119 research outputs found

    An Efficient Electronic English Auction System with a Secure On-Shelf Mechanism and Privacy Preserving

    Get PDF

    Integration of Blockchain and Auction Models: A Survey, Some Applications, and Challenges

    Get PDF
    In recent years, blockchain has gained widespread attention as an emerging technology for decentralization, transparency, and immutability in advancing online activities over public networks. As an essential market process, auctions have been well studied and applied in many business fields due to their efficiency and contributions to fair trade. Complementary features between blockchain and auction models trigger a great potential for research and innovation. On the one hand, the decentralized nature of blockchain can provide a trustworthy, secure, and cost-effective mechanism to manage the auction process; on the other hand, auction models can be utilized to design incentive and consensus protocols in blockchain architectures. These opportunities have attracted enormous research and innovation activities in both academia and industry; however, there is a lack of an in-depth review of existing solutions and achievements. In this paper, we conduct a comprehensive state-of-the-art survey of these two research topics. We review the existing solutions for integrating blockchain and auction models, with some application-oriented taxonomies generated. Additionally, we highlight some open research challenges and future directions towards integrated blockchain-auction models

    Automated Verification of Exam, Cash, aa Reputation, and Routing Protocols

    Get PDF
    Security is a crucial requirement in the applications based on information and communication technology, especially when an open network such as the Internet is used.To ensure security in such applications cryptographic protocols have been used.However, the design of security protocols is notoriously difficult and error-prone.Several flaws have been found on protocols that are claimed secure.Hence, cryptographic protocols must be verified before they are used.One approach to verify cryptographic protocols is the use of formal methods, which have achieved many results in recent years.Formal methods concern on analysis of protocol specifications modeled using, e.g., dedicated logics, or process algebras.Formal methods can find flaws or prove that a protocol is secure under ``perfect cryptographic assumption" with respect to given security properties. However, they abstract away from implementation errors and side-channel attacks.In order to detect such errors and attacks runtime verification can be used to analyze systems or protocols executions.Moreover, runtime verification can help in the cases where formal procedures have exponential time or suffer from termination problems.In this thesis we contribute to cryptographic protocols verification with an emphasis on formal verification and automation.Firstly, we study exam protocols. We propose formal definitions for several authentication and privacy propertiesin the Applied Pi-Calculus. We also provide an abstract definitions of verifiability properties.We analyze all these properties automatically using ProVerif on multiple case studies, and identify several flaws.Moreover, we propose several monitors to check exam requirements at runtime. These monitors are validated by analyzing a real exam executions using MARQ Java based tool.Secondly, we propose a formal framework to verify the security properties of non-transferable electronic cash protocols.We define client privacy and forgery related properties.Again, we illustrate our model by analyzing three case studies using ProVerif, and confirm several known attacks.Thirdly, we propose formal definitions of authentication, privacy, and verifiability properties of electronic reputation protocols. We discuss the proposed definitions, with the help of ProVerif, on a simple reputation protocol.Finally, we obtain a reduction result to verify route validity of ad-hoc routing protocols in presence of multiple independent attackers that do not share their knowledge.La sĂ©curitĂ© est une exigence cruciale dans les applications basĂ©es sur l'information et la technologie de communication, surtout quand un rĂ©seau ouvert tel que l'Internet est utilisĂ©. Pour assurer la sĂ©curitĂ© dans ces applications des protocoles cryptographiques ont Ă©tĂ© dĂ©veloppĂ©. Cependant, la conception de protocoles de sĂ©curitĂ© est notoirement difficile et source d'erreurs. Plusieurs failles ont Ă©tĂ© trouvĂ©es sur des protocoles qui se sont prĂ©tendus sĂ©curisĂ©s. Par consĂ©quent, les protocoles cryptographiques doivent ĂȘtre vĂ©rifiĂ©s avant d'ĂȘtre utilisĂ©s. Une approche pour vĂ©rifier les