When Mobile Blockchain Meets Edge Computing

Blockchain, as the backbone technology of the current popular Bitcoin digital currency, has become a promising decentralized data management framework. Although blockchain has been widely adopted in many applications, e.g., finance, healthcare, and logistics, its application in mobile services is still limited. This is due to the fact that blockchain users need to solve preset proof-of-work puzzles to add new data, i.e., a block, to the blockchain. Solving the proof-of-work, however, consumes substantial resources in terms of CPU time and energy, which is not suitable for resource-limited mobile devices. To facilitate blockchain applications in future mobile Internet of Things systems, multiple access mobile edge computing appears to be an auspicious solution to solve the proof-of-work puzzles for mobile users. We first introduce a novel concept of edge computing for mobile blockchain. Then, we introduce an economic approach for edge computing resource management. Moreover, a prototype of mobile edge computing enabled blockchain systems is presented with experimental results to justify the proposed concept.Comment: Accepted by IEEE Communications Magazin

Introducing mobile home agents into the distributed authentication protocol to achieve location privacy in mobile IPv6

Mobile IPv6 will be the basis for the fourth generation 4G networks which will completely revolutionize the way telecommunication devices operate. This paradigm shift will occur due to the sole use of packed switching networks. Mobile IPv6 utilizes binding updates as a route optimization to reduced triangle routing between the mobile node, the home agent and the correspondent node, allowing direct communication between the mobile node and the correspondent. However, direct communication between the nodes produces a range of security vulnerabilities, which the home agent avoided. This paper attempts to provide the advantages of using the home agent as an intermediary whilst reducing the latency of triangle routing. This can be achieved with the proposed use of a mobile home agent which essentially follows the mobile node as it moves between points of attachment providing location privacy and pseudo-direct communication, which can be incorporated into the distributed authentication protocol or be used as a stand alone solution

Blockchain and personal data : In search of digital identity management solution

Tutkielman aiheena ovat lohkoketjuteknologia, henkilötiedot ja sähköinen identiteetti. Tutkielman tavoitteena on löytää sellainen sähköisen identiteetin hallintaratkaisu, joka hyödyntää lohkoketjuteknologiaa henkilötietojen tallennuksessa ja on henkilötietojen käsittelyyn soveltuvan kansainvälisten sääntelyn mukainen. Tavoitteen saavuttamiseksi, tutkielma antaa vastauksen siihen, 1) voidaanko henkilötietoja tallentaa suoraan lohkoketjuun tai, 2) miten lohkoketjuteknologiaa voitaisiin muuten hyödyntää henkilötietojen säilyttämisessä, 3) mitkä ovat soveltuvat kansainväliset tietosuojalainsäädäntökehykset ja 4) mitä vaikutuksia soveltuvalla sääntelyllä on lohkoketjuteknologian ja henkilötietojen tallentamisen yhteensovittamisessa sähköisen identiteetin hallinnassa. Tutkielman tutkimusmenetelmänä käytetään postposivistista lähestymistapaa, joten de lege lata -tietosuojalainsäädäntöä ei pidetä itsestäänselvyytenä ja sen sijaan lainsäädäntöä on pidettävä muuttavana ja suhteessa teknologiseen kehitykseen. Sisäisen kritiikin avulla pyritään purkamaan jännitettä kehittyvän teknologian ja tietosuojalainsäädännön välillä ja tunnistamaan lainsäädännölliset aukot ja ristiriidat. Tärkeimmät tutkimusaineistot ovat henkilötietoihin sovellettavat kansainväliset tietosuojakehykset sekä kehitteillä olevat kansainväliset identiteettiä koskevat lainsäädäntökehikot, ratkaisut, ohjeet ja teknologiset standardit. Edistyksellisistä hajautusalgoritmeista huolimatta, lohkoketjuun tallennettuja henkilötietoja pidetään pseudoanonyymina tietona, ja lohkoketjuun tallennetut henkilötiedot kuuluvat kansainvälisen siten aina tietosuojalainsäädännön piiriin. Lisäksi, koska muuttumattomuus on erottamaton osa lohkoketjuteknologia, henkilötietoja ei voida tallentaa suoraan lohkoketjuun rikkomatta kansainvälisen tietosuojalainsäädännön periaatteita, joista keskeisimmät ovat oikeus tietojen oikaisemiseen ja poistamiseen ja oikeus tulla unohdetuksi. Yksityinen lohkoketju tarjoaa kuitenkin lohkoketjuun muutettavissa olevan lisäkerroksen, joka mahdollistaa lohkoketjuteknologian hyödyntämisen henkilötietojen tallentamisessa ja sähköisen identiteetin hallinnassa. Kun kyvykkyydet ja esteet lohkoketjuteknologian soveltamiselle on tunnistettu, tutkielma analysoi itsehallittavan identiteetin hallintamallia, joka mahdollistaisi rekisteröidylle henkilölle sekä keinot luoda ja hallita sähköisen identiteetin muodostavia yksilöllisiä tunnisteita, että puitteet henkilötietojen tallentamiseen, aikaansaaden paradigman muutoksen

