Security Analysis
In this section, we discuss the security properties of the proposed
blockchain COVID-19 data tracking solution in addressing core security
concerns related to integrity, accountability, authorization,
non-repudiation and resistance to cyberattacks such as Distributed
Denial of Service (DDoS) attack .
Integrity. It is important to guarantee the integrity and
maintain data consistency when obtaining information from oracles
related to COVID-19 statistics. Our solution ensures that the
information added to the new block is collected from the right group
oracles by making sure that miners verify these transactions to assure
the truthfulness and validity of data. Moreover, once information is
added to the blockchain network then it becomes very difficult to tamper
with it due to its decentralized structure and combination of
cryptography and sequential hashing, unlike a traditional standard
database.
Accountability. Every user or stakeholder is held responsible
for their actions on the ledger. This is because whenever a user
executes a function in the smart contract then this action call is
traced back to the Ethereum caller’s address.
Authorization. Securing data access in blockchain networks is
essential for ensuring that only users with authorized access can
participate and add appropriate data accordingly. Our proposed solution
makes sure that all oracles are first registered using the registration
smart contract then only they are allowed to interact with the
aggregator smart contract. This shows that the presented approach
satisfies the authorization and authentication controls needed for a
reliable tracking system. Moreover, the blockchain infrastructure
ensures that each data block is fully encrypted before it gets added to
the chain of existing blocks. Thus, if an attacker were to gain access
to the blockchain data and network then this does not certainly mean
that the attacker would be able to retrieve and read the information due
to the use end-to-end encryption methods. Only authorized users can
decrypt and see this information through the use of their private keys.
This would encourage many countries to use such a system as it promotes
data access control and data confidentiality by using the latest
cryptographic algorithms to generate public/private key combinations
which reply on solving integer factorization problems that are almost
impossible to crack using current computing power.
Non-repudiation. All transactions are digitally signed and
timestamped when added to the blockchain. This indicates that users or
organizations can trace back a particular transaction at a specific time
and accordingly identify the user behind that transaction using their
public address. This security property reassures users since no one can
duplicate their signature on a transaction that has not been created by
them. This enhances the system reliability as it becomes easier to
detect fraudulent transactions because every transaction stored in the
ledger is cryptographically connected to its user. This auditing
capability provides authenticity, transparency and security over every
transaction.
Resistance to cyberattacks. Cyberattacks have become
progressively more complex due to the increasing use of sophisticated
malware and threat from professional cyber organizations. Users or
organizations with malicious intent attempt to steal valuable data such
as financial data, personal identifiable information, intellectual
property, health records etc. Several strategies such as monetizing data
access through the use of advanced ransomware techniques or disrupting
business operations through DDoS attacks have been attempted. DDoS
attacks in particular result in service disruption of websites and
mobile apps causing an increase in losses to businesses. However, such
attacks are costly and difficult to execute in blockchain platforms as
they would need to transact large volumes of small transactions to
dominate the network. The peer-to-peer and decentralization structure of
blockchain technology potentially helps improve its cyber defence as the
platform can prevent malicious activities through robust consensus
algorithms and detect data tampering due to its inherent features such
as transparency, immutability, data encryption, auditability and
operational resilience due to no single point of failure.
Challenges
Even though blockchain has great potential in combating COVID-19
outbreak, some challenges have to be considered. In this section, we
highlight some of these major challenges along with the recent attempts
carried out to address them.
Shortage of skilled workforce. Building a blockchain platform
requires a variety of skill sets ranging from security, app development
to business and engineering and other related areas. Drane reported that
the blockchain industry suffers from a dearth of talent . This causes
problems for companies in hiring and nurturing talent. As a result,
companies are finding various ways to fill this talent gap from
conducting in-house training and outsourcing to hiring new collar
workers . Companies such as IBM are designing their private training
centres to quickly train their employees to fill the vacancies of
blockchain-related jobs while other organizations are outsourcing these
jobs to freelancers and agencies that specialize in this line of work.
However, new collar workers, on the other hand, is a term used to
describe jobs that do not require college degrees but requires training
instead. This approach is effective for companies that do not have the
time to wait for college graduates to occupy these vacancies as they are
competing in a competitive environment. As a result, several higher
education institutes are offering online blockchain training courses.
Scalability. The blockchain network traffic becomes bulky as
the number of transactions increases every day. Every node on the
blockchain has to store all validated transactions and this becomes an
obstacle as there is a restriction on the block size and time interval
used to create a new block. Current blockchain platforms process only a
few transactions per second which becomes problematic as millions of
transactions are needed to be processed in real-time. Since the block
size is limited this causes small transactions to be delayed as miners
prefer to validate transactions with high transaction fees . VerSum
proposed a novel scheme that allows lightweight clients to subcontract
expensive computations of large inputs to ensure that the computation
result obtained multiple servers is correct by comparing individual
results obtained.
Selfish Mining. Blockchain is vulnerable to attacks plotted by
selfish miners even if only a small amount of the hashing power is used
to cheat the network. The strategy used by selfish miners is that they
create a private branch by mining blocks without broadcasting and they
publish the private chain only when it is longer than the current public
chain . They mine this chain without competitors meanwhile honest miners
waste their resources on mining a useless branch. As a result, by doing
so selfish miners earn more revenue. To tackle this problem, ZeroBlock
built a simple scheme in which each block must be created and accepted
within a specific time interval. Hence, selfish miners would be unable
to earn more than their expected reward .
Legal Issues. The most important concern during this COVID-19
pandemic is related to the data being accessed, stored and shared in the
blockchain network as a distributed database. Since there are several
issues with regard to policies and laws that need to be resolved by
various parties including the international health organizations,
country leaders and international policymakers to introduce new
regulations related health policy, data sharing, digital health-service
related policy and issues associated with digital inequality, digital
connectivity and digital divide that mainly exists in underdeveloped
countries.
Privacy Concerns. Blockchain technology is susceptible to
privacy leakage as balances and details of all public keys are made
transparent to all members of the network. However, there have been two
proposed solutions that are divided into mixing solution and anonymous
solution to achieve anonymity in blockchains. Mixing service provides
anonymity by using multiple input addresses to transfer funds to
multiple output addresses while anonymous is a service which prevents
transaction graph analysis by unlinking the payment origins for a
transaction.
Future Directions
Overall, our proposed solution is generic enough that it can be adapted
to cater to data collection and report statistics on other infectious
diseases including Malaria, HIV and TB etc. This is possible as
blockchain encourages the sharing and reporting of data among
stakeholders in a network. The proposed solution could be used
streamline communication between patients and healthcare professionals.
It can connect all research and healthcare communities within the same
network to use and share a trusted secure database that is tamper-proof.
Furthermore, the oracles in the network could be rewarded by increasing
their credibility to encourage them to report accurate data in
real-time. However, it should be noted that all relevant stakeholders
must be involved in implementing the proposed solution so that it is
sustainable, efficient and trustworthy. This interaction is particularly
important in areas with underserved communities.