SlideShare a Scribd company logo

Secure Sharing of Design Information with Blockchains

S
Sven Wohlgemuth

To defend against evolving cyberattacks, defenders alone have limitations to prevent attacks from multiple and powerful attackers. We show a new way for defenders to collaborate closely and to make the necessary security by design. Blockchains are used, and accountability occurs in such a way for incentive so that participants will comply with the rules. Intellectual property rights of individual defenders are protected, and unnecessary leakage of trade secrets and personal information can be avoided. In the mutual interaction between humans and computer, information is shared in such a way that humans correctly benefit from AI-supported machines as intelligent amplifiers. Talks @ 2018 IEICE Society Conference

Science
1 of 26
Download to read offline
© Hitachi, Ltd. 2018. All rights reserved. Secure Sharing of Design Information with Blockchains 2018年電子情報通信学会ソサイエティ大会 BS-7. Network and Service Design, Control and Management September 13th, 2018 Wohlgemuth Sven* 株式会社日立製作所 梅澤克之 湘南工科大学 寶木和夫 産業技術総合研究所 *His contribution in this paper is done when he belonged to Albert-Ludwig University Freiburg, Germany and other organizations before he joined Hitachi, Ltd. in February 2017.
© Hitachi, Ltd. 2018. All rights reserved. Now: Search with HCI 2 Personal attributes Pseudonyms, biometrics, contact details, credit card, interests, friends, medical history, belongings, and so on including vulnerability and incident reports Share subset (e.g. vulnerability/incident report) Search engine AI-capable machine • Efficiency: Scalable computing power and memory (e.g. Cloud Computing) • Effectiveness: Optimization and completeness of problem solving Problem: Who is defender or attacker?
© Hitachi, Ltd. 2018. All rights reserved. 3 Threat analysis result of analysis target system Vulnerability case 1 Safety & Security Threat Analysis Designer External Vulnerability Database Common attack pattern type and classification 共通脆弱性識別番号DB共通脆弱性識別番号DB Functional requirement analysis diagram System configuration Design info of analysis target system Vulnerability model information Vulnerability case 2 Vulnerability case 3 On the basis of the case database, vulnerability information modeled using meta info such as threat content and occurrence condition (1) Enter the design information of the analysis target system and set the attack target (2) The system refers to the vulnerability model information and performs semiautomatic threat analysis Search vulnerability candidates that match the analysis target system FT top event Pre-created Pre-registration Interactive analysis Other design information Macro AT Component database Component information Attack Case Attack success case and attack report Vulnerability case 3 Vulnerability case 1 Common vulnerability type list Common vulnerability identification number list But: Threat Analysis needs Information
© Hitachi, Ltd. 2018. All rights reserved. 4 Natural disasters cause severe disruptions on Just-In-Time production (2011 Great East Japan Earthquake on Toyota, Apple, …; 2016 Kumamoto on Toyota, Sony, Honda, …) https://www.bbc.com/news/business-36069349 Non-availability of information in IoT caused by ransomware (WannaCry) on MS Windows http://monoist.atmarkit.co.jp/mn/articles/1807/04/news042.html Information leakage of 140 million identities caused by vulnerability in Open Source Apache Struts but no reaction (Equifax) on security report https://www.scmagazine.com/equifax-twice-missed-finding- apache-struts-vulnerability-allowing-breach-to- happen/article/697693/ and more vulnerabilities … Integrity uncertain due to technological development which turns mathematical hard problems in solvable ones https://www.zdnet.com/article/ibm-warns-of-instant-breaking-of- encryption-by-quantum-computers-move-your-data-today/ Example: Supply Chains and Disruptions
© Hitachi, Ltd. 2018. All rights reserved. Agenda I. Challenge: Accountability • Reliable cryptographic key exchange • Reliable reporting for reducing vulnerabilities II. Our Way: SK4SDI – Secure Kernel 4 Security Design Information • Miners in competition for anonymized certification • Open Data on compliance to smart contracts III. Unity in Diversity • Usable HCI with AI as intelligence amplifier • Digital marketplace on compliance 5
© Hitachi, Ltd. 2018. All rights reserved. Trusted Computing Base (TCB) / Kernel I. Challenge: Accountability Object Security policy Reference monitor Audit trail Subject Access request to d, d* d, d* Grant access or deny access Enforcement of IT security protection goals (CIA): Security by Design Search engine Request: Search for d, d* Input: Design information d Output: Design information d, d* Aggregation & inference: d, d* Output: Vulnerability/incident report 6 Man in the middle attack
© Hitachi, Ltd. 2018. All rights reserved. Accountability: Digital Signature 7 Premise: IT security should depend only on access to secret cryptographic key Digital signature for integrity and non-repudiation of a message Depends on trapdoor functions: (1) Hash function, (2) hard mathematical problem, and (3) authentic exchange of cryptographic public key for verification Security policy Reference monitor (signature verification) Audit trail Subject Access request, sign(access request, sksubject) (pksubject, sksubject) Certification authority (CA) (pkCA, skCA), credentials, revocation Man in the middle attack Check certification path of pksubject Or access to (pksubject, sksubject) Shows (pk* subject, sk* subject) → Subject Success, if data breach in certification path: Certification policy Show pksubject → sksubject
© Hitachi, Ltd. 2018. All rights reserved. Certification Path (1/2) 8 CA (pkCA, skCA), credentials, revocation Personal attributes Pseudonyms, biometrics, (skAlice, pkAlice), …, and so on Including vulnerability and incident reports Certification of relationship pkAlice → Personal attributes of Alice Name: Serial number: Issued by: Issue date: Expiration: Public key: Attributes: Alice 12345678 CA 07/01/2018 07/01/2020 X a # 6 @ Usage Limits (rights...) Certificate Name: Serial number: Issued by: Issue date: Expiration: Public key: Attributes: S-Trust 08154711 CA 07/01/2017 07/01/2019 K 8 8 @ 39 Usage Limits (rights...) Certificate Vulnerabilities for data breach in a) Security model b) Implementation c) Use of implementation d) Control of basic secret
© Hitachi, Ltd. 2018. All rights reserved. Certification Path (2/2) 9 Model checking of type-safe access control policy Open source with security testing and vulnerability database Monitoring with audit trail and anonymization Hard mathematical problem Security model Implementation Use of security control Control of basic secret Requirement analysis Decidable formalization Security Engineering Assumption / procedure Data Breach: Vulnerability Optimal anonymization is a NP hard problem Centralized control with restrictions Bug Spoofing, phishing. malconfiguration, … Progress in search algorithms
© Hitachi, Ltd. 2018. All rights reserved. Data Breach Detection (IDS) 10 Policy languages: OSL, Ponder, ExPDT, EPAL, XACMLSecurity model Implementation Use of security control Control of basic secret Requirement analysis Security Engineering Observable obligations on reporting Hysteresis Digital Signature Audit Security policy Reference monitor Audit intelligence Audit trail Audit trail Search engine/ CA Audit trail incident compliant
© Hitachi, Ltd. 2018. All rights reserved. IDS and Audit Trail 11 Attack signature detection (Rule-based detection) Anomaly detection Required knowledge Knowledge about all potential attacks Complete knowledge about behavior of system/users Required configuration Continuous update of attack rules database with authentic attack rules Determine normal behavior (compliance to policy): • Collecting authentic data • Data analytics with error rate (false positives) • Continuous update of database Audit intelligence: Required information and configuration Aggregation of secure audit trails is threatened by inevitable vulnerable identities: 1. Information sharing not perfect against data breach (database without sharing can be) 2. No consensus on information with vulnerable identities
