SlideShare une entreprise Scribd logo
1  sur  27
Télécharger pour lire hors ligne
See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/331672930
Competitive Compliance with Blockchain
Conference Paper · March 2019
CITATIONS
0
READS
139
4 authors, including:
Some of the authors of this publication are also working on these related projects:
Cyber-Security for Critical Infrastructure View project
Mobile Security View project
Sven Wohlgemuth
Hitachi, Ltd.
122 PUBLICATIONS   265 CITATIONS   
SEE PROFILE
Katsuyuki Umezawa
Shonan Institute of Technology
33 PUBLICATIONS   34 CITATIONS   
SEE PROFILE
All content following this page was uploaded by Sven Wohlgemuth on 11 April 2019.
The user has requested enhancement of the downloaded file.
© Hitachi, Ltd. 2019. All rights reserved.
Competitive Compliance with Blockchain
The 3rd Workshop on Security, Privacy and Trust in the Internet of Things
in conjunction with IEEE PerCom 2019, Kyoto, Japan
March 15th, 2019
Dr. Sven Wohlgemuth Hitachi, Ltd. R&D Group
Prof. Dr. Katsuyuki Umezawa Shonan Institute of Technology
Yusuke Mishina AIST CPSEC
Dr. Kazuo Takaragi AIST CPSEC
© Hitachi, Ltd. 2019. All rights reserved.
OEM/Supplier Factory End customer
Order
Supply Verification
of produced
goods
I. Supply Chain Attack
2
Supply chain (SC) attack refers to attacks such as
- Tampering with products and services in the process of manufacturing,
selling and operating software and hardware.
- In addition to this, it refers to attacks that an organization receives through
business partners, third parties, suppliers, etc. connected to its supply chain.
Rating about
satisfaction
Order
Delivery
© Hitachi, Ltd. 2019. All rights reserved.
Supply Chain Attack: Examples
3
SC attack examples
• 2008.4 Counterfeiting of Cisco Systems routers manufactured outside the United
States circulated in the United States
• 2010.6 Malware embedding in Cisco Systems router exported from the United States
• 2017.9 Windows optimization software "CCleaner" embeds malware in update
information
• 2018.4 US Department of Defense, US military bases around the world ban sales of
HUAWEI · ZTE products
• 2018.8 Taiwan TSMC manufacturing iPhone CPU temporarily shut down due to virus
infection. 3Q sales declined 3%
© Hitachi, Ltd. 2019. All rights reserved.
Epoch of IT Support / Metaphors of IT Security
4
Castle Market place Bazaar
Mainframe Internet Pervasive Computing
“Good ones are
inside; the bad ones
are outside”
Server-based
Security
Client-based Security
Autonomous interaction
Human interaction
© Hitachi, Ltd. 2019. All rights reserved.
Security and Privacy by Contract (e.g. GDPR)
5
Cyber
Physical
Search engine
Aggregation &
inference: d, d*
Identity Identity
d, claim
d
Digital evidence
d* about d
1:1
1:n
Man in the
middle attack Inevitable incidents
• Data breach
• Limited information
on enforcement
Data
subject
Data
controller
Data
processor
Contract
• Consensus on
obligations
• Bargaining rights
Contract
Accountability: Multilateral declaration of intent
Accountability
• Electronic seal
• Qualified electronic
signature
© Hitachi, Ltd. 2019. All rights reserved.
II. IT Security: The Matrix with Data Provenance
6
Security Policy
Access conditions
Obligations
Sanctions
Contractual identities
Formalization of
decidable rules
Mt o1 = d …
S1 = data
subject
{own, read,
write}
…
S2 = data
controller
{cread} …
S3 = data
processor
Mt+1 o1 = d S3 = cs
S1 = data
subject
{own, read,
write}
S2 = data
controller
{read,
write}
{parent}
S3 = data
processor
{read}
Information
sharing
Delegation of
rights
Ternary access matrix (TAM) and state transitions Mt → Mt+1
Digital evidence on IT security (non-existence of data breach)
Rights in compliance to contract?
© Hitachi, Ltd. 2019. All rights reserved.
Secure IT System depends on Secure Kernel
7
Trusted
Computing Base/
Secure Kernel
Don’t fail !
ObjectReference monitor
Aggregated
Audit trail
Subject
Access request
to d, d*
Grant access
or deny
access
Man in the
middle attack
IT Security
domain
Audit console
(IDS)
© Hitachi, Ltd. 2019. All rights reserved.
Client-based Security: Advantage of Peer-to-Peer
8
• We can synchronize the ledger even with vulnerable identities
• On the premise that it is limited to what we agree (incl. TAM)
i.e., ENABLES TRANSPARENCY OF DOING DEFINED ACTIVITIES
© Hitachi, Ltd. 2019. All rights reserved.
Accountability: Token -> Semantic (e.g. eIDAS)
9
Digital
signature
Hanko
Secret key
A pair of
name and
public key
Contract
document or
attributes, and
digital signature
Each person
preserves
Registered seal
impression
Putting
the seal
© Hitachi, Ltd. 2019. All rights reserved. 10
• For Bitcoin, the contract document (or signer's
attributes) written in the hyper ledger are plaintext only.
• Individual's attribute information is written and sealed in
the hyper register.
Akiko's wallet Ichiro's wallet
hyper
ledger
・ Confirmation by miner
取引所か
ら購入
Commit to Attribute Information of each User
© Hitachi, Ltd. 2019. All rights reserved.
Anonymous Attribute-Based Credential
11
Anonymous credentials *
• It is a ciphertext with proof of the user’s identity.
• It indicates that it is a person who falls into a certain category
using arbitrarily inequalities, without revealing detail.
• Protected by cryptography (zero-knowledge proof with digital signature)
* Credentials: When used in network security, generic name of information used for
implementing capability list for each subject as representation of access matrix
Identity
certificate
Expire at 31 Mar, 2020
Registration 28-26936789
Name Akiko Yamada
Birth day 22 Feb 1975
Address 2-4-7 Aomi, Koto-ku, Tokyo
Possession data ○△×◻︎
Certificate date 4 Apr, 2018 印産総商会
✓ Age in forty
generations
✓ I have data
△ □
Proved contents
Filter type can be selected arbitrarily
印産総商会
© Hitachi, Ltd. 2019. All rights reserved.
Camenisch-Lysyanskaya (CL) Digital Signature
12
Issuing organization OI generates a secret key and public key for CL
signature (based on strong RSA assumption)
Then, OI generates a credential credj for user Uj such that
where
Let mi be an attribute classified as the next privacy level.
h: hidden, c: committed, k: known
, e and v are random values.
CL digital signature
of a master
identity’s attributes
© Hitachi, Ltd. 2019. All rights reserved.
Auditable Anonymous Attributes
13
Regulations: Control with transparency by accredited auditor OA
For audit: Embed public key of OA as cryptographic commitment
• Phase commit: Either information secure binding or hiding
• Phase open: Zero-knowledge proof on authentication of commitment
Example: Camenisch-Shoup (CS) verifiable encryption
Verifier Prover
Auditor OA
1. Commit to OA with
CS encryption
2. Challenge: Request open CS
encryption of OA
3. Response: Zero-knowledge proof of OA
attributes
Subject
© Hitachi, Ltd. 2019. All rights reserved.
Hysteresis Signature against Codebreaking
14
• Development of quantum computers is progressing
