August 2020 list
If you feel a paper should belong to another category, or that we missed a relevant paper just let us know. Participation is most welcome!
Categories:
- Attacks and defenses
- Blockchain-general
- Blockchain-noncrypto uses
- Internet of Things (IoT)
- Proof of Work (PoW) alternatives
- Smart contracts
Attacks and defenses
Discouraging Pool Block Withholding Attacks in Bitcoins
Authors: Zhihuai Chen, Bo Li, Xiaohan Shan, Xiaoming Sun, Jialin Zhang
Abstract: The arisen of Bitcoin has led to much enthusiasm for blockchain research and block mining, and the extensive existence of mining pools helps its participants (i.e., miners) gain reward more frequently. Recently, the mining pools are proved to be vulnerable for several possible attacks, and pool block withholding attack is one of them: one strategic pool manager sends some of her miners to other pools and these miners pretend to work on the puzzles but actually do nothing. And these miners still get reward since the pool manager can not recognize these malicious miners. In this work, we revisit the game-theoretic model for pool block withholding attacks and propose a revised approach to reallocate the reward to the miners. Fortunately, in the new model, the pool managers have strong incentive to not launch such attacks. We show that for any number of mining pools, no-pool-attacks is always a Nash equilibrium. Moreover, with only two minority mining pools participating, no-pool-attacks is actually the unique Nash equilibrium.
Security Analysis on Tangle-based Blockchain through Simulation
Authors: Bozhi, Wang, Qin, Wang, Shiping, Chen, Yang, Xiang
Abstract: The Tangle-based structure becomes one of the most promising solutions when designing DAG-based blockchain systems. The approach improves the scalability by directly confirming multiple transactions in parallel instead of single blocks in linear. However, the performance gain may bring potential security risks. In this paper, we construct three types of attacks with comprehensive evaluations, namely parasite attack (PS), double spending attack (DS), and hybrid attack (HB). To achieve that, we deconstruct the Tangle-based projects (e.g. IOTA) and abstract the main components to rebuild a simple but flexible network for the simulation. Then, we informally define the three smallest actions to build up the attack strategies layer by layer. Based on that, we provide analyses to evaluate the different attacks in multiple dimensions. To the best of our knowledge, this is the first study to provide a comprehensive security analysis of Tangle-based blockchains.
Blockchain-general
Applying Private Information Retrieval to Lightweight Bitcoin Clients
Authors: Kaihua Qin, Henryk Hadass, Arthur Gervais, Joel Reardon
Abstract: Lightweight Bitcoin clients execute a Simple Payment Verification (SPV) protocol to verify the validity of transactions related to a particular user. Currently, lightweight clients use Bloom filters to significantly reduce the amount of bandwidth required to validate a particular transaction. This is despite the fact that research has shown that Bloom filters are insufficient at preserving the privacy of clients’ queries. In this paper we describe our design of an SPV protocol that leverages Private Information Retrieval (PIR) to create fully private and performant queries. We show that our protocol has a low bandwidth and latency cost; properties that make our protocol a viable alternative for lightweight Bitcoin clients and other cryptocurrencies with a similar SPV model. In contract to Bloom filters, our PIR-based approach offers deterministic privacy to the user. Among our results, we show that in the worst case, clients who would like to verify 100 transactions occurring in the past week incurs a bandwidth cost of 33.54 MB with an associated latency of approximately 4.8 minutes, when using our protocol. The same query executed using the Bloom-filter-based SPV protocol incurs a bandwidth cost of 12.85 MB; this is a modest overhead considering the privacy guarantees it provides.
A Blockchain Transaction Graph based Machine Learning Method for Bitcoin Price Prediction
Authors: Xiao Li, Weili Wu
Abstract: Bitcoin, as one of the most popular cryptocurrency, is recently attracting much attention of investors. Bitcoin price prediction task is consequently a rising academic topic for providing valuable insights and suggestions. Existing bitcoin prediction works mostly base on trivial feature engineering, that manually designs features or factors from multiple areas, including Bticoin Blockchain information, finance and social media sentiments. The feature engineering not only requires much human effort, but the effectiveness of the intuitively designed features can not be guaranteed. In this paper, we aim to mining the abundant patterns encoded in bitcoin transactions, and propose k-order transaction graph to reveal patterns under different scope. We propose the transaction graph based feature to automatically encode the patterns. A novel prediction method is proposed to accept the features and make price prediction, which can take advantage from particular patterns from different history period. The results of comparison experiments demonstrate that the proposed method outperforms the most recent state-of-art methods.
