Token-based Access Research Articles

Mitigating DDOS Attacks from IP-Rotating Bots Using Token-Based Access Control

Mitigating DDOS Attacks from IP-Rotating Bots Using Token-Based Access Control

Designing A Blockchain-Empowered Telehealth Artifact for Decentralized Identity Management and Trustworthy Communication: Interdisciplinary Approach.

Telehealth played a critical role during the COVID-19 pandemic and continues to function as an essential component of health care. Existing platforms cannot ensure privacy and prevent cyberattacks. The main objectives of this study are to understand existing cybersecurity issues in identity management and trustworthy communication processes in telehealth platforms and to design a software architecture integrated with blockchain to improve security and trustworthiness with acceptable performance. We improved personal information security in existing telehealth platforms by adopting an innovative interdisciplinary approach combining design science, social science, and computer science in the health care domain, with prototype implementation. We used the design science research methodology to implement our overall design. We innovated over existing telehealth platforms with blockchain integration that improves health care delivery services in terms of security, privacy, and efficiency. We adopted a user-centric design approach and started with user requirement collection, followed by system functionality development. Overall system implementation facilitates user requirements, thus promoting user behavior for the adoption of the telehealth platform with decentralized identity management and an access control mechanism. Our investigation identified key challenges to identity management and trustworthy communication processes in telehealth platforms used in the current health care domain. By adopting distributed ledger technology, we proposed a decentralized telehealth platform to support identity management and a trustworthy communication process. Our design and prototype implementation using a smart contract-driven telehealth platform to provide decentralized identity management and trustworthy communication with token-based access control addressed several security challenges. This was substantiated by testing with 10,000 simulated transactions across 5 peers in the Rahasak blockchain network. The proposed design provides resistance to common attacks while maintaining a linear time overhead, demonstrating improved security and efficiency in telehealth services. We evaluated the performance in terms of transaction throughput, smart contract execution time, and block generation time. To create a block with 10,000 transactions, it takes 8 seconds on average, which is an acceptable overhead for blockchain-based applications. We identified technical limitations in current telehealth platforms. We presented several design innovations using blockchain to prototype a system. We also presented the implementation details of a unique distributed architecture for a trustworthy communication system. We illustrated how this design can overcome privacy, security, and scalability limitations. Moreover, we illustrated how improving these factors sets the stage for improving and standardizing the application and for the wide adoption of blockchain-enabled telehealth platforms.

Social Engineering Cyber Threats

The article explores the pervasive threat of social engineering in cybersecurity, emphasizing its success in infiltrating information systems by manipulating individuals rather than employing traditional hacking methods. The author underscores the vulnerability arising from human trust, as individuals, especially those lacking technology education, tend to be targets. While cryptography offers partial security, social engineering complicates overall system security. Mitigation strategies include educating employees on threats, risks, and security policies, coupled with enforcing penalties for noncompliance. Additionally, employing two-factor authentication and physical token-based access adds layers of protection. The article delves into semantic attacks, classifying various exploitation methods and emphasizing the critical role of user awareness. It addresses prevalent scams such as phishing, vishing, impersonation, and smishing, noting their impact on individuals and organizations. The study extends its focus globally, highlighting a unique advance fee fraud targeting vulnerable populations. Social engineering remains a significant challenge despite technological advancements, necessitating a multifaceted approach combining technical defenses, education, and public awareness.

Innovations in Multi-Factor Authentication: Exploring OAuth for Enhanced Security

In an era where digital security breaches are becoming increasingly sophisticated, multi-factor authentication (MFA) has emerged as a critical defense mechanism to protect sensitive data and systems. OAuth (Open Authorization) has gained prominence as an advanced protocol in the landscape of MFA, offering enhanced security through its token-based authorization model. This paper explores innovations in multi-factor authentication with a particular focus on OAuth, analyzing its effectiveness, implementation challenges, and the benefits it brings to modern security frameworks. OAuth operates as a protocol that provides secure delegated access to applications without exposing user credentials. Traditionally, MFA combines multiple forms of authentication, such as passwords, biometric data, and hardware tokens, to verify user identity. OAuth enhances this process by enabling secure, token-based access, which minimizes the risks associated with credential theft and phishing attacks. By allowing users to authorize third-party applications to access their data on their behalf, OAuth reduces the need for users to share their passwords with multiple services, thereby mitigating potential security threats. The adoption of OAuth in MFA strategies introduces several innovations. Firstly, it supports the use of access tokens that are short-lived and specific to particular resources or actions. This temporary nature of tokens limits the impact of a potential breach, as compromised tokens have a limited lifespan. Secondly, OAuth incorporates scopes, which define the exact permissions granted to a third party. This granular control over access rights ensures that applications only receive the minimum level of access necessary, further reducing security risks. Implementing OAuth for MFA, however, is not without its challenges. One major issue is the complexity of integrating OAuth with existing authentication systems. Organizations must ensure that OAuth tokens are securely generated, transmitted, and validated to prevent unauthorized access. Additionally, the secure management of refresh tokens, which are used to obtain new access tokens, is crucial to maintaining the integrity of the authentication process. The need for rigorous token management practices and robust security measures is essential to prevent potential vulnerabilities. Despite these challenges, the benefits of incorporating OAuth into MFA strategies are significant. OAuth enhances user experience by allowing single sign-on (SSO) capabilities, reducing the need for users to remember multiple passwords. This streamlined approach not only improves user convenience but also strengthens security by minimizing password-related vulnerabilities. Moreover, OAuth's support for various authentication factors, including biometric verification and hardware tokens, allows organizations to implement a comprehensive MFA strategy that aligns with their security requirements. The evolution of OAuth in MFA represents a significant advancement in the field of digital security. By leveraging OAuth’s token-based model, organizations can enhance their authentication processes, reduce the risk of credential-related attacks, and provide a more secure user experience. As cybersecurity threats continue to evolve, the integration of OAuth into MFA strategies will play a pivotal role in safeguarding sensitive information and ensuring the integrity of digital interactions.

