A survey paper on blockchain and its implementation to reduce security risks in various domains

Every technology with its powerful uses has issues connected to it and security is at the top of it. As for the changing environment, the world has been shifting to Virtual Reality, the new coming world seems to be the internet and blockchain technology which is more powerful than others and has its applications in every field, be it quantum computing, internet of things, security or others. This survey paper covers the blockchain and its security in different fields of sciences and technology. We begin with the introduction of blockchain and then discuss its structure. After that security issues have been highlighted which include attacks and their behavior in quantum computing, internet of things, cloud computing. Furthermore, we have discussed the most common types of attacks and the SRM model of blockchain followed by the conclusion

Viiteraamistik turvariskide haldamiseks plokiahela abil

Turvalise tarkvara loomiseks on olemas erinevad programmid (nt OWASP), ohumudelid (nt STRIDE), turvariskide juhtimise mudelid (nt ISSRM) ja eeskirjad (nt GDPR). Turvaohud aga arenevad pidevalt, sest traditsiooniline tehnoloogiline infrastruktuur ei rakenda turvameetmeid kavandatult. Blockchain näib leevendavat traditsiooniliste rakenduste turvaohte. Kuigi plokiahelapõhiseid rakendusi peetakse vähem haavatavateks, ei saanud need erinevate turvaohtude eest kaitsmise hõbekuuliks. Lisaks areneb plokiahela domeen pidevalt, pakkudes uusi tehnikaid ja sageli vahetatavaid disainikontseptsioone, mille tulemuseks on kontseptuaalne ebaselgus ja segadus turvaohtude tõhusal käsitlemisel. Üldiselt käsitleme traditsiooniliste rakenduste TJ-e probleemi, kasutades vastumeetmena plokiahelat ja plokiahelapõhiste rakenduste TJ-t. Alustuseks uurime, kuidas plokiahel leevendab traditsiooniliste rakenduste turvaohte, ja tulemuseks on plokiahelapõhine võrdlusmudel (PV), mis järgib TJ-e domeenimudelit. Järgmisena esitleme PV-it kontseptualiseerimisega alusontoloogiana kõrgema taseme võrdlusontoloogiat (ULRO). Pakume ULRO kahte eksemplari. Esimene eksemplar sisaldab Cordat, kui lubatud plokiahelat ja finantsjuhtumit. Teine eksemplar sisaldab lubadeta plokiahelate komponente ja tervishoiu juhtumit. Mõlemad ontoloogiaesitlused aitavad traditsiooniliste ja plokiahelapõhiste rakenduste TJ-es. Lisaks koostasime veebipõhise ontoloogia parsimise tööriista OwlParser. Kaastööde tulemusel loodi ontoloogiapõhine turberaamistik turvariskide haldamiseks plokiahela abil. Raamistik on dünaamiline, toetab TJ-e iteratiivset protsessi ja potentsiaalselt vähendab traditsiooniliste ja plokiahelapõhiste rakenduste turbeohte.Various programs (e.g., OWASP), threat models (e.g., STRIDE), security risk management models (e.g., ISSRM), and regulations (e.g., GDPR) exist to communicate and reduce the security threats to build secure software. However, security threats continuously evolve because the traditional technology infrastructure does not implement security measures by design. Blockchain is appearing to mitigate traditional applications’ security threats. Although blockchain-based applications are considered less vulnerable, they did not become the silver bullet for securing against different security threats. Moreover, the blockchain domain is constantly evolving, providing new techniques and often interchangeable design concepts, resulting in conceptual ambiguity and confusion in treating security threats effectively. Overall, we address the problem of traditional applications’ SRM using blockchain as a countermeasure and the SRM of blockchain-based applications. We start by surveying how blockchain mitigates the security threats of traditional applications, and the outcome is a blockchain-based reference model (BbRM) that adheres to the SRM domain model. Next, we present an upper-level reference ontology (ULRO) as a foundation ontology and provide two instantiations of the ULRO. The first instantiation includes Corda as a permissioned blockchain and the financial case. The second instantiation includes the permissionless blockchain components and the healthcare case. Both ontology representations help in the SRM of traditional and blockchain-based applications. Furthermore, we built a web-based ontology parsing tool, OwlParser. Contributions resulted in an ontology-based security reference framework for managing security risks using blockchain. The framework is dynamic, supports the iterative process of SRM, and potentially lessens the security threats of traditional and blockchain-based applications.https://www.ester.ee/record=b551352

