Security Analysis

In this section, we discuss the security properties of the proposed blockchain COVID-19 data tracking solution in addressing core security concerns related to integrity, accountability, authorization, non-repudiation and resistance to cyberattacks such as Distributed Denial of Service (DDoS) attack .
Integrity. It is important to guarantee the integrity and maintain data consistency when obtaining information from oracles related to COVID-19 statistics. Our solution ensures that the information added to the new block is collected from the right group oracles by making sure that miners verify these transactions to assure the truthfulness and validity of data. Moreover, once information is added to the blockchain network then it becomes very difficult to tamper with it due to its decentralized structure and combination of cryptography and sequential hashing, unlike a traditional standard database.
Accountability. Every user or stakeholder is held responsible for their actions on the ledger. This is because whenever a user executes a function in the smart contract then this action call is traced back to the Ethereum caller’s address.
Authorization. Securing data access in blockchain networks is essential for ensuring that only users with authorized access can participate and add appropriate data accordingly. Our proposed solution makes sure that all oracles are first registered using the registration smart contract then only they are allowed to interact with the aggregator smart contract. This shows that the presented approach satisfies the authorization and authentication controls needed for a reliable tracking system. Moreover, the blockchain infrastructure ensures that each data block is fully encrypted before it gets added to the chain of existing blocks. Thus, if an attacker were to gain access to the blockchain data and network then this does not certainly mean that the attacker would be able to retrieve and read the information due to the use end-to-end encryption methods. Only authorized users can decrypt and see this information through the use of their private keys. This would encourage many countries to use such a system as it promotes data access control and data confidentiality by using the latest cryptographic algorithms to generate public/private key combinations which reply on solving integer factorization problems that are almost impossible to crack using current computing power.
Non-repudiation. All transactions are digitally signed and timestamped when added to the blockchain. This indicates that users or organizations can trace back a particular transaction at a specific time and accordingly identify the user behind that transaction using their public address. This security property reassures users since no one can duplicate their signature on a transaction that has not been created by them. This enhances the system reliability as it becomes easier to detect fraudulent transactions because every transaction stored in the ledger is cryptographically connected to its user. This auditing capability provides authenticity, transparency and security over every transaction.
Resistance to cyberattacks. Cyberattacks have become progressively more complex due to the increasing use of sophisticated malware and threat from professional cyber organizations. Users or organizations with malicious intent attempt to steal valuable data such as financial data, personal identifiable information, intellectual property, health records etc. Several strategies such as monetizing data access through the use of advanced ransomware techniques or disrupting business operations through DDoS attacks have been attempted. DDoS attacks in particular result in service disruption of websites and mobile apps causing an increase in losses to businesses. However, such attacks are costly and difficult to execute in blockchain platforms as they would need to transact large volumes of small transactions to dominate the network. The peer-to-peer and decentralization structure of blockchain technology potentially helps improve its cyber defence as the platform can prevent malicious activities through robust consensus algorithms and detect data tampering due to its inherent features such as transparency, immutability, data encryption, auditability and operational resilience due to no single point of failure.

Challenges

Even though blockchain has great potential in combating COVID-19 outbreak, some challenges have to be considered. In this section, we highlight some of these major challenges along with the recent attempts carried out to address them.
Shortage of skilled workforce. Building a blockchain platform requires a variety of skill sets ranging from security, app development to business and engineering and other related areas. Drane reported that the blockchain industry suffers from a dearth of talent . This causes problems for companies in hiring and nurturing talent. As a result, companies are finding various ways to fill this talent gap from conducting in-house training and outsourcing to hiring new collar workers . Companies such as IBM are designing their private training centres to quickly train their employees to fill the vacancies of blockchain-related jobs while other organizations are outsourcing these jobs to freelancers and agencies that specialize in this line of work. However, new collar workers, on the other hand, is a term used to describe jobs that do not require college degrees but requires training instead. This approach is effective for companies that do not have the time to wait for college graduates to occupy these vacancies as they are competing in a competitive environment. As a result, several higher education institutes are offering online blockchain training courses.
Scalability. The blockchain network traffic becomes bulky as the number of transactions increases every day. Every node on the blockchain has to store all validated transactions and this becomes an obstacle as there is a restriction on the block size and time interval used to create a new block. Current blockchain platforms process only a few transactions per second which becomes problematic as millions of transactions are needed to be processed in real-time. Since the block size is limited this causes small transactions to be delayed as miners prefer to validate transactions with high transaction fees . VerSum proposed a novel scheme that allows lightweight clients to subcontract expensive computations of large inputs to ensure that the computation result obtained multiple servers is correct by comparing individual results obtained.
Selfish Mining. Blockchain is vulnerable to attacks plotted by selfish miners even if only a small amount of the hashing power is used to cheat the network. The strategy used by selfish miners is that they create a private branch by mining blocks without broadcasting and they publish the private chain only when it is longer than the current public chain . They mine this chain without competitors meanwhile honest miners waste their resources on mining a useless branch. As a result, by doing so selfish miners earn more revenue. To tackle this problem, ZeroBlock built a simple scheme in which each block must be created and accepted within a specific time interval. Hence, selfish miners would be unable to earn more than their expected reward .
Legal Issues. The most important concern during this COVID-19 pandemic is related to the data being accessed, stored and shared in the blockchain network as a distributed database. Since there are several issues with regard to policies and laws that need to be resolved by various parties including the international health organizations, country leaders and international policymakers to introduce new regulations related health policy, data sharing, digital health-service related policy and issues associated with digital inequality, digital connectivity and digital divide that mainly exists in underdeveloped countries.
Privacy Concerns. Blockchain technology is susceptible to privacy leakage as balances and details of all public keys are made transparent to all members of the network. However, there have been two proposed solutions that are divided into mixing solution and anonymous solution to achieve anonymity in blockchains. Mixing service provides anonymity by using multiple input addresses to transfer funds to multiple output addresses while anonymous is a service which prevents transaction graph analysis by unlinking the payment origins for a transaction.

Future Directions

Overall, our proposed solution is generic enough that it can be adapted to cater to data collection and report statistics on other infectious diseases including Malaria, HIV and TB etc. This is possible as blockchain encourages the sharing and reporting of data among stakeholders in a network. The proposed solution could be used streamline communication between patients and healthcare professionals. It can connect all research and healthcare communities within the same network to use and share a trusted secure database that is tamper-proof. Furthermore, the oracles in the network could be rewarded by increasing their credibility to encourage them to report accurate data in real-time. However, it should be noted that all relevant stakeholders must be involved in implementing the proposed solution so that it is sustainable, efficient and trustworthy. This interaction is particularly important in areas with underserved communities.