9 research outputs found
Attribute Based Cryptographic Enforcements for Security and Privacy in E-health Environments
publishedVersio
Is Blockchain for Internet of Medical Things a Panacea for COVID-19 Pandemic?
The outbreak of the COVID-19 pandemic has deeply influenced the lifestyle of
the general public and the healthcare system of the society. As a promising
approach to address the emerging challenges caused by the epidemic of
infectious diseases like COVID-19, Internet of Medical Things (IoMT) deployed
in hospitals, clinics, and healthcare centers can save the diagnosis time and
improve the efficiency of medical resources though privacy and security
concerns of IoMT stall the wide adoption. In order to tackle the privacy,
security, and interoperability issues of IoMT, we propose a framework of
blockchain-enabled IoMT by introducing blockchain to incumbent IoMT systems. In
this paper, we review the benefits of this architecture and illustrate the
opportunities brought by blockchain-enabled IoMT. We also provide use cases of
blockchain-enabled IoMT on fighting against the COVID-19 pandemic, including
the prevention of infectious diseases, location sharing and contact tracing,
and the supply chain of injectable medicines. We also outline future work in
this area.Comment: 15 pages, 8 figure
Blockchain Driven Access Control Mechanisms, Models and Frameworks: A Systematic Literature Review
Access control or authorization is referred to as the confinement of specific actions of an entity, thereby allowing them to be performed as per certain rules. Blockchain-driven access control mechanisms gained considerable attention directly after applications beyond the premise of cryptocurrency were found. However, there are no systematic efforts to analyze existing empirical evidence. To this end, we aim to synthesize litera- ture to understand the state-of-the-art blockchain driven access control mechanisms with respect to underlying platforms, utilized blockchain properties, nature of the mod- els and associated testbeds and tools. We conducted the review in a systematic way. Meta analysis and thematic synthesis were performed on the findings from relevant primary studies, in order to answer the framed research questions in perspective. We identified 76 relevant primary studies that passed the quality assessment. The problems targeted by relevant studies were single point of failure, security, and privacy, etc. The meta-analysis of the primary studies suggests the use of different blockchain platforms along with several application domains where different blockchain proprieties were utilized.
In this paper, we present a systematic literature review of blockchain driven access control systems. In hindsight, we present a taxonomy of blockchain-driven access control systems to better understand the immense implications of this field spanning various application domain
Attribute-based Anonymous Credential: Optimization for Single-Use and Multi-Use
User attributes can be authenticated by an attribute-based anonymous credential while keeping the anonymity of the user.
Most attribute-based anonymous credential schemes are designed specifically for either multi-use or single-use.
In this paper, we propose a unified attribute-based anonymous credential system, in which
users always obtain the same format of credential from the issuer. The user can choose to use it for an efficient multi-use or single-use show proof. It is a more user-centric approach than the existing schemes.
Technically, we propose an interactive approach to the credential issuance protocol using a two-party computation with an additive homomorphic encryption.
At the same time, it keeps the security property of impersonation resilience, anonymity, and unlinkability.
Apart from the interactive protocol, we further design the show proofs for efficient single-use credentials which maintain the user anonymity
Analyzing the Prospects of Blockchain in Healthcare Industry
Deployment of a secured healthcare information is a major challenge in a web based environment. Ehealth services are subjected to same security threats as other services. The purpose of blockchain is to provide a structure and security to the organization data. Healthcare data deals with confidential information. The medical records can be well organized and empower their propagation in a secured manner through the usage of blockchain technology. The study throws light on providing security of health services through blockchain technology. The authors have analysed the various aspects of role of blockchain in healthcare through an extensive literature review. The application of blockchain in covid-19 has also been analysed and discussed in the study. Further application of blockchain in Indian healthcare has been highlighted in the paper. The study provides suggestions for strengthening the healthcare system by blending machine learning, artificial intelligence, big data, IoT with blockchain
RobotChain: Artificial Intelligence on a Blockchain using Tezos Technology
Blockchain technology is not only growing everyday at a fast-passed rhythm, but it is also a disruptive technology that has changed how we look at financial transactions. By providing a way
to trust an unknown network and by allowing us to conduct transactions without the need for a
central authority, blockchain has grown exponentially. Moreover, blockchain also provides decentralization of the data, immutability, accessibility, non-repudiation and irreversibility properties that makes this technology a must in many industries. But, even thought blockchain
provides interesting properties, it has not been extensively used outside the financial scope.
