Centrally Banked Cryptocurrencies

Current cryptocurrencies, starting with Bitcoin, build a decentralized blockchain-based transaction ledger, maintained through proofs-of-work that also generate a monetary supply. Such decentralization has benefits, such as independence from national political control, but also significant limitations in terms of scalability and computational cost. We introduce RSCoin, a cryptocurrency framework in which central banks maintain complete control over the monetary supply, but rely on a distributed set of authorities, or mintettes, to prevent double-spending. While monetary policy is centralized, RSCoin still provides strong transparency and auditability guarantees. We demonstrate, both theoretically and experimentally, the benefits of a modest degree of centralization, such as the elimination of wasteful hashing and a scalable system for avoiding double-spending attacks.Comment: 15 pages, 4 figures, 2 tables in Proceedings of NDSS 201

MiniLedger: Compact-sized Anonymous and Auditable Distributed Payments

While privacy preserving distributed payment schemes manage to drastically improve user privacy, they come at the cost of generating new regulatory concerns: in a private ledger the transactions cannot be subject to any level of auditing, and thus are not compatible with tracing illegal behaviors. In this work we present MiniLedger, a distributed payment system which not only guarantees the privacy of transactions, but also offers built-in functionalities for various types of audits by any external authority. MiniLedger is the first private and auditable payment system with storage costs independent of the number of transactions. To achieve such a storage improvement, we introduce pruning functionalities for the transaction history while maintaining integrity and auditing. We provide formal security definitions and a number of extensions for various auditing levels. Our evaluation results show that MiniLedger is practical in terms of storage requiring as low as 70KB per participant for 128 bits of security, and depending on the implementation choices, can prune 1 million transactions in less than a second

Tackling the Challenges of Information Security Incident Reporting: A Decentralized Approach

Information security incident under-reporting is unambiguously a business problem, as identified by a variety of sources, such as ENISA (2012), Symantec (2016), Newman (2018) and more. This research project identified the underlying issues that cause this problem and proposed a solution, in the form of an innovative artefact, which confronts a number of these issues. This research project was conducted according to the requirements of the Design Science Research Methodology (DSRM) by Peffers et al (2007). The research question set at the beginning of this research project, probed the feasible formation of an incident reporting solution, which would increase the motivational level of users towards the reporting of incidents, by utilizing the positive features offered by existing solutions, on one hand, but also by providing added value to the users, on the other. The comprehensive literature review chapter set the stage, and identified the reasons for incident underreporting, while also evaluating the existing solutions and determining their advantages and disadvantages. The objectives of the proposed artefact were then set, and the artefact was designed and developed. The output of this development endeavour is “IRDA”, the first decentralized incident reporting application (DApp), built on “Quorum”, a permissioned blockchain implementation of Ethereum. Its effectiveness was demonstrated, when six organizations accepted to use the developed artefact and performed a series of pre-defined actions, in order to confirm the platform’s intended functionality. The platform was also evaluated using Venable et al’s (2012) evaluation framework for DSR projects. This research project contributes to knowledge in various ways. It investigates blockchain and incident reporting, two domains which have not been extensively examined and the available literature is rather limited. Furthermore, it also identifies, compares, and evaluates the conventional, reporting platforms, available, up to date. In line with previous findings (e.g Humphrey, 2017), it also confirms the lack of standard taxonomies for information security incidents. This work also contributes by creating a functional, practical artefact in the blockchain domain, a domain where, according to Taylor et al (2019), most studies are either experimental proposals, or theoretical concepts, with limited practicality in solving real-world problems. Through the evaluation activity, and by conducting a series of non-parametric significance tests, it also suggests that IRDA can potentially increase the motivational level of users towards the reporting of incidents. This thesis describes an original attempt in utilizing the newly emergent blockchain technology, and its inherent characteristics, for addressing those concerns which actively contribute to the business problem. To the best of the researcher’s knowledge, there is currently no other solution offering similar benefits to users/organizations for incident reporting purposes. Through the accomplishment of this project’s pre-set objectives, the developed artefact provides a positive answer to the research question. The artefact, featuring increased anonymity, availability, immutability and transparency levels, as well as an overall lower cost, has the potential to increase the motivational level of organizations towards the reporting of incidents, thus improving the currently dismaying statistics of incident under-reporting. The structure of this document follows the flow of activities described in the DSRM by Peffers et al (2007), while also borrowing some elements out of the nominal structure of an empirical research process, including the literature review chapter, the description of the selected research methodology, as well as the “discussion and conclusion” chapter

Knowing your bitcoin customer: A survey of bitcoin money laundering services and technical solutions for anti-money laundering compliance

Cryptocurrencies are gaining significant attention and financial investment. Among the wave of new cryptocurrencies, the first cryptocurrency introduced, Bitcoin, remains the most notable and most heavily used. While Bitcoin is often perceived as an anonymous system, it is in fact only pseudonymous and a variety of methods are known to reidentify the holders of Bitcoin wallets. As a result, services have emerged which ``anonymize Bitcoin by making it difficult to trace the origin of Bitcoin funds. These services are referred to as ``mixers or ``tumblers, but are more generally methods of laundering Bitcoin funds. In the United States, a system of anti-money-laundering (AML) regulations developed since the 1970s requires financial services organizations to take positive steps to identify their customers, prevent use of their services for money laundering, and detect and report customers which appear to be engaged in money laundering. These AML regulations have been interpreted by the primary regulator, FinCEN, as fully applicable to Bitcoin. This creates a clear conflict with laundering services which are directly intended to prevent organizations identifying the possessor of funds. This thesis explores the advancing state of both Bitcoin laundering services and Bitcoin anti-laundering services intended to assist in compliance with AML regulations. The current state of the art in both laundering and anti-laundering services is explored. Later, current research and avenues for improvement in these services are discussed. Ultimately, the way forward for Bitcoin AML regulation is discussed. The current regulatory approach to Bitcoin is insufficient to mitigate laundering with Bitcoin and should be refocused

