Storing and Retrieving Secrets on a Blockchain

Multiple protocols implementing exciting cryptographic functionalities using blockchains such as time-lock encryption, one-time programs and fair multi-party computation assume the existence of a cryptographic primitive called extractable witness encryption. Unfortunately, there are no known efficient constructions (or even constructions based on any well studied assumptions) of extractable witness encryption. In this work, we propose a protocol that uses a blockchain itself to provide a functionality that is effectively the same as extractable witness encryption. By making small adjustments to the blockchain code, it is possible to easily implement applications that rely on extractable witness encryption and existed only as theoretical designs until now. There is also potential for new applications. As a key building block, our protocol uses a new and highly efficient batched dynamic proactive secret sharing scheme which may be of independent interest. We provide a proof-of-concept implementation of the extractable witness encryption construction and the underlying dynamic proactive secret sharing protocol

Blockchain-Enabled Authenticated Key Agreement Scheme for Mobile Vehicles-Assisted Precision Agricultural IoT Networks

Precision Farming Has a Positive Potential in the Agricultural Industry Regarding Water Conservation, Increased Productivity, Better Development of Rural Areas, and Increased Income. Blockchain Technology is a Better Alternative for Storing and Sharing Farm Data as It is Reliable, Transparent, Immutable, and Decentralized. Remote Monitoring of an Agricultural Field Requires Security Systems to Ensure that Any Sensitive Information is Exchanged Only among Authenticated Entities in the Network. to This End, We Design an Efficient Blockchain-Enabled Authenticated Key Agreement Scheme for Mobile Vehicles-Assisted Precision Agricultural Internet of Things (IoT) Networks Called AgroMobiBlock. the Limited Existing Work on Authentication in Agricultural Networks Shows Passive Usage of Blockchains with Very High Costs. AgroMobiBlock Proposes a Novel Idea using the Elliptic Curve Operations on an Active Hybrid Blockchain over Mobile Farming Vehicles with Low Computation and Communication Costs. Formal and Informal Security Analysis Along with the Formal Security Verification using the Automated Validation of Internet Security Protocols and Applications (AVISPA) Software Tool Have Shown the Robustness of AgroMobiBlock Against Man-In-The-Middle, Impersonation, Replay, Physical Capture, and Ephemeral Secret Leakage Attacks among Other Potential Attacks. the Blockchain-Based Simulation on Large-Scale Nodes Shows the Computational Time for an Increase in the Network and Block Sizes. Moreover, the Real-Time Testbed Experiments Have Been Performed to Show the Practical Usefulness of the Proposed Scheme

BLEND: Efficient and blended IoT data storage and communication with application layer security

Many IoT use cases demand both secure storage and secure communication. Resource-constrained devices cannot afford having one set of crypto protocols for storage and another for communication. Lightweight application layer security standards are being developed for IoT communication. Extending these protocols for secure storage can significantly reduce communication latency and local processing. We present BLEND, combining secure storage and communication by storing IoT data as pre-computed encrypted network packets. Unlike local methods, BLEND not only eliminates separate crypto for secure storage needs, but also eliminates a need for real-time crypto operations, reducing the communication latency significantly. Our evaluation shows that compared with a local solution, BLEND reduces send latency from 630 microseconds to 110 microseconds per packet. BLEND enables PKI based key management while being sufficiently lightweight for IoT. BLEND doesn't need modifications to communication standards used when extended for secure storage, and can therefore preserve underlying protocols' security guarantees.Comment: Accepted in IEEE CSR 2022. 10 pages, 7 figure

Zephyrus: An information hiding mechanism leveraging Ethereum data fields

Permanent availability makes blockchain technologies a suitable alternative for building a covert channel. Previous works have analysed its feasibility in a particular blockchain technology called Bitcoin. However, Ethereum cryptocurrency is gaining momentum as a means to build distributed apps. The novelty of this paper relies on the use of Ethereum to establish a covert channel considering all transaction fields and smart contracts. No previous work has explored this issue. Thus, a mechanism called Zephyrus, an information hiding mechanism based on steganography, is developed. Moreover, its capacity, cost and stealthiness are assessed both theoretically, and empirically through a prototype implementation that is publicly released. Disregarding the time taken to send the transaction to the blockchain, its retrieval and the mining time, experimental results show that, in the best case, 40 Kbits can be embedded in 0.57 s. for US$ 1.64, and retrieved in 2.8

