blockchain in cyber security research paper

Cybersecurity, Data Privacy and Blockchain: A Review

• Review Article
• Open access
• Published: 12 January 2022
• Volume 3 , article number  127 , ( 2022 )

Cite this article

You have full access to this open access article

• Vinden Wylde 1 ,
• Nisha Rawindaran 1 ,
• John Lawrence 1 ,
• Rushil Balasubramanian 1 ,
• Edmond Prakash   ORCID: orcid.org/0000-0001-9129-0186 1 ,
• Ambikesh Jayal 2 ,
• Imtiaz Khan 1 ,
• Chaminda Hewage 1 &
• Jon Platts 1  

25k Accesses

57 Citations

Explore all metrics

In this paper, we identify and review key challenges to bridge the knowledge-gap between SME’s, companies, organisations, businesses, government institutions and the general public in adopting, promoting and utilising Blockchain technology. The challenges indicated are Cybersecurity and Data privacy in this instance. Additional challenges are set out supported by literature, in researching data security management systems and legal frameworks to ascertaining the types and varieties of valid encryption, data acquisition, policy and outcomes under ISO 27001 and the General Data Protection Regulations. Blockchain, a revolutionary method of storage and immutability, provides a robust storage strategy, and when coupled with a Smart Contract, gives users the ability to form partnerships, share information and consent via a legally-based system of carrying out business transactions in a secure digital domain. Globally, ethical and legal challenges significantly differ; consent and trust in the public and private sectors in deploying such defensive data management strategies, is directly related to the accountability and transparency systems in place to deliver certainty and justice. Therefore, investment and research in these areas is crucial to establishing a dialogue between nations to include health, finance and market strategies that should encompass all levels of society. A framework is proposed with elements to include Big Data, Machine Learning and Visualisation methods and techniques. Through the literature we identify a system necessary in carrying out experiments to detect, capture, process and store data. This includes isolating packet data to inform levels of Cybersecurity and privacy-related activities, and ensuring transparency demonstrated in a secure, smart and effective manner.

Similar content being viewed by others

Blockchain, TTP Attacks and Harmonious Relationship with AI

Blockchain Technology Regulation: Time for Standardized Frameworks

Blockchain and Data Protection: An Evaluation of the Challenges and Solutions Mentioned by German Stakeholders

Explore related subjects.

• Artificial Intelligence
• Medical Ethics

Avoid common mistakes on your manuscript.

Introduction

With the recent emphasis on societies in increasing their dependency on cloud technologies, coupled with the human need to communicate and share data via digital networks, Internet of Things (IoT) devices to include smart phones, industrial and domestic appliances, continue to be a necessary function in conducting business. Social exchanges and transactional types of data for example, drive the financial markets thus facilitating in the swift development of emerging technologies at an ever faster rate to keep up with supply and demand trends. In a domestic setting, the sharing of digital media (videos, music, pictures, documents (data)) through messaging services to enhance subject areas such as information technology, sport, social sciences, education and health for example, IoT devices enable the efficient and effective transfer of data world-wide instantly via the Internet of Everything (IoE) via the cloud. In an industrial context, Smart Sensors, Application Programming Interfaces (API) and IoT networks facilitate remote working across digital boundaries globally.

These potentially devastating instances of data sharing and/or criminality, influence the confidentiality and protections set out by governments, businesses and organisations, culminating in legal and ethical disputes with significant financial ramifications due to Denial of Service (DDoS) attacks for example, that would damage and disrupt entire business data architectures, infrastructures networks and services on a large scale. Consequently, with society relying more and more on the exchange and processing of Personal Identifiable Information (PII) via IoT, trust in renowned institutions and government organisations to include broadcast and digital media outlets becomes a main issue. As a user chooses to share social network, personal and confidential information whilst shopping on-line for example, they should be aware of the nature and intent of cyber-criminality and have faith in the criminal justice system of a given territory.

On the other hand, for businesses, organisations, government bodies and academic institutions to be able to freely validate and authenticate their data in the service of societies globally, Artificial Intelligence (AI), Big Data (BD), Blockchain (BC) Combined Technologies and methodologies, contribute significantly in mitigating cyber-crime, whilst providing legal bodies the power to hold companies, organisation and institutions to account. One such method is the Smart Contract (SC) for example, and when utilised in the drafting and consenting of a legal document or digital certificate, provides an evidence-based transparent method in enhancing the legal credibility and value of a financial transaction. As a function of BC, the SC is validated, implemented then shared across a Pier-to-Pier (P2P) network as a Distributed Ledger Technology (DLT) for all parties to see which provides transparency and accountability.

• Cybersecurity

When utilising elements of cybersecurity, these technical requirements facilitate in the effective management of IoT hardware and software operations, physical interfaces and internal policy development. Additionally, the management system ISO 27001 supports network communication protocols, data access control and cryptography (i.e., password encryption), that contribute in ensuring a robust and secure communication method inclusive of cybersecurity staff training; all whilst minimising network communication attacks in the presence of malicious third-parties [ 1 ].

However, to harness and derive value from the volume, variety and veracity of data available, concepts such as BD, AI and Machine Learning (ML) utilise prescribed algorithms and analysis techniques across vast quantities of public, private and sensitive data through digital networks, that exponentially increases the risk of data breaches, viruses and malicious attacks. In other words, in successfully utilising these technologies in the legal acquisition and processing of data from the public and private sectors, also to include practical user measures, potentially reveals challenges and vulnerabilities that can further expose a user or group to cyber-criminality.

Data Privacy

Additionally, the ISO 27001 framework functions in conjunction with the General Data Protection Regulation (GDPR) Regulation (EU) 2016/679, and Data Protection Act 2018 c. 12 (DPA), in facilitating personal data controls and measures in the UK and European Unions (EU) digital boundaries. In processing medical data for example, a mandatory Data Protection Impact Assessment (DPIA) is undertaken in identifying and establishing the risks alongside eight core principles to include; lawful and ethical methods of data acquisition, data storage security and duration, fair use, and for data to be kept within specified locations and regions [ 2 ].

In utilising these legal frameworks and management systems, tracking tools such as ‘cookies’ for example may utilise the aforementioned AI, ML and algorithmic analysis unlawfully, and as a result, a user may not be aware of the tracking nature and capabilities contained within the software for analysis and marketing purposes. Additionally, without user consent, the awareness and continual levels of maintenance required of said cookies, that are a necessary function in surfing the web, could expose business networks to anti-forensic methods, legal jurisdiction matters, system hardware and Service Level Agreement (SLA) breaches, which compound over time and further aggravate technical, legal and ethical challenges in operating IoT devices in a compliant, safe and secure business environment.

Furthermore, when utilising in a healthcare service context, a SC policy with cryptography as a cybersecurity control method, gives transparency, protected agency and responsibility to the public, financial markets, business professionals and legal representatives, in conducting valid and transparent actions or investigations on behalf of the directorate or client. When this method is applied retrospectively, it also gives accountability in upholding vigilance and resilience when managing cyberspace, an operators duty of care and consideration of confidential data breaches, its sharing, and ramifications of exposing vast amounts of confidential National Health Service (NHS) patient data for example [ 3 ].

Blockchain Security

BC based functions, methods and systems utilise concepts like Cryptocurrency (i.e., Bitcoin and Etherium) as an alternative to fiat currencies, representative consensus protocols, anonymous signatures, off-chain storage and non-interactive zero-knowledge proofs. These concepts provide validity, anonymity, and transparency when coupled with inner corporate or organisational audit, policy deployment, healthcare provider and security service function of carrying out legal and domestic activities. This system is trustless by design and offers promise for equitable and transparent transactions.

As per all the above, this review and study proposes an intelligent framework to aide in the identification and detection of compromised network packet data. The use of BC and SC are to be utilised as an information carrier (data) and for evaluation, validation and testing with pre-prescribed control protocols. Then, to conduct a literature review in ascertaining current methodologies, techniques and protocols in aiding the development of said framework. To minimise human intervention, an intelligent automated approach is utilised in the capturing of network data at pre-determined intervals. Ultimately, the data events are tested against a framework with analysis of findings to demonstrate comprehensive framework feasibility (see Fig.  1 ).

Cybersecurity refers to: “a measure for protecting computer systems, networks, and information from disruption or unauthorized access, use, disclosure, modification or destruction” [ 4 ]. Therefore, in trying to understand cybersecurity and its applications towards IoT and smart devices, brings additional questions that need analysis through various notions of cyberspace. One solution is unifying all the terminologies above to bring together the importance of understanding where network intrusion comes from, how it is detected, and how prevention of cyber threats occur. When looking at prevention, AI and ML uses could also potentially contribute to the rise in using this technology to secure and protect data [ 5 ].

Cybersecurity IoT and ML

As Information Technology (IT) facilities expanded, overall digital technology saw growth in more devices being introduced and connected to the internet, so that access to data is freely available to allow for more activities to be undertaken. These activities allow for outcomes to be predicted [ 6 ]. Therefore, in response, various ML mathematical algorithms allow for classification usage such as Support Vector Machines (SVM), Decision Trees and Neural Networks. These algorithms all compound and highlight how data is treated and managed to produce an outcome, and predictability that is required to contribute to economic growth as societies move forward. ML capabilities go far beyond the expectations of conquering human hobbies, but lends further into everyday chores and events in daily lives.

Other real-life examples of ML usage rest in many industries focusing on identifying fake news, implementation of spam filters, identifying fraudulent or criminal activities online, and improving marketing campaigns. These large quantities of data are often private and sensitive, whilst travelling through Cyberspace transferring data along the way. Disadvantageously, this existence of cyberspace creates a wider security attack surface for potential malicious activities to occur. This demonstrates that human factors and the large influence it has on the security of IoT [ 7 ] is highly impactful.

Humans’ perceptions of security and privacy concerning these devices are also a subject to be discussed, for example, the concept of ‘Cookies’ as a tracking tool for online web surfing, and its safety measures, which are often shoehorned as a debate in itself, and the awareness of how it should be used has been seen through glazed eyes [ 8 ]. However, recent reports suggest that many contributory questions arise from understanding IoT and the safety net around it, and how humans cope and live alongside IoT. Anti-forensic methods, jurisdiction and Service Level Agreements (SLA) for example, all further aggravate technical, privacy, security, and legal challenges. In addition, the presence of GDPR and IoT, coupled with the human factors involved, present immense challenges in keeping these devices safe and secure.

Cybersecurity and SMEs

UK Small to Medium Enterprises (SME’s) have always seen challenges in understanding cybersecurity due to the increase in threats that have risen in recent years. The European Commission’s employment criterion for an SME minimum cyber-criterion is that for any business that employs less than 250 people [ 9 ]. The challenges faced are both operational and commercial in SMEs using Intrusion Detection mechanisms coupled together with AI and ML techniques in the protection of their data.

SMEs intrusion, detection, and prevention methods has become a priority in the realisation of keeping their data secure and safe with the integration of real-world objects and IoT, with understanding how ML techniques and AI can help secure zero-day attacks. Rawindaran et al. [ 1 ] took particular interest in the SME market and showcased an experimental scenario in which the intrusion, detection and prevention models were compared, and the views of the SME examined. The study looked at the various approaches in identifying ways to detect and protect any intrusions coming into the network and what operating devices would help in this process. The paper also explored the understanding in trying to protect the data and how government policies and procedures such as GDPR in the UK/EU, could assist towards this process [ 10 ].

Cybersecurity and SME Attacks

Rawindaran et al. [ 11 ] further examined the impact of how threat levels of attacks such as Ransomware, Phishing, Malware, and Social-engineering amongst others, were compared between an Open-Source device, such as SNORT and pfSense, and Commercial Network Intrusion Detection (NIDs) such as Cisco. There were three different NIDs and their features were compared. It was concluded that whilst SNORT and pfSense were free to use from the Open-Source market, it required a certain level of expertise to implement and embed the rules into a business solution. It was also noted that Cisco, due to their engineering expertise and their position as market leaders in the industry, were able to embed these free rules and use it to their advantage.

What emerged from this study was how businesses and organisations with the help of government policies and processes, needed to work together to combat these hackers, malicious actors, and their bots, and manage and stay ahead of the game [ 4 ]. The paper also discussed various ML approaches such as signature based models and anomaly based rules used by these devices to combat these attacks [ 12 ].

Additionally, signature based models could only detect attacks that were known, whereas anomaly-based systems were able to detect unknown attacks [ 13 ]. Anomaly-based NIDs made it possible to detect attacks whose signatures were not included in rule files. Unfortunately, due to the maturity of Anomaly NIDs, the costs were still very high to run and required computing power that were unrealistic in the SME environment. Anomaly based NIDs whilst still in its infancy, require a deeper analysis and future study.

Rawindaran’s study provided perspectives on better comparisons and relative conclusions and how it was important to explore further both the empirical as well as in scenario analysis for different dimensions, the nature and context of cyber security in the current world of internet and cyber connections. Rawindaran also explored how ML techniques have become vital in the growth and dependencies of these SMEs in the UK in their operations and commercial environment. This study took on an initial look at success stories from big technology companies such as Amazon, Google, and Facebook, in their use of ML techniques for their cybersecurity [ 14 ]. The methodology adopted in this study focused on structured survey questions on a selected sample number of respondents and directed its questions to the SMEs management, technical and non-technical professionals.

