Zero‐trust‐based security model against data breaches in the banking sector: : A blockchain consensus algorithm
Abstract
Cyber security in the banking sector is of high importance nowadays. The rate of cyberattacks is spiking every year, and the implementation of strong cybersecurity models is required to ensure the confidentiality and integrity of data. Since protecting a bank requires a wide range of security practices, this paper focuses on protecting the bank resources from malicious actors and securing the transactions using a blockchain consensus mechanism that uses a zero‐trust security approach among the participants in the transaction. In addition to the framework, an algorithm for blockchain‐based online transactions was designed to make use of practical implementation in the future. The ideas formulated during the research and literature review were integrated to design the framework and the algorithm. The proposed framework ensures that the security of the banking sector can be enhanced by adopting the zero‐trust concept and blockchain technology. The consensus algorithms used for the transaction make it immutable and decentralized. Zero‐trust principles adopted in the model ensure the confidentiality and integrity of the banking system.
Graphical Abstract
This paper proposes a security framework to enhance the security of the banking sector by using a composite design integrating the zero‐trust concept with blockchain technology. The paper outlines three algorithms that ensure the confidentiality of the transactions and builds trust among the sender, sender's bank, and recipient's bank.
References
[1]
Henriquez, M.: Banking industry sees 1318% increase in ransomware attacks in 2021. https://www.securitymagazine.com/articles/96128‐banking‐industry‐sees‐1318‐increase‐in‐ransomware‐attacks‐in‐2021 (2021). Accessed 12 Feb 2022
[2]
RBA ‐ Bank of Australia, R. (2021) Reserve Bank of Australia Annual Report 2021. Available at: https://www.rba.gov.au/publications/annual‐reports/rba/2021
[3]
Bank of England: Is my money safe from cyberattacks? https://www.bankofengland.co.uk/knowledgebank/is‐my‐money‐safe‐from‐cyber‐attacks. Accessed 17 March 2022
[4]
Hammood, W.A., Arshah, R.A., Asmara, S.M., Hammood, O.A.: Userauthentication model based on mobile phone IMEI number: A proposed method application for online banking system. In: International Conference on Software Engineering & Computer Systems and 4th International Conference on Computational Science and Information Management (ICSECS‐ICOCSIM), pp. 411–416 (2021). https://doi.org/10.1109/ICSECS52883.2021.00081
[5]
Yaga, D. et al.: Blockchain Technology Overview. https://doi.org/10.6028/NIST.IR.8202
[6]
NIST ‐ Task Force, J. (no date) NIST Special Publication 800‐53 Revision 5 Security and Privacy Controls for Information Systems and Organizations JOINT TASK FORCE. https://doi.org/10.6028/NIST.SP.800-53r5
[7]
Patil, A.P., Karkal, G., Wadhwa, J., Sawood, M., Reddy, K.D.: Design and implementation of a consensus algorithm to build zero trust model. In: IEEE 17th India Council International Conference (INDICON), pp. 1–5 (2020). https://doi.org/10.1109/INDICON49873.2020.9342207
[8]
Datta, P., Tanwar, S., Panda, S.N., Rana, A.: Security and issues of MBanking: A technical report. In: 2020 8th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO), pp. 1115–1118 (2020). https://doi.org/10.1109/ICRITO48877.2020.9198032
[9]
BCG: Banking's cybersecurity blind spot—And how to fix it. https://www.bcg.com/publications/2018/banking‐cybersecurity‐blind‐spot‐how‐to‐fix‐it (2018). Accessed 17 March 2022
[10]
BIS: Covid‐19 and cyber risk in the financial sector. https://www.bis.org/publ/bisbull37.pdf (2021). Accessed 26 Feb 2022
[11]
Anatoliy, P.N. et al.: Technologies of safety in the bank sphere from cyber attacks. In: 2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus), pp. 102–104. IEEE (2018)
[12]