Enhancing Microservices Security with Token-Based Access Control Method.

Microservices are compact, independent services that work together with other microservices to support a single application function. Organizations may quickly deliver high-quality applications using the effective design pattern of the application function. Microservices allow for the alteration of one service in an application without affecting the other services. Containers and serverless functions, two cloud-native technologies, are frequently used to create microservices applications. A distributed, multi-component program has a number of advantages, but it also introduces new security risks that are not present in more conventional monolithic applications. The objective is to propose a method for access control that ensures the enhanced security of microservices. The proposed method was experimentally tested and validated in comparison to the centralized and decentralized architectures of the microservices. The obtained results showed that the proposed method enhanced the security of decentralized microservices by distributing the access control responsibility across multiple microservices within the external authentication and internal authorization processes. This allows for easy management of permissions between microservices and can help prevent unauthorized access to sensitive data and resources, as well as reduce the risk of attacks on microservices.

Designing digital currency wallets for broad adoption

For most citizens, the primary touch point for central bank digital currency (CBDC) transactions would be a digital currency wallet. A CBDC wallet may have attributes in common with a cryptocurrency wallet and others in common with a mobile payment wallet. If a CBDC is built on distributed ledger technology with token-based access, it would have even more in common with a cryptocurrency wallet than a mobile payment wallet. The unbanked population is increasingly using cryptocurrency wallets and mobile payment wallets. To promote broad adoption of a CBDC among populations currently underserved by the financial industry, governments will first need a greater understanding of the barriers to adoption. This paper examines the user-facing issues pertaining to access and financial inclusion, usability, security, privacy and interoperability, and identifies 11 key user-centred issues relating to the use of CBDC wallets, along with recommendations to address these issues. By adopting these recommendations, a CBDC wallet would better meet the needs of populations underserved by the traditional financial system.

Blockchain-Empowered Token-Based Access Control System with User Reputation Evaluation

Blockchain-Empowered Token-Based Access Control System with User Reputation Evaluation

Opportunities for using blockchain in distributed solar energy projects

The involvement of many stakeholders from diverse sectors throughout the distributed solar energy (DSE) project lifecycle and their discrete commitments to the project have lessened the stakeholder understanding in each other’s contribution. Communication between the stakeholders is not continuous and systematic; thus, the project information is not well-communicated for accurate decision making. Therefore, DSE projects have not yet won the complete stakeholder trust and its adoption in the building industry is not yet fully accepted. This study aims at exploring the opportunities for using blockchain technology to reduce/eliminate the trust issues and communication gaps along the DSE lifecycle. The study conducts 50 semi-structured interviews with building and energy stakeholders to identify the issues/ limitations which (1) reduce the stakeholder trust on DSE technologies and applications and (2) generate communication gaps along the DSE project lifecycle. Findings reveal that most of the issues/ limitations occurred due to the unavailability of a common platform for communication and information sharing, unavailability of information, improper record keeping and limited information security. The unique features of blockchain technology such as (1) distributed ledger technology (DLT), (2) smart contracts, (3) token-based access control, and (4) automated consensus and forking can effectively eliminate the identified issues/ limitations by providing (1) information accuracy and reliability, (2) information security, (3) open access to project information, (4) systematic record keeping and (5) proper governance of the system. The outcome of this study provides a systematic approach to increase the quality of communication in DSE projects design and management.

A blockchain-based access control and intrusion detection framework for satellite communication systems

Recent works have shown great potentials for enhancing satellite communications (SATCOM) in terms of security and privacy from blockchains and smart contracts. However, smart contracts deployed on the blockchain also suffer from various attacks, e.g., illegal trigger and access, continuous intrusion, which causes critical threats toward blockchain-based SATCOM. In this paper, we first design a token-based access control mechanism for smart contracts with dynamic adjustment of the access control rules (ACRs), which guarantees that only authorized users can trigger and execute specific smart contracts. We then propose an intrusion detection mechanism for smart contracts to detect attacks against smart contracts in an effective and real-time way. Based on these mechanisms, we propose an access control and intrusion detection framework, dubbed ACID, to resist various attacks while remaining all characteristics and functionalities of the underlying blockchain-based SATCOM system. We conduct a comprehensive evaluation, which demonstrates that ACID is secure, feasible, and efficient.

