Erhan Turan,Sevil Sen,Tamer Ergun

DOI: https://doi.org/10.1109/access.2024.3394657

IF: 3.9

2024-05-03

IEEE Access

Abstract:The conventional Public Key Infrastructure (PKI) has long been plagued by security issues stemming from its centralized and non-transparent design. In recent years, blockchain-based PKI architectures have emerged as promising solutions to overcome such issues. However, existing research has predominantly focused on SSL certificates, overlooking other certificate types used for purposes such as facilitating electronic signatures/seals, code signing, and S/MIME- all reliant on the foundational PKI infrastructure. In this study, we present a novel blockchain-based PKI architecture designed to accommodate diverse certificate types. Combining the principles of the Web of Trust with a centralized model, our SemiDec-PKI establishes a resilient, distributed infrastructure. This unique synergy minimizes reliance on a single central authority, mitigating the vulnerabilities associated with traditional PKI systems' single points of failure. With a cross-check mechanism and collective consensus of trusted entities, SemiDec-PKI provides higher fault tolerance, preventing disruptions from certificate misissuance or compromised certificate authorities. Furthermore, it introduces a stake-based reward-punishment mechanism which incentives honest behavior and penalizes malicious actions, serving as a potent deterrent against impersonation attacks.

computer science, information systems,telecommunications,engineering, electrical & electronic

Christos Patsonakis,Katerina Samari,Aggelos Kiayias,Mema Roussopoulos

DOI: https://doi.org/10.1109/DAPPCON.2019.00022

2019-02-03

Abstract:Public key infrastructures (PKIs) are one of the main building blocks for securing communications over the Internet. Currently, PKIs are under the control of centralized authorities, which is problematic as evidenced by numerous incidents where they have been compromised. The distributed, fault tolerant log of transactions provided by blockchains and more recently, smart contract platforms, constitutes a powerful tool for the decentralization of PKIs. To verify the validity of identity records, blockchain-based identity systems store on chain either all identity records, or, a small (or even constant) sized amount of data to verify identity records stored off chain. However, as most of these systems have never been implemented, there is little information regarding the practical implications of each design's tradeoffs. In this work, we first implement and evaluate the only provably secure, smart contract based PKI of [1] on top of Ethereum. This construction incurs constant-sized storage at the expense of computational complexity. To explore this tradeoff, we propose and implement a second construction which, eliminates the need for trusted setup, preserves the security properties of [1] and, as illustrated through our evaluation, is the only version with constant-sized state that can be deployed on the live chain of Ethereum. Furthermore, we compare these two systems with the simple approach of most prior works, e.g., the Ethereum Name Service, where all identity records are stored on the smart contract's state, to illustrate several shortcomings of Ethereum and its cost model. We propose several modifications for fine tuning the model, which would be useful to be considered for any smart contract platform like Ethereum so that it reaches its full potential to support arbitrary distributed applications.

Distributed, Parallel, and Cluster Computing

Abba Garba,Qinwen Hu,Zhong Chen,Muhammad Rizwan Asghar

DOI: https://doi.org/10.1109/hpcc-smartcity-dss50907.2020.00108

2020-01-01

Abstract:Recently, real-world attacks against the web Public Key Infrastructure (PKI) have arisen more frequently. The current PKI that use Registration Authorities/Certificate Authorities (RAs/CAs) model suffer from notorious security vulnerabilities. Most of these vulnerabilities are due to compromises of RAs, which lead to impersonation attacks resulting in CAs misbehaving to issue bogus certificates. To counter this problem, many approaches, such as Certificate Transparency (CT), ARPKI, and PoliCert, have been proposed. Nonetheless, no solution has yet gained widespread acceptance as a result of complexity and deployability issues. Moreover, existing approaches still require to satisfy complicated interactions and synchronisation among the entities that are involved during certificate issuance, updates, and revocations. In this paper, we propose a new Blockchain-Based PKI (BB-PKI) to address these vulnerabilities of CA misbehaviour caused by impersonation attacks against RAs. Certificate Issuance Request (CIR) should be vouched by manifold RAs. Multiple CAs shall sign and issue the certificate using an out-of-band secure communication channel. Any RA that contributes to the verification process of a user's request can publish the certificate in the blockchain by creating a smart contract certificate transaction. BB-PKI offers strong security guarantees, compromising $n - 1$ of the RAs or CAs is not enough to launch impersonation attacks, meaning that attackers cannot compromise more than the threshold of the latter signatures to launch an attack.

