Blockchain for E-Governance and Other Applicationsrcbose/blockchain2017/lecture/Shukla... · 1...
-
Upload
phungtuyen -
Category
Documents
-
view
216 -
download
0
Transcript of Blockchain for E-Governance and Other Applicationsrcbose/blockchain2017/lecture/Shukla... · 1...
1
Blockchain for E-Governance and Other Applications
Sandeep K. Shukla Interdisciplinary Center for Cyber Security and Cyber Defence of Critical Infrastructure Indian Institute of Technology Kanpur
Email: [email protected] URL: https://security.cse.iitk.ac.in
2
What problems we are addressing?• Who accessed your Aadhaar biometrics? • Who accesses your health data? • Who accessed your Tax data? • Did the privileged users of your IT system change your files or
data? • GST input tax credit fiasco — can Blockchain solve the delays? • Supply Chain logistics and tracking provenance of components • Is it possible to have secure e-voting? • Securing IoT infrastructure for Critical Infrastructure? • PKI infrastructure, DNS infrastructure on block chain?
3
DETECTING INSIDER ATTACKS ON DATABASES USING BLOCKCHAINS
SHUBHAM SAHAI SRIVASTAVA SHUBHAM SHARMA
RAHUL GUPTA DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING,
IIT KANPUR
PROBLEM STATEMENT : INSIDER THREAT ?
PROBLEM STATEMENT : INSIDER THREAT ?
PROBLEM STATEMENT : INSIDER THREAT ?
▸ Detection
▸ Attribution
▸ Non-Repudiation
▸ Prevention
PROBLEM STATEMENT : OARS SYSTEM
PROBLEM STATEMENT : OARS SYSTEM
PROPOSED SOLUTION : OVERVIEW
BCast
Confirmations
Push Changes
BLOCKCHAIN TRANSACTION
(Professor , Course, Grade)
Hash(Professor , Course, Grade)
Extract Columns
Hash the tuple
Digitally Sign
Broadcast
DATABASE SCHEMA MODIFICATION
1 2 … k Txnid Uid
Block n
Txn1...
Txn k
Block n+1
Txn1.
Txn a.
Txn k
Block m
Txn1...
Txn k
Unique identifier of the user issuing the query
DAPP VERIFICATION1 2 … k Txnid Uid
x y … z * *
(x,y, … , z)
Block n
Txn1...
Txn k
Block n+1
Txn1.
Txn a.
Txn k
Block m
Txn1...
Txn k
[Hash(x,y, … , z)]sign(sk)
Verify SignatureHash(x,y, … , z)
Verify Hash
Hash
Result
IMPLEMENTATION
Decentralized PKI model
Traditional PKI
• For server authentication, we use digital certificate in our Client-Server system.
• Certificates will be issued by the CAs along with keys.
• Keys can be generated by the user or it can be generated and issued by CA.
Problem with Traditional PKI
• Centralized controller.
• Trusted Third Parties are forced to issue certificate for the parties who are not deserved to get [1].
• User should worry about the security of CA. • Recall Symantec, as well as Stuxnet case
Blockchain based PKI
• Interested member has to generate its own asymmetric key pair (prk ,pbk) using any of the asymmetric key techniques and post the public key (pbk) on the public key (transaction) pool.
• Miner verifies the public key (for its constraints – key length, algorithm, etc) and include in the blocks further it is broadcasted to all the connected members.
Re-Keying
• In case any existing nodes wish to change the public key (pbk) then it can send the revised digitally signed public key (pb’k)using existing private key (prk).
• After verification of the digital signature, device able to mine the block will update the key of respective device.
Detecting the Malicious
• Attacker who guessed the private key of a party A can also change the key pair of the device.
• This process will restrict the device A to take part in the network. However, it can be detected once the block containing the modified key reaches the device A.
• To avoid this attack, updated key should not be used at least for next seven blocks mined above the key updated block.
• The updated key containing block will reach all the device with in seven next blocks constructed over it.
Communication
• Asymmetric algorithms are mainly used for secure key sharing not for secure messaging.
• Once the public key is shared with the blockchain network, any party/device wish to communicate with other device can securely exchange the symmetric key.
• Both devices can negotiate for the key size, symmetric algorithms, etc. similar to Secure Socket Layer (SSL) and share the key securely using the shared public keys.
No Third Party• Blockchain based PKI allows every member
to create their own key pair as per requirement and re-create whenever required.
• Private key is only with the owner not with any other third parties.
• For backup, members can share parts of the key with multiple users and derive it whenever required.
Challenges
• Emercoin[1] based on blockchain provides the pub l ic key in f ras t ructure in coordination with the OpenSSH.
• However authentication of a member while adding the public key in the block is a open challenge.
Blockchain and IoT
• IBM and Samsung • ADEPT
• Guard2me and Instrinsic-ID • Alliance on IoT (KSI and PUF)
• Slock.it and RWE • BlockCharge
• Chronicled.com • IITK and IIITA -- EtherIoT
24
ADEPT• Decentralize the IoT configuration and control to address
• Cost • Scalability • Longevity • Privacy and Security
• Use Ethereum smart contracts • Manage own consumable supplies • Servicing appointments • Maintenance alerts • Communicate with peer devices with security
• Technology used • P2P encrypted messaging (TeleHash) • Distributed File Sharing (BitTorrent) • Decentralized programming language for Blockchain (Ethereum)
https://www.coindesk.com/ibm-reveals-proof-concept-blockchain-powered-internet-things/
25
Alliance on IoT (KSI and PUF) • Launched by European commission • Use SRAM PUF for device identity • KSI blockchain for Data integrity and authentication • Examples cited: • e-Healthcare • IoRT (Internet of Robotic Things) • Robotic Swarm Systems • Hardening of PKI (e.g., Videri authentication Gateway)
https://guardtime.com/files/KSI%20for%20IoT%20Security%20-%20Turning%20Defence%20Into%20Offence%20-%20Guardtime%20Whitepaper.pdf
26
BlockCharge
RWE and Slock.it• RWE is a German Utility
Company • Slock.it – Blockchain Technical
Integrator • BlockCharge – EV charging and
payments via smart contracts • Authentication, auto-billing • Uses Ethereum
27
Supply Chain Logistics• Authenticity and Traceability • Supply chain management • Registration of products on the block chain • Life cycle management • Inventory
http://www.digitalistmag.com/finance/2017/08/23/how-the-blockchain-revolutionizes-supply-chain-management-05306209
28
KSI Block Chain
29
KSI and Estonia E-Governance
30
Algorand• Problems with Bitcoin and Ethereum • Consensus is expensive • 500 MW • Not well distributed
• Algorand provides a more distributed solution
31
Take Away• Block Chain is more of a platform technology • Tamper resistance • Publicly verifiable • Democratic decision making • Very suitable for E-governance with enhanced public trust • Suitable for IT and Internet governance • Further scopes — copyright enforcement, fighting fake news,
trusted election
32