Access Control for Binary Integrity Protection using Ethereum

The integrity of executable binaries is essential to the security of any device that runs them. At best, a manipulated binary can leave the system in question open to attack, and at worst, it can compromise the entire system by itself. In recent years, supply-chain attacks have demonstrated that binaries can even be compromised unbeknownst to their creators. This, in turn, leads to the dissemination of supposedly valid binaries that need to be revoked later. In this paper, we present and evaluate a concept for publishing and revoking integrity protecting information for binaries, based on the Ethereum Blockchain and its underlying peer-to-peer network. Smart Contracts are used to enforce access control over the publication and revocation of integrity preserving information, whereas the peer-to-peer network serves as a fast, global communication service to keep user clients informed. The Ethereum Blockchain serves as a tamper-evident, publicly-verifiable log of published and revoked binaries. Our implementation incurs costs comparable to registration fees for centralised software distribution platforms but allows publication and revocation of individual binaries within minutes. The proposed concept can be integrated incrementally into existing software distribution platforms, such as package repositories or various app stores

ARCHANGEL: Tamper-proofing Video Archives using Temporal Content Hashes on the Blockchain

We present ARCHANGEL; a novel distributed ledger based system for assuring the long-term integrity of digital video archives. First, we describe a novel deep network architecture for computing compact temporal content hashes (TCHs) from audio-visual streams with durations of minutes or hours. Our TCHs are sensitive to accidental or malicious content modification (tampering) but invariant to the codec used to encode the video. This is necessary due to the curatorial requirement for archives to format shift video over time to ensure future accessibility. Second, we describe how the TCHs (and the models used to derive them) are secured via a proof-of-authority blockchain distributed across multiple independent archives. We report on the efficacy of ARCHANGEL within the context of a trial deployment in which the national government archives of the United Kingdom, Estonia and Norway participated.Comment: Accepted to CVPR Blockchain Workshop 201

Dwarna : a blockchain solution for dynamic consent in biobanking

Dynamic consent aims to empower research partners and facilitate active participation in the research process. Used within the context of biobanking, it gives individuals access to information and control to determine how and where their biospecimens and data should be used. We present Dwarna—a web portal for ‘dynamic consent’ that acts as a hub connecting the different stakeholders of the Malta Biobank: biobank managers, researchers, research partners, and the general public. The portal stores research partners’ consent in a blockchain to create an immutable audit trail of research partners’ consent changes. Dwarna’s structure also presents a solution to the European Union’s General Data Protection Regulation’s right to erasure—a right that is seemingly incompatible with the blockchain model. Dwarna’s transparent structure increases trustworthiness in the biobanking process by giving research partners more control over which research studies they participate in, by facilitating the withdrawal of consent and by making it possible to request that the biospecimen and associated data are destroyed.peer-reviewe

Practical Trade-Offs in Integrity Protection for Binaries via Ethereum

Ensuring the integrity of executable binaries is of vital importance to systems that run and depend on them. Additionally, supply-chain attacks and security related bugs demonstrate that binaries, once deployed, may need to be revoked and replaced with updated versions. Recently, blockchain ecosystems have garnered broad attention as middlewares for decentralised solutions to existing problems. Stengele et al. presented a concept how the Ethereum blockchain and peer-to-peer network can be used to ensure the integrity of binaries with timely, accurate, and machine-readable revocations. In this work, we show this concept in practice with a user client implementation in Go and demonstrate how revocations and updates can reliably reach a user client within minutes. We show the client\u27s ability to ensure the integrity of multiple binaries and continuously monitor the Ethereum blockchain for updates and revocations via an unmodified Ethereum client. We also examine the trust relations and trade-offs through our use case. Since the user client fully relies on an Ethereum client as a gateway, the latter\u27s resilience against malicious actors is crucial to consider in a practical deployment