© Hitachi, Ltd. 2018. All rights reserved. Byzantine Consensus (Fault Tolerance) 12 Charlie Alice Bob 0 0 0 0 0 0 Charlie Alice Bob 0 0 1 0 1 1 0 or 1? 0 or 1? Without cryptography Digital signature Bitcoin hash chain • Tolerates 𝑡 < 𝑛 3 failed identities • No consensus for sharing security design information • Tolerates 𝑡 < 𝑛 failed identities • Assumes authentic and consistent cryptographic key exchange • Tolerates 𝑡 < 𝑛 failed identities • Byzantine consensus by competitive incentive and public ledger • No authentication ➔ Secure information sharing is a matter of trust (with competition) Objective: Majority agrees on information (consensus)
© Hitachi, Ltd. 2018. All rights reserved. Agenda I. Challenge: Accountability • Reliable cryptographic key exchange • Reliable reporting for reducing vulnerabilities II. Our Way: SK4SDI – Secure Kernel 4 Security Design Information • Miners in competition for anonymized certification • Open Data on compliance to smart contracts III. Unity in Diversity • Usable HCI with AI as intelligence amplifier • Digital marketplace on compliance 13
© Hitachi, Ltd. 2018. All rights reserved. Bitcoin-like blockchains 14 II. Our Way: SK4SDI – Secure Kernel Request: Search for d, d* Input: Design information d Trust → Enforcement of rules (policy) on information sharing  Compliance Miners … Ledger Audit trail Output: Compliance report on authentication of d, d* Output: Compliance report on authentication of d, d* Auditors Personal attributes Pseudonyms, biometrics, (skAlice, pkAlice), …, and so on including vulnerability and incident reports Personal attributes Pseudonyms, biometrics, (skBob, pkBob), …, and so on including vulnerability and incident reports d, d* Policy d, d* Policy d, d* Access d, d* Certifi cate Aggregation of provenance SK4SDI by competitive incentive and keyed hash chain
© Hitachi, Ltd. 2018. All rights reserved. 15 Personal attributes Pseudonyms, biometrics, contact details, credit card, interests, friends, medical history, belongings, and so on including security vulnerabilities and incidents IDA Context of master ID 1 ledger Liveness logID ledger ZKP guarantees anonymity Attempt to estimate additional attribute values subset Direct communication Multiple derived IDs Unique name/ledger Authentication: Compliance log Trading partner, 3rd party Discovery of security design information in marketplace a < attribute value (e.g. WebKit version) < b search market Exist? Negotiate smart contract on use Y N Our Way: Secure Search for Usable HCI
© Hitachi, Ltd. 2018. All rights reserved. Proof of Inequality 16 ProofInequality*: ZKP that a certain attribute value m is m > mr is given as follows: Δ=m-mr-1、a=1 Calculate u1, u2, u3, u4 such that Let Not limited to m > mr, the SPK can be configured similarly for another inequality. Then (Non-interactive) ZKP Parts of issuer’s public key for CL signatures Operator: ≡≻ * IBM Research Zurich Security Team, Specification of the identity mixer cryptographic library, version 2.3.40, Technical Report, IBM Research, Zurich, 2013.
© Hitachi, Ltd. 2018. All rights reserved. Proof on Accountability for Compliance 17 Proof on accountability: Secondary use of personal credentials on AAA Authentication Authorization Accounting Genesis Blinded* pkroot Policy on use pkroot Access on use pkroot Self-signed cert(pkroot) Anonymous credentials with Hysteresis Digital Signature as Open Data Proof of Inequality for search on compliance to a policy for information sharing Anonymous digital evidence relates to privacy as informational self- determination * verifiable encryption with pk_OA of Auditor OA Genesis Genesis Block 1 Block 1 Block 1
© Hitachi, Ltd. 2018. All rights reserved. III. Unity in Diversity 18 Now: Audit Intelligence for HCI • Reporting on vulnerabilities and incidents • But: Inevitable vulnerable identities In the future: With SK4SDI for Usable HCI • Reporting on enforcement of security policies • Vulnerable identities compete on compliance Expected effects: (1) Continuous improvement of security (PKI) with vulnerable identities (2) Secure Delegation of Rights on using Design Information provides digital marketplace on privacy with price discrimination Sustainable knowledge society
© Hitachi, Ltd. 2018. All rights reserved. Related Work in Standardization 19 ISO/IEC • N2768 NB proposal SP Connected devices – Proposal by US NB for a study period on Security and Privacy Baseline Controls for Connected Devices, ISO/IEC JTC 1/SC 27/WG 4, 2018. • WD(TR) 23187: Cloud computing – Interacting with cloud service partners (CSNs), ISO/IEC JTC 1/SC 27/WG 5, 2018. • ISO/NP TR 23246 WD(TR): Blockchain and distributed ledger technologies – Overview of identity, ISO/TC 307, 2018. • 27031: Cybersecurity – Information and communication technology readiness for business continuity, ISO/IEC JTC 1/SC 27/ WG 4, 2018. • WD 27035-3.2: Security techniques – Part 3: Guidelines for incident response operations, ISO/IEC JTC 1/ SC 27/ WG4, 2018. • DIS 3011 – Information technology – Security techniques – Vulnerability handling processes • WG 11 Smart City White Paper v0.4, ISO/IEC JTC 1/SC 27, 2018. Internet Engineering Task Force (IETF) • Google. Certificate Transparency, RfC 6962, IETF, 2013. • Google, Comodo CA. Certificate Transparency Version 2.0, draft-ietf-trans-rfc6962-bis-28, 2018. • S. Kent. Attack and Threat Model for Certificate Transparency, draft-ietf-trans-threat- analysis-15, 2018.
© Hitachi, Ltd. 2018. All rights reserved. Acknowledgement / 感謝の表明 20 We thank Mishina Yusuke (三科雄介さん) for his comments. This work was supported by Council for Science, Technology and Innovation (CTSI), Cross-ministerial Strategic Innovation Promotion Program (SIP), and “Cyber Security for Critical Infrastructure” (funding agency: NEDO). ありがとうございました。 sven.wohlgemuth.kd@hitachi.com
© Hitachi, Ltd. 2018. All rights reserved. Byzantine Consensus (Fault Tolerance) 25 Objective: Majority agrees on information (consensus) Charlie Alice Bob 0 0 0 0 0 0 1 0 0 0 1 0 Perfect sharing Charlie Alice Bob Charlie Alice Bob If one identity fails 0 or 1? 0 or 1? 0 0 1 0 1 10 or 1? 0 or 1?
© Hitachi, Ltd. 2018. All rights reserved. Data controller OC terminal Auditor OA terminal Data processor OH terminal Data processor OP terminal 3) Get pk_OA for CS encryption of signature record on cred issuance (authorization) 1) Request authorization for dS of OS from OC: context_(OC,OH); show cred_OH on type-safety * 2) Certify authorization for OH : issue cred_(OC,OH) on nym_OH Open Data ledger 4) Update signature record for authorization M_OH = nym_OH‖enc_OA(context_(OC,OH)‖{mj,k, k∈def}), Bj=H(Bj-1‖M_OH), S_(OC,OH) = sign_OC(Bj) 5) Generate ZKP values SPK for CL encryption of signature record by pk_OA 6) Propose (M_OH,Bj,S_(OC,OH)) and SPK for new block 7) Check as miner (M_OH,Bj,S_(OC,OH)) and SPK; add to new block Protocol: Authorization 26* OS refers to the data subject, e.g., Alice or Bob, in accordance to the context
© Hitachi, Ltd. 2018. All rights reserved. Data controller OC terminal Auditor OA terminal Data processor OH terminal Data processor OP terminal Open Data ledger 1) Request dS of Os with cred_(OCOH): context_(OH,OP) 2) Request cred_OH on type-safety 3) Show cred_OH on type-safety 4) Check validity of cred_OH and cred_(OCOH) with (M_OH,Bj,S_(CA,OH)) and SPK of CA; (M_OH,Bj,S_(OC,OH)) and SPK of OC 5) Get pk_OA for CS encryption of signature record on data provenance 6) Generate data provenance for d from OP to OH M_(OP,OH) = H(dS) || nym_OP || nym_OH‖ Bj=H(Bj-1 || M_(OP,OH) S_(OP,OH) = sign_OP(Bj) Generate ZKP values SPK for CS encryption of signature record by pk_OA 7) Propose (M_OH,Bj,S_(OC,OH)) and SPK for new block8) Check as miner (M_(OP,OH),Bj,S_(OP,OH)) and SPK; add to new block 9) dS of OS Protocol: Accounting 27* OS refers to the data subject, e.g., Alice or Bob, in accordance to the context
© Hitachi, Ltd. 2018. All rights reserved. Challenges for Security 28 CA A) Safety: Security policy for data sharing with 3rd party C) Complexity-theoretical problems become easy to solve Policy Enforcement Trust anchor No proof on data breach (identity theft) in advance Universal break of cryptographic system Identity theft happens B) Reliable broadcast of personal data
© Hitachi, Ltd. 2018. All rights reserved. Challenges and SK4SDI 29 Auditor (CA) A) Safety: Security policy for data sharing with 3rd party B) Reliable broadcast of personal data C) Complexity-theoretical problems become easy to solve Policy Enforcement Trust anchor Obligations enable proof on compliance (secure identity) Biometrics/PUF with blinded Hysteresis Signature Blockchains for identity management with secure delegation of rights provide Ground Truth

