1

Blockchain for E-Governance and Other Applications

Sandeep K. Shukla Interdisciplinary Center for Cyber Security and Cyber Defence of Critical Infrastructure Indian Institute of Technology Kanpur

Email: sandeeps@cse.iitk.ac.in URL: https://security.cse.iitk.ac.in

2

What problems we are addressing?• Who accessed your Aadhaar biometrics? • Who accesses your health data? • Who accessed your Tax data? • Did the privileged users of your IT system change your files or

data? • GST input tax credit fiasco — can Blockchain solve the delays? • Supply Chain logistics and tracking provenance of components • Is it possible to have secure e-voting? • Securing IoT infrastructure for Critical Infrastructure? • PKI infrastructure, DNS infrastructure on block chain?

3

DETECTING INSIDER ATTACKS ON DATABASES USING BLOCKCHAINS

SHUBHAM SAHAI SRIVASTAVA SHUBHAM SHARMA

RAHUL GUPTA DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING,

IIT KANPUR

PROBLEM STATEMENT : INSIDER THREAT ?

PROBLEM STATEMENT : INSIDER THREAT ?

PROBLEM STATEMENT : INSIDER THREAT ?

▸ Detection

▸ Attribution

▸ Non-Repudiation

▸ Prevention

PROBLEM STATEMENT : OARS SYSTEM

PROBLEM STATEMENT : OARS SYSTEM

PROPOSED SOLUTION : OVERVIEW

BCast

Confirmations

Push Changes

BLOCKCHAIN TRANSACTION

(Professor , Course, Grade)

Hash(Professor , Course, Grade)

Extract Columns

Hash the tuple

Digitally Sign

Broadcast

DATABASE SCHEMA MODIFICATION

1 2 … k Txnid Uid

Block n

Txn1...

Txn k

Block n+1

Txn1.

Txn a.

Txn k

Block m

Txn1...

Txn k

Unique identifier of the user issuing the query

DAPP VERIFICATION1 2 … k Txnid Uid

x y … z * *

(x,y, … , z)

Block n

Txn1...

Txn k

Block n+1

Txn1.

Txn a.

Txn k

Block m

Txn1...

Txn k

[Hash(x,y, … , z)]sign(sk)

Verify SignatureHash(x,y, … , z)

Verify Hash

Hash

Result

IMPLEMENTATION

Decentralized PKI model

Traditional PKI

• For server authentication, we use digital certificate in our Client-Server system.

• Certificates will be issued by the CAs along with keys.

• Keys can be generated by the user or it can be generated and issued by CA.

Problem with Traditional PKI

• Centralized controller.

• Trusted Third Parties are forced to issue certificate for the parties who are not deserved to get [1].

• User should worry about the security of CA. • Recall Symantec, as well as Stuxnet case

Blockchain based PKI

• Interested member has to generate its own asymmetric key pair (prk ,pbk) using any of the asymmetric key techniques and post the public key (pbk) on the public key (transaction) pool.

• Miner verifies the public key (for its constraints – key length, algorithm, etc) and include in the blocks further it is broadcasted to all the connected members.

Re-Keying

• In case any existing nodes wish to change the public key (pbk) then it can send the revised digitally signed public key (pb’k)using existing private key (prk).

• After verification of the digital signature, device able to mine the block will update the key of respective device.

Detecting the Malicious

• Attacker who guessed the private key of a party A can also change the key pair of the device.

• This process will restrict the device A to take part in the network. However, it can be detected once the block containing the modified key reaches the device A.

• To avoid this attack, updated key should not be used at least for next seven blocks mined above the key updated block.

• The updated key containing block will reach all the device with in seven next blocks constructed over it.

Communication

• Asymmetric algorithms are mainly used for secure key sharing not for secure messaging.

• Once the public key is shared with the blockchain network, any party/device wish to communicate with other device can securely exchange the symmetric key.

• Both devices can negotiate for the key size, symmetric algorithms, etc. similar to Secure Socket Layer (SSL) and share the key securely using the shared public keys.

No Third Party• Blockchain based PKI allows every member

to create their own key pair as per requirement and re-create whenever required.

• Private key is only with the owner not with any other third parties.

• For backup, members can share parts of the key with multiple users and derive it whenever required.

Challenges

• Emercoin[1] based on blockchain provides the pub l ic key in f ras t ructure in coordination with the OpenSSH.

• However authentication of a member while adding the public key in the block is a open challenge.

Blockchain and IoT

• IBM and Samsung • ADEPT

• Guard2me and Instrinsic-ID • Alliance on IoT (KSI and PUF)

• Slock.it and RWE • BlockCharge

• Chronicled.com • IITK and IIITA -- EtherIoT

24

ADEPT• Decentralize the IoT configuration and control to address

• Cost • Scalability • Longevity • Privacy and Security

• Use Ethereum smart contracts • Manage own consumable supplies • Servicing appointments • Maintenance alerts • Communicate with peer devices with security

• Technology used • P2P encrypted messaging (TeleHash) • Distributed File Sharing (BitTorrent) • Decentralized programming language for Blockchain (Ethereum)

https://www.coindesk.com/ibm-reveals-proof-concept-blockchain-powered-internet-things/

25

Alliance on IoT (KSI and PUF) • Launched by European commission • Use SRAM PUF for device identity • KSI blockchain for Data integrity and authentication • Examples cited: • e-Healthcare • IoRT (Internet of Robotic Things) • Robotic Swarm Systems • Hardening of PKI (e.g., Videri authentication Gateway)

https://guardtime.com/files/KSI%20for%20IoT%20Security%20-%20Turning%20Defence%20Into%20Offence%20-%20Guardtime%20Whitepaper.pdf

26

BlockCharge

RWE and Slock.it• RWE is a German Utility

Company • Slock.it – Blockchain Technical

Integrator • BlockCharge – EV charging and

payments via smart contracts • Authentication, auto-billing • Uses Ethereum

27

Supply Chain Logistics• Authenticity and Traceability • Supply chain management • Registration of products on the block chain • Life cycle management • Inventory

http://www.digitalistmag.com/finance/2017/08/23/how-the-blockchain-revolutionizes-supply-chain-management-05306209

28

KSI Block Chain

29

KSI and Estonia E-Governance

30

Algorand• Problems with Bitcoin and Ethereum • Consensus is expensive • 500 MW • Not well distributed

• Algorand provides a more distributed solution

31

Take Away• Block Chain is more of a platform technology • Tamper resistance • Publicly verifiable • Democratic decision making • Very suitable for E-governance with enhanced public trust • Suitable for IT and Internet governance • Further scopes — copyright enforcement, fighting fake news,

trusted election

32