BLONDiE: Blockchain Ontology with Dynamic Extensibility
Authors: Ugarte-Rojas Hector, Chullo-Llave Boris
Abstract: There are thousands of projects worldwide based primarily on blockchain technology. These have a large number of users and hundreds of use cases. One of the most popular is the use of cryptocurrencies and their benefits against money without intrinsic value (fiat money) and centralized financial solutions. However, although thousands of new transactions are carried out daily in different platforms, uniform and standardized information does not exist to be able to manage the large amount of data that is generated and exchanged between users through transactions and the generation of new blocks. This research reports the development of BLONDiE, an ontology that allows the semantic representation of knowledge to describe the native structure and related information of the three most relevant blockchain projects to date: Bitcoin, Ethereum and in the recent 1.0 version extends its definitions to include Hyperledger, specifically the Hyperledger Fabric infrastructure. Its use allows having common data formats of different platforms for further processing, such as the execution of semantic queries.
A PLS blockchain for IoT applications: protocols and architecture
Authors: Alex Shafarenko
Abstract: This paper introduces an architecture and a protocol suite for a permissioned blockchain for a local IoT network. The architecture is based on a sealed Sequencer and a Fog Server running Guy Fawkes protocols. The blockchain is stored in networked Content Addressable Storage alongside any user data and validity proofs. We maintain that an IoT device can, within its resource limitations, use our blockchain directly, without a trusted intermediary. This includes posting and monitoring transactions as well as blockchain-supported emergency communications.
Scalable and Communication-efficient Decentralized Federated Edge Learning with Multi-blockchain Framework
Authors: Jiawen Kang, Zehui Xiong, Chunxiao Jiang, Yi Liu, Song Guo, Yang Zhang, Dusit Niyato, Cyril Leung, Chunyan Miao
Abstract: The emerging Federated Edge Learning (FEL) technique has drawn considerable attention, which not only ensures good machine learning performance but also solves “data island” problems caused by data privacy concerns. However, large-scale FEL still faces following crucial challenges: (i) there lacks a secure and communication-efficient model training scheme for FEL; (2) there is no scalable and flexible FEL framework for updating local models and global model sharing (trading) management. To bridge the gaps, we first propose a blockchain-empowered secure FEL system with a hierarchical blockchain framework consisting of a main chain and subchains. This framework can achieve scalable and flexible decentralized FEL by individually manage local model updates or model sharing records for performance isolation. A Proof-of-Verifying consensus scheme is then designed to remove low-quality model updates and manage qualified model updates in a decentralized and secure manner, thereby achieving secure FEL. To improve communication efficiency of the blockchain-empowered FEL, a gradient compression scheme is designed to generate sparse but important gradients to reduce communication overhead without compromising accuracy, and also further strengthen privacy preservation of training data. The security analysis and numerical results indicate that the proposed schemes can achieve secure, scalable, and communication-efficient decentralized FEL.
Blockchain-noncrypto uses
Integrating Hardware Security into a Blockchain-Based Transactive Energy Platform
Authors: Shananda Shammya Saha, Christopher Gorog, Adam Moser, Anna Scaglione, G. Nathan Johnson
Abstract: This applied research paper introduces a novel framework for integrating hardware security and blockchain functionality with grid-edge devices to establish a distributed cyber-security mechanism that verifies the provenance of messages to and from the devices. Expanding the idea of Two Factor Authentication and Hardware Root of Trust, this work describes the development of a Cryptographic Trust Center(TM) (CTC(TM)) chip integrated into grid-edge devices to create uniform cryptographic key management. Product managers, energy system designers, and security architects can utilize this modular framework as a unified approach to manage distributed devices of various vendors, vintages, and sizes. Results demonstrate the application of CTC(TM) to a blockchain-based Transactive Energy (TE) platform for provisioning of cryptographic keys and improved uniformity of the operational network and data management. This process of configuring, installing, and maintaining keys is described as Eco-Secure Provisioning(TM) (ESP(TM)). Laboratory test results show the approach can resolve several cyber-security gaps in common blockchain frameworks such as Hyperledger Fabric.
