1553-877X (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/COMST.2018.2863956, IEEE
Communications Surveys & Tutorials
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) <
Abstract—This article surveys blockchain-based approaches for
several security services. These services include authentication,
confidentiality, privacy and access control list (ACL), data and
resource provenance, and integrity assurance. All these services
are critical for the current distributed applications, especially due
to the large amount of data being processed over the networks and
the use of cloud computing. Authentication ensures that the user
is who he/she claims to be. Confidentiality guarantees that data
cannot be read by unauthorized users. Privacy provides the users
the ability to control who can access their data. Provenance allows
an efficient tracking of the data and resources along with their
ownership and utilization over the network. Integrity helps in
verifying that the data has not been modified or altered. These
services are currently managed by centralized controllers, for
example, a certificate authority. Therefore, the services are prone
to attacks on the centralized controller. On the other hand,
blockchain is a secured and distributed ledger that can help
resolve many of the problems with centralization. The objectives
of this paper are to give insights on the use of security services for
current applications, to highlight the state of the art techniques
that are currently used to provide these services, to describe their
challenges, and to discuss how the blockchain technology can
resolve these challenges. Further, several blockchain-based
approaches providing such security services are compared
thoroughly. Challenges associated with using blockchain-based
security services are also discussed to spur further research in this
area.
Index Terms—blockchains, public key cryptography,
provenance, data privacy, access control list, integrity assurance,
blockchain challenges.
I. INTRODUCTION
A blockchain is a secured, shared and distributed ledger that
facilitates the process of recording and tracking resources
without the need of a centralized trusted authority. It allows two
parties to communicate and exchange resources in a peer-to-
peer network where distributed decisions are made by the
majority rather than by a single centralized authority. It is
provably secure against attackers who try to control the system
by compromising the centralized controller. Resources can be
tangible (e.g., money, houses, cars, lands) or intangible (e.g.
copyrights, digital documents, and intellectual property rights).
In general, anything that has a value can be tracked on a
blockchain network to reduce its security risks and save the cost
of security monitoring for all involved [1].
This publication was made possible by the NPRP award [NPRP 8-634-1-131]
from the Qatar National Research Fund (a member of The Qatar Foundation)
and NSF grant CNS-1547380. The statements made herein are solely the
responsibility of the author[s].
Tara Salman is with Washington University in Saint Louis, St. Louis, MO
63130 USA (email: tara.salman@wustl.edu)
Maeda Zolanvari is with Washington University in Saint Louis, St. Louis, MO
63130 USA (email: maede.zolanvari@wustl.edu)
Recently, the blockchain technology has attracted
tremendous interest from both academia and industry. The
technology started with Bitcoin, a cryptocurrency that has
reached a capitalization of 180 billion dollars as of January
2018 [2] [3]. According to the Gartner report in 2016, the
blockchain technology is receiving billions of dollars in
research and enterprise investments and much more is expected
to come in the near future [4]. The technology currently spans
several applications that are popular and driving the networking
research. Such applications include healthcare [5], Internet of
Things (IoT) [6] [7], and cloud storage [8]. Generally, the
blockchain technology has proven its potential in any
application that currently requires a centralized ledger. A
practical example that employs blockchains is the Interbank
Information Network provided by JP Morgan which provides
fast, secured, and cheap international payments [9]. In addition,
supply chain systems by IBM is exploring the potential of using
blockchains in their services [10].
Among the blockchains’ promising applications are network
monitoring and security services including authentication,
confidentiality, privacy, integrity, and provenance. Currently,
these services are provided by trusted third-party brokers or
using inefficient distributed approaches. As a result, security is
a major challenge for current applications. On the other hand,
the blockchain technology can provide security guarantees that
resolve many traditional challenges in addition to providing a
fully distributed, provably secure, and consensus solution.
Fig. 1 illustrates the differences between the traditional and the
blockchain-based access control. The same concept can be
applied to the other security guarantees.
This survey focuses on the use of the blockchain technology
to provide network security services and applications. We
present the use of these services in the current applications,
discuss the conventional techniques that provide these security
services, and illustrate their challenges and problems. Then, we
present how the blockchain technology can be used to resolve
the associated challenges and highlight several proposed
blockchain-based approaches that provide the desired security
services. Finally, we discuss the current challenges faced with
blockchain and some of the potential future research directions
Aiman Erbad is with Qatar University, Doha, Qatar (email:
aerbad@qu.edu.qa)
Raj Jain is with Washington University in Saint Louis, St. Louis, MO 63130
USA (email: jain@wustl.edu)
Mohammed Samaka is with Qatar University, Doha, Qatar (email:
samaka.m@qu.edu.qa)
Security Services Using Blockchains:
A State of the Art Survey
1
Tara Salman, Student Member, IEEE, Maede Zolanvari, Student Member, IEEE, Aiman Erbad, Member, IEEE, Raj
Jain, Fellow, IEEE, and Mohammed Samaka, Member, IEEE
