INTRODUCTION

1.1 INTRODUCTION BLOCK CHAIN SECURITY

The block chain technology refers to the distributed database that preserve connected
application record sets as a new thing. There is no master and slave concept in the block
chain, every application has equal authority and a copy of the overall chain. Block chain
database can be implemented as a private or public block chain. A Public block chain
allows every participant to read and write the records where every participant checks and
verify records to be stored. Bit coin and Ethereum are some examples of Public Block
chain. Private block chain allows only trusted and controlled group of participants to
read and write records where some participants have the authority to verify and control
access. IoT is heterogeneous in nature which increases the complexity of security and
privacy mechanisms. Mostly IoT devices are handled by centralized data management
cloud systems that can harm the overall network due to their single point likelihood of
attack and other such as DoS attacks, CYBER attacks, MIRAI attacks. In addition, the
embedded systems are too tiny to install security related software into them. Moreover,
the tiny memory of IoT devices requires data to be stored on the cloud.

Consequently, from the cloud the data can be accessed from different areas and for
different purposes such as to perform analytics. Subsequently, risks of data
confidentiality and privacy arise. Hence enhanced security protocols and cryptosystem
are required in order to ensure the secure interaction between the objects. Therefore,
security has been one of the key challenges that must be inhibited in order to drive IoT
in the real world. With the increase in security issues of IoT devices, the situation eases
to adopt new innovations, combining Block chain in web application intends to provide
the distributed database with the purpose of increasing security and privacy. Block chain
integration in application will strengthen the overall

1
network and create a powerful secure distributed network while combining general and
block chain specific security features.

1.2 Block Chain Technology

A Blockchain is a vastly distributed, global, open, shared ledger or database that run on
millions of devices, recording all transactions happening between any two parties. It
does this efficiently and in a verifiable manner, essentially acting as a secure storage for
not just information, but anything of value. In simple terms, a Blockchain is a
decentralized network for value exchange much like the internet of 90‟s which acted as
a decentralized network for information exchange. The blockchain is considered to be a
foundational technology that no single organization owns or controls. In this paper, we
will try to understand more about the technology and the impact some of its derivatives,
namely cryptocurrencies, have on the macro economy. Before further breaking down the
definition for Blockchain, it helps to put the technology in the context of some of the
other well-known technologies of today.

“Organizationally Centralized” systems are software systems that are controlled by a

single organization. “Database Centralized” systems are ones where the data is stored in
a centralized database rather than multiple different databases. The 3 quadrants in the red
are examples we can recognize:

 PayPal/Paytm are examples of a single organization controlling the software

system through a centralized database that is owned by them. By extension, all
the internet banking services provided by existing commercial banks also fall
under this category. These are cases of one large organization owning and
controlling both software and the database all by themselves.

 MS Excel as a software is owned by Microsoft. But individuals using that

application each store and control a separate copy of excel database on their
computers.
 E-mail is an example of a “protocol” or a “standard” that is not owned by any
one organization. Also, each individual user maintains separate databases of their
emails.

 The block chain is a first of its kind innovation where the technology is
Organizationally Decentralized and also the system is logically centralized for
everyone‟s access.

1. Scope of Project
To fully appreciate the technology and its capabilities, it is important to
understand why it is needed in the first place. And for that, we need to look
at the inefficiencies and risks present in the existing systems. Inefficiencies
in the present-day systems are due to one major factor – presence of too
many intermediaries. Consider a credit card payment system for example.
There are at least 3 intermediaries who eat up a share of the price we pay for
products.

2.Parpose

The current state of digital authentication requires significant trust in third

parties. Users must trust the websites or services providers to safeguard their
authentication data since personal information could be collected for data
mining, profiling and exploitation without users' knowledge or consent. We
aim to improve current systems with AuthChain solutions for authentication
with the following features:
1) Trustless authentication: With blockchain based system authentication of
any user must be verifiable not by just one node, but by other participating
nodes at any moment of time. Authentication is done without having to rely
on a centralized authentication provider
2) Not using password for login: A user generates a pair of keys, public and
private for an account on a trusted device. The public key is used to identify
every user. The public key stored on user device (in Android keystore or iOS
keychain) provides access, as opposed to the use of password for login.
Hence issues related to weak password chosen by user is not relevant.
3) One account: One AUTHCHAIN account will allow users to authenticate
themselves on any websites that are using AUTHCHAIN as authentication
service provider. AUTHCHAIN can be used to bind authentication of online
accounts on the social media platforms, e-commerce, financial websites or
verification of identity in the event of face to face meeting.
4) No storing of user credential data is required at services requesting
authentication: The risks of data lost, and data violation is off the point. Only
authentication transaction record will be recorded on chain.
5) Immutable: The logs of transactions, which are created by consensus
among the nodes are hashed and added to the blockchain. Those data store in
an encrypted form is immutable. Any changes to these logs require the
rebuilding of the merkle tree, which is almost impossible