Secured Blockchain Based Decentralised

Secured Blockchain Based Decentralised Internet: A Proposed New Internet S M Habibul Mursaleen Chowdhury Ferdous Jahan Department of Computer Science Department of Computer Science American International University-Bangladesh American International University-Bangladesh Dhaka, Bangladesh Dhaka, Bangladesh [email protected] [email protected] Sarawat Murtaza Sara Dip Nandi Department of Computer Science Department of Computer Science American International University-Bangladesh American International University-Bangladesh Dhaka, Bangladesh Dhaka, Bangladesh [email protected] [email protected]

ABSTRACT ACM Reference Format: Throughout this paper, we try to describe with blockchain technol- S M Habibul Mursaleen Chowdhury, Ferdous Jahan, Sarawat Murtaza Sara, and Dip Nandi. 2020. Secured Blockchain Based Decentralised Internet: A ogy the decentralization of the internet. A decentralized network Proposed New Internet. In International Conference on Computing Advance- that encourages the internet to operate from the smartphone or ments (ICCA 2020), January 10–12, 2020, Dhaka, Bangladesh. ACM, Dhaka, tablet of anybody instead of centralized servers. A decentralized DHK, Bangladesh, 7 pages. https://doi.org/10.1145/3377049.3377083 implementation would be based on a peer-to-peer network that is dependent on a user community. Their machines connected to the 1 INTRODUCTION internet will host the network, not a community of more powerful servers. Each site would be distributed across thousands of nodes The internet is a vital space for public discourse and the new arena on various devices. The data is therefore not contained, owned for the defense of freedom of speech. [1] First, web 1.0, a network by private storage facilities. There is therefore no central point of embedded pages, linked in a self-reference grid. Next began Web to hack, and no way for an oligarchy of entities to take control 2.0, social sites, blogs, forums, countless networks loaded with user- of it. A proposed alternative was formed based on a systematic generated content generated by and for the same audience. Web literature review that demonstrates that Internet decentralization 3.0’s seeds are beginning to take shape today. Web technology’s is what this modern technology needs in order to address not only latest iteration brings us the open web, a place where resources are the weaknesses of current servers including server down issue, distributed instead of clustered, where users own and manage their hacking and data manipulation or single point of failure, but also own data, and where smaller players reclaim power from corporate to prevent companies from monetizing the data of citizens through giants. their server and to market them to the advertisers. In this paper, we limit ourselves to addressing systems that use decentralized architectures to protect privacy properties. We recog- CCS CONCEPTS nize the difference, as follows, between decentralized and centralized architectures. • Security and privacy → Database and storage security; Hu- man and societal aspects of security and privacy; • Database and 2 RELATED STUDY storage security → Management and querying of encrypted data. The traditional web is centered on the "client-server design," which KEYWORDS is every website’s basic principle. The client is the computer who sends requests for information and the server responds with data Web 3.0, Decentralised Web, DApp, Server vulnerabilities, Data in return. It depend on servers for centralized internet. The existing Privacy, Blockchain, Whisper, Ethereum, Cryptography, Bitcoin, internet is not "centralized" by hundred percent, as nobody runs Encryption, Smart Contracts, Peer-To-Peer Network the whole internet. Nonetheless, comparatively few large physical servers are accountable for storing essential elements and also for maintaining our email, social networks and websites accessible to Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed everyone. This means the corporations that own these servers have for profit or commercial advantage and that copies bear this notice and the full citation an enormous effect on how the internet is working. Our centralized on the first page. Copyrights for components of this work owned by others than ACM repository compromises our network and is accessible to a few must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a big organizations by extension, our work and relationships. Scien- fee. Request permissions from [email protected]. tific data from today are mainly processed and accessed through a ICCA 2020, January 10–12, 2020, Dhaka, Bangladesh centralized web-based network. Access to data is regulated by the © 2020 Association for Computing Machinery. ACM ISBN 978-1-4503-7778-2/20/01...