13 research outputs found
The Role of Blockchain in Cyber Security
Cyber security breaches are on the rise globally. Due to the introduction of legislation like the EU’s General Data Protection Regulation (GDPR),companies are now subject to further financial penalties if they fail to meet requirements in protecting user information. In 2018, 75% of CEOs and board members considered cyber security and technology acquisitions among their top priorities, and blockchain based solutions were among the most considered options. Blockchain is a decentralised structure that offers multiple security benefits over traditional, centralised network architectures. These two approaches are compared in this chapter in areas such as data storage, the Internet of Things (IoT) and Domain Name System (DNS) in order to determine blockchain’s potential in the future of cyber securit
Authentication and Billing Scheme for The Electric Vehicles: EVABS
The need for different energy sources has increased due to the decrease in
the amount and the harm caused to the environment by its usage. Today, fossil
fuels used as an energy source in land, sea or air vehicles are rapidly being
replaced by different energy sources. The number and types of vehicles using
energy sources other than fossil fuels are also increasing. Electricity stands
out among the energy sources used. The possibility of generating electricity
that is renewable, compatible with nature and at a lower cost provides a great
advantage. For all these reasons, the use of electric vehicles is increasing
day by day. Various solutions continue to be developed for the charging systems
and post-charge billing processes of these vehicles. As a result of these
solutions, the standards have not yet been fully formed. In this study, an
authentication and billing scheme is proposed for charging and post-charging
billing processes of electric land vehicles keeping security and privacy in the
foreground. This scheme is named EVABS, which derives from the phrase "Electric
Vehicle Authentication and Billing Scheme". An authentication and billing
scheme is proposed where data communication is encrypted, payment transactions
are handled securely and parties can authenticate over wired or wireless. The
security of the proposed scheme has been examined theoretically and it has been
determined that it is secure against known attacks
Smart Contract Assisted Blockchain based PKI System
The proposed smart contract can prevent seven cyber attacks, such as Denial
of Service (DoS), Man in the Middle Attack (MITM), Distributed Denial of
Service (DDoS), 51\%, Injection attacks, Routing Attack, and Eclipse attack.
The Delegated Proof of Stake (DPoS) consensus algorithm used in this model
reduces the number of validators for each transaction which makes it suitable
for lightweight applications. The timing complexity of key/certificate
validation and signature/certificate revocation processes do not depend on the
number of transactions. The comparisons of various timing parameters with
existing solutions show that the proposed PKI is competitively better.Comment: manuscrip
Revisiting Privacy-aware Blockchain Public Key Infrastructure
Privacy-aware Blockchain Public Key Infrastructure (PB-
PKI) is a recent proposal by Louise Axon (2017) to create a privacy-preserving Public Key Infrastructure on the Blockchain. However, PB-PKI suffers from operational problems. We found that the most important change, i.e., the key update process proposed in PB-PKI for privacy is broken. Other issues include authenticating a user during key update and ensuring proper key revocation.
In this paper, we provide solutions to the problems of PB-PKI. We suggest generating fresh keys during key update. Furthermore, we use ring signatures for authenticating the user requesting key updates and use Asynchronous accumulators to handle the deletion of revoked keys. We show that the approach is feasible and implement a proof of concept
Unravelling Ariadne’s Thread: Exploring the Threats of Decentralised DNS
The current landscape of the core Internet technologies shows considerable centralisation with the big tech companies controlling the vast majority of traffic and services. This situation has sparked a wide range of decentralisation initiatives with blockchain technology being among the most prominent and successful innovations. At the same time, over the past years there have been considerable attempts to address the security and privacy issues affecting the Domain Name System (DNS). To this end, it is claimed that Blockchain-based DNS may solve many of the limitations of traditional DNS. However, such an alternative comes with its own security concerns and issues, as any introduction and adoption of a new technology typically does - let alone a disruptive one. In this work we present the emerging threat landscape of blockchain-based DNS and we empirically validate the threats with real-world data. Specifically, we explore a part of the blockchain DNS ecosystem in terms of the browser extensions using such technologies, the chain itself (Namecoin and Emercoin), the domains, and users who have been registered in these platforms. Our findings reveal several potential domain extortion attempts and possible phishing schemes. Finally, we suggest countermeasures to address the identified threats, and we identify emerging research themes
Anonymous and Distributed Authentication for Peer-to-Peer Networks
