492 research outputs found
Beyond the Hype: On Using Blockchains in Trust Management for Authentication
Trust Management (TM) systems for authentication are vital to the security of
online interactions, which are ubiquitous in our everyday lives. Various
systems, like the Web PKI (X.509) and PGP's Web of Trust are used to manage
trust in this setting. In recent years, blockchain technology has been
introduced as a panacea to our security problems, including that of
authentication, without sufficient reasoning, as to its merits.In this work, we
investigate the merits of using open distributed ledgers (ODLs), such as the
one implemented by blockchain technology, for securing TM systems for
authentication. We formally model such systems, and explore how blockchain can
help mitigate attacks against them. After formal argumentation, we conclude
that in the context of Trust Management for authentication, blockchain
technology, and ODLs in general, can offer considerable advantages compared to
previous approaches. Our analysis is, to the best of our knowledge, the first
to formally model and argue about the security of TM systems for
authentication, based on blockchain technology. To achieve this result, we
first provide an abstract model for TM systems for authentication. Then, we
show how this model can be conceptually encoded in a blockchain, by expressing
it as a series of state transitions. As a next step, we examine five prevalent
attacks on TM systems, and provide evidence that blockchain-based solutions can
be beneficial to the security of such systems, by mitigating, or completely
negating such attacks.Comment: A version of this paper was published in IEEE Trustcom.
http://ieeexplore.ieee.org/document/8029486
Towards Secure Blockchain-enabled Internet of Vehicles: Optimizing Consensus Management Using Reputation and Contract Theory
In Internet of Vehicles (IoV), data sharing among vehicles is essential to
improve driving safety and enhance vehicular services. To ensure data sharing
security and traceability, highefficiency Delegated Proof-of-Stake consensus
scheme as a hard security solution is utilized to establish blockchain-enabled
IoV (BIoV). However, as miners are selected from miner candidates by
stake-based voting, it is difficult to defend against voting collusion between
the candidates and compromised high-stake vehicles, which introduces serious
security challenges to the BIoV. To address such challenges, we propose a soft
security enhancement solution including two stages: (i) miner selection and
(ii) block verification. In the first stage, a reputation-based voting scheme
for the blockchain is proposed to ensure secure miner selection. This scheme
evaluates candidates' reputation by using both historical interactions and
recommended opinions from other vehicles. The candidates with high reputation
are selected to be active miners and standby miners. In the second stage, to
prevent internal collusion among the active miners, a newly generated block is
further verified and audited by the standby miners. To incentivize the standby
miners to participate in block verification, we formulate interactions between
the active miners and the standby miners by using contract theory, which takes
block verification security and delay into consideration. Numerical results
based on a real-world dataset indicate that our schemes are secure and
efficient for data sharing in BIoV.Comment: 12 pages, submitted for possible journal publicatio
On Cyber Risk Management of Blockchain Networks: A Game Theoretic Approach
Open-access blockchains based on proof-of-work protocols have gained
tremendous popularity for their capabilities of providing decentralized
tamper-proof ledgers and platforms for data-driven autonomous organization.
Nevertheless, the proof-of-work based consensus protocols are vulnerable to
cyber-attacks such as double-spending. In this paper, we propose a novel
approach of cyber risk management for blockchain-based service. In particular,
we adopt the cyber-insurance as an economic tool for neutralizing cyber risks
due to attacks in blockchain networks. We consider a blockchain service market,
which is composed of the infrastructure provider, the blockchain provider, the
cyber-insurer, and the users. The blockchain provider purchases from the
infrastructure provider, e.g., a cloud, the computing resources to maintain the
blockchain consensus, and then offers blockchain services to the users. The
blockchain provider strategizes its investment in the infrastructure and the
service price charged to the users, in order to improve the security of the
blockchain and thus optimize its profit. Meanwhile, the blockchain provider
also purchases a cyber-insurance from the cyber-insurer to protect itself from
the potential damage due to the attacks. In return, the cyber-insurer adjusts
the insurance premium according to the perceived risk level of the blockchain
service. Based on the assumption of rationality for the market entities, we
model the interaction among the blockchain provider, the users, and the
cyber-insurer as a two-level Stackelberg game. Namely, the blockchain provider
and the cyber-insurer lead to set their pricing/investment strategies, and then
the users follow to determine their demand of the blockchain service.
Specifically, we consider the scenario of double-spending attacks and provide a
series of analytical results about the Stackelberg equilibrium in the market
game
Overview of Polkadot and its Design Considerations
In this paper we describe the design components of the heterogenous
multi-chain protocol Polkadot and explain how these components help Polkadot
address some of the existing shortcomings of blockchain technologies. At
present, a vast number of blockchain projects have been introduced and employed
with various features that are not necessarily designed to work with each
other. This makes it difficult for users to utilise a large number of
applications on different blockchain projects. Moreover, with the increase in
number of projects the security that each one is providing individually becomes
weaker. Polkadot aims to provide a scalable and interoperable framework for
multiple chains with pooled security that is achieved by the collection of
components described in this paper
Trade-offs between Distributed Ledger Technology Characteristics
When developing peer-to-peer applications on distributed ledger technology (DLT), a crucial decision is the selection of a suitable DLT design (e.g., Ethereum), because it is hard to change the underlying DLT design post hoc. To facilitate the selection of suitable DLT designs, we review DLT characteristics and identify trade-offs between them. Furthermore, we assess how DLT designs account for these trade-offs and we develop archetypes for DLT designs that cater to specific requirements of applications on DLT. The main purpose of our article is to introduce scientific and practical audiences to the intricacies of DLT designs and to support development of viable applications on DLT
- …