Security Threats Classification in Blockchains

Blockchain, the foundation of Bitcoin, has become one of the most popular technologies to create and manage digital transactions recently. It serves as an immutable ledger which allows transactions take place in a decentralized manner. This expeditiously evolving technology has the potential to lead to a shift in thinking about digital transactions in multiple sectors including, Internet of Things, healthcare, energy, supply chain, manufacturing, cybersecurity and principally financial services. However, this emerging technology is still in its infancy. Despite the huge opportunities blockchain offers, it suffers from challenges and limitation such as scalability, security, and privacy, compliance, and governance issues that have not yet been thoroughly explored and addressed. Although there are some studies on the security and privacy issues of the blockchain, they lack a systematic examination of the security of blockchain systems. This research conducted a systematic survey of the security threats to the blockchain systems and reviewed the existing vulnerabilities in the Blockchain. These vulnerabilities lead to the execution of the various security threats to the normal functionality of the Blockchain platforms. Moreover, the study provides a case-study for each attack by examining the popular blockchain systems and also reviews possible countermeasures which could be used in the development of various blockchain systems. Furthermore, this study developed taxonomies that classified the security threats and attacks based on the blockchain abstract layers, blockchain primary processes and primary business users. This would assist the developers and businesses to be attentive to the existing threats in different areas of the blockchain-based platforms and plan accordingly to mitigate risk. Finally, summarized the critical open challenges, and suggest future research directions

Improving Security for the Internet of Things: Applications of Blockchain, Machine Learning and Inter-Pulse Interval

The Internet of Things (IoT) is a concept where physical objects of various sizes can seamlessly connect and communicate with each other without human intervention. The concept covers various applications, including healthcare, utility services, automotive/vehicular transportation, smart agriculture and smart city. The number of interconnected IoT devices has recently grown rapidly as a result of technological advancement in communications and computational systems. Consequently, this trend also highlights the need to address issues associated with IoT, the biggest risk of which is commonly known to be security. This thesis focuses on three selected security challenges from the IoT application areas of connected and autonomous vehicles (CAVs), Internet of Flying Things (IoFT), and human body interface and control systems (HBICS). For each of these challenges, a novel and innovative solution is proposed to address the identified problems. The research contributions of this thesis to the literature can be summarised as follows: • A blockchain-based conditionally anonymised pseudonym management scheme for CAVs, supporting multi-jurisdictional road networks. • A Sybil attack detection scheme for IoFT using machine learning carried out on intrinsically generated physical layer data of radio signals. • A potential approach of using inter-pulse interval (IPI) biometrics for frequency hopping to mitigate jamming attacks on HBICS devices

Failure Analysis in Next-Generation Critical Cellular Communication Infrastructures

The advent of communication technologies marks a transformative phase in critical infrastructure construction, where the meticulous analysis of failures becomes paramount in achieving the fundamental objectives of continuity, security, and availability. This survey enriches the discourse on failures, failure analysis, and countermeasures in the context of the next-generation critical communication infrastructures. Through an exhaustive examination of existing literature, we discern and categorize prominent research orientations with focuses on, namely resource depletion, security vulnerabilities, and system availability concerns. We also analyze constructive countermeasures tailored to address identified failure scenarios and their prevention. Furthermore, the survey emphasizes the imperative for standardization in addressing failures related to Artificial Intelligence (AI) within the ambit of the sixth-generation (6G) networks, accounting for the forward-looking perspective for the envisioned intelligence of 6G network architecture. By identifying new challenges and delineating future research directions, this survey can help guide stakeholders toward unexplored territories, fostering innovation and resilience in critical communication infrastructure development and failure prevention

Cyber Security

This open access book constitutes the refereed proceedings of the 16th International Annual Conference on Cyber Security, CNCERT 2020, held in Beijing, China, in August 2020. The 17 papers presented were carefully reviewed and selected from 58 submissions. The papers are organized according to the following topical sections: access control; cryptography; denial-of-service attacks; hardware security implementation; intrusion/anomaly detection and malware mitigation; social network security and privacy; systems security

The Anti Money Laundering Regulation of Crypto-assets in Europe: A Critical Analysis

The present analysis will explore how the legislator has responded to the introduction of blockchain technology and crypto-assets. As we will detail, blockchain introduces a new architecture for digital exchanges of value. One that substitutes the central intermediary with a decentralized network of cooperating nodes. By reshaping the architecture of digital exchange systems, blockchain undermines the fundamental premise underlying the preventive prong of the anti-money laundering policy strategy: the necessary intermediation of digital exchanges of value. The primary aim of the present research is to critically examine the impact of crypto-assets and blockchain on the financial monitoring infrastructure and the connected policy responses. Due to the disruptive nature of blockchain’s transaction model, this is a field that has known a great degree of innovation, particularly in Europe. The present decade will be fundamental in the definition of a European policy strategy for crypto-assets. The introduction of the Market in Crypto-asset Regulation (MiCaR) – the first comprehensive regulation of crypto-assets worldwide – and the upcoming Anti-money Laundering Package will shape how the Union approaches crypto-assets and its ability to reap their benefits while mitigating the risks. However, the present research also has a second, larger, purpose. Digitalization is altering the physiognomy of the world and human action. Rules that have been regarded as essential to human existence for centuries are now called into question. For instance, digital interaction systems allow continuous non-local exchanges freeing humans from their corporeal boundaries, artificial intelligence promises to create non-human autonomous decision makers. Within this changing architecture, the validity of legal tenets developed across eras is challenged forcing the legislator to reimagine its strategies in an unprecedented fashion. Taking anti-money laundering as a case study, the blockchain, by introducing the possibility to exchange value digitally in the absence of an intermediary, challenges the previous intermediary-based legislative strategy.5 The text will analyse how, and if, the policy maker has adapted to this new playing field. The perspective of the text is that a simple reiteration of pre-existing models is not adequate in the presence of fundamental architectural modifications. The legislator cannot simply stick to an “everything changes, nothing changes” approach. Rather, it should proactively engage with such architectures and imagine new solutions rooted in them. The ability to reinvent its strategy, and even its fundamental tenets, is key for the law to survive in a world that is changing in such a profound manner. It is with this double perspective that we invite the reader to approach the present analysis

