INCHAIN: a cyber insurance architecture with smart contracts and self-sovereign identity on top of blockchain

Despite the rapid growth of the cyber insurance market in recent years, insurance companies in this area face several challenges, such as a lack of data, a shortage of automated tasks, increased fraudulent claims from legal policyholders, attackers masquerading as legal policyholders, and insurance companies becoming targets of cybersecurity attacks due to the abundance of data they store. On top of that, there is a lack of Know Your Customer procedures. To address these challenges, in this article, we present INCHAIN, an innovative architecture that utilizes Blockchain technology to provide data transparency and traceability. The backbone of the architecture is complemented by Smart Contracts, which automate cyber insurance processes, and Self-Sovereign Identity for robust identification. The effectiveness of INCHAIN ’s architecture is compared with the literature against the challenges the cyber insurance industry faces. In a nutshell, our approach presents a significant advancement in the field of cyber insurance, as it effectively combats the issue of fraudulent claims and ensures proper customer identification and authentication. Overall, this research demonstrates a novel and effective solution to the complex problem of managing cyber insurance, providing a solid foundation for future developments in the field

Ciosy:A collaborative blockchain-based insurance system

The insurance industry is heavily dependent on several processes executed among multiple entities, such as insurer, insured, and third-party services. The increasingly competitive environment is pushing insurance companies to use advanced technologies to address multiple challenges, namely lack of trust, lack of transparency, and economic instability. To this end, blockchain is used as an emerging technology that enables transparent and secure data storage and transmission. In this paper, we propose CioSy, a collaborative blockchain-based insurance system for monitoring and processing the insurance transactions. To the best of our knowledge, the existing approaches do not consider collaborative insurance to achieve an automated, transparent, and tamper-proof solution. CioSy aims at automating the insurance policy processing, claim handling, and payment using smart contracts. For validation purposes, an experimental prototype is developed on Ethereum blockchain. Our experimental results show that the proposed approach is both feasible and economical in terms of time and cost

FLAME: trusted fire brigade service and insurance claim system using blockchain for enterprises

Smart fire detection and insurance systems have gained considerable attention from researchers and industries. At the same time, automatic requests for fire brigade services to cure fire and instant claims settlement to defend insurance fraud are lacking in literatures. We propose a trusted fire brigade service and insurance claim (FLAME) framework using blockchain for enterprises to provide immediate fire brigade services and prevent insurance frauds. A system model is presented to explain architecture, and overall functionality of FLAME using blockchain. Further, a sensing network and connectivity model is proposed to detect true fire and send an emergency service request to monitoring station. Smart contracts are designed to automate fire brigade service and insurance claim processes. A prototype of the FLAME is implemented on Hyperledger Besu blockchain using Istanbul Byzantine Fault Tolerance 2.0 consensus protocol. Simulation results show that latency and throughput of the FLAME are better compared to state-of-the-art models

Cyber insurance

Kibernetsko zavarovanje predstavlja relativno nov produkt, katerega razvoj je bil, zaradi vseprisotnega razvoja tehnike in pametnih naprav, neizbežen. Zaradi inherentnih lastnosti kibernetskega tveganja, ki ga s kibernetskim zavarovanjem zavarujemo (njegove sistemskosti, korelacije, neopredmetenosti in dinamičnosti), zavarovalnice niso naklonjene zagotavljanju širokega kritja. Prav tako nadaljnji razvoj trga kibernetskih zavarovanj preprečujeta odsotnost standardizacije ter enotnih definicij pojmov v zavarovalnih pogodbah. To velja tako za samostojno kibernetsko zavarovanje, kot za pasivna kibernetska zavarovanja, med katerimi je najpogostejše zavarovanje splošne odgovornosti. Predstavljeni izbrani primeri iz ameriške sodne prakse potrjujejo zmedo na trgu kibernetskih zavarovanj in kažejo na to, da je obseg kritja v največji meri odvisen od vsakokratnih konkretnih okoliščin primera in besedila zavarovalne pogodbe, predvsem izključitvenih klavzul. Za nadaljnji razvoj kibernetskega zavarovanja je pomembno sodelovanje med državo in zavarovalnicami, ki bi morale družno delovati v smeri čim večjega sklepanja kibernetskih zavarovanj s širokim kritjem, saj preventivni ukrepi, ki jih ob sklenitvi zavarovanja od zavarovalca zahtevajo zavarovalnice, pozitivno vplivajo na kibernetsko varnost kot javno dobrino.Cyber insurance is a relatively new product whose development was inevitable due to the omnipresent development of technology and smart devices. Because of the inherent characteristics of cyber risk, which is insured with cyber insurance (it is systemic, correlated, intangible and dynamic), the insurance companies are not inclined to providing a wide coverage. Lack of standardization and uniform definitions of terms in insurance contracts prevent further development of cyber insurance market. This is the case in both, stand alone cyber insurance contracts and non-affirmative insurance contracts, among which commercial general liability contracts are the most common. The selected cases from the US case law confirm confusion in the cyber insurance market and show that, to a large extent, the coverage depends on the particular circumstances of each case and the wording of insurance contract, especially exclusion clauses. For further development of cyber insurance, cooperation between states and insurance companies is important. They should work together to maximize the number of cyber insurance contracts with broader coverage, because the preventive measures, which the insurance company imposes on the insured when concluding the contract, have a positive impact on cyber security as a public good

