A service oriented secure infrastructure for feature based data exchange in cloud based design and manufacture

A Service oriented Secure Infrastructure for Feature based Data Exchange in Cloud based Design and Manufacture Procedia CIRP 56 ( 2016 ) 55 – 60 Available online at www sciencedirect com 2212 8271 © 2[.]

Procedia CIRP 56 ( 2016 ) 55 – 60

2212-8271 © 2016 The Authors Published by Elsevier B.V This is an open access article under the CC BY-NC-ND license

(http://creativecommons.org/licenses/by-nc-nd/4.0/)

Peer-review under responsibility of the scientific committee of the 5th CIRP Global Web Conference Research and Innovation for Future Production doi: 10.1016/j.procir.2016.10.016

ScienceDirect

9th International Conference on Digital Enterprise Technology- DET2016 – “Intelligent Manufacturing in

the Knowledge Economy Era

A Service-Oriented Secure Infrastructure for Feature-based Data Exchange

in Cloud-based Design and Manufacture

a School of Computer,Wuhan University,No.299,Bayi Road,Wuchang,Wuhan,430072,China

b Suzhou Institute,Wuhan University,No.377,Linquan Street, Dushu Lake Higher Education Town,Suzhou, 215123,China

* Corresponding author E-mail address:fzhe@whu.edu.cn

Abstract

Under the impact of service-oriented architecture (SOA) and cloud computing, Cloud-Based Design and Manufacture (CBDM) has been a flexible and effective way for Collaborative Product Development (CPD) As a crucial issue in sharing CAD models for CPD, Feature-Based Data Exchange (FBDE) among heterogeneous CAD systems should be adapted in CBDM On the other hand, the sensitive information and intellectual property of CAD models should be protected in the process of FBDE and CBDM This paper presents a service-oriented architecture for secure FBDE in CBDM This architecture replaces traditional data exchange and secure process, which are based on client sides, with a service-oriented data exchange and secure process on clouds In this way, feature-based CAD models could be exchanged among collaborative designers with the sensitive information protected in CBDM The service-oriented infrastructure provides cost-effective, flexible and scalable solutions for secure FBDE The case study and experiments demonstrate the proposed idea and method

© 2016 The Authors Published by Elsevier B.V

Peer-review under responsibility of the Scientific Committee of the “9th International Conference on Digital Enterprise Technology - DET

2016

Keywords: Collaborative Product Development; Cloud-Based Design and Manufacture; Feature-Based Data Exchange; information security

1 Introduction

Nowadays, manufacture companies are confronting the

challenge of the highly competitive global environment

Collaborative Product Development (CPD) offers a rapid

response to customer needs and technology changes at low

prices, which makes it becomes the core of modern

manufacturing industry[1] Along with this trend, the

network-hosted collaborative design is considered as a

character of next generation CAD systems[2]

In CPD, designers and developers require massive data

sharing and interoperate the design data among each other[3]

Main stream modern CAD systems use parametric

feature-based modeling paradigm Feature-feature-based CAD model which

contains the design intent, design history, parameters and

constraints is the main carrier of the sharing design data So

the feature-based data exchange (FBDE) is very significant

for collaborative CAD On the other hand, how to protect intellectual property rights and sensitive information

of CAD model becomes an emergency issue for collaborative design because of the interoperation and data sharing [4, 5] Inspired by the concept and technology of cloud computing and Service-Oriented Computing(SOC) /Service-Oriented Architecture(SOA) [6-8], the ideas and characteristics of

“cloud” and “service” are being brought to CPD to form the Cloud-Based Design and Manufacturing (CBDM)[9] CBDM-enabled CPD provides cost-effective, flexible and scalable solutions to collaborative partners by sharing the resources in the applications of design and manufacturing

This paper focuses on the secure FBDE method with the consideration of sensitive information security in CBDM The rest of this paper is organized as follows: in section 2, the related work of collaborative design and CAD model security

is briefly reviewed; the FBDE and model information security

© 2016 The Authors Published by Elsevier B.V This is an open access article under the CC BY-NC-ND license

( http://creativecommons.org/licenses/by-nc-nd/4.0/ ).

