Is blockchain ready to revolutionize online advertising?

The 200-billion-dollar per annum online advertising ecosystem has become infested with thousands of intermediaries exploiting user data and advertising budgets. All key stakeholders in the value-chain are infected: advertisers with fraud, publishers with their diminishing share of advertising budgets, and users with their right to privacy. Blockchain presents a possible solution to addressing the critical issues in the online advertising supply chain. The question remains whether blockchain scalability, energy-efficiency, and token volatility issues can be solved in the coming years to the extent that online advertising could widely leverage trustlessness and the benefits gained from blockchain technology. This paper aims to review the current progress and to open a discussion to address the issues. We present new requirements for blockchain-based online advertising solutions. We have also analyzed the available solutions against the requirements and recommend directions for future research and solution development. Evidence from our research points out that blockchain is not yet ready to be widely implemented in online advertising. More research is needed, and new proof-of-concepts need to be developed before blockchain technology can be considered a trusted alternative for the current online advertising marketplace based on open real-time bidding

Walking Onions: Scaling Distribution of Information Safely in Anonymity Networks

Scaling anonymity networks offers unique security challenges, as attackers can exploit differing views of the network’s topology to perform epistemic and route capture attacks. Anonymity networks in practice, such as Tor, have opted for security over scalability by requiring participants to share a globally consistent view of all relays to prevent these kinds of attacks. Such an approach requires each user to maintain up-to-date information about every relay, causing the total amount of data each user must download every epoch to scale linearly with the number of relays. As the number of clients increases, more relays must be added to provide bandwidth, further exacerbating the total load on the network. In this work, we present Walking Onions, a set of protocols improving scalability for anonymity networks. Walking Onions enables constant-size scaling of the information each user must download in every epoch, even as the number of relays in the network grows. Furthermore, we show how relaxing the clients’ bandwidth growth from constant to logarithmic can enable an outsized improvement to relays’ bandwidth costs. Notably, Walking Onions offers the same security properties as current designs that require a globally consistent network view. We present two protocol variants. The first requires minimal changes from current onion-routing systems. The second presents a more significant design change, thereby reducing the latency required to establish a path through the network while providing better forward secrecy than previous such constructions. We evaluate Walking Onions against a generalized onion-routing anonymity network and discuss tradeoffs among the approaches

FRAMEWORK FOR ANONYMIZED COVERT COMMUNICATIONS: A BLOCKCHAIN-BASED PROOF-OF-CONCEPT

In this dissertation, we present an information hiding approach incorporating anonymity that builds on existing classical steganographic models. Current security definitions are not sufficient to analyze the proposed information hiding approach as steganography offers data privacy by hiding the existence of data, a property that is distinct from confidentiality (data existence is known but access is restricted) and authenticity (data existence is known but manipulation is restricted). Combinations of the latter two properties are common in analyses, such as Authenticated Encryption with Associated Data (AEAD), yet there is a lack of research on combinations with steganography. This dissertation also introduces the security definition of Authenticated Stegotext with Associated Data (ASAD), which captures steganographic properties even when there is contextual information provided alongside the hidden data. We develop a hierarchical framework of ASAD variants, corresponding to different channel demands. We present a real-world steganographic embedding scheme, Authenticated SteGotex with Associated tRansaction Data (ASGARD), that leverages a blockchain-based application as a medium for sending hidden data. We analyze ASGARD in our framework and show that it meets Level-4 ASAD security. Finally, we implement ASGARD on the Ethereum platform as a proof-of-concept and analyze some of the ways an adversary might detect our embedding activity by analyzing historical Ethereum data.Lieutenant, United States NavyApproved for public release. Distribution is unlimited

Practical aspects of physical and MAC layer security in visible light communication systems

Abstract— Visible light communication (VLC) has been recently proposed as an alternative standard to radio-based wireless networks. Originally developed as a physical media for PANs (Personal area Networks) it evolved into universal WLAN technology with a capability to transport internet suite of network and application level protocols. Because of its physical characteristics, and in line with the slogan "what you see is what you send", VLC is considered a secure communication method. In this work we focus on security aspects of VLC communication, starting from basic physical characteristics of the communication channel. We analyze the risks of signal jamming, data snooping and data modification. We also discuss MAC-level security mechanisms as defined in the IEEE 802.15.7 standard. This paper is an extension of work originally reported in Proceedings of the 13th IFAC and IEEE Conference on Programmable Devices and Embedded Systems — PDES 2015

What is a Blockchain? A Definition to Clarify the Role of the Blockchain in the Internet of Things

