Security Threats Classification in Blockchains

Blockchain, the foundation of Bitcoin, has become one of the most popular technologies to create and manage digital transactions recently. It serves as an immutable ledger which allows transactions take place in a decentralized manner. This expeditiously evolving technology has the potential to lead to a shift in thinking about digital transactions in multiple sectors including, Internet of Things, healthcare, energy, supply chain, manufacturing, cybersecurity and principally financial services. However, this emerging technology is still in its infancy. Despite the huge opportunities blockchain offers, it suffers from challenges and limitation such as scalability, security, and privacy, compliance, and governance issues that have not yet been thoroughly explored and addressed. Although there are some studies on the security and privacy issues of the blockchain, they lack a systematic examination of the security of blockchain systems. This research conducted a systematic survey of the security threats to the blockchain systems and reviewed the existing vulnerabilities in the Blockchain. These vulnerabilities lead to the execution of the various security threats to the normal functionality of the Blockchain platforms. Moreover, the study provides a case-study for each attack by examining the popular blockchain systems and also reviews possible countermeasures which could be used in the development of various blockchain systems. Furthermore, this study developed taxonomies that classified the security threats and attacks based on the blockchain abstract layers, blockchain primary processes and primary business users. This would assist the developers and businesses to be attentive to the existing threats in different areas of the blockchain-based platforms and plan accordingly to mitigate risk. Finally, summarized the critical open challenges, and suggest future research directions

Authentication Techniques, Client-Side Voting Software, and Secure Platform Mechanisms

Electronic voting is still a hot topic. You can mainly distinguish between three types of electronic voting, namely direct recording electronic voting devices in polling stations, scan based electronic voting systems, and remote electronic voting. In this paper we focus on the last category and in particular we discuss three dimensions that are specific for remote Internet voting. These are voter identification and authentication techniques, client-side voting software used to cast the vote and secure platform mechanisms to overcome vulnerabilities of the client used by the voter to cast her vote. We describe and analyze different implementations of each of these in the context of remote Internet voting, and assess their performance based on usability, security, costs, and maintenance issues. We identify combinations that cannot be applied at the same time and make recommendations for the application of particular implementations for specific types of elections

Evolving Bitcoin Custody

The broad topic of this thesis is the design and analysis of Bitcoin custody systems. Both the technology and threat landscape are evolving constantly. Therefore, custody systems, defence strategies, and risk models should be adaptive too. We introduce Bitcoin custody by describing the different types, design principles, phases and functions of custody systems. We review the technology stack of these systems and focus on the fundamentals; key-management and privacy. We present a perspective we call the systems view. It is an attempt to capture the full complexity of a custody system, including technology, people, and processes. We review existing custody systems and standards. We explore Bitcoin covenants. This is a mechanism to enforce constraints on transaction sequences. Although previous work has proposed how to construct and apply Bitcoin covenants, these require modifying the consensus rules of Bitcoin, a notoriously difficult task. We introduce the first detailed exposition and security analysis of a deleted-key covenant protocol, which is compatible with current consensus rules. We demonstrate a range of security models for deleted-key covenants which seem practical, in particular, when applied in autonomous (user-controlled) custody systems. We conclude with a comparative analysis with previous proposals. Covenants are often proclaimed to be an important primitive for custody systems, but no complete design has been proposed to validate that claim. To address this, we propose an autonomous custody system called Ajolote which uses deleted-key covenants to enforce a vault sequence. We evaluate Ajolote with; a model of its state dynamics, a privacy analysis, and a risk model. We propose a threat model for custody systems which captures a realistic attacker for a system with offline devices and user-verification. We perform ceremony analysis to construct the risk model.Comment: PhD thesi

The Capital Commons: Digital Money and Citizens\u27 Finance in a Productive Commercial Republic

