Biblio

Crowdsensing, driven by the proliferation of sensor-rich mobile devices, has emerged as a promising data sensing and aggregation paradigm. Despite useful, traditional crowdsensing systems typically rely on a centralized third-party platform for data collection and processing, which leads to concerns like single point of failure and lack of operation transparency. Such centralization hinders the wide adoption of crowdsensing by wary participants. We therefore explore an alternative design space of building crowdsensing systems atop the emerging decentralized blockchain technology. While enjoying the benefits brought by the public blockchain, we endeavor to achieve a consolidated set of desirable security properties with a proper choreography of latest techniques and our customized designs. We allow data providers to safely contribute data to the transparent blockchain with the confidentiality guarantee on individual data and differential privacy on the aggregation result. Meanwhile, we ensure the service correctness of data aggregation and sanitization by delicately employing hardware-assisted transparent enclave. Furthermore, we maintain the robustness of our system against faulty data providers that submit invalid data, with a customized zero-knowledge range proof scheme. The experiment results demonstrate the high efficiency of our designs on both mobile client and SGX-enabled server, as well as reasonable on-chain monetary cost of running our task contract on Ethereum.

As Blockchain technology become more understood in recent years and its capability to solve enterprise business use cases become evident, technologist have been exploring Blockchain technology to solve use cases that have been daunting industries for years. Unlike existing technologies, one of the key features of blockchain technology is its unparalleled capability to provide, traceability, accountability and immutable records that can be accessed at any point in time. One application area of interest for blockchain is securing heterogenous networks. This paper explores the security challenges in a heterogonous network of IoT devices and whether blockchain can be a viable solution. Using an experimental approach, we explore the possibility of using blockchain technology to secure IoT devices, validate IoT device transactions, and establish a chain of trust to secure an IoT device mesh network, as well as investigate the plausibility of using immutable transactions for forensic analysis.

The Internet of Things (IoT) visualizes a massive network with billions of interaction among smart things which are capable of contributing all sorts of services. Self-configuring things (nodes) are connected dynamically with a global network in IoT scenario. The small things are widely spread in a real world paradigm with minimal processing capacity and limited storage. The recent IoT technologies have more concerns about the security, privacy and reliability. Sharing personal data over the centralized system still remains as a challenging task. If the infrastructure is able to provide the assurance for transferring the data but for now it requires special attention on security and data consistency. Because, centralized system and infrastructure is viewed as a more attractive point for hacker or cyber-attacker. To solve this we present a secured smart contract based on Blockchain to develop a secured communicative network. A Hash based secret key is used for encryption and decryption purposes. A demo attack is done for developing a better understanding on blockchain technology in terms of their comparison and calculation.

With the development of big data and machine learning techniques, medical data sharing for the use of disease diagnosis has received considerable attention. Blockchain, as an emerging technology, has been widely used to resolve the efficiency and security issues in medical data sharing. However, the existing studies on blockchain-based medical data sharing have rarely concerned about the reasonable incentive mechanism. In this paper, we propose a cooperation model where medical data is shared via blockchain. We derive the topological relationships among the participants consisting of data owners, miners and third parties, and gradually develop the computational process of Shapley value revenue distribution. Specifically, we explore the revenue distribution under different consensuses of blockchain. Finally, we demonstrate the incentive effect and rationality of the proposed solution by analyzing the revenue distribution.

Emergency medical services universally get regarded as the essential part of the health care delivery system [1]. A relationship exists between the emergency patient death rate and factors such as the failure to access a patient's critical data and the time it takes to arrive at hospitals. Nearly thirty million Americans do not live within an hour of trauma care, so this poor access to trauma centers links to higher pre-hospital death rates in more than half of the United States [2]. So, we need to address the problem. In a patient care-cycle, loads of medical data items are born in different healthcare settings using a disparate system of records during patient visits. The ability for medical care providers to access a patient's complete picture of emergency-relevant medical data is critical and can significantly reduce the annual mortality rate. Today, the problem exists with a continuous recording system of the patient data between healthcare providers. In this paper, we've introduced a combination of secure file transfer methods/tools and blockchain technology as a solution to record patient Emergency relevant medical data as patient walk through from one clinic/medical facility to another, creating a continuous footprint of patient as a secure and scalable data source. So, ambulance crews can access and use it to provide high quality pre-hospital care. All concerns of medical record sharing and accessing like authentication, privacy, security, scalability and audibility, confidentiality has been considered in this approach.