Peer-review under responsibility of the scientifi c committee of the 5th CIRP Global Web Conference Research and Innovation for Future Production

method are introduced and the service-oriented secure FBDE

architecture is proposed in section 3; section 4 discusses the

implementation case of the service-oriented secure FBDE;

Finally, section 5 summaries the contributions of the paper

and indicates some future works

2 Related work

SOA was first proposed in the middle of 1990s [7, 8] The

use of Web Services [10, 11] became the main trend to

achieve SOA After adopting the ideas of SOA and taking

computing resources as services from cloud, cloud computing

became a hot research area and was applied widely[12,

13].Using technology of SOA, Web Services and Cloud

Computing, CBDM were proposed and applied as

technologies and methodologies to enable CPD[14-16]

In the CBDM, various CAD systems are used by different

collaborative partners FBDE solution for heterogeneous CAD

model is needed in CBDM He et al established a CSCW

based CAD system for CPD to realize CAD data

exchange[17, 18] Li et al proposed the concept of Dynamic

Feature which are used as the basis for integrating machining,

monitoring, and on-line inspection operations and establish a

set of integrated information models to address the dynamics

of machining conditions[19, 20]

Zhang, He, Han and Li presents a new asymmetric strategy

to enrich the theory of feature-based interoperability,

particularly when addressing a singular feature or singular

sketch [21] Our previous researches presented a procedure

recovery approach, which extended the existing

researches[22, 23] Later we present a service-oriented FBDE

architecture for CBDM, in which FBDE was registered as

service among heterogeneous CAD systems [24]

While the network gives convenience to collaborative

work, it also brings security risks to the private sensitive

information of each collaborative partner The security risks

has become a main obstacle of collaborative design

implementation[25, 26] and these risks become more

prominent in CBDM

The sensitive model information hiding method for feature

based CAD model is lacking, which increases the risk of

sensitive information leakage while collaborative partners

sharing information, such as doing FBDE Moreover, it is an

emerging trend that users require resources as service from

cloud in nowadays cloud-based CPD Under this impact, the

function based FBDE and model information protection

method should be transferred in to services-oriented

3 Service-Oriented Secure FBDE

In collaborative design, designers need to share parametrical

models while protecting their own sensitive information To

provide a secure FBDE schema and taking advantages of

CBDM, this paper takes FBDE and a model information

protection method as services from cloud Designers request

the FBDE services to accomplish the model data exchange

and require security service to hiding sensitive information of

the model, as shown in Fig.1

When FBDE and model security method are developed as

services in cloud, designers could require the FBDE service to achieve the parametrical model sharing directly between heterogeneous CAD systems If the CAD model contains sensitive parts, user could require the security service to hide this information based on the model information hiding method introduced in this paper

Fig.1 service oriented secure FBDE

3.1 Model information security method

3.2.1 Deformation based model information hiding The basic modeling process of common parametric CAD system is: first, create the sketch of the model based on sketch parameters; then select modeling features and adjust feature parameters to finish the modeling process[17]

When creating a sketch, some points with geometry means can be retrieved by APIs of the CAD systems These points control the position and shape of sketch by their coordinates

We name these points as the sketch control points For example, the center of the circular, control points of the spline, endpoints of the long/short axis and center of the ellipse

When the parameters of the sketch control points are modified, the position and shape of the sketch are changed The position and shape of the feature are modified along with the deformation of the sketch Finally, the CAD model is deformed When the parameters of the sketch control points are modified back to original value, the model would be deformed to the original shape as shown in Fig.2

Fig.2 model shape affected by sketch control points: a original model; b partial model sketch; c modify parameters of sketch; d model deformation 3.2.2 FFD based model encryption

Sederberg proposed free-form deformation (FFD) of solid geometric models [27-29].The main idea of the FFD is putting the geometry model into a uniform dissected parallelepiped lattice and the vertices of the lattice are seen as the control points of a trivariate tensor product Bézier body Then, by moving these control points, the vertices of the geometry model are moved and the model is deformed

The FFD idea could be introduced into feature based CAD model We create the encryption control lattice for feature sketch and take the sketch control points as the internal vertices in the deformation lattice of the FFD as shown in Fig.3 (a) Then the FFD based encryption can be applied

