« All Events

  • This event has passed.

Demo webinar on Blockchain Secure Data Sharing

11/07/2023 @ 10:30 am 12:30 pm

ASSURED CyberSecurity and Insider Threats: Blockchain-Empowered Mobile Edge Intelligence for Secure and Sustainable Computing

The notion of trust refers to the degree of confidence that the users and stakeholders can have that the system operates as expected with regards to the entire spectrum of the entire application stack of the device, including both configuration behavior and operational behavior, as defined by the administrators. In other words, user trust on the behavior of a system is a measure of confidence, and the degree to which the system fulfils the requirements of the users and stakeholders with regards to security and privacy can be seen as a measure of their confidence level in the entire system. Since this is a core requirement and a major building block in modern supply chains and service graph chains, a level of confidence in the system translates by default to the measure of confidence of the user in the outcome of the system, therefore increasing end user adoption, and increasing the adoption and the trust of the user in all the services and technological advancements that exist in a cyber society. This is a core vision of the EU, which also lies within the heart of ASSURED.

Compounding this issue of trust, ASSURED involves the use of dynamically adaptable policies, lightweight crypto primitives and secure data storage to ensure highly secure data access, sharing, and storage in a decentralized manner. To this end, a Blockchain infrastructure is envisioned and implemented, which defines a security process pipeline that aims to achieve the desired trustworthiness levels for the entire system, while enabling secure, reliable and privacy-preserving extraction and sharing of knowledge and attestation-related data. 

ASSURED also provides the advanced design and implementation of a TPM-based Wallet, which enables the management of all necessary cryptographic material to support a wide range of secure and lightweight on-chain interactions, such as reading data, reading attestation policies deployed on the ledger, recording data on the ledger, recording attestation results, and performing queries on stored data. To capture fine-grained on/off chain access control, ASSURED delivers the Attribute-Based Access Control (ABAC) scheme, which provides access to a data set stored on the Blockchain to devices that can verifiably demonstrate a “credential” containing the appropriate attributes.

The adaptable polices employed in ASSURED in order to perform access control were obtained by combining an Attribute Based Encryption (ABE) scheme with specific access controls, deployed in the form of smart contracts. While secure data sharing is also a vital objective of ASSURED, various challenges arise with regards to data handling through the Blockchain. Specifically, raw attestation data (whether it is encrypted or not) cannot be stored on the Blockchain, because the quickly growing data size can cause severe performance issues to the infrastructure hosting the Blockchain. To address this issue, only the pointer of the data, is stored on the Blockchain ledger. Storing pointers to the encrypted data can provide data authenticity and traceability. The encrypted data is then must be stored securely off-chain. To this end, an ASSURED Elastic Off-Chain Data Storage Engine has been deployed. It is evident that storing information as encrypted data in a decentralized manner is beneficial in terms of security and privacy. However, this poses a problem when a user, different from the data owner, wants to search for a specific data set, as the data is encrypted. The dynamic searchable symmetric encryption (DSSE) scheme can address this problem, by allowing querying operations on the encrypted data without the need to perform decryption of the data. In general, DSSE is provided by a trusted third party application, which cannot be considered as honest, as it can try to learn the relation between the results of the searches. Moreover, the results can be corrupted or denied.

All these security primitives will be presented in the fourth ASSURED webinar that will be focusing on the novel design of a mixture of protocols targeting the secure and privacy-preserving data sharing through policy-compliant Blockchain infrastructures. This property allows the participants to verify and audit transactions independently, and allows for the creation of a highly secure storage architecture that enables privacy-preserving transactions between the participants, without the requirement for a central authority that ensures the consistency of records. All produced mechanisms cover the entire lifecycle of shared data; i.e., for their secure and auditable data sharing to their secure storage and efficient querying even if they are encrypted.

The webinar will be held remotely on Tuesday, July 11th between 10:30 – 12:30 CEST with the help of Ubitech and TU Delft.

AGENDA

Dimitris Karras, UBITECH

This talk will provide an overview on the core activities that have been performed in the context of ASSURED towards the creation of secure and privacy-preserving data sharing mechanisms based on the use of lightweight crypto primitives. Particular focus will be given on the entire architecture listing the core pillars (remote attestation of properties, dynamic real-time risk assessment, and enforcement of self-learning adaptable policies) that have been investigated towards enabling an SoS to withstand an even prolonged siege by a pre-determined attacker with known or unknown capabilities. As the system can dynamically adapt to its security and safety state.

Slides available here.

Kaitai Liang, TU Delft

This talk will provide an overview on the core design of the ASSURED blockchain. A general blockchain architecture will be introduced in the beginning to illustrate the interactions of various blockchain components. Following that, the main technical components, namely, ABAC, ABE and DSSE, will be presented to the audience. Specifically, for each component, you may expect to understand its mechanisms, workflow, and its connections with other entities within the ASSURED Blockchain framework.

Slides available here.

Stefanos Vasileiadis, Alexandros Sampanis, UBITECH

This talk will provide details on the latest efforts of ASSURED towards extending the decentralized user-centric identity management framework by building an open source library that can be added as an extension to any SSI wallet on the Holder side to enable the use of hardware-based keys. This offers the possibility to bind Verifiable Credentials (VCs) to the wallet of the holder and transfer the root of trust of the SSI ecosystem purely to the digital wallet by considering an underlying Trusted Component as part of the wallet, without making any assumptions on the trustworthiness of the other layers. This enables digital identity wallets to align with emerging regulations and standards like eIDAS that require higher level of assurances for services.

Slides available here.

Alexandros Sampanis, Vassilis Filiopoulos, UBITECH

The practical and implemented ASSURED Blockchain platform will be demonstrated in this talk. The audience can witness that how the core components, ABAC, ABE and DSSE, work and perform in the real-life context.

Q&A session about the webinar.