9 research outputs found

    Security services using blockchains: A state of the art survey

    Get PDF
    This paper surveys blockchain-based approaches for several security services. These services include authentication, confidentiality, privacy and access control list, data and resource provenance, and integrity assurance. All these services are critical for the current distributed applications, especially due to the large amount of data being processed over the networks and the use of cloud computing. Authentication ensures that the user is who he/she claims to be. Confidentiality guarantees that data cannot be read by unauthorized users. Privacy provides the users the ability to control who can access their data. Provenance allows an efficient tracking of the data and resources along with their ownership and utilization over the network. Integrity helps in verifying that the data has not been modified or altered. These services are currently managed by centralized controllers, for example, a certificate authority. Therefore, the services are prone to attacks on the centralized controller. On the other hand, blockchain is a secured and distributed ledger that can help resolve many of the problems with centralization. The objectives of this paper are to give insights on the use of security services for current applications, to highlight the state of the art techniques that are currently used to provide these services, to describe their challenges, and to discuss how the blockchain technology can resolve these challenges. Further, several blockchain-based approaches providing such security services are compared thoroughly. Challenges associated with using blockchain-based security services are also discussed to spur further research in this area. - 2018 IEEE.Manuscript received August 29, 2017; revised February 18, 2018 and June 14, 2018; accepted July 17, 2018. Date of publication August 7, 2018; date of current version February 22, 2019. This work was supported in part by the NPRP award from the Qatar National Research Fund (a member of The Qatar Foundation) under Grant NPRP 8-634-1-131, and in part by NSF under Grant CNS-1547380. (Corresponding author: Tara Salman.) T. Salman, M. Zolanvari, and R. Jain are with the Computer Science and Engineering Department, Washington University in St. Louis, St. Louis, MO 63130 USA (e-mail: [email protected]; [email protected]; [email protected]).Scopu

    Security Services Using Blockchains: A State of the Art Survey

    Get PDF
    This article surveys blockchain-based approaches for several security services. These services include authentication, confidentiality, privacy and access control list (ACL), data and resource provenance, and integrity assurance. All these services are critical for the current distributed applications, especially due to the large amount of data being processed over the networks and the use of cloud computing. Authentication ensures that the user is who he/she claims to be. Confidentiality guarantees that data cannot be read by unauthorized users. Privacy provides the users the ability to control who can access their data. Provenance allows an efficient tracking of the data and resources along with their ownership and utilization over the network. Integrity helps in verifying that the data has not been modified or altered. These services are currently managed by centralized controllers, for example, a certificate authority. Therefore, the services are prone to attacks on the centralized controller. On the other hand, blockchain is a secured and distributed ledger that can help resolve many of the problems with centralization. The objectives of this paper are to give insights on the use of security services for current applications, to highlight the state of the art techniques that are currently used to provide these services, to describe their challenges, and to discuss how the blockchain technology can resolve these challenges. Further, several blockchain-based approaches providing such security services are compared thoroughly. Challenges associated with using blockchain-based security services are also discussed to spur further research in this area

    Cyber Security of Critical Infrastructures

    Get PDF
    Critical infrastructures are vital assets for public safety, economic welfare, and the national security of countries. The vulnerabilities of critical infrastructures have increased with the widespread use of information technologies. As Critical National Infrastructures are becoming more vulnerable to cyber-attacks, their protection becomes a significant issue for organizations as well as nations. The risks to continued operations, from failing to upgrade aging infrastructure or not meeting mandated regulatory regimes, are considered highly significant, given the demonstrable impact of such circumstances. Due to the rapid increase of sophisticated cyber threats targeting critical infrastructures with significant destructive effects, the cybersecurity of critical infrastructures has become an agenda item for academics, practitioners, and policy makers. A holistic view which covers technical, policy, human, and behavioural aspects is essential to handle cyber security of critical infrastructures effectively. Moreover, the ability to attribute crimes to criminals is a vital element of avoiding impunity in cyberspace. In this book, both research and practical aspects of cyber security considerations in critical infrastructures are presented. Aligned with the interdisciplinary nature of cyber security, authors from academia, government, and industry have contributed 13 chapters. The issues that are discussed and analysed include cybersecurity training, maturity assessment frameworks, malware analysis techniques, ransomware attacks, security solutions for industrial control systems, and privacy preservation methods

    Cybersecurity and the Digital Health: An Investigation on the State of the Art and the Position of the Actors

    Get PDF
    Cybercrime is increasingly exposing the health domain to growing risk. The push towards a strong connection of citizens to health services, through digitalization, has undisputed advantages. Digital health allows remote care, the use of medical devices with a high mechatronic and IT content with strong automation, and a large interconnection of hospital networks with an increasingly effective exchange of data. However, all this requires a great cybersecurity commitment—a commitment that must start with scholars in research and then reach the stakeholders. New devices and technological solutions are increasingly breaking into healthcare, and are able to change the processes of interaction in the health domain. This requires cybersecurity to become a vital part of patient safety through changes in human behaviour, technology, and processes, as part of a complete solution. All professionals involved in cybersecurity in the health domain were invited to contribute with their experiences. This book contains contributions from various experts and different fields. Aspects of cybersecurity in healthcare relating to technological advance and emerging risks were addressed. The new boundaries of this field and the impact of COVID-19 on some sectors, such as mhealth, have also been addressed. We dedicate the book to all those with different roles involved in cybersecurity in the health domain

    Jornadas Nacionales de Investigación en Ciberseguridad: actas de las VIII Jornadas Nacionales de Investigación en ciberseguridad: Vigo, 21 a 23 de junio de 2023

    Get PDF
    Jornadas Nacionales de Investigación en Ciberseguridad (8ª. 2023. Vigo)atlanTTicAMTEGA: Axencia para a modernización tecnolóxica de GaliciaINCIBE: Instituto Nacional de Cibersegurida

    Secure and safe virtualization-based framework for embedded systems development

    Get PDF
    Tese de Doutoramento - Programa Doutoral em Engenharia Electrónica e de Computadores (PDEEC)The Internet of Things (IoT) is here. Billions of smart, connected devices are proliferating at rapid pace in our key infrastructures, generating, processing and exchanging vast amounts of security-critical and privacy-sensitive data. This strong connectivity of IoT environments demands for a holistic, end-to-end security approach, addressing security and privacy risks across different abstraction levels: device, communications, cloud, and lifecycle managment. Security at the device level is being misconstrued as the addition of features in a late stage of the system development. Several software-based approaches such as microkernels, and virtualization have been used, but it is proven, per se, they fail in providing the desired security level. As a step towards the correct operation of these devices, it is imperative to extend them with new security-oriented technologies which guarantee security from the outset. This thesis aims to conceive and design a novel security and safety architecture for virtualized systems by 1) evaluating which technologies are key enablers for scalable and secure virtualization, 2) designing and implementing a fully-featured virtualization environment providing hardware isolation 3) investigating which "hard entities" can extend virtualization to guarantee the security requirements dictated by confidentiality, integrity, and availability, and 4) simplifying system configurability and integration through a design ecosystem supported by a domain-specific language. The developed artefacts demonstrate: 1) why ARM TrustZone is nowadays a reference technology for security, 2) how TrustZone can be adequately exploited for virtualization in different use-cases, 3) why the secure boot process, trusted execution environment and other hardware trust anchors are essential to establish and guarantee a complete root and chain of trust, and 4) how a domain-specific language enables easy design, integration and customization of a secure virtualized system assisted by the above mentioned building blocks.Vivemos na era da Internet das Coisas (IoT). Biliões de dispositivos inteligentes começam a proliferar nas nossas infraestruturas chave, levando ao processamento de avolumadas quantidades de dados privados e sensíveis. Esta forte conectividade inerente ao conceito IoT necessita de uma abordagem holística, em que os riscos de privacidade e segurança são abordados nas diferentes camadas de abstração: dispositivo, comunicações, nuvem e ciclo de vida. A segurança ao nível dos dispositivos tem sido erradamente assegurada pela inclusão de funcionalidades numa fase tardia do desenvolvimento. Têm sido utilizadas diversas abordagens de software, incluindo a virtualização, mas está provado que estas não conseguem garantir o nível de segurança desejado. De forma a garantir a correta operação dos dispositivos, é fundamental complementar os mesmos com novas tecnologias que promovem a segurança desde os primeiros estágios de desenvolvimento. Esta tese propõe, assim, o desenvolvimento de uma solução arquitetural inovadora para sistemas virtualizados seguros, contemplando 1) a avaliação de tecnologias chave que promovam tal realização, 2) a implementação de uma solução de virtualização garantindo isolamento por hardware, 3) a identificação de componentes que integrados permitirão complementar a virtualização para garantir os requisitos de segurança, e 4) a simplificação do processo de configuração e integração da solução através de um ecossistema suportado por uma linguagem de domínio específico. Os artefactos desenvolvidos demonstram: 1) o porquê da tecnologia ARM TrustZone ser uma tecnologia de referência para a segurança, 2) a efetividade desta tecnologia quando utilizada em diferentes domínios, 3) o porquê do processo seguro de inicialização, juntamente com um ambiente de execução seguro e outros componentes de hardware, serem essenciais para estabelecer uma cadeia de confiança, e 4) a viabilidade em utilizar uma linguagem de um domínio específico para configurar e integrar um ambiente virtualizado suportado pelos artefactos supramencionados

