Blockchain Technology, Technical Challenges and Countermeasures for Illegal Data Insertion

Blockchain is a decentralized transaction and data management technology. It was developed for the world’s first cryptocurrency known as Bitcoin in 2008. The reason behind its popularity was its properties which provide pseudonymity, security, and data integrity without third-party intervention.  Initially, most of the researches were focused on the Bitcoin system and its limitation, but later other applications of Blockchain e.g. smart contracts and licensing [1] also got famous. Blockchain technology has the potential to change the way how transactions are conducted in daily life. It is not limited to cryptocurrencies but could be possibly applied in various environments where any forms of transactions are done. This article presents a comprehensive overview of Blockchain technology, its development, applications, security issues, and their countermeasures. In particular, the security towards illegal data insertion and the countermeasures is focused. Our analysis of countermeasures of illegal data insertion can be combined for increased efficiency. After the introduction of the Blockchain and consensus algorithm, some famous Blockchain applications and expected future of Blockchain are deliberated. Then, the technical challenges of Blockchain are discussed, in which the main focus here is on the security and the data insertion in Blockchain. The review of the possible countermeasures to overcome the security issues related to data insertion are elaborated

A New Data Deletion Scheme for a Blockchain-based De-duplication System in the Cloud

Almost all Cloud Service Providers (CSP) takes a principled approach to the storage and deletion of Customer Data. Most of them have engineered their cloud platform to achieve a high degree of speed, availability, durability, and consistency. Their systems are designed to be optimized for these performance attributes and must be carefully balanced with the necessity to achieve accurate and timely data deletion.many researchers have turn their focus toward data storage and how it will be a challenging task for CSPs in term of storage capacity, data management and security, a considerable number of papers has been published containing new models and technique that will allow data De-duplication in a shared environment but few of them have discussed data deletion.In this paper we will be discussing a new approach that will allow a smart deletion of data stored in the file system as well as its reference in the Blockchain since, by its nature, Blockchains does not allow deletion without violating the Blockchain’s consistency, a preexisting de-duplication system will be our base platform on which we will be working to achieve an accurate and secure data deletion using Blockchain technology while preserving its consistency

Does regulation of illegal content in the EU need reconsideration in light of blockchains?

Blockchains are increasingly being used for content distribution, sometimes as an unwanted side-effect of blockchain applications that have other primary purposes, sometimes as intended content distribution. The typical characteristics of a blockchain such as its claimed immutability raise new questions as to what preventive measures can reasonably be demanded from blockchain intermediaries, and administrators of nodes in particular. The article asks whether the exemptions introduced in the Directive on electronic commerce can be applied, what mitigating or preventive measures other than Notice-and-Takedown can be applied and how governmental regulators should react

Redactable Blockchain in the Permissionless Setting

Bitcoin is an immutable permissionless blockchain system that has been extensively used as a public bulletin board by many different applications that heavily relies on its immutability. However, Bitcoin's immutability is not without its fair share of demerits. Interpol exposed the existence of harmful and potentially illegal documents, images and links in the Bitcoin blockchain, and since then there have been several qualitative and quantitative analysis on the types of data currently residing in the Bitcoin blockchain. Although there is a lot of attention on blockchains, surprisingly the previous solutions proposed for data redaction in the permissionless setting are far from feasible, and require additional trust assumptions. Hence, the problem of harmful data still poses a huge challenge for law enforcement agencies like Interpol (Tziakouris, IEEE S&P'18). We propose the first efficient redactable blockchain for the permissionless setting that is easily integrable into Bitcoin, and that does not rely on heavy cryptographic tools or trust assumptions. Our protocol uses a consensus-based voting and is parameterised by a policy that dictates the requirements and constraints for the redactions; if a redaction gathers enough votes the operation is performed on the chain. As an extra feature, our protocol offers public verifiability and accountability for the redacted chain. Moreover, we provide formal security definitions and proofs showing that our protocol is secure against redactions that were not agreed by consensus. Additionally, we show the viability of our approach with a proof-of-concept implementation that shows only a tiny overhead in the chain validation of our protocol when compared to an immutable one.Comment: 2019 IEEE Symposium on Security and Privacy (SP), San Fransisco, CA, US, , pp. 645-65

Uncontrolled Randomness in Blockchains:Covert Bulletin Board for Illicit Activity

Public blockchains can be abused to covertly store and disseminate potentially harmful digital content which poses a serious regulatory issue. In this work, we show the severity of the problem by demonstrating that blockchains can be exploited to surreptitiously distribute arbitrary content. More specifically, all major blockchain systems use randomized cryptographic primitives, such as digital signatures and non-interactive zero-knowledge proofs; we illustrate how the uncontrolled randomness in such primitives can be maliciously manipulated to enable covert communication and hidden persistent storage. To clarify the potential risk, we design, implement and evaluate our technique against the widely-used ECDSA signature scheme, the CryptoNote's ring signature scheme, and Monero's ring confidential transactions. Importantly, the significance of the demonstrated attacks stems from their undetectability, their adverse effect on the future of decentralized blockchains, and their serious repercussions on users' privacy and crypto funds. Finally, we present a generic framework to immunize blockchains against these attacks

