2.1. Legal Metrology and Digitalization
Legal Metrology (LM) is responsible for providing trust in physical quantities’ measurements in relations that involve consumption, security, life protection, and environmental preservation [
3]. To do that, LM introduces control activities that assure the reliability of measuring instruments in different applications. The literature references these activities as type approval and metrological supervision (which includes marketing and field surveillance) [
7]. They introduce practices and mechanisms that ensure the integrity of measuring instruments’ legally relevant chain. The term Legally Relevant (LR) refers to any part of a measuring instrument that can influence the generation and manipulation of sensitive information (i.e., measurements, sensors data, and digital evidence). In a measuring instrument, LR components exchange information and control actions logically, creating something like a dependency chain. For this reason, the protection of the LR chain is critical to ensure the reliability of any measuring instrument.
In all countries, the efficiency of activities related to LM constitutes a growing challenge. Mainly, software controlled measuring instruments (as is the case of smart meters) include new technologies that present higher complexity and introduce several security concerns. As an example of these concerns, one can mention LR chain integrity, the protection of sensitive information, and the availability of connected meters. These challenges assume more significant proportions in developing countries due to the dissemination of smart meters in complex scenarios and the high incidence of fraud in measurements [
9,
10,
18].
In all these aspects, digitalization seems to be the best alternative to improve the activities related to LM [
1,
2,
11]. A promising approach as an upcoming platform for legal metrology is the European Metrology Cloud (EMC), a coordinated European digital quality infrastructure for innovative products and services [
1]. In general, the Metrology Cloud can be regarded as a distributed network because every stakeholder manages his/her own peer/server to participate in the network and keeps the data locally safe. These stakeholders are manufacturers, notified bodies, market surveillance authorities, and users of measuring devices. Hence, the platform needs authorization mechanisms to manage these stakeholders’ rights in different parts of the EMC.
2.2. Blockchain and Measurement Applications
Blockchain is an emerging technology that has caught stakeholders’ attention in different knowledge areas [
19]. LM is also one of these areas, with proposals involving the measurements’ audit, information security and integrity, software protection, metrological surveillance, and distributed computing for measuring instruments [
9,
10,
14,
15,
16,
17].
One can define a blockchain as a distributed append-only data structure (designated as a ledger), which is replicated and shared among a set of network peers [
19,
20]. Blockchain ensures integrity and availability by consensus among peers [
20]. This mechanism prevents any modification of the chain, enforcing an agreement about any new block in the ledger. A blockchain can store virtually any digital asset, from data to self-executing scripts, whereby the latter are called smart contracts. This enhances blockchain’s ability from being just a reliable data storage solution, to being a complete distributed platform for a proper automated workflow [
13], in which smart contracts are executed by every assigned network peer that has permission, in an independent and automatic manner.
Blockchain technology’s features make it a great candidate to manage applications in scenarios like the EMC [
12]. These applications demand that individual stakeholders agree about the correct state of information and processes independently. Features such as integrity assurance and smart contracts’ enforcement can be handy in improving different LM activities. Usually, LM faces different demands in different countries. For instance, the privacy and protection of sensitive information are among the most critical concerns for LM in the European Union. In turn, the reliability of measuring instruments and fraud prevention are the main drivers of LM in developing countries. In both scenarios, blockchains can contribute with different solutions. Another aspect is the management of activities involving type approval and surveillance. Mostly, these activities demand interaction among different parts, for instance measuring instruments’ manufacturers and users, vendors, consumers, notified bodies, and governments. These diverse stakeholders could reduce the costs and their processes’ complexity by integrating data and actions within a blockchain.
Recent works have proposed blockchain applications in different cases related to LM. Peters et al. [
14] were the first to describe a set of applications in the context of LM that can explore blockchain’s properties. Melo et al. [
5] described how to implement distributed measuring systems using smart contracts to execute LR software. The works of Peters et al. [
15] and Yurchenko et al. [
16] discussed how one can improve privacy in blockchain by using homomorphic and functional encryption in smart contracts. Finally, Melo et al. [
10] presented a distributed and decentralized framework to implement fuel dispensers’ field surveillance using smart contracts. All these works describe ideas about implementing blockchain-based applications that involve LM. However, they lack how to create and manage a real blockchain network to support practical scenarios involving these solutions.
Upon creating a blockchain network to address LM demands, one needs to consider an architecture that matches these applications’ elementary requirements [
12,
21]. Broadly speaking, LM activities and applications demand the participation of stakeholders with distinct interests. In many cases, these interests can be conflicting. For instance, in the trading of measured goods, vendors usually expect a measuring instrument to work with the maximum admissible measuring error (i.e., more profitability). In contrast, consumers expect the opposite (i.e., lower price). Intermediary entities (e.g., notified bodies) act as mediators to ensure a fair trade. Besides, LM activities and applications also deal with sensitive information (e.g., energy measurements can expose consumers’ personal habits). Thus, a blockchain architecture in the LM context needs to promote the harmonic interaction among the parts while protecting information from undue access.