Mahalle, A., Yong, J., Tao, X.: Ethics of IT security team for cloud architecture infrastructure in banking and financial services Industry. In: IEEE 23rd International Conference on Computer Supported Cooperative Work in Design (CSCWD), pp. 506–511 (2019). https://doi.org/10.1109/CSCWD.2019.8791928
[13]
Dhoot, A., Nazarov, A.N., Koupaei, A.N.A.: A security risk model for online banking system. In: Systems of Signals Generating and Processing in the Field of on‐Board Communications, pp. 1–4 (2020). https://doi.org/10.1109/IEEECONF48371.2020.9078655
[14]
Popoola et al.: Design of a customer‐centric surveillance system for ATM banking transactions using remote certification technique. In: IEEE 2nd International Conference on Cyberspace (CYBER NIGERIA), pp. 104–111 (2021). https://doi.org/10.1109/CYBERNIGERIA51635.2021.9428795
[15]
Deloitte: Zero trust – Never trust, always verify. https://www2.deloitte.com/nl/nl/pages/financial‐services/articles/zero‐trust‐never‐trust‐always‐verify‐tech‐trends‐banking.html Accessed 24 Feb 2022
[16]
Jin, S.Y., Xia, Y.: CEV framework: A central bank digital currency evaluation and verification framework with a focus on consensus algorithms and operating architectures. IEEE Access 10, 63698–63714 (2022). https://doi.org/10.1109/ACCESS.2022.3183092
[17]
National Cyber Security Centre: Introduction to zero trust. (2021). https://www.ncsc.gov.uk/collection/zero‐trust‐architecture/introduction‐to‐zero‐trust Accessed 7 March 2022
[18]
D'Silva, D., Ambawade, D.D.: Building a zero trust architecture using Kubernetes. In: 6th International Conference for Convergence in Technology (I2CT), pp. 1–8 (2021). https://doi.org/10.1109/I2CT51068.2021.9418203
[19]
Mujib, M., Sari, R.F.: Performance evaluation of data center network with network micro‐segmentation. In: 12th International Conference on Information Technology and Electrical Engineering (ICITEE), pp. 27–32 (2020). https://doi.org/10.1109/ICITEE49829.2020.9271749
[20]
Kong, C., Liu, J., Xian, M., Wang, H.: A small LAN zero trust network model based on Elastic Stack. In: 5th International Conference on Mechanical, Control and Computer Engineering (ICMCCE), pp. 1075–1078 (2020). https://doi.org/10.1109/ICMCCE51767.2020.00236
[21]
Google: BeyondCorp An approach to enterprise security. https://cloud.google.com/beyondcorp Accessed 26 Feb 2022
[22]
Vanickis, R., Jacob, P., Dehghanzadeh, S., Lee, B.: Access control policy enforcement for zero‐trust‐networking. In: 2018 29th Irish Signals and Systems Conference (ISSC), pp. 1–6 (2018). https://doi.org/10.1109/ISSC.2018.8585365
[23]
Wylde, A.: Zero trust: Never trust, always verify. In: International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), pp. 1–4 (2021). https://doi.org/10.1109/CyberSA52016.2021.9478244
[24]
Hatakeyama, K., Kotani, D., Okabe, Y.: Zero Trust Federation: Sharing context under user control towards zero trust in identity federation. In: IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops), pp. 514–519 (2021). https://doi.org/10.1109/PerComWorkshops51409.2021.9431116
[25]
Zhang, P. et al.: Dynamic access control technology based on zero‐trust light verification network model. In: International Conference on Communications, Information System and Computer Engineering (CISCE), pp. 712–715 (2021). https://doi.org/10.1109/CISCE52179.2021.9445896
[26]
Mehraj, S., Banday, M.T.: Establishing a zero trust strategy in cloud computing environment. In: International Conference on Computer Communication and Informatics (ICCCI), pp. 1–6 (2020). https://doi.org/10.1109/ICCCI48352.2020.9104214
[27]
Zhang, F., Jiang, X.: The zero‐trust security platform for data trusteeship. In: 4th International Conference on Advanced Electronic Materials, Computers and Software Engineering (AEMCSE), pp. 1014–1017 (2021). https://doi.org/10.1109/AEMCSE51986.2021.00207
[28]
Cao, Z., Markowitch, O.: Comment on “Circuit Ciphertext‐Policy Attribute‐Based Hybrid Encryption with Verifiable Delegation in Cloud Computing”. IEEE Trans. Parallel Distrib. Syst. 32(2), 392–393 (2021). https://doi.org/10.1109/TPDS.2020.3021683
