added a research item
The cyber insurance market is still in its infancy but growing fast. Novel models and standards for this particular insurance market are essential due to the use of modern IT (Information Technology) and since insurance providers need to create suitable models for customers.
As the dependency of businesses on digital services increases, their vulnerability to cyberattacks increases, too. Besides providing innovative services, business owners must focus on investing in robust cybersecurity mechanisms to countermeasure cyberattacks. Distributed Denial-of-Service (DDoS) attacks remain one of the most dangerous cyberattacks, e.g., leading to service disruption, financial loss, and reputation harm. Although protection measures exist, a catalog of solutions is missing, which could help network operators to access and filter information in order to select suitable protections for specific demands.
While the existence of Public Bulletin Boards (PBB) is often formulated as an assumption in related work on Remote Electronic Voting (REV) systems, this work here on Provotum focuses on the practical design and architecture of such a PBB, including its distributed execution. Further, Provotum leverages a public permissioned Blockchain (BC) as a PBB, where only authorized entities can sign blocks, while the general public can verify all BC data. Therefore, Provotum defines a new and fully decentralized BC-based REV system, which deploys a permissioned BC as a PBB and allows for the explicit distribution of trust across different permissioned BC nodes. Provotum is operated in a fully distributed fashion by using Smart Contracts (SC), Distributed Key Generation (DKG), Homomorphic Encryption (HE), and Cooperative Decryption (CD), as well as employing client-side encryption, which enables ballot secrecy, while the BC forms an audit trail, enabling public and End-to-end Verifiability (E2E-V).
Blockchains (BC) serve as a chain of transactions persisted as backward-linked lists, while being created and maintained within a network of distributed nodes. Potential advances with BCs have reached various application areas beyond FinTech-oriented use cases. Since Internet-of-Things (IoT) based use cases being an important part of them, this chapter focuses specifically on defining and determining measures and criteria to be met proactively for an efficient BC and IoT integration, termed BIoT. This survey resembles further potentials and incentives for such an integration, which leads via suitable use cases to respective challenges. Driven by state-of-the-art BIoT architectures, the new architecture BIIT 1.0 is proposed to pave the path toward practical and efficient BIoT architectures.
Although the first Blockchain (BC) was proposed about a decade ago, BC achievements from a technical and functional perspective are measurable, but still face open issues. Since IFIP’s Working Group 6.6 on the “Management of Networks and Distributed System” investigated BCs in various aspects, this contribution here summarizes and clarifies key characteristics of BCs and their related approach of Distributed Ledgers (DL). While many properties are under discussion, the two approaches differ measurably. In turn, the value of BCs and DLs is outlined in combination with selected and exemplified application domains. However, a set of open issues has been observed, which possibly hinders a practical operation, e.g., due to excessive expectations, missing interoperability, wrong scalability promises, or out-of-scope trust assumptions. Thus, the state-of-the-art in BCs and DLs is clarified and current as well necessary research steps to follow complement this state.
This work specifies, implements, and evaluates access management based on face recognition. The system developed uses Internet-of-Things (IoT) for video surveillance, Artificial Intelligence (AI) for face recognition, and Blockchains (BC) for immutable permanent storage and provides excellent properties in terms of image quality, end-to-end delay, and energy efficiency.
Long Range (LoRa) defines a popular modulation scheme based on the chirp spread spectrum technique. It is used in Low Power Wide Area Networks (LP-WANs) for the Internet-of-Things (IoT). Thus, this work here designs, specifies, implements, and evaluates a Cloud Radio Access Network (C-RAN) architecture for LoRa networks, while using (a) Software Defined Radios (SDR) to receive/send radio signals and (b) Docker to virtualize the setup. (c) A software modulator is developed to emit signals on the downlink targeting regular LoRa end-device receivers, such as Semtech SX1276 chips. Finally, the network, processing, and cost requirements of the C-RAN implemented are evaluated.
This work develops an integration of Blockchains (BC) with the Internet-of-Things (IoT) using a highly constrained TelosB IoT platform based on the MSP430 processor family and CC2420 IEEE 802.15.4-compliant radio interfaces. The system is evaluated in an indoor office environment focusing on overhead and energy efficiency of BC transaction (TX) transmissions.
