In his talk, the author aims to give an overview of his curious way into security research that culminates in experiencing the Estonian elD system with all its pros and cons. Realizing that government-based identity authentication is potentially a threat to the freedoms of individual citizens, the keynote speech focuses on ongoing research about the non-governmental blockchain-based Authcoin system that is developed formally using Colored Petri Nets (CPN) and further security checked with a set of security risk-oriented patterns (SRP). The initial formal model of Authcoin facilitates the detection and elimination of design flaws, missing specifications as well as security-and privacy issues. The additional risk- and threat analysis based on the Information Systems Security Risk Management (ISSRM) domain model, we perform on the formal CPN models of the protocol. The identified risks are mitigated by applying security risk patterns (SRP) to the formal model of the Authcoin protocol. SRPs are a means to mitigate common security- and privacy risks in a business-process context by applying thoroughly tested and proven best-practice solutions. Thus, by applying such a security test on the untypical domain of the highly distributed CPN-formalized Authcoin protocol, we perform a stress test for the ISSRM and existing set of SRPs that yields limitations, open issues and scope for future work. Since Authcoin is implemented as a first feasibility prototype with the blockchain-based Qtum smart-contracts system for which Alex wrote the ICO-whitepaper, he presents also the planned technical realization path for Authcoin.
展开▼