525 research outputs found
Beyond the Hype: On Using Blockchains in Trust Management for Authentication
Trust Management (TM) systems for authentication are vital to the security of
online interactions, which are ubiquitous in our everyday lives. Various
systems, like the Web PKI (X.509) and PGP's Web of Trust are used to manage
trust in this setting. In recent years, blockchain technology has been
introduced as a panacea to our security problems, including that of
authentication, without sufficient reasoning, as to its merits.In this work, we
investigate the merits of using open distributed ledgers (ODLs), such as the
one implemented by blockchain technology, for securing TM systems for
authentication. We formally model such systems, and explore how blockchain can
help mitigate attacks against them. After formal argumentation, we conclude
that in the context of Trust Management for authentication, blockchain
technology, and ODLs in general, can offer considerable advantages compared to
previous approaches. Our analysis is, to the best of our knowledge, the first
to formally model and argue about the security of TM systems for
authentication, based on blockchain technology. To achieve this result, we
first provide an abstract model for TM systems for authentication. Then, we
show how this model can be conceptually encoded in a blockchain, by expressing
it as a series of state transitions. As a next step, we examine five prevalent
attacks on TM systems, and provide evidence that blockchain-based solutions can
be beneficial to the security of such systems, by mitigating, or completely
negating such attacks.Comment: A version of this paper was published in IEEE Trustcom.
http://ieeexplore.ieee.org/document/8029486
Peer-to-Peer File Sharing WebApp: Enhancing Data Security and Privacy through Peer-to-Peer File Transfer in a Web Application
Peer-to-peer (P2P) networking has emerged as a promising technology that enables distributed systems to operate in a decentralized manner. P2P networks are based on a model where each node in the network can act as both a client and a server, thereby enabling data and resource sharing without relying on centralized servers. The P2P model has gained considerable attention in recent years due to its potential to provide a scalable, fault-tolerant, and resilient architecture for various applications such as file sharing, content distribution, and social networks.In recent years, researchers have also proposed hybrid architectures that combine the benefits of both structured and unstructured P2P networks. For example, the Distributed Hash Table (DHT) is a popular hybrid architecture that provides efficient lookup and search algorithms while maintaining the flexibility and adaptability of the unstructured network.To demonstrate the feasibility of P2P systems, several prototypes have been developed, such as the BitTorrent file-sharing protocol and the Skype voice-over-IP (VoIP) service. These prototypes have demonstrated the potential of P2P systems for large-scale applications and have paved the way for the development of new P2P-based systems
DStore: Blockchain-Powered Decentralized Cloud Mesh
Data is a critical asset for any company, as well as for any individual as well, but it is also vulnerable to attack. In the last few years, we have seen an alarming increase in data breaches that have compromised millions of accounts and resulted in billions of dollars lost. But how do you protect something so sensitive? In response to this, we propose our Project. This project focuses on developing a Decentralized Cloud Storage to store and secure data. You don't access data simply specifying 'where it is' in Decentralised Cloud Storage. Instead, you define 'what it is'. Because data is distributed throughout a global network rather than being stored in a specific location, the concept of location is rendered obsolete in decentralised cloud storage
Authorization and authentication strategy for mobile highly constrained edge devices
The rising popularity of mobile devices has driven the need for faster connection speeds and more flexible authentication and authorization methods. This project aims to develop and implement an innovative system that provides authentication and authorization for both the device and the user. It also facilitates real-time user re-authentication within the application, ensuring transparency throughout the process. Additionally, the system aims to establish a secure architecture that minimizes the computational requirements on the client's device, thus optimizing the device's battery life. The achieved results have demonstrated satisfactory outcomes, validating the effectiveness of the proposed solution. However, there is still potential for further improvement to enhance its overall performance
Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning
The secret keys of critical network authorities - such as time, name,
certificate, and software update services - represent high-value targets for
hackers, criminals, and spy agencies wishing to use these keys secretly to
compromise other hosts. To protect authorities and their clients proactively
from undetected exploits and misuse, we introduce CoSi, a scalable witness
cosigning protocol ensuring that every authoritative statement is validated and
publicly logged by a diverse group of witnesses before any client will accept
it. A statement S collectively signed by W witnesses assures clients that S has
been seen, and not immediately found erroneous, by those W observers. Even if S
is compromised in a fashion not readily detectable by the witnesses, CoSi still
guarantees S's exposure to public scrutiny, forcing secrecy-minded attackers to
risk that the compromise will soon be detected by one of the W witnesses.