$15.00 company that maintains the data, and on the basis of institutional af- https://doi.org/10.1145/3377049.3377083 filiation may be given free or limited. A siloed, centralized model of ICCA 2020, January 10–12, 2020, Dhaka, Bangladesh HM Chowdhury, et al. data management supports organizations controlling, monetizing, Digital Library and Google Scholar were searched. Such repositories and gate-keeping information access. [2] Decentralized frameworks are the common sources for papers on open source research All reconsider the control, storage,and accessibility of data. The imple- queries were based on the title and keywords like decentralized mentation of infrastructural decentralization would allow internal network, blockchain, cryptocurrency, decentralized internet apps silos to share information, promote access to data, and enhance (DApps). Fifty-nine papers consisting of 11 journal articles and 48 redundancy. [2] The exchange, storage and distribution to informa- conference articles resulted in automated keyword search. tion in exclusively digital formats is growing. Therefore, one of the 3.1.3 Manual Selection : Studies demonstrates that- most important obstacles of our time is to guarantee stable, free access to online information. Decentralized implementations have 1. Due to a lack of consistent set of keywords, modern digi- the same region between front end design, back end logic and data tal libraries can not provide strong support for automated are stored, but switch out centralized servers for a blockchain’s keyword searches. distributed nodes. Users link up to a DApp with a specific browser— 2. The abstracts of articles compared to others are relatively whether a tailor-made decentralized web browser such as Block or poor. It is therefore possible that the 59 articles recognised a plugin such as Metamask — and this browser deals with a soft- through an automated selection process may include irrele- ware program’s back end logic that can operate on a distributable vant papers and some appropriate articles may be lacking. service called a smart contract. The smart contract, in effect, reads Because of this, by evaluating the title, keywords, and ab- and writes data to the blockchain that contains information instead stract, the first author made a manual selection on these of a traditional database.[3] The Web uses a centralized database articles. This process resulted in 38 articles consisting of 9 schema that is designed for private entities to use. Data is kept journal articles and 29 conference articles. at a single specific facility, such as a data center, in a centralized 3.1.4 Reference Checking : To ensure the inclusion of other rele- data archive or any other online data services. The owner of that vant but missing articles, the every author of this study performed facility monitors access to this information. This location must be a non-recursive search through the references of the 38 selected used to exchange, upload and collaborate data. Despite the lack of articles. We do not wanted to miss any of the most related paper we centralization suggested by the term "cloud," access to data centers must choose within our selection criteria. Sometime only relying is heavily centralized. There are benefits of centralization but it on advance search may result in missing of some potential paper also comes with risks like rot and content drift [2]. or most related paper. 3 METHODOLOGY 3.1.5 Final Set Of Articles : The article selection process finally results in 38 articles. Decentralized internet using blockchain technology is focused on aggregating the best available evidence to resolve researchers engi- 3.2 ARTICLE ASSESSMENT neering issues. A Systematic Literature Review (SLR) is a standard Search has been identified 38 articles from the three popular re- approach for these studies. It suggests pre-defining a review pro- search database IEEE explore, Google Scholar and also ACM (Asso- tocol to reduce the possibility of research partiality as a starting ciation for Computing Machinery). The selection found 19 articles point for SLR success. from Google Scholar, 15 from IEEE Xplore, and 4 from ACM. Four article was found as duplicate and removed it. After the tittle re- 3.1 ARTICLE SELECTION view, 35 studies were selected for abstract review, and 7 articles This section explains the paper process of selecting which deter- were excluded because did not mention details about decentralized mines the selection criteria for the article, using an automated network or blockchain technology. Only 28 articles abstract was keyword search, process to search digital libraries and a manual reviewed and were selected to full-text review. Every author read all selection from the initial set of papers, as well as the reference the articles carefully and focused on the studies pertaining decen- review of the papers mentioned. tralized network using blockchain technology, and four research were excluded as the studies discussed the blockchain technology 3.1.1 Inclusion Criteria : The following selection criteria to be but indicated different purpose. Although some of the studies had encountered by the reviewed articles have been formulated in ad- similar areas, however, these articles focused on various different vance: First of all, the article must focus either on decentralized of purpose, and 21 studies met the selected criteria. internet or blockchain technology, or both. Second, clear proof of research methodology, data sources, and statistical data validation 4 EXISTING INTERNET ARCHITECTURE information must be provided in the paper. Thirdly and eventually, the study covers articles published in referred journals and confer- Today’s Internet is centralized modules, since they are single points ences. Books are not eligible for analysis, as is the case with most of failure and network performance bottleneck, have restricted de- SLRs. vice scalability. 