Security Threats Classification in Blockchains

Blockchain, the foundation of Bitcoin, has become one of the most popular technologies to create and manage digital transactions recently. It serves as an immutable ledger which allows transactions take place in a decentralized manner. This expeditiously evolving technology has the potential to lead to a shift in thinking about digital transactions in multiple sectors including, Internet of Things, healthcare, energy, supply chain, manufacturing, cybersecurity and principally financial services. However, this emerging technology is still in its infancy. Despite the huge opportunities blockchain offers, it suffers from challenges and limitation such as scalability, security, and privacy, compliance, and governance issues that have not yet been thoroughly explored and addressed. Although there are some studies on the security and privacy issues of the blockchain, they lack a systematic examination of the security of blockchain systems. This research conducted a systematic survey of the security threats to the blockchain systems and reviewed the existing vulnerabilities in the Blockchain. These vulnerabilities lead to the execution of the various security threats to the normal functionality of the Blockchain platforms. Moreover, the study provides a case-study for each attack by examining the popular blockchain systems and also reviews possible countermeasures which could be used in the development of various blockchain systems. Furthermore, this study developed taxonomies that classified the security threats and attacks based on the blockchain abstract layers, blockchain primary processes and primary business users. This would assist the developers and businesses to be attentive to the existing threats in different areas of the blockchain-based platforms and plan accordingly to mitigate risk. Finally, summarized the critical open challenges, and suggest future research directions

Cybersecurity challenges in blockchain technology : a scoping review

Blockchain technology (BCT) is an emerging technology. Cybersecurity challenges in BCT are being explored to add greater value to business processes and reshape business operations. This scoping review paper was aimed at exploring the current literature's scope and categorizing various types of cybersecurity challenges in BCT. Databases such as Elsevier, ResearchGate, IEEE, ScienceDirect, and ABI/INFORM Collection (ProQuest) were searched using a combination of terms, and after rigorous screening, 51 research studies were found relevant. Data coding was performed following a framework proposed for scoping review. After careful analysis, thirty different types of cybersecurity challenges in BCT were categorized into six standardized classes. Our results show that most of the studies disclose cybersecurity challenges in BCT generally without pointing to any specific industry sector, and to a very little extent, few papers reveal cybersecurity challenges in BCT related to specific industry sectors. Also, prior studies barely investigated the strategies to minimize cybersecurity challenges in BCT. Based on gap identification, future research avenues were proposed for scholars

Detecting Sybil Attack in Blockchain and Preventing through Universal Unique Identifier in Health Care Sector for privacy preservation

Health care data requires data secrecy, confidentiality, and distribution through public networks. Blockchain is the latest and most secure framework through which health care data can be transferred on the public network. Blockchain has gained attention in recent year’s due to its decentralized, distributed, and immutable ledger framework. However, Blockchain is also susceptible to many attacks in the permission less network, one such attack is known as Sybil attack, where several malicious nodes are created by the single node and gain multiple undue advantages over the network. In this research work, the Blockchain network is created using the smart contract method which gets hampered due to Sybil attack. Thus, a novel method is proposed to prevent Sybil attack in the network for privacy preservation. Universal Unique Identifier code is used for identification and prevention of the Sybil attack in the self-created networks. Results depict that proposed method correctly identifies the chances of attack and the prevention from the attack. The approach has been evaluated on performance metrics namely, true positive rate and accuracy which were attained as 87.5 % and 91% respectively, in the small network. This demonstrates that the proposed work attains improved results as compared to other latest available methods

Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments

Decentralized systems are a subset of distributed systems where multiple authorities control different components and no authority is fully trusted by all. This implies that any component in a decentralized system is potentially adversarial. We revise fifteen years of research on decentralization and privacy, and provide an overview of key systems, as well as key insights for designers of future systems. We show that decentralized designs can enhance privacy, integrity, and availability but also require careful trade-offs in terms of system complexity, properties provided, and degree of decentralization. These trade-offs need to be understood and navigated by designers. We argue that a combination of insights from cryptography, distributed systems, and mechanism design, aligned with the development of adequate incentives, are necessary to build scalable and successful privacy-preserving decentralized systems