Blockchain technologies and forensic challenges: Emergent potential and diverging affordances

Blockchain technologies (BT) have provided unique affordances for decentralisation, peer-to-peer collaboration, and relative privacy. Such affordances have manifested benefits in a wide range of domains, including in value storage and transfer instruments like cryptocurrencies. However, this has made them attractive to cybercriminals, seeking to leverage cryptocurrencies for illicit activities and transactions, which pose substantive challenges for forensic investigators. These challenges span the identification of perpetrators, the increasingly multi-jurisdictional nature of cybercrime, and legal and digital divides. Conversely, blockchains provide novel opportunities for forensic investigators and law enforcement agencies. This paper addresses emergent forensic challenges posed by BT along with opportunities for law enforcement. It highlights a divergence between BT used by criminals, and those heralded for law enforcement. This calls for explicit reconsideration of blockchain technologies proposed in scholarly literature as BT could be deployed through a multitude of architectures, each with its own unique affordances

Deep Learning meets Blockchain for Automated and Secure Access Control

Access control is a critical component of computer security, governing access to system resources. However, designing policies and roles in traditional access control can be challenging and difficult to maintain in dynamic and complex systems, which is particularly problematic for organizations with numerous resources. Furthermore, traditional methods suffer from issues such as third-party involvement, inefficiency, and privacy gaps, making transparent and dynamic access control an ongoing research problem. Moreover detecting malicious activities and identifying users who are not behaving appropriately can present notable difficulties. To address these challenges, we propose DLACB, a Deep Learning Based Access Control Using Blockchain, as a solution to decentralized access control. DLACB uses blockchain to provide transparency, traceability, and reliability in various domains such as medicine, finance, and government while taking advantage of deep learning to not rely on predefined policies and eventually automate access control. With the integration of blockchain and deep learning for access control, DLACB can provide a general framework applicable to various domains, enabling transparent and reliable logging of all transactions. As all data is recorded on the blockchain, we have the capability to identify malicious activities. We store a list of malicious activities in the storage system and employ a verification algorithm to cross-reference it with the blockchain. We conduct measurements and comparisons of the smart contract processing time for the deployed access control system in contrast to traditional access control methods, determining the time overhead involved. The processing time of DLBAC demonstrates remarkable stability when exposed to increased request volumes.Comment: arXiv admin note: text overlap with arXiv:2303.1475

The enterprise blockchain design framework and its application to an e-Procurement ecosystem

The research work of this paper has been partially funded by the project VORTAL INTER DATA (n° 038361), co-financed by Vortal and COMPETE Program P2020. We would also like to thank UNIDEMI, DEMI, and LASI for providing us with the research infrastucture and resources to conduct this research. Publisher Copyright: © 2022 Elsevier LtdBlockchain technologies have seen a steady growth in interest from industries as the technology is gaining maturity. It is offering a novel way to establish trust amongst multiple stakeholders without relying or trusting centralised authorities. While its use as a decentralised store of value has been validated through the emergence of cryptocurrencies, its use case in industrial applications with multiple stakeholder ecosystems such as industrial supply chain management, is still at an early stage of design and experimentation where private blockchains are used as opposed to public blockchains. Many enterprise blockchain projects failed to gain traction after initial launches, due to inefficient design, lack of incentives to all stakeholders or simply because the use of blockchain was not really necessary in the first place. There has been a need for a framework that allows blockchain designers and researchers to evaluate scenarios when a blockchain solution is useful and design the key configurations for an enterprise blockchain solution. Literature on blockchain architectures are sparse and only applicable to specific use cases or functionalities. This paper proposes a comprehensive Enterprise Blockchain Design Framework (EBDF), that not only identifies the relevant use cases when a blockchain must be utilised, but also details all the characteristics and configurations for designing an enterprise blockchain ecosystem, applicable to multiple industries. To validate the EBDF, we apply the same to the Vortal e-Procurement ecosystem allowing for multiple platforms to interoperate with greater transparency and accountability over the proposed blockchain framework. In this use case, many vendors bid for procurement procedures, often for publicly managed funds where it is extremely vital that full transparency and accountability is ensured in the entire process. Ensuring that certain digital certification functions, such as timestamps are independent from e-Procurement platform owners has been a challenge. Blockchain technology has emerged as a promising solution for not only ensuring transparency and immutability of records, but also providing for interoperability across different platforms by acting as a trusted third-party. The applied framework is used to design a Hyperledger based blockchain solution with some of the key architectural elements that could fulfil these needs while presenting the advantages of such a solution.publishersversionpublishe

Decentralized Documentation of Maritime Traffic Incidents to Support Conflict Resolution

For the investigation of major traffic accidents, larger vessels are obliged to install a voyage data recorder (VDR). However, not every vessel is equipped with a VDR, and the readout is often a manual process that is costly. In addition, not only ship-related information can be relevant for reconstructing traffic accidents, but also information from other entities such as meteorological services or port operators. Moreover, another major challenge is that entities tend to trust only their records, and not those of others as these could be manipulated in favor of the particular recording entity (e.g., to disguise any damage caused). This paper presents an approach to documenting arbitrary data from different entities in a trustworthy, decentralized, and tamper-proof manner to support the conflict resolution process. For this purpose, all involved entities in a traffic situation can contribute to the documentation by persisting their available data. Since maritime stakeholders are equipped with various sensors, a diverse and meaningful data foundation can be aggregated. The data is then signed by a mutually agreed upon timestamping authority (TSA). In this way, everyone can cryptographically verify whether the data has been subsequently changed. This approach was successfully applied in practice by documenting a vessel’s mooring maneuver

