This document highlights the importance of quality assurance in ICT standardization, emphasizing various aspects such as testing, validation, and certification. It discusses the roles of different stakeholders and the need for harmonization of technologies to enhance trustworthiness, while also referencing past successes in mobile communication as models for future technologies like IoT and AI. The DOSS project's focus on secure supply chain methodologies is presented as a significant initiative in this field.

1. The importance of Quality Assurance
for ICT Standardization
Axel Rennoch & Martin Schneider
Fraunhofer FOKUS Institute for Open Communication Systems
QRS/STV’24, Cambridge (UK), July 4th, 2024
©
Betty
Images

2. QRS/STV Cambridge (UK), July 4th, 2024 © Fraunhofer FOKUS
Page 2
Annual research budget of roughly 3.4 billion euros,
3.0 billion euros of which is designated as contract research
▪ Around two thirds of the Fraunhofer-Gesellschaft’s contract
research revenue is derived from contracts with industry and
from publicly financed research projects
▪ Around one third is contributed by the German federal and
state governments in form of base funding
The Fraunhofer-Gesellschaft
32.000
Employees
76
Institutes and research units

3. © Fraunhofer FOKUS
Page 3
Fields of application and strategic topics of FOKUS
QRS/STV Cambridge (UK), July 4th, 2024
Fields Of Application
Artificial Intelligence Quantum Computing Sustainability
″Digitale Vernetzung″ Digital Life Digital Governance Security/Certification
Strategic Topics

4. Agenda
1. Quality Assurance
▪ What is Quality?
▪ Activities
2. ICT Standardization
▪ Domains
▪ Gaps
3. Selected Samples
▪ DOSS project
4. Summary & Conclusions
QRS/STV Cambridge (UK), July 4th, 2024 © Fraunhofer FOKUS
Page 4

5. —
Quality Assurance
Page 5 QRS/STV Cambridge (UK), July 4th, 2024 © Fraunhofer FOKUS

6. What is Quality?
We all have a feeling about quality
Quality is difficult to define
Many views on quality
QRS/STV Cambridge (UK), July 4th, 2024 © Fraunhofer FOKUS
Page 6

7. Total Quality Management (1985)
• W. Edwards Deming (creates TQM):
Quality is defined in terms of customers satisfaction
• Total Quality Management (TQM) can be defined as
directing the whole production process
to produce an excellent (quality) product or service (1985)
Customers satisfaction
QRS/STV Cambridge (UK), July 4th, 2024 © Fraunhofer FOKUS
Page 7

8. Quality according to ISO
QRS/STV Cambridge (UK), July 4th, 2024 © Fraunhofer FOKUS
Page 8
ISO 9126 (1991)
• The degree to which a software product satisfies stated and implied
needs when used under specified conditions
Fit for purpose
ISO 25010 (2011)
• The set of attributes of a software product that bear on its ability to
satisfy stated or implied needs
Conformance to specification
ISO Quality Model based on McCall and Boehm

9. Quality Assurance activities
1. Framework/model for the evaluation of software product quality
• ISO/IEC 25000, also known as
SQuaRE (System and Software Quality Requirements and Evaluation)
2. Well-defined Requirement catalogues
3. Harmonized Conformance Test procedures
4. Detailed Test specifications & implementation
5. Maturity model and guidance for a maturity assessment, e.g.
• ISO/IEC CD 30186 Digital twin
6. Best practices for use case projects, e.g.
• ISO/IEC TR 30194 Internet of Things (IoT) and Digital Twin
QRS/STV Cambridge (UK), July 4th, 2024 © Fraunhofer FOKUS
Page 9

10. —
ICT Standardization
Page 10 QRS/STV Cambridge (UK), July 4th, 2024 © Fraunhofer FOKUS

11. ICT
Sensors and
actuators,
(Internet of
Things)
Information and
communication
networks
(WiFi, 5G, Tetra,
Starlink, …)
Data and
computing
centers
(Microsoft,
AWS, Meta, …)
End devices
(computer,
laptops,
handhelds)
Smart devices
(smart phones,
smart cars, smart
buildings, …)
Page 11 QRS/STV Cambridge (UK), July 4th, 2024 © Fraunhofer FOKUS

12. ICT energy consumption
Belkhir, Lotfi, and Ahmed Elmeligi. "Assessing ICT global
emissions footprint: Trends to 2040 & recommendations." Journal
of cleaner production 177 (2018): 448-463.
Page 12 QRS/STV Cambridge (UK), July 4th, 2024 © Fraunhofer FOKUS

