Safeguarding a formalized Blockchain-enabled identity-authentication protocol by applying security risk-oriented patterns

Safeguarding a formalized Blockchain-enabled identity-authentication protocol by applying security risk-oriented patterns

Designing government independent and secure identification- and authentication protocols is a challenging task. Design flaws and missing specifications as well as security- and privacy issues of such protocols pose considerable user risks. Formal methods, such as Colored Petri Nets (CPN), are utilis...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computers & security 2019-09, Vol.86, p.253-269
Hauptverfasser: Norta, Alex, Matulevičius, Raimundas, Leiding, Benjamin
Format: Artikel
Sprache:eng
Schlagworte:
Access control
Authcoin
Authentication
Blockchain
Colored petri net
Cryptography
Cybersecurity
Flaw detection
Formal verification
Identity
Information management
Patterns
Petri nets
Privacy
Protocol
Risk analysis
Risk management
Security
Smart contract
Specifications
Threat evaluation
Vulnerability
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 269
container_issue
container_start_page 253
container_title Computers & security
container_volume 86
creator Norta, Alex
Matulevičius, Raimundas
Leiding, Benjamin
description Designing government independent and secure identification- and authentication protocols is a challenging task. Design flaws and missing specifications as well as security- and privacy issues of such protocols pose considerable user risks. Formal methods, such as Colored Petri Nets (CPN), are utilised for the design, development and analysis of such new protocols in order to detect flaws and mitigate identified security risks before deployment. This paper fills the gap, by applying in a novel way a set of security risk-oriented patterns (SRP) to the so-called Authcoin protocol that we formalise using CPN. The initial formal model of Authcoin facilitates the detection and elimination of design flaws, missing specifications as well as security- and privacy issues. The additional risk- and threat analysis based on the Information Systems Security Risk Management (ISSRM) domain model we perform on the formal CPN models of the protocol. The identified risks are mitigated by applying SRPs to the formal model of the Authcoin protocol. SRPs are a means to mitigate common security- and privacy risks in a business-process context by applying thoroughly tested and proven best-practice solutions. The goal of this work is to test the utility of SRPs outside of the the usual application domain, to reduce the risks and vulnerabilities of the Authcoin protocol.
doi_str_mv 10.1016/j.cose.2019.05.017
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2287978270</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0167404818302670</els_id><sourcerecordid>2287978270</sourcerecordid><originalsourceid>FETCH-LOGICAL-c328t-adf39343dad9f8bf2adb3d21b54990e23a3b87d4fc8b97f2b0b52cca931cb3ca3</originalsourceid><addsrcrecordid>eNp9kMtLxDAQxoMouD7-AU8Fz615dLcpeFHxBQse1HOYvHaz1qYmqVD_elPWs6cZht_3zcyH0AXBFcFkdbWrlI-mopi0FV5WmDQHaEF4Q8sVxfwQLTLUlDWu-TE6iXGHM7HifIGmV7BmM0LQrt8UUFgfPqFzP0YXt51XH2oLri9ND7LLI6dNn1yaShjTdm4VJOf7Ygg-eeW7Qk4FDEM3zWbRqDFkuAgufpQ-uCzIHgOkZEIfz9CRhS6a8796it4f7t_unsr1y-Pz3c26VIzyVIK2rGU106Bby6WloCXTlMhl3bbYUAZM8kbXVnHZNpZKLJdUKWgZUZIpYKfocu-bj_waTUxi58fQ55WCUt60DacNzhTdUyr4GIOxYgjuE8IkCBZzxGIn5ojFHLHAS5EDzKLrvcjk-7-dCSKq_KUy2gWjktDe_Sf_BXVkiYo</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2287978270</pqid></control><display><type>article</type><title>Safeguarding a formalized Blockchain-enabled identity-authentication protocol by applying security risk-oriented patterns</title><source>Elsevier ScienceDirect Journals Complete</source><creator>Norta, Alex ; Matulevičius, Raimundas ; Leiding, Benjamin</creator><creatorcontrib>Norta, Alex ; Matulevičius, Raimundas ; Leiding, Benjamin</creatorcontrib><description>Designing government independent and secure identification- and authentication protocols is a challenging task. Design flaws and missing specifications as well as security- and privacy issues of such protocols pose considerable user risks. Formal methods, such as Colored Petri Nets (CPN), are utilised for the design, development and analysis of such new protocols in order to detect flaws and mitigate identified security risks before deployment. This paper fills the gap, by applying in a novel way a set of security risk-oriented patterns (SRP) to the so-called Authcoin protocol that we formalise using CPN. The initial formal model of Authcoin facilitates the detection and elimination of design flaws, missing specifications as well as security- and privacy issues. The additional risk- and threat analysis based on the Information Systems Security Risk Management (ISSRM) domain model we perform on the formal CPN models of the protocol. The identified risks are mitigated by applying SRPs to the formal model of the Authcoin protocol. SRPs are a means to mitigate common security- and privacy risks in a business-process context by applying thoroughly tested and proven best-practice solutions. The goal of this work is to test the utility of SRPs outside of the the usual application domain, to reduce the risks and vulnerabilities of the Authcoin protocol.