Beyond the Hype: On Using Blockchains in Trust Management for Authentication

Trust Management (TM) systems for authentication are vital to the security of online interactions, which are ubiquitous in our everyday lives. Various systems, like the Web PKI (X.509) and PGP's Web of Trust are used to manage trust in this setting. In recent years, blockchain technology has been introduced as a panacea to our security problems, including that of authentication, without sufficient reasoning, as to its merits.In this work, we investigate the merits of using open distributed ledgers (ODLs), such as the one implemented by blockchain technology, for securing TM systems for authentication. We formally model such systems, and explore how blockchain can help mitigate attacks against them. After formal argumentation, we conclude that in the context of Trust Management for authentication, blockchain technology, and ODLs in general, can offer considerable advantages compared to previous approaches. Our analysis is, to the best of our knowledge, the first to formally model and argue about the security of TM systems for authentication, based on blockchain technology. To achieve this result, we first provide an abstract model for TM systems for authentication. Then, we show how this model can be conceptually encoded in a blockchain, by expressing it as a series of state transitions. As a next step, we examine five prevalent attacks on TM systems, and provide evidence that blockchain-based solutions can be beneficial to the security of such systems, by mitigating, or completely negating such attacks.Comment: A version of this paper was published in IEEE Trustcom. http://ieeexplore.ieee.org/document/8029486

On the Convergence of Blockchain and Internet of Things (IoT) Technologies

The Internet of Things (IoT) technology will soon become an integral part of our daily lives to facilitate the control and monitoring of processes and objects and revolutionize the ways that human interacts with the physical world. For all features of IoT to become fully functional in practice, there are several obstacles on the way to be surmounted and critical challenges to be addressed. These include, but are not limited to cybersecurity, data privacy, energy consumption, and scalability. The Blockchain decentralized nature and its multi-faceted procedures offer a useful mechanism to tackle several of these IoT challenges. However, applying the Blockchain protocols to IoT without considering their tremendous computational loads, delays, and bandwidth overhead can let to a new set of problems. This review evaluates some of the main challenges we face in the integration of Blockchain and IoT technologies and provides insights and high-level solutions that can potentially handle the shortcomings and constraints of both IoT and Blockchain technologies.Comment: Includes 11 Pages, 3 Figures, To publish in Journal of Strategic Innovation and Sustainability for issue JSIS 14(1

RoboChain: A Secure Data-Sharing Framework for Human-Robot Interaction

Robots have potential to revolutionize the way we interact with the world around us. One of their largest potentials is in the domain of mobile health where they can be used to facilitate clinical interventions. However, to accomplish this, robots need to have access to our private data in order to learn from these data and improve their interaction capabilities. Furthermore, to enhance this learning process, the knowledge sharing among multiple robot units is the natural step forward. However, to date, there is no well-established framework which allows for such data sharing while preserving the privacy of the users (e.g., the hospital patients). To this end, we introduce RoboChain - the first learning framework for secure, decentralized and computationally efficient data and model sharing among multiple robot units installed at multiple sites (e.g., hospitals). RoboChain builds upon and combines the latest advances in open data access and blockchain technologies, as well as machine learning. We illustrate this framework using the example of a clinical intervention conducted in a private network of hospitals. Specifically, we lay down the system architecture that allows multiple robot units, conducting the interventions at different hospitals, to perform efficient learning without compromising the data privacy.Comment: 7 pages, 6 figure