Ratna Halder,Dipanjan Das Roy,Dongwan Shin

DOI: https://doi.org/10.3390/jcp4020010

2024-03-31

Journal of Cybersecurity and Privacy

Abstract:Internet applications rely on Secure Socket Layer (SSL)/Transport Security Layer (TSL) certifications to establish secure communication. However, the centralized nature of certificate authorities (CAs) poses a risk, as malicious third parties could exploit the CA to issue fake certificates to malicious web servers, potentially compromising the privacy and integrity of user data. In this paper, we demonstrate how the utilization of decentralized certificate verification with blockchain technology can effectively address and mitigate such attacks. We present a decentralized public key infrastructure (PKI) based on a distributed trust model, e.g., Web of Trust (WoT) and blockchain technologies, to overcome vulnerabilities like single points of failure and to prevent tampering with existing certificates. In addition, our infrastructure establishes a trusted key-ring network that decouples the authentication process from CAs in order to enhance secure certificate issuance and accelerate the revocation process. Furthermore, as a proof of concept, we present the implementation of our proposed system in the Ethereum blockchain, confirming that the proposed framework meets the five identified requirements. Our experimental results demonstrate the effectiveness of our proposed system in practice, albeit with additional overhead compared to conventional PKIs.

computer science, information systems, interdisciplinary applications, software engineering

Patrick Herbke,Thomas Cory,Mauro Migliardi

2024-09-20

Abstract:Public key infrastructures are essential for Internet security, ensuring robust certificate management and revocation mechanisms. The transition from centralized to decentralized systems presents challenges such as trust distribution and privacy-preserving credential management. The transition from centralized to decentralized systems is motivated by addressing the single points of failure inherent in centralized systems and leveraging decentralized technologies' transparency and resilience. This paper explores the evolution of certificate status management from centralized to decentralized frameworks, focusing on blockchain technology and advanced cryptography. We provide a taxonomy of the challenges of centralized systems and discuss opportunities provided by existing decentralized technologies. Our findings reveal that, although blockchain technologies enhance security and trust distribution, they represent a bottleneck for parallel computation and face inefficiencies in cryptographic computations. For this reason, we propose a framework of decentralized technology components that addresses such shortcomings to advance the paradigm shift toward decentralized credential status management.

Cryptography and Security,Networking and Internet Architecture

Junaid Akram,Ali Anaissi

2024-07-01

Abstract:In the domain of spatial crowdsourcing drone services, which includes tasks like delivery, surveillance, and data collection, secure communication is paramount. The Public Key Infrastructure (PKI) ensures this by providing a system for digital certificates that authenticate the identities of entities involved, securing data and command transmissions between drones and their operators. However, the centralized trust model of traditional PKI, dependent on Certificate Authorities (CAs), presents a vulnerability due to its single point of failure, risking security breaches. To counteract this, the paper presents D2XChain, a blockchain-based PKI framework designed for the Internet of Drone Things (IoDT). By decentralizing the CA infrastructure, D2XChain eliminates this single point of failure, thereby enhancing the security and reliability of drone communications. Fully compatible with the X.509 standard, it integrates seamlessly with existing PKI systems, supporting all key operations such as certificate registration, validation, verification, and revocation in a distributed manner. This innovative approach not only strengthens the defense of drone services against various security threats but also showcases its practical application through deployment on a private Ethereum testbed, representing a significant advancement in addressing the unique security challenges of drone-based services and ensuring their trustworthy operation in critical tasks.