Internet of Things From Hype to Reality

The Internet of Things (IoT) has gained significant mindshare, let alone attention, in academia and the industry especially over the past few years. The reasons behind this interest are the potential capabilities that IoT promises to offer. On the personal level, it paints a picture of a future world where all the things in our ambient environment are connected to the Internet and seamlessly communicate with each other to operate intelligently. The ultimate goal is to enable objects around us to efficiently sense our surroundings, inexpensively communicate, and ultimately create a better environment for us: one where everyday objects act based on what we need and like without explicit instructions

Viiteraamistik turvariskide haldamiseks plokiahela abil

Turvalise tarkvara loomiseks on olemas erinevad programmid (nt OWASP), ohumudelid (nt STRIDE), turvariskide juhtimise mudelid (nt ISSRM) ja eeskirjad (nt GDPR). Turvaohud aga arenevad pidevalt, sest traditsiooniline tehnoloogiline infrastruktuur ei rakenda turvameetmeid kavandatult. Blockchain näib leevendavat traditsiooniliste rakenduste turvaohte. Kuigi plokiahelapõhiseid rakendusi peetakse vähem haavatavateks, ei saanud need erinevate turvaohtude eest kaitsmise hõbekuuliks. Lisaks areneb plokiahela domeen pidevalt, pakkudes uusi tehnikaid ja sageli vahetatavaid disainikontseptsioone, mille tulemuseks on kontseptuaalne ebaselgus ja segadus turvaohtude tõhusal käsitlemisel. Üldiselt käsitleme traditsiooniliste rakenduste TJ-e probleemi, kasutades vastumeetmena plokiahelat ja plokiahelapõhiste rakenduste TJ-t. Alustuseks uurime, kuidas plokiahel leevendab traditsiooniliste rakenduste turvaohte, ja tulemuseks on plokiahelapõhine võrdlusmudel (PV), mis järgib TJ-e domeenimudelit. Järgmisena esitleme PV-it kontseptualiseerimisega alusontoloogiana kõrgema taseme võrdlusontoloogiat (ULRO). Pakume ULRO kahte eksemplari. Esimene eksemplar sisaldab Cordat, kui lubatud plokiahelat ja finantsjuhtumit. Teine eksemplar sisaldab lubadeta plokiahelate komponente ja tervishoiu juhtumit. Mõlemad ontoloogiaesitlused aitavad traditsiooniliste ja plokiahelapõhiste rakenduste TJ-es. Lisaks koostasime veebipõhise ontoloogia parsimise tööriista OwlParser. Kaastööde tulemusel loodi ontoloogiapõhine turberaamistik turvariskide haldamiseks plokiahela abil. Raamistik on dünaamiline, toetab TJ-e iteratiivset protsessi ja potentsiaalselt vähendab traditsiooniliste ja plokiahelapõhiste rakenduste turbeohte.Various programs (e.g., OWASP), threat models (e.g., STRIDE), security risk management models (e.g., ISSRM), and regulations (e.g., GDPR) exist to communicate and reduce the security threats to build secure software. However, security threats continuously evolve because the traditional technology infrastructure does not implement security measures by design. Blockchain is appearing to mitigate traditional applications’ security threats. Although blockchain-based applications are considered less vulnerable, they did not become the silver bullet for securing against different security threats. Moreover, the blockchain domain is constantly evolving, providing new techniques and often interchangeable design concepts, resulting in conceptual ambiguity and confusion in treating security threats effectively. Overall, we address the problem of traditional applications’ SRM using blockchain as a countermeasure and the SRM of blockchain-based applications. We start by surveying how blockchain mitigates the security threats of traditional applications, and the outcome is a blockchain-based reference model (BbRM) that adheres to the SRM domain model. Next, we present an upper-level reference ontology (ULRO) as a foundation ontology and provide two instantiations of the ULRO. The first instantiation includes Corda as a permissioned blockchain and the financial case. The second instantiation includes the permissionless blockchain components and the healthcare case. Both ontology representations help in the SRM of traditional and blockchain-based applications. Furthermore, we built a web-based ontology parsing tool, OwlParser. Contributions resulted in an ontology-based security reference framework for managing security risks using blockchain. The framework is dynamic, supports the iterative process of SRM, and potentially lessens the security threats of traditional and blockchain-based applications.https://www.ester.ee/record=b551352