The encryption lattice should be created for every sketch of

the features in the sensitive part of the model and it should

contain every sketch control point inside of it It is a

parallelepiped for 3D sketch and a rectangle for a 2D sketch

Taking the 3D sketch control point encryption as an

example, first create the local coordinate system in the

parallelepiped Then a sketch control point C x y z( , , , )has the

parameter coordinate ( , , )s t u and it can be represented as:

min min min

max min max min max min

z

Use planes to dissect the parallelepiped uniformly in three

directions of the coordinates and get lǃ ǃm n sections of the

parallelepiped in each direction respectively The vertices of

the parallelepiped and the intersection points between the

parallelepiped dissection planes consist the encryption lattice

control points, denoted as P i j k, , , in which

0,1, , ; 0,1, , ; 0,1, ,

, ,

i j k

P is:

, , min max min min max min

min max min

k

n

(2)

Thereby, the 3D encryption lattice is created

According to the FFD, when the control point P i j k, , is moved

transformed and it can be denoted as X encryption The local

parameter coordinates ( , , ) s t u remains unchanged, so its

transferred Cartesian coordinates can be calculated as:

3 , , , ,m ,n

0 0 0

(3)

,( ), ,m( ), ,n( )

B s B t B u are Bernstein polynomials of l, m and n

degree By using this equation, when the coordinates of the

encryption lattice control points are modified, the Cartesian

coordinates of the sketch control points are changed which

means they are encrypted as shown in Fig.3(b)

The decryption can be achieved by using equation (4), which

means when the encryption control lattice is deformed back to

the original shape The encrypted model in it will be deformed

to its initial shape as well

3 , , , ,m ,n

0 0 0

(4) The encryption key of 3D sketch control points is the set of

encryption lattice control points after the deformation:

^ , , ' | [1,2, , ], [1,2, , ], [1,2, , ]`

encyption i j k

(5)

The decryption key is the set of encryption lattice control

points with initial coordinates:

^ , , | [1,2, , ], [1,2, , ], [1,2, , ]`

decyption i j k

(6)

Likewise, the 2D sketch control points encryption can be

implemented by using equation:

2 , , ,m

0 0

(7) The decryption calculation is:

2 , , ,m

0 0

( ) ( )

(8) The encryption and decryption key is shown as equation (9) and (10) respectively:

2 ' |, [1,2, , ], [1,2, , ]

(9)

2 , , | [1,2, , ], [1,2, , ]

decyption D i j k

(10)

Fig.3 encryption of 3D sketch: (a) original sketch; (b) encrypted sketch

3.2 Peer to Peer FBDE

The goal of FBDE is to ensure that the target CAD models obtained by exchange include design intent such as design history, design constraints, design parameters and features Hence, what we exchange is the feature modeling procedure

In a certain collaborative design environment, co-designers use limited kinds of CAD systems, such as UG, Pro/E or Catia In this situation, a direct FBDE method from one kind

of system to another is more purposeful and flexible than the traditional centralized FBDE methods which heavily rely on the neutral files If we look one kind of CAD system as a peer

in collaborative design, the direct FBDE can be called as the peer to peer (P2P) FBDE The overview architecture of the P2P FBDE is shown in Fig.4 The method of service oriented P2P FBDE was proposed in our previous research [24]

