Elementos de Seguridad para Gestión Documental con Blockchain
Resumen
La tecnología Blockchain es reconocida por la transparencia e inmutabilidad de los datos que allí se registran. Estas características son esenciales en un sistema de gestión documental donde se requieren mecanismos de seguridad que eviten la falsificación de la información. Por esta razón, varios autores han optado por aprovechar los beneficios de la tecnología Blockchain en sus sistemas de gestión de documentos de tipo académico, médico, laboral, entre otros. No obstante, en su implementación se deben incluir elementos que refuercen la seguridad de la información pues los documentos suelen contener información sensible que requiere un tratamiento especial. En este artículo se realiza una revisión de los artículos más recientes sobre gestión documental con Blockchain con el objetivo de extraer los elementos de seguridad implementados en sus soluciones y realizar una síntesis que pueda servir como guía a todo aquel interesado en desarrollar un sistema similar.
Descargas
Citas
J. Berryhill, T. Bourgery, y A. Hanson, «Blockchains Unchained: Blockchain Technology and its Use in the Public Sector», OECD Working Papers on Public Governance, n.o 28, 2018, doi: 10.1787/3c32c429-en.
A. Grech y F. Camilleri Anthony, «Blockchain in Education», Publications Office of the European Union, EUR - Scientific and Technical Research Reports JRC108255, 2017. [En línea]. Disponible en: http://publications.jrc.ec.europa.eu/repository/handle/JRC108255
T. A. Buckhoff, «Preventing Fraud by Conducting Background Checks», The CPA Journal, 2003. Accedido: oct. 06, 2020. [En línea]. Disponible en: http://archives.cpajournal.com/2003/1103/dept/d115203.htm
J. Wang y B. H. Kleiner, «Effective employment screening practices», Management Research News, vol. 23, n.o 5/6, pp. 73-81, 2000, doi: 10.1108/01409170010782055.
M. J. M. Chowdhury, A. Colman, M. A. Kabir, J. Han, y P. Sarda, «Blockchain as a Notarization Service for Data Sharing with Personal Data Store», en 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), New York, NY, USA, 2018, pp. 1330-1335. doi: 10.1109/TrustCom/BigDataSE.2018.00183.
Y. Xiao, N. Zhang, W. Lou, y Y. T. Hou, «A Survey of Distributed Consensus Protocols for Blockchain Networks», IEEE Commun. Surv. Tutorials, vol. 22, n.o 2, pp. 1432-1465, 2020, doi: 10.1109/COMST.2020.2969706.
B. Singhal, G. Dhameja, y P. S. Panda, Beginning Blockchain: A Beginner’s Guide to Building Blockchain Solutions. Apress, 2018. [En línea]. Disponible en: https://doi.org/10.1007/978-1-4842-3444-0
K. Sultan, U. Ruhi, y R. Lakhani, «Conceptualizing Blockchains: Characteristics & Applications», en IADIS International Conference Information Systems 2018, Lisbon, Portugal, 2018, pp. 49-57. Disponible en: https://arxiv.org/ftp/arxiv/papers/1806/1806.03693.pdf
M. Sharples et al., Innovating Pedagogy 2016: Exploring new forms of teaching, learning and assessment, to guide educators and policy makers. 2016.
C. Brunner, F. Knirsch, y D. Engel, «SPROOF: A Platform for Issuing and Verifying Documents in a Public Blockchain», en Proceedings of the 5th International Conference on Information Systems Security and Privacy, Prague, Czech Republic, 2019, vol. 1, pp. 15-25. doi: 10.5220/0007245600150025.
M. Baldi, F. Chiaraluce, M. Kodra, y L. Spalazzi, «Security analysis of a blockchain-based protocol for the certification of academic credentials», arXiv, 2019.Disponible en: http://arxiv.org/abs/1910.04622
«Badges and Blockcerts», Hyland Credentials, 2019. https://www.hylandcredentials.com/badges-and-blockcerts/
T. T. Huynh, T. Tru Huynh, D. K. Pham, y A. Khoa Ngo, «Issuing and Verifying Digital Certificates with Blockchain», en 2018 International Conference on Advanced Technologies for Communications (ATC), Ho Chi Minh City, Vietnam, 2018, pp. 332-336. doi: 10.1109/ATC.2018.8587428.