All societies must address two questions where the organization of productive activity is concerned. The first is whether production will be mainly publicly managed, privately managed, or \u27mixed.\u27 The second is whether the financing of production will be mainly publicly managed, privately managed, or mixed. In the American commercial republic, we seem more or less to have answered the \u27who does production\u27 question to our own satisfaction. From the founding era to the present, we have elected to leave production primarily, though not of course solely, \u27in private hands.\u27 Where the financing of production is concerned, on the other hand, we have been more ambivalent. For the past 160 years, our financial system has operated as a public-private franchise arrangement. At the core of our franchise lie the sovereign public (the \u27public\u27 of our \u27republic\u27) and its money-modulator – the issuer and manager of its monetized full faith and credit, its \u27money\u27 – on the one hand, and the private sector financial institutions and markets we publicly license to allocate most of the resultant Wicksellian \u27bank money\u27 or \u27credit-money\u27 on the other hand. At the periphery of the franchise lie those institutions and markets that \u27shadow bank\u27 through relations with the banking core. In recent years, developments in several distinct spaces have prompted what amounts to a broad reassessment of our hybrid financial arrangements. One such development is weariness with our system\u27s penchant for over-generating public credit that fuels bubbles and busts rather than production, a product of leaving our public capital - by far the greater part of investment capital - to private management. This is what the author has long called poor credit modulation. Another ground of critique is our hybrid system\u27s poor record on what the author has long called credit allocation, from which modulation turns out to be inseparable. Our morbid fear of explicitly, rather than implicitly, ‘picking winners and losers’ is the culprit here. Finally, other sources of disenchantment are our system\u27s long-term worsening of inequality, the scandal of commercial and financial exclusion our system permits, and the promise offered by new financial technologies where ending both that and leaky monetary policy are concerned. The current Covid pandemic and recent murder of George Floyd of course underscore these sources of disillusion. This article embraces these critiques, which the author himself has leveled continuously over the past fifteen years, argues that privately ordered production requires publicly ordered finance, and shows how to order finance publicly on a Fed balance sheet forthrightly recognized as a Citizens’ Ledger. New public investments will make up the asset side of the upgraded Fed balance sheet, while a corresponding system of digital public banking through ‘FedWallets’ will upgrade the liability side of the same. Newly restored regional Fed functionalities (\u27Spreading the Fed\u27), an FSOC-inspired National Reconstruction and Development Council (NRDC) and its financing arm (a restored RFC), and a price-stabilizing \u27People\u27s Portfolio\u27 round out the new system of Citizens\u27 Finance. In the course of its arguments, the article traces all salient consequences that flow from its overhaul of our system of financing production, from banking through ‘shadow banking’ to the capital markets. It also makes some surprising discoveries along the way. Among these is that full separation of Fed and Treasury and hence monetary and fiscal policy, itself an artifact of franchise finance and hence the false hope of separating credit modulation from credit allocation, is no longer tenable. Another is that global central bank digital currency (CBDC) development is now corroborating much of what the article argues

The Capital Commons: Digital Money and Citizens\u27 Finance in a Productive Commercial Republic

All societies must address two questions where the organization of productive activity is concerned. The first is whether production will be mainly publicly managed, privately managed, or \u27mixed.\u27 The second is whether the financing of production will be mainly publicly managed, privately managed, or mixed. In the American commercial republic, we seem more or less to have answered the \u27who does production\u27 question to our own satisfaction. From the founding era to the present, we have elected to leave production primarily, though not of course solely, \u27in private hands.\u27 Where the financing of production is concerned, on the other hand, we have been more ambivalent. For the past 160 years, our financial system has operated as a public-private franchise arrangement. At the core of our franchise lie the sovereign public (the \u27public\u27 of our \u27republic\u27) and its money-modulator – the issuer and manager of its monetized full faith and credit, its \u27money\u27 – on the one hand, and the private sector financial institutions and markets we publicly license to allocate most of the resultant Wicksellian \u27bank money\u27 or \u27credit-money\u27 on the other hand. At the periphery of the franchise lie those institutions and markets that \u27shadow bank\u27 through relations with the banking core. In recent years, developments in several distinct spaces have prompted what amounts to a broad reassessment of our hybrid financial arrangements. One such development is weariness with our system\u27s penchant for over-generating public credit that fuels bubbles and busts rather than production, a product of leaving our public capital - by far the greater part of investment capital - to private management. This is what the author has long called poor credit modulation. Another ground of critique is our hybrid system\u27s poor record on what the author has long called credit allocation, from which modulation turns out to be inseparable. Our morbid fear of explicitly, rather than implicitly, ‘picking winners and losers’ is the culprit here. Finally, other sources of disenchantment are our system\u27s long-term worsening of inequality, the scandal of commercial and financial exclusion our system permits, and the promise offered by new financial technologies where ending both that and leaky monetary policy are concerned. The current Covid pandemic and recent murder of George Floyd of course underscore these sources of disillusion. This article embraces these critiques, which the author himself has leveled continuously over the past fifteen years, argues that privately ordered production requires publicly ordered finance, and shows how to order finance publicly on a Fed balance sheet forthrightly recognized as a Citizens’ Ledger. New public investments will make up the asset side of the upgraded Fed balance sheet, while a corresponding system of digital public banking through ‘FedWallets’ will upgrade the liability side of the same. Newly restored regional Fed functionalities (\u27Spreading the Fed\u27), an FSOC-inspired National Reconstruction and Development Council (NRDC) and its financing arm (a restored RFC), and a price-stabilizing \u27People\u27s Portfolio\u27 round out the new system of Citizens\u27 Finance. In the course of its arguments, the article traces all salient consequences that flow from its overhaul of our system of financing production, from banking through ‘shadow banking’ to the capital markets. It also makes some surprising discoveries along the way. Among these is that full separation of Fed and Treasury and hence monetary and fiscal policy, itself an artifact of franchise finance and hence the false hope of separating credit modulation from credit allocation, is no longer tenable. Another is that global central bank digital currency (CBDC) development is now corroborating much of what the article argues