2,113 research outputs found
Trust in Software Supply Chains: Blockchain-Enabled SBOM and the AIBOM Future
Software Bill of Materials (SBOM) serves as a critical pillar in ensuring
software supply chain security by providing a detailed inventory of the
components and dependencies integral to software development. However,
challenges abound in the sharing of SBOMs, including potential data tampering,
hesitation among software vendors to disclose comprehensive information, and
bespoke requirements from software procurers or users. These obstacles have
stifled widespread adoption and utilization of SBOMs, underscoring the need for
a more secure and flexible mechanism for SBOM sharing. This study proposes a
novel solution to these challenges by introducing a blockchain-empowered
approach for SBOM sharing, leveraging verifiable credentials to allow for
selective disclosure. This strategy not only heightens security but also offers
flexibility. Furthermore, this paper broadens the remit of SBOM to encompass AI
systems, thereby coining the term AI Bill of Materials (AIBOM). This extension
is motivated by the rapid progression in AI technology and the escalating
necessity to track the lineage and composition of AI software and systems.
Particularly in the era of foundational models like large language models
(LLMs), understanding their composition and dependencies becomes crucial. These
models often serve as a base for further development, creating complex
dependencies and paving the way for innovative AI applications. The evaluation
of our solution indicates the feasibility and flexibility of the proposed SBOM
sharing mechanism, positing a new solution for securing (AI) software supply
chains
Advancing Healthcare Security: A Cutting-Edge Zero-Trust Blockchain Solution for Protecting Electronic Health Records
The effective management of electronic health records (EHRs) is vital in healthcare. However, traditional systems often need help handling data inconsistently, providing limited access, and coordinating poorly across facilities. This study aims to tackle these issues using blockchain technology to improve EHR systems' data security, privacy, and interoperability. By thoroughly analyzing blockchain's applications in healthcare, we propose an innovative solution that leverages blockchain's decentralized and immutable nature, combined with advanced encryption techniques such as the Advanced Encryption Standard and Zero Knowledge Proof Protocol, to fortify EHR systems. Our research demonstrates that blockchain can effectively overcome significant EHR challenges, including fragmented data and interoperability problems, by facilitating secure and transparent data exchange, leading to enhanced coordination, care quality, and cost-efficiency across healthcare facilities. This study offers practical guidelines for implementing blockchain technology in healthcare, emphasizing a balanced approach to interoperability, privacy, and security. It represents a significant advancement over traditional EHR systems, boosting security and affording patients greater control over their health records. Doi: 10.28991/HIJ-2023-04-03-012 Full Text: PD
Web3.0 Security: Privacy Enhancing and Anonym Auditing in Blockchain-based Structures
The advent of Web 3.0, underpinned by blockchain technologies, promises to
transform the internet's landscape by empowering individuals with decentralized
control over their data. However, this evolution brings unique security
challenges that need to be addressed. This paper explores these complexities,
focusing on enhancing privacy and anonymous auditing within blockchain
structures. We present the architecture of Web 3.0 based on the blockchain,
providing a clear perspective on its workflow and security mechanisms. A
security protocol for Web 3.0 systems, employing privacy-preserving techniques
and anonymous auditing during runtime, is proposed. Key components of our
solution include the integration of privacy-enhancing techniques and the
utilization of Tor for anonymous auditing. We discuss related work and propose
a framework that meets these new security requirements. Lastly, we offer an
evaluation and comparison of our model to existing methods. This research
contributes towards the foundational understanding of Web 3.0's secure
structure and offers a pathway towards secure and privacy-preserving digital
interactions in this novel internet landscape
Recommended from our members
Post-quantum blockchain for internet of things domain
This thesis was submitted for the award of Doctor of Philosophy and was awarded by Brunel University LondonIn the evolving realm of quantum computing, emerging advancements reveal substantial challenges and threats to existing cryptographic infrastructures, particularly impacting blockchain technologies. These are pivotal for securing the Internet of Things (IoT) ecosystems. The traditional blockchain structures, integral to myriad IoT applications, are susceptible to potential quantum computations, emphasizing an urgent need for innovations in post-quantum blockchain solutions to reinforce security in the expansive domain of IoT.
This PhD thesis delves into the crucial exploration and meticulous examination of the development and implementation of post-quantum blockchain within the IoT landscape, focusing on the incorporation of advanced post-quantum cryptographic algorithms in Hyperledger Fabric, a forefront blockchain platform renowned for its versatility and robustness. The primary aim is to discern viable post-quantum cryptographic solutions capable of fortifying blockchain systems against impending quantum threats enhancing security and reliability in IoT applications.