4] Two Internet architectures are accessible from literature and current systems: (1) Client-Server (C / S) Architecture; 3.1.2 Automated Keyword Search : Automatic keyword search is (2) Distributed Architecture. All architectural styles have compo- a popular literature survey strategy. To get the initial set of articles, nents which are centralized. Numerous users send requests to the we used a wide automated keyword search. Every author of this server in Client-Server architecture to access the server-hosted data, article were involved throughout this search process and three and the server assigns physical resources such as storage, memory, or more articles have been selected for review. IEEE Xplore, ACM and CPU to meet incoming requests. There are several servers in a Secured Blockchain Based Decentralised Internet: A Proposed New Internet ICCA 2020, January 10–12, 2020, Dhaka, Bangladesh

Table 1: SEARCH STRATEGY that serve the requests for the datasets from thousands of clients. The centralized repository infrastructure provides resource-wide Digital IEEE Google ACM Digi- traffic to clients. This design because a single point of failure no Library Xplore Scholar tal Library longer exists. Nevertheless, although a huge number of requests can Languages English English English be managed by the directory service, this system is still a central Years 2007-2019 2007-2019 2007-2019 point of failure. [4] In server-based infrastructure, Denial of Service Run On Automated Full Text Automated (DoS) threats are more general. [7] Keyword, Keyword, Abstract, Full Abstract, Full 5.2 LOAD BALANCE Text Text With this server-based model, the number of requests for service Type Conferences, Paper, Jour- Conferences, will also expand as the total number of users scales. As a result, all Journal nal Journal the extra device loads will be applied to the single central repository Access date May 2019 May 2019 May 2019 as the data size or number of users increases. For this purpose, more of running resources like CPU, storage, bandwidth, etc. need to be allocated by a search the central server to handle the process. Once, it has more severs in the network in Directory-based Distributed Architecture, allowing new datasets to be applied to the server with the lowest system load. In addition, the central repository service distributes inquiries of users throughout different servers. The server will therefore provide weak load scalability. Again, a huge geographic distance between server and user causes to a technical foul for the network. [4] Service Denial (DoS), This is an exceptionally large computer attack section. This involves any variety of methods that prevent a computer variable from doing the job it is supposed to do. Attackers can do this through flooding the device with data speedier than they can be operated, flooding a network segment with so much data that valid packets never get through, or manipulating a software flaw that crashes a server or other device. Whereas DoS attacks get a lot of urgent attention when they occur because the information Figure 1: Flow Diagram Of Research Literature And Selec- system being targeted is clearly compromised or out of operation, tion Process it is quite possible that the mentioned threats that operate at the data level have more capacity to enable a hacker to steal some value distributed architecture that serve the needs of multiple users for and be long gone by the time the intrusion is detected. [7] the datasets. The centralized repository provider delivers resource- 5.3 ADMINISTRATION wide traffic to clients. [4] Only centralized data storage technology can retain what they keep on their servers. To provide access to All system data is stored centrally on the cloud in the server archi- this model, custody is required. As data quantities increase, data tecture. This central administration corresponds to two issues: (1) custody becomes more costly and difficult to handle; it also places regular updates; (2) poor management flexibility. When the system more burden on website maintainers to keep links and locations is increasing, system information is adjusting more rapidly. The updated. [2] central server will be added to all system loads generated by regular up-to-date operations. Sometimes it offers limited consistency 5 WEB SERVER VULNERABILITIES across organizational boundary lines because only the company that operates the central repository manages the operation. It was examined, the vulnerability of these existing Server-Based architectures using some dimensions. They are- (1) Reliability; (2) 5.4 DATA SECURITY System Load; (3) Administration; (4) Data Security; and (5) Privacy. 