Biblio

Because Bitcoin P2P networking is permissionless by the application requirement, it is vulnerable against networking threats based on identity/credential manipulations such as Sybil and spoofing attacks. The current Bitcoin implementation keeps track of its peer's networking misbehaviors through ban score. In this paper, we investigate the security problems of the ban-score mechanism and discover that the ban score is not only ineffective against the Bitcoin Message-based DoS attacks but also vulnerable to a Defamation attack. In the Defamation attack, the network adversary can exploit the ban-score mechanism to defame innocent peers.

Emerging blockchain and cryptocurrency-based technologies are redefining the way we conduct business in cyberspace. Today, a myriad of blockchain and cryp-tocurrency systems, applications, and technologies are widely available to companies, end-users, and even malicious actors who want to exploit the computational resources of regular users through cryptojacking malware. Especially with ready-to-use mining scripts easily provided by service providers (e.g., Coinhive) and untraceable cryptocurrencies (e.g., Monero), cryptojacking malware has become an indispensable tool for attackers. Indeed, the banking industry, major commercial websites, government and military servers (e.g., US Dept. of Defense), online video sharing platforms (e.g., Youtube), gaming platforms (e.g., Nintendo), critical infrastructure resources (e.g., routers), and even recently widely popular remote video conferencing/meeting programs (e.g., Zoom during the Covid-19 pandemic) have all been the victims of powerful cryptojacking malware campaigns. Nonetheless, existing detection methods such as browser extensions that protect users with blacklist methods or antivirus programs with different analysis methods can only provide a partial panacea to this emerging crypto-jacking issue as the attackers can easily bypass them by using obfuscation techniques or changing their domains or scripts frequently. Therefore, many studies in the literature proposed cryptojacking malware detection methods using various dynamic/behavioral features. However, the literature lacks a systemic study with a deep understanding of the emerging cryptojacking malware and a comprehensive review of studies in the literature. To fill this gap in the literature, in this SoK paper, we present a systematic overview of cryptojacking malware based on the information obtained from the combination of academic research papers, two large cryptojacking datasets of samples, and 45 major attack instances. Finally, we also present lessons learned and new research directions to help the research community in this emerging area.

Internet of Things (IoT) is one relatively new technology, which aims to make our lives easier by automating our daily processes. This article would aim to deliver an idea how to prevent the IoT technology, delivering maliciously and bad things and how to scale. The intention of this research is to explain how a specific implementation of a Blockchain network, enterprise-grade permissioned distributed ledger framework called Hyperledger Fabric, can be used to resolve the security and scalability issues in an IoT network.

Digital identity is the key to the evolving digital society and economy. Since the inception of digital identity, numerous Identity Management (IDM) systems have been developed to manage digital identity depending on the requirements of the individual and that of organisations. This evolution of IDM systems has provided an incremental process leading to the granting of control of identity ownership and personal data to its user, thus producing an IDM which is more user-centric with enhanced security and privacy. A recently promising IDM known as Self-Sovereign Identity (SSI) has the potential to provide this sovereignty to the identity owner. The Sovrin Network is an emerging SSI service utility enabling self-sovereign identity for all, therefore, its assessment has to be carefully considered with reference to its architecture, working, functionality, strengths and limitations. This paper presents an analysis of the Sovrin Network based on aforementioned features. Firstly, it presents the architecture and components of the Sovrin Network. Secondly, it illustrates the working of the Sovrin Network and performs a detailed analysis of its various functionalities and metrics. Finally, based on the detailed analysis, it presents the strengths and limitations of the Sovrin Network.

In the context of Industrial Internet logo analysis, this paper analyzes the feasibility and outstanding advantages of the blockchain technology applied to supply chain data supervision combining the pain spots of traditional supply chain management system and the technical superiority. Although blockchain technology has uprooted some deep-entrenched problems of supply chain data management system, it brings new issues to government supervision in the meanwhile. Upon the analysis of current development and the new problems of blockchain-based supply chain data management system, a new parent-children blockchain-based supply chain data supervision system is proposed, which targets to overcome the dilemma faced by the governmental regulation of supply chain. Firstly, with the characteristics of blockchain including decentralization, non-tampering and non-repudiation, the system can solve the problem puzzling the traditional database about untruthful and unreliable data, and has advantages in managing supply chain and realizing product traceability. The authenticity and reliability of data on the chain also make it easier for the government to investigate and affix the responsibility of vicious incidents. At the same time, the system adopts the parent-children chain structure and the storage mode combining on-chain and off-chain resources to overcome the contradiction between information disclosure requirements of the government and privacy protection requirements of enterprises, which can better meet the needs of various users. Moreover, the application of smart contracts can replace a large number of the manual work like repetitive data analysis, which can make analysis results more accurate and avoid human failure.