Developing Data Integrity in an Electronic Health Record System using Blockchain and InterPlanetary File System (Case Study: COVID-19 Data)

The misuse of health data stored in the Electronic Health Record (EHR) system can be uncontrolled. For example, mishandling of privacy and data security related to Corona Virus Disease-19 (COVID-19), containing patient diagnosis and vaccine certificate in Indonesia. We propose a system framework design by utilizing the InterPlanetary File System (IPFS) and Blockchain technology to overcome this problem. The IPFS environment supports a large data storage with a distributed network powered by Ethereum blockchain. The combination of this technology allows data stored in the EHR to be secure and available at any time. All data are secured with a blockchain cryptographic algorithm and can only be accessed using a user's private key. System testing evaluates the mechanism and process of storing and accessing data from 346 computers connected to the IPFS network and Blockchain by considering several parameters, such as gas unit, CPU load, network latency, and bandwidth used. The obtained results show that 135205 gas units are used in each transaction based on the tests. The average execution speed ranges from 12.98 to 14.08 GHz, 26 KB/s is used for incoming, and 4 KB/s is for outgoing bandwidth. Our contribution is in designing a blockchain-based decentralized EHR system by maximizing the use of private keys as an access right to maintain the integrity of COVID-19 diagnosis and certificate data. We also provide alternative storage using a distributed IPFS to maintain data availability at all times as a solution to the problem of traditional cloud storage, which often ignores data availability. Doi: 10.28991/esj-2021-SP1-013 Full Text: PD

Storing IOT Data Securely in a Private Ethereum Blockchain

Internet of Things (IoT) is a set of technologies that enable network-connected devices to perform an action or share data among several connected devices or to a shared database. The actions can be anything from switching on an Air Conditioning device remotely to turning on the ignition of a car through a command issued from a remote location or asking Alexa or Google Assistant to search for weather conditions in an area. IoT has proved to be game-changing for many industries such as Supply Chain, Shipping and Transportation providing updates on the status of shipments in real time. This has resulted in a huge amount of data created by a lot of these devices all of which need to be processed in real time. In this thesis, we propose a method to collect sensor data from IoT devices and use blockchain to store and retrieve the collected data in a secure and decentralized fashion within a closed system, suitable for a single enterprise or a group of companies in industries like shipping where sharing data with each other is required. Much like blockchain, we envision a future where IoT devices can connect and disconnect to distributed systems without causing downtime for the data collection or storage or relying on a cloud-based storage system for synchronizing data between devices. We also look at how the performance of some of these distributed systems like Inter Planetary File System (IPFS) and Ethereum Swarm compare on low-powered devices like the raspberry pi

BlockTorrent: A Privacy-Preserving Data Availability Protocol for Multiple Stakeholder Scenarios

As industries across the globe continue to digitize their processes, the need for a mechanism to share private data between multiple stakeholders is becoming increasingly apparent. However, sharing data poses challenges around privacy and accessibility, particularly in disputes between stakeholders with a shared interest, such as a supply chain. Auditors currently rely on stakeholders’ compliance in order to verify data. Malicious parties may falsify the data before passing it on to the auditor. Using supply chains as a case study we present BlockTorrent, a protocol to address these challenges and help facilitate data sharing between supply chain participants and named after the integration of Blockchain technology and the BitTorrent protocol. BlockTorrent allows participants to securely share their data in near real-time with other participants without the risk of information leakage or allowing data falsification, whilst guaranteeing data availability for auditors. This is achieved using a novel combination of distributed storage and on-chain secret sharing. This thesis provides an implementation and evaluation of BlockTorrent, highlighting its performance and a security discussion, specifically that a system like BlockTorrent can reach large transaction throughput as high as 500 tps and be viable in a real world environment. Lastly, the thesis provides a discussion on the privacy challenges that were considered when designing BlockTorrent

