795 research outputs found
Security Threats Classification in Blockchains
Blockchain, the foundation of Bitcoin, has become one of the most popular technologies to create and manage digital transactions recently. It serves as an immutable ledger which allows transactions take place in a decentralized manner. This expeditiously evolving technology has the potential to lead to a shift in thinking about digital transactions in multiple sectors including, Internet of Things, healthcare, energy, supply chain, manufacturing, cybersecurity and principally financial services. However, this emerging technology is still in its infancy. Despite the huge opportunities blockchain offers, it suffers from challenges and limitation such as scalability, security, and privacy, compliance, and governance issues that have not yet been thoroughly explored and addressed. Although there are some studies on the security and privacy issues of the blockchain, they lack a systematic examination of the security of blockchain systems. This research conducted a systematic survey of the security threats to the blockchain systems and reviewed the existing vulnerabilities in the Blockchain. These vulnerabilities lead to the execution of the various security threats to the normal functionality of the Blockchain platforms. Moreover, the study provides a case-study for each attack by examining the popular blockchain systems and also reviews possible countermeasures which could be used in the development of various blockchain systems. Furthermore, this study developed taxonomies that classified the security threats and attacks based on the blockchain abstract layers, blockchain primary processes and primary business users. This would assist the developers and businesses to be attentive to the existing threats in different areas of the blockchain-based platforms and plan accordingly to mitigate risk. Finally, summarized the critical open challenges, and suggest future research directions
Need To Know Before Utopian Balloon Is Popped: Security Perspective Analysis of Nun-Fungible Tokens
Non-Fungible Tokens (NFTs) have exploded into the technological and blockchain worlds with millions of dollars’ worth of cryptocurrencies such as Ethereum and Bitcoin among others, being traded for with these NFTs by individuals. NFTs are utilized by most buyers and sellers to show authenticity and sole ownership of a rare piece of work which could be in the form of an art, a video, a game, an image, a collectible, or anything the individual deems to be of great value and of interest for other individuals to pay for and own. NFTs however are not immune to the security and privacy issues that are already affiliated with the blockchain. This research work therefore examines the existing vulnerabilities in the blockchain then specifically investigates vulnerabilities with NFTs. Not much of research effort has been put into this area but the ones that have been conducted centered on generic security issues related to Non-Fungible Tokens. Taxonomies are developed in this paper to classify the security threats and attacks as identified by investigating the vulnerabilities of NFTs. This work will be of great assistance to investors and developers who look to enter into the NFT market, as they will be provided with some adequate knowledge for them to be aware of the security issues related to the booming market of NFTs
Recommended from our members
A blockchain based approach for the definition of auditable Access Control systems
A blockchain based approach for the definition of auditable Access Control systems
This work proposes to exploit blockchain technology to define Access Control systems that guarantee the auditability of access control policies evaluation. The key idea of our proposal is to codify attribute-based Access Control policies as smart contracts and deploy them on a blockchain, hence transforming the policy evaluation process into a completely distributed smart contract execution. Not only the policies, but also the attributes required for their evaluation are managed by smart contracts deployed on the blockchain. The auditability property derives from the immutability and transparency properties of blockchain technology. This paper not only presents the proposed Access Control system in general, but also its application to the innovative reference scenario where the resources to be protected are themselves smart contracts. To prove the feasibility of our approach, we present a reference implementation exploiting XACML policies and Solidity written smart contracts deployed on the Ethereum blockchain. Finally, we evaluate the system performances through a set of experimental results, and we discuss the advantages and drawbacks of our proposal
SoK: Design, Vulnerabilities and Defense of Cryptocurrency Wallets
The rapid growth of decentralized digital currencies, enabled by blockchain
technology, has ushered in a new era of peer-to-peer transactions,
revolutionizing the global economy. Cryptocurrency wallets, serving as crucial
endpoints for these transactions, have become increasingly prevalent. However,
the escalating value and usage of these wallets also expose them to significant
security risks and challenges. This research aims to comprehensively explore
the security aspects of cryptocurrency wallets. It provides a taxonomy of
wallet types, analyzes their design and implementation, identifies common
vulnerabilities and attacks, and discusses defense mechanisms and mitigation
strategies. The taxonomy covers custodial, non-custodial, hot, and cold
wallets, highlighting their unique characteristics and associated security
considerations. The security analysis scrutinizes the theoretical and practical
aspects of wallet design, while assessing the efficacy of existing security
measures and protocols. Notable wallet attacks, such as Binance, Mt. Gox are
examined to understand their causes and consequences. Furthermore, the paper
surveys defense mechanisms, transaction monitoring, evaluating their
effectiveness in mitigating threats
Understanding and Hardening Blockchain Network Security Against Denial of Service Attacks
This thesis aims to examine the security of a blockchain\u27s communication network. A blockchain relies on a communication network to deliver transactions. Understanding and hardening the security of the communication network against Denial-of-Service (DoS) attacks are thus critical to the well-being of blockchain participants. Existing research has examined blockchain system security in various system components, including mining incentives, consensus protocols, and applications such as smart contracts. However, the security of a blockchain\u27s communication network remains understudied.