To ensure traffic safety and proper operation of vehicular networks, safety messages or beacons are periodically broadcasted in Vehicular Adhoc Networks (VANETs) to neighboring nodes and road side units (RSU). Thus, authenticity and integrity of received messages along with the trust in source nodes is crucial and highly required in applications where a failure can result in life-threatening situations. Several digital signature based approaches have been described in literature to achieve the authenticity of these messages. In these schemes, scenarios having high level of vehicle density are handled by RSU where aggregated signature verification is done. However, most of these schemes are centralized and PKI based where our goal is to develop a decentralized dynamic system. Along with authenticity and integrity, trust management plays an important role in VANETs which enables ways for secure and verified communication. A number of trust management models have been proposed but it is still an ongoing matter of interest, similarly authentication which is a vital security service to have during communication is not mostly present in the literature work related to trust management systems. This paper proposes a secure and publicly verifiable communication scheme for VANET which achieves source authentication, message authentication, non repudiation, integrity and public verifiability. All of these are achieved through digital signatures, Hash Message Authentication Code (HMAC) technique and logging mechanism which is aided by blockchain technology.

The advancement of Information and Communication Technologies has brought numerous facilities and benefits to society. In this environment, surrounded by technologies, data, and personal information, have become an essential and coveted tool for many sectors. In this scenario, where a large amount of data has been collected, stored, and shared, privacy concerns arise, especially when dealing with sensitive data such as health data. The information owner generally has no control over his information, which can bring serious consequences such as increases in health insurance prices or put the individual in an uncomfortable situation with disclosing his physical or mental health. While privacy regulations, like the General Data Protection Regulation (GDPR), make it clear that the information owner must have full control and management over their data, disparities have been observed in most systems and platforms. Therefore, they are often not able to give consent or have control and management over their data. For the users to exercise their right to privacy and have sufficient control over their data, they must know everything that happens to them, where their data is, and where they have been. It is necessary that the entire life cycle, from generation to deletion of data, is managed by its owner. To this end, this article presents an Information Chain of Custody Model based on Blockchain technology, which allows from the traceability of information to the offer of tools that will enable the effective management of data, offering total control to its owner. The result showed that the prototype was very useful in the traceability of the information. With that it became clear the technical feasibility of this research.

The total number of photovoltaic power producing facilities whose FIT-based ten-year contract expires by 2023 is expected to reach approximately 1.65 million in Japan. If the number of renewable electricity-producing/consuming facilities reached two million, an enormous number of transactions would be invoked beyond blockchain's scalability.We propose mutually cooperative two novel methods to simultaneously solve scalability, data size, and privacy problems in blockchain-based trading platforms for renewable energy environmental value. One is a management scheme of electricity production resources (EPRs) using an extended UTXO token. The other is a data aggregation scheme that aggregates a significant number of smart meter records with evidentiality using zero-knowledge proof (ZKP).

Quality assurance and food safety are the most problem that the consumers are special care. To solve this problem, the enterprises must improve their food supply chain management system. In addition to tracking and storing orders and deliveries, it also ensures transparency and traceability of food production and transportation. This is a big challenge that the food supply chain system using the client-server model cannot meet with the requirements. Blockchain was first introduced to provide distributed records of digital currency exchanges without reliance on centralized management agencies or financial institutions. Blockchain is a disruptive technology that can improve supply chain related transactions, enable to access data permanently, data security, and provide a distributed database. In this paper, we propose a method to design a food supply chain management system base on Blockchain technology that is capable of bringing consumers’ trust in food traceability as well as providing a favorable supply and transaction environment. Specifically, we design a system architecture that is capable of controlling and tracking the entire food supply chain, including production, processing, transportation, storage, distribution, and retail. We propose the KDTrace system model and the Channel of KDTrace network model. The Smart contract between the organizations participating in the transaction is implemented in the Channel of KDTrace network model. Therefore, our supply chain system can decrease the problem of data explosion, prevent data tampering and disclosure of sensitive information. We have built a prototype based on Hyperledger Fabric Blockchain. Through the prototype, we demonstrated the effectiveness of our method and the suitability of the use cases in a supply chain. Our method that uses Blockchain technology can improve efficiency and security of the food supply chain management system compared with traditional systems, which use a clientserver model.