S. Chiliveri, J. Grandhi, M. Uttam Patil, L. E. P.R., y M. Ethirajan, «ProveDoc: A Blockchain Based Proof of Existence with Proof of Storage», en 2019 International Conference on Information Technology (ICIT), Bhubaneswar, India, 2019, pp. 239-244. doi: 10.1109/ICIT48102.2019.00049.
«Connect Solutions», Factom. https://www.factom.com/solutions/connect
B. Boeser, «Meet TrueRec by SAP: Trusted Digital Credentials Powered by Blockchain», SAP News Center, 2017. https://news.sap.com/2017/07/meet-truerec-by-sap-trusted-digital-credentials-powered-by-blockchain/
M. Das, X. Tao, y J. C. P. Cheng, «A Secure and Distributed Construction Document Management System Using Blockchain», en Proceedings of the 18th International Conference on Computing in Civil and Building Engineering, São Paulo, Brazil, 2021, pp. 850-862. doi: 10.1007/978-3-030-51295-8_59.
ISO/IEC, «ISO/IEC 27000:2018». 2018. [En línea]. Disponible en: https://standards.iso.org/ittf/PubliclyAvailableStandards/index.html
V. Marella y A. Vijayan, «Document Verification using Blockchain for Trusted CV Information», presentado en Americas’ Conference on Information Systems (AMCIS), Virtual conference, 2020. Disponible en:https://aisel.aisnet.org/amcis2020/adv_info_systems_research/adv_info_systems_research/12
H. Li y D. Han, «EduRSS: A Blockchain-Based Educational Records Secure Storage and Sharing Scheme», IEEE Access, vol. 7, pp. 179273-179289, 2019, doi: 10.1109/ACCESS.2019.2956157.
R. Poorni, M. Lakshmanan, y S. Bhuvaneswari, «DIGICERT: A Secured Digital Certificate Application using Blockchain through Smart Contracts», en 2019 International Conference on Communication and Electronics Systems (ICCES), Coimbatore, India, 2019, pp. 215-219. doi: 10.1109/ICCES45898.2019.9002576.
W. Gräther, S. Kolvenbach, R. Ruland, J. Schütte, C. Torres, y F. Wendland, «Blockchain for Education: Lifelong Learning Passport», presentado en ERCIM-Blockchain 2018, Amsterdam, Netherlands, 2018. doi: 10.18420/blockchain2018_07.
P. Pandey y R. Litoriya, «Securing and authenticating healthcare records through blockchain technology», Cryptologia, vol. 44, n.o 4, pp. 341-356, 2020, doi: 10.1080/01611194.2019.1706060.
S. Wang, Y. Zhang, y Y. Zhang, «A Blockchain-Based Framework for Data Sharing With Fine-Grained Access Control in Decentralized Storage Systems», IEEE Access, vol. 6, pp. 38437-38450, 2018, doi: 10.1109/ACCESS.2018.2851611.
Y.-A. de Montjoye, S. S. Wang, y A. (Sandy) Pentland, «On the Trusted Use of Large-Scale Personal Data», IEEE Data Engineering Bulletin, vol. 35, n.o 4, pp. 5-8, 2012.
N. Nizamuddin, K. Salah, M. Ajmal Azad, J. Arshad, y M. H. Rehman, «Decentralized document version control using ethereum blockchain and IPFS», Computers & Electrical Engineering, vol. 76, pp. 183-197, 2019, doi: 10.1016/j.compeleceng.2019.03.014.
P. Tsankov, A. Dan, D. D. Cohen, A. Gervais, F. Buenzli, y M. Vechev, «Securify: Practical Security Analysis of Smart Contracts», arXiv:1806.01143 [cs], 2018, Accedido: ene. 14, 2021. [En línea]. Disponible en: http://arxiv.org/abs/1806.01143
L. Luu, D.-H. Chu, H. Olickel, P. Saxena, y A. Hobor, «Making Smart Contracts Smarter», en Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 2016, pp. 254-269. doi: 10.1145/2976749.2978309.
S. Şahan, A. F. Ekici, y Ş. Bahtiyar, «A Multi-Factor Authentication Framework for Secure Access to Blockchain», en Proceedings of the 2019 5th International Conference on Computer and Technology Applications, Istanbul, Turkey, 2019, pp. 160-164. doi: 10.1145/3323933.3324083.
