Blockchain Oracles

Plokiahelatehnoloogia on osutunud paljude tööstusharude potentsiaalseks lammutajaks ning on saanud eraldiseisvate üksuste jaoks turvalise ja detsentraliseeritud toimimise võimaldajaks. Sellest hoolimata ei ole plokiahelatehnoloogia iseenesest väliste andmeallikatega otseselt seotud. Vajalikke väliseid andmeid vahendatakse oraaklite abil. Selle magistritöö eesmärk on uurida seoseid plokiahela võrkude ja oraaklite vahel ning töötada välja raamistik, mis aitab plokiahela arendajaid ja otsuste langetajaid nende plokiahela projektides millestki juhinduda. Mõnedes olemasolevates oraakliprojektides on kirjeldatud sarnaseid püüdluseid, kuid seni pole nende autorid süstemaatiliste ülevaadeteni jõudnud. Lõputöös esitatud raamistik on välja töötatud olemasolevate oraaklitega seotud plokiahela projektide süstemaatilise kirjanduse ülevaate põhjal. See hõlmab selliseid komponente nagu oraaklite poolt kogutud informatsiooni tüübid, plokiahelavõrgud, millega nad suhtlevad, ning ka oraaklite ja andmeallika vahelise suhtluse krüptimine. Lisaks mängib plokiahela oraakli projektides olulist rolli ka oraaklite otsuste tegemine, mis kajastab teabe edastamist oraaklile, nende andmete kontrollimist ja meetodeid, kuidas oraakleid integreeritakse plokiahela võrkudega. Läbivaatamise tulemused näitavad, et plokiahela oraaklid on keerulised lahendused, mis hõlmavad paljusid komponente ja aspekte. Need võivad olla immateriaalsed või materiaalsed ning edastada andmeid vastavalt veebist või anduriseadmetest. Oraakleid saab kasutada igat tüüpi plokiahela võrkudes ja integreerida erinevates formaatides, sealhulgas nutikates lepinguliidestes, või otse teiste plokiahela-sõlmedega. Neid saab otsustusprotsessides tsentraliseerida või detsentraliseerida ja nad suudavad kasutada andmete õigsuse üle otsustamiseks mitmesuguseid olemasolevaid nõuandemehhanisme või usaldada lihtsalt välist andmepakkujat. Need uurimise tulemused aitavad plokiahela arendajatel demüstifitseerida oraaklite potentsiaalset kasutamist või rakendamist oma plokiahela projektides ning aitavad ületada lõhet plokiahela virtuaalse maailma ja väliste keskkondade vahel.Blockchain technology has emerged as a potential disruptor of multiple industries and became an enabler for separate entities to trans-act in a secure and decentralized manner. Nevertheless, the blockchain technology in itself does not directly interact with the external data sources. External data, that is needed, is transferred by means of oracles. The research goal of this thesis is to explore the relationship between blockchain networks and oracles and develop a framework to help guide blockchain developers and decision makers in their blockchain projects. Few of the existing oracle projects have described similar efforts in their papers, but no systematic review has been made by authors. The framework, presented in the thesis, is developed based on Systematic Literature Review of existing blockchain projects involving oracles. It includes components such as type of information oracles collect, blockchain networks with which they interact as well as encryption of communication between the oracles and the data source. Additionally, oracle decision making, which captures how the information is passed to the oracle, along with the verification of that data and methods of integration of oracles with blockchain networks, play an important role in blockchain oracle projects. The results of the review demonstrate that blockchain oracles are complex solutions involving multiple components and aspects. They can be intangible or tangible and transport data from web or sensor devices respectively. Oracles can be used in all types of blockchain networks and integrated in different formats including custom smart contract interfaces or directly with blockchain nodes. They can be centralized or decentralized in terms of decision making and utilize various existing consensus mechanisms to decide on correctness of the data or simply trust the external data provider. These findings will help the blockchain developers demystify the potential usage or implementation of oracles in their blockchain projects and help bridge the gap between the virtual world of blockchain and the external environments

A Survey of DeFi Security: Challenges and Opportunities

DeFi, or Decentralized Finance, is based on a distributed ledger called blockchain technology. Using blockchain, DeFi may customize the execution of predetermined operations between parties. The DeFi system use blockchain technology to execute user transactions, such as lending and exchanging. The total value locked in DeFi decreased from \$200 billion in April 2022 to \$80 billion in July 2022, indicating that security in this area remained problematic. In this paper, we address the deficiency in DeFi security studies. To our best knowledge, our paper is the first to make a systematic analysis of DeFi security. First, we summarize the DeFi-related vulnerabilities in each blockchain layer. Additionally, application-level vulnerabilities are also analyzed. Then we classify and analyze real-world DeFi attacks based on the principles that correlate to the vulnerabilities. In addition, we collect optimization strategies from the data, network, consensus, smart contract, and application layers. And then, we describe the weaknesses and technical approaches they address. On the basis of this comprehensive analysis, we summarize several challenges and possible future directions in DeFi to offer ideas for further research

Transparency of SIM profiles for the consumer remote SIM provisioning protocol

In mobile communication, User Equipment (UE) authenticates a subscriber to a Mobile Network Operator (MNO) using credentials from the MNO specified SIM profile that is securely stored inside the SIM card. Traditionally, a change in a subscriber's SIM profile, such as a change in a subscription, requires replacement of the physical SIM card. To address this shortcoming, the GSM Association (GSMA) has specified the consumer Remote SIM Provisioning (RSP) protocol. The protocol enables remote provisioning of SIM profiles from a server to SIM cards, also known as the embedded Universal Integrated Circuit Card (eUICC). In RSP, any GSMA-certified server is trusted by all eUICCs, and consequently any server can provision SIM profiles to all eUICCs, even those not originating from the MNO associated with the GSMA-certified RSP server. Consequently, an attacker, by compromising a server, can clone a genuine SIM profile and provision it to other eUICCs. To address this security problem, we present SIM Profile Transparency Protocol (SPTP) to detect malicious provisioning of SIM profiles. SPTP assures to the eUICC and the MNO that all SIM provisioning actions-both approved and unapproved-leave a permanent, non-repudiatable trail. We evaluate security guarantees provided by SPTP using a formal model, implement a prototype for SPTP, and evaluate the prototype against a set of practical requirements.Peer reviewe

DECO: Liberating Web Data Using Decentralized Oracles for TLS

Thanks to the widespread deployment of TLS, users can access private data over channels with end-to-end confidentiality and integrity. What they cannot do, however, is prove to third parties the {\em provenance} of such data, i.e., that it genuinely came from a particular website. Existing approaches either introduce undesirable trust assumptions or require server-side modifications. As a result, the value of users' private data is locked up in its point of origin. Users cannot export their data with preserved integrity to other applications without help and permission from the current data holder. We propose DECO (short for \underline{dec}entralized \underline{o}racle) to address the above problems. DECO allows users to prove that a piece of data accessed via TLS came from a particular website and optionally prove statements about such data in zero-knowledge, keeping the data itself secret. DECO is the first such system that works without trusted hardware or server-side modifications. DECO can liberate data from centralized web-service silos, making it accessible to a rich spectrum of applications. To demonstrate the power of DECO, we implement three applications that are hard to achieve without it: a private financial instrument using smart contracts, converting legacy credentials to anonymous credentials, and verifiable claims against price discrimination.Comment: This is the extended version of the CCS'20 pape