Blockchain-based cryptocurrencies offer an appealing alternative to Fiat currencies, due to their decentralized and borderless nature. However the decentralized settings make the authentication process more challenging: Standard cryptographic methods often rely on the ability of users to reliably store a (large) secret information. What happens if one user's key is lost or stolen? Blockchain systems lack of fallback mechanisms that allow one to recover from such an event, whereas the traditional banking system has developed and deploys quite effective solutions. In this work, we develop new cryptographic techniques to integrate security policies (developed in the traditional banking domain) in the blockchain settings. We propose a system where a smart contract is given the custody of the user's funds and has the ability to invoke a two-factor authentication (2FA) procedure in case of an exceptional event (e.g., a particularly large transaction or a key recovery request). To enable this, the owner of the account secret-shares the answers of some security questions among a committee of users. When the 2FA mechanism is triggered, the committee members can provide the smart contract with enough information to check whether an attempt was successful, and nothing more. We then design a protocol that securely and efficiently implements such a functionality: The protocol is round-optimal, is robust to the corruption of a subset of committee members, supports low-entropy secrets, and is concretely efficient. As a stepping stone towards the design of this protocol, we introduce a new threshold homomorphic encryption scheme for linear predicates from bilinear maps, which might be of independent interest. To substantiate the practicality of our approach, we implement the above protocol as a smart contract in Ethereum and show that it can be used today as an additional safeguard for suspicious transactions, at minimal added cost. We also implement a second scheme where the smart contract additionally requests a signature from a physical hardware token, whose verification key is registered upfront by the owner of the funds. We show how to integrate the widely used universal two-factor authentication (U2F) tokens in blockchain environments, thus enabling the deployment of our system with available hardware.

An electronic medical record (EMR) is the digital medical data of a patient, and they are healthcare system's most valuable asset. In this paper, we introduce a decentralized network using blockchain technology and smart contracts as a solution to manage and secure medical records storing, and transactions between medical healthcare providers. Ethereum blockchain is employed to build the blockchain. Solidity object-oriented language was utilized to implement smart contracts to digitally facilitate and verify transactions across the network (creating records, access requests, permitting access, revoking access, rejecting access). This will mitigate prevailing issues of current systems and enhance their performance, since current EMRs are stored on a centralized database, which cannot guarantee data integrity and security, consequently making them susceptible to malicious attacks. Our proposed system approach is of vital importance considering that healthcare providers depend on various tests in making a decision about a patient's diagnosis, and the respective plan of treatment they will go through. These tests are not shared with other providers, while data is scattered on various systems, as a consequence of these ensuing scenarios, patients suffer of the resulting care provided. Moreover, blockchain can meliorate the motley serious challenges caused by future use of IoT devices that provide real-time data from patients. Therefore, integrating the two technologies will produce decentralized IoT based healthcare systems.

In the crowdsourced testing system, due to the openness of crowdsourced testing platform and other factors, the security of crowdsourced testing intellectual property cannot be effectively protected. We proposed an attribute-based double encryption scheme, combined with the blockchain technology, to achieve the data access control method of the code to be tested. It can meet the privacy protection and traceability of specific intellectual property in the crowdsourced testing environment. Through the experimental verification, the access control method is feasible, and the performance test is good, which can meet the normal business requirements.

The Bitcoin blockchain is managed by an underlying peer-to-peer network. This network is responsible for the propagation of transactions carried out by users via the blocks (which contain the validated transactions), and to ensure consensus between the different nodes. The quality and safety of this network are therefore particularly essential. In this work, we present an open dataset on the peers composing the Bitcoin P2P Network that was made following a well defined and reproducible methodology. We also provide a first analysis of the dataset on three criteria: the number of public nodes and their client version and geographical distribution.

With the development of IT technology and the generalization of the Internet of Things, smart grid systems combining IoT for efficient power grid construction are being widely deployed. As a form of development for this, edge computing and blockchain technology are being combined with the smart grid. Wang et al. proposed a user authentication scheme to strengthen security in this environment. In this paper, we describe the scheme proposed by Wang et al. and security faults. The first is that it is vulnerable to a side-channel attack, an impersonation attack, and a key material change attack. In addition, their scheme does not guarantee the anonymity of a participant in the smart grid system.

In today's digital era, data is most important in every phase of work. The storage and processing on data with security is the need of each and every application field. Data need to be tamper resistant due to possibility of alteration. Data can be represented and stored in heterogeneous format. There are chances of attack on information which is vital for particular organization. With rapid increase in cyber crime, attackers behave maliciously to alter those data. But it is having great impact on forensic evidences which is required for provenance. Therefore, it is required to maintain the reliability and provenance of digital evidences as it travels through various stages during forensic investigation. In this approach, there is a forensic chain in which generated report passes through various levels or intermediaries such as pathology laboratory, doctor, police department etc. To build the transparent system with immutability of forensic evidences, blockchain technology is more suitable. Blockchain technology provides the transfer of assets or evidence reports in transparent environment without central authority. In this paper blockchain based secure system for forensic evidences is proposed. The proposed system is implemented on Ethereum platform. The tampering of forensic evidence can be easily traced at any stage by anyone in the forensic chain. The security enhancement of forensic evidences is achieved through implementation on Ethereum platform with high integrity, traceability and immutability.