Cybersecurity and ML to Mitigate Attacks

Rawindaran et al., found that awareness of ML and its uses is still on a learning curve and has yet to be defined. The study brought to surface the three main categories of ML that being Supervised Learning, Unsupervised Learning and Reinforcement Learning and the algorithms that sit behind them [ 15 ]. Examples of Supervised Learning included real life predictive text in tweets in Twitter and product reviews in Amazon and eBay, calculating temperature, insurance premiums, pricing, and number of workers to the revenue of a business.

Examples of Unsupervised Learning include examples include identifying fake news, implementation of spam filter, identifying fraudulent or criminal activity online, and marketing campaigns. Reinforcement Learning shows example of playing a video game that provides a reward system when the algorithm takes an action. Each learning method used algorithms that helped with calculations and predictions and a dataset that helped in the development and structures of its uses. It also deducted and quantified examples and showed strength in the SMEs perception and awareness towards ML and its uses.

The methods of ML and its algorithms lead into the focus of this study in which SMEs were given the opportunity to make themselves aware of these algorithms that exist within their own cybersecurity software package. Further the analysis of this study showed the existence of these algorithms such as Neural Networks, Support Vector Machines, Deep Networks and Bayesian, however most of these were cleverly embedded within the software used [ 16 ].

The initial idea of using an Intrusion, Detection and Prevention System (IDPS) method, from either a commercial or Open-Source device to protect the data of the SME, comes with the knowledge of ML and AI. As hackers become increasingly clever and the uses of bots take over, their ‘attacking’ methods, as protectors of the systems, society has had to lean on ML and AI technology to help. An IDPS system is able to help through the use of ML, to learn about malicious patterns compared to valid patterns on the internet. These various approaches are needed to protect and shield data. ML through anomaly detection, proved to be more effective in its zero-day detection than that of signature based in its effectiveness towards cybersecurity and adoption within the UK SMEs. There is a significant gap that needs to be fulfilled by perhaps more variations in the devices used for SMEs such as opensource and voluntary participants from knowledge of the community to keep future proofing these devices.

Cybersecurity and Adversarial ML

With the increased use of ML in Intrusion Detection Systems (IDS) and IDPS systems within cyber security packages of SME communities, there suddenly lies the introduction of a new type of attack called Adversarial Machine Learning (AML) [ 1 ]. In a paper by Anthi et al. [ 17 ] states that with the introduction of ML IDSs, comes the creation of additional attack vectors specifically trying to break the ML algorithms and causing a bypass to these IDS and IDPS systems. This causes the learning models of ML algorithms subject to cyber-attacks, often referred to as AML.

These AMLs are thought to be detrimental as they can cause further delayed attack detection which could result in infrastructure damages, financial loss, and even loss of life. As [ 17 ] suggests, the emergence of Industrial Control Systems (ICS) plays a critical part on national infrastructure such as manufacturing, power/smart grids, water treatment plants, gas and oil refineries, and health-care. With ICS becoming more integrated and connected to the internet, the degree of remote access and monitoring functionalities increases thus becoming a vulnerable point target for cyber war. Additionally, with ICS more prone to targeted attacks, new IDS systems have been used to cater for the niche market of ICS, thus introducing vulnerabilities in particular to the training model of ML.

With the introduction of these new IDSs, has also introduced new attack vectors into the mix. The definition of AML provided by Anthi states that: “The act of deploying attacks towards machine learning-based systems is known as Adversarial Machine Learning (AML) and its aim is to exploit the weaknesses of the pre-trained model which has ’blind spots’ between data points it has seen during training”.

This is challenging as ML usage in IDS is becoming a tool used in daily attack detection. The study showed how AML is used to target supervised models by generating adversarial samples and exploring and penetrating classification behaviours. This was utilised by the use of authentic power system datasets to train and test supervised machine learning classifiers through its vulnerabilities. The two popular methods that were used in AML testing were automatically generated perturbed samples that were the Fast Gradient Sign Method (FGSM) and the Jacobian based Saliency Map Attack (JSMA).

Both methods showed how AML was used in penetration of systems through ML training models leading onto cyber-attacks. In another study by Catak et al. [ 18 ], further explored the security problems associated with AML, this time through the networks of 6G applications in communicative technology, that focused on deep learning methods and training. With the rapid development and growth of deep learning and its algorithms in the future technology pipeline of 6G was to further understand the security concerns around it.

Cataks’ paper [ 18 ] produced faulty results through manipulation of deep learning models for 6G applications to understand AML attacks using Millimetre Wave (mmWave) beam prediction in this case. AML mitigation and preventative methods were also used to try and stop these attacks from occurring for 6G security in mmWave beam prediction application with fast gradient sign method attack. In conclusion to Cataks’ paper found that several iterations of introducing faulty results gave a more secure outcome of the performance and security of the device. ML deep learning methods and algorithms were able to use these faulty results in altering the adversarial training approach. This increased the RF beam-forming prediction performance and created a more accurate predictor in identifying these attacks against the ML applications use.

Cybersecurity: Summary

As with any new technology that stems to improve the cyber highways in lessening the effects of cyber-attacks, it is always coupled by the counterattack measure within this space. Being aware of these adversaries and future research will help reduce, or at least control the level of attacks being present in any cyberspace and landscape moving forward. The recognition of funding gaps that could be fulfilled by the government to support SMEs in the form of grants, subsidies, and similar financial assistance, through various public sector policies is also an important route to consider. Awareness and training for all SME management and their staff is important to understand the basic and perhaps advanced appreciation of cybersecurity through the eyes of ML and AI.

Whilst technology giants might lead the path in its implementation of ML and cybersecurity through its many variations of intrusion, detection, and prevention methods, it is these firms that will set precedence and bring awareness down to a SME level and the importance of ML in keeping our cyber world safe. Understanding whilst ML is increasing in usage through IDS and IDPS systems to reduce the cyber attack footprint, means that the rise in AML also is something to be concerned about.

An example in GDPR Recital 4 and in the proceeding Directive 1995/46/EC Recital 2, a main objective “the processing of personal data should be designed to serve mankind”. For this purpose, the Data Controller ensures legal compliance and legal justification of data processing out of necessity (not only processing convenience) and proportionality. For the acquisition of high-risk health data for example, GDPR mandates that a DPIA is carried out to mitigate risk and assess risk level to include if the data should be processed or not [ 19 ]. With data protection law, the UK and EU demonstrate cooperation, ethics, transparency with robust control methods in mitigating data privacy breaches. However, this also brings attention to the range of legal frameworks and the general movement of people globally. This should inform governments and business in data protection strategies.

Data Privacy: Legal Frameworks [UK-EU]

Between the UK and EU, the Data Protection Act 2018 (DPA) and General Data Protection Regulations 2016 (GDPR) function together in overseeing how businesses, organisations and governments, utilise personal data. Eight key objectives guide anyone responsible for the handing and processing of personal data, and strictly imposes that data has to be lawful [acquisition], fair, accurate and up-to-date, not kept longer than needed, kept safe and secure, and not to be transferred outside the European Economic Area (EEA). By design, GDPR encompasses human rights with additional data collecting and processing principles (e.g. purpose, data-types and processing duration) [ 20 ].

Data Privacy: SARS-Cov-2: Covid-19

In supporting the effort in mitigating disease transmission from the coronavirus pandemic (Covid-19), the cloud, cell-networks and IoT devices such as smart-phones, sensors and domestic appliances, continue to play a vital role in a wide range of global Tracing-Testing-Tracking programs. Many different approaches are adopted by global communities in minimising person-to-person transmission [ 21 , 22 ]. This demonstrates that in response to the pandemic, coupled with the urgency in developing and deploying digital solutions, data privacy implications become ever more challenging with increasing data privacy risks. As a result, the handling of personal data [acquisition] research has developed and expanded [ 23 ].

However, in mitigating data privacy risks under adverse social and environmental conditions, it is not simply a matter of deploying digital solutions. The challenges presented in terms of service delivery (consistency, proportionality and transparency), also potentially increases the risk of data privacy breaches. Therefore, in terms of scalability via the cloud, partnerships between populations, businesses and governments could harmonise policy development and implementation with digital solutions.

Data Privacy: Consent—Contact Tracing Apps

In a Republic of Ireland survey conducted with over 8000 participants, it was found that 54% would accept using a contact tracing app. Similarly, in the UK from a survey of 2000 participants found that 55% would accept using a government-controlled app, with higher uptake specifically for the NHS contact tracing app [ 21 ]. This information demonstrates a lack of app uptake in the remaining 45% of the British population that could undermine a governments ability in effectively handling data collection and the processing of critical medical information.

In contrast, other countries infer citizen consent when data collection is initiated for the public good. Meaning that private parties’ access to data is also endorsed by governments. Amnesty International (2020) also brings attention to many instances of questionable data privacy practices throughout numerous countries [ 21 ]. The examples potentially show the scale of data protection perceptions and attitudes and how they are interpreted, thus justifying a more focused and intensive approach to data privacy collaborative research. By analysing a variety of legal and regulatory frameworks, solutions and practices in a pandemic or crisis situation, we can learn how to effectively apply powerful and scalable outcomes. For example, robust and transparent data is necessary for the urgently needed Covid-19 vaccine distribution efforts for each nation [ 24 ].

Transparency: NHS Test-Trace App

In response to the pandemic, the UK Government and NHS X (Digital) contact tracing app, aided by the private sector, brought into question their overall GDPR utility and compliance. Sub-contractors and companies that represent NHS X are also considered as processors of data, which bring additional GDPR compliance pressures. In this instance, the NHS X app code and DPIA was voluntarily submitted to the Information Commissioners Office (ICO) without the data store. This potentially highlights a lack of transparency with GDPR compliance, health surveillance capabilities and data storage capacities. The Joint Committee on Human Rights (JCHR) for example, were concerned at the rapid development and deployment of the contact tracing app in March 2020 [ 19 ].

Data Storage and Identification

Clear definitions and solutions are needed for data and storage methods. Currently, obtaining an integrated and comprehensive view of (1) internal organisational personal data storage, (2) full organisational content comprehension of regulation, and (3) an auditable trail of necessary data processing activities [ 20 ]. Although GDPR compliance has significantly enhanced personal data protection (e.g. PII, PII sharing via add and marketing, collecting and sharing location data, child PII sharing, law enforcement, and data aggregation), more research is needed in facilitating a users right to erasure, to update and delete data and to completely satisfy the GDPR promise [ 25 ].

Accountability and Traceability: BC & SC

To aide government transparency and societal trust, part of a solution is robust data privacy and accountability policies. Antal et al., discusses how BC can be effective in traceability, transparency, vaccine ID, assurances of it’s delivery, storage to include self-reporting of side effects. The authors implement a BC strategy using the inherent integrity and immutability of BC with ’in case of beneficiary registration for vaccination’ provision, thus eliminating identity impersonations and identity theft [ 26 ].

An example from Honduras demonstrates how a Toronto-based technology launched ’Civitas’, with user and government linked ID on a BC-based network. The BC contains the necessary data for determining when an individual can buy medicine, go food shopping, and also data to inform government agencies in resource and deployment strategies [ 27 ]. The GDPR for example, would conflict with this contact tracing methodology. More specifically, the right for a user to be forgotten (Article 17: Right to Erasure) due to BC immutability, and processing speed that would also inhibit BC network uptake and scalability.

However, BC in this case could operate within the confines of management and governance of BD repositories and warehouses whilst leveraging SC to enhance accountability, transparency and consistency in the appropriate forum.

Trust: Vaccine Hesitancy in UK Households

Whilst a global effort was underway in mass vaccination programs, the UK strategy highlighted disparities from a lack of public engagement between public health bodies and ethnic minorities from historic mistrust and a lack of understanding in technology [ 24 , 28 ]. Additional hesitancy included acute and chronic health effects from the vaccine.

A UK survey from 2020 for example, illustrated how Black, Asian, Minorities and Ethnic (BAME) communities had high vaccine hesitancy rates, when compared to white ethnic populations [ 28 ]. In Robertson 2021, the authors state that “Herd immunity may be achievable through vaccination in the UK but a focus on specific ethnic minority and socioeconomic groups is needed to ensure an equitable vaccination program” [ 29 ]. Including a more targeted approach to mental illness and disability [ 30 ].

Data Privacy—Summary

In a global setting, is it possible to ethically and accurately collect data [also without consent] whilst also providing legibility for effective data collection, resource allocation and deployment strategies? A small part of the solution is in gaining a populations’ trust in technologies such as NHS app uptake, and for future research in global deployment strategies. This means a wide-ranging and continual assessment of legal frameworks and outcomes between companies, organisations and institutions for long-term data privacy planning. Strategies also include ensuring groups and individuals have faith in their data integrity in the cloud.

As necessary components of GDPR, the collecting, processing and deleting data remain a challenge. The enable user to fully engage with confidence, education and engagement with minorities, and with mental illnesses is an effective way to provide group assurances. As with different countries, data protection concepts and public engagement practices vary significantly. For anticipating any future disaster or pandemic scenario, it is clear that accountability through public engagement should help restore national and international trust. Also research needs to be undertaken to design and promote a flexible and global strategy to encompass technical solutions, operational resource strategy, and policy development. This would enhance data protection objectives, build population trust in government monitored apps and ultimately provide a successful and robust global protection strategy.

Blockchain for Security

Blockchain—integrity of data.

