End to End Integrity Protection for Web Application Using Blockchain

Abstract

Web application uses a remote web server to stores its wide range of data. The data could be financial records, news, stock prices, weather forecast or medical record of patients. So, a web application is totally dependent on a remote potentially hostile web server for the security of its data and query results. If an attacker gets control over the web server, one cannot guarantee the integrity of data and query results. If an attacker tampersthe critical data like stock prices or diagnostic medical records of patient present on a web server that is to be used in decision making, it can cause some severe monetary and health damages. Although we cannot prevent the data from getting tampered, however, we can detect if someone has illegally tampered it. Instead of being tamper resistant we have provided an efficient and secure tamper evident solution to this problem. Our solution provides strong evidence to data user (decision maker) that if data provided by the server is tampered or not, even if the server is complete control of an attacker. Using blockchain technology as a trust base, our practical solution guarantees the correctness and freshness of data with minimum overhead. To check if the solution is practically convenient, we have integrated our solution with remote medical web application and evaluated its results. In a remote medical web application, a patient remotely uploads its diagnostic data, and physician (decision maker) evaluates the patient uploaded data and prescribe the medications accordingly. Our solution provides an efficient, secure and strong proof to the decision maker or physician that if patient’s data is been illegally tampered or not on compromised web server. The provided solution can be integrated with any web application by adding minimal changes in the application’s existing structure