Josef Ressel Center for Blockchain-Technologies & Security management

The Josef Ressel Center for Blockchain-Technologies & Security management is a research institution operated by the St. Pölten University of Applied Sciences. The research objective is making secure and future-proof blockchain-based technologies available to a larger audience.
Partners
  • SEC Consult Unternehmensberatung
  • Capacity Blockchain Solutions
  • CPB Software (Austria)
Funding
Christian Doppler Forschungsgesellschaft (CDG)
Runtime
10/01/2019 – 09/30/2024
Status
current

Background 

Blockchain technologies have received a lot of attention in recent years, in particular regarding their role in novel financial products and so-called cryptocurrencies. Meanwhile, other application possibilities and fundamental aspects of blockchain technologies have been neglected  i.e.the cryptographic primitives on which they rely and the means for controlling access to information linked with or stored inside of distributed ledgers. In addition, research into security management of such large and highly distributed systems has lacked focus. 
Mission 
The goal of this Josef Ressel Center lies in making secure and future-proof blockchain-based technologies available to a larger audience. This includes supporting companies with the secure adoption and integration of blockchain technologies into their systems and applications.

Security & Privacy 

A major issue with current blockchain technologies lies in managing such a system with respect to security and privacy. This is especially true when considering novel regulatory rules like the Directive on security of network and information systems (NIS Directive) and the General Data protection Regulation (GDPR). Since applying a blockchain technology typically results in a highly distributed system with nodes that can arbitrarily join and leave, as well as the establishment of a decentralized consensus mechanism, common measures for managing security and privacy issues can no longer be applied. This holds especially true for standards and best practices in the area of Information Security Management (ISM), which typically work along a hierarchical basic concept. Furthermore, new requirements regarding the management of sensitive information stored inside of blockchains need to be considered. On the other hand, blockchain technologies could also present a solution for managing GDPR-related challenges, such as the management of consent, i.e. large numbers of users providing and revoking consent.

Changes through quantum computers

Current prevalent blockchain designs rely on standard cryptographic primitives that are based on number theoretical problems. However, usable quantum computers will most likely become a reality within the next 10 to 20 years, thereby rendering many of these algorithms broken and insecure. This will have a huge impact on existing blockchains, as the whole system is based on the security of these underlying primitives. Simple patching is not possible: As soon as a quantum computer with enough power exists, the integrity of all past transactions on blockchains is rendered unreliable, thus destroying the very feature that is the reason for using blockchains, as well as the basis for access control. The shortest estimated time to market from R&D to final product being 5 years starting research into alternatives now is of the utmost importance. 

Access control & user rights 

Further research topics are cryptographic access control on selected information particles on a blockchain and methods for managing user rights on information stored in the chain. The security of managing cryptographic material and the processing of sensitive data could be advanced by taking advantage of Trusted Computing technologies that are available in mass-market hardware. However, this has not yet been researched in great depth.
Popular alternative applications of blockchain technologies include digital notaries and comparable ideas, as well as the combination of decentralized blockchain-based systems with traditional IT-solutions. This raises the problem of how to introduce external knowledge and information into the blockchain and requires research into combined systems, verifying external resources, dealing with unverified information, as well as combining different blockchains and offering off-chain solutions (e.g. layer two scaling).

Approach

The work plan is divided into two modules:
Module 1 covers the topic of securing blockchain technologies, providing different research angles and levels of abstraction: Information Security Management System (ISMS) and other measures focus on the organizational and managerial aspect of using and integrating blockchain technologies. Providing suitable post-quantum resilient solutions for access control in blockchains or the integration of Trusted Computing technologies possess a highly technical focus.
Module 2 increases the abstraction on the theoretical level, while providing solutions for pressing topics with respect to developing novel blockchain applications: The integration and interlinking of different blockchains, as well as other distributed and local systems, and off-chain solutions. Additionally, the problem of introducing at least partly unverifiable and untrusted information from external sources is addressed. 
Research on these different aspects in combination forms the basis for the practical development of blockchain-based systems for various application, standards and best practices. 

Josef Ressel Centres

The Christian Doppler Research Association (CDG) supports establishing and operating Josef Ressel Centres (JR Centres) at universities of applied sciences. Application-oriented research at a high level is funded. Through cooperation with companies, new impulses are given and the state of knowledge in the respective research areas is increased. In this way, research strengthens innovation and general competitiveness in Austria. 
The JR Centres are financed equally by public funds (funds from the Ministry of Economic Affairs and the “Nationalstiftung für Forschung, Technologie und Entwicklung” -National Foundation for Research, Technology and Development) and by contributions from CDG member companies.