Fig.4 architecture of P2P FBDE

Fig.5 architecture of the service-oriented secure FBDE

3.3 Architecture for service-oriented secure FBDE

The proposed architecture of the service-oriented secure

FBDE is shown in Fig.5 The service-oriented secure FBDE is

the combination of FBDE services and the security service

An access control mechanism should be adopted to make

sure the only the collaborative partners in cloud could require

the FBDE or security services

The security service contains an access control mechanism

to authorize the service to legitimate users, the encryption and

decryption service The model encryption and decryption

method has been introduced in section 3.1 When designers

need to protect the sensitive part of a sharing model, the

security service is called to encrypt the model first Then the

encrypted model will be sent to other designers for

collaborative deign The decryption service is provided to

decrypt the model for certain users

The FBDE service is divided into Pre- and Post- FBDE

service based on the function developed in source or target

system The pre-P2P service deals with the FBDE procedure

only related to the source CAD system and the post-P2P

service deals with the procedure related to the target CAD

system It makes the P2P FBDE more feasible and flexible for

each FBDE service provider Because the pre- or post- service

is related to one certain CAD system, it is more convenient

and easy for providers to provide the service than to provide

the whole procedure of a P2P FBDE service

3.4 Access and privilege control mechanism

To make sure the secure FBDE service is provided to

trusted collaborative partners in CBDM and to guarantee the

encryption and decryption of the sharing model is obtained by

legitimate users according to the model owner’s willing, a

two-level access control mechanism is adopted

As shown in Fig.5, the first level of access control is to

recognize the trusted collaborative partners who have the

authority to require the related services The authorization is

managed by cloud manager with a trust list of partners in

cloud After the collaborative partners log in the cloud, the

authorization can be achieved by distinguishing the trusted

partners according to their user ID or user name The services

will not provide to users who do not offer their user name/ID (do not log in) or whose user name/ID is not on the trusted list

The second level of access control aims at the security service To prevent the sensitive model information leakage from cloud, the access of decryption service should not only based on legitimate users but also with the consideration of specific model file and validity period

By using this mechanism, co-designers who needs and allowed to see or modified the original shape of the sensitive model part could decrypt the model while preventing others requiring the decryption service

3.5 Process of service oriented secure FBDE

As described in the overview architecture, the service oriented secure FBDE is the combination of FBDE services and model encryption/decryption services When a designer needs to share a model, there are four situations: (1) the model contains sensitive information and is heterogeneous to the target system; (2) the model contains sensitive information and is homogeneous to the target system; (3) the model does not contain sensitive information and is heterogeneous to the target system;(4) the model does not contain sensitive information and is homogeneous to the target system So the process of the secure FBDE is shown in Fig.6

Fig.6 process of the secure FBDE According to the figure, the process can be described as following steps:

(1) Estimate whether the source model contains sensitive information If does, go to step 2; if does not, go to step 3; (2) Require security service to encrypt the sensitive model; (3) Acquire the target system type If the source and target system is heterogeneous, go to step 4; else go to step 5 (4) Require FBDE service to exchange the source model (5) Get the result model for secure information sharing Our model encryption and decryption methods are based on modifying sketch control points as introduced in section 3 In different types of CAD systems, the sketch elements and sketch control points maybe different So, when the encrypted

model needs to be decrypted, it must be recovered to the

original source model type For example, if a CATIA model is

encrypted and exchanged to Solidworks model, when decrypt

the Solidworks model, it should be exchanged back to a

CATIA model to ensure the decryption correctness The

decryption process is shown in Fig 7

As shown in the figure, the decryption process contains

following steps:

(1) Acquire the source model type If the original source

model and the encrypted model are heterogeneous, go to step

2; if they are homogeneous, go to step 3;

(2) Require FBDE service to exchange the encrypted model

to the source model type;

(3) Require the security service to decrypt the model;

(4) Acquire the system type of the target system (user who

needs the decrypted model) If the target system and the

decrypted are heterogeneous, go to step 5; if they are

homogeneous, go to step 6;

(5) Require FBDE service to exchange the decrypted model

to the target system type;

(6) Get the result decrypted model

Fig.7 the decryption process

4 Case Study and Analyses

4.1 Case study

This section tests and demonstrates an experimental case

study of service-oriented secure FBDE application

As a case study, two typical and mainstream CAD systems:

Catia V5R21 and SolidWorks 2014 are discussed We choose

SolidWorks as the source system and implement the security

service to encrypt the case study model and implement a set

of FBDE services to exchange Solidworks models to Catia

models The functions of FBDE and model encryption/

decryption are development by the APIs of CAD systems and

the development environment is VS2008

The experiment is shown in Fig.8 Fig.8(a) shows a

original source model and Fig.8(b) shows the result of data

exchange to the target system by requiring the FBDE service

Assuming the slot in the model contains sensitive design

information, after using the secure FBDE services, the result model for homogeneous system is shown in Fig.8(c) and for heterogeneous systems is shown in Fig.8(d)

