Trust in Software Supply Chains: Blockchain-Enabled SBOM and the AIBOM Future

Software Bill of Materials (SBOM) serves as a critical pillar in ensuring software supply chain security by providing a detailed inventory of the components and dependencies integral to software development. However, challenges abound in the sharing of SBOMs, including potential data tampering, hesitation among software vendors to disclose comprehensive information, and bespoke requirements from software procurers or users. These obstacles have stifled widespread adoption and utilization of SBOMs, underscoring the need for a more secure and flexible mechanism for SBOM sharing. This study proposes a novel solution to these challenges by introducing a blockchain-empowered approach for SBOM sharing, leveraging verifiable credentials to allow for selective disclosure. This strategy not only heightens security but also offers flexibility. Furthermore, this paper broadens the remit of SBOM to encompass AI systems, thereby coining the term AI Bill of Materials (AIBOM). This extension is motivated by the rapid progression in AI technology and the escalating necessity to track the lineage and composition of AI software and systems. Particularly in the era of foundational models like large language models (LLMs), understanding their composition and dependencies becomes crucial. These models often serve as a base for further development, creating complex dependencies and paving the way for innovative AI applications. The evaluation of our solution indicates the feasibility and flexibility of the proposed SBOM sharing mechanism, positing a new solution for securing (AI) software supply chains

Advancing Healthcare Security: A Cutting-Edge Zero-Trust Blockchain Solution for Protecting Electronic Health Records

The effective management of electronic health records (EHRs) is vital in healthcare. However, traditional systems often need help handling data inconsistently, providing limited access, and coordinating poorly across facilities. This study aims to tackle these issues using blockchain technology to improve EHR systems' data security, privacy, and interoperability. By thoroughly analyzing blockchain's applications in healthcare, we propose an innovative solution that leverages blockchain's decentralized and immutable nature, combined with advanced encryption techniques such as the Advanced Encryption Standard and Zero Knowledge Proof Protocol, to fortify EHR systems. Our research demonstrates that blockchain can effectively overcome significant EHR challenges, including fragmented data and interoperability problems, by facilitating secure and transparent data exchange, leading to enhanced coordination, care quality, and cost-efficiency across healthcare facilities. This study offers practical guidelines for implementing blockchain technology in healthcare, emphasizing a balanced approach to interoperability, privacy, and security. It represents a significant advancement over traditional EHR systems, boosting security and affording patients greater control over their health records. Doi: 10.28991/HIJ-2023-04-03-012 Full Text: PD

Web3.0 Security: Privacy Enhancing and Anonym Auditing in Blockchain-based Structures

The advent of Web 3.0, underpinned by blockchain technologies, promises to transform the internet's landscape by empowering individuals with decentralized control over their data. However, this evolution brings unique security challenges that need to be addressed. This paper explores these complexities, focusing on enhancing privacy and anonymous auditing within blockchain structures. We present the architecture of Web 3.0 based on the blockchain, providing a clear perspective on its workflow and security mechanisms. A security protocol for Web 3.0 systems, employing privacy-preserving techniques and anonymous auditing during runtime, is proposed. Key components of our solution include the integration of privacy-enhancing techniques and the utilization of Tor for anonymous auditing. We discuss related work and propose a framework that meets these new security requirements. Lastly, we offer an evaluation and comparison of our model to existing methods. This research contributes towards the foundational understanding of Web 3.0's secure structure and offers a pathway towards secure and privacy-preserving digital interactions in this novel internet landscape

