Engage D2.5 Annual combined thematic workshops progress report (priming wave 1)

The preparation, organisation and the conclusions from the three thematic challenge workshops held in 2018 are described. The preparation and expert consultation results are reported for the “Vulnerabilities and global security of the CNS/ATM system” challenge workshop, which is scheduled to take place in March 2019

Privacy as an Integral Part of the Implementation of Cloud Solutions

Bridging the gap between design and implementation stages has been a major concern of designers, analysts and developers of information systems (ISs) and a major aspiration of a number of IS engineering approaches. Cloud computing exacerbates the strain on traditional IS engineering approaches that service-oriented computing has started. At the same time, recent research has argued about the importance of security and privacy in a cloud environment and highlighted a number of security and privacy challenges that are not present in traditional environments and need special attention when implementing or migrating ISs into a cloud environment. This paper contributes to this direction. Specifically, it presents a number of privacy-related cloud properties that analysts need to consider when designing privacy-aware systems in a cloud environment. Also it indicates a number of implementation techniques that can assist developers in assuring the respective properties

Blockchain Oracles

Plokiahelatehnoloogia on osutunud paljude tööstusharude potentsiaalseks lammutajaks ning on saanud eraldiseisvate üksuste jaoks turvalise ja detsentraliseeritud toimimise võimaldajaks. Sellest hoolimata ei ole plokiahelatehnoloogia iseenesest väliste andmeallikatega otseselt seotud. Vajalikke väliseid andmeid vahendatakse oraaklite abil. Selle magistritöö eesmärk on uurida seoseid plokiahela võrkude ja oraaklite vahel ning töötada välja raamistik, mis aitab plokiahela arendajaid ja otsuste langetajaid nende plokiahela projektides millestki juhinduda. Mõnedes olemasolevates oraakliprojektides on kirjeldatud sarnaseid püüdluseid, kuid seni pole nende autorid süstemaatiliste ülevaadeteni jõudnud. Lõputöös esitatud raamistik on välja töötatud olemasolevate oraaklitega seotud plokiahela projektide süstemaatilise kirjanduse ülevaate põhjal. See hõlmab selliseid komponente nagu oraaklite poolt kogutud informatsiooni tüübid, plokiahelavõrgud, millega nad suhtlevad, ning ka oraaklite ja andmeallika vahelise suhtluse krüptimine. Lisaks mängib plokiahela oraakli projektides olulist rolli ka oraaklite otsuste tegemine, mis kajastab teabe edastamist oraaklile, nende andmete kontrollimist ja meetodeid, kuidas oraakleid integreeritakse plokiahela võrkudega. Läbivaatamise tulemused näitavad, et plokiahela oraaklid on keerulised lahendused, mis hõlmavad paljusid komponente ja aspekte. Need võivad olla immateriaalsed või materiaalsed ning edastada andmeid vastavalt veebist või anduriseadmetest. Oraakleid saab kasutada igat tüüpi plokiahela võrkudes ja integreerida erinevates formaatides, sealhulgas nutikates lepinguliidestes, või otse teiste plokiahela-sõlmedega. Neid saab otsustusprotsessides tsentraliseerida või detsentraliseerida ja nad suudavad kasutada andmete õigsuse üle otsustamiseks mitmesuguseid olemasolevaid nõuandemehhanisme või usaldada lihtsalt välist andmepakkujat. Need uurimise tulemused aitavad plokiahela arendajatel demüstifitseerida oraaklite potentsiaalset kasutamist või rakendamist oma plokiahela projektides ning aitavad ületada lõhet plokiahela virtuaalse maailma ja väliste keskkondade vahel.Blockchain technology has emerged as a potential disruptor of multiple industries and became an enabler for separate entities to trans-act in a secure and decentralized manner. Nevertheless, the blockchain technology in itself does not directly interact with the external data sources. External data, that is needed, is transferred by means of oracles. The research goal of this thesis is to explore the relationship between blockchain networks and oracles and develop a framework to help guide blockchain developers and decision makers in their blockchain projects. Few of the existing oracle projects have described similar efforts in their papers, but no systematic review has been made by authors. The framework, presented in the thesis, is developed based on Systematic Literature Review of existing blockchain projects involving oracles. It includes components such as type of information oracles collect, blockchain networks with which they interact as well as encryption of communication between the oracles and the data source. Additionally, oracle decision making, which captures how the information is passed to the oracle, along with the verification of that data and methods of integration of oracles with blockchain networks, play an important role in blockchain oracle projects. The results of the review demonstrate that blockchain oracles are complex solutions involving multiple components and aspects. They can be intangible or tangible and transport data from web or sensor devices respectively. Oracles can be used in all types of blockchain networks and integrated in different formats including custom smart contract interfaces or directly with blockchain nodes. They can be centralized or decentralized in terms of decision making and utilize various existing consensus mechanisms to decide on correctness of the data or simply trust the external data provider. These findings will help the blockchain developers demystify the potential usage or implementation of oracles in their blockchain projects and help bridge the gap between the virtual world of blockchain and the external environments