Fig.8 A case study for the service-oriented secure FBDE infrastructure: a source model; b target model after FBDE; c encrypted model(homogenous);

d encrypted model(heterogeneous) According to the case study, models after secure FBDE services remain their parametrical information, which means they are still feature-based CAD model after data exchange process, so they can be further edited or modified for other designers in CBDM

4.2 Analyses

4.2.1 Service oriented FBDE

In the proposed FBDE architecture, the FBDE service in cloud is provided by different peers The FBDE service is robust and available even when some exceptions occur in some service providers

The service-oriented FBDE services can be quickly deployed to share heterogeneous CAD models in CBDM because once a customized pair of FBDE service is provided, the FBDE for the two systems can be used by CBDM partners immediately Service-oriented collaborative applications provide cost-effective, flexible and scalable solutions for FBDE in CBDM

4.2.2 Model security method The sensitive part of the model is visibly deformed according to the case study, so the design parameters of the part are properly hidden by the secure FBDE service

The decryption key is set of the lattice control points with initial coordinates They can be set in any place as long as the lattice contains all the sketch control points So the parameters space of the key is large enough to avoid the cracking

What’s more, when using the proposed method, a wrong key can decrypt the model to a certain shape as well In this situation, intruders cannot find out if it is the correct model with the original shape Thereby the reliability of this security protection method is guaranteed

The access control mechanism for the secure FBDE service guarantees the service could be only used by legitimate collaborative users

5 Conclusion and Future Work

The basic purpose of FBDE is offering a better way for

information sharing in CBDM Meanwhile, during the

information sharing, the risks of information leakage occur

So the FBDE and model security issues should be taken as a

whole As the first contribution of this paper, a secure FBDE

solution in CBDM is proposed In the proposed method,

feature-based model are exchanged directly from source

system to the target one with parametrical features

maintained A FFD-based model security method is used to

deform the sensitive part of the model, so the sensitive design

parameters could be hidden during the model sharing

Traditional FBDE and model security process are mainly

function-oriented, which is not suitable for CBDM The

second contribution of this research is to present a

service-oriented secure infrastructure for CBDM In the infrastructure,

FBDE and model security are registered as a whole set of

services for collaborative designers which could provide

cost-effective, flexible and scalable solutions The access and

privilege control mechanism is set to ensure the validated

usage of the secure FBDE service

In the future, the research will continue on the following

directions but not limited: (1) to improve the service-oriented

FBDE for CBDM; (2) to adopt better encryption calculation;

(3) to consider the secure FBDE for assemblies

Acknowledgements

This paper is supported by the National Science Foundation

of China (Grant No 61472289) and Hubei Province Science

Foundation (Grant No 2015CFB254)

References

[1] G Büyüközkan and J Arsenyan, "Collaborative product development: a

literature overview," Production Planning & Control, vol 23, pp 47-66,

2012

[2] Y Zeng and I Horváth, "Fundamentals of next generation CAD/E

systems," Computer-Aided Design, vol 44, pp 875-878, 2012

[3] S Jing, F He, S Han, X Cai, and H Liu, "A method for topological

entity correspondence in a replicated collaborative CAD system,"

Computers in Industry, vol 60, pp 467-475, 2009

[4] Y Zeng, L Wang, X Deng, X Cao, and N Khundker, "Secure

collaboration in global design and supply chain environment: Problem

analysis and literature review," Computers in Industry, vol 63, pp

545-556, 2012

[5] X Cai, F He, W Li, X Li, and Y Wu, "Encryption based partial sharing

of CAD models," Integrated Computer-Aided Engineering

[6] M P Papazoglou, "Service-oriented computing: Concepts, characteristics

and directions," in Web Information Systems Engineering, 2003 WISE

2003 Proceedings of the Fourth International Conference on, 2003, pp

3-12

[7] R W Schulte and Y V Natis, "’Service oriented’architectures, part 1,"

Gartner, SSA Research Note SPA-401-068, 1996

[8] R W Schulte and Y V Natis, "’Service oriented’architectures, part 2,"