5.4.1 COMMON GATEWAY INTERFACE (CGI) : . CGI scripts are 5.1 RELIABILITY programs running in real-time on web servers. They deal with different user inputs and thus collect browser inputs, access database, Reliability is synonymous with system failure, network failure, dis- and can return data to the browser of the client. CGI scripts are connection, and resource efficiency, etc. As in C / S architecture, much like miniature servers. A faulty script can, therefore, be a le- one server continues to receive numerous requests from different gitimate target for attack. They can present some host information clients, as a result, a single point of failure occurs in this server that might help attackers break through the server. User inputs can model. Furthermore, a significant number of requests lead toa be complicated enough to execute functions and damage the host server crash[4]. Often the server runs down due to OS malfunction machine unwantedly. [6] and refuses servicing. [7] The operating server must stop func- tioning to upgrade the server for repairs or unavoidable electrical 5.4.2 DATA TRANSMISSION THROUGH TCP/IP : . TCP / IP pro- problems. There are several servers in a distributed architecture tocol has not been engineered for safety purposes in mind. It is ICCA 2020, January 10–12, 2020, Dhaka, Bangladesh HM Chowdhury, et al. therefore vulnerable to spying of the network. If classified doc- can be summarised in three main conclusions: social networks and uments are sent to the client from the web server, or when the data brokers; end-user sends sensitive information back to the server in a fill-out 1. Hide their users how they gather their personal data. form, somebody might be listening in. [6] 2. Do not inform their users the purposes for which they have 5.4.3 OWASP TOP 10 - 2017 : According to OWASP Top 10–2017, gathered their personal data. There are Ten Most Critical Web Application Security Risks. This 3. Take advantage of the weaknesses of the current legal frame- data covers vulnerabilities obtained from hundreds of companies work to carry on with their activities. [8] and more than 100,000 apps and APIs in the real world. [5] These vulnerabilities include Injection, Broken Authentication, XML Ex- 6 OBJECTIVE ternal Entities (XXE), Broken Access Control, Sensitive Data Expo- It’s time to ask if conventional, centralized web infrastructure aligns sure, Security Misconfiguration, Cross-Site Scripting (XSS), Inse- with intellectual priorities and values and push collaboratively cure Deserialization, Known Vulnerability Using Components, and toward new approaches. We suggest using Blockchain technology Inadequate Logging Monitoring. They basically create flaws such to exploit decentralized infrastructure that prioritizes data validity, as SQL, NoSQL, OS, injection, stealing authentication and session exploration, access, and permanence that can bypass vulnerabilities management and internal file shares, internal port scanning, remote above web servers. code execution, and denial of service attacks or access unauthorized data and may steal or modify weakly protected Sensitive data. The 7 PROPOSED SOLUTION OWASP report from above indicates that 30 percent of reported The ideology of this proposed model is to introduce alternative vulnerabilities are XSS related. [9] The web application vulnera- option for current internet architecture that follows client-server bilities SQL Injection and Cross-Site Scripting are the high-risk model. A move from centralisation to decentralisation would be a vulnerabilities in PHP based web applications and W3AF is the significant change in how information is stored and shared online. best scanning tools for these vulnerabilities. Among the tools used A decentralized network that encourages the internet to operate W3AF has less false positive and false negative in comparisons to on the smartphones of everybody instead of dedicated servers. A Wapiti and ZAP scanning tools. [9] decentralized version will focus on a peer-to-peer network based on an user community. Their computers connected to the internet 5.5 DATA PRIVACY will host the internet, not a group of more powerful servers. Each There are two main concerns on the privacy field: platform would be distributed through hundreds of blockchain 1. Personal privacy protection during data acquisition: Users nodes on multiple devices. The data will not be held in any private ’ personal interests, behaviors, etc. can be obtained more silos. Therefore, there is no central point to exploit and no way to readily because users may not be aware of it. take ownership of it by an oligarchy of individuals. 