BC is one of the most commonly discussed DLT for ensuring the integrity of data storage and exchange in trust-less and distributed environments. It is a P2P decentralized distributed ledger [ 31 ] that can enable trusted data exchanges among untrusted participants in a network. BC systems such as Ethereum and Hyperledger fabric, have become popular BC frameworks for many BC-based software applications. Core features of BC such as immutability and decentralization are recognized by many sectors such as healthcare and finance to improve their operations. Although BC is a relatively new technology—just over a decade old—it seems to be revolutionary and there is a substantial number of research articles and white papers to justify this remark.

Blockchain—Cybersecurity

It is important to answer how emerging technologies such as BC can offer solutions to mitigate emerging cybersecurity threats and there is great research interest to study how BC can provide foundations for robust internet security infrastructures [ 32 ]. Many of the articles propose frameworks, prototypes and experimental beta BC-based solutions to problems in complex computing systems. Most of these experimental solutions are developed on Ethereum and Hyperledger fabric. In the case of Hyperledger fabric for example, this is due to its ease of software development, extensive customisability and interactivity.

Although Bitcoin is a most popular BC network, it has many cons such as its latency and great resource requirement. Some of practical solutions among them use innovative techniques to resolve critical cybersecurity issues. However, they imply infeasible changes to the existing system infrastructures that are difficult to readily test for efficiency and effectiveness when compared with conventional cybersecurity frameworks [ 33 ].

Blockchain—IoT

In our increasingly interconnected IoT world, there is a great need to improve cybersecurity. As explained in [ 34 , 35 ], cyber-attacks that exploit vulnerabilities in IoT devices raise serious concern and demand for appropriate mitigation strategies to tackle these threats. Ensuring integrity of data management and malware detection/prevention is an exciting topic of research [ 36 ].

It should be noted here that BC cannot eliminate cyber risks, but it can significantly minimize cyber threats with its core features. While most IT systems are built with cybersecurity frameworks that use advanced cryptographic techniques, they rely on centralized third-party intermediaries such as certificate authorities to ensure the integrity of their data management. Malicious parties can exploit weaknesses in such relationships to disrupt/penetrate these systems with cyber threats such as DDoS attack, malware, ransomware, etc.

Blockchain—Protocols

BC can resolve these issues due to its decentralization; it eliminates single points of failures and the need for third-party intermediaries in IT systems and ensures the integrity of data storage and exchange with encryption and hash functions [ 37 ] so that data owners can completely audit their data in the systems.

A BC network with many mutually trustless nodes is more secure than a network with few nodes that rely on trusted/semi-trusted centralized third-party intermediaries because, in a BC network, every node has a complete copy of the unique record of all transactions in the network that is maintained with the network consensus protocol. The robustness of a BC network i.e. its safety and security, depends on its decentralization, and this depends on its governance and consensus protocols. A good comparative study of DLT consensus protocols is provided by Shahaab et al. [ 38 ].

Blockchain—Summary

What are some future research directions and challenges for BC and Cybersecurity?

Consensus Protocols: Generally, public BC networks have high latency due to their consensus protocols. This makes them a non-starter for applications in real-time environment. Research on consensus protocols should be holistic and consider both, hardware and software, for such environments [ 39 ].

Cryptocurrencies: more research on cryptoassets is needed to tackle challenges to legal enforcement and forensics - both domestic and international—that enable cybercriminal activity such as terrorism financing.

IoT: As explained in [ 40 ], consortium BC networks can be used to improve the overall internet connectivity and access. Future research on IoT-BC integration should demonstrate feasible implementations that can be evaluated and compared with existing IoT solutions. They should also quantitatively study fault tolerance, latency, efficiency, etc. of BC-based IoT networks.

Data Analytics: BC can ensure the integrity of data and with AI/BD analytics it can be used to reduce risks and fraudulent activities in B2B networks. Hyperledger fabric is a DLT project that can be used for this relatively unexplored research areas.

Cybersecurity, Data Privacy and Blockchain

As stated in [ 41 ], BC-based digital services offer transparency, accountability and trust, however not one size fits all, as there are paradoxes between cybersecurity, GDPR compliance and the operation of BC. Haque et al., demonstrate in a systematic literature review regarding GDPR-BC compliance and highlights six major categories that are:

Data modification and deletion (Articles 16–18)

Default protection by design (Article 25)

Controllers/processors responsibilities (Articles 24, 26 and 28)

Consent management (Article 7)

Lawfulness and principles (Articles 5, 6 and 12)

Territorial scope (Article 3)

Haque et al. [ 41 ] states that use-cases of BC should be retrospectively applied in a way that can be made compliant to GDPR. The literature review also highlighted additional GDPR-BC research domains that include areas such as smart cities, information governance, healthcare, financial data and personal identity.

GDPR vs Blockchain

Vast amounts of PII are being collected, screened, and utilsed illegally due to cyber-espionage, phishing, spamming identity theft, and malpractice. BC on the other hand, due to the immutability in design and utility in tracking, storing and distributing DLT data, can clash with GDPR, especially with the “Right to be forgotten: Article 17”, including various rights to erasure [ 42 ]. Al-Zaben et al., proposes a framework that is on a separate off-chain mechanism that stores PII and non-PII in a different location. It is best to design and regulate network participation in fulfilling GDPR requirements, although not a perfect fit, this example shows how by design, a compliant use-case can be augmented in fulfilling parts of GDPR.

Ransomware Defense vs Blockchain

In [ 43 ], their paper describes that for malicious software to use configuration commands or information, malware has to be able to connect to the original owner. Therefore, a fairly new principle of domain generation is proposed, in that actively deployed ransomware is utilised to track user coordinates based on transactional data in a bitcoin BC. The gives a malware author the ability to dynamically change and update locations of servers in realtime.

Supply Chain Attack vs Blockchain

Recent and alarming increases in supply chain cyber attacks, has given various implementation strategies of BC in security of IoT data, that generally produces positive outcomes due to the transparency and traceability elements inherent in the technology by design. This paper highlights and discusses challenges to include many BC based systems in various industries, and focuses on the pharmaceutical supply chain. In conclusion, [ 44 ] states that the application of BCT can enhance supply chain security via authenticity and confidentiality principles.

Data Storage vs Blockchain

Due to the full-replication data storage mechanism in existing BC technologies, this produces scalability problems due to copying at each node, thus increases overall storage per-block [ 45 ]. Additionally, this mechanism can limit throughput in a permissioned BC. A novel storage system is proposed to enhance scalability by integrating erasure coding that can reduce data acquisition per block and enlarge overall storage capacity.

Of the many challenges that face legal, operational and performance criteria with utilising BC, it is clear to see that as we gather more and more personal data, endure more cyber attacks, and encounter storage disadvantages, many proposed frameworks seek to provide solutions that are only a part of compounding and escalating situation. The transactional speed and scalability of technologies such as BC, can hinder data protection rights, focused cyber-attacks, and the ability to update and track users, however there are advantages in creating separate mechanisms that when produced as a whole, that can indeed support data verification, transparency and accountability in many industries.

Results: Brief Overview of Intelligent Framework

Key Data Management Architecture Components: Fig.  1 shows the block diagram of the proposed framework. Key components of the framework are explained and synthesised in the following paragraphs.

Data flow audit mechanism

Blockchain: Data Storage and Immutability

To provide system accountability, transparency and traceability from network system traffic point of view, an article by Kumar et al., 2020 demonstrates how DLT systems are applied in e-commerce to include health medicines, security devices, food products to ensure BC technological and e-commerce sustainability. Also, [ 46 ] presents a study that explores the potential of DLT in the publication industry and present a technological review. The studies demonstrate how research is being explored and influencing DLTs globally alongside their synergies of application across academic, private and public sectors.

Standardisation of IoT Interface Portal

For purposes of legal acquisition and processing of data with consent, users can connect from IoT smart devices and appliances, such as; smart phones, sensors, tablets and user desktops. User applications and interfaces also provide a level of protection by design in most cases, however the applications can also compound and conflict with each other to produce security vulnerabilities (e.g. Cookies). Networks include; Cellular, Local and Personal Area Networks (PAN/LAN), Low Power Wide Area Networks (LPWAN) and Campus Area Network (CAN) carrier methods operate and maintain IoT system stability. Some IoT devices are capable of ensuring seamless connectivity in data access. However, at the point of access, a user interfaces with a given IoT device could be one of multiple architectures that present challenges in correctly identifying and processing data in a legal, reliable and consistent fashion. Therefore an overarching framework to ensure a standardised system whilst mitigating risk (security Vulnerabilities) is catered for in utilising network protocols with a prescribed profile limited to key information such as, Personal Identification Number (PIN), Account Number and password encryption.

Administrator 1: Public LAN/WLAN/CAN

A main purpose here is the execution of network communication protocols for the processing and or keeping (storage) of PII and data access control to include cryptography. At the level of an SME, the types of regulatory compliance’s necessary to operate as a business include a retrospective and current auditable trail to demonstrate good practices. A selection of operational scenarios are to be emulated (e.g. from case law) in the preparation of codifying, selecting and the setting of chosen principles, standards and legal frameworks. Other objectives to explore include, Confidentiality, Integrity, Availability and Data Minimisation. As shown in [ 47 ], stakeholders are required to initialise and validate a product block, this activates the wallet, to include pseudo-identity generation with a public and private key pair. The keys are utilised for signature and verification processes. Here, administrator 1 oversees and combines the execution of network communication policies to govern a user or a given set of protocols.

Administrator 2: Private LAN Network

The function of the administrator here is to utilise criteria to facilitate accountability, transparency and traceability from network system traffic. Data entry points provide group integrity as each user, or entry, is available for all to see. More fundamentally, this data will help inform, develop, calibrate and test the setting of audit and assessment parameters. The information is then combined, contrasted and compared to the Administrator 1 data collection. Resulting information then updates the Valid Data Acquisition IDPS System and Cyber-Detection Methods (e.g. Packet Sniffing) of Network Packet Data communication protocols with data effective access control. In this case, Administrator 2 provides an array of users insights into the performance of ISO 27001 and DPA/GDPR policies to identify optimum operational cost in various prescribed operating scenarios. Through analysis with tools such as BD Analytics and ML for example, nuanced data, pattern identification and aggregation provides a basis for speculation as to an ideal operating system from within a business.

Smart Contract: Agreement or Terms of Contract

Unfortunately, maintaining these systems incur at significant cost, on the other hand, these systems also cut out the “middle-man” and save resources to empower individuals and business owners. For example, individual and group scenarios are negotiated and interpreted between users in partnerships. In emulating this function, key objectives are identified and embedded from legal frameworks to produce an automatic transaction protocol with consensus in the implementation of a codex (e.g. OPCODES). Therefore, a codex of legal precedent and statutory instrumental data protection, data operation and dissemination laws will be emulated to start. The codex is the library and framework that enables partners to equitably participate in a sustainable and trust-less operational environment. In utilising ISO 27001 for example, a collection of policies are negotiated and agreed upon prior to formally undertaking a contract between parties. Therefore, GDPR and ISO 27001 are transcribed, layered and mapped with verification mechanisms derived from case-law and by design into a SC agreement. This dynamic process forms the centre of any given exchange or process of data acquisition and data dissemination.

To enable an effective cybersecurity strategy for SME’s and alike, government and private sector finance initiatives are key. This includes awareness and training for management, with oversight and additional support for staff to incorporate ML and AI into the workplace more effectively. Intrusion, detection and prevention policy from SME to government level can then flourish in promoting and sustaining the full benefits and protections of cybersecurity from cyber-criminality. However, for global data security coverage, the concept in itself is interpreted differently as the legal, ethical and consensual implementation challenges remain formidable as a result. Acquiring personal data from regional divisions to aide authorities in resource strategy at this scale, requires trust in institutions and technologies to be fully beneficial to all.

Accountability and transparency efforts also require the continual assessment of legal frameworks, systems and outcomes, with generous investment from public and private sectors. Public awareness, perception and confidence levels in the justice system through transparency and education, with focus to include mental illness and minority group engagement policies, can benefit societies substantially. The earlier proposed framework from research, demonstrates a robust and complex strategy, however looking to the future, BC network latency present real-time challenges to assist SME technology adoption. Increasing digitalisation and decentralisation leads to diverse communications, hence creating a wider array of participants to collaborate and share. However, these digital systems are not mature in terms of security and inevitably create attack space for attackers.

In this review paper, we highlighted several security problems that arise in digital systems, computation data and associated trust mechanisms. These challenges have resulted in evolution of technical solutions. Current solutions are so diverse that range from preliminary in small organisations to the state-of-the-art in mega-organisations. The cyber landscape is likely to change even further that necessitates robust solutions. This paper also brings in research from different collaborators with the potential to identify the challenges and move in the direction of designing novel solutions. This we believe as a result, will enhance and lead to secure cyber systems which achieve data security comprehensiveness.

Rawindaran N, Jayal A, Prakash E. Artificial intelligence and machine learning within the context of cyber security used in the UK SME Sector. In: AMI 2021— the 5th advances in management and innovation conference 2021. Cardiff Metropolitan University. 2021.

Wylde V, Prakash E, Hewage C, Jon. Platts. Covid-19 Crisis: Is our Personal Data Likely to be Breached? In AMI 2021 - The 5th Advances in Management and Innovation Conference 2021. Cardiff Metropolitan University, 2021.

Balasubramanian R, Prakash E, Khan I, Platts J. Blockchain technology for healthcare. In: AMI 2021—the 5th advances in management and innovation conference 2021. Cardiff Metropolitan University; 2021.