    Desarrollo de un sistema exportable de confianza corporativa: Aplicación a entornos de trazabilidad de productos

    Get PDF
    Cada vez es más habitual que en los procesos de fabricación participen diversos fabricantes y empresas. Por otro lado, una característica de los productos muy valorada hoy en día por los consumidores, es la calidad. Ya no es suficiente con producir barato, sino que cada vez es más importante producir con calidad, siendo ésta un factor diferenciador de las manufacturas que se realizan bajo las diversas marcas. La calidad se está integrando cada vez más en las empresas y en sus procesos productivos y de gestión, como un valor añadido y diferenciador del producto. Es habitual encontrar diversos controles de calidad a lo largo de los procesos de fabricación. Lo que ya no es tan habitual es que se pueda identificar a los operarios encargados del control de calidad. A lo sumo, el encargado del control de calidad final deja algún tipo de identificación (por ejemplo un pequeño adhesivo o etiqueta con un número impreso), pero esta identificación carece de sentido en cuanto el producto entra en otra cadena de producción o llega al comprador. En este escenario, aparece otro factor importante como es la confianza. En los actuales sistemas productivos se deben establecer relaciones de confianza entre las empresas encargadas de las diferentes fases de producción (todas esperan que las demás hagan su trabajo según lo acordado). Además, los agentes designados para verificar la adecuación de los productos a lo esperado en las diversas fases de producción, son depositarios de la confianza de la empresa a la que pertenecen. El objetivo principal de la tesis es el desarrollo de un modelo de confianza corporativa exportable, que sea sencillo y económico de implementar. Para ello, se ha propuesto un sistema confiable de identidad digital de los productos. Es decir, cada producto posee un conjunto de atributos que definen su identidad digital, que lo hace único, pero además, cada uno de estos atributos está avalado por el agente de control que lo verificó, por tanto se puede afirmar que es una identidad de calidad. Con este planteamiento, y con una infraestructura mínima, se pueden integrar en el sistema todos los procesos y compañías involucrados en la cadena de producción, bajo un sello de calidad común: la identidad de calidad del producto. Para comprobar la validez de esta propuesta, se ha realizado una prueba de concepto, integrando este sistema de identidad de calidad en un entorno de trazabilidad alimentaria basada en RFID (identificación por radiofrecuencia). Este prototipo, que sirve para securizar la trazabilidad de un producto cárnico elaborado, se ha realizado sobre la tecnología de etiquetado basada en RFID. Con esta tecnología, y para las condiciones ambientales donde se ha desarrollado el proceso de producción de las piezas a controlar en este caso concreto, el tipo de etiquetas idóneo dispone de una cantidad de memoria extremadamente reducida. Además, debido a que anualmente deben utilizarse cientos de miles de etiquetas, el coste de estas etiquetas debe ser sumamente bajo, por lo que sólo es posible utilizar etiquetas muy sencillas (y por tanto sin capacidades de cálculo). Para poder utilizar este tipo de etiquetas, se ha planteado que las operaciones criptográficas no sean realizadas en la etiqueta, sino en un sistema externo basado en una Infraestructura de Clave Pública (PKI), de manera que la etiqueta sólo sirve como soporte de datos en texto plano (sin cifrar), pero firmados electrónicamente. Para resolver el problema del poco espacio de memoria disponible para las firmas de los diferentes agentes de control, se ha recurrido a la utilización de firmas agregadas. Además, al trabajar con criptografía de curvas elípticas, el tamaño de la firma es notablemente menor, para un mismo nivel de seguridad, que el de otros sistemas. Adicionalmente, el sistema propuesto permite transferir la confianza entre las compañías implicadas en un proceso de producción (basta compartir las claves públicas de los firmantes y sus nombres), y se adapta a cualquier entorno productivo. Por todo ello, el sistema propuesto resuelve de forma eficaz la integración de diversas empresas en el proceso de fabricación de un producto, con escaso coste, y permitiendo una verificación de la identidad digital en cualquier parte del proceso, incluida la fase de comercialización
    corecore