by Dr. Kaitai Liang, TUD
The Project REWIRE aims to advance the state-of-the-art in auditing & certification, IoT misbehavior detection, threat intelligence data sharing, and security management through the use of blockchain technologies. In this project, we design and implement a blockchain overlay that includes prototype tools, APIs, and components to provide secure data sharing based on traceable and credible security auditing activities. Our main tasks include defining the architecture and detailed specifications of the blockchain framework and smart contracts, designing trust-aware continuous authorization and secure communication services leveraging verifiable credentials, implementing secure decentralized oracles for on-/off-chain data management, designing advanced mechanisms for decentralized data integrity and secure access control in data sharing, and implementing runtime evidence monitoring and collection.
Low efficiency blockchain can limit the number of transactions that can be processed within a given time, making the platform less practical for large-scale adoption. This can lead to long transaction times and high transaction fees, both of which can discourage users from using the platform. For example, in supply chain management, delays in tracking and verifying the movement of goods can cause inefficiencies and disruptions. We employ fast and cost-effective blockchain platform for our use cases that require real-time data processing and immediate transaction settlement.
However, traditional blockchain platforms lack trust in their smart contracts and nodes infrastructure. To address this, we embed smart contracts with trusted hardware to capture the trustworthiness of any data updates utilizing cryptographic enablers to validate the integrity of the updates, enforcing updates efficiently, and enabling security audits. We also design Trusted Execution Environment (TEE)-based nodes to control and manage the ledger copy and smart contracts, with each node installed along with the REWIRE TEE to provide sufficient cryptographic tools for data unpacking, such as decryption and digital verification.
In addition, we develop an in/out blockchain data filtering layer via the design of blockchain-based oracles. Since data stored within and outside the blockchain are in different formats and types, the blockchain cannot store all types and sizes of data, and the blockchain data itself cannot be interpreted naturally for the outside world. To address this issue, we develop oracles to extract outside-world data and make them store on-chain while wrapping up the blockchain data for external services.
We also design the oracles as an intermediate layer for on-chain and off-chain data storage, with the ability to refer to small-size and real-time data to the on-chain ledger and index original and large-scale data to the off-chain data storage infrastructure. The oracles bridge the connections between the on-chain and off-chain data and reflect them on the (on-chain) ledger. To inject “trust” into the oracles, we put them into TEE within a trusted and safe surrounding so that the data filtering functionality can be authenticated and trustworthy.
In conclusion, we focus on utilizing blockchain technologies to enhance auditing & certification, IoT misbehavior detection, threat intelligence data sharing, and security management. We employ various techniques such as embedding smart contracts with trusted hardware, designing TEE-based nodes, and developing blockchain-based oracles to provide secure and trustworthy data sharing.
Pingback: Data Format Fusion Mechanism - Rewire project