694 research outputs found
Is blockchain ready to revolutionize online advertising?
The 200-billion-dollar per annum online advertising ecosystem has become infested with thousands of intermediaries exploiting user data and advertising budgets. All key stakeholders in the value-chain are infected: advertisers with fraud, publishers with their diminishing share of advertising budgets, and users with their right to privacy. Blockchain presents a possible solution to addressing the critical issues in the online advertising supply chain. The question remains whether blockchain scalability, energy-efficiency, and token volatility issues can be solved in the coming years to the extent that online advertising could widely leverage trustlessness and the benefits gained from blockchain technology. This paper aims to review the current progress and to open a discussion to address the issues. We present new requirements for blockchain-based online advertising solutions. We have also analyzed the available solutions against the requirements and recommend directions for future research and solution development. Evidence from our research points out that blockchain is not yet ready to be widely implemented in online advertising. More research is needed, and new proof-of-concepts need to be developed before blockchain technology can be considered a trusted alternative for the current online advertising marketplace based on open real-time bidding
Walking Onions: Scaling Distribution of Information Safely in Anonymity Networks
Scaling anonymity networks offers unique security challenges, as
attackers can exploit differing views of the network’s topology to
perform epistemic and route capture attacks. Anonymity networks in
practice, such as Tor, have opted for security over scalability by
requiring participants to share a globally consistent view of all relays
to prevent these kinds of attacks. Such an approach requires each user
to maintain up-to-date information about every relay, causing the total
amount of data each user must download every epoch to scale linearly
with the number of relays. As the number of clients increases, more
relays must be added to provide bandwidth, further exacerbating the
total load on the network.
In this work, we present Walking Onions, a set of protocols improving
scalability for anonymity networks. Walking Onions enables constant-size
scaling of the information each user must download in every epoch, even
as the number of relays in the network grows. Furthermore, we show how
relaxing the clients’ bandwidth growth from constant to logarithmic can
enable an outsized improvement to relays’ bandwidth costs. Notably,
Walking Onions offers the same security properties as current designs
that require a globally consistent network view. We present two protocol
variants. The first requires minimal changes from current onion-routing
systems. The second presents a more significant design change, thereby
reducing the latency required to establish a path through the network
while providing better forward secrecy than previous such constructions.
We evaluate Walking Onions against a generalized onion-routing anonymity
network and discuss tradeoffs among the approaches
FRAMEWORK FOR ANONYMIZED COVERT COMMUNICATIONS: A BLOCKCHAIN-BASED PROOF-OF-CONCEPT
In this dissertation, we present an information hiding approach incorporating anonymity that builds on existing classical steganographic models. Current security definitions are not sufficient to analyze the proposed information hiding approach as steganography offers data privacy by hiding the existence of data, a property that is distinct from confidentiality (data existence is known but access is restricted) and authenticity (data existence is known but manipulation is restricted). Combinations of the latter two properties are common in analyses, such as Authenticated Encryption with Associated Data (AEAD), yet there is a lack of research on combinations with steganography. This dissertation also introduces the security definition of Authenticated Stegotext with Associated Data (ASAD), which captures steganographic properties even when there is contextual information provided alongside the hidden data. We develop a hierarchical framework of ASAD variants, corresponding to different channel demands. We present a real-world steganographic embedding scheme, Authenticated SteGotex with Associated tRansaction Data (ASGARD), that leverages a blockchain-based application as a medium for sending hidden data. We analyze ASGARD in our framework and show that it meets Level-4 ASAD security. Finally, we implement ASGARD on the Ethereum platform as a proof-of-concept and analyze some of the ways an adversary might detect our embedding activity by analyzing historical Ethereum data.Lieutenant, United States NavyApproved for public release. Distribution is unlimited
Practical aspects of physical and MAC layer security in visible light communication systems
