzwerkFood energyComputer architectureData transmission1 (number)Point (geometry)CASE <Informatik>Information securityPhysical systemArithmetic meanOffice suiteView (database)Atomic numberMeasurementWind tunnelCondition numberElectric generatorProjective planeDifferent (Kate Ryan album)Cartesian coordinate systemGateway (telecommunications)Remote procedure callComputer animation
06:16
Digital signalRandomizationPhysical systemData managementView (database)Electronic signatureWorkstation <Musikinstrument>SoftwareChainMeasurementEntire functionFront and back endsFinite differencePoint (geometry)Operator (mathematics)Web pageDigital signalPrisoner's dilemma
07:05
MeasurementVideo gameEncapsulation (object-oriented programming)Data managementAdditionElectronic signatureInterface (computing)Functional (mathematics)Public-key cryptographyMeasurementDigital photographyDevice driverFirmwareWorkstation <Musikinstrument>Computer scienceMereologyDigitizingRegulator geneTowerMetreUsabilitySmartphoneFrictionSelectivity (electronic)Operator (mathematics)Goodness of fitComputer animation
08:13
Video gameMIDIReading (process)Regulator geneTowerComputer animationEngineering drawing
08:34
EmailMIDIWorkstation <Musikinstrument>Fundamental theorem of algebraWorkstation <Musikinstrument>QuicksortMeasurementOperator (mathematics)Fundamental theorem of algebraMetreRight angleInformationDigitizingElectronic signatureCASE <Informatik>Regulator geneGroup actionData structureFitness functionStandard deviationSystem identificationMereologyRow (database)Front and back endsSoftwarePhysical lawInternet service providerDevice driverPublic-key cryptographyComputer animation
10:14
Real numberFood energyElectronic signatureRevision controlFirmwareMeasurementAsynchronous Transfer ModeDigital signalWorkstation <Musikinstrument>Wechselseitige InformationSoftwareMobile WebOpen sourceElectronic visual displayHeat transferPublic key certificateMedical imagingWorkstation <Musikinstrument>QuicksortRegulator geneElectronic signatureDrum memoryDigitizingNetwork topologyTheory of relativityPower (physics)Video gamePRINCE2VirtualizationProcess (computing)Food energyCartesian coordinate systemMereologyComputer animation
10:56
CausalityAreaType theoryWave packetDifferent (Kate Ryan album)Letterpress printingOpen sourceScaling (geometry)Projective planeMeasurementSoftware frameworkTelecommunicationPhysical lawMultiplication signReal numberSource codeComputer animation
11:29
Design by contractElectronic visual displayScale (map)TelecommunicationAddress spacePublic key certificateKey (cryptography)EmailFood energyReal numberModal logicRevision controlFirmwareElectronic signatureMenu (computing)InformationTraffic reportingDigital signalMeasurementCASE <Informatik>Electronic signatureMetadataWorkstation <Musikinstrument>Right angleMoment (mathematics)File formatBinary codeRow (database)String (computer science)MetrePublic-key cryptographyError messageValidity (statistics)AdditionComputer fileMenu (computing)Special unitary groupSakokuPlanningDialectTouch typingDifferent (Kate Ryan album)Computer animation
13:43
Revision controlElectronic signatureData modelFood energyReal numberTelecommunicationFirmwareUser interfacePublic-key cryptographyRevision controlDifferent (Kate Ryan album)SoftwareDevice driverWindowInformationLattice (order)Dependent and independent variablesMultiplication sign40 (number)Workstation <Musikinstrument>Rule of inferenceInterface (computing)Electronic mailing listComputer animation
14:12
Physical lawInformationReal-time operating systemRight angleOperator (mathematics)Process (computing)Real numberComputer animation
14:39
Operator (mathematics)Information securityProcess (computing)Workstation <Musikinstrument>Sign (mathematics)Regulator geneComputer animation
15:04
Regulator geneWorkstation <Musikinstrument>MereologyData managementMoment (mathematics)
15:40
Communications protocolSolid geometryTransport Layer SecurityCommunications protocolMultiplication signFundamental theorem of algebraSign (mathematics)Semantics (computer science)Formal languageCartesian coordinate systemOpen sourceLevel (video gaming)Physical systemStrategy gameError messageSoftware developerMaxima and minimaExtension (kinesiology)Information privacyNeuroinformatikDifferent (Kate Ryan album)Context awarenessInternetworkingInformation securityLimit (category theory)Computer architectureSolid geometryCryptographyArrow of timeGame theory40 (number)WeightBuildingGoodness of fitTerm (mathematics)Instance (computer science)Food energyWorkstation <Musikinstrument>Computer animation
17:33
Revision controlOcean currentFood energyIdentity managementOperator (mathematics)Information privacyTheory of relativityPoint (geometry)Information securityCross-correlationPublic key certificateInternet service providerMeasurementSign (mathematics)AuthorizationInformationKey (cryptography)CryptographyExterior algebraReal-time operating systemUniform resource locatorFluid staticsCASE <Informatik>Link (knot theory)Goodness of fitSoftwareWorkstation <Musikinstrument>Roundness (object)VirtualizationComputer chessDevice driverLocal ringComputer animation
