SPHINX’s Threat Registry Platform based on Blockchain
The Blockchain-based Threat Registry (BBTR) component acts a background infrastructure which safely stores different logs from different sources such as hospitals, care centres, pharmacies, medical devices and patients. It can be used to store any kind of interesting information, such as critical logs or thread information. The main advantage in using Blockchain is to have a distributed ledger with unalterable information, synchronised between all parties.
With the use of blockchain, each node (i.e. a server or a device) on a network replicates the necessary data for all nodes, making the whole system more dynamic and reliable by putting up in front the true benefits of a decentralized approach. The SPHINX solution leverages this concept by integrating blockchain technology to expand its data security and integrity capabilities. Not only, will it provide the novel cyber security tool for healthcare applications, but will also have an integrated secure self-defense mechanism to reflect (repulse) the most modern attacks by decentralising its core decision-making engine.
In the following design the concept of the blockchain use is illustrated with two hospitals that store logs in a Blockchain. In this design, a Blockchain as a Service (BaaS) is depicted, where the different parties are acting as a Blockchain users. In order to do that, each party has its own certificate, identifying itself in the Blockchain.
A threat registry is normally made up by simple data types. One of the drawbacks when using Blockchain is the disk space as Blockchain is not suitable for storing high amounts of information, like multimedia. Therefore, SPHINX development does not foresee using this kind of data, allowing the use Blockchain without disk-space issues. Another important drawback comes with latency, but again it can be overcome using a private network.
In addition to the advantages related to privacy, integrity and availability, one of the main purposes of blockchain solution is the ability to keep the traceability of the different threats. Furthermore, it is also important to guarantee the auditability of the whole system, that is why Blockchain is so suitable for the case of Healthcare institutions. Further analysis can be performed by an auditing team or an incident response team, so an infrastructure like Blockchain is really helpful to make this task easier for these teams.
The architecture of SPHINX Blockchain Based Threat Registry (BBTR) is depicted in the diagram below. Discontinuous lines represent boundaries or confidence zones. In the proposed scenario, there are 3 different nodes located in 3 different zones (Fabric Organizations). Each node has the same copy of the shared ledger so all of them have a single view of the data, fully synchronized thanks to Blockchain.
In the middle of the schema, it is shown the Ordering service, which is composed by 3 nodes, corresponding to the different zones. This is a special subset of nodes used by Hyperledger Fabric to manage the communications in the network. In total, the minimum design is composed by 6 nodes (3 peer nodes plus 3 orderer nodes). New medical centres can be easily added just adding a new organisation and peer nodes to the diagram.
There are two different actors in this diagram, the auditor and the medical centers. The medical center submits information about threats affecting their infrastructure in JSON format Arrow heads represent read-write operations in the BBTR (incoming arrows denote read operations and outcoming arrows write operations, respectively). An actor with two arrowheads can act as a writer and reader at the same time. All connections are made between different parties by using secure protocols, as HTTPS, in order to prevent sniffing attempts. As shown in the diagram, actors act as Blockchain users communicating with a BaaS (Blockchain as a Service) through an API node.
As an example, the DSS component has been included to the diagram as an actor to show how external actors can connect to the BBTR to get useful information for them, in this case the DSS component uses the BBTR to feed its decision support engine. This actor will have read-only access to the BBTR, not being able to write any information.
The Blockchain Based Threat Registry (BBTR) is an important component within the SPHINX environment, because it acts as a notification and interconnection tool, which allows to transmit the intelligence, gathered by the other SPHINX tools, to other components and interested actors, so it acts as a transmitter of information. This component fits the necessity of sharing information about active threats in near-real time between the different interested parties. Therefore, it is able to connect effectively with the other SPHINX tools by the use of the adequate interfaces.