Abstract— Visible light communication (VLC) has been recently proposed as an alternative standard to radio-based wireless networks. Originally developed as a physical media for PANs (Personal area Networks) it evolved into universal WLAN technology with a capability to transport internet suite of network and application level protocols. Because of its physical characteristics, and in line with the slogan "what you see is what you send", VLC is considered a secure communication method. In this work we focus on security aspects of VLC communication, starting from basic physical characteristics of the communication channel. We analyze the risks of signal jamming, data snooping and data modification. We also discuss MAC-level security mechanisms as defined in the IEEE 802.15.7 standard. This paper is an extension of work originally reported in Proceedings of the 13th IFAC and IEEE Conference on Programmable Devices and Embedded Systems — PDES 2015
What is a Blockchain? A Definition to Clarify the Role of the Blockchain in the Internet of Things
The use of the term blockchain is documented for disparate projects, from cryptocurrencies to applications for the Internet of Things (IoT), and many more. The concept of blockchain appears therefore blurred, as it is hard to believe that the same technology can empower applications that have extremely different requirements and exhibit dissimilar performance and security. This position paper elaborates on the theory of distributed systems to advance a clear definition of blockchain that allows us to clarify its role in the IoT. This definition inextricably binds together three elements that, as a whole, provide the blockchain with those unique features that distinguish it from other distributed ledger technologies: immutability, transparency and anonimity. We note however that immutability comes at the expense of remarkable resource consumption, transparency demands no confidentiality and anonymity prevents user identification and registration. This is in stark contrast to the requirements of most IoT applications that are made up of resource constrained devices, whose data need to be kept confidential and users to be clearly known. Building on the proposed definition, we derive new guidelines for selecting the proper distributed ledger technology depending on application requirements and trust models, identifying common pitfalls leading to improper applications of the blockchain. We finally indicate a feasible role of the blockchain for the IoT: myriads of local, IoT transactions can be aggregated off-chain and then be successfully recorded on an external blockchain as a means of public accountability when required
Applications of the Blockchain using cryptography
PhD ThesisWe have witnessed the rise of cryptocurrencies in the past eight years. Bitcoin and Ethereum
are the world’s most successful cryptocurrencies with market capitalisations of 21bn respectively in June 2017. The innovation behind these cryptocurrencies is the
blockchain which is an immutable and censorship resistant public ledger. Bitcoin introduced
the blockchain to trade a single asset (i.e. bitcoins), whereas Ethereum adopted the
blockchain to store and execute expressive smart contracts. In this thesis, we consider cryptographic
protocols that bootstrap trust from the blockchain. This includes secure end-to-end
communication between two pseudonymous users, payment protocols, payment networks
and decentralised internet voting. The first three applications rely on Bitcoin, whereas the
final e-voting application is realised using Ethereum.
First, it is important to highlight that Bitcoin was designed to protect the anonymity (or
pseudonymity) for financial transactions. Nakamoto proposed that financial privacy is achievable
by storing each party’s pseudonym (and not their real-world identity) in a transaction.
We highlight that this approach for privacy has led to real-world authentication issues as
merchants are failing to re-authenticate customers in post-transaction correspondence. To
alleviate these issues, we propose an end-to-end secure communication protocol for Bitcoin
users that does not require any trusted third party or public-key infrastructure. Instead, our
protocol leverages the Blockchain as an additional layer of authentication. Furthermore,
this insight led to the discovery of two attacks in BIP70: Payment Protocol which is a
community-accepted standard used by more than 100,000 merchants. Our attacks were
acknowledged by the leading payment processors including Coinbase, BitPay and Bitt. As
well, we have proposed a revised Payment Protocol that prevents both attacks.
Second, Bitcoin as deployed today does not scale. Scalability research has focused on two
directions: 1) redesigning the Blockchain protocol, and 2) facilitating ‘off-chain transactions’
and only consulting the Blockchain if an adjudicator is required. We focus on the latter
and provide an overview of Bitcoin payment networks. These consist of two components:
payment channels to facilitate off-chain transactions between two parties, and the capability
to fairly exchange bitcoins across multiple channels. We compare Duplex Micropayment
Channels and Lightning Channels, before discussing Hashed Time Locked Contracts which
viii
enable Bitcoin-based payment networks. Furthermore, we highlight challenges in routing
and path-finding that need to be overcome before payment networks are practically feasible.