</description><identifier>ISSN: 0167-4048</identifier><identifier>EISSN: 1872-6208</identifier><identifier>DOI: 10.1016/j.cose.2019.05.017</identifier><language>eng</language><publisher>Amsterdam: Elsevier Ltd</publisher><subject>Access control ; Authcoin ; Authentication ; Blockchain ; Colored petri net ; Cryptography ; Cybersecurity ; Flaw detection ; Formal verification ; Identity ; Information management ; Patterns ; Petri nets ; Privacy ; Protocol ; Risk analysis ; Risk management ; Security ; Smart contract ; Specifications ; Threat evaluation ; Vulnerability</subject><ispartof>Computers &amp; security, 2019-09, Vol.86, p.253-269</ispartof><rights>2019 Elsevier Ltd</rights><rights>Copyright Elsevier Sequoia S.A. Sep 2019</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c328t-adf39343dad9f8bf2adb3d21b54990e23a3b87d4fc8b97f2b0b52cca931cb3ca3</citedby><cites>FETCH-LOGICAL-c328t-adf39343dad9f8bf2adb3d21b54990e23a3b87d4fc8b97f2b0b52cca931cb3ca3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.sciencedirect.com/science/article/pii/S0167404818302670$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>314,776,780,3537,27901,27902,65534</link.rule.ids></links><search><creatorcontrib>Norta, Alex</creatorcontrib><creatorcontrib>Matulevičius, Raimundas</creatorcontrib><creatorcontrib>Leiding, Benjamin</creatorcontrib><title>Safeguarding a formalized Blockchain-enabled identity-authentication protocol by applying security risk-oriented patterns</title><title>Computers &amp; security</title><description>Designing government independent and secure identification- and authentication protocols is a challenging task. Design flaws and missing specifications as well as security- and privacy issues of such protocols pose considerable user risks. Formal methods, such as Colored Petri Nets (CPN), are utilised for the design, development and analysis of such new protocols in order to detect flaws and mitigate identified security risks before deployment. This paper fills the gap, by applying in a novel way a set of security risk-oriented patterns (SRP) to the so-called Authcoin protocol that we formalise using CPN. The initial formal model of Authcoin facilitates the detection and elimination of design flaws, missing specifications as well as security- and privacy issues. The additional risk- and threat analysis based on the Information Systems Security Risk Management (ISSRM) domain model we perform on the formal CPN models of the protocol. The identified risks are mitigated by applying SRPs to the formal model of the Authcoin protocol. SRPs are a means to mitigate common security- and privacy risks in a business-process context by applying thoroughly tested and proven best-practice solutions. The goal of this work is to test the utility of SRPs outside of the the usual application domain, to reduce the risks and vulnerabilities of the Authcoin protocol.</description><subject>Access control</subject><subject>Authcoin</subject><subject>Authentication</subject><subject>Blockchain</subject><subject>Colored petri net</subject><subject>Cryptography</subject><subject>Cybersecurity</subject><subject>Flaw detection</subject><subject>Formal verification</subject><subject>Identity</subject><subject>Information management</subject><subject>Patterns</subject><subject>Petri nets</subject><subject>Privacy</subject><subject>Protocol</subject><subject>Risk analysis</subject><subject>Risk management</subject><subject>Security</subject><subject>Smart contract</subject><subject>Specifications</subject><subject>Threat evaluation</subject><subject>Vulnerability</subject><issn>0167-4048</issn><issn>1872-6208</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2019</creationdate><recordtype>article</recordtype><recordid>eNp9kMtLxDAQxoMouD7-AU8Fz615dLcpeFHxBQse1HOYvHaz1qYmqVD_elPWs6cZht_3zcyH0AXBFcFkdbWrlI-mopi0FV5WmDQHaEF4Q8sVxfwQLTLUlDWu-TE6iXGHM7HifIGmV7BmM0LQrt8UUFgfPqFzP0YXt51XH2oLri9ND7LLI6dNn1yaShjTdm4VJOf7Ygg-eeW7Qk4FDEM3zWbRqDFkuAgufpQ-uCzIHgOkZEIfz9CRhS6a8796it4f7t_unsr1y-Pz3c26VIzyVIK2rGU106Bby6WloCXTlMhl3bbYUAZM8kbXVnHZNpZKLJdUKWgZUZIpYKfocu-bj_waTUxi58fQ55WCUt60DacNzhTdUyr4GIOxYgjuE8IkCBZzxGIn5ojFHLHAS5EDzKLrvcjk-7-dCSKq_KUy2gWjktDe_Sf_BXVkiYo</recordid><startdate>201909</startdate><enddate>201909</enddate><creator>Norta, Alex</creator><creator>Matulevičius, Raimundas</creator><creator>Leiding, Benjamin</creator><general>Elsevier Ltd</general><general>Elsevier Sequoia S.A</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>K7.