Privacy-Aware and Secure Decentralized Air Quality Monitoring

Indoor Air Quality monitoring is a major asset to improving quality of life and building management. Today, the evolution of embedded technologies allows the implementation of such monitoring on the edge of the network. However, several concerns need to be addressed related to data security and privacy, routing and sink placement optimization, protection from external monitoring, and distributed data mining. In this paper, we describe an integrated framework that features distributed storage, blockchain-based Role-based Access Control, onion routing, routing and sink placement optimization, and distributed data mining to answer these concerns. We describe the organization of our contribution and show its relevance with simulations and experiments over a set of use cases

LCHAIN: A Secure Log Storage Mechanism using IPFS and Blockchain Technology

Data security is a very important and crucial part of Cloud storage. Day by day, thousands of operations function over the Cloud, verify logs generated from all transactions is very difficult. The attacker may temper or remove targeted logs or attack traces on the system with stealthy techniques. It is required to maintain the security of the log to trace back all the transactions to identify such tempering and loss of logs. Temper-proof log storage is a challenging issue on the Cloud. To overcome the issue, we propose strong and secure log storage using Blockchain technology and IPFS. Detecting log tempering and tracing is challenging due to large log volumes. We recommend the usage of Blockchain technology due to its inherent feature of immutability to address the issue of log tempering. We present LChain which provides immutable storage of logs with tracing. Blockchain technology helps yp create immutable logs but also offers non-repudiation and scalability. Smart contracts are used for efficient searching and enhancing computational power

Blockchain architecture and its applications in a bank risk mitigation framework

This study proposes a simple two-period model to consider consumers’ borrowing behaviour in a decentralised consensus and information distribution platform. Based on this model, we develop a bank risk mitigation framework and find that decentralised digital identity and encryption technology are the most important factors for attaining market equilibrium between decentralised consensus and information distribution. Specifically, the greater the scope of digital identity construction and the more blockchain consensus records there are, the less likely the borrower will default. Our study provides meaningful practical implications for bankers and policy regulators to help them better understand consumers’ borrowing behaviour and decisions to default

СИСТЕМА РОЗПОДІЛЕНОГО ЗАХИЩЕНОГО ЗБЕРІГАННЯ ДАНИХ

Introduction. The main goal of cyber security is to ensure the safety of users and their data. Usually, cyber attacks are aimed at damaging important data in corporate and personal networks or gaining access to them. Such attacks can be carried out by both individuals and entire organisations. Rather than driving the design of resilient networks, cyber security requirements often lead to the addition of security controls to existing system architectures, but it is usually impossible to prevent an attacker from penetrating a target's system. Therefore, data backup technology and increasing stability of the system in the event of attacks come first. Decentralised file storage systems can serve as one such solution that enables immediate data recovery. They are attractive and common solutions for managing large and complex systems such as power plants, robotics, water networks, wireless sensor networks, traffic management, etc.The purpose of the work is to develop a structural diagram of the distributed secure data storage system and its main components.Methods. During the research and development of distributed protected data storage systems, methods of modular arithmetic, methods of detecting and correcting errors in the redundant residue number system, evaluation and comparison of system indicators were used, which made it possible to implement a systematic approach to assessing the stability of the developed system. The general principles of system construction make it possible to determine its components and effectively combine them. Results. One of the methods of building distributed systems can be considered the use of the redundant residue number system. Due to the division of files into blocks – remnants and their storage in distributed storage, data encryption and the possibility of recovery in case of loss are achieved.Conclusion. The paper presents the structure of distributed protected data storage systems. Block diagrams of modules, as well as component algorithms, have been developed. A method of restoring damaged files when a part of the remnant file is distorted is proposed. For the proposed method, the dependence of the error correction probability on the number of errors, taking into account the number of damaged residual files, was calculated. An example of restoring a damaged file when three errors occur in two residual files is given.Проблема. Основною метою кібербезпеки є гарантувати безпеку користувачів та їх даних. Зазвичай кібератаки спрямовані на пошкодження важливих даних у корпоративній і персональній мережі або отримання доступу до них. Такі атаки можуть здійснювати як окремими особами, так і цілими організаціями. Вимоги кібербезпеки часто замість того, щоб стимулювати проектування стійких мереж, призводять до додавання засобів контролю безпеки до архітектури існуючої системи, проте зазвичай неможливо перешкодити зловмиснику, який має намір проникнути в систему цілі. Тому на перше місце виходять технології резервного копіювання даних та збільшення стійкості систем у випадку атак. Одним із таких рішень, що дає можливість негайного відновлення даних, можуть слугувати децентралізовані системи зберігання файлів. Вони є привабливим та поширеним рішенням для керування великими та складними системами, такими як енергетичні підприємства, робототехніка, водопровідні мережі, бездротові сенсорні мережі, керування трафіком тощо.Метою роботи є розробка структурної схеми системи розподіленого захищеного зберігання даних та основних її компонентів.Методи. При дослідженні та розробці системи розподіленого захищеного зберігання даних використано методи модулярної арифметики, методи виявлення та виправлення помилок в системі залишкових класів, оцінювання та порівняння показників систем, що дало змогу реалізувати системний підхід до оцінки стійкості розроблюваної системи. Загальні принципи побудови системи дають можливість визначити її компоненти та ефективно їх поєднати.Результати дослідження. Одним із методів побудови розподілених систем можна вважати систему залишкових класів. Завдяки розділенню файлів на блоки - залишки та збереженню їх в розподілені сховища досягається шифрування даних та можливість відновлення у випадку втрати.Висновки. В роботі представлено структуру системи розподіленого захищеного зберігання даних. Розроблено блок-схеми модулів, а також алгоритми компонент. Запропоновано метод відновлення пошкоджених файлів при спотворенні частини файлів залишків. Для запропонованого методу розраховано залежність ймовірності виправлення помилок від кількості помилок із врахуванням кількості пошкоджених файлів залишків. Наведено приклад відновлення пошкодженого файлу при виникненні трьох помилок у двох файлах залишків