The research comprehensively evaluates various post-quantum public-key generation and digital signature algorithms, performing detailed analyses of their computational time and memory usage to identify optimal candidates. Furthermore, the thesis proposes an innovative lattice-based digital signature scheme Fast-Fourier Lattice-based Compact Signature over NTRU (Falcon), which leverages the Monte Carlo Markov Chain (MCMC) algorithm as a trapdoor sampler to augment its security attributes.
The research introduces a post-quantum version of the Hyperledger Fabric blockchain that integrates post-quantum signatures. The system utilizes the Open Quantum Safe (OQS) library, rigorously tested against NIST round 3 candidates for optimal performance. The study highlights the capability to manage IoT data securely on the post-quantum Hyperledger Fabric blockchain through the Message Queue Telemetry Transport (MQTT) protocol. Such a configuration ensures safe data transfer from IoT sensors directly to the blockchain nodes, securing the processing and recording of sensor data within the node ledger. The research addresses the multifaceted challenges of quantum computing advancements and significantly contributes to establishing secure, efficient, and resilient post-quantum blockchain infrastructures tailored explicitly for the IoT domain. These findings are instrumental in elevating the security paradigms of IoT systems against quantum vulnerabilities and catalysing innovations in post-quantum cryptography and blockchain technologies.
Furthermore, this thesis introduces strategies for the optimization of performance and scalability of post-quantum blockchain solutions and explores alternative, energy-efficient consensus mechanisms such as the Raft and Stellar Consensus Protocol (SCP), providing sustainable alternatives to the conventional Proof-of-Work (PoW) approach.
A critical insight emphasized throughout this thesis is the imperative of synergistic collaboration among academia, industry, and regulatory bodies. This collaboration is pivotal to expedite the adoption and standardization of post-quantum blockchain solutions, fostering the development of interoperable and standardized technologies enriched with robust security and privacy frameworks for end users.
In conclusion, this thesis furnishes profound insights and substantial contributions to implementing post-quantum blockchain in the IoT domain. It delineates original contributions to the knowledge and practices in the field, offering practical solutions and advancing the state-of-the-art in post-quantum cryptography and blockchain research, thereby paving the way for a secure and resilient future for interconnected IoT systems
Security and Privacy for Green IoT-based Agriculture: Review, Blockchain solutions, and Challenges
open access articleThis paper presents research challenges on security and privacy issues in the field of green IoT-based agriculture. We start by describing a four-tier green IoT-based agriculture architecture and summarizing the existing surveys that deal with smart agriculture. Then, we provide a classification of threat models against green IoT-based agriculture into five categories, including, attacks against privacy, authentication, confidentiality, availability, and integrity properties. Moreover, we provide a taxonomy and a side-by-side comparison of the state-of-the-art methods toward secure and privacy-preserving technologies for IoT applications and how they will be adapted for green IoT-based agriculture. In addition, we analyze the privacy-oriented blockchain-based solutions as well as consensus algorithms for IoT applications and how they will be adapted for green IoT-based agriculture. Based on the current survey, we highlight open research challenges and discuss possible future research directions in the security and privacy of green IoT-based agriculture
ForensiBlock: A Provenance-Driven Blockchain Framework for Data Forensics and Auditability
Maintaining accurate provenance records is paramount in digital forensics, as
they underpin evidence credibility and integrity, addressing essential aspects
like accountability and reproducibility. Blockchains have several properties
that can address these requirements. Previous systems utilized public
blockchains, i.e., treated blockchain as a black box, and benefiting from the
immutability property. However, the blockchain was accessible to everyone,
giving rise to security concerns and moreover, efficient extraction of
provenance faces challenges due to the enormous scale and complexity of digital
data. This necessitates a tailored blockchain design for digital forensics. Our
solution, Forensiblock has a novel design that automates investigation steps,
ensures secure data access, traces data origins, preserves records, and
expedites provenance extraction. Forensiblock incorporates Role-Based Access
Control with Staged Authorization (RBAC-SA) and a distributed Merkle root for
case tracking. These features support authorized resource access with an
efficient retrieval of provenance records. Particularly, comparing two methods
for extracting provenance records off chain storage retrieval with Merkle root
verification and a brute-force search the offchain method is significantly
better, especially as the blockchain size and number of cases increase. We also
found that our distributed Merkle root creation slightly increases smart
contract processing time but significantly improves history access. Overall, we
show that Forensiblock offers secure, efficient, and reliable handling of
digital forensic dataComment: This work has been submitted to the IEEE for possible publication.
