A User-centered system with blockchain in the Norwegian healthcare: From a security and privacy perspective

Master's thesis in Cyber security (IS507)With the current Covid-19 pandemic roaming the world, the IT attacks on the healthcare sector has increased five folds from 2019 to 2020. The Norwegian healthcare system is divided into different regions with their own systems respectfully. This fragmentation causes great communication issues between systems and exposes the transmitted data for attacks. To better combat this situation and improve upon the fragmented healthcare systems, a restructure is needed. In this thesis we explore the possibility of using blockchain technology as the foundation of a system that unifies the systems in the Norwegian healthcare sector. We adopt a Design Science Research approach to propose a blockchain-based architecture to solve the problem. Interviews with IT professionals in the Norwegian healthcare sector gave us their opinion about implementing blockchain and how the current systems are structured. Scalability was a common issue that different papers cited. There were multiple proposed solutions for this issue, but none seem practical for implementation today. It continues to be a difficulty and is one of the biggest reasons why we see hesitation in parts of the relevant sectors. Of course, blockchain has its upsides as well. Improved security and privacy with immutable ledgers make the system better suited for an increasingly exposed IT sector. It also provides a stronger availability since the same information is distributed between different nodes which take away the single failure point of regular database systems. The result from our evaluation of our proposed system is that it provides great user experience, increased security and privacy and better availability. Unfortunately, the benefits in these areas compared to the current systems are rather slim. Blockchain also introduces some performance penalty for smaller systems and scalability issues when the system becomes too large (with reference to storage and processing power). The conclusion is that a blockchain based healthcare system is better, but the amount of money and effort required to restructure the current system is too high and the demand for increased security is still too low. A more unified version of the current system could see good results, even without using blockchain

Integration of Hardware Security Modules and Permissioned Blockchain in Industrial IoT Networks

Hardware Security Modules (HSM) serve as a hardware based root of trust that offers physical protection while adding a new security layer in the system architecture. When combined with decentralized access technologies as Blockchain, HSM offers robustness and complete reliability enabling secured end-toend mechanisms for authenticity, authorization and integrity. This work proposes an ef cient integration of HSM and Blockchain technologies focusing on, mainly, public-key cryptography algorithms and standards, that result crucial in order to achieve a successful combination of the mentioned technologies to improve the overall security in Industrial IoT systems. To prove the suitability of the proposal and the interaction of an IoT node and a Blockchain network using HSM a proof of concept is developed. Results of time performance analysis of the prototype reveal how promising the combination of HSMs in Blockchain environments is.Infineon Technologies AGEuropean Union's Horizon 2020 Research and Innovation Program through the Cyber Security 4.0: Protecting the Industrial Internet of Things (C4IIoT) 833828FEDER/Junta de Andalucia-Consejeria de Transformacion Economica, Industria, Conocimiento y Universidades B-TIC-588-UGR2

UTILIZING THE MESSAGING LAYER SECURITY PROTOCOL IN A LOSSY COMMUNICATIONS AERIAL SWARM

Recent advancements in unmanned aerial vehicle (UAV) capabilities have led to increasing research into swarming systems. Tactical employment of UAV swarms, however, will require secure communications. Unfortunately, efforts to date have not resulted in viable secure communications frameworks. Furthermore, the limited processing power and constrained networking environments that characterize these systems preclude the use of many existing secure group communications protocols. Recent research in secure group communications indicates that the Messaging Layer Security (MLS) protocol might provide an attractive option for these types of systems. This thesis documents the integration of MLS into the Advanced Robotic Systems Engineering Laboratory (ARSENL) UAV swarm system. The ARSENL implementation is intended as a proof-of-concept demonstration of the efficacy of MLS for secure swarm communications. Implementation test results are presented both for experiments conducted in a simulation environment and experiments with physical UAVs. These results indicate that MLS is suitable for a swarm, with the caveat that testing did not implement a delivery mechanism to ensure reliable packet delivery. For future work, mitigation of unreliable communications paths is required if a reliable MLS system is to be maintained.Civilian, CyberCorps: Scholarship for ServiceApproved for public release. Distribution is unlimited

