JIANG Peipei,WANG Qian,CHEN Yanjiao,LI Qi,SHEN Chao

DOI: https://doi.org/10.11959/j.issn.1000-436x.2021035

2021-01-01

Abstract:While the security of blockchain has been the central concern of both academia and industry since the very start, new security threats continue to emerge, which poses great risks to the blockchain ecosystem.A systematic study was conducted on the most state-of-the-art research on potential security issues of blockchain.Specifically, a taxonomy was developed by considering the blockchain framework as a four-layer system, and the analysis on the most recent attacks against security loopholes in each layer was provided.Countermeasures that can strengthen the blockchain were also discussed by highlighting their fundamental ideas and comparing different solutions.Finally, the forefront of research and potential directions of blockchain security were put forward to encourage further studies on the security of blockchain.

Quan Yuan,Puwen Wei,Keting Jia,Haiyang Xue

DOI: https://doi.org/10.1007/s11432-019-9916-5

2020-01-01

Science China Information Sciences

Abstract:Bitcoin, which was initially introduced by Nakamoto, is the most disruptive and impactive cryptocurrency. The core Bitcoin technology is the so-called blockchain protocol. In recent years, several studies have focused on rigorous analyses of the security of Nakamoto’s blockchain protocol in an asynchronous network where network delay must be considered. Wei, Yuan, and Zheng investigated the effect of a long delay attack against Nakamoto’s blockchain protocol. However, their proof only holds in the honest miner setting. In this study, we improve Wei, Yuan and Zheng’s result using a stronger model where the adversary can perform long delay attacks and corrupt a certain fraction of the miners. We propose a method to analyze the converge event and demonstrate that the properties of chain growth, common prefix, and chain quality still hold with reasonable parameters in our stronger model.

Congcong Ye,Guoqiang Li,Hongming Cai,Yonggen Gu,Akira Fukuda

DOI: https://doi.org/10.1109/dsa.2018.00015

2018-01-01

Abstract:Recently, the global outbreak of a blackmail virus WannaCry, makes the blockchain a hot topic. The security of blockchain is always the focus of people's attention, and it is also the main reason why the blockchain has not been widely used all over the world. Many researches use mathematical derivation method to analyse the 51%- Attacks influence of blockchain, which is very stiff and difficult to understand. In this paper, we propose a method to simulate blockchain's process and discover the rule between attacking method, attacking power and security of blockchain. We take 51%-Attacks as an example and use Java to simulate the running process. By adjusting the value of attacking power, we can get most states of blockchain and analyze the probability that honest state becomes attacking state. We use various forms to analyze and show the experimental result, which verify our method is correct and feasible. This method can also be implemented as a middleware software of blockchain to detect the security of blockchain.

Anshuman Misra,Ajay D. Kshemkalyani

2023-11-17

Abstract:Blockchains add transactions to a distributed shared ledger by arriving at consensus on sets of transactions contained in blocks. This provides a total ordering on a set of global transactions. However, total ordering is not enough to satisfy application semantics under the Byzantine fault model. This is due to the fact that malicious miners and clients can collaborate to add their own transactions ahead of correct clients' transactions in order to gain application level and financial advantages. These attacks fall under the umbrella of front-running attacks. Therefore, total ordering is not strong enough to preserve application semantics. In this paper, we propose causality preserving total order as a solution to this problem. The resulting Blockchains will be stronger than traditional consensus based blockchains and will provide enhanced security ensuring correct application semantics in a Byzantine setting.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Guorui Yu,Shibin Zhao,Chao Zhang,Zhiniang Peng,Yuandong Ni,Xinhui Han

DOI: https://doi.org/10.1109/infocom42981.2021.9488749

2021-01-01

Abstract:Blockchains promise to provide a tamper-proof medium for transactions, and thus enable many applications including cryptocurrency. As a system built on consensus, the correctness of a blockchain heavily relies on the consistency of states between its nodes. But consensus protocols of blockchains only guarantee the consistency in the transaction sequence rather than nodes’ internal states. Instead, nodes must replay and exe-cute all transactions to maintain their local states independently. When executing transactions, any different execution result could cause a node out-of-sync and thus gets isolated from other nodes.After systematically modeling the transaction execution process in blockchains, we present a new attack INCITE, which can lead different nodes to different states. Specifically, attackers could invoke an ambiguous transaction of a vulnerable smart contract, utilize software bugs in smart contracts to lead nodes that execute this transaction into different states. Unlike attacks that bring short-term inconsistencies, such as fork attacks, INCITE can cause nodes in the blockchain to fall into a long-term inconsistent state, which further leads to great damages to the chain (e.g., double-spending attacks and expelling mining power). We have discovered 7 0day vulnerabilities in 5 popular blockchains which can enable this attack. We also proposed a defense solution to mitigate this threat. Experiments showed that it is effective and lightweight.

