A Fair and Secure Cluster Formation Process for Ad Hoc Networks

An efficient approach for organizing large ad hoc networks is to divide the nodes into multiple clusters and designate, for each cluster, a clusterhead which is responsible for holding intercluster control information. The role of a clusterhead entails rights and duties. On the one hand, it has a dominant position in front of the others because it manages the connectivity and has access to other node¿s sensitive information. But on the other hand, the clusterhead role also has some associated costs. Hence, in order to prevent malicious nodes from taking control of the group in a fraudulent way and avoid selfish attacks from suitable nodes, the clusterhead needs to be elected in a secure way. In this paper we present a novel solution that guarantees the clusterhead is elected in a cheat-proof manner

PDFS: Practical Data Feed Service for Smart Contracts

Smart contracts are a new paradigm that emerged with the rise of the blockchain technology. They allow untrusting parties to arrange agreements. These agreements are encoded as a programming language code and deployed on a blockchain platform, where all participants execute them and maintain their state. Smart contracts are promising since they are automated and decentralized, thus limiting the involvement of third trusted parties, and can contain monetary transfers. Due to these features, many people believe that smart contracts will revolutionize the way we think of distributed applications, information sharing, financial services, and infrastructures. To release the potential of smart contracts, it is necessary to connect the contracts with the outside world, such that they can understand and use information from other infrastructures. For instance, smart contracts would greatly benefit when they have access to web content. However, there are many challenges associated with realizing such a system, and despite the existence of many proposals, no solution is secure, provides easily-parsable data, introduces small overheads, and is easy to deploy. In this paper we propose PDFS, a practical system for data feeds that combines the advantages of the previous schemes and introduces new functionalities. PDFS extends content providers by including new features for data transparency and consistency validations. This combination provides multiple benefits like content which is easy to parse and efficient authenticity verification without breaking natural trust chains. PDFS keeps content providers auditable, mitigates their malicious activities (like data modification or censorship), and allows them to create a new business model. We show how PDFS is integrated with existing web services, report on a PDFS implementation and present results from conducted case studies and experiments.Comment: Blockchain; Smart Contracts; Data Authentication; Ethereu

Establishing the digital chain of evidence in biometric systems

Traditionally, a chain of evidence or chain of custody refers to the chronological documentation, or paper trail, showing the seizure, custody, control, transfer, analysis, and disposition of evidence, physical or electronic. Whether in the criminal justice system, military applications, or natural disasters, ensuring the accuracy and integrity of such chains is of paramount importance. Intentional or unintentional alteration, tampering, or fabrication of digital evidence can lead to undesirable effects. We find despite the consequences at stake, historically, no unique protocol or standardized procedure exists for establishing such chains. Current practices rely on traditional paper trails and handwritten signatures as the foundation of chains of evidence.;Copying, fabricating or deleting electronic data is easier than ever and establishing equivalent digital chains of evidence has become both necessary and desirable. We propose to consider a chain of digital evidence as a multi-component validation problem. It ensures the security of access control, confidentiality, integrity, and non-repudiation of origin. Our framework, includes techniques from cryptography, keystroke analysis, digital watermarking, and hardware source identification. The work offers contributions to many of the fields used in the formation of the framework. Related to biometric watermarking, we provide a means for watermarking iris images without significantly impacting biometric performance. Specific to hardware fingerprinting, we establish the ability to verify the source of an image captured by biometric sensing devices such as fingerprint sensors and iris cameras. Related to keystroke dynamics, we establish that user stimulus familiarity is a driver of classification performance. Finally, example applications of the framework are demonstrated with data collected in crime scene investigations, people screening activities at port of entries, naval maritime interdiction operations, and mass fatality incident disaster responses

An Analysis of Information Assurance Relating to the Department of Defense Radio Frequency Identification (RFID) Passive Network

The mandates for suppliers to commence Radio Frequency Identification tagging set by Wal-Mart and the Department of Defense is changing this long-time rumored technology into reality. Despite the many conveniences to automate and improve asset tracking this technology offers, consumer groups have obstinately opposed this adoption due to the perceived weaknesses in security and privacy of the network. While the heated debate between consumers and retailers continues, little to no research has addressed the implications of security on the Department of Defense Radio Frequency Identification network. This thesis utilized a historical analysis of Radio Frequency Identification literature to determine whether the current network design causes any serious security concerns adversaries could exploit. The research concluded that at the present level of implementation, there is little cause for concern over the security of the network, but as the network grows to its full deployment, more evaluation and monitoring of security issues will require further consideration

Enhanced Version Control for Unconventional Applications

The Extensible Markup Language (XML) is widely used to store, retrieve, and share digital documents. Recently, a form of Version Control System has been applied to the language, resulting in Version-Aware XML allowing for enhanced portability and scalability. While Version Control Systems are able to keep track of changes made to documents, we think that there is untapped potential in the technology. In this dissertation, we present novel ways of using Version Control System to enhance the security and performance of existing applications. We present a framework to maintain integrity in offline XML documents and provide non-repudiation security features that are independent of central certificate repositories. In addition, we use Version Control information to enhance the performance of Automated Policy Enforcement eXchange framework (APEX), an existing document security framework developed by Hewlett-Packard (HP) Labs. Finally, we present an interactive and scalable visualization framework to represent Version-Aware-related data that helps users visualize and understand version control data, delete specific revisions of a document, and access a comprehensive overview of the entire versioning history

