Secured and Flexible Blockchain-Based Non-governmental Identity-Authentication for Sociotechnical Systems Applications.
by Alex Norta
ABSTRACT: In his keynote speech, Alex aims to give an overview of his curious way into security research that culminates in experiencing the Estonian eID system with all its pros and cons. Realizing that government-based identity authentication is potentially a threat to the freedoms of individual citizens, the keynote speech focuses on ongoing research about the non-governmental blockchain-based Authcoin system that is developed formally using Colored Petri Nets (CPN) and further security checked with a set of security risk-oriented patterns (SRP). The initial formal model of Authcoin facilitates the detection and elimination of design flaws, missing specifications as well as security- and privacy issues. The additional risk- and threat analysis based on the Information Systems Security Risk Management (ISSRM) domain model we perform on the formal CPN models of the protocol. The identified risks are mitigated by applying security risk patterns (SRP) to the formal model of the Authcoin protocol. SRPs are a means to mitigate common security- and privacy risks in a business-process context by applying thoroughly tested and proven best-practice solutions. Thus, by applying such a security test on the untypical domain of the highly distributed CPN-formalized Authcoin protocol, we perform a stress test for the ISSRM and existing set of SRPs that yields limitations, open issues and scope for future work. Since Authcoin is implemented as a first feasibility prototype with the blockchain-based Qtum smart-contracts system for which Alex wrote the ICO-whitepaper, he presents also the planned technical realization path for Athcoin.
Alex Norta is currently a research member at the Faculty of Software Science/TTU and was earlier a researcher at the Oulu University Secure-Programming Group (OUSPG ) after having been a postdoctoral researcher at the University of Helsinki, Finland. He received his M.Sc. degree (2001) from the Johannes Kepler University of Linz, Austria and his Ph.D. degree (2007) from the Eindhoven University of Technology, The Netherlands. His Ph.D. thesis was partly financed by the IST project CrossWork, in which he focused on developing the eSourcing concept for dynamic interorganizational business process collaboration. His research interests include business-process collaboration, workflow management, e-business transactions, service-oriented computing, software architectures and software engineering, ontologies, mashups, social web. At the IEEE EDOC12- conference, Alex won the best-paper award for his full research paper with the title Inter-enterprise business transaction management in open service ecosystems. For the blockchain-tech startups Qtum.org, Agrello.org and Everex.io, Alex has worked on their respective whitepapers. Alex also serves as an advisor for several other blockchain-tech startups such as Cashaa and RecordGram.