Recommended

What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonUlf Mattsson
 
Cross domain autonomous cooperation cross-domain autonomous cooperation
Cross domain autonomous cooperation cross-domain autonomous cooperationCross domain autonomous cooperation cross-domain autonomous cooperation
Cross domain autonomous cooperation cross-domain autonomous cooperationPeter Waher
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?Ulf Mattsson
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bUlf Mattsson
 
Book
BookBook
BookUlf Mattsson
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAUlf Mattsson
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?Ulf Mattsson
 
N-able webinar:Build recurring revenue in 45 days
N-able webinar:Build recurring revenue in 45 daysN-able webinar:Build recurring revenue in 45 days
N-able webinar:Build recurring revenue in 45 daysSolarwinds N-able
 

Recommended

What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonUlf Mattsson
 
Cross domain autonomous cooperation cross-domain autonomous cooperation
Cross domain autonomous cooperation cross-domain autonomous cooperationCross domain autonomous cooperation cross-domain autonomous cooperation
Cross domain autonomous cooperation cross-domain autonomous cooperationPeter Waher
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?Ulf Mattsson
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bUlf Mattsson
 
Book
BookBook
BookUlf Mattsson
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAUlf Mattsson
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?Ulf Mattsson
 
N-able webinar:Build recurring revenue in 45 days
N-able webinar:Build recurring revenue in 45 daysN-able webinar:Build recurring revenue in 45 days
N-able webinar:Build recurring revenue in 45 daysSolarwinds N-able
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Ulf Mattsson
 
Smart City Lecture 2 - Privacy in the Smart City
Smart City Lecture 2 - Privacy in the Smart CitySmart City Lecture 2 - Privacy in the Smart City
Smart City Lecture 2 - Privacy in the Smart CityPeter Waher
 
Smart City Lecture 3 - An Open And/Or Secure Smart City
Smart City Lecture 3 - An Open And/Or Secure Smart CitySmart City Lecture 3 - An Open And/Or Secure Smart City
Smart City Lecture 3 - An Open And/Or Secure Smart CityPeter Waher
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningUlf Mattsson
 
Why are Giant software companies investing in Blockchain?
Why are Giant software companies investing in Blockchain?Why are Giant software companies investing in Blockchain?
Why are Giant software companies investing in Blockchain?Nicolas Berney
 
Blockchain IoT Workshop for the Aviation Planning Conference
Blockchain IoT Workshop for the Aviation Planning ConferenceBlockchain IoT Workshop for the Aviation Planning Conference
Blockchain IoT Workshop for the Aviation Planning ConferenceJim Gitney
 
Banking Technology Future 2018 - Consensus between School of Thoughts
Banking Technology Future 2018 - Consensus between School of ThoughtsBanking Technology Future 2018 - Consensus between School of Thoughts
Banking Technology Future 2018 - Consensus between School of ThoughtsOemar Ahmad
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaUlf Mattsson
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?Ulf Mattsson
 
Xanadu Based Blockchain Integration System Development
Xanadu Based Blockchain Integration System DevelopmentXanadu Based Blockchain Integration System Development
Xanadu Based Blockchain Integration System DevelopmentAlex G. Lee, Ph.D. Esq. CLP
 
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGCPKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGCNizar Ben Neji
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020Ulf Mattsson
 
Smart City Lecture 4 - Harmonizing the Internet of Things
Smart City Lecture 4 - Harmonizing the Internet of ThingsSmart City Lecture 4 - Harmonizing the Internet of Things
Smart City Lecture 4 - Harmonizing the Internet of ThingsPeter Waher
 
Blockchain, AI, IOT, Crypto Challenges and opportunities for the Energy Oil a...
Blockchain, AI, IOT, Crypto Challenges and opportunities for the Energy Oil a...Blockchain, AI, IOT, Crypto Challenges and opportunities for the Energy Oil a...
Blockchain, AI, IOT, Crypto Challenges and opportunities for the Energy Oil a...Dinis Guarda
 
SDChain - Blockchain 4.0: To create a blockchain ecosystem of trusted IoT dig...
SDChain - Blockchain 4.0: To create a blockchain ecosystem of trusted IoT dig...SDChain - Blockchain 4.0: To create a blockchain ecosystem of trusted IoT dig...
SDChain - Blockchain 4.0: To create a blockchain ecosystem of trusted IoT dig...Liu Jen Hao
 
20090620 CWID EDI-gateway (EDI) Identity Management (IDM) US
20090620 CWID EDI-gateway (EDI) Identity Management (IDM) US20090620 CWID EDI-gateway (EDI) Identity Management (IDM) US
20090620 CWID EDI-gateway (EDI) Identity Management (IDM) USKim Holm
 
Blockchain Technology and its role in the process of public sector innovation
Blockchain Technology and its role in the process of public sector innovationBlockchain Technology and its role in the process of public sector innovation
Blockchain Technology and its role in the process of public sector innovationsamossummit
 
Blockchain for IoT - Smart Home
Blockchain for IoT - Smart HomeBlockchain for IoT - Smart Home
Blockchain for IoT - Smart HomeBiagio Botticelli
 
You May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Con...
You May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Con...You May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Con...
You May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Con...Priyanka Aash
 
AI and Blockchain
AI and BlockchainAI and Blockchain
AI and BlockchainSasha Lazarevic
 
Competitive Compliance with Blockchain
Competitive Compliance with BlockchainCompetitive Compliance with Blockchain
Competitive Compliance with BlockchainSven Wohlgemuth
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKUlf Mattsson
 

More Related Content

What's hot

Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Ulf Mattsson
 
Smart City Lecture 2 - Privacy in the Smart City
Smart City Lecture 2 - Privacy in the Smart CitySmart City Lecture 2 - Privacy in the Smart City
Smart City Lecture 2 - Privacy in the Smart CityPeter Waher
 
Smart City Lecture 3 - An Open And/Or Secure Smart City
Smart City Lecture 3 - An Open And/Or Secure Smart CitySmart City Lecture 3 - An Open And/Or Secure Smart City
Smart City Lecture 3 - An Open And/Or Secure Smart CityPeter Waher
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningUlf Mattsson
 
Why are Giant software companies investing in Blockchain?
Why are Giant software companies investing in Blockchain?Why are Giant software companies investing in Blockchain?
Why are Giant software companies investing in Blockchain?Nicolas Berney
 
Blockchain IoT Workshop for the Aviation Planning Conference
Blockchain IoT Workshop for the Aviation Planning ConferenceBlockchain IoT Workshop for the Aviation Planning Conference
Blockchain IoT Workshop for the Aviation Planning ConferenceJim Gitney
 
Banking Technology Future 2018 - Consensus between School of Thoughts
Banking Technology Future 2018 - Consensus between School of ThoughtsBanking Technology Future 2018 - Consensus between School of Thoughts
Banking Technology Future 2018 - Consensus between School of ThoughtsOemar Ahmad
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaUlf Mattsson
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?Ulf Mattsson
 
Xanadu Based Blockchain Integration System Development
Xanadu Based Blockchain Integration System DevelopmentXanadu Based Blockchain Integration System Development
Xanadu Based Blockchain Integration System DevelopmentAlex G. Lee, Ph.D. Esq. CLP
 
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGCPKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGCNizar Ben Neji
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020Ulf Mattsson
 
Smart City Lecture 4 - Harmonizing the Internet of Things
Smart City Lecture 4 - Harmonizing the Internet of ThingsSmart City Lecture 4 - Harmonizing the Internet of Things
Smart City Lecture 4 - Harmonizing the Internet of ThingsPeter Waher
 