In the past few years, the blockchain emerged as peer-to-peer distributed ledger technology for recording transactions, maintained by many peers without any central trusted regulatory authority through distributed public-key cryptography and consensus mechanism. It has not only given the birth of cryptocurrencies, but it also resolved various security, privacy and transparency issues of decentralized systems. This article discussed the blockchain basics overview, architecture, and blockchain security components such as hash function, Merkle tree, digital signature, and Elliptic curve cryptography (ECC). In addition to the core idea of blockchain, we focus on ECC's significance in the blockchain. We also discussed why RSA and other key generation mechanisms are not suitable for blockchain-based IoT applications. We also analyze many possible blockchain-based applications where ECC algorithm is better than other algorithms concerning security and privacy assurance. At the end of the article, we will explain the comparative analysis of ECC and RSA.

With the tremendous growth of IoT application, providing security to IoT systems has become more critical. In this paper, a technique is presented to ensure the safety of Internet of Things (IoT) devices. This technique ensures hardware and software security of IoT devices. Blockchain technology is used for software security and hardware logics are used for hardware security. For enabling a Blockchain, Ethereum Network is used for secure peer-to-peer transmission. A prototype model is also used using two IoT nodes to demonstrate the security logic.

Recent years have seen an increase in medical big data, which can be attributed to a paradigm shift experienced in medical data sharing induced by the growth of medical technology and the Internet of Things. The evidence of this potential has been proved during the recent covid-19 pandemic, which was characterised by the use of medical wearable devices to help with the medical data exchange between the healthcare providers and patients in a bid to contain the pandemic. However, the use of these technologies has also raised questions and concerns about security and privacy risks. To assist in resolving this issue, this paper proposes a blockchain-based access control framework for managing access to users’ medical data. This is facilitated by using a smart contract on the blockchain, which allows for delegated access control and secure user authentication. This solution leverages blockchain technology’s inherent autonomy and immutability to solve the existing access control challenges. We have presented the solution in the form of a medical wearable sensor prototype and a mobile app that uses the Ethereum blockchain in a real data sharing control scenario. Based on the empirical results, the proposed solution has proven effective. It has the potential to facilitate reliable data exchange while also protecting sensitive health information against potential threats. When subjected to security analysis and evaluation, the system exhibits performance improvements in data privacy levels, high security and lightweight access control design compared to the current centralised access control models.

In recent years, blockchain-based cryptocurren-cies have attracted much attention. Attacks targeting cryptocurrencies and related services directly profit an attacker if successful. Related studies have reported attacks targeting configuration-vulnerable nodes in Ethereum using a method called honeypots to observe malicious user attacks. They have analyzed 380 million observed requests and showed that attacks had to that point taken at least 4193 Ether. However, long-term observations using honeypots are difficult because the cost of maintaining honeypots is high. In this study, we analyze the behavior of malicious users using our honeypot system. More precisely, we clarify the pre-investigation that a malicious user performs before attacks. We show that the cost of maintaining a honeypot can be reduced. For example, honeypots need to belong in Ethereum's P2P network but not to the mainnet. Further, if they belong to the testnet, the cost of storage space can be reduced.

Recently, Mobile Edge Cloud computing (MEC) has attracted attention both from academia and industry. The idea of moving a part of cloud resources closer to users and data sources can bring many advantages in terms of speed, data traffic, security and context-aware services. The MEC infrastructure does not only host and serves applications next to the end-users, but services can be dynamically migrated and reallocated as mobile users move in order to guarantee latency and performance constraints. This specific requirement calls for the involvement and collaboration of multiple MEC providers, which raises a major issue related to trustworthiness. Two main challenges need to be addressed: i) trustworthiness needs to be handled in a manner that does not affect latency or performance, ii) trustworthiness is considered in different dimensions - not only security metrics but also performance and quality metrics in general. In this paper, we propose a trust layer for public MEC infrastructure that handles establishing and updating trust relations among all MEC entities, making the interaction withing a MEC network transparent. First, we define trust attributes affecting the trusted quality of the entire infrastructure and then a methodology with a computation model that combines these trust attribute values. Our experiments showed that the trust model allows us to reduce latency by removing the burden from a single MEC node, while at the same time increase the network trustworthiness.