Privacy-preserving targeted mobile advertising: A Blockchain-based framework for mobile ads
Authors: Imdad Ullah, S. Salil Kanhere, Roksana Boreli
Abstract: The targeted advertising is based on preference profiles inferred via relationships among individuals, their monitored responses to previous advertising and temporal activity over the Internet, which has raised critical privacy concerns. In this paper, we present a novel proposal for a Blockchain-based advertising platform that provides: a system for privacy preserving user profiling, privately requesting ads from the advertising system, the billing mechanisms for presented and clicked ads, the advertising system that uploads ads to the cloud according to profiling interests, various types of transactions to enable advertising operations in Blockchain-based network, and the method that allows a cloud system to privately compute the access policies for various resources (such as ads, mobile user profiles). Our main goal is to design a decentralized framework for targeted ads, which enables private delivery of ads to users whose behavioral profiles accurately match the presented ads, defined by the ad system. We implement a POC of our proposed framework i.e. a Bespoke Miner and experimentally evaluate various components of Blockchain-based in-app advertising system, implementing various critical components; such as, evaluating user profiles, implementing access policies, encryption and decryption of users’ profiles. We observe that the processing delay for traversing policies of various tree sizes, the encryption/decryption time of user profiling with various key-sizes and user profiles of various interests evaluates to an acceptable amount of processing time as that of the currently implemented ad systems.
Blockchain-enabled Internet of Medical Things to Combat COVID-19
Authors: Hong-Ning Dai, Muhammad Imran, Noman Haider
Abstract: We are experiencing an unprecedented healthcare crisis caused by newly-discovered corona-virus disease (COVID-19). The outbreaks of COVID-19 reveal the frailties of existing healthcare systems. Therefore, the digital transformation of healthcare systems becomes an inevitable trend. During this process, the Internet of Medical Things (IoMT) plays a crucial role while intrinsic vulnerabilities of security and privacy deter the wide adoption of IoMT. In this article, we present a blockchain-enabled IoMT to address the security and privacy concerns of IoMT systems. We also discuss the solutions brought by blockchain-enabled IoMT to COVID-19 from five different perspectives. Moreover, we outline the open challenges and future directions of blockchain-enabled IoMT.
A blockchain-based Forensic Model for Financial Crime Investigation: The Embezzlement Scenario
Authors: Lamprini Zarpala, Fran Casino
Abstract: The financial crime landscape is evolving along with the digitization in financial services. In this context, laws and regulations cannot efficiently cope with a fast-moving industry such as finance, which translates in late adoption of measures and legal voids, providing a fruitful landscape for malicious actors. In parallel, blockchain technology and its promising features such as immutability, verifiability, and authentication, enhance the opportunities of financial forensics. In this paper, we focus on an embezzlement scheme and we provide a forensic-by-design methodology for its investigation. In addition, the feasibility and adaptability of our approach can be extended and embrace digital investigations on other types of schemes. We provide a functional implementation based on smart contracts and we integrate standardised forensic flows and chain of custody preservation mechanisms. Finally, we discuss the benefits and challenges of the symbiotic relationship between blockchain and financial investigations, along with future research directions.
Blockchain-Enabled Internet-of-Things Platform for End-to-End Industrial Hemp Supply Chain
Authors: Keqi Wang, Wencen Wu, Wei Xie, Jinxiang Pei, Qi Zhou
Abstract: After being legalized as an agricultural commodity by the 2018 U.S. Farm Bill, the Industrial Hemp production is moved from limited pilot programs to a regulated agriculture production system, and the market keeps increasing since then. However, Industrial Hemp Supply Chain (IHSC) faces several critical challenges, including high complexity and variability, data tampering, and lack of immutable information tracking system. In this paper, we develop a blockchain enabled internet-of-things (IoT) platform for IHSC to support process tracking, scalability, interoperability, and risk management. Basically, we create a two-layer blockchain with proof-of-authority based smart contract, which can leverage local authorities with state/federal regulators to ensure and accelerate quality control verification and regulatory compliance. Then, we develop a user-friendly mobile app so that each participant can use smart phone to real-time collect and upload their data to the cloud, and further share the process verification and tracking information through the blockchain network. Our study indicates the proposed platform can support interoperability, improve the efficiency of quality control verification, and ensure the safety of regulated IHSC.