IoT trust management is a security solution that assures the trust between different IoT entities before establishing any relationship with other anonymous devices. Recent researches presented in the literature tend to use a Blockchain-based trust management model for IoT besides the fog node approach in order to address the constraints of IoT resources. Actually, Blockchain has solved many drawbacks of centralized models. However, it is still not preferable for dealing with massive data produced by IoT because of its drawbacks such as delay, network overhead, and scalability issues. Therefore, in this paper we define some factors that should be considered when designing scalable models, and we propose a fully distributed trust management model for IoT that provide a large-scale trust model and address the limitations of Blockchain. We design our model based on a new approach called Holochain considering some security issues, such as detecting misbehaviors, data integrity and availability.

The software development life cycle (SDLC) starts with business and functional specifications signed with a client. In addition to this, the specifications also capture policy / procedure / contractual / regulatory / legislation / standard compliances with respect to a given client industry. The SDLC must adhere to service level agreements (SLAs) while being compliant to development activities, processes, tools, frameworks, and reuse of open-source software components. In today's world, global software development happens across geographically distributed (autonomous) teams consuming extraordinary amounts of open source components drawn from a variety of disparate sources. Although this is helping organizations deal with technical and economic challenges, it is also increasing unintended risks, e.g., use of a non-complaint license software might lead to copyright issues and litigations, use of a library with vulnerabilities pose security risks etc. Mitigation of such risks and remedial measures is a challenge due to lack of visibility and transparency of activities across these distributed teams as they mostly operate in silos. We believe a unified model that non-invasively monitors and analyzes the activities of distributed teams will help a long way in building software that adhere to various compliances. In this paper, we propose a decentralized CAG - Compliance Adherence and Governance framework using blockchain technologies. Our framework (i) enables the capturing of required data points based on compliance specifications, (ii) analyzes the events for non-conformant behavior through smart contracts, (iii) provides real-time alerts, and (iv) records and maintains an immutable audit trail of various activities.

It is common to certify when a file was created in digital investigations, e.g., determining first inventors for patentable ideas in intellectual property systems to resolve disputes. Secure time-stamping schemes can be derived from blockchain-based storage to protect files from backdating/forward-dating, where a file is integrated into a transaction on a blockchain and the timestamp of the corresponding block reflects the latest time the file was created. Nevertheless, blocks' timestamps in blockchains suffer from time errors, which causes the inaccuracy of files' timestamps. In this paper, we propose an accurate blockchain-based time-stamping scheme called Chronos. In Chronos, when a file is created, the file and a sufficient number of successive blocks that are latest confirmed on blockchain are integrated into a transaction. Due to chain quality, it is computationally infeasible to pre-compute these blocks. The time when the last block was chained to the blockchain serves as the earliest creation time of the file. The time when the block including the transaction was chained indicates the latest creation time of the file. Therefore, Chronos makes the file's creation time corresponding to this time interval. Based on chain growth, Chronos derives the time when these two blocks were chained from their heights on the blockchain, which ensures the accuracy of the file's timestamp. The security and performance of Chronos are demonstrated by a comprehensive evaluation.

Trusted collaboration satisfying the requirements of (a) adequate transparency and (b) preservation of privacy of business sensitive information is a key factor to ensure the success and adoption of online business-to-business (B2B) collaboration platforms. Our work proposes novel ways of stringing together game theoretic modeling, blockchain technology, and cryptographic techniques to build such a platform for B2B collaboration involving enterprise buyers and sellers who may be strategic. The B2B platform builds upon three ideas. The first is to use a permissioned blockchain with smart contracts as the technical infrastructure for building the platform. Second, the above smart contracts implement deep business logic which is derived using a rigorous analysis of a repeated game model of the strategic interactions between buyers and sellers to devise strategies to induce honest behavior from buyers and sellers. Third, we present a formal framework that captures the essential requirements for secure and private B2B collaboration, and, in this direction, we develop cryptographic regulation protocols that, in conjunction with the blockchain, help implement such a framework. We believe our work is an important first step in the direction of building a platform that enables B2B collaboration among strategic and competitive agents while maximizing social welfare and addressing the privacy concerns of the agents.

