A decision-making model to guide securing blockchain deployments

Satoshi Nakamoto, the pseudo-identity accredit with the paper that sparked the implementation of Bitcoin, is famously quoted as remarking, electronically of course, that “If you don’t believe it or don’t get it, I don’t have time to try and convince you, sorry” (Tsapis, 2019, p. 1). What is noticeable, 12 years after the famed Satoshi paper that initiated Bitcoin (Nakamoto, 2008), is that blockchain at the very least has staying power and potentially wide application. A lesser known figure Marc Kenisberg, founder of Bitcoin Chaser which is one of the many companies formed around the Bitcoin ecosystem, summarised it well saying “…Blockchain is the tech - Bitcoin is merely the first mainstream manifestation of its potential” (Tsapis, 2019, p. 1). With blockchain still trying to reach its potential and still maturing on its way towards a mainstream technology the main question that arises for security professionals is how do I ensure we do it securely? This research seeks to address that question by proposing a decision-making model that can be used by a security professional to guide them through ensuring appropriate security for blockchain deployments. This research is certainly not the first attempt at discussing the security of the blockchain and will not be the last, as the technology around blockchain and distributed ledger technology is still rapidly evolving. What this research does try to achieve is not to delve into extremely specific areas of blockchain security, or get bogged down in technical details, but to provide a reference framework that aims to cover all the major areas to be considered. The approach followed was to review the literature regarding blockchain and to identify the main security areas to be addressed. It then proposes a decision-making model and tests the model against a fictitious but relevant real-world example. It concludes with learnings from this research. The reader can be the judge, but the model aims to be a practical valuable resource to be used by any security professional, to navigate the security aspects logically and understandably when being involved in a blockchain deployment. In contrast to the Satoshi quote, this research tries to convince the reader and assist him/her in understanding the security choices related to every blockchain deployment.Thesis (MSc) -- Faculty of Science, Computer Science, 202

SoK: Public Randomness

Public randomness is a fundamental component in many cryptographic protocols and distributed systems and often plays a crucial role in ensuring their security, fairness, and transparency properties. Driven by the surge of interest in blockchain and cryptocurrency platforms and the usefulness of such component in those areas, designing secure protocols to generate public randomness in a distributed manner has received considerable attention in recent years. This paper presents a systematization of knowledge on the topic of public randomness with a focus on cryptographic tools providing public verifiability and key themes underlying these systems. We provide concrete insights on how state-of-the-art protocols achieve this task efficiently in an adversarial setting and present various research gaps that may be suitable for future research

Machine learning approaches for enhancing smart contracts security: A systematic literature review

Smart contracts offer automation for various decentralized applications but suffer from vulnerabilities that cause financial losses. Detecting vulnerabilities is critical to safeguarding decentralized applications before deployment. Automatic detection is more efficient than manual auditing of large codebases. Machine learning (ML) has emerged as a suitable technique for vulnerability detection. However, a systematic literature review (SLR) of ML models is lacking, making it difficult to identify research gaps. No published systematic review exists for ML approaches to smart contract vulnerability detection. This research focuses on ML-driven detection mechanisms from various databases. 46 studies were selected and reviewed based on keywords. The contributions address three research questions: vulnerability identification, machine learning model approaches, and data sources. In addition to highlighting gaps that require further investigation, the drawbacks of machine learning are discussed. This study lays the groundwork for improving ML solutions by mapping technical challenges and future directions

From legal contracts to smart contracts and back again: Towards an automated approach

Blockchain smart contracts, programs with the potential to automate transactions and beyond, have gained tremendous popularity over the past years. Central to the original of smart contracts is that every computable clause of a contract or agreement is encoded into arbitrary computer logic with the aim of coding this logic into computer programs, and let the program decide and execute what happens during the contract's life span. The term smart legal contract has been coined to describe smart contracts that aim to capture legally binding agreements between parties. This dissertation presents a method to facilitate the creation of smart legal contracts that constitute a legally binding contract and that can (partially) self-enforce their terms and conditions within that contract, regardless of the blockchain platform. Understanding how blockchain technology works is pivotal to grapple the ramifications of this choice for smart contracts. Chapter 2 presents an overview of the literature on blockchain to delineate architectural perspectives on the technology, and to define its properties. Finally, the chapter points out the current challenges for the technology and gaps in literature. In Chapter 3, a background on smart contracts will be provided using a motivational example. Chapter 4 expounds the research methodology, the research paradigm adopted for the research, and the philosophy underpinning the method called Model Driven Architecture. Following, in Chapter 5 a domain model for smart legal contracts is presented. The chapter demonstrates how the contents of a legal contract could be captured in a model using a motivational example. Chapter 6 is devoted to describing the models that can be employed to write smart contracts. The chapter presents a platform specific model for the Ethereum and Hyperledger Fabric blockchain platforms. A platform agnostic model for blockchain technology is thereafter presented that captures the commonalities between these platforms. Chapter 7 discusses how the main research question is addressed. Derived from the insights of the discussion some opportunities for future research are discussed. Finally, Chapter 8 concludes the dissertation

