A Cross-Cloud Blockchain solution for the Italian payroll system
Alternatively, how the Italian Ministry of Economy and Finance can calculate payslips of Policy Forces without disclosing confidential data.
Luca Nicoletti co-authored this post
The Italian Ministry of Economy and Finance (MEF) needs to overcome the segregation of Public Bodies data-centres in order to calculate payslips of Police Forces. The Italian legal framework forces the Ministry of Interior (MIN) to be the exclusive controller of Police Force sensitive data. However, MEF needs access to such data to correctly compute payslips — local taxes must be computed on actual residence, which is however sealed for data classification purposes.
To overcome this issue, MEF put in place an intricate cooperation with MIN which locally performs part of the payroll tax computation then to be used by the MEF. However, this has lead to uncontrolled cooperations prone to mistake and malicious subversions, e.g. to avoid tax payment or to grant huge pay rise all of a sudden. Such frauds are subtle to discover and, most of all, MEF is liable for it even though it has no control on the full payroll data. Therefore, it is required a new system to re-engineer the payroll computation thus to
enable a cooperative and certified payroll calcuation by processing sensitive MIN data in an accountable and secure manner, preventing any direct access of MEF to the data itself.
This potential conundrum can be overcome introducing adequate guarantees both on the used sensitive data and on the performed tax calculations. The realised solution relies on a principled exploitation of blockchain technology upon a secured Cross-Cloud Federation between MEF and MIN.
The SUNFISH Cloud Federation Solution
Cloud Federation is the answer to make MEF and MIN virtualised IT systems interconnected and realise thanks to smart contract executed on blockchain correct and accountable payroll of Policy Forces.
As part of the SUNFISH project, we designed and implemented FaaS — Federation-as-a-Service, a new and innovative Cloud Federation service compatible with major Cloud platforms and offering advanced security and privacy-preserving services.
FaaS relies on a first-time use of blockchain technology to underpin the whole federation so to offer at hand decentralised, trustworthy computational means to interconnected Clouds.
The payroll application is split into two parts, one logically placed on MEF to compute the bulk payroll computation and one logically placed on MIN to process localised sensitive data.
To realise such infrastructure (i) MEF and MIN Clouds are securely federated, hence there cannot be unsecured interactions among themselves travelling via the Internet; (ii) MIN’s slave payroll application is tamperproof so to offer to MEF the expected assurances on what is actually computed on MIN side.
From a practical point of view, this boils down to deploy part of the application logic — viz. the MIN’s slave — on an infrastructure where there is no single-point-of-control and strong guarantees on logic executions, i.e. non repudiation, accountability and immutability: a blockchain system. Such blockchain is offered by the innovative Service Ledger component of the SUNFISH Cloud Federation Platform.
To deploy the system we utilised the Hyperledger Fabric framework for permissioned blockhain.
On the MEF side, the main payroll application is deployed and interacts with the localised payroll datasources. The certified code to compute local taxes is provided by the MEF in the form of a smart contract to be deployed on the Service Ledger. Such deployment prescribes a localised installation (as per Hyperledger Fabric’s jargon) on one of the peer — a node part of the blockchain — of the MIN. This peer will then get access to the sensitive data to locally and correctly compute taxes via the smart contract logic.
The tax computation will result into an immutable transaction replicated throughout the shared blockchain and will allow MEF to have at disposal all the needed guarantees on computed taxes.
This tax computation generate a blockchain transaction storing in plain text the computed tax amount (which are not sensitive as needed for completing MEF’s payroll computation) and in an encrypted format the sensitive inputs use by the smart contract. The latter inputs are encrypted with MIN’s private key and they never leave in plain text the MIN Cloud.
Storing such inputs ensure that disputes between MEF and MIN on data used for tax calculation cannot happen and, most of all, constrain liability on managing sensitive data just to the MIN.
Blockchain and Cloud Federation permitted overcoming the fragmentation of tax information of the Police personnel across the departments of MIN and MEF, ensuring correctness of tax calculation and payroll accountability. The combined used of encryption, certified smart contract and decentralisation ensures that tax calculation for payroll is correct, that no private data is leaked from MIN to MEF, and that there is no trusted-third-party carrying out part of the computation.
The prototype was developed by SOGEI — the IT partner of MEF — under our technical direction, the Cyber Security research group of the University of Southampton. This solution has been now adopted as part of the new innovation plan of the Italian Public Administration as part of the CloudifyNoiPA system.
Read further on this paper https://eprints.soton.ac.uk/415084/ of the Italian Conference of Cyber Security.
