Chao Wu,Liyi Zhou,Chulin Xie,Yuhang Zheng,Jiawei Yu

DOI: https://doi.org/10.1007/978-3-030-28061-1_30

2019-01-01

Abstract:Data quality is a bottleneck for efficient machine-to-machine communication without human intervention in Industrial Internet of Things (IIoT). Conventional centralised data quality management (DQM) approaches are not tamper-proof. They require trustworthy and highly skilled intermediation, and can only access and use data from limited data sources. This does not only impacts the integrity and availability of the IIoT data, but also makes the DQM process time and resource consuming. To address this problem, a blockchain based DQM platform is proposed in this paper, which aims to enable tampe-rproof data transactions in a decentralised and trustless environment. To fit for different quality requirements, our platform supports customisable smart contracts for quality assurance. And to improve our platform's performance, we discuss and analyze different distributed ledger technologies.

Cui Yan-Li,Zhang Xing

DOI: https://doi.org/10.1109/fitme.2009.68

2009-01-01

Abstract:During the realizing process of remote attestation, except for using trusted computing technology to protect physical security, storage security and operation security of certifier, cipher mechanism need to be combined to ensure the credibility of attestation method of certifier. This paper designs an attestation method model of property remote attestation, and applies the authentication and access control logic technology to make formal description for the participants of attestation method of property remote attestation, and finally prove the credibility of attestation method. Paper's research conclusion proves, after increasing the authority of certificate and trusted property certificate, the credibility of property remote attestation method can be guaranteed among the computing environment applying the public key infrastructure participates.

Xueying Zeng,Youquan Xian,Chunpei Li,Zhengdong Hu,Aoxiang Zhou,Peng Liu

2024-11-18

Abstract:Blockchain technology ensures secure and trustworthy data flow between multiple participants on the chain, but interoperability of on-chain and off-chain data has always been a difficult problem that needs to be solved. To solve the problem that blockchain systems cannot access off-chain data, oracle is introduced. However, existing research mainly focuses on the consistency and integrity of data, but ignores the problem that oracle nodes may be externally attacked or provide false data for selfish motives, resulting in the unresolved problem of data accuracy. In this paper, we introduce a new Decentralized Testing architecture (DecTest) that aims to improve data accuracy. A blockchain oracle random secret testing mechanism is first proposed to enhance the monitoring and verification of nodes by introducing a dynamic anonymized question-verification committee. Based on this, a comprehensive evaluation incentive mechanism is designed to incentivize honest work performance by evaluating nodes based on their reputation scores. The simulation results show that we successfully reduced the discrete entropy value of the acquired data and the real value of the data by 61.4%.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Zeshun Shi,Jeroen Bergers,Ken Korsmit,Zhiming Zhao

DOI: https://doi.org/10.48550/arXiv.2207.00370

2022-07-01

Cryptography and Security

Abstract:Data tampering is often considered a severe problem in industrial applications as it can lead to inaccurate financial reports or even a corporate security crisis. A correct representation of data is essential for companies' core business processes and is demanded by investors and customers. Traditional data audits are performed through third-party auditing services; however, these services are expensive and can be untrustworthy in some cases. Blockchain and smart contracts provide a decentralized mechanism to achieve secure and trustworthy data integrity verification; however, existing solutions present challenges in terms of scalability, privacy protection, and compliance with data regulations. In this paper, we propose the AUtomated and Decentralized InTegrity vErification Model (AUDITEM) to assist business stakeholders in verifying data integrity in a trustworthy and automated manner. To address the challenges in existing integrity verification processes, our model uses carefully designed smart contracts and a distributed file system to store integrity verification attributes and uses blockchain to enhance the authenticity of data certificates. A sub-module called Data Integrity Verification Tool (DIVT) is also developed to support easy-to-use interfaces and customizable verification operations. This paper presents a detailed implementation and designs experiments to verify the proposed model. The experimental and analytical results demonstrate that our model is feasible and efficient to meet various business requirements for data integrity verification.

