Nikolaos Alexopoulos

Beyond the Hype: On Using Blockchains in Trust Management for Authentication

Trust Management (TM) systems for authentication are vital to the security of online interactions, which are ubiquitous in our everyday lives. Various systems, like the Web PKI (X.509) and PGPs Web of Trust are used to manage trust in this setting. In recent years, blockchain technology has been introduced as a panacea to our security problems, including that of authentication, without sufficient reasoning, as to its merits.In this work, we investigate the merits of using open distributed ledgers (ODLs), such as the one implemented by blockchain technology, for securing TM systems for authentication. We formally model such systems, and explore how blockchain can help mitigate attacks against them. After formal argumentation, we conclude that in the context of Trust Management for authentication, blockchain technology, and ODLs in general, can offer considerable advantages compared to previous approaches. Our analysis is, to the best of our knowledge, the first to formally model and argue about the security of TM systems for authentication, based on blockchain technology. To achieve this result, we first provide an abstract model for TM systems for authentication. Then, we show how this model can be conceptually encoded in a blockchain, by expressing it as a series of state transitions. As a next step, we examine five prevalent attacks on TM systems, and provide evidence that blockchain-based solutions can be beneficial to the security of such systems, by mitigating, or completely negating such attacks.

Towards Secure Distributed Trust Management on a Global Scale: An analytical approach for applying Distributed Ledgers for authorization in the IoT

Authorization, and more generally Trust Management (TM), is an indispensable part of the correct operation of most IT systems. The advent of the Internet of Things (IoT), with its cyber-physical and distributed nature, creates new challenges, that existing TM systems cannot adequately address, such as for example the need for non-interactive exclusive access enforcement. In the meantime, a line of thought in the research community is that Distributed Ledgers (DLs), like the one implemented by the Ethereum blockchain, can provide strong security guarantees for distributed access control. However, this approach has not yet been examined in a scientific, systematic manner, and has many pitfalls, with arguably the most important one being scalability. In this paper, we critically explore the shortcomings of existing solutions for trust management in distributed networks, pinpoint which of these shortcomings can be addressed by utilizing DLs, and offer a conceptual design for a scalable, secure TM system. Our design approaches the problem in three layers, namely a global, an intermediate group or shard layer, and a local layer, corresponding to the set of embedded devices behind an internet access point. We view our design as a novel first step, helping the community to produce more secure and realistic authorization solutions for the IoT, in the near future.

On enhancing trust in cryptographic solutions: student research abstract

Public key cryptography and its applications can be found in almost every aspect of online communication nowadays. Connecting to the website of your bank or to your email server by establishing a TLS connection are just two popular examples. Integral to achieving a secure connection to these services is, among others, authenticating their identity, i.e., that a certain public key belongs to the person or service that claims it. That is, a trust network is necessary in order to enable secure communication in any kind of scalable and dynamic network. Such networks are expected to be more and more common as the Internet of Things paradigm gets widely adopted. Existing approaches, namely the Web PKI and the various Webs of Trust are inherently vulnerable to attacks and cannot solve the problem in the long run.

Towards Blockchain-Based Collaborative Intrusion Detection Systems

In an attempt to cope with the increased number of cyber-attacks, research in Intrusion Detection System IDSs is moving towards more collaborative mechanisms. Collaborative IDSs (CIDSs) are such an approach; they combine the knowledge of a plethora of monitors to generate a holistic picture of the monitored network. Despite the research done in this field, CIDSs still face a number of fundamental challenges, especially regarding maintaining trust among the collaborating parties. Recent advances in distributed ledger technologies, e.g. various implementations of blockchain protocols, are a good fit to the problem of enhancing trust in collaborative environments. This paper touches the intersection of CIDSs and blockchains. Particularly, it introduces the idea of utilizing blockchain technologies as a mechanism for improving CIDSs. We argue that certain properties of blockchains can be of significant benefit for CIDSs; namely for the improvement of trust between monitors, and for providing accountability and consensus. For this, we study the related work and highlight the research gaps and challenges towards such a task. Finally, we propose a generic architecture for the incorporation of blockchains into the field of CIDSs and an analysis of the design decisions that need to be made to implement such an architecture.