Internet of Things (IoT)
Pricing and Budget Allocation for IoT Blockchain with Edge Computing
Authors: Xingjian Ding, Jianxiong Guo, Deying Li, Weili Wu
Abstract: Attracted by the inherent security and privacy protection of the blockchain, incorporating blockchain into Internet of Things (IoT) has been widely studied in these years. However, the mining process requires high computational power, which prevents IoT devices from directly participating in blockchain construction. For this reason, edge computing service is introduced to help build the IoT blockchain, where IoT devices could purchase computational resources from the edge servers. In this paper, we consider the case that IoT devices also have other tasks that need the help of edge servers, such as data analysis and data storage. The profits they can get from these tasks is closely related to the amounts of resources they purchased from the edge servers. In this scenario, IoT devices will allocate their limited budgets to purchase different resources from different edge servers, such that their profits can be maximized. Moreover, edge servers will set “best” prices such that they can get the biggest benefits. Accordingly, there raise a pricing and budget allocation problem between edge servers and IoT devices. We model the interaction between edge servers and IoT devices as a multi-leader multi-follower Stackelberg game, whose objective is to reach the Stackelberg Equilibrium (SE). We prove the existence and uniqueness of the SE point, and design efficient algorithms to reach the SE point. In the end, we verify our model and algorithms by performing extensive simulations, and the results show the correctness and effectiveness of our designs.
Providing reliability and auditability to the IoT LwM2M protocol through Blockchain
Authors: Cristian Martín, Iván Alba, Joaquín Trillo, Enrique Soler, Bartolomé Rubio, Manuel Díaz
Abstract: Blockchain has come to provide transparency, reliability as well as to increase the security in computer systems, especially in distributed ones like the Internet of Things (IoT). A few integrations have been proposed in this context so far; however, most of these solutions do not pay special attention to the interoperability of the IoT, one of the biggest challenges in this field. In this paper, a Blockchain solution has been integrated into the OMA Lightweight M2M (LwM2M), a promising industry IoT protocol for global interoperability. This integration provides reliability and auditability to the LwM2M protocol enabling IoT devices (LwM2M clients) to transparently interact with the protocol. Furthermore, a missing reliable API to allow users and applications to securely interact with the system and an interface to store critical information like anomalies for auditability have been defined.
Proof of Work (PoW) alternatives
Sequential Proof-of-Work for Fair Staking and Distributed Randomness Beacons
Authors: I. José Orlicki
Abstract: We propose a new Proof-of-Stake consensus protocol based on a Sequential Proof-of-Work constructed with a verifiable random function (VRF) and a verifiable delay function (VDF) that has the following properties: a) all addresses with positive stake can participate; b) is fair because the coin stake is proportional to the distribution of rewards; c) is resistant to several classic blockchain attacks such as Sybil attacks, “Nothing-at-stake” attacks and “Winner-takes-all” attacks. We call it Vixify Consensus. We introduce a variant of sequential Proof-of-Work puzzles with applications on Distributed Randomness Beacons.
SklCoin: Toward a Scalable Proof-of-Stake and Collective Signature Based Consensus Protocol for Strong Consistency in Blockchain
Authors: Zakwan Jaroucheh, Baraq Ghaleb, J William Buchanan
Abstract: The proof-of-work consensus protocol suffers from two main limitations: waste of energy and offering only probabilistic guarantees about the status of the blockchain. This paper introduces SklCoin, a new Byzantine consensus protocol and its corresponding software architecture. This protocol leverages two ideas: 1) the proof-of-stake concept to dynamically form stake proportionate consensus groups that represent block miners (stakeholders), and 2) scalable collective signing to efficiently commit transactions irreversibly. SklCoin has immediate finality characteristic where all miners instantly agree on the validity of blocks. In addition, SklCoin supports high transaction rate because of its fast miner election mechanism.
Demystifying the Role of zk-SNARKs in Zcash
Authors: Aritra Banerjee, Michael Clear, Hitesh Tewari
Abstract: Zero-knowledge proofs have always provided a clear solution when it comes to conveying information from a prover to a verifier or vice versa without revealing essential information about the process. Advancements in zero-knowledge have helped develop proofs which are succinct and provide non-interactive arguments of knowledge along with maintaining the zero-knowledge criteria. zk-SNARKs (Zero knowledge Succinct Non-Interactive Argument of Knowledge) are one such method that outshines itself when it comes to advancement of zero-knowledge proofs. The underlying principle of the Zcash algorithm is such that it delivers a full-fledged ledger-based digital currency with strong privacy guarantees and the root of ensuring privacy lies fully on the construction of a proper zk-SNARK. In this paper we elaborate and construct a concrete zk-SNARK proof from scratch and explain its role in the Zcash algorithm.
