International Journal of Cyber and IT Service Management (IJCITSM) p-ISSN: 2797-1325 Vol.
1 No.
1 April 2021 e-ISSN: 2808-554X PoTS: Proof of Tunnel Signature for Certificate Based on Blockchain Technology Dewi Immaniar1.
Nur Azizah 2.
Dedeh Supriyanti3.
Nanda Septiani4.
Marviola Hardini5 University of Raharja1,2,3,4,5 Jenderal Sudirman No.
Cikokol.
Kota Tangerang1,2,3,4,5 Indonesia1,2,3,4,5 e-mail: dewi.
immaniar@raharja.
Nur.
Azizah@raharja.
info2, dedeh@raharja.
septiani@raharja.
info4, marviola@raharja.
To cite this document:
Immaniar.
Azizah.
Supriyanti.
Septiani.
, & Hardini.
PoTS: Proof of Tunnel Signature for Certificate Based on Blockchain Technology.
International Journal of Cyber and IT Service Management (IJCITSM), 1.
, 101-114.
Retrieved from https://iiast-journal.
org/ijcitsm/index.
php/IJCITSM/article/view/28 DOI:
https://doi.
org/10.
34306/ijcitsm.
Abstract Proof of Tunnel Signature (PoTS) is designed to avoid the main problems found in certificates based on Blockchain technology.
In this case, it is so closely related to Cybersecurity.
A lightweight protocol such as a Certificate Authenticated Key Agreement (CAKA) is needed to reduce the vulnerability of a system's operation, namely overcoming management overhead by using a decentralized system according to the characteristics of Blockchain Technology.
PoTS is the second stage after determining the Key Agreement (KA) or certificate hash in authenticating a node, and this is also a significant step in minimizing computation costs.
The nodes generated after the signing process remain anonymous and can be verified optimally.
Smart contracts are also used as a support so that this research can ensure transparency and openness of transaction nodes to maintain and improve the efficiency of transaction security for a certificate based on Blockchain Technology.
Keywords: PoTS.
CAKA.
Blockchain.
Tunnel Signature.
Smart Contracts Introduction By utilizing one part of Blockchain Technology .
, namely smart contracts, all information and communication in realizing the Authenticated Key Agreement (AKA) Protocol requires 3 .
roles of cryptographic settings .
, namely: Identity Based (ID Car.
, certificate model, and also Private Key Infrastructure (PKI).
Literally PKI will perform encryption directly by using 2 .
cryptographic keys such as a public key and a private key .
Where the key digitally can emphasize trust in digital assets such as certificates.
However, such heavy management can cause the standard of using public keys to decline, making it too risky.
Therefore, the associated private n 101 Copyright A 2021 Dewi Immaniar1.
Nur Azizah 2.
Dedeh Supriyanti3.
Nanda Septiani4.
Marviola Hardini5.
This work is licensed under a Creative Commons Attribution 4.
0 (CC BY 4.
International Journal of Cyber and IT Service Management (IJCITSM) p-ISSN: 2797-1325 Vol.
1 No.
1 April 2021 e-ISSN: 2808-554X key needs to be generated by a system called Key Generation Center (KGC) with a smart contract so that the user's security can be specifically guaranteed .
Figure 1.
Scheme Key Generation Center (KGC) Theoretically.
KGC is a robust system capable of monitoring all ID-based cryptographic activities .
The components that support the operation of cryptography consist of 2 .
things, namely the partial private key of the ID-based KGC output, which has the function of an implicit To complete the private key requires an uncertified independent public key that is immune to user fraud.
KGC and even changes to the public key.
Several attempts were made by previous researchers in building a secure CAKA protocol, but not a few also have computation and require a strong network.
The efficiency level of CAKA is proposed through PoTS to improve blockchain technology-based security .
The protocol that operates applies a decentralized system where the server needs to manage the data generated by PoTS.
The scheme is used to assign keys with light computation capability and remain With this explanation, it can be said that PoTS synergizes in contributing to securing the interests of a decentralized blockchain technology certificate architecture through CAKA .
