JR Centre for Blockchain Technologies and Security Management

Blockchains sind Strukturen zur Datenspeicherung, die es ermöglichen, Daten quasi fälschungssicher abzulegen.
Im Malware Lab der FH St. Pölten werden Aspekte der IT-Sicherheit untersucht.

Blockchains are data storage structures that make it possible to store data in a virtually tamper-proof manner, mainly known through cryptocurrencies, but unfortunately their advantages cannot currently be utilised in most traditional IT systems. This JR Centre is researching the necessary foundations to make blockchains fit for use in classic IT systems and thus enable new fields of application. These fundamentals include topics such as security management, ensuring trust and future-proof access control for blockchain-based systems.

 

Blockchain technologies have attracted a lot of attention in recent years due to their role in new types of financial products and so-called cryptocurrencies, but many other fields of application for this technology are constantly being thrown up, especially for use as a particularly forgery-proof form of data storage, for example for banks, capital markets, notaries or food supply chains.

However, traditional secure IT systems place fundamentally different demands on a technology than cryptocurrencies, which exist purely as virtual entities on the blockchain. A key aspect in the use of blockchains as decentralised, tamper-proof data storage lies in the provision of a form of access control: access to parts of the information must be guaranteed at a fine granular level and linked to users and/or roles - in contrast to a cryptocurrency, which must be readable by everyone as far as possible. This access protection is also required by regulations such as the GDPR, so it must also be possible to withdraw access again. Another aspect of creating secure systems is security management: what does a management perspective in the area of security in blockchains look like, how should IT security standards be adapted and how do you deal with attacks and incidents, e.g. with regard to attacks on the basic implementations of the system, with regard to fraud, but also the introduction of illegal content (e.g. child pornography) into a technology whose essential feature is the unchangeability of content.

Last but not least, the implemented algorithms have significant power in a blockchain-based system, so it must be ensured that the relevant programmes are executed unchanged and unaltered. This requires close integration with the topic of trusted computing.

 

The JR Centre is therefore researching methods for fine-grained access control, particularly with regard to read access and user rights management. Since blockchain-based applications are typically used in the long term and any attacker can potentially possess the overall state of the system at any point in the past, future-proof cryptographic methods are of crucial importance. Quantum computers could break many of the encryption methods used today, which is why this JR Centre is also working on so-called post-quantum cryptography in order to be able to implement quantum computer-secure access protection in blockchains.

A second focus is on the security management of blockchains, whose solutions are essential for use in many areas of industry and commerce/banking. Important standards for blockchains are analysed and further developed, with a particular focus on issues relating to the GDPR and the NIS Directive, and fundamental problems of dealing with illegal content, for example, are analysed.

This also leads to the centre's third focus point: Ensuring that the correct algorithms are actually being executed and that a malicious programme has not, for example, changed key aspects of the code and thus gained control of the blockchain system. Trusted computing techniques are combined with blockchains for this purpose.

On the other hand, blockchains - if handled correctly - could also enable better security management for traditional computer systems. The research activities in this JR Centre focus on technologies that have not yet been researched on a large scale due to their novelty, but are already available on the mass market or will become available within the duration of the centre.

IT-Sicherheit wurde im Zusammenhang mit Blockchains bisher noch zu wenig beachtet.

Christian Doppler Forschungsgesellschaft

Boltzmanngasse 20/1/3 | 1090 Wien | Tel: +43 1 5042205 | Fax: +43 1 5042205-20 | office@cdg.ac.at

© 2020 Christian Doppler Forschungsgesellschaft