1,720,990 research outputs found
Toward scalable docker-based emulations of blockchain networks for research and development
No full textBlockchain, like any other complex technology, needs a strong testing methodology to support its evolution in both research and development contexts. Setting up meaningful tests for permissionless blockchain technology is a notoriously complex task for several reasons: software is complex, a large number of nodes are involved, the network is non-ideal, etc. Developers usually adopt small virtual laboratories or costly real devnets based on real software. Researchers usually prefer simulations of a large number of nodes based on simplified models. In this paper, we aim to obtain the advantages of both approaches, i.e., performing large, realistic, inexpensive, and flexible experiments, using real blockchain software within a virtual environment. To do that, we address the challenge of running large blockchain networks in a single physical machine, leveraging Linux and Docker. We analyze a number of problems that arise when large blockchain networks are emulated, and we provide technical solutions for all of them. Finally, we describe two experiences of emulating fairly large blockchain networks on a single machine: adopting both research-oriented and production-oriented software and involving more than 3000 containers
USBCaptchaIn: Preventing (un)conventional attacks from promiscuously used USB devices in industrial control systems
No full textIndustrial Control Systems (ICS) are sensible targets for high profile attackers and advanced persistent threats, which are known to exploit USB thumb drives as an effective spreading vector. In ICSes, thumb drives are widely used to transfer files among disconnected systems and represent a serious security risks, since, they may be promiscuously used in both critical and regular systems. The threats come both from malware hidden in files stored in the thumb drives and from BadUSB attacks. BadUSB leverages the modification of firmware of USB devices in order to mimic the behaviour of a keyboard and send malicious commands to the host. We present a solution that allows a promiscuous use of USB thumbs drives while protecting critical machines from malware, that spreads by regular file infection or by firmware infection. The main component of the architecture we propose is an hardware, called USBCaptchaIn, intended to be in the middle between critical machines and connected USB devices. We do not require users to change the way they use thumb drives. To avoid human-errors, we do not require users to take any decision. The proposed approach is highly compatible with already deployed products of a ICS environment and proactively blocks malware before they reach their targets. We describe our solution, provide a thorough analysis of the security of our approach in the ICS context, and report the informal feedback of some experts regarding our first prototypes
Toward Scalable Docker-Based Emulations of Blockchain Networks
Full text linkBlockchain, like any other technology, needs a strong testing methodology to support its evolution. Setting up meaningful blockchain tests is a notoriously complex task for several reasons: software is complex, large number of nodes are involved, network is non ideal, etc. Developers usually adopts small virtual laboratories or costly real devnets, based on real software. Researchers usually prefer simulations of a large number of nodes, based on simplified models. In this paper, we aim to obtain the advantages of both approaches, i.e., performing large, realistic, unexpensive, and flexible experiments, using real blockchain software within a virtual environment. To do that, we tackle the challenge of running large blockchain networks in a single physical machine, leveraging Linux and Docker. We analyze a number of problems that arise when large blockchain networks are emulated and we provide technical solutions for all of them. Finally, we describe our experience of emulating a fairly large blockchain network, comprising more than 3000 containers, for research purposes
Virtual Private Blockchains for GDPR: Cheap Private Blockchains out of Public Ones
No full textCompliance with privacy regulations, like the European GDPR, poses a big pressure toward the adoption of private blockchain with respect to solutions based on public blockchains. However, there are cases in which adopting a private blockchain is hardly viable for other reasons, leading to situations that might result in a big obstacle for blockchain adoption of whatever kind. In this paper, we describe an approach to make a virtual private blockchain on top of a regular public blockchain, obtaining the security of the consensus algorithm of the latter while keeping the privacy features of a private blockchain. Our approach leverages cryptographic zero-knowledge proofs and authenticated data structures to allow the underlying public blockchain to verify that transactions of the VPBC conform to its specific consensus rules, without decrypting the transaction itself
Scaling blockchains without giving up decentralization and security: A solution to the blockchain scalability trilemma
No full textPublic blockchains should be able to scale with respect to the number of nodes and to the transactions workload. The blockchain scalability trilemma has been informally conjectured. This is related to scalability, security and decentralization, stating that any improvement in one of these aspects should negatively impact on at least one of the other two. In fact, despite the large research and experimental effort, all known approaches turn out to be tradeoffs. We theoretically describe a new blockchain architecture that scales to arbitrarily high workload provided that a corresponding proportional increment of nodes is provisioned. We show that, under reasonable assumptions, our approach does not require tradeoffs on security or decentralization. To the best of our knowledge, this is the first result that disprove the trilemma considering the scalability of all architectural elements of a blockchain and not only the consensus protocol. While our result is currently only theoretic, we believe that our approach may stimulate significant practical contributions
Pipeline-integrity: Scaling the use of authenticated data structures up to the cloud