Reconciliation of anti-money laundering instruments and European data protection requirements in permissionless blockchain spaces

Artykuł ten zmierza do pogodzenia wymagań unijnego rozporządzenia o ochronie danych osobowych (RODO) i instrumentów przeciwdziałania praniu brudnych pieniędzy i finansowania terroryzmu (AML/CFT) wykorzystywanych w dostępnych publicznie ekosystemach permissionless bazujących na technologi rozproszonych rejestrów (DLT). Dotychczasowe analizy skupiają się zazwyczaj jedynie na jednej z tych regulacji. Natomiast poddanie analizie ich wzajemnych oddziaływań ujawnia brak ich koherencji w sieciach permissionless DLT. RODO zmusza członków społeczności blockchain do wykorzystywania technologii anonimizujących dane albo przynajmniej zapewniających silną pseudonimizację, aby zapewnić zgodność przetwarzania danych z wymogami RODO. Jednocześnie instrumenty globalnej polityki AML/CFT, które są obecnie implementowane w wielu państwach stosowanie do wymogów ustanawianych przez Financial Action Task Force (FATF), przeciwdziałają wykorzystywaniu technologii anonimizacyjnych wbudowanych w protokoły sieci blockchain. Rozwiązania proponowane w tym artykule mają na celu spowodowanie kształtowania sieci blockchain w taki sposób, aby jednocześnie zabezpieczały one dane osobowe użytkowników zgodnie z wysokimi wymogami RODO, jednocześnie adresując ryzyka AML/CFT kreowane przez transakcje w takiej anonimowej lub silnie pseudonimowej przestrzeni. Poszukiwanie nowych instrumentów polityki państw jest konieczne aby zapewnić że państwa nie będą zwalczać rozwoju wszystkich anonimowych sieci blockchian, gdyż jest to konieczne do zapewnienia ich zdolność do realizacji wysokich wymogów RODO w zakresie ochrony danych przetwarzanych na blockchain. Ten artykuł wskazuje narzędzia AML/CFT, które mogą być pomocne do tworzenia blockchainów wspierających prywatność przy jednoczesnym zapewnieniu wykonalności tych narzędzi AML/CFT. Pierwszym z tych narzędzi jest wyjątkowy dostęp państwa do danych transakcyjnych zapisanych na zasadniczo nie-trantsparentnym rejestrze, chronionych technologiami anonimizacyjnymi. Takie narzędzie powinno być jedynie opcjonalne dla danej sieci (finansowej platformy), jak długo inne narzędzia AML/CFT są wykonalne i są zapewniane przez sieć. Jeżeli żadne takie narzędzie nie jest dostępne, a dana sieć nie zapewni wyjątkowego dostępu państwu (państwom), wówczas regulacje powinny pozwalać danemu państwu na zwalczanie danej sieci (platformy finansowej) jako całości. Efektywne narzędzia w tym zakresie powinny obejmować uderzenie przez państwo (państwa) w wartość natywnej kryptowaluty, a nie ściganie indywidualnych jej użytkowników. Takie narzędzia mogą obejmować atak (cyberatak) państwa lub państw który podważy zaufanie użytkowników do danej sieci.This article is an attempt to reconcile the requirements of the EU General Data Protection Regulation (GDPR) and anti-money laundering and combat terrorist financing (AML/CFT) instruments used in permissionless ecosystems based on distributed ledger technology (DLT). Usually, analysis is focused only on one of these regulations. Covering by this research the interplay between both regulations reveals their incoherencies in relation to permissionless DLT. The GDPR requirements force permissionless blockchain communities to use anonymization or, at the very least, strong pseudonymization technologies to ensure compliance of data processing with the GDPR. At the same time, instruments of global AML/CFT policy that are presently being implemented in many countries following the recommendations of the Financial Action Task Force, counteract the anonymity-enhanced technologies built into blockchain protocols. Solutions suggested in this article aim to induce the shaping of permissionless DLT-based networks in ways that at the same time would secure the protection of personal data according to the GDPR rules, while also addressing the money laundering and terrorist financing risks created by transactions in anonymous blockchain spaces or those with strong pseudonyms. Searching for new policy instruments is necessary to ensure that governments do not combat the development of all privacy-blockchains so as to enable a high level of privacy protection and GDPR-compliant data processing. This article indicates two AML/CFT tools which may be helpful for shaping privacy-blockchains that can enable the feasibility of such tools. The first tool is exceptional government access to transactional data written on non-transparent ledgers, obfuscated by advanced anonymization cryptography. The tool should be optional for networks as long as another effective AML/CFT measures are accessible for the intermediaries or for the government in relation to a given network. If these other measures are not available and the network does not grant exceptional access, the regulations should allow governments to combat the development of those networks. Effective tools in that scope should target the value of privacy-cryptocurrency, not its users. Such tools could include, as a tool of last resort, state attacks which would undermine the trust of the community in a specific network