Privacy-aware Biometric Blockchain based e-Passport System for Automatic Border Control

In the middle of 1990s, World Wide Web technology initially steps into our life. Now, 30 years after that, widespread internet access and established computing technology bring embodied real life into Metaverse by digital twin. Internet is not only blurring the concept of physical distance, but also blurring the edge between the real and virtual world. Another breakthrough in computing is the blockchain, which shifts the root of trust attached to a system administrator to the computational power of the system. Furthermore, its favourable properties such as immutable time-stamped transaction history and atomic smart contracts trigger the development of decentralized autonomous organizations (DAOs). Combining above two, this thesis presents a privacy-aware biometric Blockchain based e-passport system for automatic border control(ABC), which aims for improving the efficiency of existing ABC system. Specifically, through constructing a border control Metaverse DAO, border control workload can be autonomously self-executed by atomic smart contracts as transaction and then immutably recorded on Blockchain. What is more, to digitize border crossing documentation, biometric Blockchain based e-passport system(BBCVID) is created to generate an immutable real-world identity digital twin in the border control Metaverse DAO through Blockchain and biometric identity authentication. That is to say, by digitizing border crossing documentation and automatizing both biometric identity authentication and border crossing documentation verification, our proposal is able to significantly improve existing border control efficiency. Through system simulation and performance evaluation by Hyperledger Caliper, the proposed system turns out to be able to improve existing border control efficiency by 3.5 times more on average, which is remarkable. What is more, the dynamic digital twin constructed by BBCVID enables computing techniques such as machine learning and big data analysis applicable to real-world entity, which has a huge potential to create more value by constructing smarter ABC systems

A Reduction from Smart Contract Verification to Model Checking

We present a reduction from verification of smart contracts to model checking. A smart contract is a computer program written in a language with constructs that correspond to real-world contracts, such as verified sending and accepting digital cash. Model checking is an approach to verification of state-transition systems in which a state is the valuation of a set of variables. A reduction, in our context, is a polynomial-time computable function which guarantees that an input smart contract possesses a property if and only if the output instance of model checking possesses a property to which the former property is mapped. Our focus is smart contracts written to run on the Ethereum blockchain in a language compiled to Ethereum Virtual Machine (EVM) code. Our work is motivated by the importance of checking smart contracts for properties of interest and also by the observation in recent empirical work that establishes that existing verification tools are deficient. Our approach has some distinguishing characteristics from prior approaches, which we discuss in this thesis. We have implemented and carried out a limited empirical assessment of our reduction. We used a dataset of 69 curated smart contracts that contains 115 instances of security vulnerabilities from 10 different classes of such vulnerabilities. Our empirical work suggests that our approach can scale to real-world smart contracts

A User-Centered Perspective for the blockchain Development

Blockchain technology is regarded as one of the most important digital innovations in the last two decades. Its applicability beyond cryptocurrencies has been a growing topic of research interest not only in computer science but also in other areas, such as marketing, finance, law, healthcare, etc. However blockchain is far from reaching the population on a larger scale. The dissertation evaluates the causes that are preventing successful implementation and adoption of blockchain technology at a larger scale, supporting infrastructure for public and private companies. The latest academic research suggests that the blockchain services are still in an early stage, and standards for developing blockchain-based applications have not been defined yet. Moreover the interaction with the blockchain technology is still complex, especially for non expert users, because it requires many technical skills. The dissertation focuses on this knowledge gap as a cause for the blockchain missing reach on society at a larger scale. This work aims to fill the gap by presenting innovative methodologies and user-centered models that could help the adoption of the blockchain technology by a larger number of private/public companies and individuals. Based on these models, specific tools for both expert and non-expert users are developed and discussed in the dissertation. First, tools for expert users, i.e., software developers, are proposed to analyze the smart contracts’ source code, to collect the smart contracts in a reasoned repository, and to identify code clones and boost the use of open source libraries for a better collective practice in developing and maintaining the blockchain. Second, tools for non-expert users, i.e. people with no technical knowledge, are proposed to suggest them the fairest fees to pay to have their transactions executed according to the price and waiting times they are willing to spend, and to identify malicious smart contracts that can deceive them, thus preventing them to trust the blockchain and use it again. Finally, visualization models for users with expertise in different disciplines are proposed to provide them with graphical representations that can foster the understanding of the blockchain underlying mechanisms

