Skip to main content
Springer Nature Link
Log in

Blockchain-based decentralized content trust for docker images

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

It is feasible to deploy Docker containers in IoT (Internet of Things) devices because their runtime overhead is almost zero. Default Docker installation does not verify an image authenticity. Authentication is vital for users to trust that the image is not malicious or tampered with. As Docker is currently a popular choice for developers, tightening its security is a priority for system administrators and DevOps engineers. Docker recently deployed Notary as a solution to verify authenticity of their images. Notary is a viable solution, but it has some potential threats. This paper specifically addresses its vulnerability towards Denial-of-Service (DoS) attacks, and propose a potential solution: blockchain-based Decentralized Docker Trust (DDT). The proposed solution involves decentralizing the trust via a blockchain. The solution greatly reduces the risk of DoS and at the same time provides a signature verification service for Docker images. We demonstrate the proposed blockchain-based solution’s scalability and efficiency by conducting performance evaluation. At the same time, we also implemented a system prototype of Decentralized Docker Trust (DDT), and conducted performance evaluation for it on Amazon Web Services (AWS) across multiple data centers.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17

Similar content being viewed by others

Notes

  1. http://leveldb.org/.

  2. https://price.bitcoin.com/. Accessed in February 2017.

  3. https://en.bitcoin.it/wiki/Testnet.

  4. www.telehash.org.

  5. https://github.com/ruqqq/ddt.

  6. https://github.com/ruqqq/carbonchain.

  7. https://github.com/ruqqq/blockchainparser.

  8. http://cloc.sourceforge.net/.

  9. https://bitnodes.21.co./.

  10. https://en.bitcoin.it/wiki/Weaknesses#Denial_of_Service_.28DoS.29_attacks.

References

  1. Amin R, Islam SH, Vijayakumar P, Khan MK, Chang V (2017) A robust and efficient bilinear pairing based mutual authentication and session key verification over insecure communication. Multimed Tools Appl pp 1–26. https://doi.org/10.1007/s11042-017-4996-z

  2. Arumugam RV, Xu Q, Shi H, Cai Q, Wen Y (2014) Virt cache: managing virtual disk performance variation in distributed file systems for the cloud. In: IEEE 6th International Conference on Cloud Computing Technology and Science (CloudCom), pp 210–217

  3. Benet J (2014) IPFS-content addressed, versioned, P2P file system. arXiv:1407.3561

  4. Bos JW, Halderman JA, Heninger N, Moore J, Naehrig M, Wustrow E (2014) Elliptic curve cryptography in practice. In: International conference on financial cryptography and data security. Springer, Berlin, pp 157–175

  5. Brito J, Castillo A (2013) Bitcoin: a primer for policymakers. Mercatus Center at George Mason University

  6. Bui T (2015) Analysis of docker security. arXiv:1501.02967

  7. Chang V (2015) Towards a big data system disaster recovery in a private cloud. Ad Hoc Netw 35:65–82

    Article  Google Scholar 

  8. Chang V (2017) A cybernetics social cloud. J Syst Softw 124:195–211

    Article  Google Scholar 

  9. Chang V, Wills G (2016) A model to compare cloud and non-cloud storage of big data. Futur Gener Comput Syst 57:56–76

    Article  Google Scholar 

  10. Chang V, Kuo YH, Ramachandran M (2016) Cloud computing adoption framework: a security framework for business clouds. Futur Gener Comput Syst 57:24–41

    Article  Google Scholar 

  11. Datadog (2016) 8 surprising facts about real docker adoption - datadog. https://www.datadoghq.com/dockeradoption/. Retrieved from https://www.datadoghq.com/dockeradoption/

  12. Khandelwal S (2016) Dirty COW – critical linux kernel flaw being exploited in the wild. http://thehackernews.com/2016/10/linux-kernel-exploit.html. Retrieved from http://thehackernews.com/2016/10/linux-kernel-exploit.html

  13. Matzutt R, Hohlfeld O, Henze M, Rawiel R, Ziegeldorf JH, Wehrle K (2016) Poster: I don’t want that content! on the risks of exploiting Bitcoin’s blockchain as a content store. In: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, pp 1769–1771