Well-known authentication mechanisms such as Public-key Infrastructure (PKI) and Identity-based Public-key Certificates (ID-PKC) are not suitable to integrate with the peer-to-peer (P2P) network environment. The reason is the difficulty in maintaining a centralized authority to manage the certificates. The authentication becomes even harder in an anonymous environment. We present three authentication protocols such that the users can authenticate themselves in an anonymous P2P network, without revealing their identities. Firstly, we propose a way to use existing ring signature schemes to obtain anonymous authentication. Secondly, we propose an anonymous authentication scheme utilizing secret sharing schemes. Finally, we propose a zero-knowledge-based anonymous authentication protocol. We provide security justifications of the three protocols in terms of anonymity, completeness, soundness, resilience to impersonation attacks, and resilience to replay attacks
Addressing the challenges of modern DNS:a comprehensive tutorial
The Domain Name System (DNS) plays a crucial role in connecting services and users on the Internet. Since its first specification, DNS has been extended in numerous documents to keep it fit for today’s challenges and demands. And these challenges are many. Revelations of snooping on DNS traffic led to changes to guarantee confidentiality of DNS queries. Attacks to forge DNS traffic led to changes to shore up the integrity of the DNS. Finally, denial-of-service attack on DNS operations have led to new DNS operations architectures. All of these developments make DNS a highly interesting, but also highly challenging research topic. This tutorial – aimed at graduate students and early-career researchers – provides a overview of the modern DNS, its ongoing development and its open challenges. This tutorial has four major contributions. We first provide a comprehensive overview of the DNS protocol. Then, we explain how DNS is deployed in practice. This lays the foundation for the third contribution: a review of the biggest challenges the modern DNS faces today and how they can be addressed. These challenges are (i) protecting the confidentiality and (ii) guaranteeing the integrity of the information provided in the DNS, (iii) ensuring the availability of the DNS infrastructure, and (iv) detecting and preventing attacks that make use of the DNS. Last, we discuss which challenges remain open, pointing the reader towards new research areas
Recommended from our members
A Survey on Content Retrieval on the Decentralised Web
The control, governance, and management of the web have become increasingly centralised, resulting in security, privacy, and censorship concerns. Decentralised initiatives have emerged to address these issues, beginning with decentralised file systems. These systems have gained popularity, with major platforms serving millions of content requests daily. Complementing the file systems are decentralised search engines and name registry infrastructures, together forming the basis of a decentralised web. This survey paper analyses research trends and emerging technologies for content retrieval on the decentralised web, encompassing both academic literature and industrial projects.
Several challenges hinder the realisation of a fully decentralised web. Achieving comparable performance to centralised systems without compromising decentralisation is a key challenge. Hybrid infrastructures, blending centralised components with verifiability mechanisms, show promise to improve decentralised initiatives. While decentralised file systems have seen more mature deployments, they still face challenges such as usability, performance, privacy, and content moderation. Integrating these systems with decentralised name-registries offers a potential for improved usability with human-readable and persistent names for content. Further research is needed to address security concerns in decentralised name-registries and enhance governance and crypto-economic incentive mechanisms
A Survey on Content Retrieval on the Decentralised Web
The control, governance, and management of the web have become increasingly centralised, resulting in security, privacy, and censorship concerns. Decentralised initiatives have emerged to address these issues, beginning with decentralised file systems. These systems have gained popularity, with major platforms serving millions of content requests daily. Complementing the file systems are decentralised search engines and name registry infrastructures, together forming the basis of a decentralised web . This survey paper analyses research trends and emerging technologies for content retrieval on the decentralised web, encompassing both academic literature and industrial projects. Several challenges hinder the realisation of a fully decentralised web. Achieving comparable performance to centralised systems without compromising decentralisation is a key challenge. Hybrid infrastructures, blending centralised components with verifiability mechanisms, show promise to improve decentralised initiatives. While decentralised file systems have seen more mature deployments, they still face challenges such as usability, performance, privacy, and content moderation. Integrating these systems with decentralised name-registries offers a potential for improved usability with human-readable and persistent names for content. Further research is needed to address security concerns in decentralised name-registries and enhance governance and crypto-economic incentive mechanisms