[29]
Muncaster, P.: API flaw exposes elastic stack users to data theft and DoS. Infosecurity Magazine (2021). https://www.infosecurity‐magazine.com/news/api‐elastic‐stack‐data‐theft‐dos/ Accessed 1 Jan 2022
[30]
Wu, K., Shi, J., Guo, Z., Zhang, Z., Cai, J.: Research on security strategy of power internet of things devices based on zero‐trust. In: International Conference on Computer Engineering and Application (ICCEA), pp. 79–83 (2021). https://doi.org/10.1109/ICCEA53728.2021.00023
[31]
Chen, L., Dai, Z., Chen, M., Li, N.: Research on the security protection framework of power mobile internet services based on zero trust. In: 6th International Conference on Smart Grid and Electrical Automation (ICSGEA), pp. 65–68 (2021). https://doi.org/10.1109/ICSGEA53208.2021.00021
[32]
Rodigari, S., O'Shea, D., McCarthy, P. McCarry, M., McSweeney, S.: Performance analysis of zero‐trust multi‐cloud. In: IEEE 14th International Conference on Cloud Computing (CLOUD), pp. 730–732 (2021). https://doi.org/10.1109/CLOUD53861.2021.00097
[33]
Shamim, M.S.I., Bhuiyan, F.A., Rahman, A.: XI commandments of Kubernetes security: A systematization of knowledge related to Kubernetes security practices. In: IEEE Secure Development (SecDev), pp. 58–64 (2020). https://doi.org/10.1109/SecDev45635.2020.00025
[34]
Sateesh, H., Zavarsky, P.: State‐of‐the‐art VANET trust models: Challenges and recommendations. In: 11th IEEE Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), pp. 0757–0764 (2020). https://doi.org/10.1109/IEMCON51383.2020.9284953
[35]
Sultana et al.: Towards developing a secure medical image sharing system based on zero trust principles and blockchain technology. BMC Med. Inf. Decis. Making 20, 256 (2020). https://doi.org/10.1186/s12911-020-01275-y
[36]
Taguchi, Y., Kanai, A., Tanimo, S.: A distributed log management method using a blockchain Scheme. In: IEEE International Conference on Consumer Electronics (ICCE), pp. 1–3 (2020). https://doi.org/10.1109/ICCE46568.2020.9043151
[37]
Curran, B.: What is a Merkl tree? Beginner's guide to this blockchain component. https://blockonomi.com/merkle‐tree/ (2020). Accessed 26 Feb 2022
[38]
Alupotha, J. How to calculate the hash of a block in bitcoin?. https://dlt‐repo.net/how‐to‐calculate‐a‐bitcoin‐block‐hash‐manually/ Accessed 26 Feb 2022
[39]
Bagrecha, N.R., Polishwala, I.M., Mehrotra, P.A., Sharma, R., Thakare, B.S.: Decentralised blockchain technology: Application in banking sector. In: International Conference for Emerging Technology (INCET), pp. 1–5 (2020). https://doi.org/10.1109/INCET49848.2020.9154115
[40]
Sakho, S., Jianbiao, Z., Essaf, F., Badiss, K.: Improving banking transactions using blockchain technology. In: IEEE 5th International Conference on Computer and Communications (ICCC), pp. 1258–1263 (2019). https://doi.org/10.1109/ICCC47050.2019.9064344
[41]
Deng, X. et al.: A survey of blockchain consensus algorithms. In: 2022 International Conference on Blockchain Technology and Information Security, ICBCTIS, pp. 188–192 (2022). https://doi.org/10.1109/ICBCTIS55569.2022.00050
[42]
Ye, J., Yang, L., Ye, H.: A blockchain consensus algorithm based on node random number calculation. In: 2022 International Conference on Blockchain Technology and Information Security, ICBCTIS, pp. 85–87 (2022). https://doi.org/10.1109/ICBCTIS55569.2022.00030
[43]
Wan, J. et al.: AnonymousFox: An efficient and scalable blockchain consensus algorithm. IEEE Internet Things J. 9, 24236–24252 (2022). https://doi.org/10.1109/JIOT.2022.3189200
[44]
MSRvantage: MSRvantage promise delivered [LinkedIn] January. https://www.linkedin.com/feed/update/urn:li:activity:6886258007731146752/ (2022). Accessed 20 Feb 2022
[45]
Fang, J.: Research on blockchain consensus algorithm based on DWBA protocol. In: 2022 IEEE International Conference on Artificial Intelligence and Computer Applications, ICAICA, pp. 639–642 (2022). https://doi.org/10.1109/ICAICA54878.2022.9844501
[46]