Post-quantum blockchain for internet of things domain

This thesis was submitted for the award of Doctor of Philosophy and was awarded by Brunel University LondonIn the evolving realm of quantum computing, emerging advancements reveal substantial challenges and threats to existing cryptographic infrastructures, particularly impacting blockchain technologies. These are pivotal for securing the Internet of Things (IoT) ecosystems. The traditional blockchain structures, integral to myriad IoT applications, are susceptible to potential quantum computations, emphasizing an urgent need for innovations in post-quantum blockchain solutions to reinforce security in the expansive domain of IoT. This PhD thesis delves into the crucial exploration and meticulous examination of the development and implementation of post-quantum blockchain within the IoT landscape, focusing on the incorporation of advanced post-quantum cryptographic algorithms in Hyperledger Fabric, a forefront blockchain platform renowned for its versatility and robustness. The primary aim is to discern viable post-quantum cryptographic solutions capable of fortifying blockchain systems against impending quantum threats enhancing security and reliability in IoT applications. The research comprehensively evaluates various post-quantum public-key generation and digital signature algorithms, performing detailed analyses of their computational time and memory usage to identify optimal candidates. Furthermore, the thesis proposes an innovative lattice-based digital signature scheme Fast-Fourier Lattice-based Compact Signature over NTRU (Falcon), which leverages the Monte Carlo Markov Chain (MCMC) algorithm as a trapdoor sampler to augment its security attributes. The research introduces a post-quantum version of the Hyperledger Fabric blockchain that integrates post-quantum signatures. The system utilizes the Open Quantum Safe (OQS) library, rigorously tested against NIST round 3 candidates for optimal performance. The study highlights the capability to manage IoT data securely on the post-quantum Hyperledger Fabric blockchain through the Message Queue Telemetry Transport (MQTT) protocol. Such a configuration ensures safe data transfer from IoT sensors directly to the blockchain nodes, securing the processing and recording of sensor data within the node ledger. The research addresses the multifaceted challenges of quantum computing advancements and significantly contributes to establishing secure, efficient, and resilient post-quantum blockchain infrastructures tailored explicitly for the IoT domain. These findings are instrumental in elevating the security paradigms of IoT systems against quantum vulnerabilities and catalysing innovations in post-quantum cryptography and blockchain technologies. Furthermore, this thesis introduces strategies for the optimization of performance and scalability of post-quantum blockchain solutions and explores alternative, energy-efficient consensus mechanisms such as the Raft and Stellar Consensus Protocol (SCP), providing sustainable alternatives to the conventional Proof-of-Work (PoW) approach. A critical insight emphasized throughout this thesis is the imperative of synergistic collaboration among academia, industry, and regulatory bodies. This collaboration is pivotal to expedite the adoption and standardization of post-quantum blockchain solutions, fostering the development of interoperable and standardized technologies enriched with robust security and privacy frameworks for end users. In conclusion, this thesis furnishes profound insights and substantial contributions to implementing post-quantum blockchain in the IoT domain. It delineates original contributions to the knowledge and practices in the field, offering practical solutions and advancing the state-of-the-art in post-quantum cryptography and blockchain research, thereby paving the way for a secure and resilient future for interconnected IoT systems

Security and Privacy for Green IoT-based Agriculture: Review, Blockchain solutions, and Challenges

open access articleThis paper presents research challenges on security and privacy issues in the field of green IoT-based agriculture. We start by describing a four-tier green IoT-based agriculture architecture and summarizing the existing surveys that deal with smart agriculture. Then, we provide a classification of threat models against green IoT-based agriculture into five categories, including, attacks against privacy, authentication, confidentiality, availability, and integrity properties. Moreover, we provide a taxonomy and a side-by-side comparison of the state-of-the-art methods toward secure and privacy-preserving technologies for IoT applications and how they will be adapted for green IoT-based agriculture. In addition, we analyze the privacy-oriented blockchain-based solutions as well as consensus algorithms for IoT applications and how they will be adapted for green IoT-based agriculture. Based on the current survey, we highlight open research challenges and discuss possible future research directions in the security and privacy of green IoT-based agriculture

ForensiBlock: A Provenance-Driven Blockchain Framework for Data Forensics and Auditability

Maintaining accurate provenance records is paramount in digital forensics, as they underpin evidence credibility and integrity, addressing essential aspects like accountability and reproducibility. Blockchains have several properties that can address these requirements. Previous systems utilized public blockchains, i.e., treated blockchain as a black box, and benefiting from the immutability property. However, the blockchain was accessible to everyone, giving rise to security concerns and moreover, efficient extraction of provenance faces challenges due to the enormous scale and complexity of digital data. This necessitates a tailored blockchain design for digital forensics. Our solution, Forensiblock has a novel design that automates investigation steps, ensures secure data access, traces data origins, preserves records, and expedites provenance extraction. Forensiblock incorporates Role-Based Access Control with Staged Authorization (RBAC-SA) and a distributed Merkle root for case tracking. These features support authorized resource access with an efficient retrieval of provenance records. Particularly, comparing two methods for extracting provenance records off chain storage retrieval with Merkle root verification and a brute-force search the offchain method is significantly better, especially as the blockchain size and number of cases increase. We also found that our distributed Merkle root creation slightly increases smart contract processing time but significantly improves history access. Overall, we show that Forensiblock offers secure, efficient, and reliable handling of digital forensic dataComment: This work has been submitted to the IEEE for possible publication. Copyright may be transferred without notice, after which this version may no longer be accessibl

