-
VeriBlock: A Blockchain-Based Verifiable Trust Management Architecture with Provable Interactions
Authors:
Shantanu Pal,
Ambrose Hill,
Tahiry Rabehaja,
Michael Hitchens
Abstract:
There has been considerable advancement in the use of blockchain for trust management in large-scale dynamic systems. In such systems, blockchain is mainly used to store the trust score or trust-related information of interactions among the various entities. However, present trust management architectures using blockchain lack verifiable interactions among the entities on which the trust score is…
▽ More
There has been considerable advancement in the use of blockchain for trust management in large-scale dynamic systems. In such systems, blockchain is mainly used to store the trust score or trust-related information of interactions among the various entities. However, present trust management architectures using blockchain lack verifiable interactions among the entities on which the trust score is calculated. In this paper, we propose a blockchain-based trust management framework that allows independent trust providers to implement different trust metrics on a common set of trust evidence and provide individual trust value. We employ geo-location as proof of interaction. Some of the existing proposals rely upon geo-location data, but they do not support trust calculation by multiple trust providers. Instead, they can only support a centralised system. Our proposed architecture does not depend upon a single centralised third-party entity to ensure trusted interactions. Our architecture is supported by provable interactions that can easily be verified using blockchain. Therefore, it allows a high degree of confidence in trust management by ensuring the actual interactions between the entities. We provide a detailed design and development of the architecture using real-world use case examples. The proof of prototype was implemented on the Ethereum blockchain platform. Experimental results demonstrate that the employment of independent trust providers adequately provides a high degree of trust scores and that the proposed architecture can be used in a real-world environment.
△ Less
Submitted 12 June, 2022;
originally announced June 2022.
-
Controlling Resource Allocation using Blockchain-Based Delegation
Authors:
Shantanu Pal,
Ambrose Hill,
Tahiry Rabehaja,
Michael Hitchens
Abstract:
Allocation of resources and their control over multiple organisations is challenging. This is especially true for a large-scale and dynamic system like the Internet of Things (IoT). One of the core issues in such a system is the provision of secure access control. In particular, transfer of access rights from one entity to another in a secure, flexible and fine-grained manner. In this paper, we pr…
▽ More
Allocation of resources and their control over multiple organisations is challenging. This is especially true for a large-scale and dynamic system like the Internet of Things (IoT). One of the core issues in such a system is the provision of secure access control. In particular, transfer of access rights from one entity to another in a secure, flexible and fine-grained manner. In this paper, we present a multi-organisational delegation framework using blockchain. Our framework takes advantage of blockchain smart contracts to define the interactions and resource allocation between the consortium of organisations. We show the feasibility of our solution in a real-world scenario using the allocation of transportation credits in a multi-level organisational setting as a use-case. We provide proof of implementation of the proposed framework using the Hyperledger Fabric blockchain platform. Our results indicate that the proposed framework is efficient and can be used for city-wide transport, potentially even scale country-wide with a shared blockchain with complex access control rules. It also bestows better transparency to the delegation of access rights and control over the employees' transportation access for the organisations.
△ Less
Submitted 3 October, 2021;
originally announced October 2021.
-
A Blockchain-Based Trust Management Framework with Verifiable Interactions
Authors:
Shantanu Pal,
Ambrose Hill,
Tahiry Rabehaja,
Michael Hitchens
Abstract:
There has been tremendous interest in the development of formal trust models and metrics through the use of analytics (e.g., Belief Theory and Bayesian models), logics (e.g., Epistemic and Subjective Logic) and other mathematical models. The choice of trust metric will depend on context, circumstance and user requirements and there is no single best metric for use in all circumstances. Where diffe…
▽ More
There has been tremendous interest in the development of formal trust models and metrics through the use of analytics (e.g., Belief Theory and Bayesian models), logics (e.g., Epistemic and Subjective Logic) and other mathematical models. The choice of trust metric will depend on context, circumstance and user requirements and there is no single best metric for use in all circumstances. Where different users require different trust metrics to be employed the trust score calculations should still be based on all available trust evidence. Trust is normally computed using past experiences but, in practice (especially in centralised systems), the validity and accuracy of these experiences are taken for granted. In this paper, we provide a formal framework and practical blockchain-based implementation that allows independent trust providers to implement different trust metrics in a distributed manner while still allowing all trust providers to base their calculations on a common set of trust evidence. Further, our design allows experiences to be provably linked to interactions without the need for a central authority. This leads to the notion of evidence-based trust with provable interactions. Leveraging blockchain allows the trust providers to offer their services in a competitive manner, charging fees while users are provided with payments for recording experiences. Performance details of the blockchain implementation are provided.