Similarly, robots have been increasingly used in factories to automate tasks that range from
picking objects, to transporting them and also to work collaboratively with humans to perform
complex tasks. It is important to enforce that robots act between legal and moral boundaries
and that their events and data are securely stored and auditable. This rarely happens, as robots
are programmed to do a specific task without certainty that that task will always be performed
correctly and their data is either locally stored, without security measures, or disregarded. This
means that the data, especially logs, can be altered, which means that robots and manufacturers can be accused of problems that they did not cause. Henceforth, in this work, we sought
to integrate blockchain with robotics with the goal to provide enhanced security to robots, to
the data and to leverage artificial intelligence algorithms. By doing an extensive overview of
the methods that integrate blockchain and artificial intelligence or robotics, we found that this
is a growing field but there is a lack of proposals that try to improve robotic systems by using
blockchain. It was also clear that most of the existing proposals that integrate artificial intelligence and blockchain, are focused on building marketplaces and only use the latter to storage
transactions. So, in this document, we proposed three different methods that use blockchain
to solve different problems associated with robots. The first one is a method to securely store
robot logs in a blockchain by using smart-contracts as storage and automatically detect when
anomalies occur in a robot by using the data contained in the blockchain and a smart-contract.
By using smart-contracts, it is assured that the data is secure and immutable as long as the
blockchain has enough peers to participate in the consensus process. The second method goes
beyond registering events to also register information about external sensors, like a camera,
and by using smart-contracts to allow Oracles to interact with the blockchain, it was possible to
leverage image analysis algorithms that can detect the presence of material to be picked. This
information is then inserted into a smart-contract that automatically defines the movement that
a robot should have, regarding the number of materials present to be picked. The third proposal
is a method that uses blockchain to store information about the robots and the images derived
from a Kinect. This information is then used by Oracles that check if there is any person located
inside a robot workspace. If there is any, this information is stored and different Oracles try to
identify the person. Then, a smart-contract acts appropriately by changing or even stopping the
robot depending on the identity of the person and if the person is located inside the warning or
the critical zone surrounding the robot.
With this work, we show how blockchain can be used in robotic environments and how it
can beneficial in contexts where multi-party cooperation, security, and decentralization of the
data is essential. We also show how Oracles can interact with the blockchain and distributively
cooperate to leverage artificial intelligence algorithms to perform analysis in the data that
allow us to detect robotic anomalies, material in images and the presence of people. We also show that smart-contracts can be used to perform more tasks than just serve the purpose of
automatically do monetary transactions. The proposed architectures are modular and can be
used in multiple contexts such as in manufacturing, network control, robot control, and others
since they are easy to integrate, adapt, maintain and extend to new domains. We expect
that the intersection of blockchain and robotics will shape part of the future of robotics once
blockchain is more widely used and easy to integrate. This integration will be very prominent
in tasks where robots need to behave under certain constraints, in swarm robotics due to the
fact that blockchain offers global information and in factories because the actions undertaken
by a robot can easily be extended to the rest of the robots by using smart-contracts.Hoje em dia Ă© possĂvel ver que a blockchain nĂŁo está apenas a crescer a um ritmo exponencial, mas que Ă© tambĂ©m uma tecnologia disruptiva que mudou a forma como trabalhamos com