protocoles cryptographiques est l'utilisation des mĂ©thodes formelles, qui ont obtenu de nombreux rĂ©sultats au cours des derniĂšres annĂ©es.MĂ©thodes formelles portent sur l'analyse des spĂ©cifications des protocoles modĂ©lisĂ©es en utilisant, par exemple, les logiques dĂ©diĂ©s, ou algĂšbres de processus. Les mĂ©thodes formelles peuvent trouver des failles ou permettent de prouver qu'un protocole est sĂ©curisĂ© sous certaines hypothĂšses par rapport aux propriĂ©tĂ©s de sĂ©curitĂ© donnĂ©es. Toutefois, elles abstraient des erreurs de mise en ouvre et les attaques side-channel.Afin de dĂ©tecter ces erreurs et la vĂ©rification des attaques d'exĂ©cution peut ĂȘtre utilisĂ©e pour analyser les systĂšmes ou protocoles exĂ©cutions. En outre, la vĂ©rification de l'exĂ©cution peut aider dans les cas oĂč les procĂ©dures formelles mettent un temps exponentielle ou souffrent de problĂšmes de terminaison. Dans cette thĂšse, nous contribuons Ă  la vĂ©rification des protocoles cryptographiques avec un accent sur la vĂ©rification formelle et l'automatisation. Tout d'abord, nous Ă©tudions les protocoles d'examen. Nous proposons des dĂ©finitions formelles pour plusieurs propriĂ©tĂ©s d'authentification et de confidentialitĂ© dans le Pi-calcul AppliquĂ©.Nous fournissons Ă©galement une des dĂ©finitions abstraites de propriĂ©tĂ©s de vĂ©rifiabilitĂ©. Nous analysons toutes ces propriĂ©tĂ©s en utilisant automatiquement ProVerif sur plusieurs Ă©tudes de cas, et avons identifiĂ© plusieurs failles. En outre, nous proposons plusieurs moniteurs de vĂ©rifier les exigences d'examen Ă  l'exĂ©cution. Ces moniteurs sont validĂ©s par l'analyse d'un exĂ©cutions d'examen rĂ©el en utilisant l'outil MARQ Java.DeuxiĂšmement, nous proposons un cadre formel pour vĂ©rifier les propriĂ©tĂ©s de sĂ©curitĂ© de protocoles de monnaie Ă©lectronique non transfĂ©rable. Nous dĂ©finissons la notion de vie privĂ©e du client et les propriĂ©tĂ©s de la falsification. Encore une fois, nous illustrons notre modĂšle en analysant trois Ă©tudes de cas Ă  l'aide ProVerif, et confirmons plusieurs attaques connues.TroisiĂšmement, nous proposons des dĂ©finitions formelles de l'authentification, la confidentialitĂ© et les propriĂ©tĂ©s de vĂ©rifiabilitĂ© de protocoles de rĂ©putation Ă©lectroniques. Nous discutons les dĂ©finitions proposĂ©es, avec l'aide de ProVerif, sur un protocole de rĂ©putation simple. Enfin, nous obtenons un rĂ©sultat sur la rĂ©duction de la vĂ©rification de la validitĂ© d'une route dans les protocoles de routage ad-hoc, en prĂ©sence de plusieurs attaquants indĂ©pendants qui ne partagent pas leurs connaissances

    A privacy-preserving approach to grid balancing using scheduled electric vehicle charging

    Get PDF
    The introduction of renewable energy generation (e.g. solar and wind) in the energy distribution infrastructure makes balancing the total energy load and production in the grid more challenging due to the weather-dependent nature of these energy sources. One approach to mitigate the issue is to use weather forecasts to predict the production and then offer incentives to electric vehicle users (EVUs) to charge their vehicles during the times of energy surplus. However, doing this without leaking sensitive information about the EVUs location and identity presents challenges to the system design. This thesis proposes a privacy-preserving architecture that allows the grid operator to offer incentives for contributing to the grid stability, and to reliably and automatically quantify the extent of each contribution while still maintaining the privacy of the EVUs. Furthermore, the architecture enables decentralised privacy-preserving dispute resolution without leaking any personally identifiable information (PII). The architecture fulfils the goal by utilising self-sovereign identity technologies, such as decentralised identifiers (DIDs), and privacy-preserving digital credentials solutions, such as verifiable credentials (VCs). They allow the solution to utilise ephemeral identifiers and to compartmentalise the information into three different knowledge domains to ensure that only the minimum amount of information needed crosses any domain border. An analysis of the solution indicates that the architecture ensures relatively strong privacy guarantees to the EVUs and solves the grid balancing problem while reducing the number of assumptions to the minimum. This makes the architecture applicable to a wide set of use cases in the EV charging field. Future work includes a detailed performance analysis of a proof-of-concept (PoC), although the information available from related research already indicates relatively low latency and a good level of deployability even on resource-constrained Internet-of-things (IoT) devices

