Special issue | Blockchain and Artificial Intelligence for Network Security

Vol. 75, n° 3-4, March-April 2020
Content available on Springerlink

Guest editors

Editorial

Blockchain and artificial intelligence for network security

Diogo Menezes Ferrazani Mattos, Francine Krief, Sandra Julieta Rueda

 

A break-glass protocol based on ciphertext-policy attribute-based encryption to access medical records in the cloud

Marcela T. de Oliveira1, Alexandros Bakas2, Eugene Frimpong2, Adrien E. D. Groot1, Henk A. Marquering1, Antonis Michalas2, Silvia D. Olabarriaga1

(1) Amsterdam University Medical Centers, University of Amsterdam, The Netherlands
(2) Tampere University, Tampere, Finland

Abstract In emergency care, fast and efficient treatment is vital. The availability of Electronic Medical Records (EMR) allows healthcare professionals to access a patient’s data promptly, which facilitates the decision-making process and saves time by not repeating medical procedures. Unfortunately, the complete EMR of a patient is often not available during an emergency situation to all treatment teams. Cloud services emerge as a promising solution to this problem by allowing ubiquitous access to information. However, EMR storage and sharing through clouds raise several concerns about security and privacy. To this end, we propose a protocol through which all treatment teams involved in the emergency care can securely decrypt relevant data from the patient’s EMR and add new information about the patient’s status. Furthermore, our protocol ensures that treatment teams will only access the patient’s EMR for the period during which the patient is under their care. Finally, we present a formal security analysis of our protocol and some initial experimental results.

Keywords Ciphertext-policy attribute-based encryption . e-health privacy . Access control . Electronic medical records . Emergency care . Secure cloud storage . Break-glass access

MineCap: super incremental learning for detecting and blocking cryptocurrency mining on software-defined networking

Helio N. Cunha Neto1, Martin Andreoni Lopez2, Natalia C. Fernandes1, Diogo M. F. Mattos1

(1) MídiaCom/PPGEET/TET Universidade Federal Fluminense (UFF), Niterói, RJ, Brazil
(2) Samsung Research Institute, Campinas, SP, Brazil

Abstract Covert mining of cryptocurrency implies the use of valuable computing resources and high energy consumption. In this paper, we propose MineCap, a dynamic online mechanism for detecting and blocking covert cryptocurrency mining flows, using machine learning on software-defined networking. The proposed mechanism relies on Spark Streaming for online processing of network flows, and, when identifying a mining flow, it requests the flow blocking to the network controller.We also propose a learning technique called super incremental learning, a variant of the super learner applied to online learning, which takes the classification probabilities of an ensemble of classifiers as features for an incremental learning classifier. Hence, we design an accurate mechanism to classify mining flows that learn with incoming data with an average of 98% accuracy, 99% precision, 97% sensitivity, and 99.9% specificity and avoid concept drift–related issues.

Keywords Cryptocurrency · Machine learning · SDN · Mining · Super learner · Incremental learning · Super incremental learning

Improving threat detection in networks using deep learning

Fábio César Schuartz1, Mauro Fonseca1, Anelise Munaretto1

(1) Universidade Tecnólogica Federal do Paraná, Curitiba, PR, Brazil

Abstract Detecting threats on the Internet is a key factor in maintaining data and information security. An intrusion detection system tries to prevent such attacks from occurring through the analysis of patterns and behavior of the data stream in the network. This paper presents a large data stream detection and analysis distributed platform, through the use of machine learning to dimensionality reduction. The system is evaluated based on three criteria: the accuracy, the number of false positives,
and number of false negatives. Each classifier presented better accuracy when using 5 and 13 features, having fewer false positives and false negatives, allowing the detection of threats in real-time over a large volume of data, with greater precision.