2. Personal information may also be compromised during stor- Blockchain technology offers a decentralized recording of data age, processing, and use, even if it is obtained with users ’ movement, safely recording unique user names and even data stor- consent. [8] age in a trusted environment. Data storage is shared across the nodes on blockchain networks. This protocol is designed to enable 5.5.1 DATA BROKER :. Techniques of data collection and mon- transfers of data or currency across such a distributed network itoring are already integrated in regular webs and technological without the need of a broker monitoring the operation. Every de- tools. We can be watched and followed by the net. People can in- tails that anyone can find is structured in a way that will notlet trude on our private life and analyse our data without we realising anybody mess with it. Blockchain allows data censorship-resistant, it. [8] Due to the lack of digital literacy and the quiet operation ensuring live and permanent material editing on the blockchain be- with which information is collected, regular users do not realise yond central authority’s access. Therefore, manipulation of data is the loss of control over their data. In fact, Internet companies may not possible However, the peer-peer network typically has a central have easy access to their sensitive information, as they are not server or update system that can be a single failure point. But as a aware on what they are revealing. These collecting practices are matter of fact, there is no single point of failure for a decentralized legal. Users sign a digital contract when, for instance, they create a network as it will allow the internet to operate on the smart device digital profile in a social network. Privacy policies and terms and of everybody rather than dedicated servers. A decentralized version conditions texts explain what the company does with their data, would replace the server system. how they are gathered and for how long. When users “accept the Decentralized systems transmit data across a network of linked terms and conditions”, they are giving their consent to companies users at their core level. Both concepts together improve object to execute all they have written on these long but vague texts. They accessibility by allowing validated copies to be stored in many loca- only demand to collect few personal data with, such as our e-mail tions. There is no provision for access to custody. Custody shall be address, full name, age, gender, profession, telephone number, or so. replaced by a verified copy access Data can be stored redundantly Nevertheless, these sorts of companies, the so called data brokers, in different locations, reducing each individual’s financial burden. really handle the internet data market. Their general purpose is to Data will be downloaded from the most convenient copy when collect users’ personal data (big data), classify it in different cate- access is required. The peer-to-peer system maxim is that no single gories (data mining), and sell it to other companies, for instance node loss should disrupt the entire network. The more people visit- Facebook, WhatsApp, YouTube, Twitter and so on. [8] The results ing a website, the greater the ability to support new users under a Secured Blockchain Based Decentralised Internet: A Proposed New Internet ICCA 2020, January 10–12, 2020, Dhaka, Bangladesh peer-to-peer system, as each user becomes both a potential server 8 BLOCKCHAIN TECHNOLOGY AND and a client [3]. Same principle followed by torrent websites. But ETHEREUM advantage over the torrent file system will be blockchain storage The blockchain is a distributed database that tracks the transactions system can have significant amount of nodes containing same data that took place in the peer-to-peer network. All of the network’s with same consumption of storage. For instance if a file size is 10mb participants bear the same database. There is no central authority and it has 100 seeders in torrent then total storage consumption in this network, there is no single node that can control the whole is 10000mb. In blockchain storage system this file will be divided network. Essentially, the blockchain is a sequence of connected data into data fragments. Let’s assume into 10 pieces, every fragment blocks. Blocks are applied to the blockchain through agreement size is 1mb. Every fragment will be stored in 100 nodes. Consuming among most of the nodes in the network. Each block contains a total 100mb of storage and the complete file will have 10000 nodes block header and a series of transactions, each block header con- containing them with a storage consumption of 10000mb. tains the link pointers of the previous block headers, the merkle Our first objective is to determine how the users will be con- root of the tree-like Filecoin information, and a timeline. In this nected to the internet and how to transfer and secure data.. There- way, in chronological order, the blocks are connected together. The fore, blockchain storage system has more nodes for faster and secure hash algorithm in cryptography guarantees that the transaction data storage and transferring. Data transfer and storage protocol data is unchanged in each block and that the connected blocks in used for proposed technology - the blockchain of the network are not tempered. [10] That is, the Blockchain, with the guarantee of no double spend as a cryptocurrency database can be repurposed as a witness system, and at least 7.1 DATA TRANSFER PROTOCOL – WHISPER one of them will be invalidated by the truth principle of Blockchain. [11] Whisper is a peer-to-peer (P2P) messaging protocol developed for decentralized applications popularly known as DApps. To provide DApp developers a simple API to send and receive messages with 8.1 DATA STORAGE SOLUTIONS almost complete secrecy. This protocol is particularly developed