An architecture for secure data management in medical research and aided diagnosis

Programa Oficial de Doutoramento en Tecnoloxías da Información e as Comunicacións. 5032V01[Resumo] O Regulamento Xeral de Proteccion de Datos (GDPR) implantouse o 25 de maio de 2018 e considerase o desenvolvemento mais importante na regulacion da privacidade de datos dos ultimos 20 anos. As multas fortes definense por violar esas regras e non e algo que os centros sanitarios poidan permitirse ignorar. O obxectivo principal desta tese e estudar e proponer unha capa segura/integracion para os curadores de datos sanitarios, onde: a conectividade entre sistemas illados (localizacions), a unificacion de rexistros nunha vision centrada no paciente e a comparticion de datos coa aprobacion do consentimento sexan as pedras angulares de a arquitectura controlar a sua identidade, os perfis de privacidade e as subvencions de acceso. Ten como obxectivo minimizar o medo a responsabilidade legal ao compartir os rexistros medicos mediante o uso da anonimizacion e facendo que os pacientes sexan responsables de protexer os seus propios rexistros medicos, pero preservando a calidade do tratamento do paciente. A nosa hipotese principal e: os conceptos Distributed Ledger e Self-Sovereign Identity son unha simbiose natural para resolver os retos do GDPR no contexto da saude? Requirense solucions para que os medicos e investigadores poidan manter os seus fluxos de traballo de colaboracion sen comprometer as regulacions. A arquitectura proposta logra eses obxectivos nun ambiente descentralizado adoptando perfis de privacidade de datos illados.[Resumen] El Reglamento General de Proteccion de Datos (GDPR) se implemento el 25 de mayo de 2018 y se considera el desarrollo mas importante en la regulacion de privacidad de datos en los ultimos 20 anos. Las fuertes multas estan definidas por violar esas reglas y no es algo que los centros de salud puedan darse el lujo de ignorar. El objetivo principal de esta tesis es estudiar y proponer una capa segura/de integración para curadores de datos de atencion medica, donde: la conectividad entre sistemas aislados (ubicaciones), la unificacion de registros en una vista centrada en el paciente y el intercambio de datos con la aprobacion del consentimiento son los pilares de la arquitectura propuesta. Esta propuesta otorga al titular de los datos un rol central, que le permite controlar su identidad, perfiles de privacidad y permisos de acceso. Su objetivo es minimizar el temor a la responsabilidad legal al compartir registros medicos utilizando el anonimato y haciendo que los pacientes sean responsables de proteger sus propios registros medicos, preservando al mismo tiempo la calidad del tratamiento del paciente. Nuestra hipotesis principal es: .son los conceptos de libro mayor distribuido e identidad autosuficiente una simbiosis natural para resolver los desafios del RGPD en el contexto de la atencion medica? Se requieren soluciones para que los medicos y los investigadores puedan mantener sus flujos de trabajo de colaboracion sin comprometer las regulaciones. La arquitectura propuesta logra esos objetivos en un entorno descentralizado mediante la adopcion de perfiles de privacidad de datos aislados.[Abstract] The General Data Protection Regulation (GDPR) was implemented on 25 May 2018 and is considered the most important development in data privacy regulation in the last 20 years. Heavy fines are defined for violating those rules and is not something that healthcare centers can afford to ignore. The main goal of this thesis is to study and propose a secure/integration layer for healthcare data curators, where: connectivity between isolated systems (locations), unification of records in a patientcentric view and data sharing with consent approval are the cornerstones of the proposed architecture. This proposal empowers the data subject with a central role, which allows to control their identity, privacy profiles and access grants. It aims to minimize the fear of legal liability when sharing medical records by using anonymisation and making patients responsible for securing their own medical records, yet preserving the patient’s quality of treatment. Our main hypothesis is: are the Distributed Ledger and Self-Sovereign Identity concepts a natural symbiosis to solve the GDPR challenges in the context of healthcare? Solutions are required so that clinicians and researchers can maintain their collaboration workflows without compromising regulations. The proposed architecture accomplishes those objectives in a decentralized environment by adopting isolated data privacy profiles