Cryptography and Security

Oleksandr Dulia,Dmytro Minochkin

DOI: https://doi.org/10.20535/2411-1031.2023.11.2.293496

2023-12-28

Abstract:This article delves into the vital role of Public Key Infrastructure (PKI) in securing and authenticating communications across a multitude of fields. PKI has evolved from a mere technical concept into a cornerstone of secure digital communications, playing a central role in various domains such as web security, healthcare, finance, the Internet of Things (IoT), and government services. PKI employs cryptographic techniques and digital certificates to establish trust, ensure data integrity, and enable secure communications, thus acting as the backbone of digital security. In the wake of the digital revolution, the demand for reliable and robust security solutions has skyrocketed. The diversity and scale of modern digital platforms necessitate adaptable security solutions, a challenge which PKI tackles through its flexible implementation. Despite sharing core principles, the implementation of PKI demonstrates divergences influenced by factors such as scale, complexity, resource constraints, regulatory environments, and trust models. This article offers an extensive comparison of PKI's utilization across various domains, highlighting the commonalities and divergences. It explores how PKI is tailored to meet the unique requirements and challenges of each sector and discusses the certificate lifecycle management in varying contexts. Moreover, it provides an analysis of the current state of PKI applications and challenges, offering insights into the evolving landscape of threats and technologies. Not only does the article address the current state of PKI, but it also presents a forward-looking perspective on its potential future developments. As the digital landscape continues to evolve and expand, it is crucial to anticipate the emerging challenges and devise strategies for proactive adaptation. This article thus serves as a comprehensive resource for understanding the role and impact of PKI in the contemporary digital infrastructure. Ultimately, the article seeks to underline the importance of PKI and highlight the need for continued research and development in this area. As our reliance on digital communications and transactions continues to grow, the role of PKI in safeguarding these interactions becomes increasingly significant. This comprehensive review serves as a valuable resource for researchers, practitioners, and policymakers in understanding the diverse applications of PKI and its critical role in securing the digital world.

Harjit Singh,Geetika Jain,Alka Munjal,Sapna Rakesh

DOI: https://doi.org/10.1108/cg-07-2018-0261

2019-09-12

Corporate Governance: The International Journal of Business in Society

Abstract:Purpose The purpose of this paper is to determine the stakeholders’ acceptance on blockchain and to investigate the model fit by using “Technology Acceptance Model” with special reference to corporate governance through cryptography to resolve the decades-old problems of financial record-keeping. Design/methodology/approach The whole analysis has been performed in the two steps, i.e. confirmatory factors analysis and structural equation modeling, to prove model fit between behavioral intention and actual behavior for using blockchain technology. Total 223 respondents have been selected, and the selection of the respondent is primarily on the basis of their previous experience with trading corporate equities. Findings The study determines empirically all the mentioned relationships of attitude, perceived ease of use and perceived usefulness with the behavioral intention as per the conceptual model to prove the relationship. The results of the manuscript shows the model fit indexes for various constructs are prove the model fit as per the theorized model. The values of the various indexes are found to be under the permissible range which explains the relationship of various constructs based on the theorized model. Research limitations/implications Despite, the limitations in terms of selection of sampling methods, outcome and the interpretation, the results proves the fit with the theoretical framework. The major implication is to understand the real-time use of blockchain technology for the transfer of shares from one party to other. Practical implications Stakeholders in corporate governance namely customers, creditors, suppliers, community, employees, owners, investors, trade unions and social activists could benefit in different ways. Investors could benefit from being able to purchase equity at low price and to sell them into a market with greater liquidity, but they would found it difficult to camouflage their trades. Social implications The study opines that virtually all aspects of the corporate governance can be improved through the adoption of this technology resulting in greater transparency, improved liquidity and lowering costs. Originality/value This study will be a reference for global players in the financial industry that have started investing in this innovative technology vis-à-vis recent announcement of adoption of blockchain by global exchanges including NASDAQ, NYSE and Deutsche Borse, as a new method for trading, tracking ownership and monitoring systemic risk for strengthening corporate governance mechanism. This study will have a significant index for future reference where the technology adoption will be tested to have better corporate governance which will be useful for academics and professionals.