  14. Merkel D (2014) Docker: lightweight linux containers for consistent development and deployment. Linux J 2014(239):2

    Google Scholar 

  15. Mónica D (2015) Introducing docker content trust. https://blog.docker.com/2015/08/content-trust-docker-1-8/. Retrieved from https://blog.docker.com/2015/08/content-trust-docker-1-8/

  16. Mrled (2017) No way to disable trust-on-first-use for ‘docker pull’ with content trust #342. https://github.com/docker/notary/issues/342. Retrieved from https://github.com/docker/notary/issues/342

  17. Nakamoto S (2008) Bitcoin: a peer-to-peer electronic cash system. http://www.bitcoin.org/bitcoin.pdf

  18. Pilkington M (2016) Blockchain technology: principles and applications. Research Handbook on Digital Transformations

  19. Samuel J, Mathewson N, Cappos J, Dingledine R (2010) Survivable key compromise in software update systems. In: Proceedings of the 17th ACM conference on computer and communications security, pp 61–72

  20. Spoiala CC, Calinciuc A, Turcu CO, Filote C (2016) Performance comparison of a webrtc server on docker versus virtual machine. In: 2016 International conference on development and application systems (DAS). IEEE, New York, pp 295–298

  21. TUF-spec: The Update Framework Specification (2017). https://raw.githubusercontent.com/theupdateframework/tuf/develop/docs/tuf-spec.txt. Retrieved from https://raw.githubusercontent.com/theupdateframework-/tuf/develop/docs/tuf-spec.txt

  22. Vasek M, Thornton M, Moore T (2014) Empirical analysis of denial-of-service attacks in the bitcoin ecosystem. In: International conference on financial cryptography and data security. Springer, Berlin, pp 57–71

  23. Vögler M, Schleicher JM, Inzinger C, Dustdar S (2016) A scalable framework for provisioning large-scale iot deployments. ACM Trans. Internet Technol. (TOIT) 16(2):11

    Article  Google Scholar 

  24. Xu Q, Shen HT, Cui B, Hou X, Dai Y (2009) A novel content distribution mechanism in dht networks. In: International conference on research in networking. Springer, Berlin, pp 742–755

  25. Xu Q, Arumugam RV, Yang KL, Mahadevan S (2013) Drop: facilitating distributed metadata management in eb-scale storage systems. In: 2013 IEEE 29th symposium on mass storage systems and technologies (MSST), pp 1–10

  26. Xu Q, Aung KMM, Zhu Y, Yong KL (2016) Building a large-scale object-based active storage platform for data analytics in the internet of things. J Supercomput 72(7):2796–2814

    Article  Google Scholar 

  27. Xu Q, Jin C, Rasid MFBM, Veeravalli B, Aung KMM (2017) Decentralized content trust for docker images. In: 2nd International conference on internet of things, big data and security (IoTBDS), pp 431–437

  28. Xu Q, Aung KMM, Zhu Y, Yong KL (2018) A blockchain-based storage system for data analytics in the internet of things. In: New advances in the internet of things. Springer, Berlin, pp 119–138

  29. Yang Y, Zheng X, Chang V, Ye S, Tang C (2017) Lattice assumption based fuzzy information retrieval scheme support multi-user for secure multimedia cloud. Multimed Tools Appl pp 1–15. https://doi.org/10.1007/s11042-017-4560-x

  30. Yao Y, Chang V (2014) Towards trust and trust building in a selected cloud gaming virtual community. Int J Org Collect Intell (IJOCI) 4(2):64–86

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Data Storage Institute, A*STAR, Singapore, Singapore

    Quanqing Xu, Chao Jin, Mohamed Faruq Bin Mohamed Rasid, Bharadwaj Veeravalli & Khin Mi Mi Aung

Authors
  1. Quanqing Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chao Jin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohamed Faruq Bin Mohamed Rasid
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Bharadwaj Veeravalli
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Khin Mi Mi Aung
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Quanqing Xu.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Xu, Q., Jin, C., Rasid, M.F.B.M. et al. Blockchain-based decentralized content trust for docker images. Multimed Tools Appl 77, 18223–18248 (2018). https://doi.org/10.1007/s11042-017-5224-6

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-017-5224-6

Keywords

Search

Navigation