Modern computer systems rely on logging events to keep track of actions that have taken place on a system. However, these logs aren't secured in any way, so if an attacker compromises a system they can modify those logs to remove any traces of their presence. This was an issue in the attacks on the Ukrainian Power Grid, where logs were deliberately modified by attackers to hide their tracks.
What it does
Our solution was to create a blockchain of log contents, so the information could be verified and any changes could be flagged. Our blockchain logger takes in log data and creates a blockchain out of it by hashing the data to the appropriate difficulty (in our case, 24 bits of zeros), posting the hash and our RSA signature of the has to our website, and publishing the hash, time, and nonce to the Etherium Ropsten Test Network Chain. This means that even if our website is compromised, the Etherium network will have a verifiable copy of the data.
How we built it
We got our data by reading actual vehicle logging information from the GeoTab API. We used that information to build a blockchain where each "block" consists of three values: the hash of the previous block, the data we want to have a verifiable record of, and a Nonce, or random number. We published this information to the Etherium Ropsten Test Network Chain using the web3 Python library and a smart contract that we wrote using Solidity, and we also wrote it to a local database. We used this database for our website, which can display the information in an easy-to-understand way.
Challenges we ran into and accomplishments that we're proud of
Writing a Smart Contract in Solidity was surprisingly difficult, partially because Solidity is an unfinished language. There were times when we had to work around Solidity having the framework for implementing a feature but not having implemented the feature yet. Additionally, learning to communicate with our Smart Contract via Python3 was complicated, and it was a very proud moment when we got it to work!
Signing hashes and getting JSON to export the signatures of data was also a challenge, but now we have multiple authentication methods to verify data is correct!
What we learned
We have never written a Smart Contract before, especially not one in Solidity. Trying to wrangle the language into doing a fairly simple task has given us a lot of respect for those who write the complex applications that are deployed to the real Etherium chain.
What's next for CAN Theft Auto: Blockchain
We'd like to flesh out the smart contract we wrote more, and include more data, such as the signature of the hash. We would also like to get real-time data from geotab, but because the car the GeoTab device is in isn't always moving we just used sample data for this project so we had data at-will.