Anne Lafarre,Christoph Van der Elst

DOI: https://doi.org/10.2139/ssrn.4483621

2023-01-01

SSRN Electronic Journal

Abstract:Blockchain technology, along with distributed ledger technologies (DLT), has gained recognition as a potential game-changer in corporate governance. Proponents argue that it has the capability to enable the creation of decentralized autonomous organizations (DAOs) that operate without hierarchical structures. However, challenges and uncertainties persist regarding the legal status, governance structures, and liability features of DAOs. This chapter sheds light on the practical implementation and use of DAOs and shows that elements of centralization often emerge despite the goal of decentralization.Additionally, this chapter examines the impact of blockchain technology on the governance of traditional corporations, with a specific focus on strengthening key corporate functions such as share issuance, trading, and decision-making processes. Blockchain has the potential to address custody chain issues and improve transparency in corporate securities and stock ownership records. However, transitioning from existing systems to blockchain-based solutions, as demonstrated by the ASX CHESS Replacement process, is a complex task. While blockchain shows promise in enhancing shareholder and stakeholder rights, a careful assessment of its limitations and practical considerations is necessary. Additionally, it is important to critically evaluate the necessity of blockchain technology itself in corporate governance applications, as centralized systems with secure and transparent digital record-keeping may also be viable alternatives in various cases.

Vinden Wylde,Nisha Rawindaran,John Lawrence,Rushil Balasubramanian,Edmond Prakash,Ambikesh Jayal,Imtiaz Khan,Chaminda Hewage,Jon Platts

DOI: https://doi.org/10.1007/s42979-022-01020-4

2022-01-12

SN Computer Science

Abstract:Abstract In this paper, we identify and review key challenges to bridge the knowledge-gap between SME’s, companies, organisations, businesses, government institutions and the general public in adopting, promoting and utilising Blockchain technology. The challenges indicated are Cybersecurity and Data privacy in this instance. Additional challenges are set out supported by literature, in researching data security management systems and legal frameworks to ascertaining the types and varieties of valid encryption, data acquisition, policy and outcomes under ISO 27001 and the General Data Protection Regulations. Blockchain, a revolutionary method of storage and immutability, provides a robust storage strategy, and when coupled with a Smart Contract, gives users the ability to form partnerships, share information and consent via a legally-based system of carrying out business transactions in a secure digital domain. Globally, ethical and legal challenges significantly differ; consent and trust in the public and private sectors in deploying such defensive data management strategies, is directly related to the accountability and transparency systems in place to deliver certainty and justice. Therefore, investment and research in these areas is crucial to establishing a dialogue between nations to include health, finance and market strategies that should encompass all levels of society. A framework is proposed with elements to include Big Data, Machine Learning and Visualisation methods and techniques. Through the literature we identify a system necessary in carrying out experiments to detect, capture, process and store data. This includes isolating packet data to inform levels of Cybersecurity and privacy-related activities, and ensuring transparency demonstrated in a secure, smart and effective manner.

Jaynill Gopal,Stacey Omeleze-Baror

DOI: https://doi.org/10.34190/iccws.19.1.2041

2024-03-21

International Conference on Cyber Warfare and Security

Abstract:In the digital age digital data has been seen as the new currency for both companies and bad actors,leading to mismanagement of personal data by both entities. This mismanagement could lead to personal databeing breached while this may prove to be beneficial to certain entities, this however is not the case for usersand digital citizens. In recent years there has been an influx in data breaches and data mismanagement casesthroughout various industries, including corporations such as Apple and Facebook, involving critical datarelating to user's digital identities, personal data, and other identifiable information. This issue may beaddressed by employing the use of blockchain technology, a technology that has been recognized as a securesystem promoting security and privacy, we can prevent this mismanagement of data and data breaches fromhappening. While blockchain is a relatively new technology, there is potential to use it in the current age of theinternet and digital identities by employing blockchain technology to secure one’s digital identity. This researchaims to propose a potential solution to the issue of data protection and data breaches by proposing andmaking use of a conceptual model which makes use of a multi-level blockchain system. The system isolatesdata from digital identities between various digital platforms to minimize the amount of data breaches thatmay occur – further minimizing the amount of personal data which may be breached. This system allows theuser to have full control over who may access their private data, while preventing bad actors from accessingthe data without the user’s authorization. The multi-level blockchain splits the user's data according toindustrial or digital sector in which their data is used, with a master blockchain acting as the connecting link toa person's digital identity. Making use of this multi-level blockchain allows for the user to control who hasaccess to their data, while remaining anonymous and secure in a digital platform‘s database or digital storage.