Wei Lin,Heng Chuan Tan,Binbin Chen,Fan Zhang

DOI: https://doi.org/10.1109/dsn58367.2023.00044

2023-01-01

Abstract:Programmable logic controllers (PLCs) are vulnerable to malware, which is a key security risk for Industrial Control Systems (ICSs). Existing attestation solutions are invasive because they require hardware security modules and software upgrades in legacy devices. We propose DNAttest, a Digital-twin-based Noninvasive Attestation solution to attest PLC behaviors in near-real time. DNAttest requires minimal ICS infrastructure changes and does not interfere with normal ICS operations. DNAttest detects PLC deviations by replicating all input messages for a PLC to its digital twin and comparing their output messages. Due to transient uncertainty in the PLC's internal processing state, DNAttest may output an incorrect comparison. To generate all plausible output values for comparison, we instantiate multiple emulated PLCs by replicating input messages with different timing profiles. We demonstrate on a close-to-real-world power grid testbed that DNAttest can provide a timely detection of a wide range of attacks non-invasively and accurately. DNAttest solution is lightweight and scalable. A typical desktop PC can attest more than 20 actual PLCs even if we use 10 emulators to monitor every actual PLC.

Jingya Dong,Chunhe Song,Yong Sun,Tao Zhang

DOI: https://doi.org/10.1109/tifs.2023.3318961

IF: 7.231

2023-10-10

IEEE Transactions on Information Forensics and Security

Abstract:Blockchain, which originated with the Bitcoin system, has drawn intense attention because of its decentralization, persistence, and anonymity. The execution environment of blockchain is isolated from the external world and requires "blockchain oracles": agents that fetch information from the outside world. However, there is always the risk of oracles providing corrupt, malicious, or inaccurate data. To overcome this issue, this paper analyses the existing oracle working patterns, then introduces a decentralized autonomous oracle network (DAON) and its consensus protocol and noninteractive reputation maintenance and payment scheme. Meanwhile, the reputation and security monitoring services of DAON are designed to ensure the DAON provide trustworthy data services in a complex byzantine environment. The proposed method is verified by experiments on three applications. Using the proposed network, smart contracts on future blockchains could have reliable, tamper-proof inputs and outputs.

computer science, theory & methods,engineering, electrical & electronic

Andrea Canciani,Claudio Felicioli,Fabio Severino,Domenico Tortola

2023-06-03

Abstract:Every digital process needs to consume some data in order to work properly. It is very common for applications to use some external data in their processes, getting them by sources such as external APIs. Therefore, trusting the received data becomes crucial in such scenarios, considering that if the data are not self-produced by the consumer, the trust in the external data source, or in the data that the source produces, can not always be taken for granted. The most used approach to generate trust in the external source is based on authenticated data structures, that are able to authenticate the source when queried through the generation of proofs. Such proofs are useful to assess authenticity or integrity, however, an external user could also be interested in verifying the data history and its consistency. This problem seems to be unaddressed by current literature, which proposes some approaches aimed at executing audits by internal actors with prior knowledge about the data structures. In this paper, we address the scenario of an external auditor with no data knowledge that wants to verify the data history consistency. We analyze the terminology and the current state of the art of the auditable data structures, then we will propose a general framework to support external audits from both internal and external users.

Distributed, Parallel, and Cluster Computing,Cryptography and Security,Data Structures and Algorithms

Amir Dirin,Ian Oliver,Teemu H Laine

DOI: https://doi.org/10.3390/s23177532

2023-08-30

Abstract:The trustworthiness of a system is not just about proving the identity or integrity of the hardware but also extends to the data, control, and management planes of communication between devices and the software they are running. This trust in data and device integrity is desirable for Internet of Things (IoT) systems, especially in critical environments. In this study, we developed a security framework, IoTAttest, for building IoT systems that leverage the Trusted Platform Module 2.0 and remote attestation technologies to enable the establishment of IoT devices' collected data and control plan traffic integrity. After presenting the features and reference architecture of IoTAttest, we evaluated the privacy preservation and validity through the implementation of two proof-of-concept IoT applications that were designed by two teams of university students based on the reference architecture. After the development, the developers answered open questions regarding their experience and perceptions of the framework's usability, limitations, scalability, extensibility, potential, and security. The results indicate that IoTAttest can be used to develop IoT systems with effective attestation to achieve device and data integrity. The proof-of-concept solutions' outcomes illustrate the functionalities and performance of the IoT framework. The feedback from the proof-of-concept developers affirms that they perceived the framework as usable, scalable, extensible, and secure.