Achieving cybersecurity in blockchain-based systems: a survey

With The Increase In Connectivity, The Popularization Of Cloud Services, And The Rise Of The Internet Of Things (Iot), Decentralized Approaches For Trust Management Are Gaining Momentum. Since Blockchain Technologies Provide A Distributed Ledger, They Are Receiving Massive Attention From The Research Community In Different Application Fields. However, This Technology Does Not Provide With Cybersecurity By Itself. Thus, This Survey Aims To Provide With A Comprehensive Review Of Techniques And Elements That Have Been Proposed To Achieve Cybersecurity In Blockchain-Based Systems. The Analysis Is Intended To Target Area Researchers, Cybersecurity Specialists And Blockchain Developers. For This Purpose, We Analyze 272 Papers From 2013 To 2020 And 128 Industrial Applications. We Summarize The Lessons Learned And Identify Several Matters To Foster Further Research In This AreaThis work has been partially funded by MINECO, Spain grantsTIN2016-79095-C2-2-R (SMOG-DEV) and PID2019-111429RB-C21 (ODIO-COW); by CAM, Spain grants S2013/ICE-3095 (CIBERDINE),P2018/TCS-4566 (CYNAMON), co-funded by European Structural Funds (ESF and FEDER); by UC3M-CAM grant CAVTIONS-CM-UC3M; by the Excellence Program for University Researchers, Spain; and by Consejo Superior de Investigaciones Científicas (CSIC), Spain under the project LINKA20216 (“Advancing in cybersecurity technologies”, i-LINK+ program)

On the continuous contract verification using blockchain and real-time data

Supply chains play today a crucial role in the success of a company's logistics. In the last years, multiple investigations focus on incorporating new technologies to the supply chains, being Internet of Things (IoT) and blockchain two of the most recent and popular technologies applied. However, their usage has currently considerable challenges, such as transactions performance, scalability, and near real-time contract verification. In this paper we propose a model for continuous verification of contracts in supply chains using the benefits of blockchain technology and real-time data acquisition from IoT devices for early decision-making. We propose two platform independent optimization techniques (atomic transactions and grouped validation) that enhances data transactions protocol and the data storage procedure and a method for continuous verification of contracts, which allows to take corrective actions to reduce ¿This work has been partially supported by the project “CABAHLA-CM: Convergencia Big data-Hpc: de los sensores a las Aplicaciones” S2018/TCS-4423 from Madrid Regional Government and by the Spanish Ministry of Science and Innovation Project “New Data Intensive Computing Methods for High-End and Edge Computing Platforms (DECIDE)”. Ref. PID2019-107858GB-I00