FinBook: literary content as digital commodity

This short essay explains the significance of the FinBook intervention, and invites the reader to participate. We have associated each chapter within this book with a financial robot (FinBot), and created a market whereby book content will be traded with financial securities. As human labour increasingly consists of unstable and uncertain work practices and as algorithms replace people on the virtual trading floors of the worlds markets, we see members of society taking advantage of FinBots to invest and make extra funds. Bots of all kinds are making financial decisions for us, searching online on our behalf to help us invest, to consume products and services. Our contribution to this compilation is to turn the collection of chapters in this book into a dynamic investment portfolio, and thereby play out what might happen to the process of buying and consuming literature in the not-so-distant future. By attaching identities (through QR codes) to each chapter, we create a market in which the chapter can ‘perform’. Our FinBots will trade based on features extracted from the authors’ words in this book: the political, ethical and cultural values embedded in the work, and the extent to which the FinBots share authors’ concerns; and the performance of chapters amongst those human and non-human actors that make up the market, and readership. In short, the FinBook model turns our work and the work of our co-authors into an investment portfolio, mediated by the market and the attention of readers. By creating a digital economy specifically around the content of online texts, our chapter and the FinBook platform aims to challenge the reader to consider how their personal values align them with individual articles, and how these become contested as they perform different value judgements about the financial performance of each chapter and the book as a whole. At the same time, by introducing ‘autonomous’ trading bots, we also explore the different ‘network’ affordances that differ between paper based books that’s scarcity is developed through analogue form, and digital forms of books whose uniqueness is reached through encryption. We thereby speak to wider questions about the conditions of an aggressive market in which algorithms subject cultural and intellectual items – books – to economic parameters, and the increasing ubiquity of data bots as actors in our social, political, economic and cultural lives. We understand that our marketization of literature may be an uncomfortable juxtaposition against the conventionally-imagined way a book is created, enjoyed and shared: it is intended to be

On the Behavioural Profiling of Gamblers using Cryptocurrency Transaction Data

Blockchain technologies enable a number of new ways to gamble online. Very little is known about engagement with one such new way of gambling: decentralised gambling applications, which provide simple casino games like dice rolls and coin flips. This is important as understanding engagement with any type of gambling is a crucial first step to assessing the risk of experiencing gambling related harm within the population. This thesis first surveys existing literature for methods of describing engagement in gambling, and then applies these methods to actual transaction data gathered from several decentralised gambling applications. This replication-oriented approach means results can be grounded against existing findings, and the descriptions of player engagement in this new domain have some context for comparison. It also means that descriptions can be tentatively mapped to similar scenarios, such as risk of experiencing gambling related harm in other studies. The results of several replication oriented studies presented herein find that engagement in the decentralised gambling domain is typically less than in comparable online casino games, but that a heavily involved subgroup is more involved. It also finds that engagement with gambling- like mechanisms in blockchain games is much less than in decentralised gambling applications, guiding future studies in gambling research away from blockchain games despite their mechanical similarities. Finally, behavioural groups in the decentralised gambling domain do not appear to be comparable with existing research in the centralised online casino game domain. The results of these studies provide a first look at engagement in this emerging domain, a comparative description with similar forms of gambling, and a description of behavioural groups, which provides essential context for further research to asses the scale of the risk of experiencing gambling related harm

Optimising the sustainability of blockchain-based systems: balancing environmental sustainability, decentralisation and trustworthiness

Blockchain technology is an emerging technology revolutionising information technology and represents a change in how information is shared. It has captured the interest of several disciplines because it promises to provide security, anonymity and data integrity without any third-party control. Although blockchain technology has great potential for the construction of the future of the digital world, it is facing a number of technical challenges. A most critical concern is related to its environmental sustainability. It has been acknowledged that blockchain-based systems' energy consumption and carbon emissions are massive and can affect their sustainability. Therefore, optimising the environmental sustainability of these systems is necessary. Several studies have been proposed to mitigate this issue. However, the literature needs to include models for optimising the environmental sustainability of blockchain-based systems without compromising the fundamental properties inherent in blockchain technology. In this context, this thesis aims to optimise the environmental sustainability of blockchain-based systems by balancing different conflicting objectives without compromising the decentralisation and trustworthiness of the systems. First of all, we reformulate the problem of the environmental sustainability of the systems as a search-based software engineering problem. We represent the problem as a subset selection problem that selects an optimal set of miners for mining blocks in terms of four conflicting objectives: energy consumption, carbon emissions, decentralisation and trustworthiness. Secondly, we propose a reputation model to determine reputable miners based on their behaviour in a blockchain-based system. The reputation model can support the enhancement of the environmental sustainability of the system. Moreover, it can improve the system's trustworthiness when the number of miners is reduced to minimise energy consumption and carbon emissions. Thirdly, we propose a self-adaptive model that optimises the environmental sustainability of blockchain-based systems taking into account environmental changes and decision-makers' requirements. We have conducted a series of experiments to evaluate the applicability and effectiveness of the proposed models. Finally, the results demonstrate that our models can enhance the environmental sustainability of blockchain-based systems without compromising the core properties of blockchain technology