How Hard is Takeover in DPoS Blockchains? Understanding the Security of Coin-based Voting Governance

Delegated-Proof-of-Stake (DPoS) blockchains, such as EOSIO, Steem and TRON, are governed by a committee of block producers elected via a coin-based voting system. We recently witnessed the first de facto blockchain takeover that happened between Steem and TRON. Within one hour of this incident, TRON founder took over the entire Steem committee, forcing the original Steem community to leave the blockchain that they maintained for years. This is a historical event in the evolution of blockchains and Web 3.0. Despite its significant disruptive impact, little is known about how vulnerable DPoS blockchains are in general to takeovers and the ways in which we can improve their resistance to takeovers. In this paper, we demonstrate that the resistance of a DPoS blockchain to takeovers is governed by both the theoretical design and the actual use of its underlying coin-based voting governance system. When voters actively cooperate to resist potential takeovers, our theoretical analysis reveals that the current active resistance of DPoS blockchains is far below the theoretical upper bound. However in practice, voter preferences could be significantly different. This paper presents the first large-scale empirical study of the passive takeover resistance of EOSIO, Steem and TRON. Our study identifies the diversity in voter preferences and characterizes the impact of this diversity on takeover resistance. Through both theoretical and empirical analyses, our study provides novel insights into the security of coin-based voting governance and suggests potential ways to improve the takeover resistance of any blockchain that implements this governance model.Comment: This work has been accepted by ACM CCS 202

Security Threats Classification in Blockchains

Blockchain, the foundation of Bitcoin, has become one of the most popular technologies to create and manage digital transactions recently. It serves as an immutable ledger which allows transactions take place in a decentralized manner. This expeditiously evolving technology has the potential to lead to a shift in thinking about digital transactions in multiple sectors including, Internet of Things, healthcare, energy, supply chain, manufacturing, cybersecurity and principally financial services. However, this emerging technology is still in its infancy. Despite the huge opportunities blockchain offers, it suffers from challenges and limitation such as scalability, security, and privacy, compliance, and governance issues that have not yet been thoroughly explored and addressed. Although there are some studies on the security and privacy issues of the blockchain, they lack a systematic examination of the security of blockchain systems. This research conducted a systematic survey of the security threats to the blockchain systems and reviewed the existing vulnerabilities in the Blockchain. These vulnerabilities lead to the execution of the various security threats to the normal functionality of the Blockchain platforms. Moreover, the study provides a case-study for each attack by examining the popular blockchain systems and also reviews possible countermeasures which could be used in the development of various blockchain systems. Furthermore, this study developed taxonomies that classified the security threats and attacks based on the blockchain abstract layers, blockchain primary processes and primary business users. This would assist the developers and businesses to be attentive to the existing threats in different areas of the blockchain-based platforms and plan accordingly to mitigate risk. Finally, summarized the critical open challenges, and suggest future research directions

Performance Analysis of Reputation based Proof of Credibility Consensus Mechanism for Blockchain based Applications

Blockchain is a decentralized transaction and data management technology first developed for the Bitcoin cryptocurrency. Blockchain technology is gaining popularity due to its core attributes which provides security, anonymity and data integrity without any involvement of third party. Consensus mechanism is a procedure by which all peers in the blockchain network agrees to a common agreement on the current state of the distributed ledger. It plays vital role in increasing efficiency of any blockchain environment. Though we have many consensus mechanisms working currently in different areas but they still lack in parameters like status of validators, latency, node failure etc. In Our proposed algorithm Proof of credibility, we have tried to incorporate all above factors in it. We have also implemented two or more factors of proposed algorithm and have evaluated and compared with existing consensus algorithm. In future research we aim to implement RPoC in any blockchain network and then we will evaluate it in terms of different evaluation parameters such as performance, security, scalability

Nik Defense: An Artificial Intelligence Based Defense Mechanism against Selfish Mining in Bitcoin

The Bitcoin cryptocurrency has received much attention recently. In the network of Bitcoin, transactions are recorded in a ledger. In this network, the process of recording transactions depends on some nodes called miners that execute a protocol known as mining protocol. One of the significant aspects of mining protocol is incentive compatibility. However, literature has shown that Bitcoin mining's protocol is not incentive-compatible. Some nodes with high computational power can obtain more revenue than their fair share by adopting a type of attack called the selfish mining attack. In this paper, we propose an artificial intelligence-based defense against selfish mining attacks by applying the theory of learning automata. The proposed defense mechanism ignores private blocks by assigning weight based on block discovery time and changes current Bitcoin's fork resolving policy by evaluating branches' height difference in a self-adaptive manner utilizing learning automata. To the best of our knowledge, the proposed protocol is the literature's first learning-based defense mechanism. Simulation results have shown the superiority of the proposed mechanism against tie-breaking mechanism, which is a well-known defense. The simulation results have shown that the suggested defense mechanism increases the profit threshold up to 40\% and decreases the revenue of selfish attackers.Comment: Paper is submitted to Journal of IEEE Transactions on Dependable and Secure Computin

SECURITY RESEARCH FOR BLOCKCHAIN IN SMART GRID

Smart grid is a power supply system that uses digital communication technology to detect and react to local changes for power demand. Modern and future power supply system requires a distributed system for effective communication and management. Blockchain, a distributed technology, has been applied in many fields, e.g., cryptocurrency exchange, secure sharing of medical data, and personal identity security. Much research has been done on the application of blockchain to smart grid. While blockchain has many advantages, such as security and no interference from third parties, it also has inherent disadvantages, such as untrusted network environment, lacking data source privacy, and low network throughput.In this research, three systems are designed to tackle some of these problems in blockchain technology. In the first study, Information-Centric Blockchain Model, we focus on data privacy. In this model, the transactions created by nodes in the network are categorized into separate groups, such as billing transactions, power generation transactions, etc. In this model, all transactions are first encrypted by the corresponding pairs of asymmetric keys, which guarantees that only the intended receivers can see the data so that data confidentiality is preserved. Secondly, all transactions are sent on behalf of their groups, which hides the data sources to preserve the privacy. Our preliminary implementation verified the feasibility of the model, and our analysis demonstrates its effectiveness in securing data source privacy, increasing network throughput, and reducing storage usage. In the second study, we focus on increasing the network’s trustworthiness in an untrusted network environment. A reputation system is designed to evaluate all node’s behaviors. The reputation of a node is evaluated on its computing power, online time, defense ability, function, and service quality. The performance of a node will affect its reputation scores, and a node’s reputation scores will be used to assess its qualification, privileges, and job assignments. Our design is a relatively thorough, self-operated, and closed-loop system. Continuing evaluation of all node’s abilities and behaviors guarantees that only nodes with good scores are qualified to handle certain tasks. Thus, the reputation system helps enhance network security by preventing both internal and external attacks. Preliminary implementation and security analysis showed that the reputation model is feasible and enhances blockchain system’s security. In the third research, a countermeasure was designed for double spending. Double spending is one of the two most concerned security attacks in blockchain. In this study, one of the most reputable nodes was selected as detection node, which keeps checking for conflict transactions in two consecutive blocks. Upon a problematic transaction was discovered, two punishment transactions were created to punish the current attack behavior and to prevent it to happen in future. The experiment shows our design can detect the double spending effectively while using much less detection time and resources