• As early as around 2030 it is assumed that ECDSA etc.
used in Bitcoin etc. will be broken (Shor’s algorithm)
• In addition, there is a possibility of breaking hash function in finding
collisions (Grover’s algorithm)
Ref. Carlos A. Perez-Delgado, "WHAT QUANTUM COMPUTING MEANS FOR
CYBER SECURITY," TEISS 2018
© Hitachi, Ltd. 2019. All rights reserved.
Hysteresis Signature against Codebreaking
15
• Hysteresis Digital Signature is data provenance on the use of a
digital signature key (block chain technology)
• Weakness of cryptographic algorithms or compromise of secret key
cannot deteriorate the validity of the signature in the past
• i.e. NON-REPUDIATION OF PROVENANCE IN THE PAST
IV h(M1) Sign( IV || h(M1))
h(S1) h(M2) Sign(h(S1) || h(M2))
h(Sn-1) h(Mn) Sign(h(Sn-1) || h(Mn))
S1
S2
Sn
…
Chaining
© Hitachi, Ltd. 2019. All rights reserved.
Agenda
I. Challenge: Supply Chain Attack
II. IT Security: The Matrix and Data Provenance
III. SK4SC: Secure Kernel 4 Supply Chains
IV. Outlook: Usable HCI for Knowledge Societies
16
© Hitachi, Ltd. 2019. All rights reserved.
III. SK4SC: Secure Kernel 4 Supply Chains
Trust → Enforcement of rights on information sharing  Compliance
Hyper ledger blockchains
Request:
Search for d, d*
Input:
Design information d
Miners
…
Ledgers
Audit trail
Output:
Compliance report on
authentication of d, d*
Output:
Compliance report on
authentication of d, d*
Auditors
Personal attributes
Pseudonyms, biometrics,
(skAlice, pkAlice), …, and so on
including vulnerability and
incident reports
Personal attributes
Pseudonyms, biometrics,
(skBob, pkBob), …, and so on
including vulnerability and
incident reports
d, d*
Rights
d, d*
Rights
d, d*
Subjects
d, d*
Objects
Aggregation of
data provenance
SK4SC
by competition and anonymized
hyper ledger
© Hitachi, Ltd. 2019. All rights reserved. 18
Personal attributes
Pseudonyms, biometrics,
contact details, credit
card, interests, friends,
medical history,
belongings, and so on
including security
vulnerabilities and
incidents
IDA
Context of
master ID
1 ledger TAM open ledgersID ledger
ZKP guarantees
anonymity
Attempt to estimate
additional attribute
values
subset
Direct communication
Multiple
derived IDs
Unique
name/ledger
Authentication:
Compliance log
Trading partner, 3rd party
Discovery of
security design
information in
marketplace
a < attribute
value < b
search market
Exist?
Negotiate
smart
contract
on use
Y
N
Competition: Secure Search on Compliance
© Hitachi, Ltd. 2019. All rights reserved.
SK4SC: Verification with Symbolic Execution
19
d, claim
Alice Bob
Security proof by symbolic execution of protocols (i.e. TCSEC)
Secure public
directory
• To prove that only designated person can decipher: Zero-Knowledge Proof
• In future when one-way function broken: Hysteresis Digital Signature for recovery
(X, EncX)(Alice,
EncAlice)
(X, EncX)
(Bob, EncBob)
DecAlice DecBob
Dolev-Yao model
d, d*
Rights
d, d*
Subject
d, d*
Object
d, d*
Rights
d, d*
Subject
d, d*
Object
© Hitachi, Ltd. 2019. All rights reserved.
SK4SC: Potential for Secure Open Marketplace
20
CRM with royalties
Elderly Society
Education
eGovernment
Economy
Energy
Personal attributes
Pseudonyms, biometrics,
(skAlice, pkAlice), …, and
so on
including vulnerability
and incident reports
nym1 = 2343@24
nym5 = $##989
nym2 =
4711‘0815
nym4 =
abc‘def
nym3 =
**/34
Profile
Economy
Profile
Energy
Profile
Elderly Society
Profile
Education
Profile
eGovernment
Master
identity
nym0
→
2343@24,
4711‘081
5,
**/34,
abc‘def,
$##989
Royalty program provider
(Identity management provider)
Royalties for rights on using authentic information
© Hitachi, Ltd. 2019. All rights reserved.
IV. Outlook: Usable HCI for Knowledge Societies
21
Scientific exchange
From TRL 2 to TRL 5
• Concept: Verification of SK4SC privacy protocols
• Risk scenarios: Domain preferences & measurement
• Validation: Transaction phases with intermediaries
• Proof-of-Concept: Smart City
• Dissemination: Standardization activities
Multilateral security means providing security for all parties
concerned, requiring each party to only minimally trust in the
honesty of others (Günter Müller, 1999)
Usable HCI with CPS → Cybersecurity with multilateral contracts (e.g. GDPR, eIDAS)
SK4SC
© Hitachi, Ltd. 2019. All rights reserved.
Acknowledgement
22
This work was partly based on the knowledge by the Cabinet
Office (CAO), Cross-ministerial Strategic Innovation
Promotion Program (SIP), “Cybersecurity for Critical
Infrastructure” (funding agency: NEDO).
sven.wohlgemuth.kd@hitachi.com
Competitive Compliance with Blockchain
© Hitachi, Ltd. 2019. All rights reserved.
Data controller
OC terminal
Auditor OA
terminal
Data processor
OH terminal
Data processor
OP terminal
3) Get pk_OA for CS encryption of signature record
on cred issuance (authorization)
1) Request authorization for dS of OS from OC: context_(OC,OH);
show cred_OH on type-safety *
2) Certify authorization for OH : issue cred_(OC,OH) on nym_OH
Open Data
ledger
4) Update signature record for authorization
M_OH = nym_OH‖enc_OA(context_(OC,OH)‖{mj,k, k∈def}),
Bj=H(Bj-1‖M_OH),
S_(OC,OH) = sign_OC(Bj)
5) Generate ZKP values SPK for CL encryption of signature record by pk_OA
6) Propose (M_OH,Bj,S_(OC,OH)) and SPK
for new block
7) Check as miner (M_OH,Bj,S_(OC,OH)) and SPK;
add to new block
SK4SC: Secure Delegation of Rights
24* OS refers to the data subject, e.g., Alice or Bob, in accordance to the context
© Hitachi, Ltd. 2019. All rights reserved.
Data controller
OC terminal
Auditor OA
terminal
Data processor
OH terminal
Data processor
OP terminal
Open Data
ledger
1) Request dS of Os with cred_(OCOH): context_(OH,OP)
2) Request cred_OH on type-safety
3) Show cred_OH on type-safety
4) Check validity of cred_OH and cred_(OCOH)
with (M_OH,Bj,S_(CA,OH)) and SPK of CA;
(M_OH,Bj,S_(OC,OH)) and SPK of OC
5) Get pk_OA for CS encryption of signature
record on data provenance
6) Generate data provenance for d from OP to OH
M_(OP,OH) = H(dS) || nym_OP || nym_OH‖
Bj=H(Bj-1 || M_(OP,OH)
S_(OP,OH) = sign_OP(Bj)
Generate ZKP values SPK for CS encryption
of signature record by pk_OA
7) Propose (M_OH,Bj,S_(OC,OH)) and SPK
for new block8) Check as miner (M_(OP,OH),Bj,S_(OP,OH)) and
SPK; add to new block
9) dS of OS
SK4SC: Data Provenance
25* OS refers to the data subject, e.g., Alice or Bob, in accordance to the context
© Hitachi, Ltd. 2019. All rights reserved.
Proof of Inequality
26
ProofInequality*: ZKP that a certain attribute value m is m > mr is given as follows:
Δ=m-mr-1、a=1
Calculate u1, u2, u3, u4 such that
Let
Not limited to m > mr, the SPK can be configured similarly for another inequality.
Then
(Non-interactive)
ZKP
Parts of issuer’s public key for
Camenisch-Lysyanskaya signatures
Operator: ≡≻
* IBM Research Zurich Security Team, Specification of the identity mixer cryptographic library, version 2.3.40,
Technical Report, IBM Research, Zurich, 2013.View publication statsView publication stats