Swapna Krishnakumar Radha,Andrey Kuehlkamp,Jarek Nabrzyski

DOI: https://doi.org/10.5121/csit.2024.141910

2024-12-02

Abstract:Attestation of documents like legal papers, professional qualifications, medical records, and commercial documents is crucial in global transactions, ensuring their authenticity, integrity, and trustworthiness. Companies expanding operations internationally need to submit attested financial statements and incorporation documents to foreign governments or business partners to prove their businesses and operations' authenticity, legal validity, and regulatory compliance. Attestation also plays a critical role in education, overseas employment, and authentication of legal documents such as testaments and medical records. The traditional attestation process is plagued by several challenges, including time-consuming procedures, the circulation of counterfeit documents, and concerns over data privacy in the attested records. The COVID-19 pandemic brought into light another challenge: ensuring physical presence for attestation, which caused a significant delay in the attestation process. Traditional methods also lack real-time tracking capabilities for attesting entities and requesters. This paper aims to propose a new strategy using decentralized technologies such as blockchain and self-sovereign identity to overcome the identified hurdles and provide an efficient, secure, and user-friendly attestation ecosystem.

Cryptography and Security

Wu Luo,Wei Liu,Yang Luo,Anbang Ruan,Qingni Shen,Zhonghai Wu

DOI: https://doi.org/10.1109/trustcom.2016.0058

2016-01-01

Abstract:In recent years, the rapid development of virtualization and container technology brings unprecedented impact on traditional IT architecture. Trusted Computing devotes to provide a solution to protect the integrity of the target platform and introduces a virtual TPM to adapt to the challenges that virtualization brings. However, the traditional integrity measurement solution and remote attestation has limitations due to the challenges such as large of measurement and attestation cost and overexposure of configurations details. In this paper, we propose the Partial Attestation Model. The basic idea of Partial Attestation Model is to reconstruct the Chain of Trust by dividing them into several separated ones. Our model therefore enables the challenger to attest the specified security requirements of the target platform, instead of acquiring and verifying the complete detailed configurations. By ignoring components not related to the target requirements, our model reduces the attestation costs. In addition, we further implement an attestation protocol to prevent overexposure of the target platform's configuration details. We build a use case to illustrate the implementation of our model, and the evaluations on our prototype show that our model achieves better efficiency than the existing remote attestation scheme.

Yilei Wang,Zhaojie Wang,Guoyu Yang,Shan Ai,Xiaoyu Xiang,Chang Chen,Minghao Zhao

DOI: https://doi.org/10.1016/j.dcan.2021.10.002

IF: 6.348

2021-10-01

Digital Communications and Networks

Abstract:Blockchain provides a reliable and scalable method for enabling source-tracing functionality in large-scale Internet of Things (IoT) systems. Traditional blockchain-based source tracing applications are generally based on the hypothesis that raw data collected by each IoT node are credible and consistent, which however may not always be the truth. As no mechanisms ensuring the reliability of the original data collected from the IoT devices, these data may be accidentally screw up or maliciously tampered with before they are uploaded on-chain. To address this issue, we propose the multi-dimensional certificates of origin (MCO) method to filter out the potentially incredible data, to all the data uploaded to the chain is credible; and to achieve this, we devise the multi-dimensional information cross-verification (MICV) and multi-source data matching calculation (MDMC) methods-MICV verifies whether a to-be-uploaded datum is consistent or credible, and MDMC determines which data should be discarded and which data should be kept, to retain the most likely credible/untempered ones in the circumstance when data inconsistency appears. Large-scale experiments show that our scheme ensures on-chain and data off the chain credibility with affordable overhead.