19:35
Endliche ModelltheorieScalabilityDatabaseExecution unitTable (information)State of matterSuite (music)AuthenticationInformation privacyServer (computing)Real numberCommunications protocolReal-time operating systemDecision theoryPhysical systemDatabaseTheory of relativityService (economics)DigitizingMobile WebPublic key certificateRegulator geneWorkstation <Musikinstrument>Information securitySoftwareOperator (mathematics)Medical imagingTelecommunicationOffice suiteSign (mathematics)Uniform resource locatorCausalityForceEndliche ModelltheorieComputer animation
21:35
Cartesian coordinate systemOnline chatProcess (computing)Regulator geneSoftware developerEmailReal numberData managementProjective planePoint (geometry)Fundamental theorem of algebraDigitizingCommunications protocolComputer architectureAuthorizationComputer animation
22:19
Point cloudProgram flowchart
Transcript: English(auto-generated)
00:11
Welcome to my talk on the transition of the German calibration law, or Eicherichte, towards a common European calibration law.
00:20
Why this talk? Well, we all know in e-mobility and i-system architecture, security and privacy just do not exist. But there are at least some good starting moments. So I thought, okay, let's fix this. But first a bit on my person. I studied computer science at the Technical University of Ilmenau.
00:42
Then I worked at multiple startups in the area of craft databases, in renewable energy and e-health. And finally, in 2014, I started my own company because I thought, well, it would be easier to sell good open source and open data solutions when it can sell to both sides of an API.
01:02
But back to e-mobility. What is an e-mobility user story? Obviously, an EV driver wants to find a free, compatible and working charging station, which is already complicated enough.
01:22
Then he wants to charge, often as fast as possible. Or at least as fast as it makes sense for him. Finally, he only wants to pay what he really consumed. Not too much, and especially without any surprises. If he is a digital native, he might also demand a real digital process, which simply means he wants an app.
01:47
And we, as Fostom people, we want open source. And it should be free of bullshit. What is bullshit? Now, we all know it. This, especially in this big EV driver authorization bullshit.
02:05
This is, we have a couple of methods to authorize people in e-mobility, and all of them have not much to do with security. None of them has to do with privacy. We even have a MAC address-based authorization, which I just call cyber-terrorism.
02:24
And even from a business point of view, those methods just do not provide enough collision-free identifications for everyone trying to charge his electric car. So, just bullshit. On the other side, we have the charging station operator story.
02:43
What does the charging station operator want? He obviously wants to sell energy and make money. At the same time, he does not want to pay too much to his energy supplier. So, as you can see, multiple parties have to trust the energy measurements.
03:01
And in the future, we also need secure mechanisms for load balancing services. Additionally, we have to remember that charging is a distributed remote sales process. And most charging stations run unsupervised. Without anyone on site who could help you as an EV driver when there is a problem.
03:26
So, there is a real need for 100% security and safety for all processes. And finally, there is the engineer's story. Measuring energy is hard.
03:40
While we know for now more than 100 years how to measure AC. But measuring DC is still hard. And measuring high power DC is even harder. For the security engineers, we can solve all your issues with cryptography.
04:01
Nice! But now we have a key distribution problem to solve. Damn! Measuring energy is not only hard. It is also a heavily regulated area. There is the measuring instrument directive or short MID from nearly 20 years ago. It defines all over Europe the minimum requirements for any metering device used for billing processes.
04:28
But such an MID meter is still a very traditional analog device. Therefore, there are additional specifications and projects of the German PTP defining the minimum requirements
04:42
how to transmit measurements in a secure and trustworthy way over an untrusted computer network. Like the internet. This is all about asymmetric cryptography and public key infrastructures. And again, more than 20 years old.
05:01
All of this led us to the German calibration law or Eichwächt, which was defined from 2015 till 2019, when it became finally alone. Since April 2019, all charging stations have to measure correctly and send their results using digital signatures.
05:25
Or at least, they should. Often we hear the term smart meter gateways when it comes to modern energy systems. What are those smart meter gateways all about? We remember the foundations of secure transmission of measurement data is over 20 years old and well tested in different PTP projects.