Contenu connexe

Tendances

What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?Ulf Mattsson
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics   ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics   ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bUlf Mattsson
 
Blockchain DeFi Platform Design & Development Webinar Agenda & References
Blockchain DeFi Platform Design & Development Webinar Agenda & ReferencesBlockchain DeFi Platform Design & Development Webinar Agenda & References
Blockchain DeFi Platform Design & Development Webinar Agenda & ReferencesAlex G. Lee, Ph.D. Esq. CLP
 
Bat38 aouini bogosalvarado_zk-snark_blockchain
Bat38 aouini bogosalvarado_zk-snark_blockchainBat38 aouini bogosalvarado_zk-snark_blockchain
Bat38 aouini bogosalvarado_zk-snark_blockchainBATbern
 
Cross domain autonomous cooperation cross-domain autonomous cooperation
Cross domain autonomous cooperation cross-domain autonomous cooperationCross domain autonomous cooperation cross-domain autonomous cooperation
Cross domain autonomous cooperation cross-domain autonomous cooperationPeter Waher
 
Practical analytics hands-on to cloud & IoT cyber threats
Practical analytics hands-on to cloud & IoT cyber threatsPractical analytics hands-on to cloud & IoT cyber threats
Practical analytics hands-on to cloud & IoT cyber threatsJorge Sebastiao
 
Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...
Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...
Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...eraser Juan José Calderón
 
Smart City Lecture 2 - Privacy in the Smart City
Smart City Lecture 2 - Privacy in the Smart CitySmart City Lecture 2 - Privacy in the Smart City
Smart City Lecture 2 - Privacy in the Smart CityPeter Waher
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloudUlf Mattsson
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAUlf Mattsson
 
All you need to know about SSI for Corporates and IoT – Heather Vescent
All you need to know about SSI for Corporates and IoT – Heather VescentAll you need to know about SSI for Corporates and IoT – Heather Vescent
All you need to know about SSI for Corporates and IoT – Heather VescentBlockchain España
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?Ulf Mattsson
 
A Secure Decision-Support Scheme for Self-Sovereign Identity Management
A Secure Decision-Support Scheme for Self-Sovereign Identity ManagementA Secure Decision-Support Scheme for Self-Sovereign Identity Management
A Secure Decision-Support Scheme for Self-Sovereign Identity ManagementSven Wohlgemuth
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoTFIDO Alliance
 
Open Identity Exchange - the Global Growth of Digital Identity
Open Identity Exchange - the Global Growth of Digital IdentityOpen Identity Exchange - the Global Growth of Digital Identity
Open Identity Exchange - the Global Growth of Digital IdentityUbisecure
 
Aditro - IAM as part of Cloud Business strategy
Aditro - IAM as part of Cloud Business strategyAditro - IAM as part of Cloud Business strategy
Aditro - IAM as part of Cloud Business strategyUbisecure
 
Why The Web Needs Decentralized Identifiers (DIDs) — Even if Google, Apple, a...
Why The Web Needs Decentralized Identifiers (DIDs) — Even if Google, Apple, a...Why The Web Needs Decentralized Identifiers (DIDs) — Even if Google, Apple, a...
Why The Web Needs Decentralized Identifiers (DIDs) — Even if Google, Apple, a...Evernym
 
Smart Gateways, Blockchain and the Internet of Things (Charalampos Doukas-Cre...
Smart Gateways, Blockchain and the Internet of Things (Charalampos Doukas-Cre...Smart Gateways, Blockchain and the Internet of Things (Charalampos Doukas-Cre...
Smart Gateways, Blockchain and the Internet of Things (Charalampos Doukas-Cre...AGILE IoT
 
Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...
Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...
Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...OpenID Foundation Japan
 

Tendances (20)

What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics   ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics   ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
 
Blockchain DeFi Platform Design & Development Webinar Agenda & References
Blockchain DeFi Platform Design & Development Webinar Agenda & ReferencesBlockchain DeFi Platform Design & Development Webinar Agenda & References
Blockchain DeFi Platform Design & Development Webinar Agenda & References
 
Bat38 aouini bogosalvarado_zk-snark_blockchain
Bat38 aouini bogosalvarado_zk-snark_blockchainBat38 aouini bogosalvarado_zk-snark_blockchain
Bat38 aouini bogosalvarado_zk-snark_blockchain
 
Cross domain autonomous cooperation cross-domain autonomous cooperation
Cross domain autonomous cooperation cross-domain autonomous cooperationCross domain autonomous cooperation cross-domain autonomous cooperation
Cross domain autonomous cooperation cross-domain autonomous cooperation
 
Practical analytics hands-on to cloud & IoT cyber threats
Practical analytics hands-on to cloud & IoT cyber threatsPractical analytics hands-on to cloud & IoT cyber threats
Practical analytics hands-on to cloud & IoT cyber threats
 
Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...
Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...
Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...
 