13. Standardisation Bodies
Standards Developing Organisations (SDOs)
• National, e.g. DIN, BSI, AFNOR
• European, e.g. ETSI, CEN/CENELEC
• International, e.g. ISO/IEC, ITU
Industrial interest groups/associations
• e.g. OMG, oneM2M, IEEE, W3C, IETF, 3GPP
QRS/STV Cambridge (UK), July 4th, 2024 © Fraunhofer FOKUS
Page 13

14. Standardisation Gaps: IoT and Edge Computing
StandICT/EUOS
Standardisation Gap analysis
AIOTI
Landscape reports
QRS/STV Cambridge (UK), July 4th, 2024 © Fraunhofer FOKUS
Page 14

15. #chall Description IEC ETSI 3GPP ISO/IEC CEN/CENELEC IEEE ITU W3C IETF OneM2M #SDO #Specs
2.1.1 Challenges reported in DataPorts: A Data Platform for the Cognitive Ports of the Future 41 2 31 37 1 5 24 7 141
2.1.2 Challenges reported in DEMETER: IoT-based data analysis to improve farming 31 1 4 1 4 37
2.1.3 Challenges reported in IoTAC: Security By Design IoT Development and Certificate Framework with Front-end Access Control 10 5 8 3 1 27 6 54
2.1.4 Challenges reported in IoT-NGIN: Next Generation IoT as part of Next Generation Internet 3 1 3 1 25 6 6 39
2.1.5 Challenges reported in SHAPES: Smart and Healthy Ageing through People Engaging in Supportive Systems 1 2 2 3
2.1.6 Challenges reported in ASSIST-IoT: Architecture for Scalable, Self-*, human-centric, Intelligent, Secure, and Tactile next generation IoT 9 5 3 1 1 2 4 21 1 9 47
2.1.7 Challenges reported in IM-TWIN: from Intrinsic Motivations to Transitional Wearable INtelligent companions for autism spectrum disorder 3 1 2 4
2.1.8 Challenges reported in GATEKEEPER: Smart Living Homes – Whole Interventions Demonstrator For People At Health And Social Risks 1 10 2 3 13
2.1.9 Challenges reported in CHARM: Challenging environments tolerant Smart systems for IoT and AI 22 1 1 1 4 25
2.1.10 Challenges reported in ATLAS: Agricultural Interoperability and Analysis System 1 1 2 2
2.1.11 Challenges reported in TERMINET: nexT gEneRation sMart INterconnectEd ioT 5 3 6 1 4 15
2.1.12 Challenges reported in Hexa-X: A flagship for B5G/6G vision and intelligent fabric of technology enablers connecting human, 3 4 2 4 5 5 18
2.1.13 Challenges reported in InterConnect: Interoperable Solutions Connecting Smart Homes, Buildings and Grids 3 1 3 4 9 5 20
2.1.14 Challenges reported in IntellIoT: Intelligent, distributed, human-centered and trustworthy IoT environments 1 2 1 4 1 5 9
2.2.1 Green machine learning for the IoT 0 0
2.2.2 Software Containers at the Edge 3 1 3
2.2.3 Semantic interoperability of IoT data spaces 41 2 8 20 1 1 2 15 8 9 98
2.2.4 Digital Twins – overall 1 2 2 3
2.2.5 Heterogeneous vocabularies and ontologies in Digital Twins 4 1 4
2.2.6 Quality of metadata in Digital Twins 2 1 2
2.2.7 IoT Swarms 0 0
2.2.8 Digital for Green 1 2 5 8 26 5 42
2.3.1 IoT and Edge Computing Granularity 1 2 2 3
2.3.2 IoT Edge and X-Continuum Paradigm 0 0
2.3.3 Intelligent Connectivity 11 87 2 98
2.3.4 Energy-Efficient Intelligent IoT and Edge Computing Systems 1 1 2 2
2.3.5 Heterogeneous Cognitive Edge IoT Mesh 0 0
2.3.6 IoT Digital Twins, Modelling and Simulation Environments 1 1 2 2
2.3.7 Internet of Things Senses 0 0
2.3.8 Decentralised and Distributed edge IoT Systems 20 3 7 99 4 129
2.3.9 Federated Learning, Artificial Intelligence technologies and learning for edge IoT Systems 2 1 2
2.3.10 Operating Systems and Orchestration Concepts for edge IoT Systems 0 0
2.3.11 Dynamic Programming Tools and Environments for Decentralised and Distributed IoT Systems 1 2 2 3
2.3.12 Heterogeneous Edge IoT Systems Integration 1 7 2 3
2.3.13 Edge IoT sectorial and Cross-Sectorial Open Platforms 3 1 3
2.3.14 IoT Verification, Validation and Testing (VV&T) Methods 17 11 2 16 25 2 6 73
2.3.15 IoT Trustworthiness and Edge Computing Systems Dependability 13 11 3 26 8 5 61
IoT challenges covered/worked out by SDOs
QRS/STV Cambridge (UK), July 4th, 2024 © Fraunhofer FOKUS
Page 15