Gallaher MP, Link AN, Rowe B. Cyber security: economic strategies and public policy alternatives. Chentanham: Edward Elgar Publishing; 2008.

Google Scholar  

Zarpelão BB, Miani RS, Kawakani CT, de Alvarenga SC. A survey of intrusion detection in Internet of Things. J Netw Comp Appl. 2017;84:25–37.

Article   Google Scholar  

Are Your Operational Decisions Data-Driven? 2021. https://www.potentiaco.com/what-is-machine-learning-definition-typesapplications-and-examples/ . Accessed 11 Jul 2021.

Biju SM, Mathew A. Internet of Things (IoT): securing the next frontier in connectivity. ISSN. 2020.

Cahn A, Alfeld S, Barford P, Muthukrishnan S. An empirical study of web cookies. In: Proceedings of the 25th international conference on world wide web; 2016. pp. 891–901.

Cressy R, Olofsson C. European SME Financing: An Overview. Small Business Economics, 1997. pp 87–96.

General Data Protection Regulations (GDPR). https://ico.org.uk/for-organisations/guide-to-dataprotection/guide-to-the-general-data-protectionregulation-gdpr/ . Accessed 16-10-2020.

Roesch M, et al. SNORT: lightweight intrusion detection for networks. Lisa. 1999;99:229–38.

Dunham K, Melnick J. Malicious bots: an inside look into the cyber-criminal underground of the internet. Boca Raton: Auerbach Publications; 2008.

Book   Google Scholar  

Kabiri P, Ghorbani AA. Research on intrusion detection and response: a survey. Int J Netw Secur. 2005;1(2):84–102.

Fraley JB, Cannady J. The promise of machine learning in cybersecurity. In: SoutheastCon 2017, IEEE; 2017. pp. 1–6.

Buczak AL, Guven E. A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun Surv Tutor. 2015;18(2):1153–76.

Machine learning algorithm cheat sheet for azure machine learning designer. 2021. https://docs.microsoft.com/en-us/azure/machine-learning/algorithm-cheat-sheet . Accessed 3- Mar 2021.

Anthi E, Williams L, Rhode M, Burnap P, Wedgbury A. Adversarial attacks on machine learning cybersecurity defences in industrial control systems. J Inf Secur Appl. 2021;58:102717.

Catak E, Catak FO, Moldsvor A. Adversarial machine learning security problems for 6G: mmWave beam prediction use-case. arXiv:2103.07268 .2021.

Guinchard A. Our digital footprint under Covid-19: should we fear the UK digital contact tracing app? Int Rev Law Comput Technol. 2021;35(1):84–97.

Tran J, Ngoc C. GDPR handbook for record of processing activities. Case: the color club A/S. 2020.

Raman R, Achuthan K, Vinuesa R, Nedungadi P. COVIDTAS COVID-19 tracing app scale-an evaluation framework. Sustainability. 2021;13(5):2912.

Juneidi JS. Covid-19 tracing contacts apps: technical and privacy issues. Int J Adv Soft Comput Appl. 2020;12:3.

Majeed A. Towards privacy paradigm shift due to the pandemic: a brief perspective. Inventions. 2021;6(2):24.

Black M, Lee A, Ford J. Vaccination against COVID-19 and inequalities-avoiding making a bad situation worse. Public health in practice. England: Elsevier; 2021.

Zaeem RN, Barber SK. The effect of the GDPR on privacy policies: recent progress and future promise. ACM Trans Mgmt Inf Syst. 2020;12(1):1–20.

Antal CD, Cioara T, Antal M, Anghel I. Blockchain platform for COVID-19 vaccine supply management. 2021. arXiv:2101.00983 .

How Blockchain is helping in the fight against Covid-19. 2021. https://www.lexology.com/library/detail.aspx?g=8b5ef0f0-05b3-4909-b5d5-da7bd57f0381 . Accessed 24 Apr 2021.

Razai MS, Osama T, McKechnie D, Majeed A. Covid-19 vaccine hesitancy among ethnic minority groups. 2021.

Robertson E, Reeve KS, Niedzwiedz CL, Moore J, Blake M, Green M, Katikireddi SV, Benzeval MJ. Predictors of COVID-19 vaccine hesitancy in the UK Household Longitudinal Study. Brain Behavior Immunity. 2021.

MacKenna B, Curtis HJ, Morton CE, Inglesby P, Walker AJ, Morley J, Mehrkar A, Bacon S, Hickman G, Bates C, et al. Trends, regional variation, and clinical characteristics of COVID-19 vaccine recipients: a retrospective cohort study in 23.4 million patients using OpenSAFELY. 2021.

Zheng Z, Xie S, Dai H, Chen X, Wang H. An overview of blockchain technology: architecture, consensus, and future trends. In: 2017 IEEE international congress on big data (BigData Congress); 2017. pp. 557–64.

Salman T, Zolanvari M, Erbad A, Jain R, Samaka M. Security services using blockchains: a state of the art survey. IEEE Commun Surv Tutor. 2019;21(1):858–80.

Zhang R, Xue R, Liu L. Security and privacy on blockchain. ACM Comput Surv. 2019;52:3.

Pinno OJA, Gregio ARA, De Bona LCE. ControlChain: blockchain as a central enabler for access control authorizations in the IoT. In: GLOBECOM 2017—2017 IEEE global communications conference; 2017. pp. 1–6.

Mandrita B, Junghee L, Choo KKR. A blockchain future for internet of things security: a position paper. Dig Commun Netw. 2018;4(3):149–60.

Kshetri N. Blockchain’s roles in strengthening cybersecurity and protecting privacy. Celebrating 40 years of telecommunications policy—a retrospective and prospective view. Telecommun Policy. 2017;41(10):1027–38.

Ali M, Nelson J, Shea R, Freedman Freedman MJ. Blockstack: a global naming and storage system secured by blockchains. In: 2016 USENIX annual technical conference (USENIX ATC 16), pp 181–194. Denver, CO, 2016. USENIX:Association. 2016.

Shahaab A, Lidgey B, Hewage C, Khan I. Applicability and appropriateness of distributed ledgers consensus protocols in public and private sectors: a systematic review. IEEE Access. 2019;7:43622–36.

Taylor PJ, Dargahi T, Dehghantanha A, Prizi RM, Choo KKR. A systematic literature review of blockchain cybersecurity. Dig Commun Netw. 2020;6(2):147–56.

Alphand O, Amoretti M, Claeys T, Dall’Asta S, Duda A, Ferrari G, Rousseau F, Tourancheau B, Veltri L, Zanichelli F. IoT Chain: a blockchain security architecture for the internet of things. In: 2018 IEEE wireless communications and networking conference (WCNC); 2018. pp. 1–6.

Haque AB, Najmul Islam S, Hyrynsalmi AKM, Naqvi B, Smolander K. GDPR compliant blockchains-a systematic literature review. IEEE Access. 2021;9:50593–606.

Al-Zaben N, Hassan O, Mehedi M, Yang J, Lee NY, Kim CS. General data protection regulation complied blockchain architecture for personally identifiable information management. In: 2018 international conference on computing, electronics communications engineering (iCCECE); 2018. pp. 77–82.

Pletinckx S, Trap C, Doerr C. Malware coordination using the blockchain: an analysis of the cerber ransomware. In: 2018 IEEE conference on communications and network security (CNS); 2018. pp. 1–9.

Johny S, Priyadharsini C. Investigations on the implementation of blockchain technology in supplychain network. In: 2021 7th international conference on advanced computing and communication systems (ICACCS); 2021. pp. 1–6.

Qi X, Zhang Z, Jin C, Zhou A. A reliable storage partition for permissioned blockchain. IEEE Trans Knowl Data Eng. 2021;33(1):14–27.

Paruln K, Gulshan K, Geetha G. Exploring the potential of distributed ledger technology in publication industry—a technological review. In: CEUR Workshop Proceedings. 2021.

Kumar G, Saha R, Buchanan WJ, Geetha G, Thomas R, Rai MK, Kim T, Alazab M. Decentralized accessibility of e-commerce products through blockchain technology. Sustain Cities Soc. 2020;62:102361.

Download references

Author information

Authors and affiliations.

Cardiff School of Technologies, Cardiff Metropolitan University, CF5 2YB, Cardiff, UK

Vinden Wylde, Nisha Rawindaran, John Lawrence, Rushil Balasubramanian, Edmond Prakash, Imtiaz Khan, Chaminda Hewage & Jon Platts

School of Information Systems and Technology, University of Canberra, Bruce, ACT 2617, Australia

Ambikesh Jayal

You can also search for this author in PubMed   Google Scholar

Corresponding author

Correspondence to Edmond Prakash .

Ethics declarations

Conflict of interest.

Authors declare that they have no conflicts of interest.

Additional information

Publisher's note.

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This article is part of the topical collection “Cyber Security and Privacy in Communication Networks” guest edited by Rajiv Misra, R. K. Shyamsunder, Alexiei Dingli, Natalie Denk, Omer Rana, Alexander Pfeiffer, Ashok Patel and Nishtha Kesswani.

Rights and permissions

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/ .

Reprints and permissions

About this article

Wylde, V., Rawindaran, N., Lawrence, J. et al. Cybersecurity, Data Privacy and Blockchain: A Review. SN COMPUT. SCI. 3 , 127 (2022). https://doi.org/10.1007/s42979-022-01020-4

Download citation

Received : 04 August 2021

Accepted : 03 January 2022

Published : 12 January 2022

DOI : https://doi.org/10.1007/s42979-022-01020-4

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Data privacy
• Smart Contracts

Advertisement

• Find a journal
• Publish with us
• Track your research

Blockchain Cyber Security Vulnerabilities and Potential Countermeasures

International Journal of Innovative Technology and Exploring Engineering (IJITEE), 9(5), 1516-1522. ISSN: 2278-3075. (2020).

12 Pages Posted: 10 Aug 2020 Last revised: 29 Jun 2021

Sai Manoj K.

Srinivas University

P. S. Aithal

Poornaprajna College

Date Written: February 24, 2020

Blockchain technology has attracted appreciable attention as a result of its big selection of possible application and it initial appear since a cryptocurrency, referred to as Bitcoin, however have as be employed inside several different industry and non-business applications. In contrast to the majority presented system to be supported decentralized system; this innovative expertise utilize peer‐to‐peer networks and circulated a system which incorporates blockchain register to stock up connections. Its construction is intended as a digital log file and hold on as a series of coupled teams, referred to as blocks. Every individual block is latched cryptographically with the previous block. Once a block has been another, it can't be altered. Several security specialists speculate that the inherent cryptographically nature of the blockchain system is comfortable to resist constant hacking and security threats. However, earlier studies on the security and confidentiality of blockchain technology include given away that several applications contain fall casualty to thriving cyber-attacks. As a result of the growing require for cryptocurrency and its current security challenges, earlier study haven't centered on blockchain technology cybersecurity vulnerabilities extensively, and we study after provide additional way to spotlight potential attacks against blockchain technology weakness to cybersecurity.

Keywords: Block Chain, Cloud Computing, Cyber security, Ledger, Smart Contracts, Cryptocurrency, attacks

Suggested Citation: Suggested Citation

Srinivas University ( email )

Mangalore India

P. S. Aithal (Contact Author)

Poornaprajna college ( email ).

Poornaprajna Institute of Management Udupi District Karnataka India +919343348392 (Phone)

HOME PAGE: http://www.pim.ac.in

Do you have a job opening that you would like to promote on SSRN?

Paper statistics, related ejournals, cybersecurity, privacy, & networks ejournal.

Subscribe to this fee journal for more curated articles on this topic

Information Systems & Economics eJournal

Mechanical engineering ejournal.

Thank you for visiting nature.com. You are using a browser version with limited support for CSS. To obtain the best experience, we recommend you use a more up to date browser (or turn off compatibility mode in Internet Explorer). In the meantime, to ensure continued support, we are displaying the site without styles and JavaScript.

• View all journals
• Explore content
• About the journal
• Publish with us
• Sign up for alerts
• Open access
• Published: 03 August 2024

An efficient blockchain-based framework for file sharing

• Wanzong Peng 1 ,
• Tongliang Lu 4 ,
• Wenju Peng 3 &
• Zhongpan Wang 2  

Scientific Reports volume  14 , Article number:  18009 ( 2024 ) Cite this article

283 Accesses

Metrics details

• Computer science
• Information technology

File sharing, being the foundation of the Internet, has traditionally relied on a centralized service architecture resulting in significant maintenance costs. Moreover, due to the lack of an effective file management system, instances of sensitive information going out of control and loss of confidentiality in file sharing have occurred frequently. In order to address the difficulty of tamper detection and the lack of supervision in the entire process of file transfer in the current Internet environment, this paper designs a blockchain-based system architecture for secure sharing of electronic documents. An efficient blockchain model is used in our framework, and with the help of distributed storage system and asymmetric encryption technology, file sharing can be controlled, reliable and traceable in the transfer process. Referring to existing consensus mechanisms, e.g., Delegated Proof of Stake (DPoS) and Practical Byzantine Fault Tolerance (PBFT), we propose a new consensus for efficient and secure file sharing. Our experimental results show that our framework can maintain a higher throughput than existing schemes

Similar content being viewed by others

A scalable blockchain based framework for efficient IoT data management using lightweight consensus

SSH-DAuth: secret sharing based decentralized OAuth using decentralized identifier

Blockchain-based privacy and security model for transactional data in large private networks

Introduction.