Smart City Lecture 2 - Privacy in the Smart City
Smart City Lecture 2 - Privacy in the Smart CitySmart City Lecture 2 - Privacy in the Smart City
Smart City Lecture 2 - Privacy in the Smart City
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloud
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACA
 
All you need to know about SSI for Corporates and IoT – Heather Vescent
All you need to know about SSI for Corporates and IoT – Heather VescentAll you need to know about SSI for Corporates and IoT – Heather Vescent
All you need to know about SSI for Corporates and IoT – Heather Vescent
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
 
A Secure Decision-Support Scheme for Self-Sovereign Identity Management
A Secure Decision-Support Scheme for Self-Sovereign Identity ManagementA Secure Decision-Support Scheme for Self-Sovereign Identity Management
A Secure Decision-Support Scheme for Self-Sovereign Identity Management
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoT
 
Open Banking beyond PSD2 in the EU
Open Banking beyond PSD2 in the EU Open Banking beyond PSD2 in the EU
Open Banking beyond PSD2 in the EU
 
Open Identity Exchange - the Global Growth of Digital Identity
Open Identity Exchange - the Global Growth of Digital IdentityOpen Identity Exchange - the Global Growth of Digital Identity
Open Identity Exchange - the Global Growth of Digital Identity
 
Aditro - IAM as part of Cloud Business strategy
Aditro - IAM as part of Cloud Business strategyAditro - IAM as part of Cloud Business strategy
Aditro - IAM as part of Cloud Business strategy
 
Why The Web Needs Decentralized Identifiers (DIDs) — Even if Google, Apple, a...
Why The Web Needs Decentralized Identifiers (DIDs) — Even if Google, Apple, a...Why The Web Needs Decentralized Identifiers (DIDs) — Even if Google, Apple, a...
Why The Web Needs Decentralized Identifiers (DIDs) — Even if Google, Apple, a...
 
Smart Gateways, Blockchain and the Internet of Things (Charalampos Doukas-Cre...
Smart Gateways, Blockchain and the Internet of Things (Charalampos Doukas-Cre...Smart Gateways, Blockchain and the Internet of Things (Charalampos Doukas-Cre...
Smart Gateways, Blockchain and the Internet of Things (Charalampos Doukas-Cre...
 
Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...
Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...
Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...
 

Similaire à Competitive Compliance with Blockchain

apidays LIVE London 2021 - Open Insurance & Smart Contracts by Giovanni Lesna...
apidays LIVE London 2021 - Open Insurance & Smart Contracts by Giovanni Lesna...apidays LIVE London 2021 - Open Insurance & Smart Contracts by Giovanni Lesna...
apidays LIVE London 2021 - Open Insurance & Smart Contracts by Giovanni Lesna...apidays
 
Securing your IoT Implementations
Securing your IoT ImplementationsSecuring your IoT Implementations
Securing your IoT ImplementationsTechWell
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trendsSsendiSamuel
 
IRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET-  	  Blockchain Technology in Cloud Computing : A Systematic ReviewIRJET-  	  Blockchain Technology in Cloud Computing : A Systematic Review
IRJET- Blockchain Technology in Cloud Computing : A Systematic ReviewIRJET Journal
 
Blockchain and Internet of Things
Blockchain and Internet of ThingsBlockchain and Internet of Things
Blockchain and Internet of ThingsValerie Lampkin
 
Blockchain for Media & Entertainment
Blockchain for Media & EntertainmentBlockchain for Media & Entertainment
Blockchain for Media & Entertainmentaccenture
 
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Amazon Web Services
 
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...AWS Summits
 
Impact of Blockchain on IT AuditBlockchain Techn.docx
Impact of Blockchain on IT AuditBlockchain Techn.docxImpact of Blockchain on IT AuditBlockchain Techn.docx
Impact of Blockchain on IT AuditBlockchain Techn.docxsheronlewthwaite
 
iDate: AI and blockchain
iDate: AI and blockchainiDate: AI and blockchain
iDate: AI and blockchain3G4G
 
AN IDENTITY MANAGEMENT SYSTEM USING BLOCKCHAIN
AN IDENTITY MANAGEMENT SYSTEM USING BLOCKCHAINAN IDENTITY MANAGEMENT SYSTEM USING BLOCKCHAIN
AN IDENTITY MANAGEMENT SYSTEM USING BLOCKCHAINIRJET Journal
 
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...ForgeRock
 
Cutting-Edge Network Behavior Audit Technology from BMST
Cutting-Edge Network Behavior Audit Technology from BMSTCutting-Edge Network Behavior Audit Technology from BMST
Cutting-Edge Network Behavior Audit Technology from BMSTBMST
 
Trust Data Sharing and Utilization Infrastructure for Sensitive Data Using Hy...
Trust Data Sharing and Utilization Infrastructure for Sensitive Data Using Hy...Trust Data Sharing and Utilization Infrastructure for Sensitive Data Using Hy...
Trust Data Sharing and Utilization Infrastructure for Sensitive Data Using Hy...Koshi Ikegawa
 
Blockchain IoT Workshop for the Aviation Planning Conference
Blockchain IoT Workshop for the Aviation Planning ConferenceBlockchain IoT Workshop for the Aviation Planning Conference
Blockchain IoT Workshop for the Aviation Planning ConferenceJim Gitney
 
BitGo Presents Multi-Sig Bitcoin Security at Inside Bitcoins NYC
BitGo Presents Multi-Sig Bitcoin Security at Inside Bitcoins NYCBitGo Presents Multi-Sig Bitcoin Security at Inside Bitcoins NYC
BitGo Presents Multi-Sig Bitcoin Security at Inside Bitcoins NYCWill O'Brien
 
[London HashiCorp] Securing Cloud Native Communication: From end user to serv...
[London HashiCorp] Securing Cloud Native Communication: From end user to serv...[London HashiCorp] Securing Cloud Native Communication: From end user to serv...
[London HashiCorp] Securing Cloud Native Communication: From end user to serv...Daniel Bryant
 
[CNCF Webinar] Securing Cloud Native Communication, From End User to Service
[CNCF Webinar] Securing Cloud Native Communication, From End User to Service[CNCF Webinar] Securing Cloud Native Communication, From End User to Service
[CNCF Webinar] Securing Cloud Native Communication, From End User to ServiceDaniel Bryant
 

Similaire à Competitive Compliance with Blockchain (20)

apidays LIVE London 2021 - Open Insurance & Smart Contracts by Giovanni Lesna...
apidays LIVE London 2021 - Open Insurance & Smart Contracts by Giovanni Lesna...apidays LIVE London 2021 - Open Insurance & Smart Contracts by Giovanni Lesna...
apidays LIVE London 2021 - Open Insurance & Smart Contracts by Giovanni Lesna...
 