D. Berdik, S. Otoum, N. Schmidt, D. Porter, y Y. Jararweh, «A Survey on Blockchain for Information Systems Management and Security», Information Processing & Management, vol. 58, n.o 1, p. 102397, 2021, doi: 10.1016/j.ipm.2020.102397.
C. Xu, H. Yang, Q. Yu, y Z. Li, «Trusted and Flexible Electronic Certificate Catalog Sharing System Based on Consortium Blockchain», en 2019 IEEE 5th International Conference on Computer and Communications (ICCC), Chengdu, China, 2019, pp. 1237-1242. doi: 10.1109/ICCC47050.2019.9064284.
Z. Xiao et al., «EMRShare: A Cross-Organizational Medical Data Sharing and Management Framework Using Permissioned Blockchain», en 2018 IEEE 24th International Conference on Parallel and Distributed Systems (ICPADS), Singapore, 2018, pp. 998-1003. doi: 10.1109/PADSW.2018.8645049.
P. Zhang, J. White, D. C. Schmidt, G. Lenz, y S. T. Rosenbloom, «FHIRChain: Applying Blockchain to Securely and Scalably Share Clinical Data», Computational and Structural Biotechnology Journal, vol. 16, pp. 267-278, 2018, doi: 10.1016/j.csbj.2018.07.004.
S. Shamshad, Minahil, K. Mahmood, S. Kumari, y C.-M. Chen, «A secure blockchain-based e-health records storage and sharing scheme», Journal of Information Security and Applications, vol. 55, p. 102590, 2020, doi: 10.1016/j.jisa.2020.102590.
H.-A. Lee et al., «An Architecture and Management Platform for Blockchain-Based Personal Health Record Exchange: Development and Usability Study», Journal of Medical Internet Research, vol. 22, n.o 6, p. e16748, 2020, doi: 10.2196/16748.
H. Kumar et al., «Rainbow table to crack password using MD5 hashing algorithm», en 2013 IEEE Conference on Information Communication Technologies, 2013, pp. 433-439. doi: 10.1109/CICT.2013.6558135.
J. Bethencourt, A. Sahai, y B. Waters, «Ciphertext-Policy Attribute-Based Encryption», en 2007 IEEE Symposium on Security and Privacy (SP ’07), Berkeley, CA, USA, 2007, pp. 321-334. doi: 10.1109/SP.2007.11.
T. Chen, Y. Yu, y Z. Duan, «Data Access Sharing Approach for Trade Documentations Based on Blockchain Technology», en 2019 3rd International Conference on Electronic Information Technology and Computer Engineering (EITCE), Xiamen, China, 2019, pp. 1732-1736. doi: 10.1109/EITCE47263.2019.9095045.
C. Yuan, M. Xu, X. Si, y B. Li, «Blockchain with Accountable CP-ABE: How to Effectively Protect the Electronic Documents», en 2017 IEEE 23rd International Conference on Parallel and Distributed Systems (ICPADS), Shenzhen, China, 2017, pp. 800-803. doi: 10.1109/ICPADS.2017.00111.
J. Liu, X. Li, L. Ye, H. Zhang, X. Du, y M. Guizani, «BPDS: A Blockchain Based Privacy-Preserving Data Sharing for Electronic Medical Records», en 2018 IEEE Global Communications Conference (GLOBECOM), Abu Dhabi, United Arab Emirates, 2018, pp. 1-6. doi: 10.1109/GLOCOM.2018.8647713.
C. BouSaba y E. Anderson, «Degree Validation Application Using Solidity and Ethereum Blockchain», en 2019 SoutheastCon, Huntsville, AL, USA, 2019, pp. 1-5. doi: 10.1109/SoutheastCon42311.2019.9020503.
F. Schär y F. Mösli, «Blockchain Diplomas: Using Smart Contracts to Secure Academic Credentials», Beiträge zur Hochschulforschung, vol. 41, pp. 48-58, 2019.
