On Cyber Risk Management of Blockchain Networks: A Game Theoretic Approach

Open-access blockchains based on proof-of-work protocols have gained tremendous popularity for their capabilities of providing decentralized tamper-proof ledgers and platforms for data-driven autonomous organization. Nevertheless, the proof-of-work based consensus protocols are vulnerable to cyber-attacks such as double-spending. In this paper, we propose a novel approach of cyber risk management for blockchain-based service. In particular, we adopt the cyber-insurance as an economic tool for neutralizing cyber risks due to attacks in blockchain networks. We consider a blockchain service market, which is composed of the infrastructure provider, the blockchain provider, the cyber-insurer, and the users. The blockchain provider purchases from the infrastructure provider, e.g., a cloud, the computing resources to maintain the blockchain consensus, and then offers blockchain services to the users. The blockchain provider strategizes its investment in the infrastructure and the service price charged to the users, in order to improve the security of the blockchain and thus optimize its profit. Meanwhile, the blockchain provider also purchases a cyber-insurance from the cyber-insurer to protect itself from the potential damage due to the attacks. In return, the cyber-insurer adjusts the insurance premium according to the perceived risk level of the blockchain service. Based on the assumption of rationality for the market entities, we model the interaction among the blockchain provider, the users, and the cyber-insurer as a two-level Stackelberg game. Namely, the blockchain provider and the cyber-insurer lead to set their pricing/investment strategies, and then the users follow to determine their demand of the blockchain service. Specifically, we consider the scenario of double-spending attacks and provide a series of analytical results about the Stackelberg equilibrium in the market game

Security Threats Classification in Blockchains

Blockchain, the foundation of Bitcoin, has become one of the most popular technologies to create and manage digital transactions recently. It serves as an immutable ledger which allows transactions take place in a decentralized manner. This expeditiously evolving technology has the potential to lead to a shift in thinking about digital transactions in multiple sectors including, Internet of Things, healthcare, energy, supply chain, manufacturing, cybersecurity and principally financial services. However, this emerging technology is still in its infancy. Despite the huge opportunities blockchain offers, it suffers from challenges and limitation such as scalability, security, and privacy, compliance, and governance issues that have not yet been thoroughly explored and addressed. Although there are some studies on the security and privacy issues of the blockchain, they lack a systematic examination of the security of blockchain systems. This research conducted a systematic survey of the security threats to the blockchain systems and reviewed the existing vulnerabilities in the Blockchain. These vulnerabilities lead to the execution of the various security threats to the normal functionality of the Blockchain platforms. Moreover, the study provides a case-study for each attack by examining the popular blockchain systems and also reviews possible countermeasures which could be used in the development of various blockchain systems. Furthermore, this study developed taxonomies that classified the security threats and attacks based on the blockchain abstract layers, blockchain primary processes and primary business users. This would assist the developers and businesses to be attentive to the existing threats in different areas of the blockchain-based platforms and plan accordingly to mitigate risk. Finally, summarized the critical open challenges, and suggest future research directions

Fake news: a technological approach to proving the origins of content, using blockchains

In this paper, we introduce a prototype of an innovative technology for proving the origins of captured digital media. In an era of fake news, when someone shows us a video or picture of some event, how can we trust its authenticity? It seems the public no longer believe that traditional media is a reliable reference of fact, perhaps due, in part, to the onset of many diverse sources of conflicting information, via social media. Indeed, the issue of ‘fake’ reached a crescendo during the 2016 US Presidential Election, when the winner, Donald Trump, claimed that the New York Times was trying to discredit him by pushing disinformation. Current research into overcoming the problem of fake news does not focus on establishing the ownership of media resources used in such stories - the blockchain-based application introduced in this article is technology that is capable of indicating the authenticity of digital media. Put simply; by using the trust mechanisms of blockchain technology, the tool can show, beyond doubt, the provenance of any source of digital media, including images used out of context in attempts to mislead. Although the application is an early prototype and its capability to find fake resources is Peer Review Only/Not for Distributionsomewhat limited, we outline future improvements that would overcome such limitations. Furthermore, we believe our application (and its use of blockchain technology and standardised metadata), introduces a novel approach to overcoming falsities in news reporting and the provenance of media resources used therein. However, while our application has the potential to be able to verify the originality of media resources, we believe technology is only capable of providing a partial solution to fake news. That is because it is incapable of proving the authenticity of a news story as a whole. We believe that takes human skills