The most widely used method to prevent adversaries from eavesdropping on sensitive sensor, robot, and war fighter communications is mathematically strong cryptographic algorithms. However, prevailing cryptographic protocol mandates are often made without consideration of resource constraints of devices in the internet of Battlefield Things (IoBT). In this article, we address the challenges of IoBT sensor data exchange in contested environments. Battlefield IoT (Internet of Things) devices need to exchange data and receive feedback from other devices such as tanks and command and control infrastructure for analysis, tracking, and real-time engagement. Since data in IoBT systems may be massive or sparse, we introduced a machine learning classifier to determine what type of data to transmit under what conditions. We compared Support Vector Machine, Bayes Point Match, Boosted Decision Trees, Decision Forests, and Decision Jungles on their abilities to recommend the optimal confidentiality preserving data and transmission path considering dynamic threats. We created a synthesized dataset that simulates platoon maneuvers and IED detection components. We found Decision Jungles to produce the most accurate results while requiring the least resources during training to produce those results. We also introduced the JointField blockchain network for joint and allied force data sharing. With our classifier, strategists, and system designers will be able to enable adaptive responses to threats while engaged in real-time field conflict.

Over the last few years, the world has been moving towards digital healthcare, where harnessing medical data distributed across multiple healthcare providers is essential to achieving personalized treatments. Though the efficiency and speed of the diagnosis process have increased due to the digitalization of healthcare data, it is at constant risk of cyberattacks. Medical images, in particular, seem to have become a regular victim of hackers, due to which there is a need to find a feasible solution for storing them securely. This work proposes a blockchain-based framework that leverages the InterPlanetary File system (IPFS) to provide decentralized storage for medical images. Our proposed blockchain storage model is implemented in the IPFS distributed file-sharing system, where each image is stored on IPFS, and its corresponding unique content-addressed hash is stored in the blockchain. The proposed model ensures the security of the medical images without any third-party dependency and eliminates the obstacles that arise due to centralized storage.

Threat information sharing is considered as one of the proactive defensive approaches for enhancing the over-all security of trusted partners. Trusted partner organizations can provide access to past and current cybersecurity threats for reducing the risk of a potential cyberattack—the requirements for threat information sharing range from simplistic sharing of documents to threat intelligence sharing. Therefore, the storage and sharing of highly sensitive threat information raises considerable concerns regarding constructing a secure, trusted threat information exchange infrastructure. Establishing a trusted ecosystem for threat sharing will promote the validity, security, anonymity, scalability, latency efficiency, and traceability of the stored information that protects it from unauthorized disclosure. This paper proposes a system that ensures the security principles mentioned above by utilizing a distributed ledger technology that provides secure decentralized operations through smart contracts and provides a privacy-preserving ecosystem for threat information storage and sharing regarding the MITRE ATT&CK framework.

With the increasing number of electric vehicles, the scale of the market also increases. In the past, the electric vehicle market had problems such as opaque information, numerous levels and data leakage, which were criticized for the impact of the overall development and policies of the electric vehicle industry. In view of the problems existing in the transparency and security of big data management transactions of the Internet of vehicles, this paper combs the commercial operation framework of the Internet of Vehicles Platform, analyses the feasibility and necessity of establishing the token system of the Internet of Vehicles Platform, and constructs the token economic system architecture of the Internet of Vehicles Platform and its development path.

In an agricultural supply chain, farmers, food processors, transportation agencies, importers, and exporters must comply with different regulations imposed by one or more jurisdictions depending on the nature of their business operations. Supply chain stakeholders conventionally transport their goods, along with the corresponding documentation via regulators for compliance checks. This is generally followed by a tedious and manual process to ensure the goods meet regulatory requirements. However, supply chain systems are changing through digitization. In digitized supply chains, data is shared with the relevant stakeholders through digital supply chain platforms, including blockchain technology. In such datadriven digital supply chains, the regulators may be able to leverage digital technologies, such as artificial intelligence and machine learning, to automate the compliance verification process. However, a barrier to progress is the risk that information will not be credible, thus reversing the gains that automation could achieve. Automating compliance based on inaccurate data may compromise the safety and credibility of the agricultural supply chain, which discourages regulators and other stakeholders from adopting and relying on automation. Within this article we consider the challenges of digital supply chains when we describe parts of the compliance management process and how it can be automated to improve the operational efficiency of agricultural supply chains. We introduce assisted autonomy as a means to pragmatically automate the compliance verification process by combining the power of digital systems while keeping the human in-the-loop. We argue that autonomous compliance is possible, but that the need for human led inspection processes will never be replaced by machines, however it can be minimised through “assisted autonomy”.