The literature usually classifies blockchain platforms as public (or permissionless), in which anybody can join and participate in the network consensus, or permissioned, in which consensus is achieved by a set of known and identifiable peers [
22]. Bitcoin [
23] and Ethereum [
24] are examples of public blockchains. Permissioned blockchains are particularly interesting in business applications in which the parties need to identify each other [
22,
25]. Furthermore, permissioned blockchain consensus protocols usually expend less computational resources and can reach better transaction latency and throughput [
26]. In their survey about blockchain architectures, Ismail and Materwala [
27] also discussed the difference between Single-Ledger-based (SL) and Multi-Ledger-based (ML) architectures. SL architectures support both public and permissioned blockchain networks. They constitute most implementations, covering the three first blockchain evolution tiers: currency, smart contracts, and decentralized applications. The ML architecture concept came originally from Hyperledger Fabric [
25]. It was the first platform to enable confidential and private transactions among distinct peer subgroups, introducing a protection level between pieces of information with different access privileges.
2.3. Blockchain-Based Pki Application
In this paper, we also develop a blockchain-based PKI application to test our inter-NMI network. This section explains the elementary concepts about the importance of this kind of application to LM and why blockchain can be a promising platform to implement it.
2.3.1. Digital Signatures and Smart Meters
The digital signature is one of the main applications of public-key cryptography [
28]. Its implementation mechanism relies on a pair of asymmetric cryptographic keys and a digital certificate. The digital certificate is the attestation made by a trusted third party that the public key belongs to the sender. The sender calculates the information cryptographic hash (digest) and encrypts it using his/her private key. In a complementary manner, any entity can verify the digital signature using the sender’s public key in the digital certificate to decrypt the digest and check its correspondence to the original piece of information. This process attests to the information’s integrity, authenticity, and non-repudiation.
Digital signatures can be a powerful tool to protect the smart meters’ LR chain against fraud and security attacks. This conjecture comes from the premise that a smart meter can store and protect a pair of asymmetric cryptographic keys. A meter can sign its measurements, raw data, or any LR information, providing evidence of integrity and authenticity. Furthermore, cryptographic directives can enable more sophisticated security mechanisms such as cryptography token-based access control and software integrity verification and updates. However, digital signatures and certificates are little explored concepts in the LM scope. The literature reports a few cases involving the use of public-key signatures to ensure the authenticity and integrity of measurements and to control LR software updates [
29]. We can cite examples related to the protection of the LR information in electronic speed meters [
30] and in the verification of sensing data from sphygmomanometers [
31]. To the best of our knowledge, no work reports practical results on the use of digital certificates in measuring instruments.
2.3.2. Public-Key Infrastructure
Systems implementing digital certificates usually require a Public-Key Infrastructure (PKI). A traditional PKI demands some entities performing specific roles. The main one is the Certification Authority (CA). The CA is responsible for emission, distribution, renewal, revocation, and digital certificates’ management. In practice, the CA signs the digital certificates using its private key, attesting to their correspondence to the respective entities. The Root-Certification Authority (Root-CA) is the first CA in the certification chain. The Root-CA is responsible for verifying and auditing the other CAs. Furthermore, it is responsible for the emission, distribution, renewal, revocation, and management of the CAs’ digital certificates. Finally, we have the Registration Authority (RA), which provides the interface between the CA and the certificate owner (i.e., the entity that acquires the digital certificate). The RA receives, validates, and forwards requests to the CA.
2.3.3. How Blockchain Can Help
Blockchain-based PKI is an alternative to CA-based PKI. In the last three years, different works have proposed this idea, especially in contexts involving IoT applications [
32,
33,
34]. A blockchain-based PKI contraposes a conventional CA-based PKI because it eliminates the dependency on a Trusted Third Party (TTP). Consequently, a blockchain-based PKI does not depend on CAs to sign digital certificates. Digital certificates become blockchain digital assets that link an entity to a public key. Once the blockchain’s intrinsic properties ensure the ledger’s integrity and immutability, all the involved entities can trust each of the stored digital assets (i.e., certificates).
In the context of LM, a blockchain-based PKI can significantly save costs, besides reducing the dependency on a TTP. Usually, smart meters are very inexpensive devices, and any minimal expenses related to issuing a CA-based digital certificate can be prohibitive. Furthermore, TTP dependency can be challenging, especially when measurement frauds are recurrent and very profitable (e.g., the trade of measured goods in developing countries), encouraging malicious entities to collude and bribe the TTP. A blockchain-based PKI can provide a tradeoff between security features and costs. Different participants interested in ensuring the reliability of measurements from smart meters (i.e., manufacturers, industry, vendors, notified bodies, government, consumers’ representatives) can constitute a consortium and implement a blockchain. Each participant provides a small set of peers and takes part in the blockchain consensus. The blockchain uses a smart contract to collect each meter’s public key at manufacturing time and store it in the ledger. Since the ledger is immutable, it permanently links the public key to its respective owner (i.e., smart meter). A second smart contract can implement digital signature checking services, enabling any entity with access to the blockchain to execute this task without the need for a TTP.
Peters et al. [
14] described how a blockchain-based PKI would work in the context of a project like the EMC. Inner nodes (i.e., peers that integrate the blockchain network) can add and revoke digital certificates. These nodes can belong to manufacturers, notified bodies, and market surveillance entities, for instance. Contrary to those, outer nodes (i.e., entities that only mirror the blockchain and do not write directly to it) are individual measuring instruments and users of these devices. They can request the checking of signed assets to be confirmed by the inner nodes.