BSIEM

A blockchain-based and distributed SIEM for the Internet of Things

Installation

First you need to install and configure the different nodes in your blockchain network, considering that BSIEM use two types of nodes, miner nodes running on desktop or laptop machines and sentinel nodes running on raspberries

How to install and configure a node

To install a node on Ubuntu follow the steps bellow: To create a node you need to install Ethereum protocol, in this case we are going to install Geth an Ethereum client based in Go.

• Write the following commands in the console

sudo apt-get install software-properties-common
sudo add-apt-repository -y ppa:ethereum/ethereum
sudo apt-get update
sudo apt-get install ethereum

• Now create a Wallet in https://www.myetherwallet.com/ use the method by keystore file, put a password and download the UTC file.
• Create a new folder and here create a genesis JSON file, set the values of chainId, difficulty, gasLimit and alloc.

Create a new folder and create a genesis JSON file, set the values of chainId, difficulty, gasLimit and alloc

  "config": {
     "chainId": 1994,
     "homesteadBlock": 0,
     "eip155Block": 0,
     "eip158Block": 0,
     "byzantiumBlock": 0
  },
  "difficulty": "400",
  "gasLimit": "2000000",
  "alloc": {
     "put_the_address_of_the_wallet" : {
         "balance": "100000000000000000000000"
     }
  }
}

• Initialize the data directory with the following command

geth --datadir ./myDataDir init ./genesis.json

• Copy the UTC file in the keystore directory
• Run your node, enable the RCP connection and WebSocket connection:

geth --datadir [path to data directory] --syncmode 'full' --port [entry port] 
--rpc --rpcaddr [ip address of node] --rpcport [rcp port] --rpccorsdomain "*" 
--ws --wsaddr [ip address of node --wsport [web socket port] --wsorigins "*" 
--networkid [network id] console --unlock [address of wallet]

• In case of run the sentinel node use the following command

geth --datadir [path to data directory] --syncmode 'full' --port [entry port] 
--rpc --rpcaddr [ip address of node] --rpcport [rcp port] --rpccorsdomain "*" 
--networkid [network id] console --unlock [address of wallet]

• In http://remix.ethereum.org/ put the smart contract found in https://github.com/pardo6162/BSIEM/tree/master/src/smartContracts , connect remix with your node and deploy the smart contract with a define initial threshold of quantity of storage events.

  Note: you need your miners node running to deploy the smart contract, to intialize the miner task in your node write the following comand in the geth console

  miner.start()

How to Install and configure BSIEM clients

• First clone the repository
• Install dependencies

  npm install
  

• Configure the ip address in the instantiation of web3 in each one of clients.

  web3 = new Web3(new Web3.providers.WebsocketProvider('ws://ip_of_node:ws_port'));
  web3 = new Web3(new Web3.providers.HttpProvider('http://ip_of_node':rpc_port'));

• In the variables directory you will find a file with the smart contract information, update it, put the smart contract address and the respective ABI

 exports.EC={
   "address":"Smart Contract address",
   "abi":[
     "Smart Contract ABI"
   ]
 }

User Manual BSIEM

BSIEM have five clients: EventService, MinerClient, NodeClient, PendingTransactions each one satisfy a different objective._

• EventClient: This client must be installed in sentinels nodes, this contains a function called addEvent to add security events in the blockchain, this method collect the security events until the quantity of these reached the a defined threshold. The method receives a event as parameter, the type Event have two attributes, the timestamp and the data of the event. To run this client execute the following command:

    node EventClient.js

• MinerClient: This client must be installed in miner nodes, this receives the latest events generated by the smart contract and read the block associated, after this map the data received in the block and add it into a file to be read by the SIEM, the events into the block must be separate by ‘$’ character.
  To run this client execute the following command:

    node MinerClient.js

• NodeClient: This client must be installed in miner nodes, this client subscribes to the new blocks headers that contains the address of the smart contract and then add this information into a spreadsheet with the name resp.xlsx. To run this client execute the following command:

    node NodeClient.js

• PendingTransactions: This client must be installed in miner nodes, this client subscribres to the pending transactions that contain the address of smart contract and then add this information into a spreadsheet with the name resp.xlsx. To run this client execute the following command:

    node PendingTransactions.js