Blockchain Application in Information Systems Research

Blockchain is a radical innovation with a core value proposition of shifting trust from institutions towards algorithms. Still, the potential of Blockchains remains vague due to the knowledge gap between computer science and socio-economic activities. Ninety percent of current Blockchain projects did not move from ideas to production-ready prototypes. Researchers and practitioners are searching for the meaningful leveraging of Blockchains for value creation. This dissertation aims to bridge the gap between technical and managerial knowledge of Blockchain that allows successful Blockchain system design and implementation. Therefore, the objective of the project is to identify the scope of Blockchain applications and introduce guidelines to make purposeful decisions of Blockchain implementations. The dissertation project covers four research questions. First, I consolidated knowledge of Blockchain technical configurations through the development of a taxonomy. Second, I considered the design patterns of smart contracts that represent the application logic of Blockchain systems. Third, I offered guidance for transforming initial conceptions of Blockchain ideas into working system prototypes by introducing a Blockchain configuration process model. Fourth, I investigated the common factors of Blockchain decisions to evaluate Blockchain implementations in the form of the framework. I employed a Design Science Research approach to developing four artefacts. The first three artefacts consider technical, application, and organizational aspects of Blockchain. The synergy reflects in the fourth, combinational artefact, which employs the high-level factors of Blockchain decisions. During the project, I have investigated the scientific and business studies, run Blockchain-based applications, conduct interviews, and evaluate the findings on Blockchain projects. The dissertation project contributes to research by bridging knowledge gaps between computer science and socio-economic research on a Blockchain that provides a fruitful ground for future conceptual and empirical studies. For practitioners, the developed artefacts are useful to identify and guide Blockchain projects that facilitate purposeful Blockchain adoption

Replicate after reading : on the extraction and evocation of cultural information

Does cultural evolution happen by a process of copying or replication? And how exactly does cultural transmission compare with that paradigmatic case of replication, the copying of DNA in living cells? Theorists of cultural evolution are divided on these issues. The most important objection to the replication model has been leveled by Dan Sperber and his colleagues. Cultural transmission, they argue, is almost always reconstructive and transformative, while strict 'replication' can be seen as a rare limiting case at most. By means of some thought experiments and intuition pumps, I clear up some confusion about what qualifies as 'replication'. I propose a distinction between evocation and extraction of cultural information, applying these concepts at different levels of resolution. I defend a purely abstract and information-theoretical definition of replication, while rejecting more material conceptions. In the end, even after taking Sperber's valuable and important points on board, the notion of cultural replication remains a valid and useful one. This is fortunate, because we need it for certain explanatory projects (e.g., understanding cumulative cultural adaptations)

Building the Infrastructure for Cloud Security

Computer scienc

Enabling Security Analysis and Education of the Ethereum Platform: A Network Traffic Dissection Tool

Ethereum, the decentralized global software platform powered by blockchain technology known for its native cryptocurrency, Ether (ETH), provides a technology stack for building apps, holding assets, transacting, and communicating without control by a central authority. At the core of Ethereum’s network is a suite of purpose-built protocols known as DEVP2P, which provides the underlying nodes in an Ethereum network the ability to discover, authenticate and communicate confidentiality. This document discusses the creation of a new Wireshark dissector for DEVP2P’s discovery protocols, DiscoveryV4 and DiscoveryV5, and a dissector for RLPx, an extensible TCP transport protocol for a range of Ethereum node capabilities. Network packet dissectors like Wireshark are commonly used to educate, develop, and analyze underlying network traffic. In support of creating the dissector, a custom private Ethereum docker network was also created, facilitating the communication amongst Go Ethereum execution clients and allowing the Wireshark dissector to capture live network data. Lastly, the dissector is used to understand the differences between DiscoveryV4 and DiscoveryV5, along with stepping through the network packets of RLPx to track a transaction executed on the network

Creating architecture for a digital information system leveraging virtual environments

Abstract. The topic of the thesis was the creation of a proof of concept digital information system, which utilizes virtual environments. The focus was finding a working design, which can then be expanded upon. The research was conducted using design science research, by creating the information system as the artifact. The research was conducted for Nokia Networks in Oulu, Finland; in this document referred to as “the target organization”. An information system is a collection of distributed computing components, which come together to create value for an organization. Information system architecture is generally derived from enterprise architecture, and consists of a data-, technical- and application architectures. Data architecture outlines the data that the system uses, and the policies related to its usage, manipulation and storage. Technical architecture relates to various technological areas, such as networking and protocols, as well as any environmental factors. The application architecture consists of deconstructing the applications that are used in the operations of the information system. Virtual reality is an experience, where the concepts of presence, autonomy and interaction come together to create an immersive alternative to a regular display-based computer environment. The most typical form of virtual reality consists of a headmounted device, controllers and movement-tracking base stations. The user’s head- and body movement can be tracked, which changes their position in the virtual environment. The proof-of-concept information system architecture used a multi-server -based solution, where one central physical server hosted multiple virtual servers. The system consisted of a website, which was the knowledge-center and where a client software could be downloaded. The client software was the authorization portal, which determined the virtual environments that were available to the user. The virtual reality application included functionalities, which enable co-operative, virtualized use of various Nokia products, in immersive environments. The system was tested in working situations, such as during exhibitions with customers. The proof-of-concept system fulfilled many of the functional requirements set for it, allowing for co-operation in the virtual reality. Additionally, a rudimentary model for access control was available in the designed system. The shortcomings of the system were related to areas such as security and scaling, which can be further developed by introducing a cloud-hosted environment to the architecture