Blockchain implications for auditing: a systematic literature review and bibliometric analysis

Blockchain technology, smart contracts, and asset tokenization have relevant implications for the auditing environment. This paper evaluates the current stage of blockchain application in auditing, analyzing scientific publications and identifying the impact of what is already a reality and the potential effects of its improvements in audit professionals’ activities performance. The article considers the proposals and suggestions on the leading research indexed by the Scopus and Web of Science databases. We analyzed 374 papers on the topic of blockchain and provide a summary and analysis of the current state of auditing research. The bibliometric analysis was performed using the Bibliometrix R Package and the VOSviewer software. After a systematic study of abstracts and a general review of the papers to only include those directly related to our work’s objectives, we found 78 papers. The work results in a framework of potential and effective implications of blockchain technology for auditing, pointing out several new challenges in terms of skills and knowledge needed in this new reality of audit professionals

Vind: A Blockchain-Enabled Supply Chain Provenance Framework for Energy Delivery Systems

Enterprise-level energy delivery systems (EDSs) depend on different software or hardware vendors to achieve operational efficiency. Critical components of these systems are typically manufactured and integrated by overseas suppliers, which expands the attack surface to adversaries with additional opportunities to infiltrate into EDSs. Due to this reason, the risk management of the EDS supply chain is crucial to ensure that we are knowledgeable about the vulnerabilities in software and hardware components that comprise any critical part, quantifiable risk metrics to assess the severity and exploitability of the attack, and provide remediation solutions that can influence a prioritized mitigation plan. There is a need to realize cyber supply chain risk management for industrial control systems\u27 hardware, software, and computing and networking services associated with bulk electric system (BES) operations. This article proposes a blockchain-based cyber supply chain provenance platform ( Vind ) for EDSs to realize data provenance in a cyber supply chain ecosystem

Facing the blockchain endpoint vulnerability, an SGX-based solution for secure eHealth auditing

According to McAfee Labs, even in 2019, the eHealth sector is confirmed as one of the most critical in terms of cybersecurity incidents. It is estimated that more than 176 million patient records were target of attacks between 2009 and 2017, and with a single attack, in 2018, more than 1.4 million patient records were affected at UnityPoint Health. To cope with such a dramatic situation, one of the main strategic priority in the eHealth field is represented by the adoption of Blockchain. Specifically, according to a Deloittes survey, 55% of healthcare executives believe that blockchain technology will disrupt the healthcare industry. Unfortunately, while blockchain provides a valuable tool for enhancing the security of health applications and related data, it cannot be assumed as a panacea for data security. As an example, the so-called Endpoint Vulnerability issue is a well-known problem of Blockchain-based solutions: in such a case the attacker successful in gaining control of the end-point can tamper data off-chain during its generation and/or before it is sent to the chain. In this paper, we face such an issue by shielding the endpoint through the Intel Software Guard eXtension (SGX) technology. We demonstrate our solution for an auditing software belonging to the European eHealth management system (namely OpenNCP). We also discuss how our solution can be generalized to any other Blockchain-based solution. Finally, an experimental evaluation has been conducted to prove the actual feasibility of the proposed solution under the requirements of the real eHealth system

KBD-Share: Key Aggregation, Blockchain, and Differential Privacy based Secured Data Sharing for Multi-User Cloud Computing

In today's era of widespread cloud computing and data sharing, the demand for secure and privacy-preserving techniques to facilitate multi-user data sharing is rapidly increasing. However, traditional approaches struggle to effectively address the twin objectives of ensuring privacy protection while preserving the utility of shared data. This predicament holds immense significance due to the pivotal role data sharing plays in diverse domains and applications. However, it also brings about significant privacy vulnerabilities. Consequently, innovative approaches are imperative to achieve a harmonious equilibrium between the utility of shared data and the protection of privacy in scenarios involving multiple users. This paper presents KBD-Share, an innovative framework that addresses the intricacies of ensuring data security and privacy in the context of sharing data among multiple users in cloud computing environments. By seamlessly integrating key aggregation, blockchain technology, and differential privacy techniques, KBD-Share offers an efficient and robust solution to protect sensitive data while facilitating seamless sharing and utilization. Extensive experimental evaluations convincingly establish the superiority of KBD-Share in aspects of data privacy preservation and utility, outperforming existing approaches. This approach achieves the highest R2 value of 0.9969 exhibiting best data utility, essential for multi-user data sharing in diverse cloud computing applications