transações financeiras. Ao fornecer uma maneira eficiente de confiar numa rede desconhecida
e de permitir realizar transações sem a necessidade de uma autoridade central, a blockchain
cresceu rapidamente. Além disso, a blockchain fornece também descentralização de dados,
imutabilidade, acessibilidade, não-repúdio e irreversibilidade, o que torna esta tecnologia indispensável em muitos setores. Mas, mesmo fornecendo propriedades interessantes, a blockchain não tem sido amplamente utilizada fora do âmbito financeiro. Da mesma forma, os robôs
têm sido cada vez mais utilizados em fábricas para automatizar tarefas que vão desde pegar
objetos, transportá-los e colaborar com humanos para realizar tarefas complexas. Porém, é
importante impor que os robĂ´s atuem entre certos limites legais e morais e que seus eventos
e dados são armazenados com segurança e que estes possam ser auditáveis. O problema é que
isso raramente acontece. Os robĂ´s sĂŁo programados para executar uma tarefa especĂfica sem
se ter total certeza de que essa tarefa irá ser executada sempre de maneira correta, e os seus
dados são armazenados localmente, desconsiderando a segurança dos dados. Sendo que em
muitas ocasiões, não existe qualquer segurança. Isso significa que os dados, especialmente os
logs, podem ser alterados, o que pode resultar em que os robĂ´s e, pela mesma linha de pensamento, os fabricantes, possam ser acusados de problemas que nĂŁo causaram. Tendo isto em
consideração, neste trabalho, procuramos integrar a blockchain com a robótica, com o objetivo
de proporcionar maior segurança aos robôs e aos dados que geram e potenciar ainda a utilização de algoritmos de inteligência artificial. Fazendo uma visão abrangente dos métodos que
propõem integrar a blockchain e inteligência artificial ou robótica, descobrimos que este é um
campo em crescimento, mas que há uma falta de propostas que tentem melhorar os sistemas
robóticos utilizando a blockchain. Ficou também claro que a maioria das propostas existentes
que integram inteligência artificial e blockchain estão focadas na construção de marketplaces e
só utilizam a blockchain para armazenar a informação sobre as transações que foram executadas. Assim, neste documento, propomos três métodos que utilizam a blockchain para resolver
diferentes problemas associados a robôs. O primeiro é um método para armazenar, com segurança, logs de robôs dentro de uma blockchain, utilizando para isso smart-contracts como
armazenamento. Neste método foi também proposta uma maneira de detetar anomalias em
robĂ´s automaticamente, utilizando para isso os dados contidos na blockchain e smart-contracts
para definir a lógica do algoritmo. Ao utilizar smart-contracts, é garantido que os dados são seguros e imutáveis, desde que a blockchain contenha nós suficientes a participar no algoritmo de
consenso. O segundo método vai além de registar eventos, para registar também informações
sobre sensores externos, como uma câmara, e utilizando smart-contracts para permitir que Ă“raculos interajam com a blockchain, foi possĂvel utilizar algoritmos de análise de imagens, que
podem detetar a presença de material para ser recolhido. Esta informação é então inserida
num smart-contract que define automaticamente o movimento que um robĂ´ deve ter, tendo
em consideração a quantidade de material à espera para ser recolhida. A terceira proposta é
um método que utiliza a blockchain para armazenar informações sobre robôs, e imagens provenientes de uma Kinect. Esta informação é então utilizada por Óraculos que verificam se existe
alguma pessoa dentro do um espaço de trabalho de um robô. Se existir alguém, essa informação
Ă© armazenada e diferentes Ă“raculos tentam identificar a pessoa. No fim, um smart-contract
age apropriadamente, mudando ou até mesmo parando o robô, dependendo da identidade da Com este trabalho, mostramos como a blockchain pode ser utilizada em ambientes onde existam robôs e como esta pode ser benéfica em contextos onde a cooperação entre várias entidades, a segurança e a descentralização dos dados são essenciais. Mostramos também como
Ă“raculos podem interagir com a blockchain e cooperar de forma distribuĂda, para alavancar
algoritmos de inteligência artificial de forma a realizar análises nos dados, o que nos permite
detetar anomalias robóticas, material para ser recolhido e a presença de pessoas em imagens.