Smart contracts have been widely used on Ethereum to enable business services across various application domains. However, they are prone to different forms of security attacks due to the dynamic and non-deterministic blockchain runtime environment. In this work, we highlighted a general miner-side type of exploit, called concurrency exploit, which attacks smart contracts via generating malicious transaction sequences. Moreover, we designed a systematic algorithm to automatically detect such exploits. In our preliminary evaluation, our approach managed to identify real vulnerabilities that cannot be detected by other tools in the literature.

Routing on the Internet is defined among autonomous systems (ASes) based on a weak trust model where it is assumed that ASes are honest. While this trust model strengthens the connectivity among ASes, it results in an attack surface which is exploited by malicious entities to hijacking routing paths. One such attack is known as the BGP prefix hijacking, in which a malicious AS broadcasts IP prefixes that belong to a target AS, thereby hijacking its traffic. In this paper, we proposeRouteChain: a blockchain-based secure BGP routing system that counters BGP hijacking and maintains a consistent view of the Internet routing paths. Towards that, we leverage provenance assurance and tamper-proof properties of blockchains to augment trust among ASes. We group ASes based on their geographical (network) proximity and construct a bihierarchical blockchain model that detects false prefixes prior to their spread over the Internet. We validate strengths of our design by simulations and show its effectiveness by drawing a case study with the Youtube hijacking of 2008. Our proposed scheme is a standalone service that can be incrementally deployed without the need of a central authority.

Much recent work focuses on finding bugs and security vulnerabilities in smart contracts written in existing languages. Although this approach may be helpful, it does not address flaws in the underlying programming language, which can facilitate writing buggy code in the first place. We advocate a re-thinking of the blockchain software engineering tool set, starting with the programming language in which smart contracts are written. In this paper, we propose and justify requirements for a new generation of blockchain software development tools. New tools should (1) consider users' needs as a primary concern; (2) seek to facilitate safe development by detecting relevant classes of serious bugs at compile time; (3) as much as possible, be blockchain-agnostic, given the wide variety of different blockchain platforms available, and leverage the properties that are common among blockchain environments to improve safety and developer effectiveness.

Blockchains - with their inherent properties of transaction transparency, distributed consensus, immutability and cryptographic verifiability - are increasingly seen as a means to underpin innovative products and services in a range of sectors from finance through to energy and healthcare. Discussions, too often, make assertions that the trustless nature of blockchain technologies enables and actively promotes their suitability - there being no need to trust third parties or centralised control. Yet humans need to be able to trust systems, and others with whom the system enables transactions. In this paper, we highlight that understanding this need for trust is critical for the development of blockchain-based systems. Through an online study with 125 users of the most well-known of blockchain based systems - the cryptocurrency Bitcoin - we uncover that human and institutional aspects of trust are pervasive. Our analysis highlights that, when designing future blockchain-based technologies, we ought to not only consider computational trust but also the wider eco-system, how trust plays a part in users engaging/disengaging with such eco-systems and where design choices impact upon trust. From this, we distill a set of guidelines for software engineers developing blockchain-based systems for societal applications.

In last decades' web application security has become one of the most important case study of information security studies. Business processes are transferred to web platforms. So web application usage is increased very fast. Web-based attacks have also increased due to the increased use of web applications. In order to ensure the security of web applications, intrusion detection and prevention systems and web application firewalls are used against web based attacks. Blockchain technology, which has become popular in recent years, enables reliable and transparent sharing of data with all stakeholders. In this study, in order to detect web-based attacks, a blockchain based web attack detection model that uses the signature based detection method is proposed. The signature based detection refers to the detection of attacks by looking for specific patterns against known web based attack types, such as Structured Query Language (SQL) Injection, Cross Site Scripting (XSS), Command Injection. Three web servers were used for the experimental study. A blockchain node has been installed with the MultiChain application for each server. Attacks on web applications are detected using the signature list found in the web application as well as detected using the signature list updated on the blockchain. According to the experimental results, the attacks signature detected and defined by a web application are updated in the blockchain lists and used by all web applications.

FastChain is a simulator built in NS-3 which simulates the networked battlefield scenario with military applications, connecting tankers, soldiers and drones to form Internet-of-Battlefield-Things (IoBT). Computing, storage and communication resources in IoBT are limited during certain situations in IoBT. Under these circumstances, these resources should be carefully combined to handle the task to accomplish the mission. FastChain simulator uses Sharding approach to provide an efficient solution to combine resources of IoBT devices by identifying the correct and the best set of IoBT devices for a given scenario. Then, the set of IoBT devices for a given scenario collaborate together for sharding enabled Blockchain technology. Interested researchers, policy makers and developers can download and use the FastChain simulator to design, develop and evaluate blockchain enabled IoBT scenarios that helps make robust and trustworthy informed decisions in mission-critical IoBT environment.