Securing your IoT Implementations
Securing your IoT ImplementationsSecuring your IoT Implementations
Securing your IoT Implementations
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trends
 
IRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET-  	  Blockchain Technology in Cloud Computing : A Systematic ReviewIRJET-  	  Blockchain Technology in Cloud Computing : A Systematic Review
IRJET- Blockchain Technology in Cloud Computing : A Systematic Review
 
Towards the Blockchain-native Economy
Towards the Blockchain-native EconomyTowards the Blockchain-native Economy
Towards the Blockchain-native Economy
 
Blockchain and Internet of Things
Blockchain and Internet of ThingsBlockchain and Internet of Things
Blockchain and Internet of Things
 
Blockchain for Media & Entertainment
Blockchain for Media & EntertainmentBlockchain for Media & Entertainment
Blockchain for Media & Entertainment
 
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
 
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
 
Impact of Blockchain on IT AuditBlockchain Techn.docx
Impact of Blockchain on IT AuditBlockchain Techn.docxImpact of Blockchain on IT AuditBlockchain Techn.docx
Impact of Blockchain on IT AuditBlockchain Techn.docx
 
iDate: AI and blockchain
iDate: AI and blockchainiDate: AI and blockchain
iDate: AI and blockchain
 
AN IDENTITY MANAGEMENT SYSTEM USING BLOCKCHAIN
AN IDENTITY MANAGEMENT SYSTEM USING BLOCKCHAINAN IDENTITY MANAGEMENT SYSTEM USING BLOCKCHAIN
AN IDENTITY MANAGEMENT SYSTEM USING BLOCKCHAIN
 
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
 
Cutting-Edge Network Behavior Audit Technology from BMST
Cutting-Edge Network Behavior Audit Technology from BMSTCutting-Edge Network Behavior Audit Technology from BMST
Cutting-Edge Network Behavior Audit Technology from BMST
 
Trust Data Sharing and Utilization Infrastructure for Sensitive Data Using Hy...
Trust Data Sharing and Utilization Infrastructure for Sensitive Data Using Hy...Trust Data Sharing and Utilization Infrastructure for Sensitive Data Using Hy...
Trust Data Sharing and Utilization Infrastructure for Sensitive Data Using Hy...
 
Blockchain (for geeks)
Blockchain (for geeks)Blockchain (for geeks)
Blockchain (for geeks)
 
Blockchain IoT Workshop for the Aviation Planning Conference
Blockchain IoT Workshop for the Aviation Planning ConferenceBlockchain IoT Workshop for the Aviation Planning Conference
Blockchain IoT Workshop for the Aviation Planning Conference
 
BitGo Presents Multi-Sig Bitcoin Security at Inside Bitcoins NYC
BitGo Presents Multi-Sig Bitcoin Security at Inside Bitcoins NYCBitGo Presents Multi-Sig Bitcoin Security at Inside Bitcoins NYC
BitGo Presents Multi-Sig Bitcoin Security at Inside Bitcoins NYC
 
[London HashiCorp] Securing Cloud Native Communication: From end user to serv...
[London HashiCorp] Securing Cloud Native Communication: From end user to serv...[London HashiCorp] Securing Cloud Native Communication: From end user to serv...
[London HashiCorp] Securing Cloud Native Communication: From end user to serv...
 
[CNCF Webinar] Securing Cloud Native Communication, From End User to Service
[CNCF Webinar] Securing Cloud Native Communication, From End User to Service[CNCF Webinar] Securing Cloud Native Communication, From End User to Service
[CNCF Webinar] Securing Cloud Native Communication, From End User to Service
 

Plus de Sven Wohlgemuth

個人情報の有効活用を可能にする (Enabling effective use of personal information)
 個人情報の有効活用を可能にする (Enabling effective use of personal information) 個人情報の有効活用を可能にする (Enabling effective use of personal information)
個人情報の有効活用を可能にする (Enabling effective use of personal information)Sven Wohlgemuth
 
Tagging Disclosure of Personal Data to Third Parties to Preserve Privacy
Tagging Disclosure of Personal Data to Third Parties to Preserve PrivacyTagging Disclosure of Personal Data to Third Parties to Preserve Privacy
Tagging Disclosure of Personal Data to Third Parties to Preserve PrivacySven Wohlgemuth
 
Privacy-Enhancing Trust Infrastructure for Process Mining
Privacy-Enhancing Trust Infrastructure for Process MiningPrivacy-Enhancing Trust Infrastructure for Process Mining
Privacy-Enhancing Trust Infrastructure for Process MiningSven Wohlgemuth
 
EN 6.3: 3 Sicherheitsmodelle
EN 6.3: 3 SicherheitsmodelleEN 6.3: 3 Sicherheitsmodelle
EN 6.3: 3 SicherheitsmodelleSven Wohlgemuth
 
Privacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementPrivacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementSven Wohlgemuth
 
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...Sven Wohlgemuth
 
On Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health RecordsOn Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health RecordsSven Wohlgemuth
 
EN 6.3: 2 IT-Compliance und IT-Sicherheitsmanagement
EN 6.3: 2 IT-Compliance und IT-SicherheitsmanagementEN 6.3: 2 IT-Compliance und IT-Sicherheitsmanagement
EN 6.3: 2 IT-Compliance und IT-SicherheitsmanagementSven Wohlgemuth
 
EN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
EN 6.3: 1 IT-Sicherheit und Technischer DatenschutzEN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
EN 6.3: 1 IT-Sicherheit und Technischer DatenschutzSven Wohlgemuth
 
Privacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal InformationPrivacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal InformationSven Wohlgemuth
 
International Workshop on Information Systems for Social Innovation (ISSI) 2009
International Workshop on Information Systems for Social Innovation (ISSI) 2009International Workshop on Information Systems for Social Innovation (ISSI) 2009
International Workshop on Information Systems for Social Innovation (ISSI) 2009Sven Wohlgemuth
 
Durchsetzung von Privacy Policies in Dienstenetzen
Durchsetzung von Privacy Policies in DienstenetzenDurchsetzung von Privacy Policies in Dienstenetzen
Durchsetzung von Privacy Policies in DienstenetzenSven Wohlgemuth
 
Privacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementPrivacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementSven Wohlgemuth
 
Privacy in Business Processes by Identity Management
Privacy in Business Processes by Identity ManagementPrivacy in Business Processes by Identity Management
Privacy in Business Processes by Identity ManagementSven Wohlgemuth
 