05:45
After this period, the German PTP and the German Federal Office for Information Security started to define a next generation security architecture, which we call today smart meter gateways. But we have to keep in mind, smart meter gateways are in fact
06:02
nothing more than VPN tunnels with application layer gateways to access remote smart meters. This is okay for what an energy supplier wants to do, but this is simply not the use case of immobility. In immobility, measurements have to juggle many hops through different operator networks.
06:23
So, from the point of view of the German PTP, the entire value chain has to be certified. Which is the pure horror for every operator, because this would mean every firmware update on every charging station and every software update on the backend system would have to be reviewed and certified by the PTP.
06:47
Clearly, this would be the end of all innovation in this market. So, a much better approach is to use digital signatures, because by using digital signatures we can be sure that measurement cannot be falsified by random errors, internal attackers or management fraud.
07:06
The same idea is also used within a charging station itself. As the entire charging station is the management device, everything is regulated again. Even every small firmware update will be regulated.
07:21
But you can make life much easier with computer scientists' best friends, encapsulation and interface. Every regulated function is encapsulated within the so-called measurement capsule, which is more or less just a small energy meter with additional digital signatures and a good real-time clock.
07:42
All this is located within a small enclosure within the charging station, though it is well separated from everything else within the charging station. The strange part of the current regulation is that there must be a display, and the EV driver must be able to look onto the meter, read measurements and the public key.
08:05
Maybe take a photo with his smartphone, because nobody can remember public keys. Unfortunately, this might only be a great idea when you sit all day in the ivory tower of the MID.
08:20
In daily life of an operator, it looks more often like this. Good luck finding the public key, reading metering data or verifying your invoice. Fun fact, this requirement exists just because of a single stupid sentence within the MID regulation.
08:43
And even the German PDP complained about it 18 years ago, and no one fixed it since then. So, to conclude, the PDP Gunste Gelüssel, how we call it in German, is about having a charging station with a secure smart meter here on the left, which sends at least a charging start and a charging
09:07
stop measurement, including some sort of EV driver or session identification to the charging station operator backend here in the middle. In the operator backend, we combine both into a so-called charge detail record and send it towards the immobility provider here on the right.
09:28
He puts all information into an invoice and sends it to you, the EV driver. Then you or the PDP can take a so-called transparency software to verify the digital signatures of the measurements, and everybody might be happy.
09:44
Well, in theory, this is true. By the way, when you ask yourself, why don't we send it directly to the electric vehicle, even the ISO 1511820 standard from 2022, so last year, does not support the use case of the German calibration law.
10:05
Also, the fundamental data structures and the public keys do not fit together. Congratulations immobility, you've packed it up again. But back to the good parts. What is this transparency software all about?
10:21
Well, the transparency software has some sort of virtual display on the energy meter, which can validate the digital signatures of all measurements. Therefore, it's also a legal part of the charging station certification process and also suffers from all kind of regulations.
10:41
A common way to satisfy one of these regulations is to put the transparency software onto a Linux Live ISO image. This is perhaps an unexpected, but a quite cool application of open source software. Because we disliked all of this politics and immobility, we created our own transparency software.
11:04
It was the first really open source transparency software, and still is the only real open source project in the area of the calibration law. It understands time measurements from different vendors, and it's based on the electron framework. So it is based on TypeScript, SCSS and HTML. The source code is available on GitHub. Feel free to become a sponsor.
11:32
Let's first look at the typical charge transparency record. In this case, this is just a simple JSON file. It has all the
11:41
required measurement data, additional metadata and information on how to verify the digital signatures, which might be based on some other data format, often a binary data format. How this is done in detail, we will see in a moment.
12:01
When we now load a typical charge detail record, we will see here one or more charging sessions on the left. Already here, we can see whether the status of the digital signature is okay or not.
12:25
When we click on one, we can see details on the right. Here we can see whether the validation of individual measurement values is correct or not, and whether all measurement values together are a valid charging session.
12:41
This is important because, caused by errors within the charging station or the backend, one of the signed meter values might be missing, or it's a duplicate, or some other logical problem occurred. When we now click on the details of one of the measurement values, we see how this measurement value was constructed and how it is validated.
13:09
How the string for plain data must be constructed, how it is hashed, what the public key is and what the expected digital signature is about.
13:28
And when it's correct, you will see how nice a valid signature. So, that's it. In the end, nothing really complicated.
13:43
As an EV driver, which transparency software I have to use? Because there might be different transparency softwares for different windows of charging stations. Which version of software I have to use? We have seen getting the public key is also not that easy.