16. —
Selected samples
Page 16 QRS/STV Cambridge (UK), July 4th, 2024 © Fraunhofer FOKUS

17. EU Project DOSS
Design and Operation
of
Secure IoT Supply
Chain
QRS/STV Cambridge (UK), July 4th, 2024 © Fraunhofer FOKUS
Page 17

18. DOSS Goals
DOSS elaborates a secure-by-design methodology
implements related technology for
complex IoT architectures based on
1. SUPPLY CHAIN MONITORING
2. COMPONENT TESTING
3. ARCHITECTURE MODELLING
QRS/STV Cambridge (UK), July 4th, 2024 © Fraunhofer FOKUS
Page 18

19. The “Device Security Passport” (DSP)
A machine-readable document containing
diverse security related product information
• Existing (probably with extensions) of quasi or de facto standards to be included
• Certificates (if any),
• Software Bill of Material (SBOM),
• Hardware Bill of Material (HBOM),
• Manufacturer Usage Description file (MUD),
• Vulnerability Exploitability eXchange (VEX),
• intended security level of usage scenario (EU CSA type labelling) and
potentially other relevant information.
• Probably using OSCAL (from NIST): the Open Security Controls Assessment Language
QRS/STV Cambridge (UK), July 4th, 2024 © Fraunhofer FOKUS
Page 19

20. Potential ideas for Standardization (NWI)
Submission of results for consideration
1. Technical Specification (TS)
• Security validation methodology for supply trust chains (Component Tester)
2. Technical Specification (TS)
• Specification of a Device Security Passport
3. Technical Specification (TS)
• Integrated IoT supply trust chain concept
4. Technical Report (TR)
• Supply Trust Chain Applications and Assurance
QRS/STV Cambridge (UK), July 4th, 2024 © Fraunhofer FOKUS
Page 20

21. Page 21
—
Summary & Conclusions
QRS/STV Cambridge (UK), July 4th, 2024 © Fraunhofer FOKUS

22. Summary & conclusions
1. Quality Assurance comprises many aspects like testing, validation, certification
2. ICT Standardization
▪ Involves various stakeholders (engineers, testers, certifiers, users, vendors)
▪ Harmonizes technologies/processes and supports trustworthiness
3. ICT Selected Samples
▪ Successful in the past: Mobile communication (GSM -> UMTS -> LTE -> 5G)
▪ Required for future technologies: IoT, Edge and AI
▪ DOSS project focus on secure supply chain
QRS/STV Cambridge (UK), July 4th, 2024 © Fraunhofer FOKUS
Page 22

23. Sources and References
1. ISO/IEC 25000,
also known as SQuaRE (System and Software Quality Requirements and Evaluation)
2. AIOTI report:
https://aioti.eu/wp-content/uploads/2024/01/AIOTI-High-Priority-IoT-Gaps-R3-Final.pdf
3. StandICT publications:
https://www.standict.eu/landscape-analysis-reports
4. DOSS project:
https://dossproject.eu/
5. Jørgen Bøegh: A System View on Quality
(International Standard Conference on Trustworthy Computing and Services, November 28-
29, 2014, High-Tech Mansion BUPT, Beijing, China)
6. Ina Schieferdecker: (Un)Certainties of Environmental Change and AI
(Weizenbaum Conference, June 18, 2024, Weizenbaum Institut, Berlin, Germany)
QRS/STV Cambridge (UK), July 4th, 2024 © Fraunhofer FOKUS
Page 23

24. Contact
—
Project manager
Axel Rennoch
Phone +49 (30) 3463 - 7344
axel.rennoch@fokus.fraunhofer.de
Fraunhofer FOKUS
Institute for Open Communication Systems
Kaiserin-Augusta-Allee 31
10589 Berlin, Germany
info@fokus.fraunhofer.de
www.fokus.fraunhofer.de
Head of Testing
Martin Schneider
Tel. +49 (30) 3463 - 7383
martin.schneider@fokus.fraunhofer.de