Gartner, vol SSA Research Note SPA-401-069, 1996

[9] D Wu, D W Rosen, and D Schaefer, "Cloud-based design and

manufacturing: status and promise," in Cloud-Based Design and

Manufacturing (CBDM), ed: Springer, 2014, pp 1-24

[10] E Newcomer and G Lomow, Understanding SOA with Web services: Addison-Wesley, 2005

[11] M Endrei, J Ang, A Arsanjani, S Chua, P Comte, P Krogdahl, et al., Patterns: service-oriented architecture and web services: IBM Corporation, International Technical Support Organization, 2004 [12] D Bogatin, "Google CEO's new paradigm:'cloud computing and advertising go hand-in-hand'," ZDNet Aug, vol 23, 2006

[13] P Mell and T Grance, "Draft NIST working definition of cloud computing," Referenced on June 3rd, vol 15, 2009

[14] D Wu, M J Greer, D W Rosen, and D Schaefer, "Cloud manufacturing: Strategic vision and state-of-the-art," J Manuf Syst Available at: http://www sciencedirect com/science/article/pii S, 2013 [15] O F Valilai and M Houshmand, "A Manufacturing Ontology Model to Enable Data Integration Services in Cloud Manufacturing using Axiomatic Design Theory," in Cloud-Based Design and Manufacturing (CBDM), ed: Springer, 2014, pp 179-206

[16] J Lane Thames, "Distributed, Collaborative and Automated Cybersecurity Infrastructures for Cloud-Based Design and Manufacturing Systems," pp 207-229, 2014

[17] F He and S Han, "A method and tool for human–human interaction and instant collaboration in CSCW-based CAD," Computers in Industry, vol

57, pp 740-751, 2006

[18] Y Cheng, F Z He, and D J Zhang, "To Support Human-Human Interaction in Collaborative Feature-based CAD Systems," presented at the 2014 International Conference on Human-Centered Computing (HCC 2014), Cambodia, 2014

[19] Y Li, C Liu, J X Gao, and W Shen, "An integrated feature-based dynamic control system for on-line machining, inspection and monitoring," Integrated Computer-Aided Engineering, vol 22, pp

187-200, 2015

[20] Y Li, X Liu, J X Gao, and P G Maropoulos, "A dynamic feature information model for integrated manufacturing planning and optimization," CIRP Annals-Manufacturing Technology, vol 61, pp

167-170, 2012

[21] D Zhang, F He, S Han, and X Li, "Quantitative optimization of interoperability during feature-based data exchange," Integrated Computer-Aided Engineering, vol 23, pp 31-50, 2015

[22] X Li, F He, X Cai, and D Zhang, "CAD data exchange based on the recovery of feature modelling procedure," International Journal of Computer Integrated Manufacturing, vol 25, pp 874-887, 2012 [23] X Li, F He, X Cai, D Zhang, and Y Chen, "A method for topological entity matching in the integration of heterogeneous cad systems," Integrated Computer-Aided Engineering, vol 20, pp 15-30, 2013 [24] Y Wu, F He, D Zhang, and X Li, "Service-Oriented Feature-Based Data Exchange for Cloud-Based Design and Manufacturing." IEEE Transactions on Services Computing [J] In press, DOI: 10.1109/TSC.2015.2501981, 2015

[25] C XT, H FZ, L WD, and L XX, "Customized Encryption of CAD Models for Collaboration in Cloud Manufacturing Environment," ASME Transactions Journal of Manufacturing Science and Engineering, vol 137,

pp 040905-1 -040905-10, 2015

[26] S Hauck and S Knol, "Data security for Web-based CAD," in Proceedings of the 35th annual design automation conference, 1998, pp 788-793

[27] Y Cui and J Feng, "GPU-based smooth free-form deformation with sharp feature awareness," Computer Aided Geometric Design, 2015 [28] Y Cui and J Feng, "Real-time B-spline Free-Form Deformation via GPU acceleration," Computers & Graphics, vol 37, pp 1-11, 2013 [29] T W Sederberg and S R Parry, "Free-form deformation of solid geometric models," in ACM SIGGRAPH computer graphics, 1986, pp 151-160