Decentralized Identity and Access Management Framework for Internet of Things Devices

The emerging Internet of Things (IoT) domain is about connecting people and devices and systems together via sensors and actuators, to collect meaningful information from the devices surrounding environment and take actions to enhance productivity and efficiency. The proliferation of IoT devices from around few billion devices today to over 25 billion in the next few years spanning over heterogeneous networks defines a new paradigm shift for many industrial and smart connectivity applications. The existing IoT networks faces a number of operational challenges linked to devices management and the capability of devices’ mutual authentication and authorization. While significant progress has been made in adopting existing connectivity and management frameworks, most of these frameworks are designed to work for unconstrained devices connected in centralized networks. On the other hand, IoT devices are constrained devices with tendency to work and operate in decentralized and peer-to-peer arrangement. This tendency towards peer-to-peer service exchange resulted that many of the existing frameworks fails to address the main challenges faced by the need to offer ownership of devices and the generated data to the actual users. Moreover, the diversified list of devices and offered services impose that more granular access control mechanisms are required to limit the exposure of the devices to external threats and provide finer access control policies under control of the device owner without the need for a middleman. This work addresses these challenges by utilizing the concepts of decentralization introduced in Distributed Ledger (DLT) technologies and capability of automating business flows through smart contracts. The proposed work utilizes the concepts of decentralized identifiers (DIDs) for establishing a decentralized devices identity management framework and exploits Blockchain tokenization through both fungible and non-fungible tokens (NFTs) to build a self-controlled and self-contained access control policy based on capability-based access control model (CapBAC). The defined framework provides a layered approach that builds on identity management as the foundation to enable authentication and authorization processes and establish a mechanism for accounting through the adoption of standardized DLT tokenization structure. The proposed framework is demonstrated through implementing a number of use cases that addresses issues related identity management in industries that suffer losses in billions of dollars due to counterfeiting and lack of global and immutable identity records. The framework extension to support applications for building verifiable data paths in the application layer were addressed through two simple examples. The system has been analyzed in the case of issuing authorization tokens where it is expected that DLT consensus mechanisms will introduce major performance hurdles. A proof of concept emulating establishing concurrent connections to a single device presented no timed-out requests at 200 concurrent connections and a rise in the timed-out requests ratio to 5% at 600 connections. The analysis showed also that a considerable overhead in the data link budget of 10.4% is recorded due to the use of self-contained policy token which is a trade-off between building self-contained access tokens with no middleman and link cost

Security in peer-to-peer communication systems

P2PSIP (Peer-to-Peer Session Initiation Protocol) is a protocol developed by the IETF (Internet Engineering Task Force) for the establishment, completion and modi¿cation of communication sessions that emerges as a complement to SIP (Session Initiation Protocol) in environments where the original SIP protocol may fail for technical, ¿nancial, security, or social reasons. In order to do so, P2PSIP systems replace all the architecture of servers of the original SIP systems used for the registration and location of users, by a structured P2P network that distributes these functions among all the user agents that are part of the system. This new architecture, as with any emerging system, presents a completely new security problematic which analysis, subject of this thesis, is of crucial importance for its secure development and future standardization. Starting with a study of the state of the art in network security and continuing with more speci¿c systems such as SIP and P2P, we identify the most important security services within the architecture of a P2PSIP communication system: access control, bootstrap, routing, storage and communication. Once the security services have been identi¿ed, we conduct an analysis of the attacks that can a¿ect each of them, as well as a study of the existing countermeasures that can be used to prevent or mitigate these attacks. Based on the presented attacks and the weaknesses found in the existing measures to prevent them, we design speci¿c solutions to improve the security of P2PSIP communication systems. To this end, we focus on the service that stands as the cornerstone of P2PSIP communication systems¿ security: access control. Among the new designed solutions stand out: a certi¿cation model based on the segregation of the identity of users and nodes, a model for secure access control for on-the-¿y P2PSIP systems and an authorization framework for P2PSIP systems built on the recently published Internet Attribute Certi¿cate Pro¿le for Authorization. Finally, based on the existing measures and the new solutions designed, we de¿ne a set of security recommendations that should be considered for the design, implementation and maintenance of P2PSIP communication systems.Postprint (published version

Interoperability mechanisms for registration and authentication on different open DRM platforms

The DRM interoperability problem is a very complex problem. Even big software companies have already admitted that DRM as it is today is too complex ? complex for end-users, complex for content providers and complex for content handling devices manufactures. There are different approaches to deal with this problem and there are different levels to address the problem. This article addresses the DRM interoperability issues from a security point of view, and as an example the authors take two open-specification DRM architectures ? MIPAMS and OpenSDRM ? to identify a strategy to interoperate some of the basic security mechanisms. In this article the authors will concentrate in the DRM components and user’s registration, authentication and verification process and will derive a mechanism to handle and support both