Military technology is ever-evolving to increase the safety and security of soldiers on the field while integrating Internet-of-Things solutions to improve operational efficiency in mission oriented tasks in the battlefield. Centralized communication technology is the traditional network model used for battlefields and is vulnerable to denial of service attacks, therefore suffers performance hazards. They also lead to a central point of failure, due to which, a flexible model that is mobile, resilient, and effective for different scenarios must be proposed. Blockchain offers a distributed platform that allows multiple nodes to update a distributed ledger in a tamper-resistant manner. The decentralized nature of this system suggests that it can be an effective tool for battlefields in securing data communication among Internet-of-Battlefield Things (IoBT). In this paper, we integrate a permissioned blockchain, namely Hyperledger Sawtooth, in IoBT context and evaluate its performance with the goal of determining whether it has the potential to serve the performance needs of IoBT environment. Using different testing parameters, the metric data would help in suggesting the best parameter set, network configuration and blockchain usability views in IoBT context. We show that a blockchain-integrated IoBT platform has heavy dependency on the characteristics of the underlying network such as topology, link bandwidth, jitter, and other communication configurations, that can be tuned up to achieve optimal performance.

Delivery service via ridesharing is a promising service to share travel costs and improve vehicle occupancy. Existing ridesharing systems require participating vehicles to periodically report individual private information (e.g., identity and location) to a central controller, which is a potential central point of failure, resulting in possible data leakage or tampering in case of controller break down or under attack. In this paper, we propose a Blockchain secured ridesharing delivery system, where the immutability and distributed architecture of the Blockchain can effectively prevent data tampering. However, such tamper-resistance property comes at the cost of a long confirmation delay caused by the consensus process. A Hash-oriented Practical Byzantine Fault Tolerance (PBFT) based consensus algorithm is proposed to improve the Blockchain efficiency and reduce the transaction confirmation delay from 10 minutes to 15 seconds. The Hash-oriented PBFT effectively avoids the double-spending attack and Sybil attack. Security analysis and simulation results demonstrate that the proposed Blockchain secured ridesharing delivery system offers strong security guarantees and satisfies the quality of delivery service in terms of confirmation delay and transaction throughput.

Wear and tear are essential in establishing the market value of an asset. From shutter counters on DSLRs to odometers inside cars, specific counters, that encode the degree of wear, exist on most products. But malicious modification of the information that they report was always a concern. Our work explores a solution to this problem by using the blockchain technology, a layered encoding of product attributes and identity-based cryptography. Merging such technologies is essential since blockchains facilitate the construction of a distributed database that is resilient to adversarial modifications, while identity-based signatures set room for a more convenient way to check the correctness of the reported values based on the name of the product and pseudonym of the owner alone. Nonetheless, we reinforce security by using ownership cards deployed around NFC tokens. Since odometer fraud is still a major practical concern, we discuss a practical scenario centered on vehicles, but the framework can be easily extended to many other assets.

Threat intelligence sharing is posited as an important aid to help counter cybersecurity attacks and a number of threat intelligence sharing communities exist. There is a general consensus that many challenges remain to be overcome to achieve fully effective sharing, including concerns about privacy, negative publicity, policy/legal issues and expense of sharing, amongst others. One recent trend undertaken to address this is the use of decentralized blockchain based sharing architectures. However while these platforms can help increase sharing effectiveness they do not fully address all of the above challenges. In particular, issues around trust are not satisfactorily solved by current approaches. In this paper, we describe a novel trust enhancement framework -TITAN- for decentralized sharing based on the use of P2P reputation systems to address open trust issues. Our design uses blockchain and Trusted Execution Environment technologies to ensure security, integrity and privacy in the operation of the threat intelligence sharing reputation system.

With the economic development, the number of cars is increasing, and the traffic accidents and congestion problems that follow will not be underestimated. The concept of the Internet of Vehicles is becoming popular, and demand for intelligent traffic is growing. In this paper, the warning scheme we proposed aims to solve the traffic problems. Using intelligent terminals, it is faster and more convenient to obtain driving behaviors and road condition information. The application of blockchain technology can spread information to other vehicles for sharing without third-party certification. Group signature-based authentication protocol guarantees privacy and security while ensuring identity traceability. In experiments and simulations, the recognition accuracy of driving behavior can reach up to 94.90%. The use of blockchain provides secure, distributed, and autonomous features for the solution. Compared with the traditional signature method, the group signature-based authentication time varies less with the increase of the number of vehicles, and the communication time is more stable.

