Blockchains and the European Data Protection and Privacy Law

Technology is the application of scientific knowledge. New scientific knowledge produces new technologies and new technologies necessarily expose new vulnerabilities in our laws and legal thinking. Blockchain technology, by allowing us to reduce and even eliminate the role of the middleman in our transactions, triggers a significant paradigm shift in how we deal with value. It is often said in online communities that internet democratizes access to information and blockchain democratizes the access to truth. The aim of this work is to shed light on the unchartered territory of the blockchain with the lenses of the EU data protection and privacy law, and offer an in-depth analysis of the greatest issues the blockchain presents with possible solutions and policy recommendations

Technological, organisational, and environmental factors affecting the adoption of blockchain-based distributed identity management in organisations

Background: Blockchain is a disruptive technology with the potential to innovate businesses. Ignoring or resisting it might result in a competitive disadvantage for organisations. Apart from its original financial application of cryptocurrency, other applications are emerging, the most common being supply chain management and e-voting systems. However, there is less focus on information and cybersecurity applications, especially from the enterprise perspective. This research addresses this knowledge gap, focussing on its application of distributed identity management in organisations. Objectives: The main objective is to investigate technological, organisational, and environmental (TOE) factors affecting the adoption of blockchain-based distributed identity management (BDIDM) in organisations to determine the most critical factors. Secondary objectives include determining whether the blockchain type affects BDIDM adoption and whether the TOE-BDIDM model measuring the phenomenon is effective and appropriate. But given the relative newness of blockchain, the initial goal consists of intensively exploring the topic to understand the practicality of adopting BDIDM in organisations and establishing whether claims made around it are factual than just due to the blockchain hype. Methodology: The study uses meta-synthesis to explore the topic, summarising 69 papers selected qualitatively from reputed academic sources. The study then surveys 111 information and cybersecurity practitioners selected randomly in South African organisations to investigate the TOE factors affecting BDIDM adoption. To do so, it utilises an online questionnaire rooted in an adapted TOE model called TOE-BDIDM as a data collection instrument. The analysis of this primary data is purely quantitative and includes (i) Structural Equation Modelling (SEM) of the measurement model, i.e. confirmatory factor analysis (CFA); (ii) binary logistics regression analysis; and (iii) Chi-Square tests Results: Meta-synthesis revealed theoretical grounds underlying claims made around the topic while spotting diverging views about BDIDM practicality for the enterprise context. It also identifies the TOE theory as more suitable to explain the phenomenon. Binary logistics regression modelling reveals that TOE factors do affect BDIDM adoption in organisations, either positively or negatively. The factors predict BDIDM adopters and non-adopters, with Technology Characteristics being the most critical factor and the most that could predict BDIDM non-adopters. Organisation Readiness was the second critical factor, the most that could predict BDIDM adopters. Overall, TOE-BDIDM effectively predicted 92.5% of adopters and 45.2% of non-adopters. CFA indicates that TOE-BDIDM appropriateness for investigating the phenomenon is relatively fair. The Chi-Square tests reveal a significant association between Blockchain Type and BDIDM adoption. Implications: The discussion highlights various implications of the above findings, including the plausibility of the impartiality of typical privacy-preserving BDIDM models like the Selfsovereign identity: The majority of respondents preferred private permissioned blockchain, which tends to be centralised, more intermediated, and less privacy-preserving. The rest implications relate to the disruptiveness nature of BDIDM and the BDIDM adoption being more driven by technological than organisational or environmental factors. The study ends by reflecting on the research process and providing fundamental limitations and recommendations for future researc

Blockchain Applications in Cybersecurity

Blockchain has been widely known thanks to Bitcoin and the cryptocurrencies. In this chapter, we analyze different aspects that relate to the application of blockchain with techniques commonly used in the field of cybersecurity. Beginning by introducing the use of blockchain technology as a secure infrastructure, the document delves into how blockchain can be useful to achieve several security requirements, common to most applications. The document has been focused on some specific cybersecurity disciplines to maintain simplicity: backup and recovery, threat intelligence and content delivery networks. As illustrated, some projects and initiatives are in the process of joining these two fields to provide solutions to existing problems

Chapter Blockchain Applications in Cybersecurity

Blockchain has been widely known thanks to Bitcoin and the cryptocurrencies. In this chapter, we analyze different aspects that relate to the application of blockchain with techniques commonly used in the field of cybersecurity. Beginning by introducing the use of blockchain technology as a secure infrastructure, the document delves into how blockchain can be useful to achieve several security requirements, common to most applications. The document has been focused on some specific cybersecurity disciplines to maintain simplicity: backup and recovery, threat intelligence and content delivery networks. As illustrated, some projects and initiatives are in the process of joining these two fields to provide solutions to existing problems

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Energy Considerations in Blockchain-Enabled Applications