Schlüsselverwaltung - Objektorientierter Entwurf und Implementierung
Schlüsselverwaltung - Objektorientierter Entwurf und ImplementierungSchlüsselverwaltung - Objektorientierter Entwurf und Implementierung
Schlüsselverwaltung - Objektorientierter Entwurf und ImplementierungSven Wohlgemuth
 
Resilience by Usable Security
Resilience by Usable SecurityResilience by Usable Security
Resilience by Usable SecuritySven Wohlgemuth
 
Sicherheit in einer vernetzten Welt
Sicherheit in einer vernetzten WeltSicherheit in einer vernetzten Welt
Sicherheit in einer vernetzten WeltSven Wohlgemuth
 
Solutions for Coping with Privacy and Usability
Solutions for Coping with Privacy and UsabilitySolutions for Coping with Privacy and Usability
Solutions for Coping with Privacy and UsabilitySven Wohlgemuth
 

Plus de Sven Wohlgemuth (20)

個人情報の有効活用を可能にする (Enabling effective use of personal information)
 個人情報の有効活用を可能にする (Enabling effective use of personal information) 個人情報の有効活用を可能にする (Enabling effective use of personal information)
個人情報の有効活用を可能にする (Enabling effective use of personal information)
 
Tagging Disclosure of Personal Data to Third Parties to Preserve Privacy
Tagging Disclosure of Personal Data to Third Parties to Preserve PrivacyTagging Disclosure of Personal Data to Third Parties to Preserve Privacy
Tagging Disclosure of Personal Data to Third Parties to Preserve Privacy
 
Privacy-Enhancing Trust Infrastructure for Process Mining
Privacy-Enhancing Trust Infrastructure for Process MiningPrivacy-Enhancing Trust Infrastructure for Process Mining
Privacy-Enhancing Trust Infrastructure for Process Mining
 
EN 6.3: 4 Kryptographie
EN 6.3: 4 KryptographieEN 6.3: 4 Kryptographie
EN 6.3: 4 Kryptographie
 
EN 6.3: 3 Sicherheitsmodelle
EN 6.3: 3 SicherheitsmodelleEN 6.3: 3 Sicherheitsmodelle
EN 6.3: 3 Sicherheitsmodelle
 
Privacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementPrivacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity Management
 
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
 
Privacy in e-Health
Privacy in e-HealthPrivacy in e-Health
Privacy in e-Health
 
On Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health RecordsOn Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health Records
 
EN 6.3: 2 IT-Compliance und IT-Sicherheitsmanagement
EN 6.3: 2 IT-Compliance und IT-SicherheitsmanagementEN 6.3: 2 IT-Compliance und IT-Sicherheitsmanagement
EN 6.3: 2 IT-Compliance und IT-Sicherheitsmanagement
 
EN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
EN 6.3: 1 IT-Sicherheit und Technischer DatenschutzEN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
EN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
 
Privacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal InformationPrivacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal Information
 
International Workshop on Information Systems for Social Innovation (ISSI) 2009
International Workshop on Information Systems for Social Innovation (ISSI) 2009International Workshop on Information Systems for Social Innovation (ISSI) 2009
International Workshop on Information Systems for Social Innovation (ISSI) 2009
 
Durchsetzung von Privacy Policies in Dienstenetzen
Durchsetzung von Privacy Policies in DienstenetzenDurchsetzung von Privacy Policies in Dienstenetzen
Durchsetzung von Privacy Policies in Dienstenetzen
 
Privacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementPrivacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity Management
 
Privacy in Business Processes by Identity Management
Privacy in Business Processes by Identity ManagementPrivacy in Business Processes by Identity Management
Privacy in Business Processes by Identity Management
 
Schlüsselverwaltung - Objektorientierter Entwurf und Implementierung
Schlüsselverwaltung - Objektorientierter Entwurf und ImplementierungSchlüsselverwaltung - Objektorientierter Entwurf und Implementierung
Schlüsselverwaltung - Objektorientierter Entwurf und Implementierung
 
Resilience by Usable Security
Resilience by Usable SecurityResilience by Usable Security
Resilience by Usable Security
 
Sicherheit in einer vernetzten Welt
Sicherheit in einer vernetzten WeltSicherheit in einer vernetzten Welt
Sicherheit in einer vernetzten Welt
 
Solutions for Coping with Privacy and Usability
Solutions for Coping with Privacy and UsabilitySolutions for Coping with Privacy and Usability
Solutions for Coping with Privacy and Usability
 

Dernier

Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx -  JoyPress WordpressPresentation2.pptx -  JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpressssuser166378
 
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteComputer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteMavein
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
Zero-day Vulnerabilities
Zero-day VulnerabilitiesZero-day Vulnerabilities
Zero-day Vulnerabilitiesalihassaah1994
 
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024Jan Löffler
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSedrianrheine
 
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxBio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxnaveenithkrishnan
 
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Shubham Pant
 
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfLESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfmchristianalwyn
 
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsVision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsRoxana Stingu
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSlesteraporado16
 
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdfIntroduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdfShreedeep Rayamajhi
 

Dernier (12)

Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx -  JoyPress WordpressPresentation2.pptx -  JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpress
 
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteComputer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a Website
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
Zero-day Vulnerabilities
Zero-day VulnerabilitiesZero-day Vulnerabilities
Zero-day Vulnerabilities
 
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
 
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxBio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptx
 
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024
 
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfLESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
 
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsVision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
 
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdfIntroduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
 