The labor market involves several untrusted actors with contradicting objectives. We propose a blockchain based system for labor market, which provides benefits to all participants in terms of confidence, transparency, trust and tracking. Our system would handle employment data through new Wavelet blockchain platform. It would change the job market enabling direct agreements between parties without other participants, and providing new mechanisms for negotiating the employment conditions. Furthermore, our system would reduce the need in existing paper workflow as well as in major internet recruiting companies. The key differences of our work from other blockchain based labor record systems are usage of Wavelet blockchain platform, which features metastability, directed acyclic graph system and Turing complete smart contracts platform and introduction of human interaction inside the smart contracts logic, instead of automatic execution of contracts. The results are promising while inconclusive and we would further explore potential of blockchain solutions for labor market problems.

With the development of computer technology and the popularization of network, network brings great convenience to colleagues and risks to people from all walks of life all over the world. The data in the network world is growing explosively. Various kinds of intrusions are emerging in an endless stream. The means of network intrusion are becoming more and more complex. The intrusions occur at any time and the security threats become more and more serious. Defense alone cannot meet the needs of system security. It is also necessary to monitor the behavior of users in the network at any time and detect new intrusions that may occur at any time. This will not only make people's normal network needs cannot be guaranteed, but also face great network risks. So that people not only rely on defensive means to protect network security, this paper explores block chain network intrusion detection system. Firstly, the characteristics of block chain are briefly introduced, and the challenges of block chain network intrusion security and privacy are proposed. Secondly, the intrusion detection system of WLAN is designed experimentally. Finally, the conclusion analysis of block chain network intrusion detection system is discussed.

Despite the very high volatility of the cryptocurrency markets, the interest in the development and adaptation of existing cryptocurrencies such as Bitcoin as well as new distributed ledger technologies is increasing. Therefore, understanding the security and vulnerability issues of such blockchain systems plays a critical role. In this work, we propose a configurable distributed simulation framework for analyzing Bitcoin-like blockchain systems which are based on Proof-of-Work protocols. The simulator facilitates investigating security properties of blockchain systems by enabling users to configure several characteristics of the blockchain network and executing different attack scenarios, such as double-spending attacks and flood attacks and observing the effects of the attacks on the blockchain network.

In a research community, the provenance sharing of scientific workflows can enhance distributed research cooperation, experiment reproducibility verification and experiment repeatedly doing. Considering that scientists in such a community are often in a loose relation and distributed geographically, traditional centralized provenance sharing architectures have shown their disadvantages in poor trustworthiness, reliabilities and efficiency. Additionally, they are also difficult to protect the rights and interests of data providers. All these have been largely hindering the willings of distributed scientists to share their workflow provenance. Considering the big advantages of blockchain in decentralization, trustworthiness and high reliability, an approach to sharing scientific workflow provenance based on blockchain in a research community is proposed. To make the approach more practical, provenance is handled on-chain and original data is delivered off-chain. A kind of block structure to support efficient provenance storing and retrieving is designed, and an algorithm for scientists to search workflow segments from provenance as well as an algorithm for experiments backtracking are provided to enhance the experiment result sharing, save computing resource and time cost by avoiding repeated experiments as far as possible. Analyses show that the approach is efficient and effective.

Known for powering cryptocurrencies such as Bitcoin and Ethereum, blockchain is seen as a disruptive technology capable of revolutionizing a wide variety of domains, ranging from finance to governance, by offering superior security, reliability, and transparency founded upon a decentralized and democratic computational model. In this tutorial, we first present the original Bitcoin design, along with Ethereum and Hyperledger, and reflect on their design choices through the academic lens. We further provide an overview of potential applications and associated research challenges, as well as a survey of ongoing research directions related to byzantine fault-tolerance consensus protocols. We highlight the new opportunities blockchain creates for building the next generation of secure middleware platforms and explore the possible interplay between AI and blockchains, or more specifically, how blockchain technology can enable the notion of "decentralized intelligence." We conclude with a walkthrough demonstrating the process of developing a decentralized application using a popular Smart Contract language (Solidity) over the Ethereum platform