Mostramos também que os smart-contracts podem ser utilizados para executar mais tarefas do
que servir o propósito de fazer transações monetárias de forma automática. As arquiteturas
propostas neste trabalho são modulares e podem ser utilizadas em vários contextos, como no
fabrico de peças, controle de robô e outras. Devido ao facto de que as arquiteturas propostas,
sĂŁo fáceis de integrar, adaptar, manter e estender a novos domĂnios. A nossa opiniĂŁo Ă© que a
interseção entre a blockchain e a robótica irá moldar parte do futuro da robótica moderna assim
que a blockchain seja mais utilizada e fácil de integrar em sistemas robóticos. Esta integração
será muito proeminente em tarefas onde os robôs precisam de se comportar sob certas restrições, em enxames de robôs, devido ao fato de que a blockchain fornece informação global sobre
o estado da rede, e também em fábricas, porque as ações realizadas por um robô podem ser
facilmente estendidas ao resto dos robôs, e porque fornece um mecanismo extra de segurança
aos dados e a todas as ações que são efetuadas com ajuda de smart-contracts
Privacy Enhancing Technologies for solving the privacy-personalization paradox : taxonomy and survey
Personal data are often collected and processed in a decentralized fashion, within
different contexts. For instance, with the emergence of distributed applications,
several providers are usually correlating their records, and providing personalized services to their clients. Collected data include geographical and indoor
positions of users, their movement patterns as well as sensor-acquired data that
may reveal users’ physical conditions, habits and interests. Consequently, this
may lead to undesired consequences such as unsolicited advertisement and even
to discrimination and stalking. To mitigate privacy threats, several techniques
emerged, referred to as Privacy Enhancing Technologies, PETs for short.
On one hand, the increasing pressure on service providers to protect users’ privacy resulted in PETs being adopted. One the other hand, service providers
have built their business model on personalized services, e.g. targeted ads and
news. The objective of the paper is then to identify which of the PETs have the
potential to satisfy both usually divergent - economical and ethical - purposes.
This paper identifies a taxonomy classifying eight categories of PETs into three
groups, and for better clarity, it considers three categories of personalized services. After defining and presenting the main features of PETs with illustrative
examples, the paper points out which PETs best fit each personalized service
category.
Then, it discusses some of the inter-disciplinary privacy challenges that may
slow down the adoption of these techniques, namely: technical, social, legal and
economic concerns. Finally, it provides recommendations and highlights several
research directions
Security and Privacy Preservation in Mobile Advertising
Mobile advertising is emerging as a promising advertising strategy, which leverages prescriptive analytics, location-based distribution, and feedback-driven marketing to engage consumers with timely and targeted advertisements. In the current mobile advertising system, a third-party ad broker collects and manages advertisements for merchants who would like to promote their business to mobile users. Based on its large-scale database of user profiles, the ad broker can help the merchants to better reach out to customers with related interests and charges the merchants for ad dissemination services. Recently, mobile advertising technology has dominated the digital advertising industry and has become the main source of income for IT giants. However, there are many security and privacy challenges that may hinder the continuous success of the mobile advertising industry. First, there is a lack of advertising transparency in the current mobile advertising system. For example, mobile users are concerned about the reliability and trustworthiness of the ad dissemination process and advertising review system. Without proper countermeasures, mobile users can install ad-blocking software to filter out irrelevant or even misleading advertisements, which may lower the advertising investments from merchants. Second, as more strict privacy regulations (e.g. European General Data Privacy Regulations) take effect, it is critical to protect mobile users’ personal profiles from illegal sharing and exposure in the mobile advertising system.