Decentralized Finance (DeFi): A Survey

Decentralized Finance (DeFi) is a new paradigm in the creation, distribution, and utilization of financial services via the integration of blockchain technology. Our research conducts a comprehensive introduction and meticulous classification of various DeFi applications. Beyond that, we thoroughly analyze these risks from both technical and economic perspectives, spanning multiple layers. Lastly, we point out research directions in DeFi, encompassing areas of technological advancements, innovative economics, and privacy optimization

Blockchain smart contracts: Applications, challenges, and future trends

In recent years, the rapid development of blockchain technology and cryptocurrencies has influenced the financial industry by creating a new crypto-economy. Then, next-generation decentralized applications without involving a trusted third-party have emerged thanks to the appearance of smart contracts, which are computer protocols designed to facilitate, verify, and enforce automatically the negotiation and agreement among multiple untrustworthy parties. Despite the bright side of smart contracts, several concerns continue to undermine their adoption, such as security threats, vulnerabilities, and legal issues. In this paper, we present a comprehensive survey of blockchain-enabled smart contracts from both technical and usage points of view. To do so, we present a taxonomy of existing blockchain-enabled smart contract solutions, categorize the included research papers, and discuss the existing smart contract-based studies. Based on the findings from the survey, we identify a set of challenges and open issues that need to be addressed in future studies. Finally, we identify future trends

Mitigating Insider Threat Risks in Cyber-physical Manufacturing Systems

Cyber-Physical Manufacturing System (CPMS)—a next generation manufacturing system—seamlessly integrates digital and physical domains via the internet or computer networks. It will enable drastic improvements in production flexibility, capacity, and cost-efficiency. However, enlarged connectivity and accessibility from the integration can yield unintended security concerns. The major concern arises from cyber-physical attacks, which can cause damages to the physical domain while attacks originate in the digital domain. Especially, such attacks can be performed by insiders easily but in a more critical manner: Insider Threats. Insiders can be defined as anyone who is or has been affiliated with a system. Insiders have knowledge and access authentications of the system\u27s properties, therefore, can perform more serious attacks than outsiders. Furthermore, it is hard to detect or prevent insider threats in CPMS in a timely manner, since they can easily bypass or incapacitate general defensive mechanisms of the system by exploiting their physical access, security clearance, and knowledge of the system vulnerabilities. This thesis seeks to address the above issues by developing an insider threat tolerant CPMS, enhanced by a service-oriented blockchain augmentation and conducting experiments & analysis. The aim of the research is to identify insider threat vulnerabilities and improve the security of CPMS. Blockchain\u27s unique distributed system approach is adopted to mitigate the insider threat risks in CPMS. However, the blockchain limits the system performance due to the arbitrary block generation time and block occurrence frequency. The service-oriented blockchain augmentation is providing physical and digital entities with the blockchain communication protocol through a service layer. In this way, multiple entities are integrated by the service layer, which enables the services with less arbitrary delays while retaining their strong security from the blockchain. Also, multiple independent service applications in the service layer can ensure the flexibility and productivity of the CPMS. To study the effectiveness of the blockchain augmentation against insider threats, two example models of the proposed system have been developed: Layer Image Auditing System (LIAS) and Secure Programmable Logic Controller (SPLC). Also, four case studies are designed and presented based on the two models and evaluated by an Insider Attack Scenario Assessment Framework. The framework investigates the system\u27s security vulnerabilities and practically evaluates the insider attack scenarios. The research contributes to the understanding of insider threats and blockchain implementations in CPMS by addressing key issues that have been identified in the literature. The issues are addressed by EBIS (Establish, Build, Identify, Simulation) validation process with numerical experiments and the results, which are in turn used towards mitigating insider threat risks in CPMS

Blockchain for Cities—A Systematic Literature Review

Blockchain is considered one of the most disruptive technologies of our time. Numerous cities around the world are launching blockchain initiatives as part of the overall efforts toward shaping the urban future. However, the infancy stage of the blockchain industry leads to a severe gap between the knowledge we have and the actions urban policy makers are taking. This paper is an effort to narrow this rift. We provide a systematic literature review on concrete blockchain use cases proposed by the research community. At the macro-level, we discuss and organize use cases from 159 selected papers into nine sectors recognized as crucial for sustainable and smart urban future. At the micro-level, we identify a component-based framework and analyze the design and prototypes of blockchain systems studied in a subset of 71 papers. The high-level use case review allows us to illustrate the relationship between them and the four pillars of urban sustainability: social, economic, environmental, and governmental. The system level analysis helps us highlight interesting inconsistencies between well-known blockchain applicability decision rules and the approaches taken by the literature. We also offer two classification methodologies for blockchain use cases and elaborate on how they can be applied to stimulate cross-sector insights in the blockchain knowledge domain