Decentralized factoring for self-sovereign identities

Invoice factoring is a handy tool for developing businesses that face liq- uidity problems. The main property that a factoring system needs to fulfill is to prevent an invoice from being factored twice. Distributed ledger tech- nology is suitable for implementing the platform to register invoice factor- ing agreements and prevent double-factoring. Several works have been proposed to use this technology for invoice factoring. However, current proposals lack in one or several aspects such as decentralization and secu- rity against corruption, protecting business and personally identifiable in- formation (PII), providing non-repudiation for handling disputes, Know- Your-Customer (KYC) compliance, easy user on-boarding, and being cost- efficient. In this article, a factoring registration protocol is proposed for invoice factoring registration based on a public distributed ledger which adheres to the before-mentioned requirements. We include a relayer in our architecture to address the entry barrier that the users have due to the need of managing cryptocurrencies for interacting with the public ledger. Moreover, we leverage the concept of Verifiable Credentials (VCs) for KYC compliance, and allow parties to implement their self-sovereign identities by using decentralized identifiers (DIDs). DIDs enable us to relay on the DIDComm protocol for asynchronous and secure off-chain communica- tions. We analyze our protocol from several security aspects, compare it to the related work, and study a possible business use case. Our evalu- ations demonstrate that our proposal is secure and efficient, and covers requirements not addressed by existing related work.This research has been funded by i3Market (H2020-ICT-2019-2 grant number 871754). This work is also supported by the TCO-RISEBLOCK (PID2019-110224RB-I00), ARPASAT (TEC2015- 70197-R), and by the Generalitat de Catalunya grant 2014-SGR-1504.Peer ReviewedPostprint (published version

Security in a Distributed Processing Environment

Distribution plays a key role in telecommunication and computing systems today. It has become a necessity as a result of deregulation and anti-trust legislation, which has forced businesses to move from centralised, monolithic systems to distributed systems with the separation of applications and provisioning technologies, such as the service and transportation layers in the Internet. The need for reliability and recovery requires systems to use replication and secondary backup systems such as those used in ecommerce. There are consequences to distribution. It results in systems being implemented in heterogeneous environment; it requires systems to be scalable; it results in some loss of control and so this contributes to the increased security issues that result from distribution. Each of these issues has to be dealt with. A distributed processing environment (DPE) is middleware that allows heterogeneous environments to operate in a homogeneous manner. Scalability can be addressed by using object-oriented technology to distribute functionality. Security is more difficult to address because it requires the creation of a distributed trusted environment. The problem with security in a DPE currently is that it is treated as an adjunct service, i.e. and after-thought that is the last thing added to the system. As a result, it is not pervasive and therefore is unable to fully support the other DPE services. DPE security needs to provide the five basic security services, authentication, access control, integrity, confidentiality and non-repudiation, in a distributed environment, while ensuring simple and usable administration. The research, detailed in this thesis, starts by highlighting the inadequacies of the existing DPE and its services. It argues that a new management structure was introduced that provides greater flexibility and configurability, while promoting mechanism and service independence. A new secure interoperability framework was introduced which provides the ability to negotiate common mechanism and service level configurations. New facilities were added to the non-repudiation and audit services. The research has shown that all services should be security-aware, and therefore would able to interact with the Enhanced Security Service in order to provide a more secure environment within a DPE. As a proof of concept, the Trader service was selected. Its security limitations were examined, new security behaviour policies proposed and it was then implemented as a Security-aware Trader, which could counteract the existing security limitations.IONA TECHNOLOGIES PLC & ORANG

Metamorphosing Indian Blockchain ecosystem

A blockchain is a decentralised database that is shared across computer network nodes. A blockchain acts as a database, storing information in a digital format. The study primarily aims to explore how in the future, block chain technology will alter several areas of the Indian economy. The current study aims to obtain a deeper understanding of blockchain technology's idea and implementation in India, as well as the technology's potential as a disruptive financial technological innovation. Secondary sources such as reports, journals, papers, and websites were used to compile all the data. Current and relevant information were utilised to help understand the research goals. All the information is rationally organised to fulfil the objectives. The current research focuses on recommendations for enhancing India's Blockchain ecosystem so that it may become one of the best in the world at utilising this new technology