Blockchain, AI, IOT, Crypto Challenges and opportunities for the Energy Oil a...
Blockchain, AI, IOT, Crypto Challenges and opportunities for the Energy Oil a...Blockchain, AI, IOT, Crypto Challenges and opportunities for the Energy Oil a...
Blockchain, AI, IOT, Crypto Challenges and opportunities for the Energy Oil a...Dinis Guarda
 
SDChain - Blockchain 4.0: To create a blockchain ecosystem of trusted IoT dig...
SDChain - Blockchain 4.0: To create a blockchain ecosystem of trusted IoT dig...SDChain - Blockchain 4.0: To create a blockchain ecosystem of trusted IoT dig...
SDChain - Blockchain 4.0: To create a blockchain ecosystem of trusted IoT dig...Liu Jen Hao
 
20090620 CWID EDI-gateway (EDI) Identity Management (IDM) US
20090620 CWID EDI-gateway (EDI) Identity Management (IDM) US20090620 CWID EDI-gateway (EDI) Identity Management (IDM) US
20090620 CWID EDI-gateway (EDI) Identity Management (IDM) USKim Holm
 
Blockchain Technology and its role in the process of public sector innovation
Blockchain Technology and its role in the process of public sector innovationBlockchain Technology and its role in the process of public sector innovation
Blockchain Technology and its role in the process of public sector innovationsamossummit
 
Blockchain for IoT - Smart Home
Blockchain for IoT - Smart HomeBlockchain for IoT - Smart Home
Blockchain for IoT - Smart HomeBiagio Botticelli
 
You May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Con...
You May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Con...You May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Con...
You May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Con...Priyanka Aash
 

What's hot (20)

Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
 
Smart City Lecture 2 - Privacy in the Smart City
Smart City Lecture 2 - Privacy in the Smart CitySmart City Lecture 2 - Privacy in the Smart City
Smart City Lecture 2 - Privacy in the Smart City
 
Smart City Lecture 3 - An Open And/Or Secure Smart City
Smart City Lecture 3 - An Open And/Or Secure Smart CitySmart City Lecture 3 - An Open And/Or Secure Smart City
Smart City Lecture 3 - An Open And/Or Secure Smart City
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
 
Why are Giant software companies investing in Blockchain?
Why are Giant software companies investing in Blockchain?Why are Giant software companies investing in Blockchain?
Why are Giant software companies investing in Blockchain?
 
Blockchain IoT Workshop for the Aviation Planning Conference
Blockchain IoT Workshop for the Aviation Planning ConferenceBlockchain IoT Workshop for the Aviation Planning Conference
Blockchain IoT Workshop for the Aviation Planning Conference
 
Banking Technology Future 2018 - Consensus between School of Thoughts
Banking Technology Future 2018 - Consensus between School of ThoughtsBanking Technology Future 2018 - Consensus between School of Thoughts
Banking Technology Future 2018 - Consensus between School of Thoughts
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA Atlanta
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?
 
Xanadu Based Blockchain Integration System Development
Xanadu Based Blockchain Integration System DevelopmentXanadu Based Blockchain Integration System Development
Xanadu Based Blockchain Integration System Development
 
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGCPKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020
 
Smart City Lecture 4 - Harmonizing the Internet of Things
Smart City Lecture 4 - Harmonizing the Internet of ThingsSmart City Lecture 4 - Harmonizing the Internet of Things
Smart City Lecture 4 - Harmonizing the Internet of Things
 
Blockchain, AI, IOT, Crypto Challenges and opportunities for the Energy Oil a...
Blockchain, AI, IOT, Crypto Challenges and opportunities for the Energy Oil a...Blockchain, AI, IOT, Crypto Challenges and opportunities for the Energy Oil a...
Blockchain, AI, IOT, Crypto Challenges and opportunities for the Energy Oil a...
 
SDChain - Blockchain 4.0: To create a blockchain ecosystem of trusted IoT dig...
SDChain - Blockchain 4.0: To create a blockchain ecosystem of trusted IoT dig...SDChain - Blockchain 4.0: To create a blockchain ecosystem of trusted IoT dig...
SDChain - Blockchain 4.0: To create a blockchain ecosystem of trusted IoT dig...
 
20090620 CWID EDI-gateway (EDI) Identity Management (IDM) US
20090620 CWID EDI-gateway (EDI) Identity Management (IDM) US20090620 CWID EDI-gateway (EDI) Identity Management (IDM) US
20090620 CWID EDI-gateway (EDI) Identity Management (IDM) US
 
Blockchain Technology and its role in the process of public sector innovation
Blockchain Technology and its role in the process of public sector innovationBlockchain Technology and its role in the process of public sector innovation
Blockchain Technology and its role in the process of public sector innovation
 
Blockchain for IoT - Smart Home
Blockchain for IoT - Smart HomeBlockchain for IoT - Smart Home
Blockchain for IoT - Smart Home
 
You May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Con...
You May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Con...You May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Con...
You May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Con...
 
AI and Blockchain
AI and BlockchainAI and Blockchain
AI and Blockchain
 

Similar to Secure Sharing of Design Information with Blockchains

Competitive Compliance with Blockchain
Competitive Compliance with BlockchainCompetitive Compliance with Blockchain
Competitive Compliance with BlockchainSven Wohlgemuth
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKUlf Mattsson
 
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...FinTech Belgium
 
Meetup 24/5/2018 - Digitale identiteit op blockchain (Self-Sovereign Identity)
Meetup 24/5/2018 - Digitale identiteit op blockchain (Self-Sovereign Identity)Meetup 24/5/2018 - Digitale identiteit op blockchain (Self-Sovereign Identity)
Meetup 24/5/2018 - Digitale identiteit op blockchain (Self-Sovereign Identity)Digipolis Antwerpen
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
 
ISC2 Privacy-Preserving Analytics and Secure Multiparty Computation
ISC2 Privacy-Preserving Analytics and Secure Multiparty ComputationISC2 Privacy-Preserving Analytics and Secure Multiparty Computation
ISC2 Privacy-Preserving Analytics and Secure Multiparty ComputationUlfMattsson7
 
CompTIA powered Cybersecurity Apprenticeships
CompTIA powered Cybersecurity ApprenticeshipsCompTIA powered Cybersecurity Apprenticeships
CompTIA powered Cybersecurity ApprenticeshipsZeshan Sattar
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesDenim Group
 
Product security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsProduct security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsLabSharegroup
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftOSIsoft, LLC
 
CWIN17 New-York / earning the currency of trust
CWIN17 New-York / earning the currency of trustCWIN17 New-York / earning the currency of trust
CWIN17 New-York / earning the currency of trustCapgemini
 
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET Journal
 
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assuranceCisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assuranceCisco Canada
 
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...ForgeRock
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyEryk Budi Pratama
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protectionUlf Mattsson
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsSBWebinars
 
Content is King - Symantec
Content is King - SymantecContent is King - Symantec
Content is King - SymantecHarry Gunns
 
Authentication and Privacy in Cloud
Authentication and Privacy in CloudAuthentication and Privacy in Cloud
Authentication and Privacy in CloudMphasis
 

Similar to Secure Sharing of Design Information with Blockchains (20)

Competitive Compliance with Blockchain
Competitive Compliance with BlockchainCompetitive Compliance with Blockchain
Competitive Compliance with Blockchain
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UK
 
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...
 