Smart contracts
SmartSON:A Smart contract driven incentive management framework for Self-Organizing Networks
Authors: Abdullah Yousafzai, Seon Choong Hong
Abstract: This article proposes a self-organizing collaborative computing network with an approach to enhance the expectation of a collaborating node for joining the self-organizing network. The proposed approach relies on Ethereum cryptocurrency and Smart Contract to enhance the expectation of collaborating nodes by monetizing the services provided to the self-organizing network. Furthermore, an escrow based smart contract is formalized in the proposed framework to sustains the monetary trust issue between collaborating nodes. The proposed scheme can enforce an autonomic incentive management mechanism to any type of self-organizing networks such as self-organizing clouds, ad-hoc networks, self-organizing federated cloud networks, self-organizing federated learning networks, and self-organizing D2D networks to name a few. Considering the distributed nature of these self-organizing networks and the Ethereum blockchain network, a distributed agent-based methodology is materialized in the proposed framework. Following this, a proof of concept implementation for the general case of a self-organizing cloud is presented. Lastly, the article provides some insights into possible future directions using the proposed framework.
Zecale: Reconciling Privacy and Scalability on Ethereum
Authors: Antoine Rondelet
Abstract: In this paper, we present Zecale, a general purpose SNARK proof aggregator that uses recursive composition of SNARKs. We start by introducing the notion of recursive composition of SNARKs, before introducing Zecale as a privacy preserving scalability solution. Then, we list application types that can emerge and be built with Zecale. Finally, we argue that such scalability solutions for privacy preserving state transitions are paramount to emulate “cash” on blockchain systems.
GasMet: Profiling Gas Leaks in the Deployment of Solidity Smart Contracts
Authors: Gerardo Canfora, Andrea Sorbo Di, Sonia Laudanna, Anna Vacca, A. Corrado Visaggio
Abstract: Nowadays, blockchain technologies are increasingly adopted for different purposes and in different application domains. Accordingly, more and more applications are developed for running on a distributed ledger technology (i.e., \textit{dApps}). The business logic of a dApp (or part of it) is usually implemented within one (or more) smart contract(s) developed through Solidity, an object-oriented programming language for writing smart contracts on different blockchain platforms, including the popular Ethereum. In Ethereum, once compiled, the smart contracts run on the machines of miners who can earn Ethers (a cryptographic currency like Bitcoin) by contributing their computing resources and the \textit{gas} (in Ether) corresponds to the execution fee compensating such computing resources. However, the deployment and execution costs of a smart contract strictly depend on the choices done by developers while implementing it. Unappropriated design choices — e.g., in the data structures and the specific instructions used — could lead to higher gas consumption than necessary. In this paper, we systematically identify a set of 20 Solidity code smells that could affect the deployment and transaction costs of a smart contract, i.e., \textit{cost smells}. On top of these smells, we propose GasMet, a suite of metrics for statically evaluating the code quality of a smart contract, from the gas consumption perspective. In an experiment involving 2,186 real-world smart contracts, we demonstrate that the proposed metrics (i) have direct associations with deployment costs, and (ii) they could be used to properly identify the level of gas consumption of a smart contract without the need for deploying it.
Security checklists for Ethereum smart contract development: patterns and best practices
Authors: Lodovica Marchesi, Michele Marchesi, Livio Pompianu, Roberto Tonelli
Abstract: In recent years Smart Contracts and DApps are becoming increasingly important and widespread thanks to the properties of blockchain technology. In most cases DApps are business critical, and very strict security requirements should be assured. Developing safe and reliable Smart Contracts, however, is not a trivial task. Several researchers have studied the security issues, however none of these provide a simple and intuitive tool to overcome these problems. In this paper we collected a list of security patterns for DApps. Moreover, based on these patterns, we provide the reader with security assessment checklists that can be easily used for the development of SCs. We cover the phases of design, coding, and testing and deployment of the software lifecycle. In this way, we allow developers to easily verify if they applied all the relevant security patterns to their smart contracts. We focus all the analysis on the most popular Ethereum blockchain, and on the Solidity language.
Leave a Comment