In recent years, the security of network files, especially confidential and sensitive information, has gained increasing attention. The traditional electronic file transfer process mostly uses Client/Server model, where data security is solely dependent on the capabilities of larger companies. This model entails uploading electronic files to specific servers for centralized management. However, it presents various challenges such as increased load on the central server, excessive overhead on system resources, and high deployment and maintenance costs. Additionally, since each server possesses its own storage device, it is difficult to ensure server reliability and data security. In order to overcome these problems, the concept of cloud storage was proposed and remains widely used, there are many large enterprises (e.g., Microsoft and Amazon) provide cloud storage services to individuals, businesses and communities. Cloud storage providers take responsibility for maintaining the storage servers and ensuring data security for users (both personal and corporate), thereby eliminating the need for users to maintain storage devices. Personal cloud storage platforms (e.g., OneDrive, Google Drive) enable individuals to back up and protect their data, with the added benefit of being able to access and share their stored files online from anywhere. However, cloud storage is not without its shortcomings. Most cloud storage services are provided by large enterprises, resulting in increased centralization of data compared to previous systems. Although this has enhanced efficiency, users remains a lack of full trust in large enterprises, as they may potentially abuse personal data and information.

So people want to build new model to share file: the P2P (peer-to-peer) file sharing system. Unlike C/S model, each node in the P2P system, which works as both a client and server, is on equal terms. Following the widespread adoption of Napster (a music file-sharing service), P2P file sharing programs came to have great popularity 1 . Napster allowed users to share digital music files such as MP3. Users can transfer files to each other by Napster, but Napster did not follow a pure P2P architecture since it required centralized infrastructure for indexing of published documents 2 . In 2001 Bram Cohen created BitTorrent, which is one of the most successful open P2P applications that has completely changed people’s habits of file transfer. Originally BitTorrent was based on a centralized server coordinating the interaction between peers, and the centralized server is named as tracker, which keeps track of all the peers. But BitTorrent later began to adopt more advanced technologies: distributed hash table (DHT), a distributed system for mapping keys to values. BitTorrent builds a truly decentralized network based on the Kademlia DHT 3 , there are not central servers and each device is free to join network as a server, or a client, or both. Compared with the traditional C/S model, P2P system can fully utilize idle network resources and achieve better load balancing. But the freedom brings hidden security risks. P2P network is applied on the premise of trust between users, but is vulnerable to illegal access and malicious attacks 4 , resulting in the disclosure of sensitive information. Therefore, it is essential but difficult to provide a high-performance and secure file sharing system.

The growth of the Internet of Things (IoT) has led to increased research 5 on distributed information systems due to its distributed nature, and traceable distributed data sharing solutions have emerged in IoT 6 . With the popularity of cryptocurrency all over the world, blockchain technology has attracted tremendous interest from both academia and industry 7 and applied in various fields, e.g., healthcare, Internet of Things (IoT), and cloud storage 8 . The decentralized nature and reliable security features of blockchain technology offer new perspectives on file transfer reliability. Leveraging this idea, we develop a more efficient file-sharing system that save server resource consumption.

The main contributions of this paper are as follows:

A proposed efficient method for file sharing utilizes blockchain technology. By the method, the existing storage system (e.g., cloud storage platform, P2P system) is used to store file and the blockchain is only used to save information about file sharing.

We build a blockchain with new framework, which contains two chains. The information of file is stored in the particular chain. We design a special data structure for file information, so we can reliably track the source and monitor the lifecycle of file.

A new consensus is proposed, which groups nodes and conducts transactions efficiently. We demonstrate its feasibility through evaluation and our experiment results show that our framework is more efficient than existing frameworks.

Related work

After the emergence of blockchain, people considered using it for cloud storage 9 . Initially, the application of blockchain for cloud storage was rudimentary and centralized, leveraging its inherent properties for enhanced security and integrity. However, this approach did not fully exploit the potential of blockchain’s decentralization. Then Benet created Inter Planetary File System (IPFS) 10 . IPFS is a distributed file system, and like blockchain, it is a P2P network run by multiple nodes. So many people begin to combine it with blockchain technology for file transfer. Chen et al. 11 proposed an enhanced P2P file system scheme, improving IPFS’s block storage model with a zigzag-based storage solution, and employing blockchain to facilitate better coordination among nodes for efficient data exchange. Vimal et al. 12 utilized Filecoin as an incentivization mechanism for content providers based on the integration of IPFS and blockchain technology. Subsequently, some schemes have sought to enhance IPFS with Hyperledger Fabric. 13 , 14 While these schemes improve file sharing security and reliability, they typically rely on existing blockchain systems like Ethereum or Hyperledger Fabric for implementation, which may lack efficiency.

There has been a growing interest in high-performance information sharing blockchain in the field of IoT. Dorri et al. 15 proposed a lightweight blockchain architecture for IoT. Xu et al. 16 proposed DIoTA, a decentralized ledger-based framework to authenticate IoT devices and data generated from them. And people are also beginning to use the next generation blockchain for data sharing: Directed Acyclic Graph (DAG) Distributed Ledgers, e.g., IOTA 17 , Nano 18 . The DAG structure allows parallel validation of transactions and reduces the consumption of transaction. So DAG distributed ledgers can establish more efficient and scalable file share system, such as FileDAG 19 .

The process of file sharing method.

Method and functions

The main aim of our system is to share file safely. So we design a complete method to share file, it is depicted in Fig.  1 . It can be divided into two parts: in the first part, file is encrypted and stored in IPFS; in the second part, information of file and user is stored in blockchain. We define two main functions to finish file transfer.

The user encrypts the local file with a randomly generated symmetric encryption key (as “the file key”) and uploads it to IPFS to obtain the file hash (i.e. the IPFS content identifier, which is used to obtain the file). Of course, we can also use other storage platform (e.g., cloud storage platform). Each user need generate a “blockchain wallet”, simplified as an asymmetric key here. The user’s public key encrypts the file key, which is then stored in the blockchain transaction alongside the file hash and relevant information. The process is depicted in Algorithm  1 .

Upload file.

Download and transfer

During the download process, the file owner retrieves the file hash and key from the blockchain, downloads the file from IPFS through the file hash, and decrypts the file key with a private key to decrypt the file. During transfer, the file key is first decrypted using the owner’s private key, and then encrypted using the recipient’s public key. Finally, the encrypted file key and file hash are stored in the transaction. Essentially, the file hash serves as an equivalent representation of the file on the blockchain, facilitating secure retrieval and transfer of the file. The process is depicted in Algorithm  2 .

Transfer file.

For efficient transfer, we need a novel blockchain that can achieve high concurrency and security. Therefore, we borrow from traditional blockchain and consensus algorithms widely used in cryptocurrency systems, and propose our framework. We utilize a two-chain structure for optimal performance. The File Transaction Chain is designed with specialized data structures to efficiently store transactions and maintain data integrity, while the File Info Chain functions as a traditional blockchain to safeguard the security and stability of the system.We simply discuss one kind of nodes: full nodes, which validate transactions and blocks, ensuring they adhere to the network’s consensus rules. Full nodes stores a complete copy of the two-chain structure blockchain and relay new transactions and blocks to other nodes in the network. In practical situations, there will also be lightweight nodes 20 in the system.

File transaction chain (FTC)

This chain handles transactions about file and provide information of file to user. When a transaction is validated, it is stored in the following structure: To facilitate traceability, the file is used as a root block to form an array; the user group is attached to the corresponding file, where each user points to the user who shares the file to him to form a chain structure; transactions are sorted chronologically and attached to the corresponding users as an array. The overall structure is shown in Fig.  2 . Main information is stored in the following sections:

File: file name, file hash, created time and other related information.

User: user’s public key and the encrypted file key.

Transaction: address of both parties, transaction type, timestamp, transaction information, signature of validation node group, signature of transaction creator and transaction hash value.

The data structure of File Transaction Chain.

File info chain (FIC)

This chain functions similarly to an traditional blockchain, which is used to manage. It stores system information such as voting, node reputation, and efficiency. These information are stored in transactions, and each block contains: header (previous block hash, timestamp, nonce), Merkle root 21 , transactions. In summary, the data structure adopts a traditional chain structure.

Normal-case operation

There are 5 main steps for the whole system’s lifecycle. These steps also show the consensus. We propose the new consensus based on the concepts of sharding and PBFT. The lifecycle is shown in Algorithm 3.

Vote to select the leadership group. Nodes vote based on efficiency and reputation of each node. The number of votes that can be used by the node is determined by the rating of the nodes on FIC (File Info Chain) and each node has equal right in the first time. Nodes broadcast the voting results as a transaction to all nodes, and after obtaining all voting results, each node calculates the node ranking. The top 1/5 nodes are selected as the leadership group.

Divide node groups by the leadership group. The members of the leadership group rotate as chair according to the ranking order. Based on the information blocks on FIC, each node is rated and scored. The chair divide nodes into 6 groups (the number of groups is adjusted reasonably according to the node size and transaction volume) and make sure that each group has similar total score.

Create block on FIC. The chair packages the information about voting results, node grouping and other system (e.g., efficiency information, reputation information) as transaction, then chair requests the transaction according to the PBFT algorithm 22 . When 2/3 of the leadership group nodes confirm the result, blocks will be created on FIC. If more than 1/3 of the members do not agree with the grouping, they need to go back to the second step until a grouping is formed.

Conduct transactions. Nodes in each group form an independent peer-to-peer network, and adjacent groups establish P2P network channels to form a ring network structure. When one user want to upload or transfer file, he initiates transaction on FTC in the node of previous group and send it to a random node in the next group. After receiving the transaction, the receiving node broadcasts the transaction within the transaction processing group. After more than 2/3 of the nodes in the group have validated and signed, the receiving node attaches all signatures to the transaction and broadcasts it to its group and the leadership group. The leadership group forms a P2P network channel with each group. After receiving and validating it, the leadership group nodes broadcast the transaction to each group, and each node inserts the transaction into the transaction array of the user in chronological order based on the corresponding files on File Transaction Chain. Any transaction that have failed validation in 1/3 of the validation nodes will be discarded and notified to the transaction initiator and leadership group.

Supervise transactions. The leadership group evaluates the efficiency of each node based on the speed of transactions, initiates transactions containing efficiency information on FIC, randomly selects transactions for validation and labels transactions based on the results, and initiates transactions containing node reputation information. These transactions will be validated by the leadership group in the next time of grouping and the production blocks will be added to FIC.

Loop steps 4-5, and repeat steps 2-3 every 10 minutes. After rotating as the chair at all leadership group nodes, start from step 1 again.

Nodes lifecycle.

Security analysis

In our framework design, security is an important standard. Our framework runs safely and reliably through the use of cryptography and decentralization. We need to strive for efficiency while ensuring security. Therefore, we do not conduct thorough security audits and only analyze the security of this scheme for common security threats in the blockchain.

Double spending attack In normal blockchain system, attacker waits for specific conditions and uses cryptocurrency twice or more.This type of attack poses a significant threat to the integrity and security of blockchain systems by undermining the fundamental principle of cryptocurrency. But in our system, the crypto assets is file, owner can copy and tranfer file to anybody, there is no risk of double spending. The key aspect is to secure ownership through signature in our system, as files will not be “consumed”.

Replay attack When the user requests a transaction, attacker listens in and steals user’s information. Then attacker can send the same transaction again, and even modify transaction’s key information to make the file stolen. To prevent this attack, the communication between nodes is encrypted by one-time key pair in our system, and each transaction is created with a timestamp and an expiration time. Nodes within the system are configured to promptly identify and reject any transaction that is outdated or exhibits suspicious characteristics, such as duplicate timestamps or users, preventing potential security breaches.

Impersonation attack Attacker impersonates a legitimate user in order to gain access. Our framework uses RSA algorithms to create user’s wallet and key length is 2048 bits, which can provide enough security strength 23 . This approach emphasizes the need for utilizing advanced cryptographic techniques in blockchains. While more intricate encryption algorithms and longer key offer increased security, they may also result in higher performance degradation. Therefore, it is crucial to consider appropriate algorithms that can achieve a balance between security and performance based on the specific environment in which system is implemented.

Sybil attack Attacker subverts the reputation system of a peer-to-peer network by creating a large number of pseudonymous entities, using them to gain a disproportionately large influence 4 . Proof of Work (PoW) consensus does not depend on the number of nodes, Sybil attack can only cause limited damage to it and it is difficult to influence the entire blockchain network. But this type of attack is very dangerous to the consensus that run with voting (e.g., DPoS). To our consensus, if the attacker controls 2/3 nodes of a group, he can forge transactions. Due to the fact that node groups are divided by the leadership group based on node reputation and efficiency ratings, attacker need to control at least \(\frac{2}{3\beta }\) nodes ( \(\beta\) is the number of groups) without a record of wrongdoing and then the attacker can control a group to create fraudulent transactions. But it is not enough to just fake transactions, the leadership group can determine whether the transaction is abnormal and record the malicious behavior by checking the hash and signature. So the fair election of the leadership group is an important guarantee for security. In order to measure the participation and credibility of the nodes and give different voting rights to the nodes, in this scheme, the effective transaction volume of the nodes is selected as the equivalent substitute of the computing resources of the nodes, and the reputation record is used to score the nodes. Unless the 51% attack is realized, the selection of the leader group is safe.

