On Cyber Risk Management of Blockchain Networks: A Game Theoretic Approach

Open-access blockchains based on proof-of-work protocols have gained tremendous popularity for their capabilities of providing decentralized tamper-proof ledgers and platforms for data-driven autonomous organization. Nevertheless, the proof-of-work based consensus protocols are vulnerable to cyber-attacks such as double-spending. In this paper, we propose a novel approach of cyber risk management for blockchain-based service. In particular, we adopt the cyber-insurance as an economic tool for neutralizing cyber risks due to attacks in blockchain networks. We consider a blockchain service market, which is composed of the infrastructure provider, the blockchain provider, the cyber-insurer, and the users. The blockchain provider purchases from the infrastructure provider, e.g., a cloud, the computing resources to maintain the blockchain consensus, and then offers blockchain services to the users. The blockchain provider strategizes its investment in the infrastructure and the service price charged to the users, in order to improve the security of the blockchain and thus optimize its profit. Meanwhile, the blockchain provider also purchases a cyber-insurance from the cyber-insurer to protect itself from the potential damage due to the attacks. In return, the cyber-insurer adjusts the insurance premium according to the perceived risk level of the blockchain service. Based on the assumption of rationality for the market entities, we model the interaction among the blockchain provider, the users, and the cyber-insurer as a two-level Stackelberg game. Namely, the blockchain provider and the cyber-insurer lead to set their pricing/investment strategies, and then the users follow to determine their demand of the blockchain service. Specifically, we consider the scenario of double-spending attacks and provide a series of analytical results about the Stackelberg equilibrium in the market game

Prototype of running clinical trials in an untrustworthy environment using blockchain.

Monitoring and ensuring the integrity of data within the clinical trial process is currently not always feasible with the current research system. We propose a blockchain-based system to make data collected in the clinical trial process immutable, traceable, and potentially more trustworthy. We use raw data from a real completed clinical trial, simulate the trial onto a proof of concept web portal service, and test its resilience to data tampering. We also assess its prospects to provide a traceable and useful audit trail of trial data for regulators, and a flexible service for all members within the clinical trials network. We also improve the way adverse events are currently reported. In conclusion, we advocate that this service could offer an improvement in clinical trial data management, and could bolster trust in the clinical research process and the ease at which regulators can oversee trials

The Role of Collaborative Governance in Blockchain-Enabled Supply Chains: A Proposed Framework

The blockchain age is dawning. Firms large and small are teaming up with partners and solution providers to deploy blockchain, especially in supply chains, often called the “sleeping giant” use case. But blockchain is still new, and despite early successes in simulated environments, how companies need to collaborate in a blockchain world is unclear. To help close the blockchain collaboration research gap, this design science study explores the technological and ecosystem business decisions required to deploy an interoperable blockchain solution. The research partially builds a supply chain artifact, and the challenges experienced by the design team prompts further investigation with twenty blockchain experts. With the discovery that effective and collaborative governance is a key mechanism to remove obstacles in blockchain deployment, the study concludes with a collaborative governance model. Inspired by public policy makers, the framework includes technological rules to assist practitioners as they collaborate in a blockchain world

Performance Evaluation of Big Data Processing at the Edge for IoT-Blockchain Applications

Internet-of-Things (IoT) utilising sensors is effective in performing continuous monitoring, while Blockchain is ideal in guaranteeing integrity and immutability of these IoT data. There are many challenges in integrating IoT and Blockchain together mainly because IoT devices have limited computational resources, and storage capacity while Blockchain processing incurs high CPU cost and high latency in data transfer. We propose a fully distributed edge computing architecture coupled with an efficient storage system that is based on Non-Volatile Memory express Over Fabrics (NVMeOF) to provide efficient IoT data processing for supply chain management. The data is secured using Blockchain at the edge to ensure traceability, security and non-repudiation in the data. An evaluation of our implementation and performance comparison between NVMeOF and SATA storage interfaces for our IoT-Blockchain architecture is presented

