Architecture for privacy-preserving brokerage of analytics using Multi Party Computation, Self Sovereign Identity and Blockchain

In our increasingly digitized world, the value of data is clear and proved, and many solutions and businesses have been developed to harness it. In particular, personal data (such as health-related data) is highly valuable, but it is also sensitive and could harm the owners if misused. In this context, data marketplaces could enhance the circulation of data and enable new businesses and solutions. However, in the case of personal data, marketplaces would necessarily have to comply with existing regulations, and they would also need to make users privacy protection a priority. In particular, privacy protection has been only partially accomplished by existing datamarkets, as they themselves can gather information about the individuals connected with the datasets they handle. In this thesis is presented an architecture proposal for KRAKEN, a new datamarket that provides privacy guarantees at every step in the data exchange and analytics pipeline. This is accomplished through the use of multi-party computation, blockchain and self-sovereign identity technologies. In addition to that, the thesis presents also a privacy analysis of the entire system. The analysis indicated that KRAKEN is safe from possible data disclosures to the buyers. On the other hand, some potential threats regarding the disclosure of data to the datamarket itself were identified, although posing a low-priority risk, given their rare chance of occurrence. Moreover the author of this thesis elaborated remarks on the decentralisation of the architecture and possible improvements to increase the security. These improvements are accompanied by the solutions identified in the paper that proposes the adoption of a trust measure for the MPC nodes. The work on the paper and the thesis contributed to the personal growth of the author, specifically improving his knowledge of cryptography by learning new schemes such as group signatures, zero knowledge proof of knowledge and multi-party computation. He improved his skills in writing academic papers and in working in a team of researchers leading a research area

Viiteraamistik turvariskide haldamiseks plokiahela abil

Turvalise tarkvara loomiseks on olemas erinevad programmid (nt OWASP), ohumudelid (nt STRIDE), turvariskide juhtimise mudelid (nt ISSRM) ja eeskirjad (nt GDPR). Turvaohud aga arenevad pidevalt, sest traditsiooniline tehnoloogiline infrastruktuur ei rakenda turvameetmeid kavandatult. Blockchain näib leevendavat traditsiooniliste rakenduste turvaohte. Kuigi plokiahelapõhiseid rakendusi peetakse vähem haavatavateks, ei saanud need erinevate turvaohtude eest kaitsmise hõbekuuliks. Lisaks areneb plokiahela domeen pidevalt, pakkudes uusi tehnikaid ja sageli vahetatavaid disainikontseptsioone, mille tulemuseks on kontseptuaalne ebaselgus ja segadus turvaohtude tõhusal käsitlemisel. Üldiselt käsitleme traditsiooniliste rakenduste TJ-e probleemi, kasutades vastumeetmena plokiahelat ja plokiahelapõhiste rakenduste TJ-t. Alustuseks uurime, kuidas plokiahel leevendab traditsiooniliste rakenduste turvaohte, ja tulemuseks on plokiahelapõhine võrdlusmudel (PV), mis järgib TJ-e domeenimudelit. Järgmisena esitleme PV-it kontseptualiseerimisega alusontoloogiana kõrgema taseme võrdlusontoloogiat (ULRO). Pakume ULRO kahte eksemplari. Esimene eksemplar sisaldab Cordat, kui lubatud plokiahelat ja finantsjuhtumit. Teine eksemplar sisaldab lubadeta plokiahelate komponente ja tervishoiu juhtumit. Mõlemad ontoloogiaesitlused aitavad traditsiooniliste ja plokiahelapõhiste rakenduste TJ-es. Lisaks koostasime veebipõhise ontoloogia parsimise tööriista OwlParser. Kaastööde tulemusel loodi ontoloogiapõhine turberaamistik turvariskide haldamiseks plokiahela abil. Raamistik on dünaamiline, toetab TJ-e iteratiivset protsessi ja potentsiaalselt vähendab traditsiooniliste ja plokiahelapõhiste rakenduste turbeohte.Various programs (e.g., OWASP), threat models (e.g., STRIDE), security risk management models (e.g., ISSRM), and regulations (e.g., GDPR) exist to communicate and reduce the security threats to build secure software. However, security threats continuously evolve because the traditional technology infrastructure does not implement security measures by design. Blockchain is appearing to mitigate traditional applications’ security threats. Although blockchain-based applications are considered less vulnerable, they did not become the silver bullet for securing against different security threats. Moreover, the blockchain domain is constantly evolving, providing new techniques and often interchangeable design concepts, resulting in conceptual ambiguity and confusion in treating security threats effectively. Overall, we address the problem of traditional applications’ SRM using blockchain as a countermeasure and the SRM of blockchain-based applications. We start by surveying how blockchain mitigates the security threats of traditional applications, and the outcome is a blockchain-based reference model (BbRM) that adheres to the SRM domain model. Next, we present an upper-level reference ontology (ULRO) as a foundation ontology and provide two instantiations of the ULRO. The first instantiation includes Corda as a permissioned blockchain and the financial case. The second instantiation includes the permissionless blockchain components and the healthcare case. Both ontology representations help in the SRM of traditional and blockchain-based applications. Furthermore, we built a web-based ontology parsing tool, OwlParser. Contributions resulted in an ontology-based security reference framework for managing security risks using blockchain. The framework is dynamic, supports the iterative process of SRM, and potentially lessens the security threats of traditional and blockchain-based applications.https://www.ester.ee/record=b551352