Meetup 24/5/2018 - Digitale identiteit op blockchain (Self-Sovereign Identity)
Meetup 24/5/2018 - Digitale identiteit op blockchain (Self-Sovereign Identity)Meetup 24/5/2018 - Digitale identiteit op blockchain (Self-Sovereign Identity)
Meetup 24/5/2018 - Digitale identiteit op blockchain (Self-Sovereign Identity)
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
 
ISC2 Privacy-Preserving Analytics and Secure Multiparty Computation
ISC2 Privacy-Preserving Analytics and Secure Multiparty ComputationISC2 Privacy-Preserving Analytics and Secure Multiparty Computation
ISC2 Privacy-Preserving Analytics and Secure Multiparty Computation
 
20180115 Mobile AIoT Networking-ftsai
20180115 Mobile AIoT Networking-ftsai20180115 Mobile AIoT Networking-ftsai
20180115 Mobile AIoT Networking-ftsai
 
CompTIA powered Cybersecurity Apprenticeships
CompTIA powered Cybersecurity ApprenticeshipsCompTIA powered Cybersecurity Apprenticeships
CompTIA powered Cybersecurity Apprenticeships
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
 
Product security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsProduct security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security Certs
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
 
CWIN17 New-York / earning the currency of trust
CWIN17 New-York / earning the currency of trustCWIN17 New-York / earning the currency of trust
CWIN17 New-York / earning the currency of trust
 
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
 
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assuranceCisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assurance
 
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protection
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
 
Content is King - Symantec
Content is King - SymantecContent is King - Symantec
Content is King - Symantec
 
Authentication and Privacy in Cloud
Authentication and Privacy in CloudAuthentication and Privacy in Cloud
Authentication and Privacy in Cloud
 

More from Sven Wohlgemuth

A Secure Decision-Support Scheme for Self-Sovereign Identity Management
A Secure Decision-Support Scheme for Self-Sovereign Identity ManagementA Secure Decision-Support Scheme for Self-Sovereign Identity Management
A Secure Decision-Support Scheme for Self-Sovereign Identity ManagementSven Wohlgemuth
 
個人情報の有効活用を可能にする (Enabling effective use of personal information)
個人情報の有効活用を可能にする (Enabling effective use of personal information) 個人情報の有効活用を可能にする (Enabling effective use of personal information)
個人情報の有効活用を可能にする (Enabling effective use of personal information)Sven Wohlgemuth
 
Tagging Disclosure of Personal Data to Third Parties to Preserve Privacy
Tagging Disclosure of Personal Data to Third Parties to Preserve PrivacyTagging Disclosure of Personal Data to Third Parties to Preserve Privacy
Tagging Disclosure of Personal Data to Third Parties to Preserve PrivacySven Wohlgemuth
 
Privacy-Enhancing Trust Infrastructure for Process Mining
Privacy-Enhancing Trust Infrastructure for Process MiningPrivacy-Enhancing Trust Infrastructure for Process Mining
Privacy-Enhancing Trust Infrastructure for Process MiningSven Wohlgemuth
 
EN 6.3: 3 Sicherheitsmodelle
EN 6.3: 3 SicherheitsmodelleEN 6.3: 3 Sicherheitsmodelle
EN 6.3: 3 SicherheitsmodelleSven Wohlgemuth
 
Privacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementPrivacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementSven Wohlgemuth
 
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...Sven Wohlgemuth
 
On Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health RecordsOn Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health RecordsSven Wohlgemuth
 
EN 6.3: 2 IT-Compliance und IT-Sicherheitsmanagement
EN 6.3: 2 IT-Compliance und IT-SicherheitsmanagementEN 6.3: 2 IT-Compliance und IT-Sicherheitsmanagement
EN 6.3: 2 IT-Compliance und IT-SicherheitsmanagementSven Wohlgemuth
 
EN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
EN 6.3: 1 IT-Sicherheit und Technischer DatenschutzEN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
EN 6.3: 1 IT-Sicherheit und Technischer DatenschutzSven Wohlgemuth
 
Privacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal InformationPrivacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal InformationSven Wohlgemuth
 
International Workshop on Information Systems for Social Innovation (ISSI) 2009
International Workshop on Information Systems for Social Innovation (ISSI) 2009International Workshop on Information Systems for Social Innovation (ISSI) 2009
International Workshop on Information Systems for Social Innovation (ISSI) 2009Sven Wohlgemuth
 
Durchsetzung von Privacy Policies in Dienstenetzen
Durchsetzung von Privacy Policies in DienstenetzenDurchsetzung von Privacy Policies in Dienstenetzen
Durchsetzung von Privacy Policies in DienstenetzenSven Wohlgemuth
 
Privacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementPrivacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementSven Wohlgemuth
 
Privacy in Business Processes by Identity Management
Privacy in Business Processes by Identity ManagementPrivacy in Business Processes by Identity Management
Privacy in Business Processes by Identity ManagementSven Wohlgemuth
 
Schlüsselverwaltung - Objektorientierter Entwurf und Implementierung
Schlüsselverwaltung - Objektorientierter Entwurf und ImplementierungSchlüsselverwaltung - Objektorientierter Entwurf und Implementierung
Schlüsselverwaltung - Objektorientierter Entwurf und ImplementierungSven Wohlgemuth
 
Resilience by Usable Security
Resilience by Usable SecurityResilience by Usable Security
Resilience by Usable SecuritySven Wohlgemuth
 
Sicherheit in einer vernetzten Welt
Sicherheit in einer vernetzten WeltSicherheit in einer vernetzten Welt
Sicherheit in einer vernetzten WeltSven Wohlgemuth
 

More from Sven Wohlgemuth (20)

A Secure Decision-Support Scheme for Self-Sovereign Identity Management
A Secure Decision-Support Scheme for Self-Sovereign Identity ManagementA Secure Decision-Support Scheme for Self-Sovereign Identity Management
A Secure Decision-Support Scheme for Self-Sovereign Identity Management
 
個人情報の有効活用を可能にする (Enabling effective use of personal information)
個人情報の有効活用を可能にする (Enabling effective use of personal information) 個人情報の有効活用を可能にする (Enabling effective use of personal information)
個人情報の有効活用を可能にする (Enabling effective use of personal information)
 
Tagging Disclosure of Personal Data to Third Parties to Preserve Privacy
Tagging Disclosure of Personal Data to Third Parties to Preserve PrivacyTagging Disclosure of Personal Data to Third Parties to Preserve Privacy
Tagging Disclosure of Personal Data to Third Parties to Preserve Privacy
 
Privacy-Enhancing Trust Infrastructure for Process Mining
Privacy-Enhancing Trust Infrastructure for Process MiningPrivacy-Enhancing Trust Infrastructure for Process Mining
Privacy-Enhancing Trust Infrastructure for Process Mining
 
EN 6.3: 4 Kryptographie
EN 6.3: 4 KryptographieEN 6.3: 4 Kryptographie
EN 6.3: 4 Kryptographie
 
EN 6.3: 3 Sicherheitsmodelle
EN 6.3: 3 SicherheitsmodelleEN 6.3: 3 Sicherheitsmodelle
EN 6.3: 3 Sicherheitsmodelle
 
Privacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementPrivacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity Management
 
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
 
Privacy in e-Health
Privacy in e-HealthPrivacy in e-Health
Privacy in e-Health
 
On Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health RecordsOn Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health Records
 
EN 6.3: 2 IT-Compliance und IT-Sicherheitsmanagement
EN 6.3: 2 IT-Compliance und IT-SicherheitsmanagementEN 6.3: 2 IT-Compliance und IT-Sicherheitsmanagement
EN 6.3: 2 IT-Compliance und IT-Sicherheitsmanagement
 
EN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
EN 6.3: 1 IT-Sicherheit und Technischer DatenschutzEN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
EN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
 
Privacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal InformationPrivacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal Information
 
International Workshop on Information Systems for Social Innovation (ISSI) 2009
International Workshop on Information Systems for Social Innovation (ISSI) 2009International Workshop on Information Systems for Social Innovation (ISSI) 2009
International Workshop on Information Systems for Social Innovation (ISSI) 2009
 
Durchsetzung von Privacy Policies in Dienstenetzen
Durchsetzung von Privacy Policies in DienstenetzenDurchsetzung von Privacy Policies in Dienstenetzen
Durchsetzung von Privacy Policies in Dienstenetzen
 
Privacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementPrivacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity Management
 
Privacy in Business Processes by Identity Management
Privacy in Business Processes by Identity ManagementPrivacy in Business Processes by Identity Management
Privacy in Business Processes by Identity Management
 
Schlüsselverwaltung - Objektorientierter Entwurf und Implementierung
Schlüsselverwaltung - Objektorientierter Entwurf und ImplementierungSchlüsselverwaltung - Objektorientierter Entwurf und Implementierung
Schlüsselverwaltung - Objektorientierter Entwurf und Implementierung
 
Resilience by Usable Security
Resilience by Usable SecurityResilience by Usable Security
Resilience by Usable Security
 