Trust in electoral processes is fundamental for democracies. Further, the identity management of citizen data is crucial, because final tallies cannot be guaranteed without the assurance that every final vote was cast by an eligible voter. In order to establish a basis for a hybrid public verifiability of voting, this work (1) introduces Proverum, an approach combining a private environment based on private permissioned Distributed Ledgers with a public environment based on public Blockchains, (2) describes the application of the Proverum architecture to the Swiss Remote Postal Voting system, mitigating threats present in the current system, and (3) addresses successfully the decentralized identity management in a federalistic state.
In the last years, cryptocurrencies have becomeincreasingly popular along with their underlying distributedledger technology, referred to as a Blockchain (BC). Nowadays,a wide variety of BC implementations are available. However,the selection of a suitable implementation for a particularapplication or use case is complex because it requires technicalunderstanding of the underlying BC implementation aspects.Therefore, this paper proposes a Controlled Natural Language(CNL) to extends existing BC selection solutions to abstractunderlying implementation details. The approach allows thespecification abstract high-level policies, referred to as intents, inan English-based language. The approach is inspired by previousapproaches from the network management field. Moreover, astate machine-based refinement technique is proposed to refinethese intents into low-level BC selection policies. The resultsof the performance evaluation of the prototype implementationshow that the refinement process presents a minimal overhead.In addition, the perceived intuitiveness of the CNL by userswas assessed in a survey. The results of the survey suggest thattechnical and non-technical individuals benefit from an intent-based approach equally
Distributed Denial-of-Service (DDoS) attacks are one of the major causes of concerns for communication service providers. When an attack is highly sophisticated and no countermeasures are available directly, sharing hardware and defense capabilities become a compelling alternative. Future network and service management can base its operations on equally distributed systems to neutralize highly distributed DDoS attacks. A cooperative defense allows for the combination of detection and mitigation capabilities, the reduction of overhead at a single point, and the blockage of malicious traffic near its source. Main challenges impairing the widespread deployment of existing cooperative defense are: (a) high complexity of operation and coordination, (b) need for trusted and secure communications, (c) lack of incentives for service providers to cooperate, and (d) determination on how operations of these systems are affected by different legislation, regions, and countries. The cooperative Blockchain Signaling System (BloSS) defines an effective and alternative solution for security management, especially cooperative defenses, by exploiting Blockchains (BC) and Software-Defined Networks (SDN) for sharing attack information, an exchange of incentives, and tracking of reputation in a fully distributed and automated fashion. Therefore, BloSS was prototyped and evaluated through a global experiment, without the burden to maintain, design, and develop special registries and gossip protocols.
Due to the growing interest in the blockchain (BC), several applications are being developed, taking advantage of the benefits that such technology promises to deliver, such as removal of Trust Third Parties (TTP) to verify transactions and data immutability. However, these applications require certain aspects, such as high transaction throughput or data privacy, that early BC implementations (e.g., Bitcoin) did not provide. Thus, a myriad of novel BC implementations was developed, which introduced the issue of choosing the right implementation for a specific use-case. This paper presents a framework, called PleBeuS, to address this selection issue by allowing users to specify policies that rule the automatic selection of the BC that data will be stored. The selection process relies on a cost-aware approach and considers both public and private implementations and their technical characteristics. Moreover, PleBeuS communicates with a BC-agnostic interoperability API to enforce transactions. The evaluation of the PleBeuS prototype showed that it is possible to automatically select a BC-based on user policies, considering cost thresholds and technical details (e.g., BC throughput, deployment), and reduce manual interaction.
The blockchain (BC) world is rapidly becoming a universe of several ledgers designed for a specific purpose, holding data previously stored (i.e., siloed) in centralized databases. The use of different BCs for the same purpose could hamper the frictionless exchange of data or value. On one hand, it is natural that there are competing implementations exploring the benefits of BC. On the other hand, the problem of siloed data re-emerges, with respect to isolated chains. In this regard, BC interoperability is necessary to connect different BCs, exchanging information and assets. Moreover, to foster BC employment, developers must be able to interact with such different BCs without knowing the details of each implementation. This paper presents a novel solution, called Bifröst, to store and retrieve data on different BCs. Bifröst employs a notary scheme, which allows for connectivity to different BCs. The presented prototype is highly modular and currently implements seven adapters to popular BC implementations, including Bitcoin, Ethereum, and Stellar. The developed prototype was evaluated concerning performance, security, and data size to verify the feasibility of such an implementation and assess design decisions taken during its development.