Xinyi Luo,Zhuo Xu,Kaiping Xue,Qiantong Jiang,Ruidong Li,David Wei

DOI: https://doi.org/10.1109/icdcs54860.2022.00121

2022-01-01

Abstract:As the voucher for identity, digital certificates and the public key infrastructure (PKI) system have always played a vital role to provide the authentication services. In recent years, with the increase in attacks on traditional centralized PKIs and the extensive deployment of blockchains, researchers have tried to establish blockchain-based secure decentralized PKIs and have made significant progress. Although blockchain enhances security, it brings new problems in scalability due to the inherent limitations of blockchain’s data structure and consensus mechanism, which become much severe for the massive access in the era of 5G and B5G. In this paper, we propose ScalaCert to mitigate the scalability problems of blockchain-based PKIs by utilizing redactable blockchain for "on-cert" revocation. Specifically, we utilize the redactable blockchain to record revocation information directly on the original certificate ("on-cert") and remove additional data structures such as CRL, significantly reducing storage overhead. Moreover, the combination of redactable and consortium blockchains brings a new kind of attack called deception of versions (DoV) attack. To defend against it, we design a random-block-node-check (RBNC) based freshness check mechanism. Security and performance analyses show that ScalaCert has sufficient security and effectively solves the scalability problem of the blockchain-based PKI system.

Mustafa Tanriverdi,,Mustafa Tanriverdi,

DOI: https://doi.org/10.54216/jcim.040203

2020-01-01

Journal of Cybersecurity and Information Management

Abstract:Sharing the electronic health data helps to increase the accuracy of the diagnoses and to improve the quality of health services. This shared data can also be used in medical research and can reduce medical costs. However, health data are fragmented across decentralized hospitals, this prevents data sharing and puts patients’ privacy at risks. In recent years, blockchain has revealed solutions that make life easier in many areas thanks to its distributed, safe and immutable structure. There are many blockchain-based studies in the literature on providing data privacy and sharing in different areas. In some studies, blockchain has been used with technologies such as cloud computing and cryptology. In the field of healthcare blockchain-based solutions are offered for the management and sharing of Electronic health records. In these solutions, private and consortium blockchain types are generally preferred and Public Key Infrastructure (PKI) and encryption are used for data privacy. Within the scope of this study, blockchain-based studies on the privacy preserving data sharing of health data were examined. In this paper, information about the studies in the literature and potential issues that can be studied in the future were discussed. In addition, information about current blockchain technologies such as smart contracts and PKI is also given.

Vincent Schlatt,Johannes Sedlmeir,Simon Feulner,Nils Urbach

DOI: https://doi.org/10.48550/arXiv.2112.01237

2021-11-11

Computers and Society

Abstract:Know your customer (KYC) processes place a great burden on banks, because they are costly, inefficient, and inconvenient for customers. While blockchain technology is often mentioned as a potential solution, it is not clear how to use the technology's advantages without violating data protection regulations and customer privacy. We demonstrate how blockchain-based self-sovereign identity (SSI) can solve the challenges of KYC. We follow a rigorous design science research approach to create a framework that utilizes SSI in the KYC process, deriving nascent design principles that theorize on blockchain's role for SSI.