SECURITY RESEARCH FOR BLOCKCHAIN IN SMART GRID

Smart grid is a power supply system that uses digital communication technology to detect and react to local changes for power demand. Modern and future power supply system requires a distributed system for effective communication and management. Blockchain, a distributed technology, has been applied in many fields, e.g., cryptocurrency exchange, secure sharing of medical data, and personal identity security. Much research has been done on the application of blockchain to smart grid. While blockchain has many advantages, such as security and no interference from third parties, it also has inherent disadvantages, such as untrusted network environment, lacking data source privacy, and low network throughput.In this research, three systems are designed to tackle some of these problems in blockchain technology. In the first study, Information-Centric Blockchain Model, we focus on data privacy. In this model, the transactions created by nodes in the network are categorized into separate groups, such as billing transactions, power generation transactions, etc. In this model, all transactions are first encrypted by the corresponding pairs of asymmetric keys, which guarantees that only the intended receivers can see the data so that data confidentiality is preserved. Secondly, all transactions are sent on behalf of their groups, which hides the data sources to preserve the privacy. Our preliminary implementation verified the feasibility of the model, and our analysis demonstrates its effectiveness in securing data source privacy, increasing network throughput, and reducing storage usage. In the second study, we focus on increasing the network’s trustworthiness in an untrusted network environment. A reputation system is designed to evaluate all node’s behaviors. The reputation of a node is evaluated on its computing power, online time, defense ability, function, and service quality. The performance of a node will affect its reputation scores, and a node’s reputation scores will be used to assess its qualification, privileges, and job assignments. Our design is a relatively thorough, self-operated, and closed-loop system. Continuing evaluation of all node’s abilities and behaviors guarantees that only nodes with good scores are qualified to handle certain tasks. Thus, the reputation system helps enhance network security by preventing both internal and external attacks. Preliminary implementation and security analysis showed that the reputation model is feasible and enhances blockchain system’s security. In the third research, a countermeasure was designed for double spending. Double spending is one of the two most concerned security attacks in blockchain. In this study, one of the most reputable nodes was selected as detection node, which keeps checking for conflict transactions in two consecutive blocks. Upon a problematic transaction was discovered, two punishment transactions were created to punish the current attack behavior and to prevent it to happen in future. The experiment shows our design can detect the double spending effectively while using much less detection time and resources

How Hard is Takeover in DPoS Blockchains? Understanding the Security of Coin-based Voting Governance

Delegated-Proof-of-Stake (DPoS) blockchains, such as EOSIO, Steem and TRON, are governed by a committee of block producers elected via a coin-based voting system. We recently witnessed the first de facto blockchain takeover that happened between Steem and TRON. Within one hour of this incident, TRON founder took over the entire Steem committee, forcing the original Steem community to leave the blockchain that they maintained for years. This is a historical event in the evolution of blockchains and Web 3.0. Despite its significant disruptive impact, little is known about how vulnerable DPoS blockchains are in general to takeovers and the ways in which we can improve their resistance to takeovers. In this paper, we demonstrate that the resistance of a DPoS blockchain to takeovers is governed by both the theoretical design and the actual use of its underlying coin-based voting governance system. When voters actively cooperate to resist potential takeovers, our theoretical analysis reveals that the current active resistance of DPoS blockchains is far below the theoretical upper bound. However in practice, voter preferences could be significantly different. This paper presents the first large-scale empirical study of the passive takeover resistance of EOSIO, Steem and TRON. Our study identifies the diversity in voter preferences and characterizes the impact of this diversity on takeover resistance. Through both theoretical and empirical analyses, our study provides novel insights into the security of coin-based voting governance and suggests potential ways to improve the takeover resistance of any blockchain that implements this governance model.Comment: This work has been accepted by ACM CCS 202