Praveen, G. et al.: Novel consensus algorithm for blockchain using Proof‐of‐Majority (PoM). IEEE Netw. Lett. 4, 208–211 (2022). https://doi.org/10.1109/LNET.2022.3213971
[47]
Sun, Z., Chiu, W.Y., Meng, W.: Mosaic ‐ A blockchain consensus algorithm based on random number generation. In: 2022 IEEE International Conference on Blockchain, Blockchain 2022, pp. 105–114 (2022). https://doi.org/10.1109/BLOCKCHAIN55522.2022.00024
[48]
Yan, S.: Analysis on blockchain consensus mechanism based on Proof of Work and Proof of Stake. In: 2022 International Conference on Data Analytics, Computing and Artificial Intelligence (ICDACAI), pp. 464–467 (2022). https://doi.org/10.1109/ICDACAI57211.2022.00098
[49]
Yadav, P., Chandak, R.: Transforming the know your customer (KYC) process using blockchain. In: International Conference on Advances in Computing, Communication and Control (ICAC3), pp. 1–5 (2019). https://doi.org/10.1109/ICAC347590.2019.9036811
[50]
Norvill, R., Steichen, M., Shbair, W.M., State, R.: Demo: Blockchain for the simplification and automation of KYC result sharing. In: IEEE International Conference on Blockchain and Cryptocurrency (ICBC), pp. 9–10 (2019). https://doi.org/10.1109/BLOC.2019.8751480
[51]
Schlatt, V., Sedlmeir, J., Feulner, S., Urbach, N.: Designing a framework for digital KYC processes built on blockchain‐based self‐sovereign identity. Inf. Manag. 59(7), 103553 (2021). https://doi.org/10.1016/j.im.2021.103553
[52]
Sinha, S.K., Bathla, R.: Implementation of blockchain in financial sector to improve scalability. In: 2019 4th International Conference on Information Systems and Computer Networks, pp. 144–148. ISCON 2019. Institute of Electrical and Electronics Engineers Inc., (2019). https://doi.org/10.1109/ISCON47742.2019.9036241
[53]
Patel, B.: How can blockchain help with AML KYC. https://www.finextra.com/blogposting/15022/how‐can‐blockchain‐help‐with‐aml‐kyc (2018). Accessed 12 Jan 2022
[54]
Garg et al.: Measuring the perceived benefits of implementing blockchain technology in the banking sector. Technol. Forecasting Social Change 163, 120407 (2021). https://www.sciencedirect.com/science/article/pii/S0040162520312336
[55]
Dadhich, M. et al.: Analytical study of stochastic trends of non‐performing assets of public and private commercial banks in India. Proceedings ‐ 2021 3rd International Conference on Advances in Computing, Communication Control and Networking, ICAC3N (2021). IEEE, pp. 71–76. https://doi.org/10.1109/ICAC3N53548.2021.9725463
[56]
Osmani, M., et al.: Blockchain for next generation services in banking and finance: cost, benefit, risk and opportunity analysis. Journal of Enterprise Information Management. Emerald Group Holdings Ltd. 34(3), 884–899. https://doi.org/10.1108/JEIM-02-2020-0044/FULL/PDF
[57]
Kruglova, I.A., Dolbezhkin, V.A.: Objective barriers to the implementation of blockchain technology in the financial sector. In: International Conference on Artificial Intelligence Applications and Innovations (IC‐AIAI), pp. 47–50 (2018). https://doi.org/10.1109/IC-AIAI.2018.8674451
[58]
Liu, Y. et al.: A blockchain‐based decentralized, fair and authenticated information sharing scheme in zero trust Internet‐of‐Things. IEEE Trans. Comput. 72, 501–512 (2022). https://doi.org/10.1109/TC.2022.3157996
[59]
Bandara, E. et al.: Skunk — A blockchain and zero trust security enabled federated learning platform for 5G/6G network slicing. In: 2022 19th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON), pp. 109–117 (2022). https://doi.org/10.1109/SECON55815.2022.9918536
[60]
Alevizos, L. et al.: Blockchain‐enabled intrusion detection and prevention system of APTs within zero trust architecture. IEEE Access 10, 89270–89288 (2022). https://doi.org/10.1109/ACCESS.2022.3200165
[61]
Diaz Rivera, J.J. et al.: Secure enrollment token delivery for Zero Trust networks using blockchain. In: 2022 23rd Asia‐Pacific Network Operations and Management Symposium (APNOMS), pp. 1–6 (2022). https://doi.org/10.23919/APNOMS56106.2022.9919940
[62]
Alevizos, L., Ta, V.T., Eiza, M.H.: Augmenting zero trust architecture to endpoints using blockchain: A state of the art review. https://arxiv.org/ftp/arxiv/papers/2104/2104.00460.pdf (2021). Accessed 24 Jan 2022
[63]
Forbes: Enhancing security by leveraging blockchain tech as an enabler for zero‐trust frameworks. https://www.forbes.com/sites/forbestechcouncil/2018/08/23/enhancing‐security‐by‐leveraging‐blockchain‐tech‐as‐an‐enabler‐for‐zero‐trust‐frameworks/?sh=7db442763192 (2018). Accessed 25 Jan 2022
[64]
Sajić, M., Bundalo, D., Bundalo, Z., Pašalić, D.: Digital technologies in the transformation of classical retail bank into digital bank. In: 25th Telecommunication Forum (TELFOR), pp. 1–4 (2017). https://doi.org/10.1109/TELFOR.2017.8249404
[65]
Popova, N.A., Butakova, N.G.: Research of a possibility of using blockchain technology without tokens to protect banking transactions. In: IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus), pp. 1764–1768 (2019). https://doi.org/10.1109/EIConRus.2019.8657279
[66]
Amrutiya, V., Jhamb, S., Priyadarshi, P., Bhatia, A.: Trustless two‐factor authentication using smart contracts in blockchains. In: International Conference on Information Networking (ICOIN), pp. 6671 (2019). https://doi.org/10.1109/ICOIN.2019.8718198
[67]
Zand, M., Gupta, R.: How two‐factor authentication works with blockchain https://www.securitymagazine.com/articles/94479‐how‐two‐factor‐authentication‐works‐with‐blockchain (2021)
[68]
Microsoft: Evolving zero trust. https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWJJdT (2021). Accessed 13 Feb 2022
[69]
Scott, et al.: Zero Trust Architecture ‐ NIST Special Publication 800‐207. Nist, p. 49. https://doi.org/10.6028/NIST.SP.800-207.
Recommendations
Decentralized trustworthiness score management with smart contracts on the trustlend platform
AbstractThe personal lending marketplace, known as Peer‐to‐Peer (P2P) lending, has increased globally. However, providing unsecured loans to peers without requiring collateral remains a challenge. A platform called TrustLend is proposed to enable ...
The prototype demonstrates fundamental features and supports borrowers, lenders, and recommenders in establishing proposals and approvals. The prototype shows how end‐users can easily access loans with reduced collateral without hidden costs and swift ...
Market Price Effects of Data Security Breaches
This study examines the impact of reported breaches in computer security using event study analysis. We use the event-study methodology to measure the magnitude of the effect of data security breach events on the behavior of stock markets. Our data come ...
Cyber security framework for Internet of Things-based Energy Internet
AbstractWith the significant improvement in deployment of Internet of Things (IoT) into the smart grid infrastructure, the demand for cyber security is rapidly growing. The Energy Internet (EI) also known as the integrated internet-based smart grid and ...
Highlights- The security and privacy of components, data and events in the Energy Internet.
- The framework relies on an identity-based security mechanism.
- A secure communication protocol that provides secure data exchange.
- An Intelligent ...
Comments
Information & Contributors
Information
Published In
© 2023 The Authors. IET Blockchain published by John Wiley & Sons Ltd on behalf of The Institution of Engineering and Technology.
This is an open access article under the terms of the Creative Commons Attribution‐NonCommercial‐NoDerivs License, which permits use and distribution in any medium, provided the original work is properly cited, the use is non‐commercial and no modifications or adaptations are made.
Publisher
John Wiley & Sons, Inc.
United States
Publication History
Published: 23 March 2023
Author Tags
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 22 Sep 2024
Other Metrics
Citations
Cited By
View allView Options
View options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in