Performance and Security Improvements for Tor: A Survey

Tor [Dingledine et al. 2004] is the most widely used anonymity network today, serving millions of users on a daily basis using a growing number of volunteer-run routers. Since its deployment in 2003, there have been more than three dozen proposals that aim to improve its performance, security, and unobservability. Given the significance of this research area, our goal is to provide the reader with the state of current research directions and challenges in anonymous communication systems, focusing on the Tor network.We shed light on the design weaknesses and challenges facing the network and point out unresolved issues

IntegraDos: facilitating the adoption of the Internet of Things through the integration of technologies

También, han sido analizados los componentes para una integración del IoT y cloud computing, concluyendo en la arquitectura Lambda-CoAP. Y por último, los desafíos para una integración del IoT y Blockchain han sido analizados junto con una evaluación de las posibilidades de los dispositivos del IoT para incorporar nodos de Blockchain. Las contribuciones de esta tesis doctoral contribuyen a acercar la adopción del IoT en la sociedad, y por tanto, a la expansión de esta prominente tecnología. Fecha de lectura de Tesis: 17 de diciembre 2018.El Internet de las Cosas (IoT) fue un nuevo concepto introducido por K. Asthon en 1999 para referirse a un conjunto identificable de objetos conectados a través de RFID. Actualmente, el IoT se caracteriza por ser una tecnología ubicua que está presente en un gran número de áreas, como puede ser la monitorización de infraestructuras críticas, sistemas de trazabilidad o sistemas asistidos para el cuidado de la salud. El IoT está cada vez más presente en nuestro día a día, cubriendo un gran abanico de posibilidades con el fin de optimizar los procesos y problemas a los que se enfrenta la sociedad. Es por ello por lo que el IoT es una tecnología prometedora que está continuamente evolucionando gracias a la continua investigación y el gran número de dispositivos, sistemas y componentes emergidos cada día. Sin embargo, los dispositivos involucrados en el IoT se corresponden normalmente con dispositivos embebidos con limitaciones de almacenamiento y procesamiento, así como restricciones de memoria y potencia. Además, el número de objetos o dispositivos conectados a Internet contiene grandes previsiones de crecimiento para los próximos años, con unas expectativas de 500 miles de millones de objetos conectados para 2030. Por lo tanto, para dar cabida a despliegues globales del IoT, además de suplir las limitaciones que existen, es necesario involucrar nuevos sistemas y paradigmas que faciliten la adopción de este campo. El principal objetivo de esta tesis doctoral, conocida como IntegraDos, es facilitar la adopción del IoT a través de la integración con una serie de tecnologías. Por un lado, ha sido abordado cómo puede ser facilitada la gestión de sensores y actuadores en dispositivos físicos sin tener que acceder y programar las placas de desarrollo. Por otro lado, un sistema para programar aplicaciones del IoT portables, adaptables, personalizadas y desacopladas de los dispositivos ha sido definido

The trade-off between usability and security in the context of eGovernment

Electronic government (e-government) implements a wide range of online services that are supported by the latest information communication technology (ICT) and accessible by devices that have great mobility in delivering services to citizens. The ongoing rapid advancements of these portable devices make user centred service design more challenging and complex as citizens’ demands, needs and preferences are varied and become more complicated over time. Also, existing research reveals that e-government still experiencing the challenge of creating better users’ interaction in terms of accessing online information and using electronic services. Among a variety of reasons for this challenge, usability and security have been recognised in previous research to be the main reasons in users’ decisions to use e-government services and need to be investigated. In addition, to the limited attention given to users’ preferences and human-centred design guidelines, creates more unusable and unsecure services. This research attempts to investigate the trade-off between usability and security from a user perspective, in order to understand how users, perceive the usability and security of e-government services by focusing on three elements of e-government. The research investigates three aspects related to e-government services, when new service being introduced, new devices being integrated, and new technology adopted. Each research study examines one of these aspects to explore how users or citizens perceive them in term of usability and security. By conducting these three studies, the researcher seeks a clear and comprehensive picture of users’ attitudes, opinions and preferences, and a rich insight into users’ needs. This research tries to explain user requirements for new services, devices and technology implemented in e-government settings, in terms of usability and security features. A mixed methods strategy, using quantitative and qualitative methods, is used capture users’ experiences and attitudes to the use of e-government services in terms of usability and security. These methods help us understand the three, related, aspects of e-government through the eyes of the participants rather than in categories predetermined by the researcher. Therefore, a questionnaire survey is used, with open-ended questions, and focus group research. A broader landscape view on the present state of users’ perception and attitudes about the trade-off between usability and security was studied and reported according to the findings from the three studies. The three studies findings and the literature review help the researcher to propose a set of usability and security guidelines to improve e-government services, which in turn would improve e-services usability and security aspects. The proposed set of guidelines complement the general usability guidelines or heuristics by considering user concerns and insights. The author presented some recommendation based on the findings of each study. These guidelines can be useful to guide designers to develop a usable and more secure e-services that match with users’ requirements