AUTONOMOUS SECURITY SERVICES FOR ORGANIZATIONS ASSISTED BY BLOCKCHAIN AND CRYPTOGRAPHIC PROTOCOLS

Abstract

Security services are essential for organizations, enterprises, and individuals to protect their network, data, resources, services, privileges, databases, cloud and web access, and administrative tasks. These services include encryption and authentication using the Public Key Infrastructure (PKI) mechanism, privacy using the Privilege Management Infrastructure (PMI) and Identity and Access Management (IdAM), Provenance using track and trace, and Integrity Assurance using end-to-end trustworthiness. These security services are the cornerstones for surviving in the modern digital world. Centralized enforcement mechanisms for security services are vulnerable to security attacks and issues that have been documented throughout history. The literature presents numerous blockchain-empowered security service mechanisms for PKI, PMI, IdAM, Provenance, and Integrity Assurance. However, the existing solutions in these security mechanisms, including their frameworks, architectures, designs, algorithms, and implementations, are thoroughly reviewed and critically analyzed. The conclusion drawn is that there is room for improvement in these areas to improve security through autonomous security services to enhance security operations. Autonomous security services enhance human capabilities, improve response times, and enhance overall security posture in an increasingly complex and dynamic threat landscape. This research aims to design autonomous security service mechanisms for PKI, PMI, IdAM, Provenance, and Integrity Assurance using blockchain and cryptographic protocols. The objective is to improve performance in terms of computational effort and security features, as compared to existing techniques. In the encryption and authentication security services part, the focus of this research is to propose a blockchain-based PKI mechanism within a privately trusted, managed, and publicly trusted PKI domain. The performance of the proposed designs is evaluated through proof of concept experiments and deployment to test the effectiveness of the proposed PKI mechanisms. Additionally, the quantitative results obtained are benchmarked against the corresponding results acquired from the existing techniques. The comparison results highlight the significance of the mechanism in terms of computational effort. Collectively, we referred to all the contributions of this dissertation in this domain as “PKI 3600 .” xiii In the privacy security services part, PMI mechanisms have been proposed for organizations and enterprises. The focus of this domain is to propose blockchain-based PMI mechanisms in the Privileges in PKI (PPKI), and Privileges in Functional PKI (PFPKI) in privately trusted, managed, and publicly trusted PMI domains. The validation of the proposed designs has been performed through proof of concept. The proposed mechanisms comply with the X.509 PMI standard and are efficient in terms of computational effort. We referred to all the contributions of this dissertation in this domain collectively as “PMI 3600 .” In the privacy security services part, IdAM mechanisms have been proposed. The focus of the IdAM domain is to propose blockchain-based IdAM mechanisms in trans organizational, intra-, and inter-domain environments, used both with and without bridging entities. The IdAM enforcement design considers identity, attribute, and role-based access control security policies. Simulation experiments and deployment are used to evaluate the performance of the proposed designs and test the effectiveness of the IdAM mechanisms. Additionally, the obtained quantitative results are compared to those of existing techniques to assess their significance in terms of computational effort. The results demonstrate that the proposed schemes outperform existing solutions. Collectively, we referred to all the contributions of this dissertation in this domain as “IdAM 3600" In the provenance security services part, the mechanisms are presented for the contagious disease vaccination and immunity licenses. Within this domain, three protocols are defined to manage health licenses for contagious diseases. Performance evaluation is conducted through proof of concept experiments and deployment to test the effectiveness of proposed provenance mechanisms. Additionally, the quantitative results obtained are benchmarked against the corresponding results acquired from the existing techniques. The comparison results demonstrate the significance of the mechanism in terms of computational effort, showing that the proposed schemes outperform existing solutions. In the integrity assurance security services part, mechanisms for end-to-end trustworthiness are proposed for Command, Control, Communication, and Intelligence (C3I) military systems. The focus of this domain is to propose blockchain-based solutions for ensuring integrity in commanding operations and data collected from battlefield environments. Performance evaluation is conducted through proof of concept experiments and deployment to test the effectiveness of the proposed provenance mechanisms. The quantitative results obtained from the proof of concept experiments demonstrate the advantages and importance of implementing these mechanisms in terms of computational effort. This dissertation referred to all its contributions in this domain collectively as “Integrity Assurance in C3I 3600.