Smart Gateways Enhanced With Blockchain-derived Techniques To Enable The Detection Of Alterations Of Digital Seals’ Logs

This paper shows the potential of securing events logs produced by safeguards digital seals installed in a nuclear facility using a smart gateway enhanced with append-only data structures derived from Blockchain technology. In nuclear safeguards, digital seals are on the rise thanks to their ability to register and remotely communicate their status and all relevant events to the inspectorate, thus enhancing its monitoring capabilities. The digital signature of logs, performed by the seal itself, provides a way to verify their origin and integrity during data transmission. In specific cases however, it may not be feasible to transmit such logs outside the facility, due to either technical or juridical/political decisions. In these cases, inspectors will still need to physically retrieve the logs registered in the seals’ internal memories. While very robust and secure by design, one cannot exclude the possibility for a digital seal to be tampered with or simply to fail, losing all the recorded events from the last inspection. We therefore propose to employ a smart gateway as a collector to record in real-time the events and the status of the seals in the facility. Using techniques derived from Blockchain technologies, such as hash chaining and Merkle trees, we can facilitate the detection of log tampering since a modification of a record invalids the whole log. Moreover, by publishing periodically an anchor to the log state on a public Blockchain, one can detect also tampering of the smart gateway itself. In this scenario, an inspector would retrieve all seals’ logs directly from the smart gateway, being able to verify with certainty if an alteration took place or not. In this paper we present experimental results obtained creating a Proof of Concept that simulates the described approach. We discuss strengths and limitations, and compare this approach to a scenario not employing a smart gateway. We conclude that a smart gateway enhanced with Blockchain-related technology enables the detection of alterations to digital seals’ logs when they cannot be remotely transmitted.