UniquID: A Quest to Reconcile Identity Access Management and the Internet of Things

The Internet of Things (IoT) has caused a revolutionary paradigm shift in computer networking. After decades of human-centered routines, where devices were merely tools that enabled human beings to authenticate themselves and perform activities, we are now dealing with a device-centered paradigm: the devices themselves are actors, not just tools for people. Conventional identity access management (IAM) frameworks were not designed to handle the challenges of IoT. Trying to use traditional IAM systems to reconcile heterogeneous devices and complex federations of online services (e.g., IoT sensors and cloud computing solutions) adds a cumbersome architectural layer that can become hard to maintain and act as a single point of failure. In this paper, we propose UniquID, a blockchain-based solution that overcomes the need for centralized IAM architectures while providing scalability and robustness. We also present the experimental results of a proof-of-concept UniquID enrolment network, and we discuss two different use-cases that show the considerable value of a blockchain-based IAM.Comment: 15 pages, 10 figure

Distributed Access Control with Blockchain

The specification and enforcement of network-wide policies in a single administrative domain is common in today's networks and considered as already resolved. However, this is not the case for multi-administrative domains, e.g. among different enterprises. In such situation, new problems arise that challenge classical solutions such as PKIs, which suffer from scalability and granularity concerns. In this paper, we present an extension to Group-Based Policy -- a widely used network policy language -- for the aforementioned scenario. To do so, we take advantage of a permissioned blockchain implementation (Hyperledger Fabric) to distribute access control policies in a secure and auditable manner, preserving at the same time the independence of each organization. Network administrators specify polices that are rendered into blockchain transactions. A LISP control plane (RFC 6830) allows routers performing the access control to query the blockchain for authorizations. We have implemented an end-to-end experimental prototype and evaluated it in terms of scalability and network latency.Comment: 7 pages, 9 figures, 2 table

Security and Privacy for Green IoT-based Agriculture: Review, Blockchain solutions, and Challenges

open access articleThis paper presents research challenges on security and privacy issues in the field of green IoT-based agriculture. We start by describing a four-tier green IoT-based agriculture architecture and summarizing the existing surveys that deal with smart agriculture. Then, we provide a classification of threat models against green IoT-based agriculture into five categories, including, attacks against privacy, authentication, confidentiality, availability, and integrity properties. Moreover, we provide a taxonomy and a side-by-side comparison of the state-of-the-art methods toward secure and privacy-preserving technologies for IoT applications and how they will be adapted for green IoT-based agriculture. In addition, we analyze the privacy-oriented blockchain-based solutions as well as consensus algorithms for IoT applications and how they will be adapted for green IoT-based agriculture. Based on the current survey, we highlight open research challenges and discuss possible future research directions in the security and privacy of green IoT-based agriculture

Cloud-centric blockchain public key infrastructure for big data applications

A cloud-based public key infrastructure (PKI) utilizing blockchain technology is proposed. Big data ecosystems have scalable and resilient needs that current PKI cannot satisfy. Enhancements include using blockchains to establish persistent access to certificate data and certificate revocation lists, decoupling of data from certificate authority, and hosting it on a cloud provider to tap into its traffic security measures. Instead of holding data within the transaction data fields, certificate data and status were embedded into smart contracts. The tests revealed a significant performance increase over that of both traditional and the version that stored data within blocks. The proposed method reduced the mining data size, and lowered the mining time to 6.6% of the time used for the block data storage method. Also, the mining gas cost per certificate was consequently cut by 87%. In summary, completely decoupling the certificate authority portion of a PKI and storing certificate data inside smart contracts yields a sizable performance boost while decreasing the attack surface

Blockchain Oracles

Plokiahelatehnoloogia on osutunud paljude tööstusharude potentsiaalseks lammutajaks ning on saanud eraldiseisvate üksuste jaoks turvalise ja detsentraliseeritud toimimise võimaldajaks. Sellest hoolimata ei ole plokiahelatehnoloogia iseenesest väliste andmeallikatega otseselt seotud. Vajalikke väliseid andmeid vahendatakse oraaklite abil. Selle magistritöö eesmärk on uurida seoseid plokiahela võrkude ja oraaklite vahel ning töötada välja raamistik, mis aitab plokiahela arendajaid ja otsuste langetajaid nende plokiahela projektides millestki juhinduda. Mõnedes olemasolevates oraakliprojektides on kirjeldatud sarnaseid püüdluseid, kuid seni pole nende autorid süstemaatiliste ülevaadeteni jõudnud. Lõputöös esitatud raamistik on välja töötatud olemasolevate oraaklitega seotud plokiahela projektide süstemaatilise kirjanduse ülevaate põhjal. See hõlmab selliseid komponente nagu oraaklite poolt kogutud informatsiooni tüübid, plokiahelavõrgud, millega nad suhtlevad, ning ka oraaklite ja andmeallika vahelise suhtluse krüptimine. Lisaks mängib plokiahela oraakli projektides olulist rolli ka oraaklite otsuste tegemine, mis kajastab teabe edastamist oraaklile, nende andmete kontrollimist ja meetodeid, kuidas oraakleid integreeritakse plokiahela võrkudega. Läbivaatamise tulemused näitavad, et plokiahela oraaklid on keerulised lahendused, mis hõlmavad paljusid komponente ja aspekte. Need võivad olla immateriaalsed või materiaalsed ning edastada andmeid vastavalt veebist või anduriseadmetest. Oraakleid saab kasutada igat tüüpi plokiahela võrkudes ja integreerida erinevates formaatides, sealhulgas nutikates lepinguliidestes, või otse teiste plokiahela-sõlmedega. Neid saab otsustusprotsessides tsentraliseerida või detsentraliseerida ja nad suudavad kasutada andmete õigsuse üle otsustamiseks mitmesuguseid olemasolevaid nõuandemehhanisme või usaldada lihtsalt välist andmepakkujat. Need uurimise tulemused aitavad plokiahela arendajatel demüstifitseerida oraaklite potentsiaalset kasutamist või rakendamist oma plokiahela projektides ning aitavad ületada lõhet plokiahela virtuaalse maailma ja väliste keskkondade vahel.Blockchain technology has emerged as a potential disruptor of multiple industries and became an enabler for separate entities to trans-act in a secure and decentralized manner. Nevertheless, the blockchain technology in itself does not directly interact with the external data sources. External data, that is needed, is transferred by means of oracles. The research goal of this thesis is to explore the relationship between blockchain networks and oracles and develop a framework to help guide blockchain developers and decision makers in their blockchain projects. Few of the existing oracle projects have described similar efforts in their papers, but no systematic review has been made by authors. The framework, presented in the thesis, is developed based on Systematic Literature Review of existing blockchain projects involving oracles. It includes components such as type of information oracles collect, blockchain networks with which they interact as well as encryption of communication between the oracles and the data source. Additionally, oracle decision making, which captures how the information is passed to the oracle, along with the verification of that data and methods of integration of oracles with blockchain networks, play an important role in blockchain oracle projects. The results of the review demonstrate that blockchain oracles are complex solutions involving multiple components and aspects. They can be intangible or tangible and transport data from web or sensor devices respectively. Oracles can be used in all types of blockchain networks and integrated in different formats including custom smart contract interfaces or directly with blockchain nodes. They can be centralized or decentralized in terms of decision making and utilize various existing consensus mechanisms to decide on correctness of the data or simply trust the external data provider. These findings will help the blockchain developers demystify the potential usage or implementation of oracles in their blockchain projects and help bridge the gap between the virtual world of blockchain and the external environments