Safeguarding a formalized Blockchain-enabled identity-authentication protocol by applying security risk-oriented patterns. Issue 86 (September 2019)
- Record Type:
- Journal Article
- Title:
- Safeguarding a formalized Blockchain-enabled identity-authentication protocol by applying security risk-oriented patterns. Issue 86 (September 2019)
- Main Title:
- Safeguarding a formalized Blockchain-enabled identity-authentication protocol by applying security risk-oriented patterns
- Authors:
- Norta, Alex
Matulevičius, Raimundas
Leiding, Benjamin - Abstract:
- Abstract: Designing government independent and secure identification- and authentication protocols is a challenging task. Design flaws and missing specifications as well as security- and privacy issues of such protocols pose considerable user risks. Formal methods, such as Colored Petri Nets (CPN), are utilised for the design, development and analysis of such new protocols in order to detect flaws and mitigate identified security risks before deployment. This paper fills the gap, by applying in a novel way a set of security risk-oriented patterns (SRP) to the so-called Authcoin protocol that we formalise using CPN. The initial formal model of Authcoin facilitates the detection and elimination of design flaws, missing specifications as well as security- and privacy issues. The additional risk- and threat analysis based on the Information Systems Security Risk Management (ISSRM) domain model we perform on the formal CPN models of the protocol. The identified risks are mitigated by applying SRPs to the formal model of the Authcoin protocol. SRPs are a means to mitigate common security- and privacy risks in a business-process context by applying thoroughly tested and proven best-practice solutions. The goal of this work is to test the utility of SRPs outside of the the usual application domain, to reduce the risks and vulnerabilities of the Authcoin protocol.
- Is Part Of:
- Computers & security. Issue 86(2019)
- Journal:
- Computers & security
- Issue:
- Issue 86(2019)
- Issue Display:
- Volume 86, Issue 86 (2019)
- Year:
- 2019
- Volume:
- 86
- Issue:
- 86
- Issue Sort Value:
- 2019-0086-0086-0000
- Page Start:
- 253
- Page End:
- 269
- Publication Date:
- 2019-09
- Subjects:
- Authcoin -- Colored petri net -- Authentication -- Security -- Patterns -- Access control -- Identity -- Blockchain -- Smart contract -- Formal verification
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2019.05.017 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 16503.xml