Aleksandr Kormiltsyn,Chibuzor Udokwu,Vimal Dwivedi,Alex Norta,Sanam Nisar

DOI: https://doi.org/10.30953/bhty.v6.276

2023-12-14

Abstract:Integrating personal health records (PHRs) and electronic health records (EHRs) facilitates the provision of novel services to individuals, researchers, and healthcare practitioners. Simultaneously, integrating healthcare data leads to complexities arising from the structural and semantic heterogeneity within the data. The subject of healthcare data evokes strong emotions due to concerns surrounding privacy breaches. Blockchain technology is employed to address the issue of patient data privacy in inter-organizational processes, as it facilitates patient data ownership and promotes transparency in its usage. At the same time, blockchain technology creates new challenges for e-healthcare systems, such as data privacy, observability, and online enforceability. This article proposes designing and formalizing automatic conflict resolution techniques in decentralized e-healthcare systems. The present study expounds upon our concepts by employing a running case study centered around preventive and personalized healthcare domains. Plain language summary: This paper suggests using blockchain technology for privacy concerns in integrating personal health records and electronic health records in decentralized e-healthcare systems. This report focuses on designing automatic conflict resolution techniques to ensure patient data ownership, transparency, and privacy in inter-organizational processes. This paper proposes designing automatic conflict resolution techniques in decentralized e-healthcare systems, which can improve inter-organizational processes in healthcare. Using blockchain technology to integrate personal and electronic health records can ensure patient data ownership and promote transparency in data usage, addressing privacy concerns in healthcare systems. This paper emphasizes the importance of data privacy and protection in healthcare systems, highlighting the need for compliance with laws and regulations. The research results, including the proof-of-concept prototype, can provide practical insights into implementing conflict resolution techniques in decentralized e-healthcare systems.

Murat Yasin Kubilay,Mehmet Sabir Kiraz,Haci Ali Mantar

DOI: https://doi.org/10.48550/arXiv.1806.03914

2018-10-01

Abstract:In conventional PKI, CAs are assumed to be fully trusted. However, in practice, CAs' absolute responsibility for providing trustworthiness caused major security and privacy issues. To prevent such issues, Google introduced the concept of Certificate Transparency (CT) in 2013. Later, several new PKI models (e.g., AKI, ARPKI, and DTKI) are proposed to reduce the level of trust to the CAs. However, all of these proposals are still vulnerable to split-world attacks if the adversary is capable of showing different views of the log to the targeted victims. In this paper, we propose a new PKI architecture with certificate transparency based on blockchain, what we called CertLedger, to eliminate the split-world attacks and to provide an ideal certificate/revocation transparency. All TLS certificates, their revocation status, entire revocation process, and trusted CA management are conducted in the CertLedger. CertLedger provides a unique, efficient, and trustworthy certificate validation process eliminating the conventional inadequate and incompatible certificate validation processes implemented by different software vendors. TLS clients in the CertLedger also do not require to make certificate validation and store the trusted CA certificates anymore. We analyze the security and performance of the CertLedger and provide a comparison with the previous proposals.

Cryptography and Security

Jan Heinrich Beinke,Christian Fitte,Frank Teuteberg

DOI: https://doi.org/10.2196/13585

2019-10-07

Abstract:Background: Data security issues still constitute the main reason for the sluggish dissemination of electronic health records (EHRs). Given that blockchain technology offers the possibility to verify transactions through a decentralized network, it may serve as a solution to secure health-related data. Therefore, we have identified stakeholder-specific requirements and propose a blockchain-based architecture for EHRs, while referring to the already existing scientific discussions on the potential of blockchain for use in EHRs. Objective: This study aimed to introduce blockchain technology for EHRs, based on identifying stakeholders and systematically eliciting their requirements, and to discuss the key benefits (KBs) and key challenges (KCs) of blockchain technology in the context of EHRs. Methods: The blockchain-based architecture was developed in the framework of the design science research paradigm. The requirements were identified using a structured literature review and interviews with nine health care experts. Subsequently, the proposed architecture was evaluated using 4 workshops with 15 participants. Results: We identified three major EHR stakeholder groups and 34 respective requirements. On this basis, we developed a five-layer architecture. The subsequent evaluation of the artifact was followed by the discussion of 12 KBs and 12 KCs of a blockchain-based architecture for EHRs. To address the KCs, we derived five recommendations for action for science and practice. Conclusions: Our findings indicate that blockchain technology offers considerable potential to advance EHRs. Improvements to currently available EHR solutions are expected, for instance, in the areas of data security, traceability, and automation by smart contracts. Future research could examine the patient's acceptance of blockchain-based EHRs and cost-benefit analyses.