Giving to Get Well: Patients’ Willingness to Manage and Share Health Information on AI-Driven Platforms

The digitalization of healthcare makes for the widespread availability of patient-provided data. Artificial Intelligence (AI) relies on this data. In this information-intensive environment, it is imperative to understand the contributing factors of an individual’s willingness to manage and share personal health information (PHI). Drawing from the health belief model, we identify the factors that motivate individuals to manage and share their PHI in an AI-driven health platform to obtain its intended benefits. We recognize security risks and present the use of a blockchain database as a representative means of securely managing and controlling an individual’s PHI. Data collected from a nationally representative sample of allergy sufferers indicate that the health belief model strongly predicts willingness to share PHI on a personalized AI-supported platform. Our study makes significant contributions by investigating the factors that motivate patients to use an AI-driven health platform to manage their health

Construction industry 4.0 and sustainability: an enabling framework

Governments worldwide are taking actions to address the construction sector's sustainability concerns, including high carbon emissions, health and safety risks, low productivity, and increasing costs. Applying Industry 4.0 technologies to construction (also referred to as Construction 4.0) could address some of these concerns. However, current understanding about this is quite limited, with previous work being largely fragmented and limited both in terms of technologies as well as their interrelationships with the triple bottom line of sustainability perspectives. The focus of this article is therefore on addressing these gaps by proposing a comprehensive multi-dimensional Construction 4.0 sustainability framework that identifies and categorizes the key Construction 4.0 technologies and their positive and negative impacts on environmental, economic, and social sustainability, and then establishing its applicability/usefulness through an empirical, multimethodology case study assessment of the UAE's construction sector. The findings indicate Construction 4.0’s positive impacts on environmental and economic sustainability that far outweigh its negative effects, although these impacts are comparable with regards to social sustainability. On Construction 4.0 technologies itself, their application was found to be nonuniform with greater application seen for building information modeling and automation vis-à-vis others such as cyber-physical systems and smart materials, with significant growth expected in the future for blockchain- and three-dimensional-printing-related technologies. The proposed novel framework could enable the development of policy interventions and support mechanisms to increase Construction 4.0 deployment while addressing its negative sustainability-related impacts. The framework also has the potential to be adapted and applied to other country and sectoral contexts

Using Visualization to Build Transparency in a Healthcare Blockchain Application

With patients demanding services to control their own health conditions, hospitals are looking to build agility in delivering care by extending their reach into patient and partner ecosystems and sharing relevant patient data to support care continuity. However, sharing patient data with several external stakeholders outside a hospital network calls for the development of a digital platform that is trusted by both hospitals and stakeholders, given that there is often no single entity supporting such coordination. In this paper, we propose a methodology that uses a blockchain architecture to address the technical challenge of linking disparate systems used by multiple stakeholders and the social challenge of engendering trust by using visualization to bring about transparency in the way in which data are shared. We illustrate this methodology using a pilot implementation. The paper concludes with a discussion and directions for future research and makes some concluding comments.This study has been partially funded by the ECLIPSE-UA project (RTI2018-094283-B-C32)