Kervins Nicolas,Yi Wang,George C. Giakos,Bingyang Wei,Hongda Shen

DOI: https://doi.org/10.1109/access.2020.3047365

IF: 3.9

2021-01-01

IEEE Access

Abstract:Blockchain is a technology that ensures data security by verifying database of records established in a decentralized and distributed network. Blockchain-based approaches have been applied to secure data in the fields of the Internet of Things, software engineering, healthcare systems, financial services, and smart power grids. However, the security of the blockchain system is still a major concern. We took the initiative to present a systematic study which sheds light on what defensive strategies are used to secure the blockchain system effectively. Specifically, we focus on blockchain data security that aims to mitigate the two data consistency attacks: double-spend attack and selfish mining attack. We employed the systematic approach to analyze a total of 40 selected studies using the proposed taxonomy of defensive strategies: monitoring, alert forwarding, alert broadcasting, inform, detection, and conceptual research design. It presents a comparison framework for existing and future research on blockchain security. Finally, some recommendations are proposed for blockchain researchers and developers.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jing Li,Ling Ren,Dongning Guo

DOI: https://doi.org/10.1145/3479722.3480992

2020-01-01

Abstract:Bitcoin is a peer-to-peer electronic cash system invented by Nakamoto in 2008. While it has attracted much research interest, its exact latency and security properties remain open. Existing analyses provide security and latency (or confirmation time) guarantees that are too loose for practical use. In fact the best known upper bounds are several orders of magnitude larger than a lower bound due to a well-known private-mining attack. This paper describes a continuous-time model for blockchains and develops a rigorous analysis that yields close upper and lower bounds for the latency-security trade-off. For example, when the adversary controls 10% of the total mining power and the block propagation delays are within 10 seconds, a Bitcoin block is secured with less than 10 -3 error probability if it is confirmed after four hours, or with less than 10 -9 error probability if confirmed after ten hours. These confirmation times are about two hours away from their corresponding lower bounds. To establish such close bounds, the blockchain security question is reduced to a race between the Poisson adversarial mining process and a renewal process formed by a certain species of honest blocks. The moment generation functions of relevant renewal times are derived in closed form. The general formulas from the analysis are then applied to study the latency-security trade-off of several well-known proof-of-work longest-chain cryptocurrencies. Guidance is also provided on how to set parameters for different purposes.

Kaiyu Wang,Yan Wang,Zhenzhou Ji

DOI: https://doi.org/10.1109/access.2020.3000571

IF: 3.9

2020-01-01

IEEE Access

Abstract:In terms of security, blockchain technology faces the potential risks of enormous attacks, among which forking attack is the most common one. Because of the decentralized structure of a blockchain, the trust degree directly relies on the length of the blockchain, which makes the longest chain on the current network the most trusted chain (MTC). The forking attack is the kind of hazard behavior that aims to replace the MTC by launching an alternative chain to gain benefits. Blockchain plays a vital role in multiple applications, such as cryptocurrency, and hence such forking attack leads to huge financial loss if it succeeds. In this paper, we propose a novel MTC confirmation mechanism to defend the forking attack. First, we theoretically analyze the success probability distribution of the forking attack and propose an estimation model of the attack’s expected profit. Then, we propose an arbitration mechanism to enforce branches from a fork to have competition. With the arbitration mechanism, we delay the confirmation of the MTC until the end of the competition. We set up an end threshold as the termination condition of the competition process to help the MTC become the winner. Finally, we define two dynamic difficulty factors and apply them for changing the difficulty of mining to reduce the value of the end threshold, which can improve the performance of the mechanism. The experiments demonstrate our proposed MTC confirmation mechanism can enhance the blockchain security by enforcing the expected profit of an attack to be negative. In the meantime, the mechanism balances well in both effectiveness and efficiency.

М. Cherepniov

2019-03-31

Abstract:We consider protocol of secure construction and storage of data base, named “blockchain”. This protocol may be considered as some development of control sums and electronic signature schemes on the case when all participants of the set guarantees consistency of the data in the same manner. We construct a formal model of blockchain algorithm. We propose, that so called “long chain condition” is a necessary part of the considered blokchain protocol. We also propose, that when user finds an error, the corresponding block reject with all blocks after it in blockchain tree. For this model we obtained some probability estimates of the events, like error correcting of blocks. We obtain the estimate of mean value of speed of blockchain growth. We demonstrate that modification of these estimates, when some fixed quantity of “adversaries” provide bad blocks may be minimize by “honest” users.  We show that “honest” users may protect against Fork-attack by choosing security parameters, like number of checked blocks in one step. To the other hand in this case, speed of growth of blockchain tree may become negative, and our protocol fall down. We present quantitative bounds.

Computer Science

Na Ruan,Hanyi Sun,Zenan Lou,Jie Li

DOI: https://doi.org/10.1109/tnet.2022.3201493

2023-01-01

IEEE/ACM Transactions on Networking

Abstract:Decentralized cryptocurrency systems have become primary targets for attackers due to substantial profit gain and economic rewards. A number of attack models have been proposed during last few years. However, the evaluation and comparison of those attack models remain problematic due to the lack of systematic framework to analyze them. In this work, we propose a general quantitative analysis framework for attack models in the network and consensus layer of blockchain. We identify the problem statement and evolution process. And we show how to apply our general framework in previous attacks such as selfish mining and bribery attack. We also explained that the framework is suitable for other attacks in blockchain. For further exploration, we simulate the success rate and benefits of different attacks through experiments. We provide several defensive strategies, and study how these strategies against previous attack models.

