-
A Novel Endorsement Protocol to Secure BFT-Based Consensus in Permissionless Blockchain
Authors:
Ziqiang Xu,
Ahmad Salehi Shahraki,
Naveen Chilamkurti
Abstract:
Permissionless blockchain technology offers numerous potential benefits for decentralised applications, such as security, transparency, and openness. BFT-based consensus mechanisms are widely adopted in the permissioned blockchain to meet the high scalability requirements of the network. Sybil attacks are one of the most potential threats when applying BFT-based consensus mechanisms in permissionl…
▽ More
Permissionless blockchain technology offers numerous potential benefits for decentralised applications, such as security, transparency, and openness. BFT-based consensus mechanisms are widely adopted in the permissioned blockchain to meet the high scalability requirements of the network. Sybil attacks are one of the most potential threats when applying BFT-based consensus mechanisms in permissionless blockchain due to the lack of effective verification mechanisms for participants' identities. This paper presents a novel endorsement-based bootstrap** protocol with a signature algorithm that offers a streamlined, scalable identity endorsement and verification process. This approach effectively safeguards the BFT-based consensus mechanism against Sybil attacks. Using our proposed method, we have conducted thorough security analyses and simulation experiments to assess security, robustness, and scalability advantages in large-scale networks. Our results demonstrate that the scheme can effectively address the identity verification challenges when applying BFT-based consensus in a permissionless blockchain.
△ Less
Submitted 3 May, 2024;
originally announced May 2024.
-
Privacy of Fitness Applications and Consent Management in Blockchain
Authors:
May Alhajri,
Ahmad Salehi Shahraki,
Carsten Rudolph
Abstract:
The rapid advances in fitness wearable devices are redefining privacy around interactions. Fitness wearables devices record a considerable amount of sensitive and private details about exercise, blood oxygen level, and heart rate. Privacy concerns have emerged about the interactions between an individual's raw fitness data and data analysis by the providers of fitness apps and wearable devices. Th…
▽ More
The rapid advances in fitness wearable devices are redefining privacy around interactions. Fitness wearables devices record a considerable amount of sensitive and private details about exercise, blood oxygen level, and heart rate. Privacy concerns have emerged about the interactions between an individual's raw fitness data and data analysis by the providers of fitness apps and wearable devices. This paper describes the importance of adopting and applying legal frameworks within the fitness tracker ecosystem. In this review, we describe the studies on the current privacy policies of fitness app providers, heuristically evaluate the methods for consent management by fitness providers, summarize the gaps identified in our review of these studies, and discuss potential solutions for filling the gaps identified. We have identified four main problems related to preserving the privacy of users of fitness apps: lack of system transparency, lack of privacy policy legibility, concerns regarding one-time consent, and issues of noncompliance regarding consent management. After discussing feasible solutions, we conclude by describing how blockchain is suitable for solving these privacy issues.
△ Less
Submitted 1 March, 2022;
originally announced March 2022.
-
A Blockchain-Based Consent Mechanism for Access to Fitness Data in the Healthcare Context
Authors:
May Alhajri,
Carsten Rudolph,
Ahmad Salehi Shahraki
Abstract:
Wearable fitness devices are widely used to track an individual's health and physical activities to improve the quality of health services. These devices sense a considerable amount of sensitive data processed by a centralized third party. While many researchers have thoroughly evaluated privacy issues surrounding wearable fitness trackers, no study has addressed privacy issues in trackers by givi…
▽ More
Wearable fitness devices are widely used to track an individual's health and physical activities to improve the quality of health services. These devices sense a considerable amount of sensitive data processed by a centralized third party. While many researchers have thoroughly evaluated privacy issues surrounding wearable fitness trackers, no study has addressed privacy issues in trackers by giving control of the data to the user. Blockchain is an emerging technology with outstanding advantages in resolving consent management privacy concerns. As there are no fully transparent, legally compliant solutions for sharing personal fitness data, this study introduces an architecture for a human-centric, legally compliant, decentralized and dynamic consent system based on blockchain and smart contracts. Algorithms and sequence diagrams of the proposed system's activities show consent-related data flow among various agents, which are used later to prove the system's trustworthiness by formalizing the security requirements. The security properties of the proposed system were evaluated using the formal security modeling framework SeMF, which demonstrates the feasibility of the solution at an abstract level based on formal language theory. As a result, we have empirically proven that blockchain technology is suitable for mitigating the privacy issues of fitness providers by recording individuals' consent using blockchain and smart contracts.
△ Less
Submitted 2 March, 2022; v1 submitted 25 February, 2022;
originally announced February 2022.
-
Decentralized Policy Information Points for Multi-Domain Environments
Authors:
M Ridwanur Rahman,
Ahmad Salehi Shahraki,
Carsten Rudolph
Abstract:
Access control models have been developed to control authorized access to sensitive resources. This control of access is important as there is now a need for collaborative resource sharing between multiple organizations over open environments like the internet. Although there are multiple access control models that are being widely used, these models are providing access control within a closed en…
▽ More
Access control models have been developed to control authorized access to sensitive resources. This control of access is important as there is now a need for collaborative resource sharing between multiple organizations over open environments like the internet. Although there are multiple access control models that are being widely used, these models are providing access control within a closed environment i.e. within the organization using it. These models have restricted capabilities in providing access control in open environments. Attribute-Based Access Control (ABAC) has emerged as a powerful access control model to bring fine-grained authorization to organizations that possess sensitive data and resources and want to collaborate over open environments. In an ABAC system, access to resources that an organization possess can be controlled by applying policies on attributes of the users. These policies are conditions that need to be satisfied by the requester in order to gain access to the resource. In this paper, we provide an introduction to ABAC and by carrying forward the architecture of ABAC, we propose a Decentralized Policy Information Point (PIP) model. Our model proposes the decentralization of PIP, which is an entity of the ABAC model that allows the storage and query of user attributes and enforces fine-grained access control for controlling the access of sensitive resources over multiple domains. Our model makes use of the concept of a cryptographic primitive called Attribute-Based Signature (ABS) to keep the identities of the users involved, private. Our model can be used for collaborative resource sharing over the internet. The evaluation of our model is also discussed to reflect the application of the proposed decentralized PIP model.
△ Less
Submitted 18 August, 2021;
originally announced August 2021.