Competitive Compliance with Blockchain

  • 1. See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/331672930 Competitive Compliance with Blockchain Conference Paper · March 2019 CITATIONS 0 READS 139 4 authors, including: Some of the authors of this publication are also working on these related projects: Cyber-Security for Critical Infrastructure View project Mobile Security View project Sven Wohlgemuth Hitachi, Ltd. 122 PUBLICATIONS   265 CITATIONS    SEE PROFILE Katsuyuki Umezawa Shonan Institute of Technology 33 PUBLICATIONS   34 CITATIONS    SEE PROFILE All content following this page was uploaded by Sven Wohlgemuth on 11 April 2019. The user has requested enhancement of the downloaded file.
  • 2. © Hitachi, Ltd. 2019. All rights reserved. Competitive Compliance with Blockchain The 3rd Workshop on Security, Privacy and Trust in the Internet of Things in conjunction with IEEE PerCom 2019, Kyoto, Japan March 15th, 2019 Dr. Sven Wohlgemuth Hitachi, Ltd. R&D Group Prof. Dr. Katsuyuki Umezawa Shonan Institute of Technology Yusuke Mishina AIST CPSEC Dr. Kazuo Takaragi AIST CPSEC
  • 3. © Hitachi, Ltd. 2019. All rights reserved. OEM/Supplier Factory End customer Order Supply Verification of produced goods I. Supply Chain Attack 2 Supply chain (SC) attack refers to attacks such as - Tampering with products and services in the process of manufacturing, selling and operating software and hardware. - In addition to this, it refers to attacks that an organization receives through business partners, third parties, suppliers, etc. connected to its supply chain. Rating about satisfaction Order Delivery
  • 4. © Hitachi, Ltd. 2019. All rights reserved. Supply Chain Attack: Examples 3 SC attack examples • 2008.4 Counterfeiting of Cisco Systems routers manufactured outside the United States circulated in the United States • 2010.6 Malware embedding in Cisco Systems router exported from the United States • 2017.9 Windows optimization software "CCleaner" embeds malware in update information • 2018.4 US Department of Defense, US military bases around the world ban sales of HUAWEI · ZTE products • 2018.8 Taiwan TSMC manufacturing iPhone CPU temporarily shut down due to virus infection. 3Q sales declined 3%
  • 5. © Hitachi, Ltd. 2019. All rights reserved. Epoch of IT Support / Metaphors of IT Security 4 Castle Market place Bazaar Mainframe Internet Pervasive Computing “Good ones are inside; the bad ones are outside” Server-based Security Client-based Security Autonomous interaction Human interaction
  • 6. © Hitachi, Ltd. 2019. All rights reserved. Security and Privacy by Contract (e.g. GDPR) 5 Cyber Physical Search engine Aggregation & inference: d, d* Identity Identity d, claim d Digital evidence d* about d 1:1 1:n Man in the middle attack Inevitable incidents • Data breach • Limited information on enforcement Data subject Data controller Data processor Contract • Consensus on obligations • Bargaining rights Contract Accountability: Multilateral declaration of intent Accountability • Electronic seal • Qualified electronic signature
  • 7. © Hitachi, Ltd. 2019. All rights reserved. II. IT Security: The Matrix with Data Provenance 6 Security Policy Access conditions Obligations Sanctions Contractual identities Formalization of decidable rules Mt o1 = d … S1 = data subject {own, read, write} … S2 = data controller {cread} … S3 = data processor Mt+1 o1 = d S3 = cs S1 = data subject {own, read, write} S2 = data controller {read, write} {parent} S3 = data processor {read} Information sharing Delegation of rights Ternary access matrix (TAM) and state transitions Mt → Mt+1 Digital evidence on IT security (non-existence of data breach) Rights in compliance to contract?
  • 8. © Hitachi, Ltd. 2019. All rights reserved. Secure IT System depends on Secure Kernel 7 Trusted Computing Base/ Secure Kernel Don’t fail ! ObjectReference monitor Aggregated Audit trail Subject Access request to d, d* Grant access or deny access Man in the middle attack IT Security domain Audit console (IDS)
  • 9. © Hitachi, Ltd. 2019. All rights reserved. Client-based Security: Advantage of Peer-to-Peer 8 • We can synchronize the ledger even with vulnerable identities • On the premise that it is limited to what we agree (incl. TAM) i.e., ENABLES TRANSPARENCY OF DOING DEFINED ACTIVITIES
  • 10. © Hitachi, Ltd. 2019. All rights reserved. Accountability: Token -> Semantic (e.g. eIDAS) 9 Digital signature Hanko Secret key A pair of name and public key Contract document or attributes, and digital signature Each person preserves Registered seal impression Putting the seal
  • 11. © Hitachi, Ltd. 2019. All rights reserved. 10 • For Bitcoin, the contract document (or signer's attributes) written in the hyper ledger are plaintext only. • Individual's attribute information is written and sealed in the hyper register. Akiko's wallet Ichiro's wallet hyper ledger ・ Confirmation by miner 取引所か ら購入 Commit to Attribute Information of each User
  • 12. © Hitachi, Ltd. 2019. All rights reserved. Anonymous Attribute-Based Credential 11 Anonymous credentials * • It is a ciphertext with proof of the user’s identity. • It indicates that it is a person who falls into a certain category using arbitrarily inequalities, without revealing detail. • Protected by cryptography (zero-knowledge proof with digital signature) * Credentials: When used in network security, generic name of information used for implementing capability list for each subject as representation of access matrix Identity certificate Expire at 31 Mar, 2020 Registration 28-26936789 Name Akiko Yamada Birth day 22 Feb 1975 Address 2-4-7 Aomi, Koto-ku, Tokyo Possession data ○△×◻︎ Certificate date 4 Apr, 2018 印産総商会 ✓ Age in forty generations ✓ I have data △ □ Proved contents Filter type can be selected arbitrarily 印産総商会
  • 13. © Hitachi, Ltd. 2019. All rights reserved. Camenisch-Lysyanskaya (CL) Digital Signature 12 Issuing organization OI generates a secret key and public key for CL signature (based on strong RSA assumption) Then, OI generates a credential credj for user Uj such that where Let mi be an attribute classified as the next privacy level. h: hidden, c: committed, k: known , e and v are random values. CL digital signature of a master identity’s attributes
  • 14. © Hitachi, Ltd. 2019. All rights reserved. Auditable Anonymous Attributes 13 Regulations: Control with transparency by accredited auditor OA For audit: Embed public key of OA as cryptographic commitment • Phase commit: Either information secure binding or hiding • Phase open: Zero-knowledge proof on authentication of commitment Example: Camenisch-Shoup (CS) verifiable encryption Verifier Prover Auditor OA 1. Commit to OA with CS encryption 2. Challenge: Request open CS encryption of OA 3. Response: Zero-knowledge proof of OA attributes Subject