Sicherheit in einer vernetzten Welt
Sicherheit in einer vernetzten WeltSicherheit in einer vernetzten Welt
Sicherheit in einer vernetzten Welt
 

Recently uploaded

TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...
TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...
TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...ssifa0344
 
Green chemistry and Sustainable development.pptx
Green chemistry and Sustainable development.pptxGreen chemistry and Sustainable development.pptx
Green chemistry and Sustainable development.pptxRajatChauhan518211
 
Nightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43b
Nightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43bNightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43b
Nightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43bSérgio Sacani
 
Botany 4th semester series (krishna).pdf
Botany 4th semester series (krishna).pdfBotany 4th semester series (krishna).pdf
Botany 4th semester series (krishna).pdfSumit Kumar yadav
 
Boyles law module in the grade 10 science
Boyles law module in the grade 10 scienceBoyles law module in the grade 10 science
Boyles law module in the grade 10 sciencefloriejanemacaya1
 
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...Sérgio Sacani
 
Botany 4th semester file By Sumit Kumar yadav.pdf
Botany 4th semester file By Sumit Kumar yadav.pdfBotany 4th semester file By Sumit Kumar yadav.pdf
Botany 4th semester file By Sumit Kumar yadav.pdfSumit Kumar yadav
 
Isotopic evidence of long-lived volcanism on Io
Isotopic evidence of long-lived volcanism on IoIsotopic evidence of long-lived volcanism on Io
Isotopic evidence of long-lived volcanism on IoSérgio Sacani
 
Biopesticide (2).pptx .This slides helps to know the different types of biop...
Biopesticide (2).pptx .This slides helps to know the different types of biop...Biopesticide (2).pptx .This slides helps to know the different types of biop...
Biopesticide (2).pptx .This slides helps to know the different types of biop...RohitNehra6
 
Spermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatidSpermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatidSarthak Sekhar Mondal
 
Presentation Vikram Lander by Vedansh Gupta.pptx
Presentation Vikram Lander by Vedansh Gupta.pptxPresentation Vikram Lander by Vedansh Gupta.pptx
Presentation Vikram Lander by Vedansh Gupta.pptxgindu3009
 
Disentangling the origin of chemical differences using GHOST
Disentangling the origin of chemical differences using GHOSTDisentangling the origin of chemical differences using GHOST
Disentangling the origin of chemical differences using GHOSTSérgio Sacani
 
G9 Science Q4- Week 1-2 Projectile Motion.ppt
G9 Science Q4- Week 1-2 Projectile Motion.pptG9 Science Q4- Week 1-2 Projectile Motion.ppt
G9 Science Q4- Week 1-2 Projectile Motion.pptMAESTRELLAMesa2
 
Cultivation of KODO MILLET . made by Ghanshyam pptx
Cultivation of KODO MILLET . made by Ghanshyam pptxCultivation of KODO MILLET . made by Ghanshyam pptx
Cultivation of KODO MILLET . made by Ghanshyam pptxpradhanghanshyam7136
 
Biological Classification BioHack (3).pdf
Biological Classification BioHack (3).pdfBiological Classification BioHack (3).pdf
Biological Classification BioHack (3).pdfmuntazimhurra
 
Traditional Agroforestry System in India- Shifting Cultivation, Taungya, Home...
Traditional Agroforestry System in India- Shifting Cultivation, Taungya, Home...Traditional Agroforestry System in India- Shifting Cultivation, Taungya, Home...
Traditional Agroforestry System in India- Shifting Cultivation, Taungya, Home...jana861314
 
Natural Polymer Based Nanomaterials
Natural Polymer Based NanomaterialsNatural Polymer Based Nanomaterials
Natural Polymer Based NanomaterialsAArockiyaNisha
 
Artificial Intelligence In Microbiology by Dr. Prince C P
Artificial Intelligence In Microbiology by Dr. Prince C PArtificial Intelligence In Microbiology by Dr. Prince C P
Artificial Intelligence In Microbiology by Dr. Prince C PPRINCE C P
 
Raman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral Analysis
Raman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral AnalysisRaman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral Analysis
Raman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral AnalysisDiwakar Mishra
 

Recently uploaded (20)

TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...
TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...
TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...
 
Green chemistry and Sustainable development.pptx
Green chemistry and Sustainable development.pptxGreen chemistry and Sustainable development.pptx
Green chemistry and Sustainable development.pptx
 
Nightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43b
Nightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43bNightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43b
Nightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43b
 
Botany 4th semester series (krishna).pdf
Botany 4th semester series (krishna).pdfBotany 4th semester series (krishna).pdf
Botany 4th semester series (krishna).pdf
 
Boyles law module in the grade 10 science
Boyles law module in the grade 10 scienceBoyles law module in the grade 10 science
Boyles law module in the grade 10 science
 
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...
 
Botany 4th semester file By Sumit Kumar yadav.pdf
Botany 4th semester file By Sumit Kumar yadav.pdfBotany 4th semester file By Sumit Kumar yadav.pdf
Botany 4th semester file By Sumit Kumar yadav.pdf
 
Isotopic evidence of long-lived volcanism on Io
Isotopic evidence of long-lived volcanism on IoIsotopic evidence of long-lived volcanism on Io
Isotopic evidence of long-lived volcanism on Io
 
Biopesticide (2).pptx .This slides helps to know the different types of biop...
Biopesticide (2).pptx .This slides helps to know the different types of biop...Biopesticide (2).pptx .This slides helps to know the different types of biop...
Biopesticide (2).pptx .This slides helps to know the different types of biop...
 
Spermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatidSpermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatid
 
Presentation Vikram Lander by Vedansh Gupta.pptx
Presentation Vikram Lander by Vedansh Gupta.pptxPresentation Vikram Lander by Vedansh Gupta.pptx
Presentation Vikram Lander by Vedansh Gupta.pptx
 
Disentangling the origin of chemical differences using GHOST
Disentangling the origin of chemical differences using GHOSTDisentangling the origin of chemical differences using GHOST
Disentangling the origin of chemical differences using GHOST
 
G9 Science Q4- Week 1-2 Projectile Motion.ppt
G9 Science Q4- Week 1-2 Projectile Motion.pptG9 Science Q4- Week 1-2 Projectile Motion.ppt
G9 Science Q4- Week 1-2 Projectile Motion.ppt
 
Cultivation of KODO MILLET . made by Ghanshyam pptx
Cultivation of KODO MILLET . made by Ghanshyam pptxCultivation of KODO MILLET . made by Ghanshyam pptx
Cultivation of KODO MILLET . made by Ghanshyam pptx
 
Engler and Prantl system of classification in plant taxonomy
Engler and Prantl system of classification in plant taxonomyEngler and Prantl system of classification in plant taxonomy
Engler and Prantl system of classification in plant taxonomy
 
Biological Classification BioHack (3).pdf
Biological Classification BioHack (3).pdfBiological Classification BioHack (3).pdf
Biological Classification BioHack (3).pdf
 
Traditional Agroforestry System in India- Shifting Cultivation, Taungya, Home...
Traditional Agroforestry System in India- Shifting Cultivation, Taungya, Home...Traditional Agroforestry System in India- Shifting Cultivation, Taungya, Home...
Traditional Agroforestry System in India- Shifting Cultivation, Taungya, Home...
 