Viiteraamistik turvariskide haldamiseks plokiahela abil

Turvalise tarkvara loomiseks on olemas erinevad programmid (nt OWASP), ohumudelid (nt STRIDE), turvariskide juhtimise mudelid (nt ISSRM) ja eeskirjad (nt GDPR). Turvaohud aga arenevad pidevalt, sest traditsiooniline tehnoloogiline infrastruktuur ei rakenda turvameetmeid kavandatult. Blockchain näib leevendavat traditsiooniliste rakenduste turvaohte. Kuigi plokiahelapõhiseid rakendusi peetakse vähem haavatavateks, ei saanud need erinevate turvaohtude eest kaitsmise hõbekuuliks. Lisaks areneb plokiahela domeen pidevalt, pakkudes uusi tehnikaid ja sageli vahetatavaid disainikontseptsioone, mille tulemuseks on kontseptuaalne ebaselgus ja segadus turvaohtude tõhusal käsitlemisel. Üldiselt käsitleme traditsiooniliste rakenduste TJ-e probleemi, kasutades vastumeetmena plokiahelat ja plokiahelapõhiste rakenduste TJ-t. Alustuseks uurime, kuidas plokiahel leevendab traditsiooniliste rakenduste turvaohte, ja tulemuseks on plokiahelapõhine võrdlusmudel (PV), mis järgib TJ-e domeenimudelit. Järgmisena esitleme PV-it kontseptualiseerimisega alusontoloogiana kõrgema taseme võrdlusontoloogiat (ULRO). Pakume ULRO kahte eksemplari. Esimene eksemplar sisaldab Cordat, kui lubatud plokiahelat ja finantsjuhtumit. Teine eksemplar sisaldab lubadeta plokiahelate komponente ja tervishoiu juhtumit. Mõlemad ontoloogiaesitlused aitavad traditsiooniliste ja plokiahelapõhiste rakenduste TJ-es. Lisaks koostasime veebipõhise ontoloogia parsimise tööriista OwlParser. Kaastööde tulemusel loodi ontoloogiapõhine turberaamistik turvariskide haldamiseks plokiahela abil. Raamistik on dünaamiline, toetab TJ-e iteratiivset protsessi ja potentsiaalselt vähendab traditsiooniliste ja plokiahelapõhiste rakenduste turbeohte.Various programs (e.g., OWASP), threat models (e.g., STRIDE), security risk management models (e.g., ISSRM), and regulations (e.g., GDPR) exist to communicate and reduce the security threats to build secure software. However, security threats continuously evolve because the traditional technology infrastructure does not implement security measures by design. Blockchain is appearing to mitigate traditional applications’ security threats. Although blockchain-based applications are considered less vulnerable, they did not become the silver bullet for securing against different security threats. Moreover, the blockchain domain is constantly evolving, providing new techniques and often interchangeable design concepts, resulting in conceptual ambiguity and confusion in treating security threats effectively. Overall, we address the problem of traditional applications’ SRM using blockchain as a countermeasure and the SRM of blockchain-based applications. We start by surveying how blockchain mitigates the security threats of traditional applications, and the outcome is a blockchain-based reference model (BbRM) that adheres to the SRM domain model. Next, we present an upper-level reference ontology (ULRO) as a foundation ontology and provide two instantiations of the ULRO. The first instantiation includes Corda as a permissioned blockchain and the financial case. The second instantiation includes the permissionless blockchain components and the healthcare case. Both ontology representations help in the SRM of traditional and blockchain-based applications. Furthermore, we built a web-based ontology parsing tool, OwlParser. Contributions resulted in an ontology-based security reference framework for managing security risks using blockchain. The framework is dynamic, supports the iterative process of SRM, and potentially lessens the security threats of traditional and blockchain-based applications.https://www.ester.ee/record=b551352