No full textPublic cloud storage services are widely adopted for their scalability and low cost. However, delegating the management of the storage has serious implications from the security point of view. We focus on integrity verification of query results based on the use of Authenticated Data Structures (ADS). An ADS enables efficient updates of a cryptographic digest, when data changes, and efficient query verification against this digest. Since, the digest can be updated (and usually signed)exclusively with the intervention of a trusted party, the adoption of this approach is source of a serious performance degradation, in particular when the trusted party is far from the server that stores the ADS. In this paper, we show a protocol for a key–value storage service that provides ADS-enabled integrity-protected queries and updates without impairing scalability, even in the presence of large network latencies between trusted clients and an untrusted server. Our solution complies with the principle of the cloud paradigm in which services should be able to arbitrarily scale with respect to number of clients, requests rates, and data size keeping response time limited. We formally prove that our approach is able to detect server misbehaviour in a setting whose consistency rules are only slightly weaker than those guaranteed by previous results. We provide experimental evidence for the feasibility and scalability of our approach
Overlay Indexes: Efficiently Supporting Aggregate Range Queries and Authenticated Data Structures in Off-the-Shelf Databases
No full textCommercial off-the-shelf DataBase Management Systems (DBMSes) are highly optimized to process a wide range of queries by means of carefully designed indexing and query planning. However, many aggregate range queries are usually performed by DBMSes using sequential scans, and certain needs, like storing Authenticated Data Structures (ADS), are not supported at all. Theoretically, these needs could be efficiently fulfilled adopting specific kinds of indexing, which however are normally ruled-out in DBMSes design. We introduce the concept of overlay index: an index that is meant to be stored in a standard database, alongside regular data and managed by regular software, to complement DBMS capabilities. We show a data structure, that we call DB-tree, that realizes an overlay index to support a wide range of custom aggregate range queries as well as ADSes, efficiently. All DB-trees operations can be performed by executing a small number of queries to the DBMS, that can be issued in parallel in one or two query rounds, and involves a logarithmic amount of data. We experimentally evaluate the efficiency of DB-trees showing that our approach is effective, especially if data updates are limited
Blockchain as IoT Economy Enabler: A Review of Architectural Aspects
Full text linkIn the IoT-based economy, a large number of subjects (companies, public bodies, or private citizens) are willing to buy data or services offered by subjects that provide, operate, or host IoT devices. To support economic transactions in this setting, and to pave the way for the implementation of decentralized algorithmic governance powered by smart contracts, the adoption of the blockchain has been proposed both in scientific literature and in actual projects. The blockchain technology promises a decentralized payment system independent of (and possibly cheaper than) conventional electronic payment systems. However, there are a number of aspects that need to be considered for an effective IoT–blockchain integration. In this review paper, we start from a number of real IoT projects and applications that (may) take advantage of blockchain technology to support economic transactions. We provide a reasoned review of several architectural choices in light of typical requirements of those applications and discuss their impact on transaction throughput, latency, costs, limits on ecosystem growth, and so on. We also provide a survey of additional financial tools that a blockchain can potentially bring to an IoT ecosystem, with their architectural impact. In the end, we observe that there are very few examples of IoT projects that fully exploit the potential of the blockchain. We conclude with a discussion of open problems and future research directions to make blockchain adoption easier and more effective for supporting an IoT economy
Efficient Certification of Endpoint Control on Blockchain
Full text linkProving that an endpoint (e.g. URL, telephone number, ecc.) is controlled by a subject is crucial in many applications. In the web, this is witnessed by the widespread adoption of HTTPS. In centralized architectures, this task is usually carried out by trusted certification authorities (CAs). In decentralized applications, for example based on blockchains, or for self-sovereign identity management (SSI), it would be desirable to perform these checks in a decentralized way, relying on the collective behavior of a society of individuals rather than on a single trusted entity. In any case, the result should be a widely usable certificate, as in the centralized CA case. In this paper, we show two blockchain-based methods to prove the association between a subject and an endpoint in a decentralized manner. Our methods are compatible with a wide variety of endpoints and contribute to fill the gap of the current SSI approaches with respect to decentralization. We analyze the security of our proposal and provide a proof-of-concept implementation. We also evaluate performances, costs, and compatibility with current standardization efforts about SSI
Semantic information elicitation from unstructured medical records
No full textSemantic elicitation of relevant information entities from semi- and unstructured documents is an important problem in many application fields. This paper describes HiLXa system implementing a very powerful semantic approach to information extraction from semi- and unstructured documents obtained combining knowledge representation formalisms, like ontology languages, and two-dimensional languages exploiting a two-dimensional spatial representation of documents. The HiLX system constitutes a new generation technology capable of capturing and eliciting relevant information regarding a specific domain. It is founded on OntoDLP, an extension of disjunctive logic programming for ontology representation and reasoning. In the HiLX system the semantics of the information to be extracted is represented by using OntoDLP ontologies and the extraction patterns are expressed by means of regular and two-dimensional expressions. By converting the extraction patterns to OntoDLP reasoning modules, the HiLX system can actually extract information from HTML pages as well as from flat text documents using the same patterns. In this paper the extraction of clinical information and events, regarding patients, diseases, therapies and drugs, from electronic textual medical records is shown. Extracted information are represented in XML and can be stored in structured form using relational database or ad-hoc ontologies to enable further analysis
- …
