Security Threats Classification in Blockchains

Blockchain, the foundation of Bitcoin, has become one of the most popular technologies to create and manage digital transactions recently. It serves as an immutable ledger which allows transactions take place in a decentralized manner. This expeditiously evolving technology has the potential to lead to a shift in thinking about digital transactions in multiple sectors including, Internet of Things, healthcare, energy, supply chain, manufacturing, cybersecurity and principally financial services. However, this emerging technology is still in its infancy. Despite the huge opportunities blockchain offers, it suffers from challenges and limitation such as scalability, security, and privacy, compliance, and governance issues that have not yet been thoroughly explored and addressed. Although there are some studies on the security and privacy issues of the blockchain, they lack a systematic examination of the security of blockchain systems. This research conducted a systematic survey of the security threats to the blockchain systems and reviewed the existing vulnerabilities in the Blockchain. These vulnerabilities lead to the execution of the various security threats to the normal functionality of the Blockchain platforms. Moreover, the study provides a case-study for each attack by examining the popular blockchain systems and also reviews possible countermeasures which could be used in the development of various blockchain systems. Furthermore, this study developed taxonomies that classified the security threats and attacks based on the blockchain abstract layers, blockchain primary processes and primary business users. This would assist the developers and businesses to be attentive to the existing threats in different areas of the blockchain-based platforms and plan accordingly to mitigate risk. Finally, summarized the critical open challenges, and suggest future research directions

Opportunistic Algorithmic Double-Spending: How I learned to stop worrying and hedge the Fork

In this paper, we outline a novel form of attack we refer to as Opportunistic Algorithmic Double-Spending (OpAl ). OpAl attacks avoid equivocation, i.e., do not require conflicting transactions, and are carried out automatically in case of a fork. Algorithmic double-spending is facilitated through transaction semantics that dynamically depend on the context and ledger state at the time of execution. Hence, OpAl evades common double-spending detection mechanisms and can opportunistically leverage forks, even if the malicious sender themselves is not responsible for, or even actively aware of, any fork. Forkable ledger designs with expressive transaction semantics, especially stateful EVM-based smart contract platforms such as Ethereum, are particularly vulnerable. Hereby, the cost of modifying a regular transaction to opportunistically perform an OpAl attack is low enough to consider it a viable default strategy. While Bitcoin’s stateless UTXO model, or Cardano’s EUTXO model, appear more robust against OpAl , we nevertheless demonstrate scenarios where transactions are semantically malleable and thus vulnerable. To determine whether OpAl -like semantics can be observed in practice, we analyze the execution traces of 922562 transactions on the Ethereum blockchain. Hereby, we are able to identify transactions, which may be associated with frontrunning and MEV bots, that exhibit some of the design patterns also employed as part of the herein presented attack

Crypto-Conspicuousness: A Scale Proposal for Consumers\u27 Cryptocurrency Buying Behavior within the Scope of Conspicuous Consumption

Cryptocurrencies have met with a great deal of interest since they first appeared. It is not just because it is a new technology. At the same time, the fact that these instruments provide very high returns in specific periods has made them attractive as an investment tool. This research questioned whether there is a different message that individuals who buy cryptocurrencies want to give to their social environment under this behavior. In other words, this study aims to develop a scale to measure the tendency of individuals to buy cryptocurrencies for conspicuous reasons. In order to reach the goal, the quantitative method was preferred, and data were collected from 400 people. As a result, a valid and reliable scale consisting of fourteen items and three dimensions was obtained. This scale will likely be used by researchers who want to investigate the purchasing behavior of cryptocurrencies in more detail in different studies in the future

Bitcoin and Beyond: A Technical Survey on Decentralized Digital Currencies

Besides attracting a billion dollar economy, Bitcoin revolutionized the field of digital currencies and influenced many adjacent areas. This also induced significant scientific interest. In this survey, we unroll and structure the manyfold results and research directions. We start by introducing the Bitcoin protocol and its building blocks. From there we continue to explore the design space by discussing existing contributions and results. In the process, we deduce the fundamental structures and insights at the core of the Bitcoin protocol and its applications. As we show and discuss, many key ideas are likewise applicable in various other fields, so that their impact reaches far beyond Bitcoin itself

Virtual Currencies Bitcoin & What Now After Liberty Reserve, Silk Road, and Mt. Gox?