The use of the term blockchain is documented for disparate projects, from cryptocurrencies to applications for the Internet of Things (IoT), and many more. The concept of blockchain appears therefore blurred, as it is hard to believe that the same technology can empower applications that have extremely different requirements and exhibit dissimilar performance and security. This position paper elaborates on the theory of distributed systems to advance a clear definition of blockchain that allows us to clarify its role in the IoT. This definition inextricably binds together three elements that, as a whole, provide the blockchain with those unique features that distinguish it from other distributed ledger technologies: immutability, transparency and anonimity. We note however that immutability comes at the expense of remarkable resource consumption, transparency demands no confidentiality and anonymity prevents user identification and registration. This is in stark contrast to the requirements of most IoT applications that are made up of resource constrained devices, whose data need to be kept confidential and users to be clearly known. Building on the proposed definition, we derive new guidelines for selecting the proper distributed ledger technology depending on application requirements and trust models, identifying common pitfalls leading to improper applications of the blockchain. We finally indicate a feasible role of the blockchain for the IoT: myriads of local, IoT transactions can be aggregated off-chain and then be successfully recorded on an external blockchain as a means of public accountability when required

Applications of the Blockchain using cryptography

PhD ThesisWe have witnessed the rise of cryptocurrencies in the past eight years. Bitcoin and Ethereum are the world’s most successful cryptocurrencies with market capitalisations of $37bn and$21bn respectively in June 2017. The innovation behind these cryptocurrencies is the blockchain which is an immutable and censorship resistant public ledger. Bitcoin introduced the blockchain to trade a single asset (i.e. bitcoins), whereas Ethereum adopted the blockchain to store and execute expressive smart contracts. In this thesis, we consider cryptographic protocols that bootstrap trust from the blockchain. This includes secure end-to-end communication between two pseudonymous users, payment protocols, payment networks and decentralised internet voting. The first three applications rely on Bitcoin, whereas the final e-voting application is realised using Ethereum. First, it is important to highlight that Bitcoin was designed to protect the anonymity (or pseudonymity) for financial transactions. Nakamoto proposed that financial privacy is achievable by storing each party’s pseudonym (and not their real-world identity) in a transaction. We highlight that this approach for privacy has led to real-world authentication issues as merchants are failing to re-authenticate customers in post-transaction correspondence. To alleviate these issues, we propose an end-to-end secure communication protocol for Bitcoin users that does not require any trusted third party or public-key infrastructure. Instead, our protocol leverages the Blockchain as an additional layer of authentication. Furthermore, this insight led to the discovery of two attacks in BIP70: Payment Protocol which is a community-accepted standard used by more than 100,000 merchants. Our attacks were acknowledged by the leading payment processors including Coinbase, BitPay and Bitt. As well, we have proposed a revised Payment Protocol that prevents both attacks. Second, Bitcoin as deployed today does not scale. Scalability research has focused on two directions: 1) redesigning the Blockchain protocol, and 2) facilitating ‘off-chain transactions’ and only consulting the Blockchain if an adjudicator is required. We focus on the latter and provide an overview of Bitcoin payment networks. These consist of two components: payment channels to facilitate off-chain transactions between two parties, and the capability to fairly exchange bitcoins across multiple channels. We compare Duplex Micropayment Channels and Lightning Channels, before discussing Hashed Time Locked Contracts which viii enable Bitcoin-based payment networks. Furthermore, we highlight challenges in routing and path-finding that need to be overcome before payment networks are practically feasible. Finally, we study the feasibility of executing cryptographic protocols on Ethereum. We provide the first implementation of a decentralised and self-tallying internet voting protocol with maximum voter privacy as a smart contract. The Open Vote Network is suitable for boardroom elections and is written as a smart contract for Ethereum. Unlike previously proposed Blockchain e-voting protocols, this is the first implementation that does not rely on any trusted authority to compute the tally or to protect the voter’s privacy. Instead, the Open Vote Network is a self-tallying protocol, and each voter is in control of the privacy of their own vote such that it can only be breached by a full collusion involving all other voters. The execution of the protocol is enforced using the consensus mechanism that also secures the Ethereum blockchain. We tested the implementation on Ethereum’s official test network to demonstrate its feasibility. Also, we provide a financial and computational breakdown of its execution cost

5G Security Challenges and Solutions: A Review by OSI Layers

The Fifth Generation of Communication Networks (5G) envisions a broader range of servicescompared to previous generations, supporting an increased number of use cases and applications. Thebroader application domain leads to increase in consumer use and, in turn, increased hacker activity. Dueto this chain of events, strong and efficient security measures are required to create a secure and trustedenvironment for users. In this paper, we provide an objective overview of5G security issues and theexisting and newly proposed technologies designed to secure the5G environment. We categorize securitytechnologies usingOpen Systems Interconnection (OSI)layers and, for each layer, we discuss vulnerabilities,threats, security solutions, challenges, gaps and open research issues. While we discuss all sevenOSIlayers, the most interesting findings are in layer one, the physical layer. In fact, compared to other layers,the physical layer between the base stations and users’ device presents increased opportunities for attackssuch as eavesdropping and data fabrication. However, no singleOSI layer can stand on its own to provideproper security. All layers in the5G must work together, providing their own unique technology in an effortto ensure security and integrity for5G data