Blockchain technology offers unchangeable data storage so that for sending small chunk of data and full data transfer secrecy. That transactions can only be appended and never changed or erased. is why this protocol is best suited for our proposed technology. Data storage on blockchain, though, has a cost model that varies in terms of size and expense from traditional data storage. For example, in terms of size, the Bitcoin blockchain provides the OPRETURN opcode to store arbitrary data in transactions. Decentralized storage 7.2 DATA STORAGE PROTOCOL – SWARM Or, systems like IPFS, Storj, Sia, etc. do not rely on a central service IPFS provider but allows users to store data to storage nodes that of- Swarm is a distributed storage system. Which was initially devel- fer free storage room. Blockchain is used by such applications as oped as a native base layer service of the Ethereum web3 stack. their core structure. IPFS utilizes Filecoin as an enabling layer to The primary objective of swarm protocol is to provide decentral- input nodes to provide storage and retrieval services as a content- ized and redundant store, more specifically to store and distribute addressed decentralized storage framework. IPFS does not have a DApp code and data. From a financial perspective, it enables partic- single failure point, so nodes do not have to trust each other. IPFS ipants to pool their storage and bandwidth resources effectively to does not provide user-uploaded files with a good cryptographic provide these resources to all network members with the help of framework for protection. Nonetheless, a few details are placed Filecoin/Appcoins. InterPlanetary File System (IPFS) is a protocol on the ledger of the Ethereum. Only when the collection of user and network intended to build a peer-to-peer content-addressed attributes passes the device owner’s access policies, the users will storage and hypermedia sharing technique in a distributed file sys- be able to interpret the Ethereum blockchain data and decrypt the tem. Unlike a centrally located server, IPFS is constructed around a position, retrieve the encrypted file from the IPFS via the location user-operator decentralized system that holds a part of the general script, and then decode it. [12][10] In addition, it is not straightfor- information, creating a resilient file storage and sharing scheme. ward to build a new file with the same hash, rendering it difficult to The Ethereum network is famous for its decentralized applications overload IPFS with data with a given goal file identifier.[12] In con- or “DApps” such as Freedom Box (A system for personal publish- trast, the Storj framework offers an end-to-end encryption solution ing), Blockstack (A distributed system for online identity services), and stores cryptographic hash fingerprint of files on the blockchain Appcoins/Filecoins (A digital currency framework that enables thus offering a system to check the validity of files. The Sia network users to financially participate in ownership of platforms and pro- blends blockchain technology with peer-to-peer storage system tocols), D-tube (A decentralised YouTube), Freenet (A peer-to-peer network, separates distributed data into multiple segments of files, platform for censorship-resistant communication and publishing), and encrypts each section. The file cipher text is sent through smart IPFS (Interplanetary File System, a distributed storage service with contracts to the nodes that provide storage service. The users pays a proposed mechanism to incentives resource sharing), Diaspora Siacoin for the storage service, and the storage nodes periodically (A federated social network), ZeroNet (A decentralized web-like submits a file proof of storage to prevent the storage node from network of peer-to-peer users) nOS (A virtual operating system), deleting the stored file. . Users pay Siacoin for the storage service, Whisper (A peer-to-peer (P2P) messaging protocol), Swarm (A dis- and the data nodes routinely send storage file evidence to keep the tributed storage system) and so on. storage node from removing the saved information. ICCA 2020, January 10–12, 2020, Dhaka, Bangladesh HM Chowdhury, et al.

Table 2: Comparison between Decentralisation with Blockchain and Legacy Server

Category Decentralised With Blockchain Legacy Server Data ownership Maintained through Cryptography key pairs and native Established via central authority and they control users cryptographic algorithm. And only user can control/ data. access his/her data. Privacy and Security Cryptographic Authentication and no monetisation. Configuring each row based on enforcement from acen- tral authority and user datas are being managed, mone- tised. Access control Inherently identical for all permission nodes Centrally Administered. Trust Native via immutable records and done with smart con- Established via central authority. tract. Data quality Immutable records with automatic conflict resolution Complex conflict resolution processes requires manual through consensus for transactions intervention. Data validity Continuous validity Provided only for single instances in time Data propagation Quick Propagation across all networked nodes Managed through multi-version currency control(MVCC) and through custom synchronization process. Enforce data trans- Built into data layer login None formation Concurrency and Consensus yields identical copies Involves complex checking between central DB and users Synchronization DB to ensure agreement Reliability and Avail- Peer to peer networking for distributed replication across Potential single point of failure ability all nodes Stored procedures Smart contacts Centrally Administered. Transaction creation Available to all permissioned parties Managed via central authority Malicious Changes Immutability through reliance on previous block Not available where current keys and check constraints remain insufficient