Related Works Previous research has been designed but there are still deficiencies in privacy and security issues in cryptographic systems, where in the use of PoTS there is a management point that is vulnerable to being targeted by crime when entering the storage process.
CAKA's decentralized system is required to promote PoTS privacy .
A key update between the PoTS clients was proposed based on the AKA pair, and it proved to provide more efficient robustness features .
So, starting to propose an anonymous authentication scheme based on pairs for PoTS because the system is lighter and more secure .
Introduced 3 .
layer levels covering intermediate, sensor nodes and hubs, besides that, high costs are required to support infrastructure and minimize problems that arise .
Sensor nodes and intermediate nodes form the first tier.
Intermediate nodes and hubs form the second tier.
Hub and server nodes form the third tier.
The proposed protocol uses a tunnel to allow user authentication without disclosing identity, even though the server knows that the user is a member of the tunnel but the details of the identity remain unknown .
Provided many security and authentication requirements are carried out to be paired with Blockchain Technology-based IoT, to ensure that the protocol is safe and runs well on PoTS, performance evaluation is carried out .
PoTS: Proof of Tunnela.
n102 International Journal of Cyber and IT Service Management (IJCITSM) p-ISSN: 2797-1325 Vol.
1 No.
1 April 2021 e-ISSN: 2808-554X Reference PKC Security ECC Assumption security model Tong et al.
ID-based AKA Key-update no Pairing CDH Jiang et al.
ID-based AKA Anonymity Pairing CDH Shalif et al.
ID-based AKA Avoid wrong key attack No Pairing CDH in ROM Jia et al.
ID-based AKA Anonymous Pairing BDH.
BRP Model Saeed et al.
ID-based AKA Light-weight Pairing CDH in ROM Hassan et al.
ID-based AKA Anonymity Pairing BDH in ROM Li et al.
ID-based.
PKI Heterogeneou Pairing BDH in ROM Gervais et al.
CLAKA
Blockchain No Pairing CDH in ROM Dwivedi et al.
ID-based Blockchain No Pairing DLP Zhao et al.
ID-based Key No Pairing DLP Mada et al.
ID-based Off PAD AKA No Pairing AVISPA Table 1.
Evaluation of Protocol Work As shown in Table 1.
The certificate data is encrypted using the recipient's public key and decrypted using the recipient's private key.
The digital tunnel signature is used for node authentication, this can be proposed to be efficient key management for the blockchain because in the PoTS protocol, the nodes generate backups and recover the keys used in the blockchain.
Each block is encrypted with a different key to provide private data security .
Contributions and Inspirations A lightweight CAKA is required in accordance with Blockchain Technology-based PoTS where authorized users can authenticate each other, besides that the blockchain also has various security features.
Blockchain avoids the point of failure by utilizing blockchain nodes which can verify user data .
If it is not collaborated with Blockchain.
PoTS will be vulnerable to activities that threaten security and privacy such as leakage of confidential information, impersonation and hacking from hackers.
The problems that have been described have inspired to speed up the submission of the CAKA protocol so that the architecture can be decentralized .
The first step is to prevent major problems in PoTS by designing a new efficient CAKA protocol based on Blockchain Technology .
hash functions are used in one operation to improve protocol performance.
The second step was to introduce CAKA's decentralized architecture.
PoTS is used between blockchain nodes.
The signing nodes remain anonymous while the other nodes PoTS: Proof of Tunnela.
n103 International Journal of Cyber and IT Service Management (IJCITSM) p-ISSN: 2797-1325 Vol.
1 No.
1 April 2021 e-ISSN: 2808-554X totaling are tasked with verification, this is a tremendous advantage and benefit in reducing computation costs.
The final step is to carry out a thorough analysis of the security that meets the PoTS security requirements .
Research Methods 1 Flashback to Blockchain Technology In the world of academia and industry, one of the important roles that a keyword can be found in Cryptocurrency, which is closely related is Bitcoin which has been famous for the size of the capital market because it became the world's first digital or e-cash system .
Bitcoin is an implementation of intermediate blockchain technology that has contributed to a breakthrough in the field of special data storage structures .
