Project

Authcoin

Goal: Authcoin is an alternative approach to the commonly used public key infrastructures such as central authorities and the PGP web of trust. It combines a challenge response-based validation and authentication process for domains, certificates, email accounts and public keys with the advantages of a block chain-based storage system. As a result, Authcoin does not suffer from the downsides of existing solutions and is much more resilient to sybil attacks.

Updates
0 new
1
Recommendations
0 new
0
Followers
0 new
7
Reads
0 new
128

Project log

Alex Norta
added a research item
A keynote about Authcoin for the SPBP 2019 workshop: https://spbp19.cs.ut.ee/Main/Program
Alex Norta
added a project goal
Authcoin is an alternative approach to the commonly used public key infrastructures such as central authorities and the PGP web of trust. It combines a challenge response-based validation and authentication process for domains, certificates, email accounts and public keys with the advantages of a block chain-based storage system. As a result, Authcoin does not suffer from the downsides of existing solutions and is much more resilient to sybil attacks.
 
Alex Norta
added 2 research items
Nowadays, business transactions almost exclusively focus on human-to-human transactions. The persistent growth and expansion of the Internet of Things, the ubiquitousness of so called smart devices, as well as progressing digitalization of our daily life, enables business transactions without human intervention among autonomously acting machine agents; a concept referred to as the Machine-to-Machine (M2M) economy. Besides M2M interactions, machines interact with humans (Machine-to-Human - M2H), or infrastructure components (Machine-to-Infrastructure - M2I). The term Machine-to-Everything (M2X) economy represents a more general view on use cases that involve autonomous smart devices and also encompasses M2M, M2H and M2I scenarios. While the technical concepts of IoT, Smart Homes, Smart Cities and Industry 4.0 that enable the M2X economy have been around for a while now, a widespread adoption as well as applications that use their full potential are still missing. Many isolated applications exist that aim to solve very specific and simplified use cases that fall within the spectrum of the M2X economy. However, an interoperable, integrated, scalable model that facilitates the M2X economy is non-existing. Likewise, concepts for a M2X value transfer and collaborations among machines to achieve shared objectives within this ecosystem are missing as well. This work focuses on the emerging M2X ecosystem in the context of Information System research and makes three contributions: First, it suggests architectural concepts that encompass a blockchain-based interaction-, transaction- and collaboration model for M2X use cases, a business collaboration lifecycle and governance structure as well as a set of modalities for these use cases derived through an exploratory research approach. Second, it presents a decentralized self-sovereign identity solution in combination with a validation and authentication mechanism that is suitable for the M2X ecosystem. Sybil attacks are a common issue of decentralized networks. Thus we present a mechanism to price the costs of a sybil node attack, thereby providing an easy to use metric for the sybil resistance of a decentralized M2X system. As a step towards a formal validation of these novel infrastructural concepts, a Colored Petri Net model is provided covering the protocol-driven data exchange of the M2X identity solution. The developed identity protocols are validated using CPN models and proof-of-concept implementations, while specific aspects of the presented M2X identity solution are evaluated using historical data to asses its suitability. Finally, the feasibility of the M2X interactions-, transactions- and collaboration model as well as the identity solution is demonstrated.
Designing government independent and secure identification- and authentication protocols is a challenging task. Design flaws and missing specifications as well as security- and privacy issues of such protocols pose considerable user risks. Formal methods, such as Colored Petri Nets (CPN), are utilised for the design, development and analysis of such new protocols in order to detect flaws and mitigate identified security risks before deployment. This paper fills the gap, by applying in a novel way a set of security risk-oriented patterns (SRP) to the so-called Authcoin protocol that we formalise using CPN. The initial formal model of Authcoin facilitates the detection and elimination of design flaws, missing specifications as well as security- and privacy issues. The additional risk- and threat analysis based on the Information Systems Security Risk Management (ISSRM) domain model we perform on the formal CPN models of the protocol. The identified risks are mitigated by applying SRPs to the formal model of the Authcoin protocol. SRPs are a means to mitigate common security- and privacy risks in a business-process context by applying thoroughly tested and proven best-practice solutions. The goal of this work is to test the utility of SRPs outside of the the usual application domain, to reduce the risks and vulnerabilities of the Authcoin protocol.
Alex Norta
added an update
Benjamin Leiding
added 3 research items
Authcoin is an alternative approach to the commonly used public key infrastructures such as central authorities and the PGP web of trust. It combines a challenge response-based validation and authentication process for domains, certificates, email accounts and public keys with the advantages of a block chain-based storage system. As a result, Authcoin does not suffer from the downsides of existing solutions and is much more resilient to sybil attacks.
Designing and developing new security and authentication protocols in the field of computer science is a challenging task. Design flaws and missing specifications as well as security and privacy issues of such protocols pose risks for its users. Formal methods, such as Colored Petri Nets, are utilized for the design, development and analysis of such new protocols in order to detect flaws and mitigate identified security risks. In this thesis, the Authcoin protocol is formalized using Colored Petri Nets in order to detect and eliminate eventual design flaws, missing specifications as well as security and privacy issues. Furthermore, a risk and threat analysis based on the ISSRM domain model is performed on the formal CPN models of the protocol. Subsequently, the identified risks are mitigated by applying security risk-oriented patterns to the formal model of the Authcoin protocol. Security risk-oriented patterns are a means to mitigate common security and privacy risks in processes by applying thoroughly tested and proven best-practice solutions. The goal of this thesis is to reduce the risks and vulnerabilities of the Authcoin protocol using the techniques and approaches mentioned above. In addition , we share the lessons learned during the novel application of security risk-oriented patterns to Colored Petri Nets and evaluate the resulting CPN models using state space analyses.
Authcoin is an alternative approach to the commonly used public key infrastructures such as central authorities and the PGP web of trust. It combines a challenge response-based validation and authentication process for domains, certificates, email accounts and public keys with the advantages of a block chain-based storage system. As a result, Authcoin does not suffer from the downsides of existing solutions and is much more resilient to sybil attacks.
Alex Norta
added a research item
The design and development of novel security and authenti-cation protocols is a challenging task. Design flaws, security and privacy issues as well as incomplete specifications pose risks for its users. Au-thcoin is a blockchain-based validation and authentication protocol for secure identity assurance. Formal methods, such as Colored Petri Nets (CPNs), are suitable to design, develop and analyze such new protocols in order to detect flaws and mitigate identified security risks. In this work, the Authcoin protocol is formalized using Colored Petri Nets resulting in a verifiable CPN model. An Agent-Oriented Modeling (AOM) methodology is used to create goal models and corresponding behavior models. Next, these models are used to derive the Authcoin CPN models. The modeling strategy as well as the required protocol semantics are explained in detail. Furthermore, we conduct a state-space analysis on the resulting CPN model and derive specific model properties. The result is a complete and correct formal specification that is used to guide future implementations of Authcoin.