telecommunications

Yinjie Zhao,Xin Kang,Tieyan Li,Cheng-Kang Chu,Haiguang Wang

DOI: https://doi.org/10.48550/arXiv.2201.02358

2022-01-07

Abstract:With the rapid development of blockchain technology in recent years, all kinds of blockchain-based applications have emerged. Among them, the decentralized finance (DeFi) is one of the most successful applications, which is regarded as the future of finance. The great success of DeFi relies on the real-world data which is not directly available on the blockchain. Besides, due to the deterministic nature of blockchain,the blockchain cannot directly obtain in-deterministic data from the outside world (off-chain). Thus, oracles have appeared as a viable solution to feed off-chain data to blockchain applications. In this paper, we carryout a comprehensive study on oracles, especially on DeFi oracles. We first briefly introduce the application scenarios of DeFi oracles, and then we talk about the past of DeFi oracles by categorizing them into several types based on their design features. After that, we introduce five popular DeFi oracles currently in use(such as Chainlink and Band Protocol), with the focus on their system architecture, data validation process,and their incentive mechanisms. We compare these present DeFi oracles from their data trustworthiness,data source trustworthiness and their overall trust models. Finally, we propose a set of metrics for designing trustworthiness DeFi oracles, and propose a potential trust architecture and a few promising techniques for building trustworthiness oracles.

Cryptography and Security

Zhiyuan Wang,Mingan Gao,Gehao Lu

DOI: https://doi.org/10.3390/s24020502

IF: 3.9

2024-01-14

Sensors

Abstract:In the realm of IoT sensor data security, particularly in areas like agricultural product traceability, the challenges of ensuring product origin and quality are paramount. This research presents a novel blockchain oracle solution integrating an enhanced MTAS signature algorithm derived from the Schnorr signature algorithm. The key improvement lies in the automatic adaptation of flexible threshold values based on the current scenario, catering to diverse security and efficiency requirements. Utilizing the continuously increasing block height of the blockchain as a pivotal blinding parameter, our approach strengthens signature verifiability and security. By combining the block height with signature parameters, we devise a distinctive signing scheme reliant on a globally immutable timestamp. Additionally, this study introduces a reliable oracle reputation mechanism for monitoring and assessing oracle node performance, maintaining both local and global reputations. This mechanism leverages smart contracts to evaluate each oracle's historical service, penalizing or removing nodes engaged in inappropriate behaviors. Experimental results highlight the innovative contributions of our approach to enhancing on-chain efficiency and fortifying security during the on-chain process, offering promising advancements for secure and efficient IoT sensor data transmission.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Han Wang,Xu An Wang,Shuai Xiao,JiaSen Liu

DOI: https://doi.org/10.1007/s12652-020-02432-x

IF: 3.662

2020-08-06

Journal of Ambient Intelligence and Humanized Computing

Abstract:The rapid popularization of cloud computing and ultra-high-speed Internet has promoted the vigorous development of data sharing and collaborative office, especially in Big Data and AI. Aiming at protecting the security of users' data, researchers developed PDP scheme to verify data. However, existing schemes all rely on semi-trusted Third Party Auditor (TPA) or group management to store verification information. In order to solve this problem, we propose a distributed data integrity audit scheme based on blockchain. This scheme provides a brand-new method, which allows customers to store data safely without relying on any specific TPA and protect users' privacy at a lower cost. For the new concept, this paper points out the problems of the existing scheme and puts forward system model and security model. Then, a decentralized data integrity audit scheme using blockchain is designed. The proposed private PDP scheme based on blockchain is provably secure. At the same time, the security analysis and efficiency analysis show that the proposed PDP scheme is safe, efficient and practical.

computer science, information systems,telecommunications, artificial intelligence

