Beyond the Hype: On Using Blockchains in Trust Management for Authentication

Trust Management (TM) systems for authentication are vital to the security of online interactions, which are ubiquitous in our everyday lives. Various systems, like the Web PKI (X.509) and PGP's Web of Trust are used to manage trust in this setting. In recent years, blockchain technology has been introduced as a panacea to our security problems, including that of authentication, without sufficient reasoning, as to its merits.In this work, we investigate the merits of using open distributed ledgers (ODLs), such as the one implemented by blockchain technology, for securing TM systems for authentication. We formally model such systems, and explore how blockchain can help mitigate attacks against them. After formal argumentation, we conclude that in the context of Trust Management for authentication, blockchain technology, and ODLs in general, can offer considerable advantages compared to previous approaches. Our analysis is, to the best of our knowledge, the first to formally model and argue about the security of TM systems for authentication, based on blockchain technology. To achieve this result, we first provide an abstract model for TM systems for authentication. Then, we show how this model can be conceptually encoded in a blockchain, by expressing it as a series of state transitions. As a next step, we examine five prevalent attacks on TM systems, and provide evidence that blockchain-based solutions can be beneficial to the security of such systems, by mitigating, or completely negating such attacks.Comment: A version of this paper was published in IEEE Trustcom. http://ieeexplore.ieee.org/document/8029486

PUBLIC BLOCKCHAIN SCALABILITY: ADVANCEMENTS, CHALLENGES AND THE FUTURE

In the last decade, blockchain has emerged as one of the most influential innovations in software architecture and technology. Ideally, blockchains are designed to be architecturally and politically decentralized, similar to the Internet. But recently, public and permissionless blockchains such as Bitcoin and Ethereum have faced stumbling blocks in the form of scalability. Both Bitcoin and Ethereum process fewer than 20 transactions per second, which is significantly lower than their centralized counterpart such as VISA that can process approximately 1,700 transactions per second. In realizing this hindrance in the wide range adoption of blockchains for building advanced and large scalable systems, the blockchain community has proposed first- and second-layer scaling solutions including Segregated Witness (Segwit), Sharding, and two-way pegged sidechains. Although these proposals are innovative, they still suffer from the blockchain trilemma of scalability, security, and decentralization. Moreover, at this time, little is known or discussed regarding factors related to design choices, feasibility, limitations and other issues in adopting the various first- and second-layer scaling solutions in public and permissionless blockchains. Hence, this thesis provides the first comprehensive review of the state-of-the-art first- and second-layer scaling solutions for public and permissionless blockchains, identifying current advancements and analyzing their impact from various viewpoints, highlighting their limitations and discussing possible remedies for the overall improvement of the blockchain domain

What Does Not Fit Can be Made to Fit! Trade-Offs in Distributed Ledger Technology Designs

Distributed ledger technology (DLT), including blockchain, enables secure processing of transactions between untrustworthy parties in a decentralized system. However, DLT is available in different designs that exhibit diverse characteristics. Moreover, DLT characteristics have complementary and conflicting interdependencies. Hence, there will never be an ideal DLT design for all DLT use cases; instead, DLT implementations need to be configured to contextual requirements. Successful DLT configuration requires, however, a sound understanding of DLT characteristics and their interdependencies. In this manuscript, we review DLT characteristics and organize them into six groups. Furthermore, we condense interdependencies of DLT characteristics into trade-offs that should be considered for successful deployment of DLT. Finally, we consolidate our findings into DLT archetypes for common design objectives, such as security, usability, or performance. Our work makes extant DLT research more transparent and fosters understanding of interdependencies and trade-offs between DLT characteristics

Bridges Between Islands: Cross-Chain Technology for Distributed Ledger Technology