Decentralization in messaging applications with support for contactless interaction

Peer-to-peer communication has increasingly been gaining prevalence in people’s daily lives, with its widespread adoption being catalysed by technological advances. Although there have been strides for the inclusion of disabled individuals to ease communication between peers, people who suffer arm/hand impairments have little to no support in regular mainstream applications to efficiently communicate with other individuals. Additionally, as centralized systems have come into scrutiny regarding privacy and security, the development of alternative, decentralized solutions have increased, a movement pioneered by Bitcoin that culminated in the blockchain technology and its variants. Aiming towards expanding inclusivity in the messaging applications panorama, this project showcases an alternative on contactless human-computer interaction with support for disabled individuals with focus on the decentralized backend counterpart. Users of the application partake in a decentralized network based on a distributed hash table that is designed for secure communication (granted by a custom cryptographic messaging protocol) and exchange of data between peers. Such system is both resilient to tampering attacks and central points of failure (akin to blockchains), as well as having no long-term restrictions regarding scalability prospects, something that is a recurring issue in blockchain-based platforms. The conducted experiments showcase a level of performance similar to mainstream centralized approaches, outperforming blockchain-based decentralized applications on the delay between sending and receiving messages.A comunicação ponto-a-ponto tem cada vez mais ganhado prevalência na vida contemporânea de pessoas, tendo a sua adoção sido catalisada pelos avanços tecnológicos. Embora tenham havido desenvolvimentos relativamente à inclusão de indivíduos com deficiência para facilitar a comunicação entre pessoas, as que sofrem imparidades no braço/mão têm um suporte escasso em aplicações convencionais para comunicar de forma eficiente com outros sujeitos. Adicionalmente, à medida que sistemas centralizados têm atraído ceticismo relativamente à sua privacidade e segurança, o desenvolvimento de soluções descentralizadas e alternativas têm aumentado, um movimento iniciado pela Bitcoin que culminou na tecnologia de blockchain e as suas variantes. Tendo como objectivo expandir a inclusão no panorama de aplicações de messaging, este projeto pretende demonstrar uma alternativa na interação humano-computador sem contacto direto físico e com suporte para indivíduos com deficiência, com foco no componente backend decentralizado. Utilizadores da aplicação são inseridos num sistema decentralizado baseado numa hash table distribuída que foi desenhado para comunicação segura (providenciado por um protocolo de messaging criptográfico customizado) e para troca de dados entre utilizadores. Tal sistema é tanto resiliente a ataques de adulteração de dados como também a pontos centrais de falha (presente em blockains), não tendo adicionalmente restrições ao nível de escabilidade a longo-prazo, algo que é um problem recorrente em plataformas baseadas em blockchain. As avaliações e experiências realizadas neste projeto demonstram um nível de performance semelhante a abordagens centralizadas convencionais, tendo uma melhor prestação que aplicações descentralizadas baseadas em blockchain no que toca à diferença no tempo entre enviar e receber mensagens

Cloud Forensic: Issues, Challenges and Solution Models

Cloud computing is a web-based utility model that is becoming popular every day with the emergence of 4th Industrial Revolution, therefore, cybercrimes that affect web-based systems are also relevant to cloud computing. In order to conduct a forensic investigation into a cyber-attack, it is necessary to identify and locate the source of the attack as soon as possible. Although significant study has been done in this domain on obstacles and its solutions, research on approaches and strategies is still in its development stage. There are barriers at every stage of cloud forensics, therefore, before we can come up with a comprehensive way to deal with these problems, we must first comprehend the cloud technology and its forensics environment. Although there are articles that are linked to cloud forensics, there is not yet a paper that accumulated the contemporary concerns and solutions related to cloud forensic. Throughout this chapter, we have looked at the cloud environment, as well as the threats and attacks that it may be subjected to. We have also looked at the approaches that cloud forensics may take, as well as the various frameworks and the practical challenges and limitations they may face when dealing with cloud forensic investigations.Comment: 23 pages; 6 figures; 4 tables. Book chapter of the book titled "A Practical Guide on Security and Privacy in Cyber Physical Systems Foundations, Applications and Limitations", World Scientific Series in Digital Forensics and Cybersecurit