A secure and auditable logging infrastructure based on a permissioned blockchain

Information systems in organizations are regularly subject to cyber attacks targeting confidential data or threatening the availability of the infrastructure. In case of a successful attack it is crucial to maintain integrity of the evidence for later use in court. Existing solutions to preserve integrity of log records remain cost-intensive or hard to implement in practice. In this work we present a new infrastructure for log integrity preservation which does not depend upon trusted third parties or specialized hardware. The system uses a blockchain to store non-repudiable proofs of existence for all generated log records. An open-source prototype of the resulting log auditing service is developed and deployed, followed by a security and performance evaluation. The infrastructure represents a novel software-based solution to the secure logging problem, which unlike existing approaches does not rely on specialized hardware, trusted third parties or modifications to the logging source. (C) 2019 Elsevier Ltd. All rights reserved

Secure Information Sharing with Distributed Ledgers

In 2009, blockchain technology was first introduced as the supporting database technology for digital currencies. Since then, more advanced derivations of the technology have been developed under the broader term Distributed Ledgers, with improved scalability and support for general-purpose application logic. As a distributed database, they are able to support interorganizational information sharing while assuring desirable information security attributes like non-repudiation, auditability and transparency. Based on these characteristics, researchers and practitioners alike have begun to identify a plethora of disruptive use cases for Distributed Ledgers in existing application domains. While these use cases are promising significant efficiency improvements and cost reductions, practical adoption has been slow in the past years. This dissertation focuses on improving three aspects contributing to slow adoption. First, it attempts to identify application areas and substantiated use cases where Distributed Ledgers can considerably advance the security of information sharing. Second, it considers the security aspects of the technology itself, identifying threats to practical applications and detection approaches for these threats. And third, it investigates success factors for successful interorganizational collaborations using Distributed Ledgers

Tackling the Challenges of Information Security Incident Reporting: A Decentralized Approach

Information security incident under-reporting is unambiguously a business problem, as identified by a variety of sources, such as ENISA (2012), Symantec (2016), Newman (2018) and more. This research project identified the underlying issues that cause this problem and proposed a solution, in the form of an innovative artefact, which confronts a number of these issues. This research project was conducted according to the requirements of the Design Science Research Methodology (DSRM) by Peffers et al (2007). The research question set at the beginning of this research project, probed the feasible formation of an incident reporting solution, which would increase the motivational level of users towards the reporting of incidents, by utilizing the positive features offered by existing solutions, on one hand, but also by providing added value to the users, on the other. The comprehensive literature review chapter set the stage, and identified the reasons for incident underreporting, while also evaluating the existing solutions and determining their advantages and disadvantages. The objectives of the proposed artefact were then set, and the artefact was designed and developed. The output of this development endeavour is “IRDA”, the first decentralized incident reporting application (DApp), built on “Quorum”, a permissioned blockchain implementation of Ethereum. Its effectiveness was demonstrated, when six organizations accepted to use the developed artefact and performed a series of pre-defined actions, in order to confirm the platform’s intended functionality. The platform was also evaluated using Venable et al’s (2012) evaluation framework for DSR projects. This research project contributes to knowledge in various ways. It investigates blockchain and incident reporting, two domains which have not been extensively examined and the available literature is rather limited. Furthermore, it also identifies, compares, and evaluates the conventional, reporting platforms, available, up to date. In line with previous findings (e.g Humphrey, 2017), it also confirms the lack of standard taxonomies for information security incidents. This work also contributes by creating a functional, practical artefact in the blockchain domain, a domain where, according to Taylor et al (2019), most studies are either experimental proposals, or theoretical concepts, with limited practicality in solving real-world problems. Through the evaluation activity, and by conducting a series of non-parametric significance tests, it also suggests that IRDA can potentially increase the motivational level of users towards the reporting of incidents. This thesis describes an original attempt in utilizing the newly emergent blockchain technology, and its inherent characteristics, for addressing those concerns which actively contribute to the business problem. To the best of the researcher’s knowledge, there is currently no other solution offering similar benefits to users/organizations for incident reporting purposes. Through the accomplishment of this project’s pre-set objectives, the developed artefact provides a positive answer to the research question. The artefact, featuring increased anonymity, availability, immutability and transparency levels, as well as an overall lower cost, has the potential to increase the motivational level of organizations towards the reporting of incidents, thus improving the currently dismaying statistics of incident under-reporting. The structure of this document follows the flow of activities described in the DSRM by Peffers et al (2007), while also borrowing some elements out of the nominal structure of an empirical research process, including the literature review chapter, the description of the selected research methodology, as well as the “discussion and conclusion” chapter

Harnessing Human Potential for Security Analytics

Humans are often considered the weakest link in cybersecurity. As a result, their potential has been continuously neglected. However, in recent years there is a contrasting development recognizing that humans can benefit the area of security analytics, especially in the case of security incidents that leave no technical traces. Therefore, the demand becomes apparent to see humans not only as a problem but also as part of the solution. In line with this shift in the perception of humans, the present dissertation pursues the research vision to evolve from a human-as-a-problem to a human-as-a-solution view in cybersecurity. A step in this direction is taken by exploring the research question of how humans can be integrated into security analytics to contribute to the improvement of the overall security posture. In addition to laying foundations in the field of security analytics, this question is approached from two directions. On the one hand, an approach in the context of the human-as-a-security-sensor paradigm is developed which harnesses the potential of security novices to detect security incidents while maintaining high data quality of human-provided information. On the other hand, contributions are made to better leverage the potential of security experts within a SOC. Besides elaborating the current state in research, a tool for determining the target state of a SOC in the form of a maturity model is developed. Based on this, the integration of security experts was improved by the innovative application of digital twins within SOCs. Accordingly, a framework is created that improves manual security analyses by simulating attacks within a digital twin. Furthermore, a cyber range was created, which offers a realistic training environment for security experts based on this digital twin