Tim Hobson,Lydia France,Sam Greenbury,Luke Hare,Pamela Wochner

DOI: https://doi.org/10.1049/icp.2023.2561

2024-01-05

Abstract:The sharing of public key information is central to the digital credential security model, but the existing Web PKI with its opaque Certification Authorities and synthetic attestations serves a very different purpose. We propose a new approach to decentralised public key infrastructure, designed for digital identity, in which connections between legal entities that are represented digitally correspond to genuine, pre-existing relationships between recognisable institutions. In this scenario, users can judge for themselves the level of trust they are willing to place in a given chain of attestations. Our proposal includes a novel mechanism for establishing a root of trust in a decentralised setting via independently-verifiable timestamping. We also present a reference implementation built on open networks, protocols and standards. The system has minimal setup costs and is freely available for any community to adopt as a digital public good.

Cryptography and Security

Loïc Miller,Marc-Oliver Pahl

2024-03-07

Abstract:Collaborative cybersecurity relies on organizations sharing information to boost security, but trust management is a key concern. Decentralized solutions like distributed ledgers, particularly blockchain, are crucial for eliminating single points of failure. However, the existing literature on blockchain-based collaborative cybersecurity is limited, lacking comprehensive insights. This paper addresses this gap by surveying blockchain's role in collaborative cybersecurity from 2016 to 2023. It explores various applications, trends, and the evolution of blockchain technology, focusing on access control, data validation policies, underlying tech, and consensus mechanisms. A key finding is the fragmentation of the field with no dominant research group or venue. Many recent projects poorly select consensus protocols for their blockchain. To aid researchers and practitioners, this paper offers guidelines for choosing the right blockchain for specific purposes and highlights open research areas and lessons learned from past blockchain applications in collaborative cybersecurity, encouraging further exploration in this field.

Cryptography and Security

Karen Yeung

DOI: https://doi.org/10.2196/24109

2021-12-20

Abstract:Background: Academic literature highlights blockchain's potential to transform health care, particularly by seamlessly and securely integrating existing data silos while enabling patients to exercise automated, fine-grained control over access to their electronic health records. However, no serious scholarly attempt has been made to assess how these technologies have in fact been applied to real-world health care contexts. Objective: The primary aim of this paper is to assess whether blockchain's theoretical potential to deliver transformative benefits to health care is likely to become a reality by undertaking a critical investigation of the health care sector's actual experience of blockchain technologies to date. Methods: This mixed methods study entailed a series of iterative, in-depth, theoretically oriented, desk-based investigations and 2 focus group investigations. It builds on the findings of a companion research study documenting real-world engagement with blockchain technologies in health care. Data were sourced from academic and gray literature from multiple disciplinary perspectives concerned with the configuration, design, and functionality of blockchain technologies. The analysis proceeded in 3 stages. First, it undertook a qualitative investigation of observed patterns of blockchain for health care engagement to identify the application domains, data-sharing problems, and the challenges encountered to date. Second, it critically compared these experiences with claims about blockchain's potential benefits in health care. Third, it developed a theoretical account of challenges that arise in implementing blockchain in health care contexts, thus providing a firmer foundation for appraising its future prospects in health care. Results: Health care organizations have actively experimented with blockchain technologies since 2016 and have demonstrated proof of concept for several applications (use cases) primarily concerned with administrative data and to facilitate medical research by enabling algorithmic models to be trained on multiple disparately located sets of patient data in a secure, privacy-preserving manner. However, blockchain technology is yet to be implemented at scale in health care, remaining largely in its infancy. These early experiences have demonstrated blockchain's potential to generate meaningful value to health care by facilitating data sharing between organizations in circumstances where computational trust can overcome a lack of social trust that might otherwise prevent valuable cooperation. Although there are genuine prospects of using blockchain to bring about positive transformations in health care, the successful development of blockchain for health care applications faces a number of very significant, multidimensional, and highly complex challenges. Early experience suggests that blockchain is unlikely to rapidly and radically revolutionize health care. Conclusions: The successful development of blockchain for health care applications faces numerous significant, multidimensional, and complex challenges that will not be easily overcome, suggesting that blockchain technologies are unlikely to revolutionize health care in the near future.