Blockchain-powered smart systems deployed in different industrial applications promise operational efficiencies and improved yields, while mitigating significant cybersecurity risks pertaining to the main application. Associated tradeoffs between availability and security arise at implementation, however, triggered by the additional resources (e.g., memory, computation) required by each blockchain-enabled host. This thesis applies an energy-reducing algorithmic engineering technique for Merkle Tree root and Proof of Work calculations, two principal elements of blockchain computations, as a means to preserve the promised security benefits but with less compromise to system availability. Using pyRAPL, a python library to measure computational energy, we experiment with both the standard and energy-reduced implementations of the Merkle Tree for different input sizes (in bytes) and of the Proof of Work for different difficulty levels. Our results show up to 98\% reduction in energy consumption is possible within the blockchain\u27s Merkle Tree construction module, such reductions typically increasing with larger input sizes. For Proof-of-Work calculations, our results show an average energy reduction of 20\% across typical difficulty levels. The proposed energy-reducing technique is potentially applicable to other key elements of blockchain computations, potentially affording even greener blockchain-powered systems than implied by only the Merkle Tree and Proof of Work results obtained thus far

Cybersecurity applications of Blockchain technologies

With the increase in connectivity, the popularization of cloud services, and the rise of the Internet of Things (IoT), decentralized approaches for trust management are gaining momentum. Since blockchain technologies provide a distributed ledger, they are receiving massive attention from the research community in different application fields. However, this technology does not provide cybersecurity by itself. Thus, this thesis first aims to provide a comprehensive review of techniques and elements that have been proposed to achieve cybersecurity in blockchain-based systems. The analysis is intended to target area researchers, cybersecurity specialists and blockchain developers. We present a series of lessons learned as well. One of them is the rise of Ethereum as one of the most used technologies. Furthermore, some intrinsic characteristics of the blockchain, like permanent availability and immutability made it interesting for other ends, namely as covert channels and malicious purposes. On the one hand, the use of blockchains by malwares has not been characterized yet. Therefore, this thesis also analyzes the current state of the art in this area. One of the lessons learned is that covert communications have received little attention. On the other hand, although previous works have analyzed the feasibility of covert channels in a particular blockchain technology called Bitcoin, no previous work has explored the use of Ethereum to establish a covert channel considering all transaction fields and smart contracts. To foster further defence-oriented research, two novel mechanisms are presented on this thesis. First, Zephyrus takes advantage of all Ethereum fields and smartcontract bytecode. Second, Smart-Zephyrus is built to complement Zephyrus by leveraging smart contracts written in Solidity. We also assess the mechanisms feasibility and cost. Our experiments show that Zephyrus, in the best case, can embed 40 Kbits in 0.57 s. for US$1.64, and retrieve them in 2.8 s. Smart-Zephyrus, however, is able to hide a 4 Kb secret in 41 s. While being expensive (around US$ 1.82 per bit), the provided stealthiness might be worth the price for attackers. Furthermore, these two mechanisms can be combined to increase capacity and reduce costs.Debido al aumento de la conectividad, la popularización de los servicios en la nube y el auge del Internet de las cosas (IoT), los enfoques descentralizados para la gestión de la confianza están cobrando impulso. Dado que las tecnologías de cadena de bloques (blockchain) proporcionan un archivo distribuido, están recibiendo una atención masiva por parte de la comunidad investigadora en diferentes campos de aplicación. Sin embargo, esta tecnología no proporciona ciberseguridad por sí misma. Por lo tanto, esta tesis tiene como primer objetivo proporcionar una revisión exhaustiva de las técnicas y elementos que se han propuesto para lograr la ciberseguridad en los sistemas basados en blockchain. Este análisis está dirigido a investigadores del área, especialistas en ciberseguridad y desarrolladores de blockchain. A su vez, se presentan una serie de lecciones aprendidas, siendo una de ellas el auge de Ethereum como una de las tecnologías más utilizadas. Asimismo, algunas características intrínsecas de la blockchain, como la disponibilidad permanente y la inmutabilidad, la hacen interesante para otros fines, concretamente como canal encubierto y con fines maliciosos. Por una parte, aún no se ha caracterizado el uso de la blockchain por parte de malwares. Por ello, esta tesis también analiza el actual estado del arte en este ámbito. Una de las lecciones aprendidas al analizar los datos es que las comunicaciones encubiertas han recibido poca atención. Por otro lado, aunque trabajos anteriores han analizado la viabilidad de los canales encubiertos en una tecnología blockchain concreta llamada Bitcoin, ningún trabajo anterior ha explorado el uso de Ethereum para establecer un canal encubierto considerando todos los campos de transacción y contratos inteligentes. Con el objetivo de fomentar una mayor investigación orientada a la defensa, en esta tesis se presentan dos mecanismos novedosos. En primer lugar, Zephyrus aprovecha todos los campos de Ethereum y el bytecode de los contratos inteligentes. En segundo lugar, Smart-Zephyrus complementa Zephyrus aprovechando los contratos inteligentes escritos en Solidity. Se evalúa, también, la viabilidad y el coste de ambos mecanismos. Los resultados muestran que Zephyrus, en el mejor de los casos, puede ocultar 40 Kbits en 0,57 s. por 1,64 US$, y recuperarlos en 2,8 s. Smart-Zephyrus, por su parte, es capaz de ocultar un secreto de 4 Kb en 41 s. Si bien es cierto que es caro (alrededor de 1,82 dólares por bit), el sigilo proporcionado podría valer la pena para los atacantes. Además, estos dos mecanismos pueden combinarse para aumentar la capacidad y reducir los costesPrograma de Doctorado en Ciencia y Tecnología Informática por la Universidad Carlos III de MadridPresidente: José Manuel Estévez Tapiador.- Secretario: Jorge Blasco Alís.- Vocal: Luis Hernández Encina