Zheng Cao,Yi Zhen,Gang Fan,Sheng Gao

DOI: https://doi.org/10.48550/arxiv.2208.05168

2022-01-01

Abstract: The emergence of metaverse brings tremendous evolution to Non-Fungible Tokens (NFTs), which could certify the ownership the unique digital asset in the cyber world. The NFT market has garnered unprecedented attention from investors and created billions of dollars in transaction volume. Meanwhile, securing NFT is still a challenging issue. Recently, numerous incidents of NFT theft have been reported, leading to incalculable losses for holders. We propose a decentralized NFT anti-theft mechanism called TokenPatronus, which supports the general ERC-721 standard and provide the holders with strong property protection. TokenPatronus contains pre-event protection, in-event interruption, and post-event replevin enhancements for the complete NFTs transactions stages. Four modules are designed to make up the decentralized anti-theft mechanism, including the decentralized access control (DAC), the decentralized risk management (DRM), the decentralized arbitration system (DAS) and the ERC-721G standard smart contract. TokenPatronus is performing on the Turtlecase NFT project of Ethereum and will support more blockchains in the future.

Jintao Huang,Pengcheng Xia,Jiefeng Li,Kai Ma,Gareth Tyson,Xiapu Luo,Lei Wu,Yajin Zhou,Wei Cai,Haoyu Wang

DOI: https://doi.org/10.1145/3589334.3645566

2024-01-01

Abstract:Unlike fungible tokens (e.g., cryptocurrency), a Non-Fungible Token (NFT) is unique and indivisible. As such, they can be used to authenticate ownership of digital assets (e.g., a photo) in a decentralized fashion. Given that NFTs have generated significant media attention since 2021, we perform a large-scale measurement study of the NFT ecosystem. We collect over 242M transfer logs and over 97M marketplace transactions until Aug 1st, 2023, by far the largest NFT dataset, to the best of our knowledge. We characterize the on-chain behavior of NFTs and their trading across five major marketplaces. We find that, although the NFT ecosystem is growing rapidly, it is driven by a relatively small set of dominant centralized players, with suspicious trade activities, e.g., over 23% of the monetary volume is generated by malicious wash trading and the ecosystem has experienced over 157K cases of NFT arbitrage, with a total sum of over \25M profit. Our observations motivate the need for more research efforts in the NFT security analysis.

Ghassan Al-Sumaidaee,Željko Žilić

DOI: https://doi.org/10.3390/s24041264

IF: 3.9

2024-02-16

Sensors

Abstract:In an era dominated by rapid digitalization of sensed data, the secure exchange of sensitive information poses a critical challenge across various sectors. Established techniques, particularly in emerging technologies like the Internet of Things (IoT), grapple with inherent risks in ensuring data confidentiality, integrity, and vulnerabilities to evolving cyber threats. Blockchain technology, known for its decentralized and tamper-resistant characteristics, stands as a reliable solution for secure data exchange. However, the persistent challenge lies in protecting sensitive information amidst evolving digital landscapes. Among the burgeoning applications of blockchain technology, non-fungible tokens (NFTs) have emerged as digital certificates of ownership, securely recording various types of data on a distributed ledger. Unlike traditional data storage methods, NFTs offer several advantages for secure information exchange. Firstly, their tamperproof nature guarantees the authenticity and integrity of the data. Secondly, NFTs can hold both immutable and mutable data within the same token, simplifying management and access control. Moving beyond their conventional association with art and collectibles, this paper presents a novel approach that utilizes NFTs as dynamic carriers for sensitive information. Our solution leverages the immutable NFT data to serve as a secure data pointer, while the mutable NFT data holds sensitive information protected by steganography. Steganography embeds the data within the NFT, making them invisible to unauthorized eyes, while facilitating portability. This dual approach ensures both data integrity and authorized access, even in the face of evolving digital threats. A performance analysis confirms the approach's effectiveness, demonstrating its reliability, robustness, and resilience against attacks on hidden data. This paves the way for secure data transmission across diverse industries.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Hamza Salem,Manuel Mazzara

2024-08-22

Abstract:The rapid expansion of the non-fungible token (NFT) market has catalyzed new opportunities for artists, collectors, and investors, yet it has also unveiled critical challenges related to the storage and distribution of associated metadata. This paper examines the current landscape of NFT metadata storage, revealing a significant reliance on centralized platforms, which poses risks to the integrity, security, and decentralization of these digital assets. Through a detailed analysis of top-selling NFTs on the OpenSea marketplace, it was found that a substantial portion of metadata is hosted on centralized servers, making them susceptible to censorship, data breaches, and administrative alterations. Conversely, decentralized storage solutions, particularly the InterPlanetary File System (IPFS), were identified as a more secure and resilient alternative, offering enhanced transparency, resistance to tampering, and greater control for creators and collectors. This study advocates for the widespread adoption of decentralized storage architectures, incorporating digital signatures to verify ownership, as a means to preserve the value and trustworthiness of NFTs in an increasingly digital world. The findings underscore the necessity for NFT platforms to prioritize decentralized methodologies to ensure the long-term sustainability and integrity of the NFT

Cryptography and Security

Hisham S. Galal,Amr M. Youssef

DOI: https://doi.org/10.1109/tnse.2022.3205428

IF: 6.6

2023-01-10

IEEE Transactions on Network Science and Engineering

Abstract:Non-fungible tokens (NFTs) are unique non-interchangeable digital assets verified and stored using blockchain technology. Quite recently, there has been a surging interest and adoption of NFTs, with sales exceeding 10 billion in the third quarter of 2021. Given the public state of Blockchain, NFTs owners face a privacy problem. More precisely, an observer can trivially learn the whole NFT collections owned by an address. For some categories of NFTs like arts and game collectibles, owners can sell them for a profit. However, popular marketplaces trade NFTs using public auctions and direct offers. Hence, an observer can learn about the new owner and the NFT purchase price. To tackle those problems, we propose Aegis,(Aegis is a shield carried by Zeus and Athena. It is a symbol of protection.) a protocol that allows users to add privacy to their NFTs ownership. In Aegis users can swap NFTs for payment amounts in fungible tokens while hiding the details (i.e., involved parties, the NFTs, and the payment amounts). One of the main properties of Aegis is its complete compatibility with existing NFT standards. We design Aegis by leveraging zkSNARK proof system and smart contracts. We build an open-source prototype and perform experiments to evaluate Aegis's performance.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Haya R. Hasan,Khaled Salah,Ammar Battah,Mohammad Madine,Ibrar Yaqoob,Raja Jayaraman,Mohammed Omar

DOI: https://doi.org/10.1109/access.2022.3192388

IF: 3.9

2022-07-30

IEEE Access

Abstract:Non-Fungible Tokens (NFTs) have recently received immense popularity in the digital art industry. An NFT represents ownership of a unique item that is stored on the blockchain and cannot be changed, replaced, and copied. The current NFT ecosystem falls short in trust features and is prone to illegitimate users, threats, and vulnerabilities. In this paper, we propose a blockchain-based solution for the NFT ecosystem that incorporates registration of the participating actors, involves a decentralized reputation system, provides incentives to its users through rewards, and penalizes misconduct. Our system design is built to ensure trust and credibility in the NFT ecosystem. The proposed solution leverages blockchain's intrinsic security features such as transparency, tamper-proof logs, data integrity, accountability, and non-repudiation. We use the decentralized storage of the InterPlanetary File System (IPFS) to store the NFTs' metadata, whereas their hash is stored on the chain. We present algorithms along with their implementation, testing, and validation details. We demonstrate how our solution, as well as smart contract code, is secure enough against common security threats and attacks. We make our smart contract code publicly available on the GitHub repository.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jagger Bellagarda,Adnan M. Abu-Mahfouz

DOI: https://doi.org/10.3390/math10213934

IF: 2.4

2022-10-24

Mathematics

Abstract:As of 2022, non-fungible tokens, or NFTs, the smart contract powered tokens that represent ownership in a specific digital asset, have become a popular investment vehicle. In 2021, NFT trading reached USD 17.6 billion and entered mainstream media with several celebrities and major companies launching tokens within the space. The rapid rise in popularity of NFTs has brought with it a number of risks and concerns, two of which will be discussed and addressed in this technical paper. Data storage of the underlying digital asset connected to an NFT is held off-chain in most cases and is therefore out of the NFT holders' control. This issue will be discussed and addressed using a theoretical workflow developed and presented for a system that converges NFTs and verifiable credentials with the aim of storing underlying NFT digital assets in a decentralized manner. The second issue focuses on the rise of NFT infringements and fraud within the overall NFT space. This will be discussed and addressed through the development of a practical application, named "Connect2NFT". The main functionality of this practical application will enable users to connect their Twitter social media accounts to the NFTs they own, thus ensuring that potential buyers or viewers of the NFT can comprehensively conclude who is the authentic owner of a specific NFT. An individual performance analysis of the proposed solution will be conducted in addition to being compared and evaluated against similar applications. Thorough development, implementation, and testing has been performed in order to establish a practical solution that can be tested and applied to current NFT use cases. The theoretical NFT storage solution is a minor but equally important contribution in comparison.

mathematics

Ke Cheng,Liangmin Wang,Yulong Shen,Hua Wang,Yongzhi Wang,Xiaohong Jiang,Hong Zhong

DOI: https://doi.org/10.1109/tbdata.2017.2707552

2017-01-01

IEEE Transactions on Big Data

Abstract:The k-nearest neighbors (k-NN) query is a fundamental primitive in spatial and multimedia databases. It has extensive applications in location-based services, classification & clustering and so on. With the promise of confidentiality and privacy, massive data are increasingly outsourced to cloud in the encrypted form for enjoying the advantages of cloud computing (e.g., reduce storage and query processing costs). Recently, many schemes have been proposed to support k-NN query on encrypted cloud data. However, prior works have all assumed that the query users (QUs) are fully-trusted and know the key of the data owner (DO), which is used to encrypt and decrypt outsourced data. The assumptions are unrealistic in many situations, since many users are neither trusted nor knowing the key. In this paper, we propose a novel scheme for secure k-NN query on encrypted cloud data with multiple keys, in which the DO and each QU all hold their own different keys, and do not share them with each other; meanwhile, the DO encrypts and decrypts outsourced data using the key of his own. Our scheme is constructed by a distributed two trapdoors public-key cryptosystem (DT-PKC) and a set of protocols of secure two-party computation, which not only preserves the data confidentiality and query privacy but also supports the offline data owner. Our extensive theoretical and experimental evaluations demonstrate the effectiveness of our scheme in terms of security and performance.

Chuan Zhang,Mingyang Zhao,Jinwen Liang,Qing Fan,Liehuang Zhu,Song Guo

DOI: https://doi.org/10.1109/tdsc.2023.3330171

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Recently, increasing personal data has been stored in blockchain databases, ensuring data integrity by consensus. Although transparent and immutable blockchains are mainly adopted, the need to deploy preferences on which users can read and edit the data is growing in importance. Based on chameleon hashes, recent blockchains support editability governance but can hardly prevent data breaches because the data is readable to all participants in plaintexts. This motivates us to propose NANO, the first permissioned blockchain database that provides downward compatible readability and editability governance (i.e., users who can edit the data can also read the data). Two challenges are protecting policy privacy and efficiently revoking malicious users (e.g., users who abuse their editability privileges). The punchline is leveraging Newton's interpolation formula-based secret sharing to hide policies into polynomial parameters and govern the distribution of data decryption keys and chameleon hash trapdoors. Inspired by proxy re-encryption, NANO integrates unique user symbols into user keys, achieving linear user revocation overhead. Security analysis proves that NANO provides comprehensive privacy preservation under the chosen-ciphertext attack. Experiments on the FISCO blockchain platform demonstrate that compared with state-of-the-art related solutions, NANO achieves a 7× improvement on average regarding computational costs, gas consumption, and communication overhead.

Dushyant Behl,Palanivel Kodeswaran,Venkatraman Ramakrishna,Sayandeep Sen,Dhinakaran Vinayagamurthy

DOI: https://doi.org/10.1109/Blockchain50366.2020.00015

2021-01-23

Abstract:Private blockchain networks are used by enterprises to manage decentralized processes without trusted mediators and without exposing their assets publicly on an open network like Ethereum. Yet external parties that cannot join such networks may have a compelling need to be informed about certain data items on their shared ledgers along with certifications of data authenticity; e.g., a mortgage bank may need to know about the sale of a mortgaged property from a network managing property deeds. These parties are willing to compensate the networks in exchange for privately sharing information with proof of authenticity and authorization for external use. We have devised a novel and cryptographically secure protocol to effect a fair exchange between rational network members and information recipients using a public blockchain and atomic swap techniques. Using our protocol, any member of a private blockchain can atomically reveal private blockchain data with proofs in exchange for a monetary reward to an external party if and only if the external party is a valid recipient. The protocol preserves confidentiality of data for the recipient, and in addition, allows it to mount a challenge if the data turns out to be inauthentic. We also formally analyze the security and privacy of this protocol, which can be used in a wide array of practical scenarios

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Xuexue Jin,Lingbo Wei,Mengke Yu,Nenghai Yu,Jinyuan Sun

DOI: https://doi.org/10.1109/ICCChina.2013.6671119

2013-01-01

Abstract:Cloud computing is viewed as the next generation architecture of IT companies. As promising as it is, cloud computing also brings forth many new security issues when users outsource sensitive data to cloud servers. To keep sensitive users' data confidential against untrusted servers, existing solutions usually apply cryptographic methods. With data encryption, the same file will become different from each other, thus deduplication which is widely adopted by cloud storage service providers meets some challenges. Current method to solve the problem is to make use of some information computed from the shared file to achieve deduplication of encrypted data, say convergent encryption. But this piece of information which is computable from the file via a deterministic public algorithm is not really meant to be secret. To this end, we propose a scheme to address the deduplication of encrypted data efficiently and securely with the help of ensuring the ownership of the shared file, encrypting data using keys at user's will and realizing the anonymous store through the digital credential. We achieve this aims through proof of ownership (POW), proxy re-encryption (PRE) and digital credential.

Matthew Keating,Alan Barnett,Sean Ahearne

DOI: https://doi.org/10.1109/ICNP59255.2023.10355588

2023-10-10

Abstract:Blockchains and related applications continue to grow as an area of technology that can provide advantages over traditional approaches in certain use cases. One such area are data markets. Data market use cases include secure asset transactions, data lineage and data governance between multiple parties and involves data security, immutability, transparency. Data markets require strong privacy guarantees for digital asset procurement. The inherent properties of a blockchain can provide significant benefits in the data-market use case. In fact, there are many commercial platforms currently leveraging blockchain technologies for blockchain-based data markets. Leveraging blockchain for data market use cases creates the opportunity for new logical architectures to preserve privacy in the blockchain ecosystem. This publication proposes a multi-faceted solution for stronger privacy guarantees for digital asset procurement on blockchain-based data markets. An architecture will be detailed which provides better guarantees of privacy to those acquiring digital asserts from blockchain-based data markets by leveraging time-delays, batch requests, anonymization, and virtual “one-time” users to form a layer of obfuscation around requests.

Engineering,Computer Science

Blake Regalia,Benjamin Adams

2024-04-24

Abstract:The greatest advantage that Web3 applications offer over Web 2.0 is the evolution of the data access layer. Opaque, centralized services that compelled trust from users are replaced by trustless, decentralized systems of smart contracts. However, the public nature of blockchain-based databases, on which smart contracts transact, has typically presented a challenge for applications that depend on data privacy or that rely on participants having incomplete information. This has changed with the introduction of confidential smart contract networks that encrypt the memory state of active contracts as well as their databases stored on-chain. With confidentiality, contracts can more readily implement novel interaction mechanisms that were previously infeasible. Meanwhile, in both Web 2.0 and Web3 applications the user interface continues to play a crucial role in translating user intent into actionable requests. In many cases, developers have shifted intelligence and autonomy into the client-side, leveraging Web technologies for compute, graphics, and networking. Web3's reliance on such frontends has revealed a pain point though, namely that decentralized applications are not accessible to end users without a persistent host serving the application. Here we introduce the Non-Fungible Program (NFP) model for developing self-contained frontend applications that are distributed via blockchain, powered by Web technology, and backed by private databases persisted in encrypted smart contracts. Access to frontend code, as well as backend services, is controlled and guaranteed by smart contracts according to the NFT ownership model, eliminating the need for a separate host. By extension, NFP applications bring interactivity to token owners and enable new functionalities, such as authorization mechanisms for oracles, supplementary Web services, and overlay networks in a secure manner. In addition...

Computers and Society

Dagang Li,Rong Du,Man Ho Au,Yue Fu

DOI: https://doi.org/10.1109/lnet.2019.2891998

2017-01-01

Abstract:In this letter we propose Meta-key, a data-sharing mechanism that enablesusers share their encrypted data under a blockchain-based decentralized storagearchitecture. All the data-encryption keys are encrypted by the owner's publickey and put onto the blockchain for safe and secure storage and easykey-management. Encrypted data are stored in dedicated storage nodes and proxyre-encryption mechanism is used to ensure secure data-sharing in the untrustedenvironment. Security analysis of our model shows that the proxy re-encryptionadopted in our system is naturally free from collusion-attack due to thespecific architecture of Meta-key.

Ariel Futoransky,Carlos Sarraute,Daniel Fernandez,Matias Travizano,Ariel Waissbein

DOI: https://doi.org/10.48550/arXiv.2002.09689

2020-02-22

Cryptography and Security

Abstract:We construct a privacy-preserving, distributed and decentralized marketplace where parties can exchange data for tokens. In this market, buyers and sellers make transactions in a blockchain and interact with a third party, called notary, who has the ability to vouch for the authenticity and integrity of the data. We introduce a protocol for the data-token exchange where neither party gains more information than what it is paying for, and the exchange is fair: either both parties gets the other's item or neither does. No third party involvement is required after setup, and no dispute resolution is needed.

James Cunningham,Nigel Davies,Sarah Devaney,Søren Holm,Mike Harding,Victoria Neumann,John Ainsworth

DOI: https://doi.org/10.3233/SHTI220479

2022-05-25

Abstract:In recent years we have seen the adoption of distributed ledger technology (DLT), originally the mechanism underpinning the operation of the Bitcoin crypto currency, across a wider range of technology sectors including healthcare. DLT allows for the design of informatics systems with the properties of immutability, security, and decentralization. One recent innovation in the space has been the specification and development of Non-Fungible Tokens (NFTs). NFTs are decentralized DLT-based records that represent ownership of a unique digital asset. The predominant current use case for NFTs has been in the representation and sale of digital artwork, however the features offered by NFTs, unique-ness, immutability, transferability, and verifiability, are directly applicable to the design of health informatics systems. In this paper we explore these properties and describe a reference architecture for using NFTs as a means of representing and transferring records of patient's consent for medical data use.

JIN Xue-xue,YU Neng-hai,ZHANG Chi,SUN Chang-xiang

DOI: https://doi.org/10.3969/j.issn.1009-8054.2013.05.028

2013-01-01

Abstract:For the requirements by efficient and secure data storage in cloud storage,a de-duplication scheme of encrypted data with proof of ownership is proposed.Firstly,a data owner is identified by taking advantage of the proof of ownership based on Merkle Hash Tree.After that,encrypted data is deduplicated by combining the proxy re-encryption.For some selfish clients an incentive mechanism is given.And the security of this proposed scheme is analysed.The experiment results show that the overhead of communication and computing required for reduction of storage space and bandwidth is very low.

Kalivaraprasanna Babu Goru,Thiyagarajan Paramasivan,Saranya Rajiakodi

DOI: https://doi.org/10.1515/kern-2023-0088

IF: 0.321

2024-01-31

Kerntechnik

Abstract:The paper presents a novel approach to securely store sensitive images within nuclear power stations. The suggested approach protects the secrecy, integrity, and availability of these crucial assets by integrating blockchain technology, Shamir's secret sharing, erasure coding, and encryption. To improve data security and transaction validation, the design uses a decentralized network, smart contracts, and consensus processes. Erasure coding adds redundancy while sensitive photos are divided into hidden shares, encrypted, and disseminated strategically across hierarchical tiers. Resilience against data loss or compromise is ensured by this design. The research advances secure picture storage techniques in key infrastructures, fostering trust and dependability, by resolving security and privacy concerns through this novel technology.

nuclear science & technology

Sarah Barrington,Nick Merrill

DOI: https://doi.org/10.48550/arXiv.2209.14517

2022-09-29

Cryptography and Security

Abstract:Non-Fungible Tokens (NFTs), digital certificates of ownership for virtual art, have until recently been traded on a highly lucrative and speculative market. Yet, an emergence of misconceptions, along with a sustained market downtime, are calling the value of NFTs into question. This project (1) describes three properties that any valuable NFT should possess (permanence, immutability and uniqueness), (2) creates a quantitative summary of permanence as an initial criteria, and (3) tests our measures on 6 months of NFTs on the Ethereum blockchain, finding 45% of ERC721 tokens in our corpus do not satisfy this initial criteria. Our work could help buyers and marketplaces identify and warn users against purchasing NFTs that may be overvalued.

Iuon-Chang Lin,Yi-Hsuan Kuo,Ching-Chun Chang,Jui-Chuan Liu,Chin-Chen Chang

DOI: https://doi.org/10.3390/sym16020147

2024-01-26

Symmetry

Abstract:In today's digital landscape, the exponential growth of data heightens security risks associated with traditional centralized storage systems. Utilizing blockchain technology, a shift towards decentralized data storage provides a more secure and private alternative. Central to our work is the exploration of symmetry in data management, a concept woven into the fabric of our proposed solution to challenge the inherency in InterPlanetary File System (IPFS) technology. Through the strategic utilization of smart contract-invoked random functions, our blockchain-based solution fragments and securely stores data in order to ensure a symmetrical balance between confidentiality and integrity. Our research endeavors are to contribute a robust, ethically grounded data storage framework fostering advancements in secure data sharing. The implications of this paper are significant in addressing contemporary challenges of data management within the expansive realm of big data.

multidisciplinary sciences