  • 15. © Hitachi, Ltd. 2019. All rights reserved. Hysteresis Signature against Codebreaking 14 • Development of quantum computers is progressing • As early as around 2030 it is assumed that ECDSA etc. used in Bitcoin etc. will be broken (Shor’s algorithm) • In addition, there is a possibility of breaking hash function in finding collisions (Grover’s algorithm) Ref. Carlos A. Perez-Delgado, "WHAT QUANTUM COMPUTING MEANS FOR CYBER SECURITY," TEISS 2018
  • 16. © Hitachi, Ltd. 2019. All rights reserved. Hysteresis Signature against Codebreaking 15 • Hysteresis Digital Signature is data provenance on the use of a digital signature key (block chain technology) • Weakness of cryptographic algorithms or compromise of secret key cannot deteriorate the validity of the signature in the past • i.e. NON-REPUDIATION OF PROVENANCE IN THE PAST IV h(M1) Sign( IV || h(M1)) h(S1) h(M2) Sign(h(S1) || h(M2)) h(Sn-1) h(Mn) Sign(h(Sn-1) || h(Mn)) S1 S2 Sn … Chaining
  • 17. © Hitachi, Ltd. 2019. All rights reserved. Agenda I. Challenge: Supply Chain Attack II. IT Security: The Matrix and Data Provenance III. SK4SC: Secure Kernel 4 Supply Chains IV. Outlook: Usable HCI for Knowledge Societies 16
  • 18. © Hitachi, Ltd. 2019. All rights reserved. III. SK4SC: Secure Kernel 4 Supply Chains Trust → Enforcement of rights on information sharing  Compliance Hyper ledger blockchains Request: Search for d, d* Input: Design information d Miners … Ledgers Audit trail Output: Compliance report on authentication of d, d* Output: Compliance report on authentication of d, d* Auditors Personal attributes Pseudonyms, biometrics, (skAlice, pkAlice), …, and so on including vulnerability and incident reports Personal attributes Pseudonyms, biometrics, (skBob, pkBob), …, and so on including vulnerability and incident reports d, d* Rights d, d* Rights d, d* Subjects d, d* Objects Aggregation of data provenance SK4SC by competition and anonymized hyper ledger
  • 19. © Hitachi, Ltd. 2019. All rights reserved. 18 Personal attributes Pseudonyms, biometrics, contact details, credit card, interests, friends, medical history, belongings, and so on including security vulnerabilities and incidents IDA Context of master ID 1 ledger TAM open ledgersID ledger ZKP guarantees anonymity Attempt to estimate additional attribute values subset Direct communication Multiple derived IDs Unique name/ledger Authentication: Compliance log Trading partner, 3rd party Discovery of security design information in marketplace a < attribute value < b search market Exist? Negotiate smart contract on use Y N Competition: Secure Search on Compliance
  • 20. © Hitachi, Ltd. 2019. All rights reserved. SK4SC: Verification with Symbolic Execution 19 d, claim Alice Bob Security proof by symbolic execution of protocols (i.e. TCSEC) Secure public directory • To prove that only designated person can decipher: Zero-Knowledge Proof • In future when one-way function broken: Hysteresis Digital Signature for recovery (X, EncX)(Alice, EncAlice) (X, EncX) (Bob, EncBob) DecAlice DecBob Dolev-Yao model d, d* Rights d, d* Subject d, d* Object d, d* Rights d, d* Subject d, d* Object
  • 21. © Hitachi, Ltd. 2019. All rights reserved. SK4SC: Potential for Secure Open Marketplace 20 CRM with royalties Elderly Society Education eGovernment Economy Energy Personal attributes Pseudonyms, biometrics, (skAlice, pkAlice), …, and so on including vulnerability and incident reports nym1 = 2343@24 nym5 = $##989 nym2 = 4711‘0815 nym4 = abc‘def nym3 = **/34 Profile Economy Profile Energy Profile Elderly Society Profile Education Profile eGovernment Master identity nym0 → 2343@24, 4711‘081 5, **/34, abc‘def, $##989 Royalty program provider (Identity management provider) Royalties for rights on using authentic information
  • 22. © Hitachi, Ltd. 2019. All rights reserved. IV. Outlook: Usable HCI for Knowledge Societies 21 Scientific exchange From TRL 2 to TRL 5 • Concept: Verification of SK4SC privacy protocols • Risk scenarios: Domain preferences & measurement • Validation: Transaction phases with intermediaries • Proof-of-Concept: Smart City • Dissemination: Standardization activities Multilateral security means providing security for all parties concerned, requiring each party to only minimally trust in the honesty of others (Günter Müller, 1999) Usable HCI with CPS → Cybersecurity with multilateral contracts (e.g. GDPR, eIDAS) SK4SC
  • 23. © Hitachi, Ltd. 2019. All rights reserved. Acknowledgement 22 This work was partly based on the knowledge by the Cabinet Office (CAO), Cross-ministerial Strategic Innovation Promotion Program (SIP), “Cybersecurity for Critical Infrastructure” (funding agency: NEDO). sven.wohlgemuth.kd@hitachi.com
  • 25. © Hitachi, Ltd. 2019. All rights reserved. Data controller OC terminal Auditor OA terminal Data processor OH terminal Data processor OP terminal 3) Get pk_OA for CS encryption of signature record on cred issuance (authorization) 1) Request authorization for dS of OS from OC: context_(OC,OH); show cred_OH on type-safety * 2) Certify authorization for OH : issue cred_(OC,OH) on nym_OH Open Data ledger 4) Update signature record for authorization M_OH = nym_OH‖enc_OA(context_(OC,OH)‖{mj,k, k∈def}), Bj=H(Bj-1‖M_OH), S_(OC,OH) = sign_OC(Bj) 5) Generate ZKP values SPK for CL encryption of signature record by pk_OA 6) Propose (M_OH,Bj,S_(OC,OH)) and SPK for new block 7) Check as miner (M_OH,Bj,S_(OC,OH)) and SPK; add to new block SK4SC: Secure Delegation of Rights 24* OS refers to the data subject, e.g., Alice or Bob, in accordance to the context
  • 26. © Hitachi, Ltd. 2019. All rights reserved. Data controller OC terminal Auditor OA terminal Data processor OH terminal Data processor OP terminal Open Data ledger 1) Request dS of Os with cred_(OCOH): context_(OH,OP) 2) Request cred_OH on type-safety 3) Show cred_OH on type-safety 4) Check validity of cred_OH and cred_(OCOH) with (M_OH,Bj,S_(CA,OH)) and SPK of CA; (M_OH,Bj,S_(OC,OH)) and SPK of OC 5) Get pk_OA for CS encryption of signature record on data provenance 6) Generate data provenance for d from OP to OH M_(OP,OH) = H(dS) || nym_OP || nym_OH‖ Bj=H(Bj-1 || M_(OP,OH) S_(OP,OH) = sign_OP(Bj) Generate ZKP values SPK for CS encryption of signature record by pk_OA 7) Propose (M_OH,Bj,S_(OC,OH)) and SPK for new block8) Check as miner (M_(OP,OH),Bj,S_(OP,OH)) and SPK; add to new block 9) dS of OS SK4SC: Data Provenance 25* OS refers to the data subject, e.g., Alice or Bob, in accordance to the context
  • 27. © Hitachi, Ltd. 2019. All rights reserved. Proof of Inequality 26 ProofInequality*: ZKP that a certain attribute value m is m > mr is given as follows: Δ=m-mr-1、a=1 Calculate u1, u2, u3, u4 such that Let Not limited to m > mr, the SPK can be configured similarly for another inequality. Then (Non-interactive) ZKP Parts of issuer’s public key for Camenisch-Lysyanskaya signatures Operator: ≡≻ * IBM Research Zurich Security Team, Specification of the identity mixer cryptographic library, version 2.3.40, Technical Report, IBM Research, Zurich, 2013.View publication statsView publication stats