Token-Based Access Control

Traditional centralized access control has some shortcomings in robustness, trustworthiness and circulation. Blockchains have the advantages of fault tolerance and trust. Smart contracts have the characteristics of automatic execution and flexible expansion. Tokens can well record credential information and transfer easily. In this paper, blockchain, smart contract and token are integrated and applied to access control to solve the shortcomings of traditional access control. First, access control, blockchain, smart contract and token are briefly described. Second, this paper proposes a solution by giving the general data structure of access control token, elaborating the equivalence, split, merge and verification algorithms of access control token, and explaining the system architecture of token-based access control. Last, this paper uses a token-based access control simulation system to verify that token-based access control has certain comparative advantages in robustness, trustworthiness, circulation, concurrency and so on.

Blockchain-based Object Name Service with Tokenized Authority

Today, the Internet of Things (IoT) technology is applied everywhere, providing tremendous amounts of IoT service. The GS1, a non-profit international standards organization, has established standards for IoT technology. Especially, the GS1 standardized an Object Name Service (ONS) leveraging DNS's distributed and federated infrastructure, enables users to manage and discover IoT services such as the retail, food, healthcare, smart city, and so on. However, the ONS is vulnerable to the data tampering, privilege escalation, and service fault caused by DNS attacks including the man in the middle, cache poisoning, replay, hijacking, and denial of service attacks. Nowadays, IoT services are used in security-sensitive areas, such as finance and healthcare. Therefore, the security of ONS should be strengthened before causing severe problems such as data breach, economic loss, and social loss. In this paper, we propose a blockchain-based ONS with a tokenized authority called the BlockONS. The BlockONS provides strength in the data tampering and privilege escalation allowing a fault tolerance. The BlockONS consists of a content off-chain scaling, a data tampering validation method, a fault-tolerance method, and a Blockchain Token-Based Access Control (BTBAC) method. We designed the BlockONS into two parts: A BlockONS Node part manages the validation method and BTBAC model. A BlockONS Agent part manages the off-chain scaling and fault tolerance. Finally, we implemented the BlockONS leveraging a Hyperledger Sawtooth blockchain. We proved the proposed validation method, fault tolerance method, and BTBAC method through use cases and security analyses on attack situations. We deployed the BlockONS in the Daejeon city and evaluated the performance to show the feasibility of the BlockONS.

A resource-oriented middleware in a prototype cyber-physical manufacturing system

The interconnection among heterogeneous sensors and data acquisition equipment in cyber-physical systems have profound significance in achieving adaptability, flexibility, and transparency. Various middlewares have been developed in cyber-physical systems to collect, aggregate, correlate, and translate system monitoring data. Existing middleware solutions are normally highly customized, which face several challenges due to the highly dynamic and harsh production environments. The data generated by sensors can only be shared by specific applications, which prevents the reusability of sensors. Moreover, the lack of uniform access to sensors causes high cost and low efficiency in application development. To address these issues, a resource-oriented middleware architecture called ROMiddleware was proposed, and three key enabling technologies including heterogeneous sensor modeling and grouping, open application programming interfaces development, and token-based access right control mechanism have been developed. Under the guidance of the key enabling technologies, a prototype of ROMiddleware was implemented and its performance was evaluated. Finally, two applications were developed to stress the significance of ROMiddleware. The results show that ROMiddleware can meet the requirements of data acquisition in cyber-physical systems.

A media access and feedback protocol for reliable multicast over wireless channel

A link level reliable multicast requires a channel access protocol to resolve the collision of feedback messages sent by multicast data receivers. Several deterministic media access control protocols have been proposed to attain high reliability, but with large delay. Besides, there are also protocols which can only give probabilistic guarantee about reliability, but have the least delay. In this paper, we propose a virtual token-based channel access and feedback protocol (VTCAF) for link level reliable multicasting. The VTCAF protocol introduces a virtual (implicit) token passing mechanism based on carrier sensing to avoid the collision between feedback messages. The delay performance is improved in VTCAF protocol by reducing the number of feedback messages. Besides, the VTCAF protocol is parametric in nature and can easily trade off reliability with the delay as per the requirement of the underlying application. Such a cross layer design approach would be useful for a variety of multicast applications which require reliable communication with different levels of reliability and delay performance. We have analyzed our protocol to evaluate various performance parameters at different packet loss rate and compared its performance with those of others. Our protocol has also been simulated using Castalia network simulator to evaluate the same performance parameters. Simulation and analytical results together show that the VTCAF protocol is able to considerably reduce average access delay while ensuring very high reliability at the same time.