△ Less
Submitted 9 June, 2021;
originally announced June 2021.
-
Towards a Trust Aware Network Slice based End to End Services for Virtualised Infrastructures
Authors:
Vijay Varadharajan,
Kallol Karmakar,
Uday Tupakula,
Michael Hitchens
Abstract:
Future communication networks such as 5G are expected to support end-to-end delivery of services for several vertical markets with diverging requirements. Network slicing is a key construct that is used to provide end to end logical virtual networks running on a common virtualised infrastructure, which are mutually isolated. Having different network slices operating over the same 5G infrastructure…
▽ More
Future communication networks such as 5G are expected to support end-to-end delivery of services for several vertical markets with diverging requirements. Network slicing is a key construct that is used to provide end to end logical virtual networks running on a common virtualised infrastructure, which are mutually isolated. Having different network slices operating over the same 5G infrastructure creates several challenges in security and trust. This paper addresses the fundamental issue of trust of a network slice. It presents a trust model and property-based trust attestation mechanisms which can be used to evaluate the trust of the virtual network functions that compose the network slice. The proposed model helps to determine the trust of the virtual network functions as well as the properties that should be satisfied by the virtual platforms (both at boot and run time) on which these network functions are deployed for them to be trusted. We present a logic-based language that defines simple rules for the specification of properties and the conditions under which these properties are evaluated to be satisfied for trusted virtualised platforms. The proposed trust model and mechanisms enable the service providers to determine the trustworthiness of the network services as well as the users to develop trustworthy applications. .
△ Less
Submitted 4 June, 2020;
originally announced June 2020.
-
A Policy based Security Architecture for Software Defined Networks
Authors:
Vijay Varadharajan,
Kallol Karmakar,
Uday Tupakula,
Michael Hitchens
Abstract:
As networks expand in size and complexity, they pose greater administrative and management challenges. Software Defined Networks (SDN) offer a promising approach to meeting some of these challenges. In this paper, we propose a policy driven security architecture for securing end to end services across multiple SDN domains. We develop a language based approach to design security policies that are r…
▽ More
As networks expand in size and complexity, they pose greater administrative and management challenges. Software Defined Networks (SDN) offer a promising approach to meeting some of these challenges. In this paper, we propose a policy driven security architecture for securing end to end services across multiple SDN domains. We develop a language based approach to design security policies that are relevant for securing SDN services and communications. We describe the policy language and its use in specifying security policies to control the flow of information in a multi-domain SDN. We demonstrate the specification of fine grained security policies based on a variety of attributes such as parameters associated with users and devices/switches, context information such as location and routing information, and services accessed in SDN as well as security attributes associated with the switches and Controllers in different domains. An important feature of our architecture is its ability to specify path and flow based security policies, which are significant for securing end to end services in SDNs. We describe the design and the implementation of our proposed policy based security architecture and demonstrate its use in scenarios involving both intra and inter-domain communications with multiple SDN Controllers. We analyse the performance characteristics of our architecture as well as discuss how our architecture is able to counteract various security attacks. The dynamic security policy based approach and the distribution of corresponding security capabilities intelligently as a service layer that enable flow based security enforcement and protection of multitude of network devices against attacks are important contributions of this paper.
△ Less
Submitted 6 June, 2018;
originally announced June 2018.