Because clients can verify collective signatures efficiently without
communication, CoSi protects clients' privacy, and offers the first
transparency mechanism effective against persistent man-in-the-middle attackers
who control a victim's Internet access, the authority's secret key, and several
witnesses' secret keys. CoSi builds on existing cryptographic multisignature
methods, scaling them to support thousands of witnesses via signature
aggregation over efficient communication trees. A working prototype
demonstrates CoSi in the context of timestamping and logging authorities,
enabling groups of over 8,000 distributed witnesses to cosign authoritative
statements in under two seconds.Comment: 20 pages, 7 figure
ARTIFICIAL INTELLIGENCE IN BLOCKCHAIN-PROVIDE DIGITAL TECHNOLOGY
Artificial intelligence technologies, today, are rapidly developing and are an important branch of Computer Science. Artificial intelligence is at the heart of research and development of theory, methods, technologies, and applications for modeling and expanding human intelligence. Artificial intelligence technology has three key aspects, namely data, algorithm, and computing power, in the sense that training an algorithm to produce a classification model requires significant data, and the learning process requires improved computing capabilities. In the age of big data, information can come from a variety of sources (such as sensor systems, Internet of Things (IoT) devices and systems, as well as social media platforms) and/or belong to different stakeholders. This mostly leads to a number of problems. One of the key problems is isolated data Islands, where data from a single source/stakeholder is not available to other parties or training an artificial intelligence model, or it is financially difficult or impractical to collect a large amount of distributed data for Centralized Processing and training. There is also a risk of becoming a single point of failure in centralized architectures, which can lead to data intrusion. In addition, data from different sources may be unstructured and differ in quality, and it may also be difficult to determine the source and validity of the data. There is also a risk of invalid or malicious data. All these restrictions may affect the accuracy of the forecast. In practice, artificial intelligence models are created, trained, and used by various subjects. The learning process is not transparent to users, and users may not fully trust the model they are using. In addition, as artificial intelligence algorithms become more complex, it is difficult for people to understand how the result of training is obtained. So, recently there has been a tendency to move away from centralized approaches to artificial intelligence to decentralized ones
DECENTRALIZING THE INTERNET OF MEDICAL THINGS: THE INTERPLANETARY HEALTH LAYER
Medical mobile applications have the potential to revolutionize the healthcare industry by providing patients with easy access to their personal health information, enabling them to communicate with healthcare providers remotely and consequently improving patient outcomes by providing personalized health information. However, these applications are usually limited by privacy and security issues. A possible solution is to exploit decentralization distributing privacy concerns directly to users. Solutions enabling this vision are closely linked to Distributed Ledger Technologies that have the potential to revolutionize the healthcare industry by creating a secure and transparent system for managing patient data without a central authority. The decentralized nature of the technology allows for the creation of an international data layer that is accessible to authorized parties while preserving patient privacy. This thesis envisions the InterPlanetary Health Layer along with its implementation attempt called Halo Network and an Internet of Medical Things application called Balance as a use case. Throughout the thesis, we explore the benefits and limitations of using the technology, analyze potential use cases, and look out for future directions.Medical mobile applications have the potential to revolutionize the healthcare industry by providing patients with easy access to their personal health information, enabling them to communicate with healthcare providers remotely and consequently improving patient outcomes by providing personalized health information. However, these applications are usually limited by privacy and security issues. A possible solution is to exploit decentralization distributing privacy concerns directly to users. Solutions enabling this vision are closely linked to Distributed Ledger Technologies that have the potential to revolutionize the healthcare industry by creating a secure and transparent system for managing patient data without a central authority. The decentralized nature of the technology allows for the creation of an international data layer that is accessible to authorized parties while preserving patient privacy. This thesis envisions the InterPlanetary Health Layer along with its implementation attempt called Halo Network and an Internet of Medical Things application called Balance as a use case. Throughout the thesis, we explore the benefits and limitations of using the technology, analyze potential use cases, and look out for future directions
- …