Design and evaluation of cyber security of blockchain and distributed ledger for international payment [EMBARGOED]

Abstract

Blockchain is one of the new edge technologies which is highly capable to serve financial institutes, especially in making transaction and settlement processes with high efficiency for international payment systems. However, the most critical aspects and discussions regarding several types of vulnerabilities, threats, and cyber-risks are the main concern of financial institutes. To overcome the cybersecurity risks and control unauthorized access to an international payment system, 4-factor authentication methods in distinct stages are applied in this thesis. First, a cybersecurity assessment framework is developed for identifying the vulnerabilities, threats, and risk factors. After identifying the risks, the detailed impact analysis is also highlighted in terms of monetary, data privacy, data integrity, impact, and confidentiality as well. Second, the detailed design network security diagram and process flow diagram are proposed to run the blockchain-based international payment system smoothly. The output of the architecture also evaluates the network security design. Third, algorithms have been developed for a four-factor (multifactor) authentication system where factor one is developed to authenticate the user ID and password; factor two is a one-time password (OTP); the third factor is personal secrete key management, and the fourth factor is a password management system in web2 Ethereum blockchain network. This time-based OTP has been designed in a way that can check the name, email address, Internet Protocol (IP) address, MAC address, and hostname which carry in the message body of the email. A personal secret key is proposed in the paper that is very much capable to protect any untheorized user in the system which is a novel methodology to impose. Four, user and password management systems are applied to the Web3 Ethereum platform for peer-to-peer (P2P) transactions. Finally, for testing, validation, and evaluation purpose a software program is developed which displays the algorithms' outputs. This proposed cybersecurity design and method is a low-cost solution where SMS notification cost through mobile or hardware token is not required. On the other hand, it is also capable to run on the low-confirmation device even. This suggestive cybersecurity approach may improve the security system for international payment systems compared to the existing user authentication system. This research work will help for further improvement of research, especially for international payment gateway systems in the financial sector.