Blockchain-based framework for secure and reliable land registry system

The land registry system is one of the very important department in any governance system that stores the records of land ownership. There are various issues and loopholes in the existing system that give rise to corruption and disputes. This requires a significant chunk of valuable government resources from judiciary and law enforcement agencies in settling these issues. Blockchain technology has the potential to counter these loopholes and sort out the issues related with land registry system like tempering of records, trading of the same piece of land to more than one buyer. In this paper, a secure and reliable framework for land registry system using Blockchain has been proposed. The proposed framework uses the concept of smart contract at various stages of the land registry and gives an algorithm for pre-agreement. First, we describe the conventional land registry system and reviews the issues in it. Then, we outline the potential benefits of employing Blockchain technology in the land registry system and presented a framework. Finally, a number of case studies are presented

Viiteraamistik turvariskide haldamiseks plokiahela abil

Turvalise tarkvara loomiseks on olemas erinevad programmid (nt OWASP), ohumudelid (nt STRIDE), turvariskide juhtimise mudelid (nt ISSRM) ja eeskirjad (nt GDPR). Turvaohud aga arenevad pidevalt, sest traditsiooniline tehnoloogiline infrastruktuur ei rakenda turvameetmeid kavandatult. Blockchain näib leevendavat traditsiooniliste rakenduste turvaohte. Kuigi plokiahelapõhiseid rakendusi peetakse vähem haavatavateks, ei saanud need erinevate turvaohtude eest kaitsmise hõbekuuliks. Lisaks areneb plokiahela domeen pidevalt, pakkudes uusi tehnikaid ja sageli vahetatavaid disainikontseptsioone, mille tulemuseks on kontseptuaalne ebaselgus ja segadus turvaohtude tõhusal käsitlemisel. Üldiselt käsitleme traditsiooniliste rakenduste TJ-e probleemi, kasutades vastumeetmena plokiahelat ja plokiahelapõhiste rakenduste TJ-t. Alustuseks uurime, kuidas plokiahel leevendab traditsiooniliste rakenduste turvaohte, ja tulemuseks on plokiahelapõhine võrdlusmudel (PV), mis järgib TJ-e domeenimudelit. Järgmisena esitleme PV-it kontseptualiseerimisega alusontoloogiana kõrgema taseme võrdlusontoloogiat (ULRO). Pakume ULRO kahte eksemplari. Esimene eksemplar sisaldab Cordat, kui lubatud plokiahelat ja finantsjuhtumit. Teine eksemplar sisaldab lubadeta plokiahelate komponente ja tervishoiu juhtumit. Mõlemad ontoloogiaesitlused aitavad traditsiooniliste ja plokiahelapõhiste rakenduste TJ-es. Lisaks koostasime veebipõhise ontoloogia parsimise tööriista OwlParser. Kaastööde tulemusel loodi ontoloogiapõhine turberaamistik turvariskide haldamiseks plokiahela abil. Raamistik on dünaamiline, toetab TJ-e iteratiivset protsessi ja potentsiaalselt vähendab traditsiooniliste ja plokiahelapõhiste rakenduste turbeohte.Various programs (e.g., OWASP), threat models (e.g., STRIDE), security risk management models (e.g., ISSRM), and regulations (e.g., GDPR) exist to communicate and reduce the security threats to build secure software. However, security threats continuously evolve because the traditional technology infrastructure does not implement security measures by design. Blockchain is appearing to mitigate traditional applications’ security threats. Although blockchain-based applications are considered less vulnerable, they did not become the silver bullet for securing against different security threats. Moreover, the blockchain domain is constantly evolving, providing new techniques and often interchangeable design concepts, resulting in conceptual ambiguity and confusion in treating security threats effectively. Overall, we address the problem of traditional applications’ SRM using blockchain as a countermeasure and the SRM of blockchain-based applications. We start by surveying how blockchain mitigates the security threats of traditional applications, and the outcome is a blockchain-based reference model (BbRM) that adheres to the SRM domain model. Next, we present an upper-level reference ontology (ULRO) as a foundation ontology and provide two instantiations of the ULRO. The first instantiation includes Corda as a permissioned blockchain and the financial case. The second instantiation includes the permissionless blockchain components and the healthcare case. Both ontology representations help in the SRM of traditional and blockchain-based applications. Furthermore, we built a web-based ontology parsing tool, OwlParser. Contributions resulted in an ontology-based security reference framework for managing security risks using blockchain. The framework is dynamic, supports the iterative process of SRM, and potentially lessens the security threats of traditional and blockchain-based applications.https://www.ester.ee/record=b551352