Since the emergence of blockchain in 2008, today, we see a kaleidoscopic variety of applications built on distributed ledger technology (DLT), including applications for financial services, healthcare, or the Internet of Things. Yet, each application comes with specific requirements for DLT characteristics (e.g., high throughput, scalability). However, trade-offs between DLT characteristics restrict the development of a DLT design (e.g., Ethereum, IOTA) that fits all use cases’ requirements simultaneously. Consequently, separated DLT designs emerged, each specialized to suite dedicated application requirements. To enable the development of more powerful applications on DLT, such DLT islands must be bridged. However, knowledge on cross-chain technology (CCT) is scattered across scientific and practical sources. Therefore, we examine this diverse body of knowledge and provide comprehensive insights into CCT by synthesizing underlying characteristics, evolving patterns, and use cases. Our findings resolve existing contradictions in the literature and provide avenues for future research in an emerging scientific field

Coded Merkle Tree: Solving Data Availability Attacks in Blockchains

In this paper, we propose coded Merkle tree (CMT), a novel hash accumulator that offers a constant-cost protection against data availability attacks in blockchains, even if the majority of the network nodes are malicious. A CMT is constructed using a family of sparse erasure codes on each layer, and is recovered by iteratively applying a peeling-decoding technique that enables a compact proof for data availability attack on any layer. Our algorithm enables any node to verify the full availability of any data block generated by the system by just downloading a $\Theta(1)$ byte block hash commitment and randomly sampling $\Theta(\log b)$ bytes, where $b$ is the size of the data block. With the help of only one connected honest node in the system, our method also allows any node to verify any tampering of the coded Merkle tree by just downloading $\Theta(\log b)$ bytes. We provide a modular library for CMT in Rust and Python and demonstrate its efficacy inside the Parity Bitcoin client.Comment: To appear in Financial Cryptography and Data Security (FC) 202

BlockNet Report: Exploring the Blockchain Skills Concept and Best Practice Use Cases

In order to explore the practical potential and needs of interdisciplinary knowledge and competence requirements of Blockchain technology, the project activity "Development of Interdisciplinary Blockchain Skills Concept" starts with the literature review identifying the state of the art of Blockchain in Supply Chain Management and Logistics, Business and Finance, as well as Computer Science and IT-Security. The project activity further explores the academic and industry landscape of existing initiatives in education which offer Blockchain courses. Moreover, job descriptions and adverts are analyzed in order to specify today's competence requirements from enterprises. To discuss and define the future required competence, expert workshops are organized to validate the findings by academic experts. Based on the research outcome and validation, an interdisciplinary approach for Blockchain competence is developed. A second part focuses on the development of the Blockchain Best Practices activity while conducting qualitative empirical research based on case studies with industry representatives. Therefore, company interviews, based on the theoretical basis of Output 1, explore existing Blockchain use cases in different sectors. Due to the interdisciplinary importance of Blockchain technology, these skills will be defined by different perspectives of Blockchain from across multiple mentioned disciplines. The use cases and companies for the interviews will be selected based on various sampling criteria to gain results valid for a broad scale. The analysis of the various use cases will be conducted and defined in a standardized format to identify the key drivers and competence requirements for Blockchain technology applications and their adoption. On the one hand, this approach ensures comparability, on the other hand, it facilitates the development of a structured and systematic framework.Comment: arXiv admin note: text overlap with arXiv:2102.0322

Bringing secure Bitcoin transactions to your smartphone

International audienceTo preserve the Bitcoin ledger’s integrity, a node that joins the system must download a full copy of the entire Bitcoin blockchain if it wants to verify newly created blocks.At the time of writing, the blockchain weights 79 GiB and takes hours of processing on high-end machines. Owners of low-resource devices (known as thin nodes), such as smartphones, avoid that cost by either opting for minimum verification or by depending on full nodes, which weakens their security model.In this work, we propose to harden the security model of thin nodes by enabling them to verify blocks in an adaptive manner, with regards to the level of targeted confidence, with low storage requirements and a short bootstrap time. Our approach exploits sharding within a distributed hash table (DHT) to distribute the storage load, and a few additional hashes to prevent attacks on this new system