Keywords Big data · Deep learning · Intrusion detection system · Machine learning · Real-time

On the detection of selfish mining and stalker attacks in blockchain networks

Vanessa Chicarino1 · Célio Albuquerque2 · Emanuel Jesus1 · Antônio Rocha2

(1) Directorate of Communications and Information Technology of the Brazilian Navy, Rio de Janeiro, Brazil
(2) Universidade Federal Fluminense (UFF), Rio de Janeiro, Brazil

Abstract The blockchain technology emerged in 2008 as a distributed peer to peer network structure, capable of ensuring security for transactions made using the Bitcoin digital currency, without the need for third party intermediaries to validate them. Although its beginning was linked to cryptocurrencies, its use has diversified over the recent years. There are various projects using the blockchain technology to perform document validation, electronic voting, tokenization of non-perishable goods, and many others. With its increasing use, concern arises with possible attacks that could threaten the integrity of the consensus of the chain. One of the well-known attacks to the blockchain consensus mechanism is the selfish mining attack, in which malicious nodes can deflect their behavior from the standard pattern by not immediately disclosing their newly mined blocks. This malicious behavior can result in a disproportionate share of rewards for those nodes, especially if they have a significant processing power. The goal of this paper is to present a simple heuristic to detect the presence of selfish mining attack (and variants) in blockchain networks that use the proof-of-work (PoW) consensus algorithm. The proposal is
to signal when the blockchain fork height deviates from the standard, indicating when the network is under the influence of such attacks.

Keywords Blockchain · Selfish mining · Stalker attack · Distributed consensus

Proof of usage: user-centric consensus for data provision
and exchange

Samuel Masseport1,2 · Jorick Lartigau1 · Benoît Darties2 · Rodolphe Giroudeau2

(1) Pikcio SAS, Montpellier, France
(2) LIRMM, University of Montpellier, CNRS, Montpellier, France

Abstract This paper presents a new consensus algorithm, Proof of Usage (PoU), for the blockchain technology. This consensus is introduced for permissioned (or private) blockchains and is designed for a user-centric personal data market. This market is subject to specific regulations with which conventional blockchains fail to comply. Proof of Usage aims to promote a new paradigm dedicated to usage incentivization, valuation, and control of user data in various sectors, such as banking and insurance. Other consensuses such as Proof of Stake or historical Proof of Work do not encourage coin spending and usage (in fact, Proof of Stake promotes the opposite). However, the value of the currency mainly depends on its use. This paper first introduces a contextualization of blockchain technology and decentralized consensus models. The motivation is then discussed for a new model of personal data exchange in a decentralized but supervised environment. The PoU protocol and its process flow are defined in detail. Furthermore, the paper explores two different approaches regarding the reward mechanism and the incentive model. Finally, the paper focuses on security requirements and how PoU meets such requirements in a permissioned-based blockchain system.

Keywords Bitcoin · Blockchain · Consensus · Data privacy

Consistency, availability, and partition tolerance in blockchain: a survey on the consensusmechanism over peer-to-peer networking

Gabriel R. Carrara1 · Leonardo M. Burle1 · Dianne S. V. Medeiros1 · Célio Vinicius N. de Albuquerque1 · Diogo M. F. Mattos1

(1) MídiaCom/PPGEET/TET/IC, Universidade Federal Fluminense (UFF), Niterói, RJ, Brazil

Abstract The Blockchain is a disruptive technology that relies on the distributed nature of the peer-to-peer network while performing an agreement, or consensus, a mechanism to achieve an immutable, global, and consistent registry of all transactions. Thus, a key challenge in developing blockchain solutions is to design the consensus mechanism properly. As a consequence of being a distributed application, any consensus mechanism is restricted to offer two of three properties: consistency, availability, and partition tolerance. In this paper, we survey the main consensus mechanisms on blockchain solutions, and we highlight the properties of each one. Moreover, we differentiate both deterministic and probabilistic consensus mechanisms, and we highlight coordination solutions that facilitate the data distribution on the blockchain, without the need for a sophisticated consensus mechanism.

Keywords Consensus mechanisms · CAP theorem · Blockchain · Peer-to-peer network