A Review of IoT Security and Privacy Using Decentralized Blockchain Techniques

IoT security is one of the prominent issues that has gained significant attention among the researchers in recent times. The recent advancements in IoT introduces various critical security issues and increases the risk of privacy leakage of IoT data. Implementation of Blockchain can be a potential solution for the security issues in IoT. This review deeply investigates the security threats and issues in IoT which deteriorates the effectiveness of IoT systems. This paper presents a perceptible description of the security threats, Blockchain based solutions, security characteristics and challenges introduced during the integration of Blockchain with IoT. An analysis of different consensus protocols, existing security techniques and evaluation parameters are discussed in brief. In addition, the paper also outlines the open issues and highlights possible research opportunities which can be beneficial for future research

BlockCampus: A Blockchain-Based DApp for enhancing Student Engagement and Reward Mechanisms in an Academic Community for E-JUST University

In today's digital age, online communities have become an integral part of our lives, fostering collaboration, knowledge sharing, and community engagement. Higher education institutions, in particular, can greatly benefit from dedicated platforms that facilitate academic discussions and provide incentives for active participation. This research paper presents a comprehensive study and implementation of a decentralized application (DApp) leveraging the blockchain technology to address these needs specifically for E-JUST (Egypt-Japan University of Science and Technology) students and academic staff

Using blockchain to create and capture value in the energy sector

The undergoing digital transition of the energy sector refers to the integration of decentralized ledger technologies and data-driven solutions that have the potential to truly revolutionize its ecosystem and business practices. The aim of a decentralized, inter connected and two-way interactive energy grid can be enabled by leveraging blockchain technologies. This research investigates how blockchain technology can create and capture value from data and the new business models applied in Web 3.0 and blockchain-based environments in the energy sector. A qualitative case study research design was conducted for primary data collection and pilot projects by the European Commission were used for secondary data collection. The analysis shows local energy communities as the main blockchain application in this sector, with adjacent applications such as P2P energy trading, smart contract & metering, carbon trading and grid management. The main benefits associated are transparency, integrity, grid automation and renewable energy sources promotion, and obstacles are mainly associated with the contrasting centralized design of the current energy systems. We conclude that value is created and captured through data provenance and transparency, data monetization and tokenization, and data sharing and collaboration in blockchain platforms. New business models include the decentralization and fusion between energy production and consumption, generating a new actor known as the prosumer. Fundamental to a successful implementation of local energy communities that allow energy and asset trading between peers.A transição digital do sector energético baseia-se na integração de tecnologias de registo descentralizadas e de soluções de tratamento de dados que têm o potencial de revolucionar o seu ecossistema. O objetivo de uma rede de energia descentralizada e interconectada em ambos os sentidos, pode ser concretizado através do recurso a tecnologias blockchain. Esta investigação analisa a forma como esta tecnologia pode criar e reter valor a partir de dados e dos novos modelos de negócio associados à Web 3.0 e a ambientes baseados em blockchain neste sector. Para a recolha de dados primários, foi efetuado um caso de estudo qualitativo. Para dados secundários foram analisados os projetos-piloto da Comissão Europeia. A análise demonstra que as comunidades locais de energia são a principal aplicação da blockchain, com aplicações adjacentes como trocas de energia P2P, contratos e contadores inteligentes, comércio de carbono e gestão da rede. Os principais benefícios associados são a transparência, a integridade, a automatização da rede e a promoção das fontes de energia renováveis. Os obstáculos estão principalmente associados à estrutura centralizada dos atuais sistemas energéticos. Concluímos que o valor é criado e capturado através da proveniência, transparência, monetização, tokenização e integração de dados em plataformas blockchain. Os novos modelos de negócio incluem a descentralização e a fusão entre a produção e o consumo de energia, gerando um novo elemento neste sector, o prosumer. Fundamental para uma implementação bem sucedida de comunidades locais de energia que permitam o comércio de energia e de ativos entre pares