51% attack Attacker shows malicious behavior, such as tampering with transactions and forging blocks, by controlling 51% of the computing power of the entire network 24 . In our framework, if attacker controls 51% of the computing power, he can get enough right of voting to select the leadership group and control the entire system. This attack is challenging to defend against. But this is difficult to achieve in a large blockchain, the best prevention method is to establish a sufficiently large blockchain.

To assess the progressiveness of this framework, we need to analyze the time consumption. The total process times (from the beginning of voting to the next revoting) between two different leadership group can be analyzed in two aspects: communication consumption and calculation consumption.

Communication consumption

When a large number of nodes are evenly distributed in a network and there is no congestion caused by broadcasting, the average communication time RTT is considered as a fixed value. There are two types of communication consumption.

Vote and divide. Each node needs to broadcast its own voting results to all nodes, and the chair will divide nodes and broadcast once, requiring a total of 2 RTT.

Process and supervise transactions, create block on FIC. When each group conducts transaction processing, the transaction is initiated, and the receiving node receives it and broadcasts it to all nodes within the group for signature. Then, each node sends result to the receiving node for integration, and the receiving node broadcasts signed transaction to the group and leadership group, requiring a total of 4 RTT. While other groups conduct the transaction, the leadership group conducts transaction supervision. In extreme cases, all leadership group nodes record, validate, and broadcast the results to all nodes, with a broadcast time of 1 RTT. FIC block generation adopts the PBFT algorithm, which takes 5 RTT in 5 stages. The leadership group took a total of 6 RTT, which is longer than transaction processing.

Overall, in the lifecycle of a leadership group, each node mainly spends time processing transactions. In part 1 some individual communications consume less time and have fewer occurrences, and communication consumption is mainly considered in part 2.

Calculation consumption

If we have a total of n nodes, \(\gamma\) leadership group nodes, \(\alpha\) transactions and \(\beta\) groups, we can get algorithm complexity of the entire system.

Leadership group management. Dividing node requires iterating over blocks of FIC and scoring each node, with a complexity of \(\textrm{O}\left( n\right)\) . The time consumption of the transaction supervision part is linearly related to the number of transactions, and in the extreme case, \(\gamma\) leadership group nodes record and validate \(\alpha\) transactions with a complexity of \(\textrm{O}\left( \frac{\alpha }{\gamma }\right)\) . Each transaction can be completed by iterating over the transaction chain once per node, and the time consumption can be ignored. The block generation adopts the PBFT algorithm with a complexity of \(\textrm{O}\left( \gamma ^2\right)\) . We set average coefficient as \(C_1\) , the calculation consumption of the leadership group is:

Transaction processing. \(\beta\) groups are conducted simultaneously, and the transaction is validated and signed by all nodes within the group after being broadcasted by the receiving node. Then, each node sends it back to the receiving node for integration, with a complexity of \(\textrm{O}\left( \frac{\alpha }{\beta } \frac{n-\gamma }{\beta }\right)\) . We set average coefficient as \(C_2\) and the transaction processing time of each group is:

Generally, \(\alpha\) is much greater than \(\gamma\) . Through analysis, it becomes evident that increasing the number of nodes in the leadership group results in a decrease in the number of transactions handled by each node within the group. Consequently, this reduces the time consumption while simultaneously enhancing the degree of decentralization. However, \(\gamma\) increasing will result the number of group nodes \(\frac{n-\gamma }{\beta }\) in a too small number, which cannot guarantee the credibility of the transaction; moreover, the leadership group nodes have lost their transaction ability, and users can only create transactions through other nodes. Due to the limited processing capacity of other nodes, excessive number of leadership group nodes can lead to transaction congestion. So we need to select the appropriate number of groups and leader nodes based on the total number of nodes to ensure the overall system is reliable and efficient.

Compare the main parts of \(T_1\) and \(T_2\) , \(\frac{\alpha }{\gamma }\) and \(\frac{\alpha (n-\gamma )}{\beta ^2}\) . Because \(\gamma <n\) and \(\beta\) can be ignored compared to \(n\gamma\) , so we can get ( 3 ) and ( 4 ).

\(C_1\) is mainly caused by the program for transaction validation and recording, \(C_2\) is mainly caused by the program for transaction validation and signature, and the consumption of signature algorithms is much greater than that of recording algorithms. So \(C_2>C_1\) and \(T_2>T_1\) .

We direct our attention toward the meticulous analysis of \(T_2\) through a series of intricate system simulation experiments. In our experimental setup, we have established a network environment where each server encompasses multiple nodes operating within the confines of a local LAN, engaging in peer-to-peer communication built by the TCP protocol to achieve a state of seamless “zero-latency” discourse. To conduct these experiments, we employ a cluster of six computers, each equipped with an Intel Core i5 processor operating at 3.6 GHz, 16GB of RAM, Microsoft Windows 11 64-bit version, and a 500GB hard drive. Within each computer, there are a total of 30 nodes, each running on different ports, resulting in a cumulative count of 300 nodes. Out of these nodes, 60 belong to the leadership group, while the remaining nodes are divided into 8 separate normal groups.

We ensure that a fixed number of transactions are allocated to each normal group. Once all the transactions have been validated by the nodes in the leadership group, we proceed to gather and compute the average time spent on each individual transaction. The graphical representation of these results can be observed in Fig.  3 . When the number of instantaneous transactions is below 300, the processing capacity of the group proves to be adequate, and the time consumption for the leadership group remains consistently stable. Therefore, as the number of transactions increases, there is a noticeable decline in the average time consumed per individual transaction.

Average time consumption for each transaction.

We change the number of nodes in each group to determine the impact of group size on transaction validation. After the number changes, each group requests 10 transactions. For each transaction, we collect integration time on the receiving node, which organizes signatures and broadcasts the result. The results, shown in Fig.  4 , indicate that the integration time is short and increases slowly.

Integration time consumption for each transaction.

The impact of the number of nodes on transaction efficiency within a group is significant. The average number of transactions initiated by each node per second is TPS. To assess the processing capacity of groups with different sizes, we assign different TPS values and vary the number of nodes within a group. We measure the average time taken by each group to complete the requested transactions within one second. The resulting data is presented in Table 1 . Blockage occurs when the total time consumed exceeds 1 second. From the table, it can be observed that when TPS is lower than 20, a group consisting of 40 nodes is an optimal choice.

Directed Acyclic Graph (DAG) blockchain is the state-of-the-art solution for blockchain-based file transfer. It allows parallel and rapid processing of transactions and is designed for high performance. In contrast to traditional blockchains, which validate transactions and create new blocks at fixed time intervals, DAG blockchains offer a more efficient solution for real-time file transactions. For example, Ethereum commits blocks once every twelve seconds, limiting its ability to meet real-time transaction requirements. Both in our framework and DAG blockchains, each node can conduct transactions. However, unlike DAG blockchains, our framework incorporates a “central” group to enhance efficiency and security. It is important to note that while our framework achieves a higher degree of efficiency and security, DAG blockchains generally exhibit greater decentralization. To compare with the performance of DAG blockchains (e.g., IOTA), we refer to the experimental settings in other study 25 , the number of groups was increased to 30, each consisting of 8 nodes. We test average processing speed of each group from 15 to 150 TPS per second in 300 seconds. The result is shown in Fig.  5 .

Each group’s processing speed under different TPS.

Among the three implementations of IOTA, Nano, and Byteball in the paper 25 , Nano can achieve a maximum throughput of 60 transactions per second. Our system can achieve 85 transactions per second for each group according to Fig.  5 , and our global throughput needs to be multiplied by the number of groups. Compared to the state-of-the-art method, our method has made some progress.

In this paper, to address the fundamental issue of file transfer, we propose a new blockchain-based framework for file transfer. To begin with, we propose the core functions of the entire system based on security requirements. Then, in order to efficiently complete the task, we design a dual-chain blockchain structure and new consensus based on the PBFT algorithm and sharding concept. Furthermore, we analyze the security, feasibility and efficiency of the framework. Finally, we conduct quantitative experiments in a simulated environment. The difference between our proposed framework and existing solutions lies in two aspects. Firstly, we adopt a relatively centralized consensus through the leadership group to ensure efficient operation of the system while ensuring security. The second is that transaction processing is highly parallel in each group, which solves the problem of low efficiency in existing blockchain file transfer solutions. But this framework is limited by the absence of practice under complex network, we haven’t designed a communication scheme for adverse network condition.

Data availability

The datasets generated and analyzed during the current study are available from the corresponding author on reasonable request.

The Editors of Encyclopedia Britannica. Napster (2023).

Heckmann, O. et al. A Peer-to-Peer Content Distribution Network 69–78 (Springer, 2005).

Google Scholar  

Maymounkov, P. & Mazières, D. Kademlia: A peer-to-peer information system based on the xor metric. In Peer-to-Peer Systems (eds Druschel, P. et al. ) 53–65 (Springer, 2002).

Chapter   Google Scholar  

Selvaraj, C. & Anand, S. A survey on security issues of reputation management systems for peer-to-peer networks. Comput. Sci. Rev. 6 , 145–160. https://doi.org/10.1016/j.cosrev.2012.04.001 (2012).

Article   Google Scholar  

Dai, Z. & Guo, X. Investigation of e-commerce security and data platform based on the era of big data of the internet of things. Mobile Inf. Syst. 2022 , 3023298. https://doi.org/10.1155/2022/3023298 (2022).

Lu, J., Li, W., Sun, J., Xiao, R. & Liao, B. Secure and real-time traceable data sharing in cloud-assisted iot. IEEE Internet Things J. 11 , 6521–6536. https://doi.org/10.1109/JIOT.2023.3314764 (2024).

Taylor, P. J., Dargahi, T., Dehghantanha, A., Parizi, R. M. & Choo, K.-K.R. A systematic literature review of blockchain cyber security. Digit. Commun. Netw. 6 , 147–156. https://doi.org/10.1016/j.dcan.2019.01.005 (2020).

Salman, T., Zolanvari, M., Erbad, A., Jain, R. & Samaka, M. Security services using blockchains: A state of the art survey. IEEE Commun. Surv. Tutorials 21 , 858–880. https://doi.org/10.1109/COMST.2018.2863956 (2019).

Sharma, P., Jindal, R. & Borah, M. D. Blockchain technology for cloud storage: A systematic literature review. ACM Comput. Surv. https://doi.org/10.1145/3403954 (2020).

Benet, J. IPFS - content addressed, versioned, P2P file system. arXiv https://doi.org/10.48550/arXiv.1407.3561 (2014).

Chen, Y., Li, H., Li, K. & Zhang, J. An improved p2p file system scheme based on ipfs and blockchain. In: 2017 IEEE International Conference on Big Data (Big Data) , 2652–2657, https://doi.org/10.1109/BigData.2017.8258226 (2017).

Vimal, S. & Srivatsa, S. K. A new cluster p2p file sharing system based on ipfs and blockchain technology. J. Ambient. Intell. Humaniz. Comput. https://doi.org/10.1007/s12652-019-01453-5 (2019).

Nyaletey, E., Parizi, R. M., Zhang, Q. & Choo, K.-K. R. Blockipfs - blockchain-enabled interplanetary file system for forensic and trusted data traceability. In: 2019 IEEE International Conference on Blockchain (Blockchain) , 18–25, https://doi.org/10.1109/Blockchain.2019.00012 (2019).

Liu, M., Palaoag, T. & Zhang, W. An e-resource sharing solution based on blockchain technology. In Proceeding of the 2021 4th International Conference on Blockchain Technology and Applications, ICBTA ’21 (ed. Liu, M.) 101–106 (Association for Computing Machinery, 2022). https://doi.org/10.1145/3510487.3510502 .

Dorri, A., Kanhere, S. S. & Jurdak, R. Towards an optimized blockchain for iot. In: 2017 IEEE/ACM Second International Conference on Internet-of-Things Design and Implementation (IoTDI) , 173–178 (2017).

Xu, L. et al. Diota: Decentralized-ledger-based framework for data authenticity protection in iot systems. IEEE Netw. 34 , 38–46. https://doi.org/10.1109/MNET.001.1900136 (2020).

Müller, S. et al. Tangle 2.0 leaderless nakamoto consensus on the heaviest dag. IEEE Access 10 , 105807–105842. https://doi.org/10.1109/ACCESS.2022.3211422 (2022).

LeMahieu, C. Nano : A feeless distributed cryptocurrency network (2017).

Guo, H. et al. Filedag: A multi-version decentralized storage network built on dag-based blockchain. IEEE Trans. Comput. https://doi.org/10.1109/TC.2023.3288760 (2023).

van den Hooff, J., Kaashoek, M. F. & Zeldovich, N. Versum: Verifiable computations over large public logs. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS ’14 (ed. van den Hooff, J.) 1304–1316 (Association for Computing Machinery, 2014). https://doi.org/10.1145/2660267.2660327 .

Merkle, R. C. A digital signature based on a conventional encryption function. In A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology, CRYPTO ’87 (ed. Merkle, R. C.) 369–378 (Springer-Verlag, 1987).

Castro, M. & Liskov, B. Practical byzantine fault tolerance. In Proceedings of the Third Symposium on Operating Systems Design and Implementation, OSDI ’99 (ed. Castro, M.) 173–186 (USENIX Association, 1999).

Barker, E. Nist special publication 800-57 part 1 revision 5 recommendation for key management – part 1: General (2020).

Chen, Y. et al. A survey on blockchain systems: Attacks, defenses, and privacy preservation. High-Confid. Comput. 2 , 100048. https://doi.org/10.1016/j.hcc.2021.100048 (2022).