Natural Polymer Based Nanomaterials
Natural Polymer Based NanomaterialsNatural Polymer Based Nanomaterials
Natural Polymer Based Nanomaterials
 
Artificial Intelligence In Microbiology by Dr. Prince C P
Artificial Intelligence In Microbiology by Dr. Prince C PArtificial Intelligence In Microbiology by Dr. Prince C P
Artificial Intelligence In Microbiology by Dr. Prince C P
 
Raman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral Analysis
Raman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral AnalysisRaman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral Analysis
Raman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral Analysis
 

Secure Sharing of Design Information with Blockchains

  • 1. © Hitachi, Ltd. 2018. All rights reserved. Secure Sharing of Design Information with Blockchains 2018年電子情報通信学会ソサイエティ大会 BS-7. Network and Service Design, Control and Management September 13th, 2018 Wohlgemuth Sven* 株式会社日立製作所 梅澤克之 湘南工科大学 寶木和夫 産業技術総合研究所 *His contribution in this paper is done when he belonged to Albert-Ludwig University Freiburg, Germany and other organizations before he joined Hitachi, Ltd. in February 2017.
  • 2. © Hitachi, Ltd. 2018. All rights reserved. Now: Search with HCI 2 Personal attributes Pseudonyms, biometrics, contact details, credit card, interests, friends, medical history, belongings, and so on including vulnerability and incident reports Share subset (e.g. vulnerability/incident report) Search engine AI-capable machine • Efficiency: Scalable computing power and memory (e.g. Cloud Computing) • Effectiveness: Optimization and completeness of problem solving Problem: Who is defender or attacker?
  • 3. © Hitachi, Ltd. 2018. All rights reserved. 3 Threat analysis result of analysis target system Vulnerability case 1 Safety & Security Threat Analysis Designer External Vulnerability Database Common attack pattern type and classification 共通脆弱性識別番号DB共通脆弱性識別番号DB Functional requirement analysis diagram System configuration Design info of analysis target system Vulnerability model information Vulnerability case 2 Vulnerability case 3 On the basis of the case database, vulnerability information modeled using meta info such as threat content and occurrence condition (1) Enter the design information of the analysis target system and set the attack target (2) The system refers to the vulnerability model information and performs semiautomatic threat analysis Search vulnerability candidates that match the analysis target system FT top event Pre-created Pre-registration Interactive analysis Other design information Macro AT Component database Component information Attack Case Attack success case and attack report Vulnerability case 3 Vulnerability case 1 Common vulnerability type list Common vulnerability identification number list But: Threat Analysis needs Information
  • 4. © Hitachi, Ltd. 2018. All rights reserved. 4 Natural disasters cause severe disruptions on Just-In-Time production (2011 Great East Japan Earthquake on Toyota, Apple, …; 2016 Kumamoto on Toyota, Sony, Honda, …) https://www.bbc.com/news/business-36069349 Non-availability of information in IoT caused by ransomware (WannaCry) on MS Windows http://monoist.atmarkit.co.jp/mn/articles/1807/04/news042.html Information leakage of 140 million identities caused by vulnerability in Open Source Apache Struts but no reaction (Equifax) on security report https://www.scmagazine.com/equifax-twice-missed-finding- apache-struts-vulnerability-allowing-breach-to- happen/article/697693/ and more vulnerabilities … Integrity uncertain due to technological development which turns mathematical hard problems in solvable ones https://www.zdnet.com/article/ibm-warns-of-instant-breaking-of- encryption-by-quantum-computers-move-your-data-today/ Example: Supply Chains and Disruptions
  • 5. © Hitachi, Ltd. 2018. All rights reserved. Agenda I. Challenge: Accountability • Reliable cryptographic key exchange • Reliable reporting for reducing vulnerabilities II. Our Way: SK4SDI – Secure Kernel 4 Security Design Information • Miners in competition for anonymized certification • Open Data on compliance to smart contracts III. Unity in Diversity • Usable HCI with AI as intelligence amplifier • Digital marketplace on compliance 5
  • 6. © Hitachi, Ltd. 2018. All rights reserved. Trusted Computing Base (TCB) / Kernel I. Challenge: Accountability Object Security policy Reference monitor Audit trail Subject Access request to d, d* d, d* Grant access or deny access Enforcement of IT security protection goals (CIA): Security by Design Search engine Request: Search for d, d* Input: Design information d Output: Design information d, d* Aggregation & inference: d, d* Output: Vulnerability/incident report 6 Man in the middle attack
  • 7. © Hitachi, Ltd. 2018. All rights reserved. Accountability: Digital Signature 7 Premise: IT security should depend only on access to secret cryptographic key Digital signature for integrity and non-repudiation of a message Depends on trapdoor functions: (1) Hash function, (2) hard mathematical problem, and (3) authentic exchange of cryptographic public key for verification Security policy Reference monitor (signature verification) Audit trail Subject Access request, sign(access request, sksubject) (pksubject, sksubject) Certification authority (CA) (pkCA, skCA), credentials, revocation Man in the middle attack Check certification path of pksubject Or access to (pksubject, sksubject) Shows (pk* subject, sk* subject) → Subject Success, if data breach in certification path: Certification policy Show pksubject → sksubject
  • 8. © Hitachi, Ltd. 2018. All rights reserved. Certification Path (1/2) 8 CA (pkCA, skCA), credentials, revocation Personal attributes Pseudonyms, biometrics, (skAlice, pkAlice), …, and so on Including vulnerability and incident reports Certification of relationship pkAlice → Personal attributes of Alice Name: Serial number: Issued by: Issue date: Expiration: Public key: Attributes: Alice 12345678 CA 07/01/2018 07/01/2020 X a # 6 @ Usage Limits (rights...) Certificate Name: Serial number: Issued by: Issue date: Expiration: Public key: Attributes: S-Trust 08154711 CA 07/01/2017 07/01/2019 K 8 8 @ 39 Usage Limits (rights...) Certificate Vulnerabilities for data breach in a) Security model b) Implementation c) Use of implementation d) Control of basic secret
  • 9. © Hitachi, Ltd. 2018. All rights reserved. Certification Path (2/2) 9 Model checking of type-safe access control policy Open source with security testing and vulnerability database Monitoring with audit trail and anonymization Hard mathematical problem Security model Implementation Use of security control Control of basic secret Requirement analysis Decidable formalization Security Engineering Assumption / procedure Data Breach: Vulnerability Optimal anonymization is a NP hard problem Centralized control with restrictions Bug Spoofing, phishing. malconfiguration, … Progress in search algorithms
  • 10. © Hitachi, Ltd. 2018. All rights reserved. Data Breach Detection (IDS) 10 Policy languages: OSL, Ponder, ExPDT, EPAL, XACMLSecurity model Implementation Use of security control Control of basic secret Requirement analysis Security Engineering Observable obligations on reporting Hysteresis Digital Signature Audit Security policy Reference monitor Audit intelligence Audit trail Audit trail Search engine/ CA Audit trail incident compliant
  • 11. © Hitachi, Ltd. 2018. All rights reserved. IDS and Audit Trail 11 Attack signature detection (Rule-based detection) Anomaly detection Required knowledge Knowledge about all potential attacks Complete knowledge about behavior of system/users Required configuration Continuous update of attack rules database with authentic attack rules Determine normal behavior (compliance to policy): • Collecting authentic data • Data analytics with error rate (false positives) • Continuous update of database Audit intelligence: Required information and configuration Aggregation of secure audit trails is threatened by inevitable vulnerable identities: 1. Information sharing not perfect against data breach (database without sharing can be) 2. No consensus on information with vulnerable identities