, blockchain is considered a general ledger where every transaction is stored in a distributed blockchain .
For user security which has the main characteristics of being decentralized, asymmetric cryptography is implemented with a distributed consensus algorithm .
can be said that the existence of blockchain can increase efficiency and minimize costs, 2 .
categories of Blockchain are:
Private Blockchain: A licensed blockchain is for example an intranet for institutions that use it for specific purposes and need to be monitored .
Public Blockchain: A permissionless blockchain where each node has participation in adding blocks In accordance with the disruption that is currently being announced.
Blockchain technology has experienced a very significant evolution, where there are 3 categories such as .
: Financial transactions and money transfers using Blockchain 1.
0, penetrating into bonds, stocks, loans and mortgages starting to adopt Blockchain 2.
0, then public services, security systems and the Internet of Things are also starting to focus on Blockchain implementation .
2 Blockchain Architecture Genesis Blockchain is the term used for the first block in Blockchain technology but does not have a parent block .
However, in general, a block consists of the hash of the parent block and the block header, which will be illustrated by the proposed Blockchain technology in Figure 2.
Block Figure 1 shows that to create a block, it must consist of a header and a block body.
can be said that the header must fulfill the following components:
Merkle Root Hash: Shows the hash value in a block for all transactions .
Timestamp: Shows the actual time in universal time.
Block Version: In order to know which block validation to follow one should see this section.
Nonce: This is a 4 byte field starting with 0 and increasing for each hash nBits: indicates the target threshold of valid hash blocks.
Parent Block Hash: This is a 256 bit hash value that points to the previous PoTS: Proof of Tunnela.
n104 International Journal of Cyber and IT Service Management (IJCITSM) p-ISSN: 2797-1325 Vol.
1 No.
1 April 2021 e-ISSN: 2808-554X Figure 2.
Simple Blockchain Framework Transaction and block size affect the number of transactions contained in a block.
To be able to validate the authenticity of transactions it is necessary to use an asymmetric cryptography system, because it uses a digital signature based on Blockchain Technology for legitimate nodes .
Digital signature Each node on blockchain technology has a private key and public key pair, and to maintain transaction security, the private key may not be used to sign transactions or be published .
Because essentially signed transactions are propagated to each node to verify the source.
Digital signature consists of 2 steps, such as the signature process and the verification stage, this is to ensure that data is not tampered with or altered.
In this research.
Tunnel Signature is used to reduce computation costs and is considered more efficient .
Figure 3.
is a Blockchain data stream illustrated with nodes and validation against the Blockchain chain.
PoTS: Proof of Tunnela.
n105 International Journal of Cyber and IT Service Management (IJCITSM) p-ISSN: 2797-1325 Vol.
1 No.
1 April 2021 e-ISSN: 2808-554X Figure 3.
PoTS Blockchain Framework In Figure 3.
it is assumed that one node (Node A) records transactions and the other nodes verify the authenticity of transactions and approve them .
It is sent to the blockchain node for each block of transactions that have been made, then the block is broadcast on the chain to be seen by all connected chains .
Validation can be performed by a number of nodes that are not on their behalf, then after validation the transaction will be entered into the general ledger .
Nodes cannot perform simultaneous transactions because there is node selection based on the Proof of Work (PoW).
Proof of Stake (PoS) and Proof of Tunnel (PoT) mechanisms.
4 Characteristics of Blockchain There are 4 .
main characteristics of Blockchain that are carried out in this research which can be seen as follows .
Anonymity: The identity of the interaction of each node with the Blockchain via the resulting address is undisclosed / confidential.
Persistence: Where transaction validation is performed and any invalid transactions are not recognized.
It is almost impossible to delete a transaction once it is entered on the blockchain, because blockchain has immutable characteristics .
Decentralization: In blockchain, centralized work systems are no longer used, because no one has control over sensitive data.
Each consensus algorithm is used to maintain data in a distributed network to maintain consistency .
Auditability: Once the current transaction is recorded, the transaction status can be verified and tracked.
Implementation PoTS: Proof of Tunnela.
n106 International Journal of Cyber and IT Service Management (IJCITSM) p-ISSN: 2797-1325 Vol.