</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>201909</creationdate><title>Safeguarding a formalized Blockchain-enabled identity-authentication protocol by applying security risk-oriented patterns</title><author>Norta, Alex ; Matulevičius, Raimundas ; Leiding, Benjamin</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c328t-adf39343dad9f8bf2adb3d21b54990e23a3b87d4fc8b97f2b0b52cca931cb3ca3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2019</creationdate><topic>Access control</topic><topic>Authcoin</topic><topic>Authentication</topic><topic>Blockchain</topic><topic>Colored petri net</topic><topic>Cryptography</topic><topic>Cybersecurity</topic><topic>Flaw detection</topic><topic>Formal verification</topic><topic>Identity</topic><topic>Information management</topic><topic>Patterns</topic><topic>Petri nets</topic><topic>Privacy</topic><topic>Protocol</topic><topic>Risk analysis</topic><topic>Risk management</topic><topic>Security</topic><topic>Smart contract</topic><topic>Specifications</topic><topic>Threat evaluation</topic><topic>Vulnerability</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Norta, Alex</creatorcontrib><creatorcontrib>Matulevičius, Raimundas</creatorcontrib><creatorcontrib>Leiding, Benjamin</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Criminal Justice (Alumni)</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computers &amp; security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Norta, Alex</au><au>Matulevičius, Raimundas</au><au>Leiding, Benjamin</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Safeguarding a formalized Blockchain-enabled identity-authentication protocol by applying security risk-oriented patterns</atitle><jtitle>Computers &amp; security</jtitle><date>2019-09</date><risdate>2019</risdate><volume>86</volume><spage>253</spage><epage>269</epage><pages>253-269</pages><issn>0167-4048</issn><eissn>1872-6208</eissn><abstract>Designing government independent and secure identification- and authentication protocols is a challenging task. Design flaws and missing specifications as well as security- and privacy issues of such protocols pose considerable user risks. Formal methods, such as Colored Petri Nets (CPN), are utilised for the design, development and analysis of such new protocols in order to detect flaws and mitigate identified security risks before deployment. This paper fills the gap, by applying in a novel way a set of security risk-oriented patterns (SRP) to the so-called Authcoin protocol that we formalise using CPN. The initial formal model of Authcoin facilitates the detection and elimination of design flaws, missing specifications as well as security- and privacy issues. The additional risk- and threat analysis based on the Information Systems Security Risk Management (ISSRM) domain model we perform on the formal CPN models of the protocol. The identified risks are mitigated by applying SRPs to the formal model of the Authcoin protocol. SRPs are a means to mitigate common security- and privacy risks in a business-process context by applying thoroughly tested and proven best-practice solutions. The goal of this work is to test the utility of SRPs outside of the the usual application domain, to reduce the risks and vulnerabilities of the Authcoin protocol.</abstract><cop>Amsterdam</cop><pub>Elsevier Ltd</pub><doi>10.1016/j.cose.2019.05.017</doi><tpages>17</tpages></addata></record>
fulltext fulltext
identifier ISSN: 0167-4048
ispartof Computers & security, 2019-09, Vol.86, p.253-269
issn 0167-4048
1872-6208
language eng
recordid cdi_proquest_journals_2287978270
source Elsevier ScienceDirect Journals Complete
subjects Access control
Authcoin
Authentication
Blockchain
Colored petri net
Cryptography
Cybersecurity
Flaw detection
Formal verification
Identity
Information management
Patterns
Petri nets
Privacy
Protocol
Risk analysis
Risk management
Security
Smart contract
Specifications
Threat evaluation
Vulnerability
title Safeguarding a formalized Blockchain-enabled identity-authentication protocol by applying security risk-oriented patterns
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-20T20%3A41%3A30IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Safeguarding%20a%20formalized%20Blockchain-enabled%20identity-authentication%20protocol%20by%20applying%20security%20risk-oriented%20patterns&rft.jtitle=Computers%20&%20security&rft.au=Norta,%20Alex&rft.date=2019-09&rft.volume=86&rft.spage=253&rft.epage=269&rft.pages=253-269&rft.issn=0167-4048&rft.eissn=1872-6208&rft_id=info:doi/10.1016/j.cose.2019.05.017&rft_dat=%3Cproquest_cross%3E2287978270%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2287978270&rft_id=info:pmid/&rft_els_id=S0167404818302670&rfr_iscdi=true