Copyright may be transferred without notice, after which this version may no
longer be accessibl
A Review of IoT Security and Privacy Using Decentralized Blockchain Techniques
IoT security is one of the prominent issues that has gained significant attention among the researchers in recent times. The recent advancements in IoT introduces various critical security issues and increases the risk of privacy leakage of IoT data. Implementation of Blockchain can be a potential solution for the security issues in IoT. This review deeply investigates the security threats and issues in IoT which deteriorates the effectiveness of IoT systems. This paper presents a perceptible description of the security threats, Blockchain based solutions, security characteristics and challenges introduced during the integration of Blockchain with IoT. An analysis of different consensus protocols, existing security techniques and evaluation parameters are discussed in brief. In addition, the paper also outlines the open issues and highlights possible research opportunities which can be beneficial for future research
BlockCampus: A Blockchain-Based DApp for enhancing Student Engagement and Reward Mechanisms in an Academic Community for E-JUST University
In today's digital age, online communities have become an integral part of
our lives, fostering collaboration, knowledge sharing, and community
engagement. Higher education institutions, in particular, can greatly benefit
from dedicated platforms that facilitate academic discussions and provide
incentives for active participation. This research paper presents a
comprehensive study and implementation of a decentralized application (DApp)
leveraging the blockchain technology to address these needs specifically for
E-JUST (Egypt-Japan University of Science and Technology) students and academic
staff
Using blockchain to create and capture value in the energy sector
The undergoing digital transition of the energy sector refers to the integration of
decentralized ledger technologies and data-driven solutions that have the potential to truly
revolutionize its ecosystem and business practices. The aim of a decentralized, inter connected and two-way interactive energy grid can be enabled by leveraging blockchain
technologies. This research investigates how blockchain technology can create and capture
value from data and the new business models applied in Web 3.0 and blockchain-based
environments in the energy sector. A qualitative case study research design was conducted for
primary data collection and pilot projects by the European Commission were used for
secondary data collection. The analysis shows local energy communities as the main
blockchain application in this sector, with adjacent applications such as P2P energy trading,
smart contract & metering, carbon trading and grid management. The main benefits
associated are transparency, integrity, grid automation and renewable energy sources
promotion, and obstacles are mainly associated with the contrasting centralized design of the
current energy systems. We conclude that value is created and captured through data
provenance and transparency, data monetization and tokenization, and data sharing and
collaboration in blockchain platforms. New business models include the decentralization and
fusion between energy production and consumption, generating a new actor known as the
prosumer. Fundamental to a successful implementation of local energy communities that
allow energy and asset trading between peers.A transição digital do sector energético baseia-se na integração de tecnologias de registo
descentralizadas e de soluções de tratamento de dados que têm o potencial de revolucionar o
seu ecossistema. O objetivo de uma rede de energia descentralizada e interconectada em
ambos os sentidos, pode ser concretizado através do recurso a tecnologias blockchain. Esta
investigação analisa a forma como esta tecnologia pode criar e reter valor a partir de dados e
dos novos modelos de negócio associados à Web 3.0 e a ambientes baseados em blockchain
neste sector. Para a recolha de dados primários, foi efetuado um caso de estudo qualitativo.
Para dados secundários foram analisados os projetos-piloto da Comissão Europeia. A análise
demonstra que as comunidades locais de energia são a principal aplicação da blockchain, com
aplicações adjacentes como trocas de energia P2P, contratos e contadores inteligentes,
comércio de carbono e gestão da rede. Os principais benefícios associados são a
transparência, a integridade, a automatização da rede e a promoção das fontes de energia
renováveis. Os obstáculos estão principalmente associados à estrutura centralizada dos atuais
sistemas energéticos. Concluímos que o valor é criado e capturado através da proveniência,
transparência, monetização, tokenização e integração de dados em plataformas blockchain. Os
novos modelos de negócio incluem a descentralização e a fusão entre a produção e o consumo
de energia, gerando um novo elemento neste sector, o prosumer. Fundamental para uma
implementação bem sucedida de comunidades locais de energia que permitam o comércio de
energia e de ativos entre pares
- …