No Arabic abstract
With the large-scale deployment of industrial internet of things (IIoT) devices, the number of vulnerabilities that threaten IIoT security is also growing dramatically, including a mass of undisclosed IIoT vulnerabilities that lack mitigation measures. Coordination Vulnerabilities Disclosure (CVD) is one of the most popular vulnerabilities sharing solutions, in which some security workers (SWs) can develop undisclosed vulnerabilities patches together. However, CVD assumes that sharing participants (SWs) are all honest, and thus offering chances for dishonest SWs to leak undisclosed IIoT vulnerabilities. To combat such threats, we propose an Undisclosed IIoT Vulnerabilities Trusted Sharing Protection (UIV-TSP) scheme with dynamic token. In this article, a dynamic token is an implicit access credential for an SW to acquire an undisclosed vulnerability information, which is only held by the system and constantly updated as the SW access. Meanwhile, the latest updated token can be stealthily sneaked into the acquired information as the traceability token. Once the undisclosed vulnerability information leaves the SW host, the embedded self-destruct program will be automatically triggered to prevent leaks since the destination MAC address in the traceability token has changed. To quickly distinguish dishonest SWs, trust mechanism is adopted to evaluate the trust value of SWs. Moreover, we design a blockchain-assisted continuous logs storage method to achieve the tamper-proofing of dynamic token and the transparency of undisclosed IIoT vulnerabilities sharing. The simulation results indicate that our proposed scheme is resilient to suppress dishonest SWs and protect the IoT undisclosed vulnerabilities effectively.
Cyber attacks are becoming more frequent and sophisticated, introducing significant challenges for organizations to protect their systems and data from threat actors. Today, threat actors are highly motivated, persistent, and well-founded and operate in a coordinated manner to commit a diversity of attacks using various sophisticated tactics, techniques, and procedures. Given the risks these threats present, it has become clear that organizations need to collaborate and share cyber threat information (CTI) and use it to improve their security posture. In this paper, we present TRADE -- TRusted Anonymous Data Exchange -- a collaborative, distributed, trusted, and anonymized CTI sharing platform based on blockchain technology. TRADE uses a blockchain-based access control framework designed to provide essential features and requirements to incentivize and encourage organizations to share threat intelligence information. In TRADE, organizations can fully control their data by defining sharing policies enforced by smart contracts used to control and manage CTI sharing in the network. TRADE allows organizations to preserve their anonymity while keeping organizations fully accountable for their action in the network. Finally, TRADE can be easily integrated within existing threat intelligence exchange protocols - such as trusted automated exchange of intelligence information (TAXII) and OpenDXL, thereby allowing a fast and smooth technology adaptation.
Distributed ledger systems (i.e., blockchains) have received a lot of attention recently. They promise to enable mutually untrusted participants to execute transactions, while providing the immutability of the transaction history and censorship resistance. Although decentralized ledgers may become a disruptive innovation, as of today, they suffer from scalability, privacy, or governance issues. Therefore, they are inapplicable for many important use cases, where interestingly, centralized ledger systems quietly gain adoption and find new use cases. Unfortunately, centralized ledgers have also several drawbacks, like a lack of efficient verifiability or a higher risk of censorship and equivocation. In this paper, we present Aquareum, a novel framework for centralized ledgers removing their main limitations. By combining a trusted execution environment with a public blockchain platform, Aquareum provides publicly verifiable, non-equivocating, censorship-evident, private, and high-performance ledgers. Aquareum ledgers are integrated with a Turing-complete virtual machine, allowing arbitrary transaction processing logics, including tokens or client-specified smart contracts. Aquareum is fully implemented and deployment-ready, even with currently existing technologies.
The data collected from Internet of Things (IoT) devices on various emissions or pollution, can have a significant economic value for the stakeholders. This makes it prone to abuse or tampering and brings forward the need to integrate IoT with a Distributed Ledger Technology (DLT) to collect, store, and protect the IoT data. However, DLT brings an additional overhead to the frugal IoT connectivity and symmetrizes the IoT traffic, thus changing the usual assumption that IoT is uplink-oriented. We have implemented a platform that integrates DLTs with a monitoring system based on narrowband IoT (NB-IoT). We evaluate the performance and discuss the tradeoffs in two use cases: data authorization and real-time monitoring.
Blockchain has been applied to data sharing to ensure the integrity of data and chain of custody. Sharing big data such as large biomedical data files is a challenge to blockchain systems since the ledger is not designed to maintain big files, access control is an issue, and users may be dishonest. We call big data such as big files stored outside of a ledger that includes the blockchain and world state at a blockchain node as off-state and propose an off-state sharing protocol for a blockchain system to share big data between pairs of nodes. In our protocol, only encrypted files are transferred. The cryptographic key is stored in the world state in a secure way and can be accessed only by authorized parties. A receiver has to request the corresponding cryptographic key from the sender to decrypt such encrypted files. All requests are run through transactions to establish reliable chain of custody. We design and implement a prototypical blockchain off-state sharing system, BOSS, with Hyperledger Fabric. Extensive experiments were performed to validate the feasibility and performance of BOSS.
The healthcare industry has witnessed significant transformations in e-health services where Electronic Health Records (EHRs) are transferred to mobile edge clouds to facilitate healthcare. Many edge cloud-based system designs have been proposed, but some technical challenges still remain, such as low quality of services (QoS), data privacy and system security due to centralized healthcare architectures. In this paper, we propose a novel hybrid approach of data offloading and data sharing for healthcare using edge cloud and blockchain. First, an efficient data offloading scheme is proposed where IoT health data can be offloaded to nearby edge servers for data processing with privacy awareness. Then, a data sharing scheme is integrated to enable data exchange among healthcare users via blockchain. Particularly, a trustworthy access control mechanism is developed using smart contracts for access authentication to achieve secure EHRs sharing. Implementation results from extensive real-world experiments show the superior advantages of the proposal over the existing schemes in terms of improved QoS, enhanced data privacy and security, and low smart contract costs.