The Swiss postal voting system builds on trust in governmental authorities and external suppliers. The federal structure of Switzerland of cantons and municipalities leads to a distributed architecture. Detailed information on the current postal voting procedure are manifested as implicit knowledge within fragmented institutions and are not easily accessible. This work serves (i) as an overview of the Swiss remote postal voting system, (ii) a detailed insight into the process flow, and (iii) a respective risk assessment.
Digitization of electoral processes depends on confident systems that produce verifiable evidence. The design and implementation of voting systems has been widely studied in prior research, bringing together expertise in many fields. Switzerland is organized in a federal, decentralized structure of independent governmental entities. Thus, its decentralized structure is a real-world example for implementing an electronic voting system, where trust is distributed among multiple authorities. This work outlines the design and implementation of a blockchain-based electronic voting system providing cast-as-intended verifiability. The generation of non-interactive zero-knowledge proofs of knowledge enables every voter to verify the encrypted vote, while maintaining the secrecy of the ballot. The Public Bulletin Board (PBB) is a crucial component of every electronic voting system, serving as a publicly verifiable log of communication and ballots - here a blockchain is used as the PBB. Also, the required cryptographic operations are in linear relation to the number of voters, making the outlined system fit for large-scale elections.
Blockchains (BCs) are back-linked chain of records termed as blocks. To establish decentralized trusted systems, BCs employ consensus mechanisms. During the past ten years, there have been various proposals of BC design and implementations. However, most of the developed sate of the art BCs suffer from scalability issues. In order to enhance the scalability of the BCs, this paper proposes a transaction aggregation mechanism on a Proof-of-Stake (PoS)-based BC. Having developed the transaction aggregation and double linked blocks, efficient prevention and control of the BC's size growth is observed in the evaluated scenarios.
Academic certificates have a significant influence on the job market, proving a particular competence or skill of a recipient. However, the ability to verify the authenticity of certificates does not follow its relevance in the labor market, causing several companies to exploit this inefficiency to falsify information or even to make fake certificates. In this context, several proposals based on blockchain appear as a technological alternative to increase the transparency and the ease of verification of these certificates. This chapter discusses the main proposals toward the handling of academic certificates from a technological point of view, discussing the technical aspects that may influence the relationship between confidentiality and transparency as well as application requirements such as performance and reliability in contrast to the blockchain characteristics. Finally, this chapter summarizes the key challenges and opportunities based on this discussion outlining future directions for academic certificate management.
Network Functions Virtualization (NFV) decouples the network package performed by network functions from dedicated hardware appliance by running Virtual Network Functions (VNF) on commercial off-the-shelf hardware. Network operators can create customized network services by chaining multiple VNFs, defining a so-called Service Function Chaining (SFC). Because NFV became technically mature recently, the building of such SFCs still needs in-depth knowledge about NFV technology and its descriptors. Furthermore, there is a lack of tools that help to simplify the creation of SFCs. This paper, introduces GENEVIZ, a tool that provides a user-friendly interface for the creation of new SFCs as well as for importing and adjusting acquired SFCs (e.g., from marketplaces of VNFs), in order to create new SFCs based on existing ones. Therefore, this work addresses as well data integrity and provides the functionality to store and validate SFCs through the use of blockchains. Three case studies are presented to provide evidence of the technical feasibility of the solution proposed.
Current projects applying blockchain technology to enhance the trust of NFV environments do not consider the VNF repository. However, the blockchain’s properties can enhance trust by allowing to verify a VNF package’s integrity without relying (a) on a Trusted Third Party (TTP) for remote attestation or (b) a secure database. This paper presents BUNKER, a Blockchain-based trUsted VNF packagE Repository, intended to be integrated with traditional database-based package verification environments, acting as a trusted repository containing VNF package information. Moreover, BUNKER allows users to acquire VNFs without the need of a TTP using an Ethereum Smart Contract (SC). The SC automatically transfers license fees to the vendor once a VNF is acquired, and sends the VNF package’s link to the buyer before verifying its integrity.