  • 12. © Hitachi, Ltd. 2018. All rights reserved. Byzantine Consensus (Fault Tolerance) 12 Charlie Alice Bob 0 0 0 0 0 0 Charlie Alice Bob 0 0 1 0 1 1 0 or 1? 0 or 1? Without cryptography Digital signature Bitcoin hash chain • Tolerates 𝑡 < 𝑛 3 failed identities • No consensus for sharing security design information • Tolerates 𝑡 < 𝑛 failed identities • Assumes authentic and consistent cryptographic key exchange • Tolerates 𝑡 < 𝑛 failed identities • Byzantine consensus by competitive incentive and public ledger • No authentication ➔ Secure information sharing is a matter of trust (with competition) Objective: Majority agrees on information (consensus)
  • 13. © Hitachi, Ltd. 2018. All rights reserved. Agenda I. Challenge: Accountability • Reliable cryptographic key exchange • Reliable reporting for reducing vulnerabilities II. Our Way: SK4SDI – Secure Kernel 4 Security Design Information • Miners in competition for anonymized certification • Open Data on compliance to smart contracts III. Unity in Diversity • Usable HCI with AI as intelligence amplifier • Digital marketplace on compliance 13
  • 14. © Hitachi, Ltd. 2018. All rights reserved. Bitcoin-like blockchains 14 II. Our Way: SK4SDI – Secure Kernel Request: Search for d, d* Input: Design information d Trust → Enforcement of rules (policy) on information sharing  Compliance Miners … Ledger Audit trail Output: Compliance report on authentication of d, d* Output: Compliance report on authentication of d, d* Auditors Personal attributes Pseudonyms, biometrics, (skAlice, pkAlice), …, and so on including vulnerability and incident reports Personal attributes Pseudonyms, biometrics, (skBob, pkBob), …, and so on including vulnerability and incident reports d, d* Policy d, d* Policy d, d* Access d, d* Certifi cate Aggregation of provenance SK4SDI by competitive incentive and keyed hash chain
  • 15. © Hitachi, Ltd. 2018. All rights reserved. 15 Personal attributes Pseudonyms, biometrics, contact details, credit card, interests, friends, medical history, belongings, and so on including security vulnerabilities and incidents IDA Context of master ID 1 ledger Liveness logID ledger ZKP guarantees anonymity Attempt to estimate additional attribute values subset Direct communication Multiple derived IDs Unique name/ledger Authentication: Compliance log Trading partner, 3rd party Discovery of security design information in marketplace a < attribute value (e.g. WebKit version) < b search market Exist? Negotiate smart contract on use Y N Our Way: Secure Search for Usable HCI
  • 16. © Hitachi, Ltd. 2018. All rights reserved. Proof of Inequality 16 ProofInequality*: ZKP that a certain attribute value m is m > mr is given as follows: Δ=m-mr-1、a=1 Calculate u1, u2, u3, u4 such that Let Not limited to m > mr, the SPK can be configured similarly for another inequality. Then (Non-interactive) ZKP Parts of issuer’s public key for CL signatures Operator: ≡≻ * IBM Research Zurich Security Team, Specification of the identity mixer cryptographic library, version 2.3.40, Technical Report, IBM Research, Zurich, 2013.
  • 17. © Hitachi, Ltd. 2018. All rights reserved. Proof on Accountability for Compliance 17 Proof on accountability: Secondary use of personal credentials on AAA Authentication Authorization Accounting Genesis Blinded* pkroot Policy on use pkroot Access on use pkroot Self-signed cert(pkroot) Anonymous credentials with Hysteresis Digital Signature as Open Data Proof of Inequality for search on compliance to a policy for information sharing Anonymous digital evidence relates to privacy as informational self- determination * verifiable encryption with pk_OA of Auditor OA Genesis Genesis Block 1 Block 1 Block 1
  • 18. © Hitachi, Ltd. 2018. All rights reserved. III. Unity in Diversity 18 Now: Audit Intelligence for HCI • Reporting on vulnerabilities and incidents • But: Inevitable vulnerable identities In the future: With SK4SDI for Usable HCI • Reporting on enforcement of security policies • Vulnerable identities compete on compliance Expected effects: (1) Continuous improvement of security (PKI) with vulnerable identities (2) Secure Delegation of Rights on using Design Information provides digital marketplace on privacy with price discrimination Sustainable knowledge society
  • 19. © Hitachi, Ltd. 2018. All rights reserved. Related Work in Standardization 19 ISO/IEC • N2768 NB proposal SP Connected devices – Proposal by US NB for a study period on Security and Privacy Baseline Controls for Connected Devices, ISO/IEC JTC 1/SC 27/WG 4, 2018. • WD(TR) 23187: Cloud computing – Interacting with cloud service partners (CSNs), ISO/IEC JTC 1/SC 27/WG 5, 2018. • ISO/NP TR 23246 WD(TR): Blockchain and distributed ledger technologies – Overview of identity, ISO/TC 307, 2018. • 27031: Cybersecurity – Information and communication technology readiness for business continuity, ISO/IEC JTC 1/SC 27/ WG 4, 2018. • WD 27035-3.2: Security techniques – Part 3: Guidelines for incident response operations, ISO/IEC JTC 1/ SC 27/ WG4, 2018. • DIS 3011 – Information technology – Security techniques – Vulnerability handling processes • WG 11 Smart City White Paper v0.4, ISO/IEC JTC 1/SC 27, 2018. Internet Engineering Task Force (IETF) • Google. Certificate Transparency, RfC 6962, IETF, 2013. • Google, Comodo CA. Certificate Transparency Version 2.0, draft-ietf-trans-rfc6962-bis-28, 2018. • S. Kent. Attack and Threat Model for Certificate Transparency, draft-ietf-trans-threat- analysis-15, 2018.
  • 20. © Hitachi, Ltd. 2018. All rights reserved. Acknowledgement / 感謝の表明 20 We thank Mishina Yusuke (三科雄介さん) for his comments. This work was supported by Council for Science, Technology and Innovation (CTSI), Cross-ministerial Strategic Innovation Promotion Program (SIP), and “Cyber Security for Critical Infrastructure” (funding agency: NEDO). ありがとうございました。 sven.wohlgemuth.kd@hitachi.com
  • 21.
  • 22. © Hitachi, Ltd. 2018. All rights reserved. Byzantine Consensus (Fault Tolerance) 25 Objective: Majority agrees on information (consensus) Charlie Alice Bob 0 0 0 0 0 0 1 0 0 0 1 0 Perfect sharing Charlie Alice Bob Charlie Alice Bob If one identity fails 0 or 1? 0 or 1? 0 0 1 0 1 10 or 1? 0 or 1?
  • 23. © Hitachi, Ltd. 2018. All rights reserved. Data controller OC terminal Auditor OA terminal Data processor OH terminal Data processor OP terminal 3) Get pk_OA for CS encryption of signature record on cred issuance (authorization) 1) Request authorization for dS of OS from OC: context_(OC,OH); show cred_OH on type-safety * 2) Certify authorization for OH : issue cred_(OC,OH) on nym_OH Open Data ledger 4) Update signature record for authorization M_OH = nym_OH‖enc_OA(context_(OC,OH)‖{mj,k, k∈def}), Bj=H(Bj-1‖M_OH), S_(OC,OH) = sign_OC(Bj) 5) Generate ZKP values SPK for CL encryption of signature record by pk_OA 6) Propose (M_OH,Bj,S_(OC,OH)) and SPK for new block 7) Check as miner (M_OH,Bj,S_(OC,OH)) and SPK; add to new block Protocol: Authorization 26* OS refers to the data subject, e.g., Alice or Bob, in accordance to the context
  • 24. © Hitachi, Ltd. 2018. All rights reserved. Data controller OC terminal Auditor OA terminal Data processor OH terminal Data processor OP terminal Open Data ledger 1) Request dS of Os with cred_(OCOH): context_(OH,OP) 2) Request cred_OH on type-safety 3) Show cred_OH on type-safety 4) Check validity of cred_OH and cred_(OCOH) with (M_OH,Bj,S_(CA,OH)) and SPK of CA; (M_OH,Bj,S_(OC,OH)) and SPK of OC 5) Get pk_OA for CS encryption of signature record on data provenance 6) Generate data provenance for d from OP to OH M_(OP,OH) = H(dS) || nym_OP || nym_OH‖ Bj=H(Bj-1 || M_(OP,OH) S_(OP,OH) = sign_OP(Bj) Generate ZKP values SPK for CS encryption of signature record by pk_OA 7) Propose (M_OH,Bj,S_(OC,OH)) and SPK for new block8) Check as miner (M_(OP,OH),Bj,S_(OP,OH)) and SPK; add to new block 9) dS of OS Protocol: Accounting 27* OS refers to the data subject, e.g., Alice or Bob, in accordance to the context
  • 25. © Hitachi, Ltd. 2018. All rights reserved. Challenges for Security 28 CA A) Safety: Security policy for data sharing with 3rd party C) Complexity-theoretical problems become easy to solve Policy Enforcement Trust anchor No proof on data breach (identity theft) in advance Universal break of cryptographic system Identity theft happens B) Reliable broadcast of personal data
  • 26. © Hitachi, Ltd. 2018. All rights reserved. Challenges and SK4SDI 29 Auditor (CA) A) Safety: Security policy for data sharing with 3rd party B) Reliable broadcast of personal data C) Complexity-theoretical problems become easy to solve Policy Enforcement Trust anchor Obligations enable proof on compliance (secure identity) Biometrics/PUF with blinded Hysteresis Signature Blockchains for identity management with secure delegation of rights provide Ground Truth