In practice, a blockchain\u27s communication network typically consists of three services: RPC service, P2P network, and mempool. This thesis examines each service\u27s designs and implementations, discovers vulnerabilities that lead to DoS attacks, and uncovers the P2P network topology. Through systematic evaluations and measurements, the thesis confirms that real-world network services in Ethereum are vulnerable to DoS attacks, leading to a potential collapse of the Ethereum ecosystem. Besides, the uncovered P2P network topology in Ethereum mainnet suggests that critical nodes adopt a biased neighbor selection strategy in the mainnet. Finally, to fix the discovered vulnerabilities, practical mitigation solutions are proposed in this thesis to harden the security of Ethereum\u27s communication network
Privacy-enhancing distributed protocol for data aggregation based on blockchain and homomorphic encryption
The recent increase in reported incidents of security breaches compromising users' privacy call into question the current centralized model in which third-parties collect and control massive amounts of personal data. Blockchain has demonstrated that trusted and auditable computing is possible using a decentralized network of peers accompanied by a public ledger. Furthermore, Homomorphic Encryption (HE) guarantees confidentiality not only on the computation but also on the transmission, and storage processes. The synergy between Blockchain and HE is rapidly increasing in the computing environment.
This research proposes a privacy-enhancing distributed and secure protocol for data aggregation backboned by Blockchain and HE technologies. Blockchain acts as a distributed ledger which facilitates efficient data aggregation through a Smart Contract. On the top, HE will be used for data encryption allowing private aggregation operations. The theoretical description, potential applications, a suggested implementation and a performance analysis are presented to validate the proposed solution.This work has been partially supported by the Basque Country Government under the ELKARTEK program, project TRUSTIND (KK- 2020/00054). It has also been partially supported by the H2020 TERMINET project (GA 957406)
Data trust framework using blockchain and smart contracts
Lack of trust is the main barrier preventing more widespread data sharing. The lack of transparent and reliable infrastructure for data sharing prevents many data owners from sharing their data.
Data trust is a paradigm that facilitates data sharing by forcing data controllers to be transparent about the process of sharing and reusing data.
Blockchain technology has the potential to present the essential properties for creating a practical and secure data trust framework by transforming current auditing practices and automatic enforcement of smart contracts logic without relying on intermediaries to establish trust.
Blockchain holds an enormous potential to remove the barriers of traditional centralized applications and propose a distributed and transparent administration by employing the involved parties to maintain consensus on the ledger. Furthermore, smart contracts are a programmable component that provides blockchain with more flexible and powerful capabilities. Recent advances in blockchain platforms toward smart contracts' development have revealed the possibility of implementing blockchain-based applications in various domains, such as health care, supply chain and digital identity.
This dissertation investigates the blockchain's potential to present a framework for data trust. It starts with a comprehensive study of smart contracts as the main component of blockchain for developing decentralized data trust.
Interrelated, three decentralized applications that address data sharing and access control problems in various fields, including healthcare data sharing, business process, and physical access control system, have been developed and examined.
In addition, a general-purpose application based on an attribute-based access control model is proposed that can provide trusted auditability required for data sharing and access control systems and, ultimately, a data trust framework. Besides auditing, the system presents a transparency level that both access requesters (data users) and resource owners (data controllers) can benefit from. The proposed solutions have been validated through a use case of independent digital libraries. It also provides a detailed performance analysis of the system implementation.
The performance results have been compared based on different consensus mechanisms and databases, indicating the system's high throughput and low latency.
Finally, this dissertation presents an end-to-end data trust framework based on blockchain technology.
The proposed framework promotes data trustworthiness by assessing input datasets, effectively managing access control, and presenting data provenance and activity monitoring. A trust assessment model that examines the trustworthiness of input data sets and calculates the trust value is presented.
The number of transaction validators is defined adaptively with the trust value.
This research provides solutions for both data owners and data users’ by ensuring the trustworthiness and quality of the data at origin and transparent and secure usage of the data at the end. A comprehensive experimental study indicates the presented system effectively handles a large number of transactions with low latency
Cybersecurity applications of Blockchain technologies
With the increase in connectivity, the popularization of cloud services, and the rise
of the Internet of Things (IoT), decentralized approaches for trust management
are gaining momentum. Since blockchain technologies provide a distributed ledger,
they are receiving massive attention from the research community in different application
fields. However, this technology does not provide cybersecurity by itself.