1 No.
1 April 2021 e-ISSN: 2808-554X 1 CAKA Protocol Desain The application of the certificate system faces various security problems such as wiretapping, data modification, impersonation and duplication .
So as a rejection step strong systems and security techniques .
uthentication, encryption, session key.
are needed to prevent the mentioned threats.
In this section, a system and security model for the CAKA protocol based on blockchain technology is presented .
System model The model proposed for blockchain-based PoTS includes three entities (Controller C.
KGC and Blockchain node.
To control node N.
KGC needs to identify entities and calculate private After the session key has been completed, both users can authenticate with each other to secure data transmission .
It should be noted that Figure 4 illustrates the proposed system model when two entities communicate and avoid various attacks, as steps 1 and 2 represent the data transmission process during node authentication after key generation .
Figure 4.
System Model Design N blockchain nodes: In charge of collecting data from controllers and will broadcast to other blockchain nodes, also known as collector nodes.
The controller collects data from E-Certificate ABC and sends it to the blockchain node via the internet .
Before sending data to the blockchain.
B performs calculations for the public key as data security with Blockchain N nodes.
And in this session every data sent from B to blockchain N nodes will be encrypted .
KGC can generate a list of system parameters, so KGC is dedicated to registering N nodes as well as a decentralized B controller .
And it should be noted that KGC cannot know about the private keys of nodes N and B.
Before sending data to the Blockchain, a consensus message needs to be sent first to node N and broadcast to the Blockchain as stage 1.
The session key is used to encrypt when B sends M messages to the Blockchain .
And at that time N will get a message using K's key session to restore the blockchain-permitting form, namely M.
PoTS: Proof of Tunnela.
n107 International Journal of Cyber and IT Service Management (IJCITSM) p-ISSN: 2797-1325 Vol.
1 No.
1 April 2021 e-ISSN: 2808-554X In step 2 N broadcasts a consensus message to the Blockchain, each node can verify the authenticity of node N and get a message from node N.
We have obtained two principles of security and privacy in PoTS according to the proposed protocol design for data protection .
a requirement that must be considered, when the PoTS system is implemented with blockchain technology, it must meet the security properties of data integrity, authentication security, no rejection and also privacy .
2 Proof of Tunnel Signature (PoTS) Design The author displays the tunnel signature and uses it to verify blockchain nodes with anonymity in mind.
cryptographic hash functions H1.
H2, and H3 are selected for H1: .
, .
* Ie Ey,*.
H2 : .
* Ie Ey,* and H3 : Ei1 Ie Ey,* which is defined as the counter f = e (P.
P) to make a concrete signature.
The computed Proof of Tunnel Signature:
ycu Oa yce.
cNyayaycn, ycEyayayaycn ycyayaycnycIyayayc.
ycn ycu = yce.
cNyaya , ycEyayaya ya ya ycyayaycnycIyayayc.
Oa yce.
cNyayaycn, ycEyayayaycn ycyayaycnycIyayayc.
ycn, ycn Oya ycu = ((Ea y.
ycEycIyaya , ycuyaya .
cEycyycyca ya2.
aya y.
ycE) ycyaya ya ya ycyaya ycE ya ya ycEycyycyca ya2.
aya y.
ycE)) y Oa yce.
cNyayaycn, ycEyayayaycn ycyayaycnycIyayayc.
ycn, ycn Oya ycu = yce((Ea y.
ycEycIyaya , .
cuyaya ya ya ycyaya ) .
co ya2.
aya y.
)ycE) Oa yce.
cNyayaycn, ycEyayayaycn ycyayaycnycIyayayc.
ycn, ycn Oya ya ycu = yce((Ea y.
ycE, ycE) Oa yce.
cNyayaycn, ycEyayayaycn ycyayaycnycIyayayc.
ycn, ycn Oya Ea yc =yce Ea yc =yce yce ycu Oa yce.
cNyayaycn, ycEyayayaycn ycyayaycnycIyayayc.
ycn, ycn Oya ycu ya .
cA, yc, ya, ycEy.
