Bringing DLT to E-Commerce Security
The H2020 ENSURESEC project to safeguard the EU’s digital single market’s e-commerce ecosystem has recently received its Final Assessment from European Commission’s reviewers. The consensus is that the project, which ended in June, successfully achieved all expected outcomes while reviewers believe the work developed by the IOTA Foundation with the project’s partners will pave the way for future adoption of decentralized identifiers in the identity space.
While a number of our EU projects are still ongoing, the assets and collaborations developed during the project prepare IOTA for future work, both in the EU landscape and the enterprise-ready blockchain domain.
ENSURESEC: What it is and how we got here
Two years ago, in May 2020, we started the ENSURESEC project. This was one of the first European Horizon 2020 projects in which the IOTA Foundation was appointed to deliver a set of core infrastructure tools – in this case, to increase the security of e-commerce.
If you need a detailed refresher on what the full ambition of the ENSURESEC project was, who the consortium partners were, and what the overall project structure looked like, you can refer to our first blog post on ENSURESEC.
In a nutshell, the ENSURESEC project aimed at delivering a set of threat intelligence tools that enable the prevention, mitigation, and recovery from cybersecurity attacks. The tools leverage AI and machine learning technology, collect several signals and information from the e-commerce infrastructure, generate knowledge, and dispatch alarms.
IOTA and ENSURESEC
But what does IOTA DLT have to do with e-commerce cybersecurity?
E-commerce is a complex “system of systems”, including retailers, suppliers, logistics, payment providers, and many more stakeholders. And, as a system of systems, its security is equal to the security of its weakest part. For this reason, the monitoring and analysis provided by ENSURESEC tools need to happen across different systems. But how do we guarantee that the information shared by one system with another is authentic and not the attempt of an attacker to disrupt the whole system?
Let’s take a concrete example from ENSURESEC. The Communication Monitor is a tool developed by the Institute of Communications and Computer Systems (one of the project’s 22 partners). The Monitor collects anonymous information about payment activities performed on an e-commerce platform and detects potential identity thefts. To do this, the Monitor needs to receive information from the various payment providers used on the e-commerce platform. The confidentiality and segregation of each payment provider’s data are necessary to prevent one provider from gaining insights into another provider's activity and customer base. To prevent the Monitor tool from being exploited for malicious purposes, the source and integrity of the exchanged information also have to be guaranteed.
A similar need was shared by many other interactions between data sources and threat intelligence tools in the ENSURESEC project.
In a case like this, it’s clear how a distributed ledger can guarantee the immutability of shared information, while decentralized identities can identify and verify both the source generating the data and the tool that processes it. While the first property guarantees data integrity, the second allows us to manage access control from the right tool to the right data sources, thus preventing relay and replay attacks.
To learn more about possible use cases for DLTs and decentralized identities in e-commerce, take a look at our previous blog post on this topic.
In short, it is clear how IOTA Tangle, IOTA Streams and IOTA Identity can be “a tool for other tools” in the e-commerce infrastructure.
To find out what security and identity solutions we built in the ENSURESEC project, and how these solutions can be used in e-commerce and other verticals, check out part two of this article.
Links in this article
- Homepage of ENSURESEC.
- Project partners: Institute of Communications and Computer Systems
- Wikipedia article on relay attacks.
- Article: IOTA Foundation joins ENSURESEC
- Article: The role of DLTs and decentralized identities in e-commerce