Dong, Z., Zheng, E., Choon, Y. & Zomaya, A. Y. Dagbench: A performance evaluation framework for dag distributed ledgers. In: 2019 IEEE 12th International Conference on Cloud Computing (CLOUD) , 264–271, https://doi.org/10.1109/CLOUD.2019.00053 (2019).

Download references

Acknowledgements

The authors would like to thank Xinyang Han for helpful discussions on topics related to this work. And we also would like to express our sincere gratitude to the editors and the reviewers for their useful feedback that improved this paper.

Author information

Authors and affiliations.

School of Cyberspace Science, Harbin Institute of Technology, Harbin, 150001, China

Wanzong Peng

PLA78156, Chongqing, 400000, China

Zhongpan Wang

Department of Engineering Physics, Tsinghua University, Beijing, 100084, China

PLA31202, Guangzhou, 510000, China

Tongliang Lu

You can also search for this author in PubMed   Google Scholar

Contributions

Wanzong Peng conceived the framework and experiment, Tongliang Lu conducted the experiment, Wenju Peng analysed the results, Zhongpan Wang prepared figures. All authors reviewed the manuscript.

Corresponding author

Correspondence to Tongliang Lu .

Ethics declarations

Competing interests.

The authors declare no competing interests.

Additional information

Publisher's note.

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/ .

Reprints and permissions

About this article

Cite this article.

Peng, W., Lu, T., Peng, W. et al. An efficient blockchain-based framework for file sharing. Sci Rep 14 , 18009 (2024). https://doi.org/10.1038/s41598-024-69011-4

Download citation

Received : 30 November 2023

Accepted : 30 July 2024

Published : 03 August 2024

DOI : https://doi.org/10.1038/s41598-024-69011-4

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

By submitting a comment you agree to abide by our Terms and Community Guidelines . If you find something abusive or that does not comply with our terms or guidelines please flag it as inappropriate.

Quick links

• Explore articles by subject
• Guide to authors
• Editorial policies

Sign up for the Nature Briefing: AI and Robotics newsletter — what matters in AI and robotics research, free to your inbox weekly.

More From Forbes

How blockchain revolutionizes data integrity and cybersecurity.

• Share to Facebook
• Share to Twitter
• Share to Linkedin

CEO, Web Safe 101 . Bestselling author and cybersecurity awareness specialist.

In the current digital landscape, data integrity and security have taken center stage, especially as businesses and institutions continue to depend on digital data. This reliance, however, brings its own set of challenges, as the ever-growing volume of digital data is accompanied by a rise in sophisticated cyber threats. These threats pose significant risks to the confidentiality, integrity and availability of data, which are the cornerstones of information security.

Blockchain technology can be a potential solution. To enhance data protection, blockchain introduces a new privacy model as an overlay network. It employs cryptographic hashes for robust data verification and operates on a distributed, public and permissionless network framework. These features collectively ensure the immutability, reliability and transparency of data, fostering a secure digital environment where data manipulation becomes nearly impossible and trust in digital records is significantly bolstered.

Blockchain technology is revolutionizing the way data integrity is maintained in the digital world. At its core, blockchain is a distributed ledger, where each block of data is cryptographically linked to its predecessor, creating an unbreakable chain. This immutable nature of blockchain is its most significant attribute in ensuring data integrity. Once data is recorded on a blockchain, making alterations or deletions without network consensus becomes nearly impossible, ensuring that the historical record of data remains untampered and accurate over time.

The strength of blockchain in preserving data integrity lies in its architecture. Each transaction or data entry is time-stamped and added to a block, which is then verified and sealed through a consensus mechanism. This offers auditors an indisputable record of all activities, significantly simplifying audit procedures and boosting confidence in the system's reliability.

Similarly, in financial transactions, blockchain technology ensures that every transaction is accurately recorded and easily verifiable, preventing fraudulent activities like double-spending or manipulation of transaction records. By combining these cryptographic measures with a decentralized structure, blockchain provides a sturdy solution to fortify information security, substantially diminishing the risks associated with data breaches, tampering and unauthorized access in our increasingly digitized environment.

Blockchain technology significantly enhances information security by effectively tackling concerns related to unauthorized access and the rising threat of cyberattacks. Its inherent design incorporates a public key infrastructure and advanced cryptography, providing robust protection against various forms of cyberattacks.

One of the critical elements of blockchain's security model is the use of cryptographic hash functions. These functions transform data into unique, fixed-size hash values, ensuring that any minor change in the data results in a completely different hash. This sensitivity to data alterations makes it extremely difficult for attackers to tamper with the information without being detected. Furthermore, digital signatures, another cornerstone of blockchain security, enable verification of data authenticity and origin. By signing data blocks with a private key, the blockchain ensures that only authorized parties can create or modify data, while anyone with the public key can verify its authenticity.

The decentralized nature of blockchain further strengthens its security. Unlike traditional centralized databases, which present lucrative targets for hackers, blockchain distributes its data across a network of nodes. This dispersion of data not only eliminates single points of failure but also makes it exponentially more challenging for attackers to gain control over the entire dataset. Additionally, this decentralized storage model is inherently resistant to insider threats, as manipulating the data would require collusion across a vast majority of network participants—a practically unfeasible task.

The integration of blockchain into these processes not only streamlines compliance with current regulations but also elevates an organization's overall cybersecurity readiness, positioning it as an invaluable asset in today's digital terrain.

One of the primary hurdles in implementing blockchain technology is the requirement for education and the necessity to distinguish it from its most widely recognized application—cryptocurrencies. It is crucial to educate stakeholders about blockchain's wider potential beyond digital currencies, dispelling any misconceptions and highlighting its capabilities in enhancing data security, transparency and efficiency across different sectors.

The future looks promising as educational efforts are expected to broaden understanding and acceptance of blockchain, enabling its adoption in various fields. This can help liberate it from being primarily viewed as a financial tool and showcase its true versatility and potential for innovation.

Blockchain represents a groundbreaking shift in securing data integrity and reinforcing information security. It provides an immutable, transparent ledger that is bolstered against conventional digital vulnerabilities. Its potential to revolutionize data protection and trust in the digital era is immense, potentially marking a new chapter in the safeguarding of our digital infrastructure and interactions.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

• Editorial Standards
• Reprints & Permissions

• DOI: 10.1109/ICERCS57948.2023.10433959
• Corpus ID: 267771841

Enhancing Smart Grid Security with XMSS-Based Blockchain Technology

• G. W. Kathrine , Krittikka P , +3 authors K. Arunkumar
• Published in International Conference on… 7 December 2023
• Engineering, Computer Science, Environmental Science
• 2023 International Conference on Emerging Research in Computational Science (ICERCS)

Figures from this paper

17 References

When blockchain meets smart grids: a comprehensive survey, trends of using blockchain technology in the smart grid, blockchain applications and challenges in smart grid, blockchain for smart grid, smart grid security: threats, vulnerabilities and solutions, smart grid security: survey and challenges, smart grid cyber security enhancement: challenges and solutions—a review, an overview of cyber security for smart grid, realizing the potential of blockchain technology in smart grid applications, post-quantum blockchain using one-time signature chains, related papers.

Showing 1 through 3 of 0 Related Papers

Published in 2023 International Conference on Emerging Research in Computational Science (ICERCS) 2023

G. W. Kathrine Krittikka P Immanuel Johnraja Stewart Kirubakaran S. Salaja K. Arunkumar

Information

• Author Services

Initiatives

You are accessing a machine-readable page. In order to be human-readable, please install an RSS reader.

All articles published by MDPI are made immediately available worldwide under an open access license. No special permission is required to reuse all or part of the article published by MDPI, including figures and tables. For articles published under an open access Creative Common CC BY license, any part of the article may be reused without permission provided that the original article is clearly cited. For more information, please refer to https://www.mdpi.com/openaccess .

Feature papers represent the most advanced research with significant potential for high impact in the field. A Feature Paper should be a substantial original Article that involves several techniques or approaches, provides an outlook for future research directions and describes possible research applications.

Feature papers are submitted upon individual invitation or recommendation by the scientific editors and must receive positive feedback from the reviewers.

Editor’s Choice articles are based on recommendations by the scientific editors of MDPI journals from around the world. Editors select a small number of articles recently published in the journal that they believe will be particularly interesting to readers, or important in the respective research area. The aim is to provide a snapshot of some of the most exciting work published in the various research areas of the journal.

Original Submission Date Received: .

• Active Journals
• Find a Journal
• Proceedings Series
• For Authors
• For Reviewers
• For Editors
• For Librarians
• For Publishers
• For Societies
• For Conference Organizers
• Open Access Policy
• Institutional Open Access Program
• Special Issues Guidelines
• Editorial Process
• Research and Publication Ethics
• Article Processing Charges
• Testimonials
• Preprints.org
• SciProfiles
• Encyclopedia

Article Menu

• Subscribe SciFeed
• Recommended Articles
• Google Scholar
• on Google Scholar
• Table of Contents

Find support for a specific problem in the support section of our website.

Please let us know what you think of our products and services.

Visit our dedicated information section to learn more about MDPI.

JSmol Viewer

Considering blockchain technology and fairness concerns for supply chain pricing decisions under carbon cap-and-trade mechanism.

Share and Cite

Gong, Y.; Jiang, X.; Wang, Z.; Zhan, J. Considering Blockchain Technology and Fairness Concerns for Supply Chain Pricing Decisions under Carbon Cap-and-Trade Mechanism. Mathematics 2024 , 12 , 2550. https://doi.org/10.3390/math12162550

Gong Y, Jiang X, Wang Z, Zhan J. Considering Blockchain Technology and Fairness Concerns for Supply Chain Pricing Decisions under Carbon Cap-and-Trade Mechanism. Mathematics . 2024; 12(16):2550. https://doi.org/10.3390/math12162550

Gong, Yande, Xinze Jiang, Zhe Wang, and Jizhou Zhan. 2024. "Considering Blockchain Technology and Fairness Concerns for Supply Chain Pricing Decisions under Carbon Cap-and-Trade Mechanism" Mathematics 12, no. 16: 2550. https://doi.org/10.3390/math12162550

Article Metrics

Further information, mdpi initiatives, follow mdpi.

Subscribe to receive issue release notifications and newsletters from MDPI journals

Selected Journal Papers and Manuscripts

Explore journal and conference articles, books, and other publications written or co-authored by eric burger., journal articles.

• Burger, Eric W., Padma Krishnaswamy, and Henning Schulzrinne. “Measuring Broadband America: A Retrospective on Origins, Achievements, and Challenges.” Journal Article.  SIGCOMM Computer Communication Review  53, no. 2 (2023): 11–21. https://doi.org/10.1145/3610381.3610384. [ details ]
• Hassan, Zoheb, Erika Heeren-Moon, Javad Sabzehali, Vijay K. Shah, Carl Dietrich, Jeffrey H. Reed, and Eric W. Burger. “Spectrum Sharing of the 12 GHz Band with Two-Way Terrestrial 5G Mobile Services: Motivations, Challenges, and Research Road Map.” Journal Article.  IEEE Communications Magazine , 27AD, 1–7. https://doi.org/10.1109/MCOM.007.2200699. [ details ]
• Yuta Takanashi, Shin’ichiro Matsuo Eric Burger Clare Sullivan James Miller Hirotoshi Sato. “Call for Multi-Stakeholder Communication to Establish a Governance Mechanism for the Emerging Blockchain-Based Financial Ecosystem, Part 1 of 2.” Journal Article.  Stanford Journal of Blockchain Law & Policy , 2020. https://stanford-jblp.pubpub.org/pub/multistakeholder-comm-governance. [ details ]
• Takahashi, Yuta, Shin’ichiro Matsuo, John Jacobs, Eric Burger, Clare Sullivan, James Angel, Tatsuya Saito, Toshiki Hashirisaka, and Hirotoshi Sato. “Consideration On Better Tokenization Practices And Regulations Concerning Investor Protection.” Journal Article.  Journal of Financial Transformation  51 (0AD): 44–54. https://ideas.repec.org/a/ris/jofitr/1650.html. [ details ]
• Yuta Takanashi, Shin’ichiro Matsuo Eric Burger Clare Sullivan James Miller Hirotoshi Sato. “Call for Multi-Stakeholder Communication to Establish a Governance Mechanism for the Emerging Blockchain-Based Financial Ecosystem, Part 2 of 2.” Journal Article.  Stanford Journal of Blockchain Law & Policy , 2020. https://stanford-jblp.pubpub.org/pub/multistakeholder-comm-governance2. [ details ]
• McEachern, James, and Eric William Burger. “How to Shut down Robocallers: The STIR/SHAKEN Protocol Will Stop Scammers from Exploiting a Caller ID Loophole.” Magazine Article.  IEEE Spectrum  56, no. 12 (2019): 46–52. https://doi.org/10.1109/MSPEC.2019.8913833. [ details ]
• Sullivan, Clare, and Eric Burger. “‘In the Public Interest’: The Privacy Implications of International Business-to-Business Sharing of Cyber-Threat Intelligence.” Journal Article.  Computer Law & Security Review  33, no. 1 (0AD): 14–29. https://doi.org/https://doi.org/10.1016/j.clsr.2016.11.015. [details]
• ———. “E-Residency and Blockchain.” Journal Article.  Computer Law & Security Review  33, no. 4 (2017): 470–81. https://doi.org/https://doi.org/10.1016/j.clsr.2017.03.016. [ details ]
• Lange, Russell, and Eric W. Burger. “Long-Term Market Implications of Data Breaches, Not.” Journal Article.  Journal of Information Privacy and Security  13, no. 4 (0AD): 186–206. https://doi.org/10.1080/15536548.2017.1394070. [ details ]
• Burger, Eric William, and Ophir Frieder. “Efficient Residential Consumer Device Interaction with Network Services.” Journal Article.  IEEE Transactions on Consumer Electronics  53, no. 1 (0AD): 100–107. https://doi.org/10.1109/TCE.2007.339509. [ details ]
• ———. “A Novel System for Remote Control of Household Devices Using Digital IP Phones.” Journal Article.  Transactions on Consumer Electronics  52, no. 2 (0AD): 575–82. https://doi.org/10.1109/TCE.2006.1649682. [ details ]
• Burger, Eric William. “A New Interprovider Interconnect Technology for Multimedia Networks.” Magazine Article.  IEEE Communications Magazine  43, no. 6 (2005): 147–51. https://doi.org/10.1109/MCOM.2005.1452843. [ details ]
• Chowdhury, A., O. Frieder, E. Burger, D. Grossman, and K. Makki. “Dynamic Routing System (DRS): Fault Tolerance in Network Routing.” Journal Article.  Computer Networks and ISDN Systems  31, no. 1 (0AD): 89–99. https://doi.org/https://doi.org/10.1016/S0169-7552(98)00232-3. [ details ]
• Burger, Eric William.  Ubiquitous Reach and Remote Control of Devices . Book. Düsseldorf: VDM Verlag, 2008. [ details ]
• ———.  Program Construction in the UNIX Environment . Book. Washington DC: The George Washington University, 1994. [ details ]
• ———.  UNIX System Calls and Inter–Process Communication . Book. Washington DC: The George Washington University, 1994. [ details ]
• Sullivan, Clare, and Eric Burger. “Blockchain, Digital Identity, E-Government.” Book Section. In  Business Transformation through Blockchain: Volume II , edited by Horst Treiblmaier and Roman Beck, 233–58. Springer Nature, 2018. [ details ]