    Blockchain-Coordinated Frameworks for Scalable and Secure Supply Chain Networks

    Full text link
    Supply chains have progressed through time from being limited to a few regional traders to becoming complicated business networks. As a result, supply chain management systems now rely significantly on the digital revolution for the privacy and security of data. Due to key qualities of blockchain, such as transparency, immutability and decentralization, it has recently gained a lot of interest as a way to solve security, privacy and scalability problems in supply chains. However conventional blockchains are not appropriate for supply chain ecosystems because they are computationally costly, have a limited potential to scale and fail to provide trust. Consequently, due to limitations with a lack of trust and coordination, supply chains tend to fail to foster trust among the network’s participants. Assuring data privacy in a supply chain ecosystem is another challenge. If information is being shared with a large number of participants without establishing data privacy, access control risks arise in the network. Protecting data privacy is a concern when sending corporate data, including locations, manufacturing supplies and demand information. The third challenge in supply chain management is scalability, which continues to be a significant barrier to adoption. As the amount of transactions in a supply chain tends to increase along with the number of nodes in a network. So scalability is essential for blockchain adoption in supply chain networks. This thesis seeks to address the challenges of privacy, scalability and trust by providing frameworks for how to effectively combine blockchains with supply chains. This thesis makes four novel contributions. It first develops a blockchain-based framework with Attribute-Based Access Control (ABAC) model to assure data privacy by adopting a distributed framework to enable fine grained, dynamic access control management for supply chain management. To solve the data privacy challenge, AccessChain is developed. This proposed AccessChain model has two types of ledgers in the system: local and global. Local ledgers are used to store business contracts between stakeholders and the ABAC model management, whereas the global ledger is used to record transaction data. AccessChain can enable decentralized, fine-grained and dynamic access control management in SCM when combined with the ABAC model and blockchain technology (BCT). The framework enables a systematic approach that advantages the supply chain, and the experiments yield convincing results. Furthermore, the results of performance monitoring shows that AccessChain’s response time with four local ledgers is acceptable, and therefore it provides significantly greater scalability. Next, a framework for reducing the bullwhip effect (BWE) in SCM is proposed. The framework also focuses on combining data visibility with trust. BWE is first observed in SC and then a blockchain architecture design is used to minimize it. Full sharing of demand data has been shown to help improve the robustness of overall performance in a multiechelon SC environment, especially for BWE mitigation and cumulative cost reduction. It is observed that when it comes to providing access to data, information sharing using a blockchain has some obvious benefits in a supply chain. Furthermore, when data sharing is distributed, parties in the supply chain will have fair access to other parties’ data, even though they are farther downstream. Sharing customer demand is important in a supply chain to enhance decision-making, reduce costs and promote the final end product. This work also explores the ability of BCT as a solution in a distributed ledger approach to create a trust-enhanced environment where trust is established so that stakeholders can share their information effectively. To provide visibility and coordination along with a blockchain consensus process, a new consensus algorithm, namely Reputation-based proof-of cooperation (RPoC), is proposed for blockchain-based SCM, which does not involve validators to solve any mathematical puzzle before storing a new block. The RPoC algorithm is an efficient and scalable consensus algorithm that selects the consensus node dynamically and permits a large number of nodes to participate in the consensus process. The algorithm decreases the workload on individual nodes while increasing consensus performance by allocating the transaction verification process to specific nodes. Through extensive theoretical analyses and experimentation, the suitability of the proposed algorithm is well grounded in terms of scalability and efficiency. The thesis concludes with a blockchain-enabled framework that addresses the issue of preserving privacy and security for an open-bid auction system. This work implements a bid management system in a private BC environment to provide a secure bidding scheme. The novelty of this framework derives from an enhanced approach for integrating BC structures by replacing the original chain structure with a tree structure. Throughout the online world, user privacy is a primary concern, because the electronic environment enables the collection of personal data. Hence a suitable cryptographic protocol for an open-bid auction atop BC is proposed. Here the primary aim is to achieve security and privacy with greater efficiency, which largely depends on the effectiveness of the encryption algorithms used by BC. Essentially this work considers Elliptic Curve Cryptography (ECC) and a dynamic cryptographic accumulator encryption algorithm to enhance security between auctioneer and bidder. The proposed e-bidding scheme and the findings from this study should foster the further growth of BC strategies