Boyu Kuang,Anmin Fu,Lu Zhou,Willy Susilo,Yuqing Zhang

DOI: https://doi.org/10.1016/j.cose.2020.101945

2020-10-01

Abstract:<p>Remote attestation is an excellent approach to confirm the security states of Internet of Things (IoT) devices. It allows an entity (<em>verifier</em>) to validate the integrity of a potentially compromised platform (<em>prover</em>). Most of the current attestation schemes are static, which verify only the software integrity of devices. Recently, some runtime attestation schemes based on the Control Flow Graph (CFG) of the program have been proposed to collect the runtime information. However, the algorithm for constructing CFG only focuses on the rationality of the programs' control flow, and ignores the possibility that attackers could compromise the control flow of the device by modifying key data. Some mitigation of runtime exploitation technologies take into account the Unique Code Target (UCT) property of control flow, but there are limitations to their algorithms abilities to find out the constraining data. In this paper, we present a Data-Oriented Control Flow Graph (DO-CFG) that can match a single legitimate target for each control-flow transfer, which guarantees both the rationality and the full uniqueness of programs' control flow. Furthermore, we propose a Data-Oriented Runtime Attestation (DO-RA) scheme based on DO-CFG. It collects some critical non-control data to enhance the detection ability of the attestation scheme, which further ensures the uniqueness of the control flow. We also present a detailed proof-of-concept implementation and analyze our protocol based on Raspberry Pi. We simulate several real applications to evaluate the security and performance of DO-RA, which demonstrates that our scheme provides a more comprehensive detection capability within an acceptable overhead.</p>

computer science, information systems

Shanshan Li,Chunxiang Xu,Yuan Zhang,Yicong Du,Anjia Yang,Xinsheng Wen,Kefei Chen

DOI: https://doi.org/10.1109/jiot.2023.3285939

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:This paper analyzes existing smart contract-based public data integrity verification schemes and identifies certain weaknesses. First, the fair arbitration mechanism deployed in these schemes fails to meet the users’ requirements as it may not promptly notify users of data corruption or loss. Second, to ensure outsourced data confidentiality, existing data integrity schemes use a conventional encrypted method, where each user randomly selects a key to encrypt the outsourced data. Such a method results in varying ciphertexts for the same data by different users, leading to additional storage costs for the cloud server. Third, users’ devices, if poorly designed or even intentionally backdoored, can potentially exfiltrate secrets and compromise the security of schemes. To address these issues, we propose the first backdoor-resistant public data integrity verification scheme based on smart contracts (ASSIST). The key idea is to introduce a new entity (a whistleblower) to periodically monitor the state of verification results recorded in the blockchain. This allows for timely notification of data corruption to users. ASSIST requires users to encrypt their data with a cryptographic primitive called message-locked encryption (MLE), which motivates different users to produce the same ciphertext for the same data and reduces storage costs for cloud servers. We also deploy a cryptographic reverse firewall between users’ devices and the external to re-randomize interactive messages, making the exfiltration impossible. We provide rigorous security proofs to demonstrate the security of ASSIST. The performance evaluation shows that ASSIST is efficient regarding computation and communication costs.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yang Xu,Cheng Zhang,Guojun Wang,Zheng Qin,Quanrun Zeng

DOI: https://doi.org/10.1109/tetc.2020.3005610

2021-07-01

IEEE Transactions on Emerging Topics in Computing

Abstract:Since network storage services achieve widespread adoption, security and performance issues are becoming primary concerns, affecting the scalability of storage systems. Countermeasures like data auditing mechanisms and deduplication techniques are widely studied. However, the existing data auditing mechanism with deduplication cannot solve the problems such as high cost and reliance on trusted third parties in traditional approaches, and it also faces the problem of repeated auditing of data shared by multiple-tenant. This article proposes a blockchain-based deduplicatable data auditing mechanism. We first design a client-side data deduplication scheme based on bilinear-pair techniques to reduce the burden on users and service providers. On this basis, we achieve a trustworthy and efficient data auditing mechanism that helps to check data integrity by using both the blockchain technique and bilinear pairing cryptosystem. The blockchain system is used to record the behaviors of entities in both data outsourcing and auditing processes so that the corresponding immutable records can be used to not only ensure the credibility of audit results but also help to monitor unreliable third-party auditors. Finally, theoretical analysis and experiments reveal the effectiveness and performance of our scheme.

