A cybersecurity control framework for blockchain ecosystems

This paper proposes a cybersecurity control framework for blockchain ecosystems, drawing from risks identified in the practitioner and academic literature. The framework identifies thirteen risks for blockchain implementations, ten common to other information systems and three risks specific to blockchains: centralization of computing power, transaction malleability, and flawed or malicious smart contracts. It also proposes controls to mitigate the risks identified; some were identified in the literature and some are new. Controls that apply to all types of information systems are adapted to the different components of the blockchain ecosystem

ПЕРСПЕКТИВИ ВІЙСЬКОВОГО ЗАСТОСУВАННЯ ТЕХНОЛОГІЇ БЛОКЧЕЙНУ

New cutting-edge technologies tend to have a huge impact on how businesses innovate to improve their competitive advantage. Since the advent of the Internet, blockchain technology has been recognized as one of the explosive innovations of the early 21st century. Blockchain technology is currently used in financial applications (e.g. payments, currency exchange, money transfers and wallets, trade finance, markets, microdeals, investments, brokerage, insurance) as well as non-financial applications (e.g. electronic identity management, authentication and authorization, electronic data storage and delivery systems, certification systems, smart contracts, application development, electronic voting in elections, patient medical record management, workload distribution for communication systems, computer systems that must comply requirements of legislation without human intervention, the Internet of Things, etc.). And yet, the use of blockchain is most justified when solving tasks mainly related to ensuring the integrity of stored information. That is why, in this article, we consider the prospects for the application of blockchain technology in military affairs, analyze its properties, consider the problems and provide solutions that open up with the beginning of the use of this technology. Blockchain technology is able to strengthen the defense sector of the state and introduce an additional level of protection to the already existing ones.Нові передові технології мають, як правило, величезний вплив на те, як бізнес впроваджує інновації для покращення своїх конкурентних переваг. З моменту появи Інтернету технології блокчейну були визнані одними з вибухових інновацій початку XXI століття. Технологія блокчейну даний час використовуються у фінансових додатках (наприклад, для платежів, обміну валюти, грошових переказів і гаманців, торгових фінансів, ринків, мікроугод, інвестиції, брокерства, страхування), а також в нефінансові додатки (наприклад, управління ідентифікацією в електронному вигляді, автентифікація та авторизація, системи зберігання та доставки даних в електронному вигляді, системи сертифікації, смарт-контракти, розробка додатків, електронне голосування на виборах, управління медичними записами пацієнтів, розподіл робочого навантаження для систем зв'язку , комп'ютерні системи, які мають відповідати вимогам законодавства без втручання людини, Інтернету речей і т.д.). І все ж застосування блокчейна найбільш виправдано при вирішенні завдань, пов'язаних в основному із забезпеченням цілісності інформації, що зберігається. Саме тому у цій статті ми розглядаємо перспективи застосування технології блокчейну у військовій справі, аналізуємо її властивості, розглядаємо проблеми та наводимо рішення, які відкриваються з початком використання даної технології. Технологія блокчейну здатна підсилити оборонний сектор держави та впровадити додатковий рівень захисту до вже існуючих

TumbleBit: an untrusted Bitcoin-compatible anonymous payment hub

This paper presents TumbleBit, a new unidirectional unlinkable payment hub that is fully compatible with today s Bitcoin protocol. TumbleBit allows parties to make fast, anonymous, off-blockchain payments through an untrusted intermediary called the Tumbler. TumbleBits anonymity properties are similar to classic Chaumian eCash: no one, not even the Tumbler, can link a payment from its payer to its payee. Every payment made via TumbleBit is backed by bitcoins, and comes with a guarantee that Tumbler can neither violate anonymity, nor steal bitcoins, nor print money by issuing payments to itself. We prove the security of TumbleBit using the real/ideal world paradigm and the random oracle model. Security follows from the standard RSA assumption and ECDSA unforgeability. We implement TumbleBit, mix payments from 800 users and show that TumbleBits offblockchain payments can complete in seconds.https://eprint.iacr.org/2016/575.pdfPublished versio

Blockchain-Based Solution for COVID-19 Digital Medical Passports and Immunity Certificates

COVID-19 has emerged as a highly contagious disease which has caused a devastating impact across the world with a very large number of infections and deaths. Timely and accurate testing is paramount to an effective response to this pandemic as it helps identify infections and therefore mitigate (isolate/cure) them. In this paper, we investigate this challenge and contribute by presenting a blockchain-based solution that incorporates self-sovereign identity, re-encryption proxies, and decentralized storage, such as the interplanetary file systems (IPFS). Our solution implements digital medical passports (DMP) and immunity certificates for COVID-19 test-takers. We present smart contracts based on the Ethereum blockchain written and tested successfully to maintain a digital medical identity for test-takers that help in a prompt trusted response directly by the relevant medical authorities. We reduce the response time of the medical facilities, alleviate the spread of false information by using immutable trusted blockchain, and curb the spread of the disease through DMP. We present a detailed description of the system design, development, and evaluation (cost and security analysis) for the proposed solution. Since our code leverages the use of the on-chain events, the cost of our design is almost negligible. We have made our smart contract codes publicly available on Github

Empirical Analysis of Transaction Malleability within Blockchain-based e-Voting

Blockchain is a disruptive technology that has been used to address a wide range of challenges in diverse domains including voting, logistics, healthcare and finance. Transaction malleability is one of the critical threats for blockchain, which can facilitate double-spending attacks by tampering with the state of a blockchain. This paper investigates the potential of transaction malleability attack within a blockchain-based application (e-voting) with the aim to identify settings which can lead to a successful transaction malleability attack. Therein, we aim to highlight conditions which can cause transaction malleability attack so as to help develop appropriate protection mechanisms. In particular, a successful execution of transaction malleability attack is presented which was conducted on a blockchain testbed hosting an e-voting application. The experiments identified significance of parameters such as network delay and block generation rate to successfully execute transaction malleability attack and have highlighted directions for future research

Research Perspectives and Challenges for Bitcoin and Cryptocurrencies

Bitcoin has emerged as the most successful cryptographic currency in history. Within two years of its quiet launch in 2009, Bitcoin grew to comprise billions of dollars of economic value, even while the body of published research and security analysis justifying the system\u27s design was negligible. In the ensuing years, a growing literature has identified hidden-but-important properties of the system, discovered attacks, proposed promising alternatives, and singled out difficult future challenges. This interest has been complemented by a large and vibrant community of open-source developers who steward the system, while proposing and deploying numerous modifications and extensions. We provide the first systematic exposition of the second generation of cryptocurrencies, including Bitcoin and the many alternatives that have been implemented as alternate protocols or ``altcoins.\u27\u27 Drawing from a scattered body of knowledge, we put forward three key components of Bitcoin\u27s design that can be decoupled, enabling a more insightful analysis of Bitcoin\u27s properties and its proposed modifications and extensions. We contextualize the literature into five central properties capturing blockchain stability. We map the design space for numerous proposed modification, providing comparative analyses for alternative consensus mechanisms, currency allocation mechanisms, computational puzzles, and key management tools. We focus on anonymity issues in Bitcoin and provide an evaluation framework for analyzing a variety of proposals for enhancing unlinkability. Finally we provide new insights on a what we term disintermediation protocols, which absolve the need for trusted intermediaries in an interesting set of applications. We identify three general disintermediation strategies and provide a detailed comparative cost analysis