    IEEE Access Special Section Editorial: Security and Privacy in Emerging Decentralized Communication Environments

    Full text link

    A Taxonomy for and Analysis of Anonymous Communications Networks

    Get PDF
    Any entity operating in cyberspace is susceptible to debilitating attacks. With cyber attacks intended to gather intelligence and disrupt communications rapidly replacing the threat of conventional and nuclear attacks, a new age of warfare is at hand. In 2003, the United States acknowledged that the speed and anonymity of cyber attacks makes distinguishing among the actions of terrorists, criminals, and nation states difficult. Even President Obama’s Cybersecurity Chief-elect recognizes the challenge of increasingly sophisticated cyber attacks. Now through April 2009, the White House is reviewing federal cyber initiatives to protect US citizen privacy rights. Indeed, the rising quantity and ubiquity of new surveillance technologies in cyberspace enables instant, undetectable, and unsolicited information collection about entities. Hence, anonymity and privacy are becoming increasingly important issues. Anonymization enables entities to protect their data and systems from a diverse set of cyber attacks and preserves privacy. This research provides a systematic analysis of anonymity degradation, preservation and elimination in cyberspace to enhance the security of information assets. This includes discovery/obfuscation of identities and actions of/from potential adversaries. First, novel taxonomies are developed for classifying and comparing well-established anonymous networking protocols. These expand the classical definition of anonymity and capture the peer-to-peer and mobile ad hoc anonymous protocol family relationships. Second, a unique synthesis of state-of-the-art anonymity metrics is provided. This significantly aids an entity’s ability to reliably measure changing anonymity levels; thereby, increasing their ability to defend against cyber attacks. Finally, a novel epistemic-based mathematical model is created to characterize how an adversary reasons with knowledge to degrade anonymity. This offers multiple anonymity property representations and well-defined logical proofs to ensure the accuracy and correctness of current and future anonymous network protocol design

    SIZE AND HETEROGENEITY MATTER. A MICROSTRUCTURE-BASED ANALYSIS OF REGULATION OF SECONDARY MARKETS FOR GOVERNMENT BONDS.

    Get PDF
    This paper deals with the economics of secondary markets for government bonds. Ultimately, the analysis is shaped by a public policy goal: assessing the elements of a regulatory framework for these markets. In that regard, the decisive role of market structure leads to a critical review of microstructure conclusions relevant specifically for government debt markets. It is argued that the nature of information asymmetries and matching costs in government debt markets determines a bias towards a fragmented microstructure at odds both with exchange-like arrangements and with ordinary regulatory approaches. Hence, a generic conclusion highlights the risks of blindly transposing regulatory principles from the equity markets area without due regard to the specifics of the bond market. As a specific application of this idea, the paper critically reviews electronic trading platforms that emulate exchange-like order execution solutions. More specifically, the paper opposes the hybrid microstructure (pure limit order book plus affirmative quoting obligation) faced by European primary dealers and the arbitrage-based approach to market-making found in US inter-dealer markets. The Citigroup disruptive trade in August 2004 is analyzed from this perspective. Government bond regulation is argued to necessarily depart from ordinary approaches also because it captures the diverse interests of various governmental agencies. As an application of this principle, the paper discusses repo and short-selling regulation in government bond markets. The atypical market structure and the multi- agency endeavour around government bond markets raise the chances of regulatory failures. Nevertheless, it is argued that a reliance on competition, integrative infrastructure and basic systemic protections as over-arching principles for regulation is consistent with recommendations from relevant economic theory. Finally, political economy issues arising in implementation of transparency, disclosure or retail investor protection will be addressed in the context of selected country cases.government bonds, microstructure, regulation
    • 

    corecore