computer science, information systems,telecommunications

Dongdong Yue,Ruixuan Li,Yan Zhang,Wenlong Tian,Yongfeng Huang

DOI: https://doi.org/10.1016/j.jpdc.2020.06.007

IF: 4.542

2020-12-01

Journal of Parallel and Distributed Computing

Abstract:<p>With the popularity of the Internet of Things (IoT), data integrity verification in the edge cloud storage attracts attentions from many researchers. Due to the over dependence of the Third Party Auditor (TPA) and the dynamical nature of the IoT data, the traditional data integrity verification framework for cloud storage can hardly work. To satisfy the characteristics of the IoT and avoid the over dependence of the TPA, we propose a blockchain-based framework without TPA for data integrity verification in a decentralized edge-cloud storage (ECS) scenario in this paper. In our framework, we employ the Merkle tree with random challenging numbers for data integrity verification and analyze different Merkle tree structures to optimize the system performance. To solve the problem of limited resources and high real-time requirements, we further propose sampling verification and develop rational sampling strategies to make sampling verification more effective. The overhead and precision of the verification in ECS are studied by an optimal sample size strategy. Finally, a prototype system is implemented based on our framework and we conduct a series of experiments to evaluate the effectiveness of the proposed schemes. The experimental results show that our schemes can effectively improve the performance of data integrity verification.</p>

computer science, theory & methods

Hong Lei,Zijian Bao,Qinghao Wang,Yongxin Zhang,Wenbo Shi

DOI: https://doi.org/10.1007/978-981-15-9213-3_21

2020-01-01

Abstract:With the continuous growth of data resources, outsourcing data storage to cloud service providers is becoming the norm. Unfortunately, once data are stored on the cloud platform, they will be out of data owners’ control. Thus, it is critical to guarantee the integrity of the remote data. To solve this problem, researchers have proposed many data auditing schemes, which often employ a trusted role named Third Party Auditor (TPA) to verify the integrity. However, the TPA may not be reliable as expected. For example, it may collude with cloud service providers to hide the fact of data corruption for benefits. Blockchain has the characteristics of decentralization, non-tampering, and traceability, which provides a solution to trace the malicious behaviors of the TPA. Moreover, Intel SGX, as the popular trusted computing technology, can be used to protect the correctness of the auditing operations with a slight performance cost, which excellently serves as the of the blockchain-based solution. In this paper, we propose a secure auditing scheme based on the blockchain and Intel SGX technology, termed SDABS. The scheme follows the properties of storage correctness, data-preserving, accountability, and anti-collusion. The experiment results show that our scheme is efficient.

Qian Wang,Cong Wang,Kui Ren,Wenjing Lou,Jin Li

DOI: https://doi.org/10.1109/tpds.2010.183

IF: 5.3

2010-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Cloud Computing has been envisioned as the next-generation architecture of IT Enterprise. It moves the application software and databases to the centralized large data centers, where the management of the data and services may not be fully trustworthy. This unique paradigm brings about many new security challenges, which have not been well understood. This work studies the problem of ensuring the integrity of data storage in Cloud Computing. In particular, we consider the task of allowing a third party auditor (TPA), on behalf of the cloud client, to verify the integrity of the dynamic data stored in the cloud. The introduction of TPA eliminates the involvement of the client through the auditing of whether his data stored in the cloud are indeed intact, which can be important in achieving economies of scale for Cloud Computing. The support for data dynamics via the most general forms of data operation, such as block modification, insertion, and deletion, is also a significant step toward practicality, since services in Cloud Computing are not limited to archive or backup data only. While prior works on ensuring remote data integrity often lacks the support of either public auditability or dynamic data operations, this paper achieves both. We first identify the difficulties and potential security problems of direct extensions with fully dynamic data updates from prior works and then show how to construct an elegant verification scheme for the seamless integration of these two salient features in our protocol design. In particular, to achieve efficient data dynamics, we improve the existing proof of storage models by manipulating the classic Merkle Hash Tree construction for block tag authentication. To support efficient handling of multiple auditing tasks, we further explore the technique of bilinear aggregate signature to extend our main result into a multiuser setting, where TPA can perform multiple auditing tasks simultaneously. Extensive security and performance analysis show that the proposed schemes are highly efficient and provably secure.