At IRT SystemX, we are working on the security and privacy aspects of Blockchain as a one specialized domain. The concept of a blockchain originated with the invention of the Bitcoin cryptocurrency in 2008. A blockchain is a specific way of implementing distributed ledger technology. The transparent and decentralized nature of the blockchain network enables the development of a non-refutable, and unbreakable record of data, which is the fundamental feature to many applications, such as insurance, finance, fraud detection, copyright protection, smart contracts, identity management, ecommerce and healthcare. The usual security features for such systems are privacy (protection from eavesdropping), authenticity (user identification and message integrity), and the prevention of later denying have performed a transaction.
Identification, Certification, and Reputations are the well-known studied research problems in security and privacy appearance of Blockchain.
Identification in Blockchain
The broad consensus of the identification service should be decentralized, enforce information integrity, be resilient to attack, and that the individual user should be the ultimate owner and sovereign controller of their own identity credentials. Self-sovereign identity approach decentralizes data and computation and pushes them to the edges, where it is less economically valuable to hackers because it would require a lot of effort to hack many individual identities one-by-one. Self-sovereign identity is requiring not just the interoperability of a user’s identity across multiple locations, with the user’s consent, but also true user control of that digital identity, creating user autonomy.
Certification in Blockchain
The security of the certification systems largely relies on certificate authorities (CAs), who make a business out of certifying the authenticity of sites’ public keys. The third-parties such as DNS registrars, ICANN, X.509 Certificate Authorities (CAs), and social media companies are responsible for the creation and management of online certification and the secure communication between them. These centralized service risks being a single point of failure in the case of fraud or cyber-attack. Also, this design has demonstrated serious usability and security shortcomings. Some of these failures have led to man-in-the middle (MitM) attacks, allowing the interception of communication with popular sites such as Google, Microsoft Live, Skype, and Yahoo. So, we need to develop a certification system with the utilization of the properties of privacy and security on Blockchain.
Reputation in Blockchain
This mechanism has emerged as an important risk management solution to solve trust problems in online communities. The basic idea of the reputation mechanism is to let consumers evaluate services and feedback the rating to the reputation system after the completion of an interaction, and the reputation system use the aggregated ratings to derive a reputation score, which can in turn assist other consumers in deciding whether or not to interact with the specific service in future. We are trying to find a solution:
- By which individuals in decentralized network get the anonymous and untraceable identity.
- Individual access services in decentralized network using the same identity with number of service providers. Additionally, we are also trying to achieve untraceable and unlinkable identity.
- Decentralized certification system which utilized as a universal certificate to authenticate the user. This certification system should achieve the properties of privacy and security. There is challenge of key management in decentralized network due to utilization of cryptosystems.
- Decentralized reputation management system.
Anonymous (unlinkable and untraceable) identification, certification and reputation are the real challenges in Blockchain. These are revolutionary concepts that have been disrupting the financial world and now different areas of society, as developers and tech entrepreneurs realize that it can be used almost in everything.
Kalpana is working as an Information security research engineer at IRT SystemX since September, 2017. She did her PostDoc at CEA, France. She completed her Ph.D at Deakin University, Australia. Her academic record is laden with First class throughout. She has been teaching successfully at Department of Computer Science and Information Technology, GLA University India. She has a number of research publications to the credit in reputed journals and conferences in the area of cryptography and Information Security.