Invoice factoring through blockchain technology

(English) Invoice factoring has been a popular way to provide cash flow for businesses. The primary function of a factoring system is to prevent an invoice from being factored twice. In order to prevent double factoring, many factoring ecosystems use one or several centralized entities to register factoring agreements. However, this puts a lot of power in the hands of these centralized entities and makes it difficult for users to dispute situations in which factoring data is unavailable, wrongly recorded or manipulated by negligence or on purpose. This thesis presents our research around the current problems of invoice factoring and our new solutions to solve this process using the blockchain technology. A public blockchain can keep a permanent, secure, ordered and transparent record of transactions which are then available for everyone at any time to view and verify. In this thesis, we start proposing a base solution, and we gradually enhance it. In the base protocol, we propose an architecture for invoicing registration based on a general blockchain. The blockchain platform builds trust between the parties by executing transactions correctly. We employed a smart contract to complete the registration process, and prevent double factoring. The smart contract provides for auditing and dispute resolution in such a way that privacy is protected and relevant information is always available. In the second protocol, we add a relayer to our architecture for easier on-boarding. Only the relayer is required to submit blockchain transactions, and pay the corresponding fees. Other participants can proxy their transactions through the relayer, and pay the relayer in fiat money. We also enhance our identity management and authentication using the concept of verifiable credentials (VC) in order to better comply with the Know-Your-Customer (KYC) regulation. In fact, in this architecture, participants use their decentralized identifiers (DIDs) and the DIDComm protocol for asynchronous and secure off-chain interactions. In the final protocol, we greatly enhance our smart contract with respect to the conditions it checks before registering an invoice factoring. We integrate non-interactive zero-knowledge proofs and cryptographic commitments into our solution. With these cryptographic tools in place, we can prevent a special type of denial of service (DoS) attack and better verify invoice details without compromising privacy. Our protocols are very efficient in terms of blockchain costs. In particular, we only need one transaction to register an invoice factoring, and most of the details are recorded in low-cost blockchain storage. Our evaluations and comparison with the literature reveals that our protocols are superior to the related works with respect to efficiency, security, privacy, and ease of use.(Català) La venda de factures o "invoice factoring" ha estat una forma popular de proporcionar flux de caixa a les empreses. La funció principal d'un sistema de venda de factures és evitar que una factura sigui venuda dues vegades. Per evitar la doble venda, molts ecosistemes de factoring utilitzen entitats centralitzades per registrar els acords de venda de factures. Això, però, posa molt poder en mans d'aquestes entitats centralitzades i dificulta que els usuaris puguin impugnar o rebatre situacions en què les dades de venda no estan disponibles, es registren erròniament o es manipulen ja sigui per negligència o a propòsit. Aquesta tesi presenta la nostra recerca al voltant dels problemes actuals dels sistemes de registre de venda de factures i les nostres novedosses solucions per resoldre aquest procés utilitzant la tecnologia "blockchain" (cadena de blocs). Mitjançant una blockchain pública es pot mantenir un registre permanent, segur, ordenat i transparent de transaccions que estan disponibles per a tothom en qualsevol moment per poder ser observades i verificades. A la tesi, comencem proposant una solució base i la anem ampliant i millorant gradualment. La primera proposta és un protocol que utilitza una arquitectura amb blockchain. La plataforma blockchain genera confiança entre les parts ja que garanteix la correcta execució de les transaccions. En aquest sentit, fem servir un contracte intel·ligent per completar el procés de registre i evitar la doble venda. El contracte intel·ligent permet l'auditoria i la resolució de disputes de manera que protegim la privadesa i fem que la informació rellevant estigui sempre disponible. Al segon protocol, afegim un "relay" o retransmissor a la nostra arquitectura per facilitar la incorporació d'usuaris al sistema. El retransmissor és l'únic que envia transaccions a la cadena de blocs i el que paga les taxes corresponents. Els altres participants poden delegar l'enviament de les seves transaccions al repetidor i pagar amb diners fiduciaris. En aquesta proposta també millorem la gestió de la identitat i de l'autenticació utilitzant el concepte de credencials verificables (Verifiable Credentials o VC) per complir millor amb la normativa "Conegui el seu client" (Know Your Customer o KYC). De fet, en aquesta arquitectura, els participants utilitzen els seus identificadors descentralitzats (Decentralized Identifier o DID) i el protocol DIDComm per a les interaccions asíncrones i segures fora de la cadena. Al protocol final, millorem en gran mesura el nostre contracte intel·ligent pel que fa a les condicions que comprova abans de registrar una venda de factura. En aquesta última solució, integrem proves no interactives de coneixement nul (Zero Knowledge Proofs o ZKP) i compromisos criptogràfics. Amb aquestes eines, podem evitar un tipus especial d'atac de denegació de servei (Denial of Service o DoS) i verificar millor els detalls de les factures sense comprometre la privadesa. Els nostres protocols són molt eficients en termes de cost per comissions. En particular, només necessitem una transacció per registrar una factura i la majoria dels detalls es registren a l'emmagatzematge de la cadena de blocs de baix cost. Les nostres avaluacions i la comparació amb la literatura revelen que els nostres protocols són superiors als treballs relacionats pel que fa a l'eficiència, la seguretat, la privadesa i facilitat d'ús.Enginyeria telemàtic