Finally, we study the feasibility of executing cryptographic protocols on Ethereum. We
provide the first implementation of a decentralised and self-tallying internet voting protocol
with maximum voter privacy as a smart contract. The Open Vote Network is suitable for
boardroom elections and is written as a smart contract for Ethereum. Unlike previously
proposed Blockchain e-voting protocols, this is the first implementation that does not rely on
any trusted authority to compute the tally or to protect the voter’s privacy. Instead, the Open
Vote Network is a self-tallying protocol, and each voter is in control of the privacy of their
own vote such that it can only be breached by a full collusion involving all other voters. The
execution of the protocol is enforced using the consensus mechanism that also secures the
Ethereum blockchain. We tested the implementation on Ethereum’s official test network to
demonstrate its feasibility. Also, we provide a financial and computational breakdown of its
execution cost
5G Security Challenges and Solutions: A Review by OSI Layers
The Fifth Generation of Communication Networks (5G) envisions a broader range of servicescompared to previous generations, supporting an increased number of use cases and applications. Thebroader application domain leads to increase in consumer use and, in turn, increased hacker activity. Dueto this chain of events, strong and efficient security measures are required to create a secure and trustedenvironment for users. In this paper, we provide an objective overview of5G security issues and theexisting and newly proposed technologies designed to secure the5G environment. We categorize securitytechnologies usingOpen Systems Interconnection (OSI)layers and, for each layer, we discuss vulnerabilities,threats, security solutions, challenges, gaps and open research issues. While we discuss all sevenOSIlayers, the most interesting findings are in layer one, the physical layer. In fact, compared to other layers,the physical layer between the base stations and users’ device presents increased opportunities for attackssuch as eavesdropping and data fabrication. However, no singleOSI layer can stand on its own to provideproper security. All layers in the5G must work together, providing their own unique technology in an effortto ensure security and integrity for5G data
Decentralization in messaging applications with support for contactless interaction
Peer-to-peer communication has increasingly been gaining prevalence in people’s daily lives, with its widespread adoption being catalysed by technological advances. Although there have been strides for the inclusion of disabled individuals to ease communication between peers, people who suffer arm/hand impairments have little to no support in regular mainstream applications to efficiently communicate with other individuals. Additionally, as centralized systems have come into scrutiny regarding privacy and security, the development of alternative, decentralized solutions have increased, a movement pioneered by Bitcoin that culminated in the blockchain technology and its variants. Aiming towards expanding inclusivity in the messaging applications panorama, this project showcases an alternative on contactless human-computer interaction with support for disabled individuals with focus on the decentralized backend counterpart. Users of the application partake in a decentralized network based on a distributed hash table that is designed for secure communication (granted by a custom cryptographic messaging protocol) and exchange of data between peers. Such system is both resilient to tampering attacks and central points of failure (akin to blockchains), as well as having no long-term restrictions regarding scalability prospects, something that is a recurring issue in blockchain-based platforms. The conducted experiments showcase a level of performance similar to mainstream centralized approaches, outperforming blockchain-based decentralized applications on the delay between sending and receiving messages.A comunicação ponto-a-ponto tem cada vez mais ganhado prevalência na vida contemporânea de pessoas, tendo a sua adoção sido catalisada pelos avanços tecnológicos. Embora tenham havido desenvolvimentos relativamente à inclusão de indivÃduos com deficiência para facilitar a comunicação entre pessoas, as que sofrem imparidades no braço/mão têm um suporte escasso em aplicações convencionais para comunicar de forma eficiente com outros sujeitos. Adicionalmente, à medida que sistemas centralizados têm atraÃdo ceticismo relativamente à sua privacidade e segurança, o desenvolvimento de soluções descentralizadas e alternativas têm aumentado, um movimento iniciado pela Bitcoin que culminou na tecnologia de blockchain e as suas variantes. Tendo como objectivo expandir a inclusão no panorama de aplicações de messaging, este projeto pretende demonstrar uma alternativa na interação humano-computador sem contacto direto fÃsico e com suporte para indivÃduos com deficiência, com foco no componente backend decentralizado. Utilizadores da aplicação são inseridos num sistema decentralizado baseado numa hash table distribuÃda que foi desenhado para comunicação segura (providenciado por um protocolo de messaging criptográfico customizado) e para troca de dados entre utilizadores. Tal sistema é tanto resiliente a ataques de adulteração de dados como também a pontos centrais de falha (presente em blockains), não tendo adicionalmente restrições ao nÃvel de escabilidade a longo-prazo, algo que é um problem recorrente em plataformas baseadas em blockchain. As avaliações e experiências realizadas neste projeto demonstram um nÃvel de performance semelhante a abordagens centralizadas convencionais, tendo uma melhor prestação que aplicações descentralizadas baseadas em blockchain no que toca à diferença no tempo entre enviar e receber mensagens
Cloud Forensic: Issues, Challenges and Solution Models
Cloud computing is a web-based utility model that is becoming popular every
day with the emergence of 4th Industrial Revolution, therefore, cybercrimes
that affect web-based systems are also relevant to cloud computing. In order to
conduct a forensic investigation into a cyber-attack, it is necessary to
identify and locate the source of the attack as soon as possible. Although
significant study has been done in this domain on obstacles and its solutions,
research on approaches and strategies is still in its development stage. There
are barriers at every stage of cloud forensics, therefore, before we can come
up with a comprehensive way to deal with these problems, we must first
comprehend the cloud technology and its forensics environment. Although there
are articles that are linked to cloud forensics, there is not yet a paper that
accumulated the contemporary concerns and solutions related to cloud forensic.
Throughout this chapter, we have looked at the cloud environment, as well as
the threats and attacks that it may be subjected to. We have also looked at the
approaches that cloud forensics may take, as well as the various frameworks and
the practical challenges and limitations they may face when dealing with cloud
forensic investigations.Comment: 23 pages; 6 figures; 4 tables. Book chapter of the book titled "A
Practical Guide on Security and Privacy in Cyber Physical Systems
Foundations, Applications and Limitations", World Scientific Series in
Digital Forensics and Cybersecurit
- …