Virtual Resources & Internet of Things

Internet of Things (IoT) systems mostly follow a Cloud-centric approach. These systems get the benefits of the extensive computational capabilities and flexibility of the Cloud. Although Cloud-centric systems support virtualization of components to interact with IoT networks, many of these systems introduce high latency and restrict direct access to IoT devices. Fog computing has been presented as an alternative to reduce latency when engaging IoT networks, however, new forms of virtualization are required to access physical devices in a direct manner. This research introduces a definition of Virtual Resources to enable direct access to IoT networks and to allow richer interactions between applications and IoT components. Additionally, this work proposes Virtual Resources as a mechanism to handle the multi-tenancy challenge that emerges when more than one tenant tries to access and manipulate an IoT component simultaneously. Virtual Resources are developed using Go language and CoAP protocol. This work proposes permission-based blockchain to provision Virtual Resources directly on IoT devices. Seven experiments have been done using Raspberry Pi computers and Edison Arduino boards to test the definition of Virtual Resources presented by this work. The results of the experiments demonstrate that Virtual Resources can be deployed across different IoT platforms. Also, the results show that Virtual Resources and blockchain can support multi-tenancy in the IoT space. IBM Bluemix Blockchain as a Service and Multichain blockchain have been evaluated handling the provisioning of Virtual Resources in the IoT network. The results of these experiments show that permission-based blockchain can store the configurations of Virtual Resources and provision these configurations in the IoT network

RESHAPING ORGANIZATIONAL PROCESSES AND WORKFLOWS THROUGH INTEGRATION OF BLOCKCHAIN TECHNOLOGY

Cybercrime is becoming increasingly sophisticated and devastating as time carries on while many processes and workflows that exist within organizations are stagnant. This project analyzed Blockchain Technology as a use-case for building upon simple processes and workflows that are often overlooked within organizations for the purpose of hardening security and strengthening non-repudiation. This project examined three main questions relating to; how Blockchain can enhance traditional cyber security practices, how Blockchain can be introduced to organizations as a ground-breaking and worthwhile solution to countering cyber-attacks, and the benefits and risks of implementing Blockchain within an organization. An investigation of traditional cyber security practices and existing use-cases of Blockchain Technology was conducted alongside the development of two prototype Blockchain applications in order to illustrate organizational use-cases. The results of this study concluded that Blockchain is capable of enhancing traditional cyber security best practices by serving as an effective method of access control; Blockchain can be introduced to organizations through platforms such as SIMBA that are easy to use and simple to understand; and lastly, there are various benefits and risks of implementing Blockchain within an organization such as the benefit of increased transparency and accountability and the risk of the technology being costly and complicated to implement. Areas of further research include the utilization of Blockchain-based voting systems to ensure the integrity of elections, as well as tracking those who have or have not received vaccinations

Digital Management of Competencies in Web 3.0: The C-Box® Approach

Management of competencies is a crucial concern for both learners and workers as well as for training institutions and companies. For the former, it allows users to track and certify the acquired skills to apply for positions; for the latter, it enables better organisation of business processes. However, currently, most software systems for competency management adopted by the industry are either organisation-centric or centralised: that is, they either lock-in students and employees wishing to export their competencies elsewhere, or they require users’ trust and for users to give up privacy (to store their personal data) while being prone to faults. In this paper, we propose a user-centric, fully decentralised competency management system enabling verifiable, secure, and robust management of competencies digitalised as Open Badges via notarization on a public blockchain. This way, whoever acquires the competence or achievement retains full control over it and can disclose his/her own digital certifications only when needed and to the extent required, migrate them across storage platforms, and let anyone verify the integrity and validity of such certifications independently of any centralised organisation. The proposed solution is based on C-Box®, an existing application for the management of digital competencies that has been improved to fully support models, standards, and technologies of the so-called Web 3.0 vision—a global effort by major web organisations to “give the web back to the people”, pushing for maximum decentralisation of control and user-centric data ownership

EMAIL VERIFICATION SERVICE USING BLOCKCHAIN

Current email security solutions depend on various attributes to reduce the chances that a given email (mail) is likely to be a threat. However, current solutions make it relatively easy to target corporate organizations with a Business Email Compromise (BEC) attack. A BEC attack is a non-malicious mail which defrauds key people in organizations into performing, for example, wire transfers meant for the suppliers or partners abroad. The U.S. Federal Bureau of Investigation (FBI) has been tracking BEC, also known as email fraud and email account compromise (EAC), domestically and globally since October 2013. The recent trends related to fraudulent wire transfers and unauthorized disclosures of employee data are alarming: Total identified global exposed losses now exceed $12.5 billion (up from$5.3 billion in December 2016). More than 30,000 victim complaints were submitted between June 2016 and May 2018 via the recently launched Internet Crime Complaint Center (IC3) compliant form. BEC scams targeting the real estate sector rose more than 1,100% between 2015 and 2017. Wage and tax documentation BEC scams extend the threat beyond wire transfers and continue to grow. The US Internal Revenue Service (IRS) indicated it received approximately 900 reports of Form W-2 scams in 2017 (compared to just over 100 reports in 2016). The problem is that there is no absolute way to understand if a mail was sent from a particular sender to a group of recipients