Cybersecurity applications of Blockchain technologies

With the increase in connectivity, the popularization of cloud services, and the rise of the Internet of Things (IoT), decentralized approaches for trust management are gaining momentum. Since blockchain technologies provide a distributed ledger, they are receiving massive attention from the research community in different application fields. However, this technology does not provide cybersecurity by itself. Thus, this thesis first aims to provide a comprehensive review of techniques and elements that have been proposed to achieve cybersecurity in blockchain-based systems. The analysis is intended to target area researchers, cybersecurity specialists and blockchain developers. We present a series of lessons learned as well. One of them is the rise of Ethereum as one of the most used technologies. Furthermore, some intrinsic characteristics of the blockchain, like permanent availability and immutability made it interesting for other ends, namely as covert channels and malicious purposes. On the one hand, the use of blockchains by malwares has not been characterized yet. Therefore, this thesis also analyzes the current state of the art in this area. One of the lessons learned is that covert communications have received little attention. On the other hand, although previous works have analyzed the feasibility of covert channels in a particular blockchain technology called Bitcoin, no previous work has explored the use of Ethereum to establish a covert channel considering all transaction fields and smart contracts. To foster further defence-oriented research, two novel mechanisms are presented on this thesis. First, Zephyrus takes advantage of all Ethereum fields and smartcontract bytecode. Second, Smart-Zephyrus is built to complement Zephyrus by leveraging smart contracts written in Solidity. We also assess the mechanisms feasibility and cost. Our experiments show that Zephyrus, in the best case, can embed 40 Kbits in 0.57 s. for US$1.64, and retrieve them in 2.8 s. Smart-Zephyrus, however, is able to hide a 4 Kb secret in 41 s. While being expensive (around US$ 1.82 per bit), the provided stealthiness might be worth the price for attackers. Furthermore, these two mechanisms can be combined to increase capacity and reduce costs.Debido al aumento de la conectividad, la popularización de los servicios en la nube y el auge del Internet de las cosas (IoT), los enfoques descentralizados para la gestión de la confianza están cobrando impulso. Dado que las tecnologías de cadena de bloques (blockchain) proporcionan un archivo distribuido, están recibiendo una atención masiva por parte de la comunidad investigadora en diferentes campos de aplicación. Sin embargo, esta tecnología no proporciona ciberseguridad por sí misma. Por lo tanto, esta tesis tiene como primer objetivo proporcionar una revisión exhaustiva de las técnicas y elementos que se han propuesto para lograr la ciberseguridad en los sistemas basados en blockchain. Este análisis está dirigido a investigadores del área, especialistas en ciberseguridad y desarrolladores de blockchain. A su vez, se presentan una serie de lecciones aprendidas, siendo una de ellas el auge de Ethereum como una de las tecnologías más utilizadas. Asimismo, algunas características intrínsecas de la blockchain, como la disponibilidad permanente y la inmutabilidad, la hacen interesante para otros fines, concretamente como canal encubierto y con fines maliciosos. Por una parte, aún no se ha caracterizado el uso de la blockchain por parte de malwares. Por ello, esta tesis también analiza el actual estado del arte en este ámbito. Una de las lecciones aprendidas al analizar los datos es que las comunicaciones encubiertas han recibido poca atención. Por otro lado, aunque trabajos anteriores han analizado la viabilidad de los canales encubiertos en una tecnología blockchain concreta llamada Bitcoin, ningún trabajo anterior ha explorado el uso de Ethereum para establecer un canal encubierto considerando todos los campos de transacción y contratos inteligentes. Con el objetivo de fomentar una mayor investigación orientada a la defensa, en esta tesis se presentan dos mecanismos novedosos. En primer lugar, Zephyrus aprovecha todos los campos de Ethereum y el bytecode de los contratos inteligentes. En segundo lugar, Smart-Zephyrus complementa Zephyrus aprovechando los contratos inteligentes escritos en Solidity. Se evalúa, también, la viabilidad y el coste de ambos mecanismos. Los resultados muestran que Zephyrus, en el mejor de los casos, puede ocultar 40 Kbits en 0,57 s. por 1,64 US$, y recuperarlos en 2,8 s. Smart-Zephyrus, por su parte, es capaz de ocultar un secreto de 4 Kb en 41 s. Si bien es cierto que es caro (alrededor de 1,82 dólares por bit), el sigilo proporcionado podría valer la pena para los atacantes. Además, estos dos mecanismos pueden combinarse para aumentar la capacidad y reducir los costesPrograma de Doctorado en Ciencia y Tecnología Informática por la Universidad Carlos III de MadridPresidente: José Manuel Estévez Tapiador.- Secretario: Jorge Blasco Alís.- Vocal: Luis Hernández Encina