Cyberattacks are the cause of several damages on governments and companies in the last years. Such damage includes not only leaks of sensitive information, but also economic loss due to downtime of services. The security market size worth billions of dollars, which represents investments to acquire protection services and training response teams to operate such services, determines a considerable part of the investment in technologies around the world. Although a vast number of protection services are available, it is neither trivial for network operators nor end-users to choose one of them in order to prevent or mitigate an imminent attack. As the next-generation cybersecurity solutions are on the horizon, systems that simplify their adoption are still required in support of security management tasks. Thus, this paper introduces MENTOR, a support tool for cyber-security, focusing on the recommendation of protection services. MENTOR is able to (a) to deal with different demands from the user and (b) to recommend the adequate protection service in order to provide a proper level of cybersecurity in different scenarios. Four similarity measurements are implemented in order to prove the feasibility of the MENTOR's engine. An evaluation determines the performance and accuracy of each measurement used during the recommendation process.
Service Level Agreements (SLA) are documents that specify what Service Providers (SP) are delivering to customers. They contain information about the service, such as target performance level or monthly availability, and penalties for the violations of the SLA. The information about the penalties is essential because if the SP does not deliver what is defined, the customer must be compensated accordingly. However, the current compensation process is cumbersome and complex because of the amount of involved manual effort. To address this issue, it is proposed in this paper an approach based on blockchain and Smart Contracts (SC) to automate the compensation process while enabling dynamic payments during the SLA lifetime. The proposed approach was evaluated in an use case that simulates the management of a Quality of Service SLA between an SP and a customer. Based on the performed evaluation, parts of the SLA management process were successfully automated using a decentralized solution, and the payment of the compensation occurred without the intervention of a third party.
This work proposes an IoT-and Blockchain-based, distributed system, for automated measuring, storing, and monitoring of water and air quality in environments such as lakes, mountains, urban areas, or factories. Comparable state-of-the-art solutions, require human interaction to access the data or require high power consumption or space requirements, or they are based on centralized architectures. The proposed pollution monitoring system here, on one hand, employs LoRa to address the high power consumption and long-range transmission challenges of IoT protocols. On the other hand, it is designed to be fully decentralized by using the Ethereum Blockchain to store and retrieve the data recorded by IoT sensors. Thus, data integrity is provided without the need for a Trusted Third Party (TTP) and data is collected and captured automatically without any manual operations needed. Observations on the four different types of sensors for measuring Potential Hydrogen (PH), Turbidity, Carbon monoxide (CO), and Carbon dioxide (CO2), revealed a high accuracy with the expected time-lines of measurements, non-falsified experimental values collected and can be used as reliable evidence of presence of pollution.
Smart Contracts (SC) extend the applicability of Blockchains (BC) in various decentralized use cases. This work demonstrates the design and implementation of a trading application which, employs SC and Ethereum BC. This Decentralized Application (Dapp) provides flexibility in requesting user Identity (ID) directly by seller/hirer and buyers/renter. To provide trust, deposits are paid by two sides while setting up contracts. WiFi-Direct is the chosen Device to Device (D2D) communication protocol which provides high data rates and secure data transmission. LightWeight SC are introduced in this work which, use D2D communications for sending sold or rented object's or each party's images, and ID data directly to other party instead of storing them in the public BC to reduce the costs. Evaluations in terms of D2D deployment, transaction costs, and privacy, indicate that this system is time-efficient and manages the process in a cost-efficient fashion without the need to store and publish all of the user's ID information in BC.
This paper studies various methods that improve the performance of Blockchain systems integrated with the Internet of Things (BIoT) using the LoRaWAN access method. Duty Cycle Enforcement (DCE) and Listen Before Talk (LBT) mechanisms as the channel access methods, Automatic Repeat reQuest (ARQ) on the Transport Layer, and transaction aggregation on the Application Layer are evaluated. The main focus is put on the system performance studying the maximal number of transactions submitted, reliability of transport schemes, and the energy efficiency of the BIoT system. The combination of LBT-based MAC, the ARQ-enabled Transport Layer, and transaction aggregation at the Application Layer provides a good trade-off between submitted transaction count, packet loss, and energy efficiency. The proposed scheme complies to the data integrity demands of BIoT applications by specifying a reliable data transmission scheme from IoT devices to the BC.