8.2 SMART CONTRACTS assemble blocks and new random numbers until the right random Smart contracts are a type of computer protocol that can be self- number is discovered, the miner solves a very complex cryptog- executed and self-examined once mapped out and deployed without raphy puzzle. This block is transmitted by the miner will to the the need for human intervention. From a technical point of view, a network, other nodes must check the block’s validity and the trans- smart contract can be described as a computer program that can actions it includes. The block is applied to the ledger after the execute all or part of the contract-related activities autonomously authentication is completed. The Ethereum platform’s security de- and provide the necessary data that can be checked to confirm the pends on the algorithm of mining and POW. Mining also made it validity of the contract process. Smart contract is a special account possible for the nodes throughout the Ethereum network should with associated code in the blockchain of the Ethereum. The users reach agreement on tamper resistance. No other nodes can be fooled deposit the service fee into the contract in an environment that by any of the members. In addition, Blockchain does not include does not require a trusted third party, and the smart contract helps double spending transactions, i.e. there are no two transactions users to get it back. Only when the correct result is retrieved, the that use the same amount of coins. This is realized in Blockchain service fee will be deducted from the contract. To save money in by transaction validation research [11] conventional cloud storage systems, it solves the problem whereby searcher intentionally does not return the answer or return the 8.4 SECURITY AND PRIVACY ANALYSIS wrong result. [10] It has to maintain storage nodes in a decentralized storage system, ensuring smart contracts guarantee its stability and data availability. 8.3 MINING AND PROOF OF WORK Blockchain manages only the user’s own info. There is no central Mining is a process on the Ethereum blockchain network that in- authority in this network and there is no single node that can cludes new blocks to the blockchain. Miners use work proof (POW) regulate the whole network. For DHT routing technology and Bit- algorithms to add blocks to the newly generated blockchain by pack- Torrent technology, it’s redundancy recovery Technology ensure aging transactions. The Ethereum POW algorithm is called Ethash coding, Proof of Replication and Filecoin opportunities to ensure (a modified algorithm for Dagger-Hashimoto). The distinction in data durability and availability Wide files are chunked and trans- the Bitcoin system between this algorithm and the POW algorithm ferred to multiple storage nodes within the IPFS. The Files that we is that it is memory-intensive and reduces the computational power wish to share are coded with the AES algorithm and stored into centring hazard to a large extent. Through continuously trying to IPFS storage nodes Only part of the cipher-techniques is available Secured Blockchain Based Decentralised Internet: A Proposed New Internet ICCA 2020, January 10–12, 2020, Dhaka, Bangladesh in the storage nodes and other can not be received. Next, the file REFERENCES encryption key is authenticated using the algorithm ABE and then [1] C.Barabas,N.Narula,E.Zuckerman,”Defending Internet Freedom through Decen- encrypted along with other information using the AES algorithm tralization: Back to the Future?”,pp.1-113,August 2017. [2] D.C.Robinson,J.A.Hand„M.B.Madsen,.K.R.McKelvey,”The Dat Project, an open (file location hash cipher-text) And the ledger was installed. Auser and decentralized research data tool”,pp.1-4,October 2018. whose attribute does not comply with the access policy can not [3] C.Faife,”The Decentralized Web Explained(in Words You can understand),27 November 2018. decrypt a file encryption key and can not download the encrypted [4] S.H.L.Liang,”A New Fully Decentralized Scalable Peer-to-peer Gis Architec- file from IPFS when the ABE and AES algorithms are encrypted, ture”,The International Archives of the Photogrammetry, Remote Sensing and even if anybody has the option to see a cipher code. They have Spatial Information Sciences. Vol. XXXVII. Part B4. Beijing 2008 . [5] OWASP Top 10 - 2017, The Ten Most Critical Web Application Security Risks, therefore achieved advanced data control protection. It can be said Creative