Next Article in Journal
A Novel AB-CNN Model for Multi-Classification Sentiment Analysis of e-Commerce Comments
Next Article in Special Issue
A Survey on Parameters Affecting MANET Performance
Previous Article in Journal
Design of High-Precision Terahertz Filter Based on Directional Optimization Correction Method
Previous Article in Special Issue
Blockchain and Interplanetary File System (IPFS)-Based Data Storage System for Vehicular Networks with Keyword Search Capability
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Electronics
Volume 12
Issue 8
10.3390/electronics12081879
Review Report
electronics-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

Printed Edition

A printed edition of this Special Issue is available at MDPI Books....
share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Blockchain-Based Security Configuration Management for ICT Systems

Electronics 2023, 12(8), 1879; https://doi.org/10.3390/electronics12081879
by Dimitrios Chatziamanetoglou * and Konstantinos Rantos
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Electronics 2023, 12(8), 1879; https://doi.org/10.3390/electronics12081879
Submission received: 21 March 2023 / Revised: 10 April 2023 / Accepted: 13 April 2023 / Published: 16 April 2023
(This article belongs to the Special Issue Advancement in Blockchain Technology and Applications)

Round 1

Reviewer 1 Report

Dear Authors

It was a pleasure to read your work. It is an interesting research work that requires only some minor improvements. Please find them in the attached file.

 

All the best

Comments for author File: Comments.pdf

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report

It is proposed to use a permissioned blockchain / distributed ledger for configuration management. This is a relevant topic of high interest to readers. The application of blockchain/distributed ledger beyond financial transactions is still a topic for ongoing research. Therefore, also such reports on ongoing research activities is valuable to readers.

Unfortunately, rather the high level idea and concept of such an approach is presented, but without providing a real analysis of benefits and drawbacks. Also, no insights from practical experimentation or real-world usage are available so far. Rather, some benefits are rather claimed, but without providing evidence that can by verified independently (e.g., claimed improvements in efficiency and effectiveness). The paper would benefit if it would provide more information on identified limitations or areas that need further research. 

The benefits of the proposed approach are just claimed, referring to general properties of distributed ledgers / blockchain (section V.2). What is the exact reference to which the new model described in section V.1 refers? What real limitations of the reference are addressed? E.g., it even remains unclear whether the proposal has an advantage compared to a traditional transaction database with controlled access. Do smart contracts play any role in the proposed CM model? It is suggested to extend the paper accordingly.

More specific comments:

- It is unclear what exactly is understood by "critical infrastructure". Usually, the term relates to infrastructures to which government imposes specific regulations. The paper seems to use this term rather in a colloquial sense. It should be defined what the intended meaning of critical infrastructure is in the context of this paper. Otherwise, it should be clarified in which way the proposed CM model addresses the regulative requirements of critical infrastructures.  

- As some focus is put on OT and critical infrastructures, relevant standards (IEC62443) and regulations (e.g., European Council Directive 2008/114/EC, US Protected Critical Infrastructure Information (PCII) Program should be mentioned.

- It remains unclear in which way the requirements on CM differ for OT compared to general IT CM, and for different critical infrastructure regulations. In which way is the proposed concept specific to CM in OT or critical infrastructures? (e.g., does the proposed CM model limit/prevent changes on safety-relevant settings?)

- Also in general, it remains unclear how common requirements on CM are addressed by the blockchain-based approach (e.g., different permissions/roles of relevant actors; having just a permissioned blockchain does not solve such more fine-granular access control requirements; well-defined workflows for defining, approving, and applying configuration changes; do, e.g., smart contracts enforce such restrictions, does the ledger contain the corresponding permissions, or is the ledger simply used as data store?).

- It is unclear whether/how the digital signature infrastructure is integrated with the distributed ledger, as claimed at the end of section 6. What would it mean to embed a digital signature infrastructure, and what would be the benefit compared to having a separate digital signature infrastructure and just using it jointly with the distributed ledger? How does the embedding work if the PKI is currently not addressed at all (as stated in the middle of section 6)? 

Editorial:

- Add reference to NIST document/website in introduction ("According to NIST...")

- " definite set of": Meant is probably "limited resources"

- Section 2 "searches, do touch": remove comma

- Please check uppercase wording throughout the whole text (e.g., States, Systems, Configuration, Audit, Verification, Blockchain) 

 

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 2

Reviewer 2 Report

Thank you for updating the paper, taking the suggestions into account. I think that the paper can be published, despite the fact that it is based on theoretical considerations that have not yet been evaluated practically.

The updated version does not include references (references section are not included, references in text marked with '?')

Back to TopTop