Reliable Software for Unreliable Hardware - A Cross-Layer Approach

A novel cross-layer reliability analysis, modeling, and optimization approach is proposed in this thesis that leverages multiple layers in the system design abstraction (i.e. hardware, compiler, system software, and application program) to exploit the available reliability enhancing potential at each system layer and to exchange this information across multiple system layers

Post-quantum blockchain for internet of things domain

This thesis was submitted for the award of Doctor of Philosophy and was awarded by Brunel University LondonIn the evolving realm of quantum computing, emerging advancements reveal substantial challenges and threats to existing cryptographic infrastructures, particularly impacting blockchain technologies. These are pivotal for securing the Internet of Things (IoT) ecosystems. The traditional blockchain structures, integral to myriad IoT applications, are susceptible to potential quantum computations, emphasizing an urgent need for innovations in post-quantum blockchain solutions to reinforce security in the expansive domain of IoT. This PhD thesis delves into the crucial exploration and meticulous examination of the development and implementation of post-quantum blockchain within the IoT landscape, focusing on the incorporation of advanced post-quantum cryptographic algorithms in Hyperledger Fabric, a forefront blockchain platform renowned for its versatility and robustness. The primary aim is to discern viable post-quantum cryptographic solutions capable of fortifying blockchain systems against impending quantum threats enhancing security and reliability in IoT applications. The research comprehensively evaluates various post-quantum public-key generation and digital signature algorithms, performing detailed analyses of their computational time and memory usage to identify optimal candidates. Furthermore, the thesis proposes an innovative lattice-based digital signature scheme Fast-Fourier Lattice-based Compact Signature over NTRU (Falcon), which leverages the Monte Carlo Markov Chain (MCMC) algorithm as a trapdoor sampler to augment its security attributes. The research introduces a post-quantum version of the Hyperledger Fabric blockchain that integrates post-quantum signatures. The system utilizes the Open Quantum Safe (OQS) library, rigorously tested against NIST round 3 candidates for optimal performance. The study highlights the capability to manage IoT data securely on the post-quantum Hyperledger Fabric blockchain through the Message Queue Telemetry Transport (MQTT) protocol. Such a configuration ensures safe data transfer from IoT sensors directly to the blockchain nodes, securing the processing and recording of sensor data within the node ledger. The research addresses the multifaceted challenges of quantum computing advancements and significantly contributes to establishing secure, efficient, and resilient post-quantum blockchain infrastructures tailored explicitly for the IoT domain. These findings are instrumental in elevating the security paradigms of IoT systems against quantum vulnerabilities and catalysing innovations in post-quantum cryptography and blockchain technologies. Furthermore, this thesis introduces strategies for the optimization of performance and scalability of post-quantum blockchain solutions and explores alternative, energy-efficient consensus mechanisms such as the Raft and Stellar Consensus Protocol (SCP), providing sustainable alternatives to the conventional Proof-of-Work (PoW) approach. A critical insight emphasized throughout this thesis is the imperative of synergistic collaboration among academia, industry, and regulatory bodies. This collaboration is pivotal to expedite the adoption and standardization of post-quantum blockchain solutions, fostering the development of interoperable and standardized technologies enriched with robust security and privacy frameworks for end users. In conclusion, this thesis furnishes profound insights and substantial contributions to implementing post-quantum blockchain in the IoT domain. It delineates original contributions to the knowledge and practices in the field, offering practical solutions and advancing the state-of-the-art in post-quantum cryptography and blockchain research, thereby paving the way for a secure and resilient future for interconnected IoT systems

The Limits of Blockchain Democracy

Should political elections be implemented on the blockchain? Blockchain evangelists have argued that they should. This article sheds light on the potential of blockchain voting procedures and the legal constraints they need to accommodate. In a first step, I discuss potential “democracy benefits” of distributed ledger technology and the legal framework ordering the use of electronic voting systems in general. Comparing U.S. and German constitutional law, I then distill specific normative principles guiding the use of blockchain voting systems. In a second step, I analyze the technical, economic, and normative limitations of blockchain voting procedures. I show that major limitations result from the rules and incentives set by different consensus mechanisms. Moreover, it is not clear whether blockchain technology provides sufficient safeguards to ensure identity verification, the secrecy of ballots, and the verification that ballots are cast as intended, recorded as cast, and counted as recorded. Building on principles from constitutional law, I contend that blockchain technology does not provide sufficient safeguards to satisfy the requirements of democratic voting procedures – at least not in the near future