Parlamento Europeo y Consejo de la Unión Europea, «REGLAMENTO (UE) 2016/679 DEL PARLAMENTO EUROPEO Y DEL CONSEJO - (Reglamento general de protección de datos)». 2016. Disponible en: https://eur-lex.europa.eu/legal-content/ES/TXT/PDF/?uri=CELEX:32016R0679
A. Tariq, H. B. Haq, y S. T. Ali, «Cerberus: A Blockchain-Based Accreditation and Degree Verification System», arXiv:1912.06812 [cs], 2019, Accedido: ene. 04, 2021. [En línea]. Disponible en: http://arxiv.org/abs/1912.06812
F. R. Vidal, F. Gouveia, y C. Soares, «Revocation Mechanisms for Academic Certificates Stored on a Blockchain», en 2020 15th Iberian Conference on Information Systems and Technologies (CISTI), Sevilla, Spain, 2020, pp. 1-6. doi: 10.23919/CISTI49556.2020.9141088.
I. Homoliak, S. Venugopalan, Q. Hum, y P. Szalachowski, «A Security Reference Architecture for Blockchains», en 2019 IEEE International Conference on Blockchain (Blockchain), Atlanta, GA, USA, 2019, pp. 390-397. doi: 10.1109/Blockchain.2019.00060.
J. Bae y H. Lim, «Random Mining Group Selection to Prevent 51% Attacks on Bitcoin», en 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), Luxembourg City, Luxembourg, 2018, pp. 81-82. doi: 10.1109/DSN-W.2018.00040.
M. Gupta, Blockchain For Dummies®, 3rd IBM Limited Edition, Third. Hoboken, NJ: John Wiley & Sons, Inc., 2020. [En línea]. Disponible en: https://www.ibm.com/downloads/cas/OK5M0E49
K. Nicolas, Y. Wang, y G. C. Giakos, «Comprehensive Overview of Selfish Mining and Double Spending Attack Countermeasures», en 2019 IEEE 40th Sarnoff Symposium, Newark, NJ, USA, 2019, pp. 1-6. doi: 10.1109/Sarnoff47838.2019.9067821.
M. Saad, L. Njilla, C. Kamhoua, y A. Mohaisen, «Countering Selfish Mining in Blockchains», en 2019 International Conference on Computing, Networking and Communications (ICNC), Honolulu, HI, USA, 2019, pp. 360-364. doi: 10.1109/ICCNC.2019.8685577.
P. Swathi, C. Modi, y D. Patel, «Preventing Sybil Attack in Blockchain using Distributed Behavior Monitoring of Miners», en 2019 10th International Conference on Computing, Communication and Networking Technologies (ICCCNT), Kanpur, India, 2019, pp. 1-6. doi: 10.1109/ICCCNT45670.2019.8944507.
L. Liu y B. Xu, «Research on information security technology based on blockchain», en 2018 IEEE 3rd International Conference on Cloud Computing and Big Data Analysis (ICCCBDA), Chengdu, China, 2018, pp. 380-384. doi: 10.1109/ICCCBDA.2018.8386546.
Güler, Kenan & Salihoğlu, Esengül & Öztürk, Emre & Pala, Osman. (2022). Blockchain in International Trade Documents Management Using NAHP Technique: Case of Kapikule and Istanbul Border Customs. 10.4018/978-1-6684-5876-1.ch019.
P. Soares, R. Saraiva, I. Fernandes, A. Neto and J. Souza, "A Blockchain-based Customizable Document Registration Service for Third Parties," 2022 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), Shanghai, China, 2022, pp. 1-2, doi: 10.1109/ICBC54727.2022.9805500.
Wu, Haitao (57205511865); Zhang, Pan (57730159800); Li, Heng (8692514900); Zhong, Botao (23975246400); Fung, Ivan W. H. (7006797603); Lee, Yiu Yin Raymond. Blockchain Technology in the Construction Industry: Current Status, Challenges, and Future Directions (2022) Journal of Construction Engineering and Management, 148 (10). DOI: 10.1061/(ASCE)CO.1943-7862.0002380. https://www.scopus.com/inward/record.uri?eid=2-s2.0-85135183795&doi=10.1061%2f%28ASCE%29CO.1943-7862.0002380&partnerID=40&md5=6819321e3e875d7d6f8029166298f2ba
A. Rustemi, V. Atanasovski, A. Risteski and P. Latkoski, "Challenges of Blockchain in Higher Education Institutions for Protection Against Diploma Forgery," 2023 International Balkan Conference on Communications and Networking (BalkanCom), İstanbul, Turkiye, 2023, pp. 1-6, doi: 10.1109/BalkanCom58402.2023.10167986.