14:04
Will I really understand the user interface and user experience of this software? And what about billing? EV drivers want to verify invoices, not really meeting values. So, where do I get authentic and timestamp charging tariff information?
14:25
Again, in theory, in Germany, we have a law for this. And in the Netherlands, we have even a law that you have the right to get a real-time tariff information before, during and after charging. So, again, we are missing an overall architecture.
14:44
But don't get me wrong. Eichericht as a digital process is very reasonable. But it fails in daily operations. In the mobility, really nothing fits together. Security requirements are often not understood and security goals cannot be realized.
15:04
And surprise, we even have some new regulations. Since the end of last year, we have a NIST2 cybersecurity regulation and a regulation for resilience of critical entities. The entire charging station infrastructure is now part of the sectors of high criticality.
15:26
At the moment, this is not a problem, but become the next big problem of e-mobility. And do you really want to quit load management with untrustworthy metering data? So, yes, well, we have a problem.
15:44
Again, let's reboot the e-mobility protocol landscape. This time, we hopefully think twice about the fundamental protocol requirements and our design goals. It must not again be just a loosely coupled union of very different protocol kingdoms,
16:04
which do not play together nicely, just because no one wants to talk to the kingdom next to him. It must also not again ignore 40 years of computer science, security and privacy research, and reinvent every bad idea of what had already been deprecated somewhere else 20 years ago.
16:27
It must become a true Internet of Energy, which means we have an open source first development and government approach, without any old gardens, without any excuses.
16:40
It must be a rock solid, secure, privacy aware and extensible architecture with a minimal government overhead, just to coordinate the development of higher level business applications. No one should again wait 10 or more years until basic protocol design flaws inhibiting his business innovation are fixed.
17:05
We really need a common language for all entities. Common semantics and a common understanding of errors and error mitigation strategies within distributed real-time systems. It just does not make any sense that we for example still have important e-mobility protocols,
17:25
which do not have any concept for charging stations, and everybody has to work around this limitation. The charging transparency software again will go ahead, and in the next version we will heavily extend the ways we make use of good cryptography.
17:44
There will no longer be just cryptographic keys to sign energy meter measurements, but also keys for charging station operators to sign business-to-business and business customer tariffs and invoices. Operators will also sign every update of static location and real-time usage.
18:03
This will close this missing link between the EVdriver use case of validating a B2C invoice and the currently limited reality of just providing signed energy meter measurement values without any tariff information.
18:22
Also, e-mobility providers can sign their B2C invoices using their cryptographic keys. Additional keys will allow the e-mobility provider to sign anonymous EVdriver identities. This is a new concept which should replace the current EVdriver authorization bullshit in the market
18:46
and solve all related security and privacy issues. Those anonymous identities are just a guarantee for a charge point operator that an e-mobility provider will pay the debt.
19:02
It will no longer leak personal data, and as all certificates have a very short lifetime, over just few days or even hours, correlation attacks will also be something of the past. Finally, all grid load management operations alternate cryptographic security and transparency.
19:23
When an EVdriver receives less energy or less kWh as advertised, he should receive a trustworthy explanation why this happened. Chargy will also become support by a system project. The Chargy software as a service API will solve all issues around providing trustworthy charging station location,
19:47
real-time and security related data, which we see today not only in market driven solutions, but also in governmental e-mobility databases. This idea is also nothing new.
20:01
In fact, it's just a copycat of EU regulations we can find in the e-health sector. The EU medical device regulation and the Oidomit database define both in great detail how vendors have to provide all data around their company and their device models, their device certifications and their sold devices publicly and as open data.
20:26
Also, the operators of those devices have to provide data about their companies, about how they manage those devices and about the most interesting data set device self-tests.
20:40
Because there is just nothing more trustworthy than a daily authentic digital side self-test from each individual device. When the e-health sector can provide such data, there's just no excuse for the mobility sector not to do the same. For all this, we need a protocol suite which goes far beyond the current state of the art
21:05
actual and SQL table transport protocols used in e-mobility. We want protocols which are defined for server to server communication, be fully asynchronous, real-time and provide end-to-end security and privacy. We have to remember that currently state of the art real-time data in e-mobility means real-time data
21:26
that is at least three to five minutes old and thus often worthless for any real business decisions. This was my very short and fast introduction to the very interesting world of regulations and calibrations in e-mobility,
21:43
why this is important, why we cannot and must not avoid it any longer and why it is really an interesting starting point for fundamental new e-mobility protocol architecture and real digital processes.
22:01
So, thank you for your audience. Please use the FOSDEM chat applications for your questions and suggestions. Use the issue management on GitHub or send me an email. You can also sponsor our work and the further development of this project on GitHub.
Recommendations
Series of 10 media