Actor-based Risk Analysis for Blockchains in Smart Mobility Ranwa - - PowerPoint PPT Presentation

actor based risk analysis for blockchains in smart
SMART_READER_LITE
LIVE PREVIEW

Actor-based Risk Analysis for Blockchains in Smart Mobility Ranwa - - PowerPoint PPT Presentation

Sep 28, 2022 382 likes •582 views

Actor-based Risk Analysis for Blockchains in Smart Mobility Ranwa Al Mallah, Bilal Farooq Laboratory of Innovations in Transportation, Ryerson University, Toronto, Canada, CryBlock @ MobiCom 2020 September 25, 2020 Ranwa et al., 2020

slide-1
SLIDE 1

Actor-based Risk Analysis for Blockchains in Smart Mobility

Ranwa Al Mallah, Bilal Farooq

Laboratory of Innovations in Transportation, Ryerson University, Toronto, Canada, CryBlock @ MobiCom 2020

September 25, 2020

Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 1 / 19

slide-2
SLIDE 2

Table of Contents

1

Introduction

2

Methodology

3

Risk assessment of the BSMD

4

Outcomes

5

Conclusion and future work

Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 2 / 19

slide-3
SLIDE 3

Table of Contents

1

Introduction

2

Methodology

3

Risk assessment of the BSMD

4

Outcomes

5

Conclusion and future work

Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 3 / 19

slide-4
SLIDE 4

Motivation

Nowadays, transportation data are shared across multiple entities and stored in central servers. Multi-layered Blockchain framework for Smart Mobility Data-market (BSMD) was recently proposed to solve the privacy, security and management [1]. Security issues related to blockchain are critical in terms of cybersecurity.

Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 4 / 19

slide-5
SLIDE 5

Related work

Studies Methodology Drawbacks Li et al., [2]

  • Examination of security

risks/survey of attacks to popular blockchains.

  • Do not consider the risk

as a function of probabil- ity and impact.

  • Analyze related vulnerabil-

ities exploited.

  • Real scope of the risk is

not described. Atzei et al., [3]

  • Analyze security vulnerabil-

ities of smart contracts.

  • Don’t account for vari-
  • us nature of threats.
  • Show a series of attacks.
  • Isolate analysis from a

security programming. Homoliak et al., [4]

  • Hierarchy of four layers.
  • Don’t quantify risk.
  • Identified

four threat agents and report vulnera- bilities at each layer.

  • Generic architecture not

evaluated

  • n

realistic blockchain.

Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 5 / 19

slide-6
SLIDE 6

Multi-layered Blockchain model for Smart Mobility Data-market (BSMD)

Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 6 / 19

slide-7
SLIDE 7

Table of Contents

1

Introduction

2

Methodology

3

Risk assessment of the BSMD

4

Outcomes

5

Conclusion and future work

Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 7 / 19

slide-8
SLIDE 8

Methodology

Definitions:

◮ Actor: Entity violates integrity/privacy/confidentiality to obtain a

benefit.

◮ Attack goal: Final effect desired by actor with impact on victim. ◮ Scenario: Set of actions carried by actor to achieve his attack goal. ◮ Impact: Quantification of the attack goal’s effect on the victim. ◮ Vulnerability: A flaw that offers the opportunity to damage a system.

Actor-based risk analysis:

◮ STEP 1: Identify potential actors. ◮ STEP 2: Determine the attack goals. ◮ STEP 3: Quantify the impact on the victim of such attack goals. Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 8 / 19

slide-9
SLIDE 9

Table of Contents

1

Introduction

2

Methodology

3

Risk assessment of the BSMD

4

Outcomes

5

Conclusion and future work

Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 9 / 19

slide-10
SLIDE 10

Actor-based risk analysis : Step 1

Identify potential actors:

◮ A1. Cybercriminals ◮ A2. Industrial spies ◮ A3. Foreign Intelligence Agencies ◮ A4. Terrorist groups ◮ A5. Insider threat Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 10 / 19

slide-11
SLIDE 11

Actor-based risk analysis : Step 2

Determine the attack goals:

◮ G1. Gain knowledge about the data-market ◮ G2. Access sensitive data on the nodes of the network ◮ G3. Manipulate and modify blockchain information ◮ G4. Sabotage activities ◮ G5. Induce participants in the blockchain network to make errors Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 11 / 19

slide-12
SLIDE 12

Actor-based risk analysis : Step 3

Impact types: Monetary, Privacy, Integrity, Trust.

Impact levels Risk treatment

  • 1. Minor

Accept

  • 2. Significant

Accept

  • 3. Severe

Manage 4 . Catastrophic Refuse

Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 12 / 19

slide-13
SLIDE 13

Actor-based risk analysis : Step 3

Impact on the victims by attack goal - Monetary (M), Privacy (P), Integrity (I) and Trust (T). Impact scale ranges from 1 to 4, with 4 being the most severe. Goal M P I T G1 - Gain knowledge about the data-market 1 2

  • 1

G2 - Access sensitive data 2 3

  • 2

G3 - Manipulate and modify blockchain information 3 2 4 4 G4 - Sabotage activities 3

  • 2

3 G5 - Induce participants to make errors 2

  • 3

3

Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 13 / 19

slide-14
SLIDE 14

Table of Contents

1

Introduction

2

Methodology

3

Risk assessment of the BSMD

4

Outcomes

5

Conclusion and future work

Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 14 / 19

slide-15
SLIDE 15

Outcomes

In terms of monetary, privacy, integrity and trust, G3 represents a risk that is either unacceptable or undesirable. G1 results in an acceptable or negligible risk because the benefits that the system brings are greater than the potential risk. In terms of monetary impact, G2, G3, G4 and G5 represent a risk in terms of economic losses. In terms of privacy impact, G2 is the riskiest attack goal. In terms of integrity and trust, G3 and G5 have a catastrophic impact

  • n the trust of the blockchain system.

Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 15 / 19

slide-16
SLIDE 16

Table of Contents

1

Introduction

2

Methodology

3

Risk assessment of the BSMD

4

Outcomes

5

Conclusion and future work

Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 16 / 19

slide-17
SLIDE 17

Conclusion and future work

Actor-based risk analysis of a realistic blockchain for smart mobility data-markets showed impacts at four scales. Extend the analysis to a scenario-based risk assessment. Perform a combined risk assessment. Detection mechanisms specific for the data-market ecosystem should be designed.

Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 17 / 19

slide-18
SLIDE 18

References

[1] D. Lopez, B. Farooq, A multi-layered blockchain framework for smart mobility data-markets, in: Transportation Research Part C: Emerging Technologies, 2020,

  • pp. 588-615.

[2] X. Li, P. Jiang, T. Chen, X. Luo, Q. Wen, A survey on the security of blockchain systems, Future Generation Computer Systems (2017). [3] N. Atzei, M. Bartoletti, T. Cimoli, A survey of attacks on ethereum smart contracts (sok), in: International conference on principles of security and trust, Springer, 2017, pp. 164–186. [4] I. Homoliak, S. Venugopalan, Q. Hum, P. Szalachowski, A security reference architecture for blockchains, in: 2019 IEEE International Conference on Blockchain (Blockchain), IEEE, 2019, pp. 390–397.

Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 18 / 19

slide-19
SLIDE 19

THANK YOU ranwa.almallah@ryerson.ca

Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 19 / 19