Ensuring Data Integrity and Immutability of Audit History Critical System using Blockchains

Abstract

Even though the information technology and computer science has been advanced through decades and accomplished greatest achievements, assuring information/data immutability and integrity profoundly is yet an unsolved challenge. This challenge is highly important for audit history-critical systems in the real world. Anyway, it is not possible to overcome this challenge precisely using the existing highly advanced approaches, technologies, frameworks, protocols related to the domain of data/system security. Information/data can be changed/tampered at different layers and different access points of a system and even if the information is tampered, it goes undetected, which is another critical factor regarding this concern. Therefore, no technology or system claims that their information is 100% tamper-resistant; anyway, the realistic truth is that the aforementioned feature can only be improved, but not profoundly achieved. This research has used blockchain technology to achieve this feature while strengthening the security of an overall system on system authentication and authorization layer too, in order to achieve immutability. The basic concept adopted is that if the requirement is to make information immutable, information storage should be made tamper-resistant meanwhile securing the approach of how the information is accessed and mutated. Therefore, in this study, attention is paid to further secure the system authentication and authorization layers too using the blockchain technology. User authentication (login) is implemented with challenge-response protocol with the participation of blockchain so that the user's public key also is stored in the blockchain. Therefore, as long as the information immutability is assured by the blockchain, challenge-response protocol based user authentication will also be highly protected, hence changing keys won’t make it possible for illegal login attempts. User authorization has exploited the concept of claim-based authorization and due to the fact that user ‘role’ claim is protected with the blockchain, authorization process too has been made highly secured. The proposed solution has been developed with the recently popularized new programming ii language, Ballerina, for server-side developments and the cutting edge javascript library React, for client-side developments. The prototype application developed is an online news portal where information immutability and integrity is a high concern. The evaluation of the proposed solution was done to ensure that the expected functionalities of the system can be done without any issues and also by demonstrating security breach efforts to tamper news article data. The solution is finally compared with the existing solutions to highlight the significance of the suggested approach, analyzing the possible drawbacks too. The conclusion of the study is that it is highly effective in using the suggested solution to ensure information immutability and integrity.