Thus, this thesis first aims to provide a comprehensive review of techniques and
elements that have been proposed to achieve cybersecurity in blockchain-based systems.
The analysis is intended to target area researchers, cybersecurity specialists
and blockchain developers. We present a series of lessons learned as well. One of
them is the rise of Ethereum as one of the most used technologies.
Furthermore, some intrinsic characteristics of the blockchain, like permanent
availability and immutability made it interesting for other ends, namely as covert
channels and malicious purposes.
On the one hand, the use of blockchains by malwares has not been characterized
yet. Therefore, this thesis also analyzes the current state of the art in this area. One
of the lessons learned is that covert communications have received little attention.
On the other hand, although previous works have analyzed the feasibility of
covert channels in a particular blockchain technology called Bitcoin, no previous
work has explored the use of Ethereum to establish a covert channel considering all
transaction fields and smart contracts.
To foster further defence-oriented research, two novel mechanisms are presented
on this thesis. First, Zephyrus takes advantage of all Ethereum fields and smartcontract
bytecode. Second, Smart-Zephyrus is built to complement Zephyrus by
leveraging smart contracts written in Solidity. We also assess the mechanisms feasibility
and cost. Our experiments show that Zephyrus, in the best case, can embed
40 Kbits in 0.57 s. for US 1.82 per bit), the provided stealthiness might be worth the price for attackers. Furthermore,
these two mechanisms can be combined to increase capacity and reduce
costs.Debido al aumento de la conectividad, la popularización de los servicios en la nube
y el auge del Internet de las cosas (IoT), los enfoques descentralizados para la
gestión de la confianza están cobrando impulso. Dado que las tecnologÃas de cadena
de bloques (blockchain) proporcionan un archivo distribuido, están recibiendo
una atención masiva por parte de la comunidad investigadora en diferentes campos
de aplicación. Sin embargo, esta tecnologÃa no proporciona ciberseguridad por sÃ
misma. Por lo tanto, esta tesis tiene como primer objetivo proporcionar una revisión
exhaustiva de las técnicas y elementos que se han propuesto para lograr la ciberseguridad
en los sistemas basados en blockchain. Este análisis está dirigido a investigadores
del área, especialistas en ciberseguridad y desarrolladores de blockchain. A
su vez, se presentan una serie de lecciones aprendidas, siendo una de ellas el auge
de Ethereum como una de las tecnologÃas más utilizadas.
Asimismo, algunas caracterÃsticas intrÃnsecas de la blockchain, como la disponibilidad
permanente y la inmutabilidad, la hacen interesante para otros fines, concretamente
como canal encubierto y con fines maliciosos.
Por una parte, aún no se ha caracterizado el uso de la blockchain por parte
de malwares. Por ello, esta tesis también analiza el actual estado del arte en este
ámbito. Una de las lecciones aprendidas al analizar los datos es que las comunicaciones
encubiertas han recibido poca atención.
Por otro lado, aunque trabajos anteriores han analizado la viabilidad de los
canales encubiertos en una tecnologÃa blockchain concreta llamada Bitcoin, ningún
trabajo anterior ha explorado el uso de Ethereum para establecer un canal encubierto
considerando todos los campos de transacción y contratos inteligentes.
Con el objetivo de fomentar una mayor investigación orientada a la defensa,
en esta tesis se presentan dos mecanismos novedosos. En primer lugar, Zephyrus
aprovecha todos los campos de Ethereum y el bytecode de los contratos inteligentes.
En segundo lugar, Smart-Zephyrus complementa Zephyrus aprovechando los contratos inteligentes escritos en Solidity. Se evalúa, también, la viabilidad y el coste
de ambos mecanismos. Los resultados muestran que Zephyrus, en el mejor de los
casos, puede ocultar 40 Kbits en 0,57 s. por 1,64 US$, y recuperarlos en 2,8 s.
Smart-Zephyrus, por su parte, es capaz de ocultar un secreto de 4 Kb en 41 s. Si
bien es cierto que es caro (alrededor de 1,82 dólares por bit), el sigilo proporcionado
podrÃa valer la pena para los atacantes. Además, estos dos mecanismos pueden
combinarse para aumentar la capacidad y reducir los costesPrograma de Doctorado en Ciencia y TecnologÃa Informática por la Universidad Carlos III de MadridPresidente: José Manuel Estévez Tapiador.- Secretario: Jorge Blasco AlÃs.- Vocal: Luis Hernández Encina
- …