Conference Articles

• Carlberg, Kenneth, Eric William Burger, and Roger Piqueras Jover. “Dynamic 5G Network Slicing for First Responders.” Conference Proceedings. In  2019 Principles, Systems and Applications of IP Telecommunications (IPTComm) , 1–4, 14AD. https://doi.org/10.1109/IPTCOMM.2019.8921240. [ details ]
• Chiang, Matthew, and Eric William Burger. “An Affordable Solution for Authenticated Communications for Enterprise and Personal Use.” Conference Proceedings. In  2018 IEEE 8th Annual Computing and Communication Workshop and Conference (CCWC) , 810–15, 8AD. https://doi.org/10.1109/CCWC.2018.8301725. [ details ]
• Vaidya, Tavish, Eric William Burger, Micah Sherr, and Clay Shields. “Where Art Thou, Eve? Experiences Laying Traps for Internet Eavesdroppers.” Conference Proceedings. In  10th USENIX Workshop on Cyber Security Experimentation and Test (CSET 17) . USENIX Association, 14AD. https://www.usenix.org/node/205858. [ details ]
• Burger, Eric William, and Clare Sullivan. “Minerva Project on the Estonian E-Residency Initiative: Impact of Estonia’s Start-Up Culture on De-Cisions Related to Prudence & Good Governance.” Conference Proceedings. In  Human Aspects of the Operational Environment, AHFE Affiliated Conference on Cross-Cultural Decision-Making , 29AD. [ details ]
• Asgarli, Elchin, and Eric William Burger. “Semantic Ontologies for Cyber Threat Sharing Standards.” Conference Proceedings. In  2016 IEEE Symposium on Technologies for Homeland Security (HST) , 1–6, 10AD. https://doi.org/10.1109/THS.2016.7568896. [ details ]
• Burger, Eric William, Michael D. Goodman, Kampanakis Panos, and Kevin A. Zhu. “Taxonomy Model for Cyber Threat Intelligence Information Exchange Technologies.” Conference Proceedings. In  2014 ACM Workshop on Information Sharing & Collaborative Security , 51–60. Association for Computing Machinery, 0AD. https://doi.org/10.1145/2663876.2663883. [ details ]
• Burger, Eric William, Howard J. Federoff, Massimo S. Fiandaca, Ophir Frieder, Nazli Goharian, and Andrew Yates. “Social Media Communications Networks and Pharmacovigilance: SequelAE-2.0.” Conference Proceedings. In  2013 IEEE 15th International Conference on e-Health Networking, Applications and Services (Healthcom 2013) , 1–3, 0AD. https://doi.org/10.1109/HealthCom.2013.6720777. [ details ]
• Gurbani, Vijay K., Eric William Burger, Carol Davids, and Tricha Anjali. “SIP CLF: A Common Log Format (CLF) for the Session Initiation Protocol (SIP).” Conference Proceedings. In  Workshop on Managing Systems via Log Analysis and Machine Learning Techniques (SLAML 10) . USENIX Association, 3AD. https://www.usenix.org/conference/slaml10/sip-clf-common-log-format-clf-session-initiation-protocol-sip. [ details ]
• Burger, Eric William, Sharath Rajasekar, Phelim O’Doherty, Anders Lundqvist, and Thomas Grönberg. “A Telecommunications Web Services Platform for Third Party Network Access and SOA-Based Service Delivery.” Conference Proceedings. In  2007 Workshop on Middleware for Next-Generation Converged Networks and Applications . MNCNA ‘07. New York, NY, USA: Association for Computing Machinery, 0AD. https://doi.org/10.1145/1376878.1376888. [ details ]
• Burger, Eric William, and Ophir Frieder. “Efficient Residential Consumer Device Interaction With Network Services.” Conference Proceedings. In  2007 Digest of Technical Papers International Conference on Consumer Electronics , 1–2. IEEE, 10AD. https://doi.org/10.1109/ICCE.2007.341390. [ details ]
• ———. “A Novel System for Remote Control of Household Devices Using Digital IP Phones.” Conference Proceedings. In  2006 Digest of Technical Papers International Conference on Consumer Electronics , 183–84, 0AD. https://doi.org/10.1109/ICCE.2006.1598371. [ details ]
• ———. “Network Traffic Reduction for Transport of User Signaling Information.” Conference Proceedings. In  CCNC 2006. 2006 3rd IEEE Consumer Communications and Networking Conference, 2006. , 2:1057–62, 0AD. https://doi.org/10.1109/CCNC.2006.1593200. [ details ]
• Burger, Eric William. “Applications for Narrow-Band Audio Streams.” Conference Proceedings. In  Winter 2000 VON Developers’ Conference , 19AD. [ details ]
• ———. “Multinational Issues in R&D Management.” Conference Proceedings. In  Technology Management : the New International Language , 184. IEEE, 27AD. https://doi.org/10.1109/PICMET.1991.183607. [ details ]
• Burger, Eric William, and Guido Dedene. “Economics of Point Acceleration.” Conference Proceedings. In  Proceedings of the European Design Automation Conference (EURO-DAC) 1990 , 424–28. Los Alamitos, CA, USA: IEEE Computer Society, 0AD. https://doi.org/10.1109/EDAC.1990.136685. [ details ]
• Burger, Eric William. “The Use of Unix Software Tools for Automatic Program Generation.” Conference Proceedings. In  First Sun Expo , 0AD. [ details ]
• Moore, Tucker, Nathan Marshall, and Eric Burger. “Fortuna: A Novel Staked Voting System for Distributed Pari-Mutuel Gaming.” Conference Proceedings. In  5th IEEE International Conference on Blockchain . IEEE, 0AD. https://doi.org/https://doi.org/10.1109/Blockchain55522.2022.00041. [ details ]
• Bartholic, Michael, Eric Burger, Shin’ichiro Matsuo, and Taeho Jung. “Reputation as Contextual Knowledge: Incentives and External Value in Truthful Blockchain Oracles.” Conference Proceedings. In  2023 IEEE International Conference on Blockchain and Cryptocurrency . IEEE, 0AD. https://doi.org/https://doi.org/10.1109/ICBC56567.2023.10174903. [ details ]
• Chowdhury, Abdur, Ophr Frieder, David Grossman, Eric William Burger, and Kia Makki. “DRS: a Fault Tolerant Network Routing System for Mission Critical Distributed Applications.” Conference Proceedings. In  Proceedings of Sixth International Conference on Computer Communications and Networks , 106–13. 1997: IEEE, 22AD. https://doi.org/10.1109/ICCCN.1997.623298. [ details ]
• Bartholic, Michael, Aron Laszka, Go Yamamoto, and Eric Burger. “A Taxonomy of Blockchain Oracles: The Truth Depends on the Question.” Conference Proceedings. In  2022 IEEE International Conference on Blockchain and Cryptocurrency . IEEE, 0AD. https://doi.org/https://doi.org/10.1109/ICBC54727.2022.9805555. [ details ]

Miscellaneous

• Klass, Gregory, and Eric William Burger. “Vendor Truth Serum.” Conference Paper.  High Confidence Software and Systems Conference . Series Vendor Truth Serum. Poster, 9AD. [ details ]
• Vaidya, Tavish, Eric William Burger, Micah Sherr, and Clay Shields. “Studying the Pervasiveness of Internet Interception with HoneyPOP,SMTP,Telnet.” Conference Paper.  USENIX Security 2015 . Series Studying the Pervasiveness of Internet Interception with HoneyPOP,SMTP,Telnet. Poster, 12AD. https://security.cs.georgetown.edu/honeymail_usenix_poster.pdf. [ details ]

IEEE Account

• Change Username/Password
• Update Address

Purchase Details

• Payment Options
• Order History
• View Purchased Documents

Profile Information

• Communications Preferences
• Profession and Education
• Technical Interests
• US & Canada: +1 800 678 4333
• Worldwide: +1 732 981 0060
• Contact & Support
• About IEEE Xplore
• Accessibility
• Terms of Use
• Nondiscrimination Policy
• Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. © Copyright 2024 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.

• Skip to main content
• Skip to search
• Skip to footer

Products and Services

Configuration engineer

Ben Harting

"I decided to make a career change when I was twenty-four. I chose to pursue Cisco Certifications because I knew it would put me in the best position to start a career in networking."

How it all began

Certifications can improve your ability to do your job

My dad is a systems administrator, so I grew up around computers. Just watching him tinker with them was cool. However, when I went to college, I earned a bachelor’s degree in philosophy. Next, I got a teaching credential, then taught elementary school for a few years. But when I turned 24, I decided I wanted a career change. So, I picked up a book on TCP/IP networking, started studying it, and realized that I really enjoyed it. My dad wasn’t into networking that much, so I didn’t know much about it, and got into it more organically. I considered pursuing Cisco certifications right away since the idea of learning about networking led straight to these credentials. I took a networking class at a local community college, then obtained my Cisco CCNA certification.

I enjoy system administration, I’ve gained communications skills, and I’ve learned tech skills, in Microsoft active directory systems, administration, and networking virtualization. General troubleshooting is a big part of my job, too. Most importantly, I’ve gained the flexibility to work around difficulties and learn new technologies. Just being able to keep up with the constant change in technologies is incredibly valuable.

Certifications

Columbus, OH

Reading Hiking Learning new tech

What does having a Cisco Certification mean to you?

"I’ve gained more knowledge and different skill sets. I’ve opened myself up for more opportunities. And it’s a validation of me and what I’ve learned."

The biggest challenge was where to start, there where a lot of options. A lot of them involved going back to school or spending a lot of money. CCNA was the most cost-effective, and it would put me in the best position to start a career. Cisco is a leader in that. I took a bootcamp course at the local community college that lasted 8 weeks in total.

I was already in my job in IT in tier 1 support, help desk and the CCNA Certification was a catalyst for my first promotion as a second tier support security.

What would you tell your younger self?

Definitely try different things and go all in on whatever interests you the most.

What would you tell a friend?

I’d tell them to go for it. It will open up a lot of opportunities for them. They’ll have all the knowledge they need to go forward in their career.

Ben's journey

Career path.

Current role

Configuration engineers work on systems and network administration.

Previous role

IT Help Desk Support Primary School Educator

Certification path

Most recent certification

Cisco Certified Network Associate (CCNA) certification is the first step toward a career in IT Networking. The CCNA exam covers networking fundamentals, IP services, security fundamentals, automation and programmability.

Read more certification success stories

"The guidance I gained from earning the certification helped— in near real time—to determine what was happening on the job, when I became an SOC operator."

Network security analyst CyberOps Associate

Yasser Auda

"You can do anything. You just need to decide to do it, have the will to do it, and never give up. Be confident in yourself and stop the barriers in your mind."

Network security architect CCNA, CCNP Enterprise, CCNP Security, CyberOps Associate, CCIE Enterprise Infrastructure, Cisco Certified DevNet Associate, Cisco Certified DevNet Professional

Olivia Wolf

"The knowledge that I’ve got from studying for those certifications gave me the confidence that I’ll always be able to get a job if I need to."

Systems engineer CCNA, CCNP Enterprise, DevNet Associate

Share your Cisco Certification Success Story

Has earning a Cisco certification positively changed your life or career, or both? Do you think your Cisco certification story would help encourage other people to earn their Cisco certification? If so, we want to talk to you!