Commons Attribution-ShareAlike 4.0 International License, 2017 that the proposed system is safe as long as the Ethereum blockchain [6] S.Jahid,I.Hoque,M.Hafiz,”Security Issues Of Web Server”,pp.1-4. network and the ABE scheme are secure. [7] J.Brewer,”Web Server Vulnerabilities and a Defense in Depth Strategy Using the Squid Proxy”,pp.2-24,February 19,2004. [8] G.Llorca-Abad,L,Cano-Oron,”How Social Networks and Data Brokers Trade with pPrivate Data”,pp.1-21,December 2016. [9] L.Chhetri,E.L.Chhetri,”Securing Web Application and finding security vulnerabil- 8.5 ETHEREUM ities,a case study on school management system”,Proceedings of IOE Graduate Conference,2017,00.1-6. Ethereum is a leading blockchain system in the world. It was de- [10] S.Wang,Y.Zhang,Y.Zhang,”A Blockchain-Based Framework for Data Sharing With signed and developed from Bitcoin, a modern decentralized smart Fine-Grained Access Control in Decentralized Storage Systems”, pp.1-14,29 June contract technology framework. In the Bitcoin-System a complete 2018. [11] Y.Tang,Q,Zou,J.Chen,K.Li,”ChainFS: Blockchain-Secured Cloud Storage” in IEEE non-Turing stack-based scripting language carries out transaction 11Th Internatioan Conference on Cloud Computing(CLOUD).pp.1-17,July 2018. operations that can only support simple logic and therefore re- [12] M.Steichen,B.B.F.Pontiveros,R.Norvill,W.Shbair.”Blockchain-Based, Decentralized strict its application in many areas. Ethereum is usually defined as Access Control for IPFS”,in IEEE 11Th Internatioan Conference on Blockchain (Blockchain-2018),Halifax,Canada,July 2018. a programmable Bitcoin system with the entire language of Tur- [13] Y.Tang,Q,Zou,J.Chen,K.Li,”ChainFS: Blockchain-Secured Cloud Storage” in IEEE ing scripting. The novelty is that it is a programmable network 11Th Internatioan Conference on Cloud Computing(CLOUD).pp.1-17,July 2018. [14] M.Steichen,B.B.F.Pontiveros,R.Norvill,W.Shbair.”Blockchain-Based, Decentralized similar to the bitcoin system. The code may not be modified or Access Control for IPFS”,in IEEE 11Th Internatioan Conference on Blockchain over-written, because Ethereum is (in great part) annexed only (Blockchain-2018),Halifax,Canada,July 2018. by consensus and function proof. [12] The platform supports the [15] C.Troncoso,M.Isaakidis,G.Danezis,H.Halpin,”Systematizing Decentralization and Privacy:Lessons from 15 Years of Research and Deployments”,Proceedings on whole Turing specification, which allows users to create, enforce Privacy Enhancing Technologies ;pp.1-23, 2017 and execute sophisticated blockchain contracts. The contract will [16] C.Barabas,N.Narula,E.Zuckerman,”Defending Internet Freedom through Decen- immediately be enforced in compliance with the negotiated smart tralization: Back to the Future?”,pp.1-113,August 2017. [17] D.Thain,C.Moretti,P.Madrid,P.Snowberger,J.Hemmes,”The Consequences of De- contract principle once it has been entered into. Ideally, no time off, centralized Security in a Cooperative Storage System”.pp.1-12. surveillance, bribery, interference from third parties or other issues [18] C.Shahabi,F.Banaei-Kashani,”Decentralized resource management for a distributed continuous media server”,in IEEE Transactions on Parallel and Dis- may occur. [10] tributed Systems,vol 13,NO.6,pp.1-19,June 2002. [19] Douglas Thain, Christopher Moretti, Paul Madrid, Philip Snowberger, and Jeffrey Hemmes Department of Computer Science and Engineering University of Notre Dame, The Consequences of Decentralized Security in a Cooperative Storage 9 CONCLUSION System [20] P.Wendell,J.W.Jiang,M.J.Freedman,J.Rexford.”DONAR: Decentralized Server Se- From the above discussion, generally for efficiency or scaling, but lection for Cloud Services”,pp.1-12 not for privacy, centralized systems can be spread from the above [21] D.Schuff,R.S.Louis,”Centralization vs. Decentralization of Application Soft- example. But in a world where resources and investment are scarce, ware”,inCommunications of the ACM,Vol.44,No.6.pp.1-6,June 2001. inefficient decentralization leads to a failure of decentralization. To insure that those who do work are paid for continuing this operation, accounting and payment systems need to be established.[13] Simple to use, distributed storage systems from peer to peer can change the landscape for censorship and archiving of content. [9] Worse yet, users may not be eligible to manage their own programs, even though most competent administrators are unable to do so. But’s proponents of decentralization want users to return to a’ lost golden age’ of self-hosting services [13]. Although the scenario raises a concern over anonymity and the speed of the network system as any interaction within the database would be a transaction on the whole system. Another notable concern would be replacing the current central servers with the proposed technology. Future research on these stated issues will be conducted. In this paper, we aim to define decentralization and systematization of ways in which a system can be decentralized and, by presenting the proposed solution for decentralized sys-temps, provide past lessons that can inform a new generation of decentralized technologies that enhance privacy. [13]