In this thesis, three security and privacy challenges for the mobile advertising system are identified and addressed with the designs, implementations, and evaluations of a blockchain-based architecture. First, we study the anonymous review system for the mobile advertising industry. When receiving advertisements from a specific merchant (e.g. a nearby restaurant), mobile users are more likely to browse the previous reviews about the merchant for quality-of-service assessments. However, current review systems are known for the lack of system transparency and are subject to many attacks, such as double reviews and deletions of negative reviews. We exploit the tamper-proof nature and the distributed consensus mechanism of the blockchain technology, to design a blockchain-based review system for mobile advertising, where review accumulations are transparent and verifiable to the public. To preserve user review privacy, we further design an anonymous review token generation scheme, where users are encouraged to leave reviews anonymously while still ensuring the review authenticity. We also explore the implementation challenges of the blockchain-based system on an Ethereum testing network and the experimental results demonstrate the application feasibility of the proposed anonymous review system. Second, we investigate the transparency issues for the targeted ad dissemination process. Specifically, we focus on a specific mobile advertising application: vehicular local advertising, where vehicular users send spatial-keyword queries to ad brokers to receive location-aware advertisements. To build a transparent advertising system, the ad brokers are required to provide mobile users with explanations on the ad dissemination process, e.g., why a specific ad is disseminated to a mobile user. However, such transparency explanations are
often found incomplete and sometimes even misleading, which may lower the user trust on the advertising system if without proper countermeasures. Therefore, we design an advertising smart contract to efficiently realize a publicly verifiable spatial-keyword query scheme. Instead of directly implementing the spatial-keyword query scheme on the smart contract with prohibitive storage and computation cost, we exploit the on/off-chain computation models to trade the expensive on-chain cost for cheap off-chain cost. With two design strategies: digest-and-verify and divide-then-assemble, the on-chain cost for a single
spatial keyword query is reduced to constant regardless of the scale of the spatial-keyword database. Extensive experiments are conducted to provide both on-chain and off-chain benchmarks with a verifiable computation framework. Third, we explore another critical requirement of the mobile advertising system: public accountability enforcement against advertising misconducts, if (1) mobile users receive irrelevant ads, or (2) advertising policies of merchants are not correctly computed in the ad dissemination process. This requires the design of a composite Succinct Non-interactive ARGument (SNARG) system, that can be tailored for different advertising transparency requirements and is efficient for the blockchain implementations. Moreover, pursuing public accountability should also achieve a strict privacy guarantee for the user profile. We also propose an accountability contract which can receive explanation requirements from both mobile users and merchants. To promote prompt on-chain responses, we design an incentive mechanism based on the pre-deposits of involved parties, i.e., ad brokers, mobile users, and merchants. If any advertising misconduct is identified, public accountability can be enforced by confiscating the pre-deposits of the misbehaving party. Comprehensive experiments and analyses are conducted to demonstrate the versatile functionalities and feasibility of the accountability contract.
In summary, we have designed, implemented, and evaluated a blockchain-based architecture for security and privacy preservations in the mobile advertising. The designed architecture can not only enhance the transparency and accountability for the mobile advertising system, but has also achieved notably on-chain efficiency and privacy for real-world implementations. The results from the thesis may shed light on the future research and practice of a blockchain-based architecture for the privacy regulation compliance in the mobile advertising
Identity and identification in an information society: Augmenting formal systems of identification with technological artefacts
Information and Communication Technology (ICT) are transforming society’s information flows. These new interactive environments decouple agents, information and actions from their original contexts and this introduces challenges when evaluating trustworthiness and intelligently placing trust.This thesis develops methods that can extend institutional trust into digitally enhanced interactive settings. By applying privacy-preserving cryptographic protocols within a technical architecture, this thesis demonstrates how existing human systems of identification that support institutional trust can be augmented with ICT in ways that distribute trust, respect privacy and limit the potential for abuse. Importantly, identification systems are located within a sociologically informed framework of interaction where identity is more than a collection of static attributes.A synthesis of the evolution and systematisation of cryptographic knowledge is presented and this is juxtaposed against the ideas developed within the digital identity community. The credential mechanism, first conceptualised by David Chaum, has matured into a number of well specified mathematical protocols. This thesis focuses on CL-RSA and BBS+, which are both signature schemes with efficient protocols that can instantiate a credential mechanism with strong privacy-preserving properties.The processes of managing the identification of healthcare professionals as they navigate their careers within the Scottish Healthcare Ecosystem provide a concrete case study for this work. The proposed architecture mediates the exchange of verifiable, integrity-assured evidence that has been cryptographically signed by relevant healthcare institutions, but is stored, managed and presented by the healthcare professionals to whom the evidence pertains.An evaluation of the integrity-assured transaction data produced by this architecture demonstrates how it could be integrated into digitally augmented identification processes, increasing the assurance that can be placed in these processes. The technical architecture is shown to be practical through a series of experiments run under realistic production-like settings.This work demonstrates that designing decentralised, standards-based, privacy-preserving identification systems for trusted professionals within highly assured social contexts can distribute institutionalised trust to trustworthy individuals and empower these individuals to interface with society’s increasingly socio-technical systems