Oa yce.
cNyayaycn, ycEyayayaycn ycyayaycnycIyayayc.
= yce 2 yc ycn, ycn Oya 3 New Protocol Design Analysis An analysis was performed for the performance of the new proposed protocol and various security properties by comparing it with other protocols.
Features Fog-Driven
IoT
WBAN
Key Escrow Anonymity Key Compromise Impersonatio Immutability PoTS: Proof of Tunnela.
Akaiots PoTS n108 International Journal of Cyber and IT Service Management (IJCITSM) p-ISSN: 2797-1325 Vol.
1 No.
1 April 2021 e-ISSN: 2808-554X Verifiability Decentralize Consensus uia uia uia Table 2.
Security Properties Collation In Table 2.
A comparison is made for the security properties between the PoTS protocol design with Fog-Driven IoT.
WBAN, and Akaiots .
Comparison has also been made in Table 3.
Including communication and computation costs, the proposed protocol design is represented by performing Vh: one-way hash function time.
Ve: bilinear pair execution time.
Vm: scalar multiplication time, and Vse: encryption / decryption execution time symmetrical.
Computations Cost Schemes Communication Cost Client Server Fog-Drive n IoT .
Ey*q 4G1 4v.
2Vm 5Vh Ve 2Vm 4Vh Ve WBAN .
ID 2Ey*q 2G1 2v.
Vse 9Vm 9Vh Vse 2Ve 5Vm 10Vh 2Vse Akaiots .
Ey*q 4G1 2vc 2ID| PoTS .
ID 2Ey*q 2G.
Ve 2Vm Ve 2Vm Table 3.
The Collation Based on Communication and Computation Costs PoTS: Proof of Tunnela.
n109 International Journal of Cyber and IT Service Management (IJCITSM) p-ISSN: 2797-1325 Vol.
1 No.
1 April 2021 e-ISSN: 2808-554X Figure 5.
Computation Cost of Client Figure 6.
Communication cost on different protocols The results of the implementation in Figure 5 and Figure 6 show the cost of computing the client / controller and server / node for the 4 .
protocols being compared .
, this shows that the proposed PoTS protocol has lower computation costs than other Table 4.
Shows the q and p sizes for the three security levels which are at 80-bit, 112-bit and 128-bit.
Security Level Size of q Size of p 80-bit 112-bit 128-bit Table 4.
Bits Size Levels of The Three Security Formula
Descriptions CAKA
Certificate Authenticated Key Agreement
KGC
Key Generation Center Ei A cyclic additive group A prime order of group Ei PoTS: Proof of Tunnela.
n110 International Journal of Cyber and IT Service Management (IJCITSM) p-ISSN: 2797-1325 Vol.
1 No.
1 April 2021 e-ISSN: 2808-554X Bilinear Mapping Ppub A public key of KGC An identity/user IDi A user identity ycycn A secret value of entity ycEycIyaya Private key of entity ycEycIyaya Private key for a signing node ya Table 5.
Notations Descriptions Conclusion and Future Work The proposed Blockchain Technology based CAKA protocol for PoTS has been successfully proposed.
CAKA provides security features such as decentralization, immutability and PoTS avoids management fraud, this is recognized by the performance evaluation which shows that PoTS is considered efficient and in accordance with CAKA.
This research is adjusted to the development of blockchain which currently occupies Blockchain 3.
0, and is starting to expand into various fields of science.
Judging from the research results obtained, it can be concluded that 7 Security Properties such as: Key compromise impersonation.
Key escrow.
Anonymity.
Decentralized.
Immutability.
Verifiability, and Consensus, can be fulfilled with the implementation of Blockchain-based PoTS.
In the future there is a big possibility in this field to conduct further research on CAKA Design as an implementation of Blockchain-based PoTS.
The CAKA protocol which is heterogeneous in nature can allow entities to have a key that is authenticated with a cryptographic system in a digital certificate.
Acknowledgments The author would like to thank Ristek-Brin.
Kominfo Tangerang.
University of Raharja.
Alphabet Incubator for their support and for providing a place to support this research through analysis of research systems.
Bibliography