Enabling DApps Data Exchange with Hardware-Assisted Secure Oracle Network

Decentralized applications (dApps), enabled by the blockchain and smart contract technology, are known for allowing distrustful parties to execute business logic without relying on a central authority. Compared to regular applications, dApps offer a wide range of benefits, including security by design, trustless transactions, and resistance to censorship. However, dApps need to access real-world data to achieve their full potential, relying on the data oracles. Oracles act as bridges between blockchains and the outside world, providing essential data to the smart contracts that power dApps. A significant challenge in integrating oracles into the dApp ecosystem is the Oracle Problem, which arises from the difficulty of securely and reliably providing off-chain data to smart contracts. Trust issues, centralization risks, and data manipulation are some concerns of the Oracle Problem. Addressing these challenges is vital for the continued growth and success of dApps. In this paper, we propose DEXO, a novel decentralized oracle mechanism designed to tackle the oracle problem by leveraging the power of Trusted Execution Environments (TEEs) and secure attestation mechanisms. DEXO aims to provide a more transparent, decentralized, and trustworthy solution for incorporating external data into dApps, ensuring that the data originates from regular, trustworthy dApp users. By empowering dApp users and developers to contribute diverse data types, DEXO fosters a more dynamic and enriched ecosystem. The proposed DEXO network not only addresses the challenges posed by the Oracle Problem but also encourages greater trust and confidence in the data provided to dApps, ultimately enhancing the overall user experience and promoting further growth in the decentralized application space

Shake-n-shack : enabling secure data exchange between Smart Wearables via handshakes

Since ancient Greece, handshaking has been commonly practiced between two people as a friendly gesture to express trust and respect, or form a mutual agreement. In this paper, we show that such physical contact can be used to bootstrap secure cyber contact between the smart devices worn by users. The key observation is that during handshaking, although belonged to two different users, the two hands involved in the shaking events are often rigidly connected, and therefore exhibit very similar motion patterns. We propose a novel Shake-n-Shack system, which harvests motion data during user handshaking from the wrist worn smart devices such as smartwatches or fitness bands, and exploits the matching motion patterns to generate symmetric keys on both parties. The generated keys can be then used to establish a secure communication channel for exchanging data between devices. This provides a much more natural and user-friendly alternative for many applications, e.g., exchanging/sharing contact details, friending on social networks, or even making payments, since it doesn't involve extra bespoke hardware, nor require the users to perform pre-defined gestures. We implement the proposed Shake-n-Shack 1 system on off-the-shelf smartwatches, and extensive evaluation shows that it can reliably generate 128-bit symmetric keys just after around 1s of handshaking (with success rate >99%), and is resilient to real-time mimicking attacks: in our experiments the Equal Error Rate (EER) is only 1.6% on average. We also show that the proposed Shake-n-Shack system can be extremely lightweight, and is able to run in-situ on the resource-constrained smartwatches without incurring excessive resource consumption

WebDAVA: An Administrator-Free Approach To Web File-Sharing

Collaboration over the Internet depends on the ability of the members of a group to exchange data in a secure yet unobtrusive manner. WebDAVA is a system that allows the users to define their own access-control policies to network resources that they control, enabling secure data sharing within the enterprise. Our design allows users to selectively give fine-grain access to their resources without involving their system administrators. We accomplish this by using authorization credentials that define the users' privileges. Our prototype implements a file-sharing service, where users maintain sensitive-information folders and can allow others to access parts of these. Clients interact with the server over HTTP via a Java applet that transparently handles credential management. This mechanism allows users to share information with users not a priori known to the system, enabling administrator-free management

SDN-AAA: Towards the standard management of AAA infrastructures

Software Defined Networking (SDN) is a widely deployed technology enabling the agile and flexible management of networks and services. This paradigm represents an appropriate candidate to address the dynamic and secure management of large and complex Authentication, Authorization and Accounting (AAA) infrastructures. In those infrastructures, there are several nodes which must exchange information securely to interconnect different realms. This article describes a novel SDN-based framework with a data model-driven approach following the standard YANG, named SDN-AAA, which can be used to dynamically manage routing and security configuration in AAA scenarios.Comment: 7 pages, 5 figure

Technical note: A mobile collaborative workspace to assist forensic experts in disaster victim identification scenarios

Integrated approaches to disaster victim identification (DVI) management have led to a need for technologies to improve interaction among parties involved in post-mortem (PM) and ante-mortem (AM) data collection through better communication and coordination. Mobile Forensic Workspace© (MFW) is a collaborative mobile system that not only facilitates the systematic collection of high-quality data, but also allows DVI professionals to coordinate activities and exchange data through secure real-time communication at major disaster scenarios in accordance with security, privacy and legal protocols. MFW is adaptable to any communication format (text, voice calls, photographs, etc.) and is dynamically self-reconfigurable when connectivity problems arise. It also allows data integration and backup through secure communication channels between local and remote servers. The feasibility of the system has been demonstrated through implementation of MFW on the iOS platform for iPhone, iPod Touch and iPad terminals. A further strength of MFW is that it provides out-of-the-box support for INTERPOL DVI forms. The application of information and communication technologies for DVI was shown to be useful in improving DVI management by enhancing the quality of data collection and enabling non-Internet dependent real-time data sharing and communication

Trust Evaluation for Data Exchange in Vehicular Networks

In Vehicular (Ad-hoc) Network (VANET), besides Vehicle-to-Vehicle communications (V2V), vehicles in VANET also exchange data with Road-Side-Units (RSUs) and Cellular Base Stations (Vehicle-to-Infrastructure communications (V2I)). With the introduction of Intelligent Transport Systems (ITS), VANETs possess a great potential in enabling surveillance services. �e rapid development of wireless communication technologies recently results in empowering data exchange among vehicles, RSUs and Cellular Base Stations, improving various types of applications and services such as safety driving, route planning, traffi�c alert, and context-aware infotainment. However, the bene�fits offered by VANETs and ITS cannot be fully realized unless there is a mechanism to effectively defend against fake and erroneous information exchange from malicious or dysfunctional nodes to other vehicles and RSUs for their own purposes. In this regards, trust appears as one of the solutions for VANETs to establish secure connectivity and reliable services. The conceptual idea to tackle down this challenges is that only data from trusted vehicles is taken into account. Thus, the aim is to evaluate trust of a vehicle in exchanging high quality of information. This paper presents the trust concept, key characteristics, a trust evaluation model, and a prototype for trusted data exchange activities in VANETs

Towards Secure Collaboration in Federated Cloud Environments

Public administrations across Europe have been actively following and adopting cloud paradigms at various degrees. By establishing modern data centers and consolidating their infrastructures, many organizations already benefit from a range of cloud advantages. However, there is a growing need to further support the consolidation and sharing of resources across different public entities. The ever increasing volume of processed data and diversity of organizational interactions stress this need even further, calling for the integration on the levels of infrastructure, data and services. This is currently hindered by strict requirements in the field of data security and privacy. In this paper, we present ongoing work aimed at enabling secure private cloud federations for public administrations, performed in the scope of the SUNFISH H2020 project. We focus on architectural components and processes that establish cross-organizational enforcement of data security policies in mixed and heterogeneous environments. Our proposal introduces proactive restriction of data flows in federated environments by integrating real-time based security policy enforcement and its post-execution conformance verification. The goal of this framework is to enable secure service integration and data exchange in cross-entity contexts by inspecting data flows and assuring their conformance with security policies, both on organizational and federation level