During 2013, the U.S. Treasury Department evoked the first use of the 2001 Patriot Act to exclude virtual currency provider Liberty Reserve from the U.S. financial system. This article will discuss: the regulation of virtual currencies, cybercrimes and payment systems, darknets, Tor and the “deep web,” Bitcoin; Liberty Reserve, Silk Road, and Mt. Gox. Virtual currencies have quickly become a reality, gaining significant traction in a very short period of time, and are evolving rapidly

Social Commerce as a Driver to Enhance Trust and Intention to Use Cryptocurrencies for Electronic Payments

The deployment of cryptocurrencies in e-commerce has reached a significant number of transactions and continuous increases in monetary circulation; nevertheless, they face two impediments: a lack of awareness of the technological utility, and a lack of trust among consumers. E-commerce carried out through social networks expands its application to a new paradigm called social commerce. Social commerce uses the content generated within social networks to attract new consumers and influence their behavior. The objective of this paper is to analyze the role played by social media in increasing trust and intention to use cryptocurrencies in making electronic payments. It develops a model that combines constructs from social support theory, social commerce, and the technology acceptance model. This model is evaluated using the partial least square analysis. The obtained results show that social commerce increases the trust and intention to use cryptocurrencies. However, mutual support among participants does not generate sufficient trust to adequately promote the perceived usefulness of cryptocurrencies. This research provides a practical tool for analyzing how collaborative relationships that emerge in social media can influence or enhance the adoption of a new technology in terms of perceived trust and usefulness. Furthermore, it provides a significant contribution to consumer behavior research by applying the social support theory to the adoption of new information technologies. These theoretical and practical contributions are detailed in the final section of the paper.This work was supported in part by the Spanish Research Agency (AEI) and in part by the European Regional Development Fund (FEDER) through project CloudDriver4Industry under Grant TIN2017-89266-R

A decision-making model to guide securing blockchain deployments

Satoshi Nakamoto, the pseudo-identity accredit with the paper that sparked the implementation of Bitcoin, is famously quoted as remarking, electronically of course, that “If you don’t believe it or don’t get it, I don’t have time to try and convince you, sorry” (Tsapis, 2019, p. 1). What is noticeable, 12 years after the famed Satoshi paper that initiated Bitcoin (Nakamoto, 2008), is that blockchain at the very least has staying power and potentially wide application. A lesser known figure Marc Kenisberg, founder of Bitcoin Chaser which is one of the many companies formed around the Bitcoin ecosystem, summarised it well saying “…Blockchain is the tech - Bitcoin is merely the first mainstream manifestation of its potential” (Tsapis, 2019, p. 1). With blockchain still trying to reach its potential and still maturing on its way towards a mainstream technology the main question that arises for security professionals is how do I ensure we do it securely? This research seeks to address that question by proposing a decision-making model that can be used by a security professional to guide them through ensuring appropriate security for blockchain deployments. This research is certainly not the first attempt at discussing the security of the blockchain and will not be the last, as the technology around blockchain and distributed ledger technology is still rapidly evolving. What this research does try to achieve is not to delve into extremely specific areas of blockchain security, or get bogged down in technical details, but to provide a reference framework that aims to cover all the major areas to be considered. The approach followed was to review the literature regarding blockchain and to identify the main security areas to be addressed. It then proposes a decision-making model and tests the model against a fictitious but relevant real-world example. It concludes with learnings from this research. The reader can be the judge, but the model aims to be a practical valuable resource to be used by any security professional, to navigate the security aspects logically and understandably when being involved in a blockchain deployment. In contrast to the Satoshi quote, this research tries to convince the reader and assist him/her in understanding the security choices related to every blockchain deployment.Thesis (MSc) -- Faculty of Science, Computer Science, 202