Top

Published in:

2018 | OriginalPaper | Chapter

Ensuring Resource Trust and Integrity in Web Browsers Using Blockchain Technology

Authors : Clemens H. Cap, Benjamin Leiding

Published in: Advanced Information Systems Engineering Workshops

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Current web technology allows the use of cryptographic primitives as part of server-provided Javascript. This may result in security problems with web-based services. We provide an example for an attack on the WhisperKey service. We present a solution which is based on human code reviewing and on CVE (Common Vulnerabilities and Exposures) data bases. In our approach, existing code audits and known vulnerabilities are tied to the Javascript file by a tamper-proof Blockchain approach and are signaled to the user by a browser extension. The contribution explains our concept and its workflow; it may be extended to all situations with modular, mobile code. Finally, we propose an amendment to the W3C subresource recommendation.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Combining Artifact-Driven Monitoring with Blockchain: Analysis and Solutions

next chapter Document Management System Based on a Private Blockchain for the Support of the Judicial Embargoes Process in Colombia

Akhawe, D., Braun, F., Marier, F., Weinberger, J.: Subresource integrity W3C recommendation. https://www.w3.org/TR/SRI/ (2016). Accessed 31 Jan 2017

Armstrong, J.S.: Peer review for journals: evidence on quality control, fairness, and innovation. Sci. Eng. Ethics 3(1), 63–84 (1997)CrossRef

Bartoletti, M., Pompianu, L.: An analysis of bitcoin OP_RETURN metadata. CoRR abs/1702.01024 (2017). http://arxiv.org/abs/1702.01024CrossRef

Business Process Model: Notation (BPMN) Version 2.0. OMG Specification, Object Management Group (2011). Accessed 1 Feb 2018

Calcaterra, C., Kaal, W.A., Vlad, A.: Semada technical white paper - a decentralized platform for verified reputation - version 0.3. https://docs.google.com/document/d/1rMpcaO5rlXw5RxUCDy_e_his6DSdrDfUS9qwcgWHAAw/edit (2017). Accessed 25 Feb 2018

Didil (Pseudonym): Off-chain data storage: Ethereum & IPFS - saving on gas. https://medium.com/@didil/off-chain-data-storage-ethereum-ipfs-570e030432cf (2017). Accessed 31 Jan 2018

Felderer, M., Büchler, M., Johns, M., Brucker, A.D., Breu, R., Pretschner, A.: Security testing: a survey. In: Advances in Computers, vol. 101, pp. 1–51. Elsevier (2016)

Huckle, S., Bhattacharya, R., White, M., Beloff, N.: Internet of Things, blockchain and shared economy applications. Procedia Comput. Sci. 98, 461–466 (2016)CrossRef

Benet, J.: IPFS - content addressed, versioned, P2P file system. https://ipfs.io/ipfs/QmR7GSQM93Cx5eAg6a6yRzNde1FQv7uL6X1o4k7zrJa3LX/ipfs.draft3.pdf (2017). Accessed 17 Jan 2018

10.

Kobeissi, N.: Cryptocat blog - moving to a browser app model. https://web.archive.org/web/20130206114001/blog.crypto.cat/2012/08/moving-to-a-browser-app-model/ (2012). Accessed 3 Nov 2017

11.

Leiding, B., Cap, C.H., Mundt, T., Rashidibajgan, S.: Authcoin: validation and authentication in decentralized networks. In: The 10th Mediterranean Conference on Information Systems - MCIS 2016, Cyprus, CY, September 2016

12.

Leiding, B., Memarmoshrefi, P., Hogrefe, D.: Self-managed and blockchain-based vehicular ad-hoc networks. In: Proceedings of the 2016 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct, pp. 137–140. ACM (2016)

13.

McCorry, P., Shahandashti, S.F., Clarke, D., Hao, F.: Authenticated key exchange over bitcoin. In: Chen, L., Matsuo, S. (eds.) SSR 2015. LNCS, vol. 9497, pp. 3–20. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-27152-1_1CrossRef

14.

McGraw, G.: Software security. IEEE Secur. Priv. 2(2), 80–83 (2004)CrossRef

15.

McGraw, G.: Automated code review tools for security. Computer 41(12), 108–111 (2008)CrossRef

16.

Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. https://bitcoin.org/bitcoin.pdf (2008). Accessed 17 Jan 2018

17.

Nguyen, Q.K.: Blockchain - a financial technology for future sustainable development. In: International Conference on Green Technology and Sustainable Development (GTSD), pp. 51–54. IEEE (2016)

18.

Norta, A., Vedeshin, A., Rand, H., Tobies, S., Rull, A., Poola, M., Rull, T.: Self-aware agent-supported contract management on blockchains for legal accountability. https://docs.agrello.org/Agrello-Self-Aware_Whitepaper-English.pdf (2017). Accessed 17 Jan 2018

19.

O’Leary, D.E.: Configuring blockchain architectures for transaction information in blockchain consortiums: the case of accounting and supply chain systems. Intell. Syst. Account. Finan. Manag. 24(4), 138–147 (2017)CrossRef

20.

Ouaddah, A., Elkalam, A.A., Ouahman, A.A.: Towards a novel privacy-preserving access control model based on blockchain technology in IoT. In: Rocha, Á., Serrhini, M., Felgueiras, C. (eds.) Europe and MENA Cooperation Advances in Information and Communication Technologies. AISC, pp. 523–533. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-46568-5_53CrossRef

21.

Popov, S.: The tangle, version 1.3. https://pdfs.semanticscholar.org/13ec/26512f6602a5184aa3beb6193694dc8c9974.pdf (2017). Accessed 7 Feb 2018

22.

Rennie, D.: Editorial peer review: its development and rationale. Peer Rev. Health Sci. 2, 1–13 (2003)

23.

Rigby, P.C., German, D.M., Storey, M.A.: Open source software peer review practices: a case study of the apache server. In: Proceedings of the 30th International Conference on Software Engineering, pp. 541–550. ACM (2008)

24.

Rigby, P.C., Storey, M.A.: Understanding broadcast based peer review on open source software projects. In: Proceedings of the 33rd International Conference on Software Engineering, pp. 541–550. ACM (2011)

25.

Rowland, F.: The peer-review process. Learn. Publish. 15(4), 247–258 (2002)CrossRef

26.

SALT Technology Ltd.: Salt - blockchain-backed loans. https://membership.saltlending.com/files/abstract.pdf (2017). Accessed 17 Jan 2018

27.

Schneier, B.: Cryptocat - Schneier on security. https://www.schneier.com/blog/archives/2012/08/cryptocat.html (2012). Accessed 3 Nov 2017

28.

Steemit Inc.: Steem - an incentivized, blockchain-based, public content platform. https://steem.io/SteemWhitePaper.pdf (2017). Accessed 19 Dec 2017

29.

Teridion Blog: CDN security: are CDNs safe? https://www.teridion.com/2017/02/are-cdns-safe/ (2017). Accessed 31 Jan 2018

Title: Ensuring Resource Trust and Integrity in Web Browsers Using Blockchain Technology
Authors: Clemens H. Cap
Benjamin Leiding
Publisher: Springer International Publishing
Book: Advanced Information Systems Engineering Workshops
Print ISBN: 978-3-319-92897-5

Electronic ISBN: 978-3-319-92898-2

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-92898-2_9

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner