Revisiting the Feasibility of Public Key Cryptography in Light of IIoT Communications

Digital certificates are regarded as the most secure and scalable way of implementing authentication services in the Internet today. They are used by most popular security protocols, including Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). The lifecycle management of digital certificates relies on centralized Certification Authority (CA)-based Public Key Infrastructures (PKIs). However, the implementation of PKIs and certificate lifecycle management procedures in Industrial Internet of Things (IIoT) environments presents some challenges, mainly due to the high resource consumption that they imply and the lack of trust in the centralized CAs. This paper identifies and describes the main challenges to implement certificate-based public key cryptography in IIoT environments and it surveys the alternative approaches proposed so far in the literature to address these challenges. Most proposals rely on the introduction of a Trusted Third Party to aid the IIoT devices in tasks that exceed their capacity. The proposed alternatives are complementary and their application depends on the specific challenge to solve, the application scenario, and the capacities of the involved IIoT devices. This paper revisits all these alternatives in light of industrial communication models, identifying their strengths and weaknesses, and providing an in-depth comparative analysis.This work was financially supported by the European commission through ECSEL-JU 2018 program under the COMP4DRONES project (grant agreement N∘ 826610), with national financing from France, Spain, Italy, Netherlands, Austria, Czech, Belgium and Latvia. It was also partially supported by the Ayudas Cervera para Centros Tecnológicos grant of the Spanish Centre for the Development of Industrial Technology (CDTI) under the project EGIDA (CER-20191012), and in part by the Department of Economic Development and Competitiveness of the Basque Government through the project TRUSTIND—Creating Trust in the Industrial Digital Transformation (KK-2020/00054)

New Innovations in eIDAS-compliant Trust Services: Blockchain

Los avances tecnológicos van a pasos agigantados, con ellos marcan nuevas tendencias que emergen para dominar el mercado, productos que antes era novedosos y que ahora deben adaptarse para seguir siendo competitivos. Por ello, el equipo compuesto por 3 estudiantes de la FIB ¿ UPC (Arthur Bernal, Marc Méndez y Xiaolei Lin) y dirigido por el profesor y director Francisco Jordan proponen en este proyecto nuevas tecnologías innovadoras que marcará el futuro tecnológico e incorporarlo en el producto TrustedX. Este proyecto se dividirá en dos partes, la primera que es la parte comuna es realizada por todos los integrantes del equipo y la segunda, la parte individual la realiza solo el autor de esta tesis. La parte comuna se basa en expandir e incorporar los componentes necesarios en el producto TrustedX on-premise para que pueda funcionar como TrustedX as a Service (TXaaS) y un sistema multi-tenant. Este nuevo producto tendrá la capacidad de cumplir los Reglamentos de eIDAS para ofrecer firmas digitales en el Cloud y tener la misma validez que las firmas notariales manuscritas. La parte individual consiste en crear un prototipo de archivado basado en timestamp utilizando la tecnología Blockchain e integrarlo en TXaaS. Para ello, se estudia el funcionamiento de esta tecnología y las diferentes opciones disponibles en el mercado. Además, se diseña e implementa todos los componentes requeridos para cumplir el objetivo.Technologies advance in leaps and bounds, they mark new trends that emerge to dominate the market, products that were previously novel and nowadays that must be adapted to remain competitive. For this reason, the team, that is made up of 3 students from the FIB - UPC (Arthur Bernal, Marc Méndez and Xiaolei Lin) and is led by the professor and director Francisco Jordan, proposes in this project new innovative technologies that will mark the technology of future and incorporate it into the TrustedX product. This project will be divided into two parts. The first consists of the communal part, which is carried out by all team members and the second, is the individual part that is realized only by the author of this thesis. The common part is based on expanding and incorporating all necessary components in the TrustedX on-premise product in order that it can function as TrustedX as a Service (TXaaS) and a multi-tenant system. This new product will have the ability to comply with eIDAS Regulation to offer digital signatures in the Cloud and have the same validity as the handwritten notarial signatures. The individual part consists of creating a timestamp-based archiving prototype by using Blockchain technology and, integrating it into TXaaS. To fulfill with this, the operation of this technology and the different available options in the market are studied. In addition, all components which are required will be designed and implemented in order to rach with the objective

Blockchain and certificate authority cryptography for an asynchronous on-line public notary system

The true innovation behind the Bitcoin protocol is blockchain technology. Blockchain is the underlying distributed database and encryption technology that enables trustless transactions that can be verified, monitored, and enforced without a central institution. This master’s report presents the core concepts behind blockchain that are concerned with carrying instructions for storage, sharing of non-financial data, including an examination of the byzantine fault tolerant cryptography model. A literature review describes the types of blockchains, nodes, proof of work, disadvantages, and risks and provides a survey of future applications related to state government records, such as birth certificates, automobile registrations, land deeds, and voting. This review will answer the question: Is it possible for a state government to use blockchain employing trusted nodes given that the nature of blockchain is that of a distributed network of peers accompanied by a public ledger without a central authority? Finally, the requirements for a specific application case study will be defined and developed. The desired application will be a smart contract to invoke a statutory durable power of attorney using blockchain technology for oneself in case of incapacitation while still living.Electrical and Computer Engineerin

Blockchain-Based Services Implemented in a Microservices Architecture Using a Trusted Platform Module Applied to Electric Vehicle Charging Stations

Microservice architectures exploit container-based virtualized services, which rarely use hardware-based cryptography. A trusted platform module (TPM) offers a hardware root for trust in services that makes use of cryptographic operations. The virtualization of this hardware module offers high usability for other types of service that require TPM functionalities. This paper proposes the design of TPM virtualization in a container. To ensure integrity, different mechanisms, such as attestation and sealing, have been developed for the binaries and libraries stored in the container volumes. Through a REST API, the container offers the functionalities of a TPM, such as key generation and signing. To prevent unauthorized access to the container, this article proposes an authentication mechanism based on tokens issued by the Cognito Amazon Web Service. As a proof of concept and applicability in industry, a use case for electric vehicle charging stations using a microservice-based architecture is proposed. Using the EOS.IO blockchain to maintain a copy of the data, the virtualized TPM microservice provides the cryptographic operations necessary for blockchain transactions. Through a two-factor authentication mechanism, users can access the data. This scenario shows the potential of using blockchain technologies in microservice-based architectures, where microservices such as the virtualized TPM fill a security gap in these architectures.Infineon TechnologiesProgram “Digitalisierung der EnergiewendeBundesministeriums für Wirtschaft und EnergieTrusted Blockchains fur das offene, intelligente Energienetz der Zukunft (tbiEnergy)FKZ 03EI6029DEuropean Health and Digital Executive Agency (HaDEA) program under Grant Agreement No 101092950 (EDGELESS project)FEDER/Junta de Andalucia-Consejeria de Transformacion Economica, Industria, Conocimiento y Universidades under Project B-TIC-588-UGR20