Zonghang Li,Hongfang Yu,Tianyao Zhou,Long Luo,Mochan Fan,Zenglin Xu,Gang Sun

DOI: https://doi.org/10.1109/MNET.011.2000604

IF: 10.294

2021-01-01

IEEE Network

Abstract:The emerging blockchained federated learning, known for its security properties such as decentralization, immutability and traceability, is evolving into an important direction of next-generation AI. With the booming edge computing technologies, blockchained federated learning can take advantage of computing, communication and storage resources geo-distributed at the edge, so that blockchained federated learning can gather edge intelligence from more widely distributed devices more efficiently. However, untrustworthy devices at the edge also bring serious security threats, namely byzantine attacks. Existing solutions focus on selecting local models that are most likely to be honest, rather than detecting byzantine models and identifying attackers, because verifying each local model separately brings intolerable verification delay. In this paper, we propose a byzantine resistant secure blockchained federated learning framework named BytoChain. BytoChain improves the efficiency of model verification by introducing verifiers to execute heavy verification workflows in parallel, and detects byzantine attacks through a byzantine resistant consensus Proof-of-Accuracy (PoA). We analyze how BytoChain can mitigate five types of attacks, and demonstrate its effectiveness by simulations. Finally, we envision some open issues about security, including attacks on privacy, confidentiality, and backdoors.

Nasser Alsalami,Bingsheng Zhang

DOI: https://doi.org/10.1109/iwqos49365.2020.9213064

2020-01-01

Abstract:Public blockchains can be abused to covertly store and disseminate potentially harmful digital content which poses a serious regulatory issue. In this work, we show the severity of the problem by demonstrating that blockchains can be exploited to surreptitiously distribute arbitrary content. More specifically, all major blockchain systems use randomized cryptographic primitives, such as digital signatures and non-interactive zero-knowledge proofs; we illustrate how the uncontrolled randomness in such primitives can be maliciously manipulated to enable covert communication and hidden persistent storage. To clarify the potential risk, we design, implement and evaluate our technique against the widely-used ECDSA signature scheme, the CryptoNote's ring signature scheme, and Monero's ring confidential transactions. Importantly, the significance of the demonstrated attacks stems from their undetectability, their adverse effect on the future of decentralized blockchains, and their serious repercussions on users' privacy and crypto funds. Finally, we present a generic framework to immunize blockchains against these attacks.

Haiping Yu

DOI: https://doi.org/10.1002/spy2.230

2022-04-12

Security and Privacy

Abstract:Data security is not only to consider administrative management methods and punitive measures, but also technically from multiple perspectives such as data integrity, authorization, controllability, and the ability to trace back history. This article analyzes the application of blockchain technology to the data processing security system of financial enterprises, with the purpose of demonstrating the feasibility of blockchain technology to maintain data security and its specific operation methods. This research refers to a large number of references and understands the related systems of data confidentiality in financial enterprise databases and blockchain technology. According to the needs of the experiment, the article constructs the execution structure model of the financial enterprise database data confidentiality system, the task scheduling operation structure model, and the block. The chain domain authentication model, and so forth, carried out corresponding comparative analysis from the processing dimensions of time and space consumption, data security, and so forth, and verified the comprehensive performance of blockchain technology in the application of data security systems. The reliability factor is called the R factor, which is a parameter representing the degree of conformity of several curves, that is, the reliability degree of the assumed model structure. The R factor should be sensitive to the position of surface atoms but not to unstructured quantities, such as electron‐atom scattering field, electron decay, and so forth, which are all unstructured quantities. The experimental results show that before the participation of blockchain technology, the maximum reliability of financial data is only 4.3, and the reliability of data confidentiality after application is increased to 6.8. Multidimensional data shows that blockchain technology can provide guarantee for the application of data processing security systems for financial enterprises.

English Else

Xiaoqi Li,Peng Jiang,Ting Chen,Xiapu Luo,Qiaoyan Wen

DOI: https://doi.org/10.48550/arXiv.1802.06993

2020-11-05

Abstract:Since its inception, the blockchain technology has shown promising application prospects. From the initial cryptocurrency to the current smart contract, blockchain has been applied to many fields. Although there are some studies on the security and privacy issues of blockchain, there lacks a systematic examination on the security of blockchain systems. In this paper, we conduct a systematic study on the security threats to blockchain and survey the corresponding real attacks by examining popular blockchain systems. We also review the security enhancement solutions for blockchain, which could be used in the development of various blockchain systems, and suggest some future directions to stir research efforts into this area.

Cryptography and Security

Zibin Zheng,Huawei Huang,Song Guo,Jian Zheng

DOI: https://doi.org/10.1109/TDSC.2023.3268668

2024-05-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Previous state-of-the-art studies have proposed various analytical models to understand the double-spending attacks (DSA) occurred in Proof-of-Work (PoW) based Blockchains. Although many insights behind the double-spending attacks have been disclosed, we still believe that advanced versions of DSA can be developed to create new threats for the PoW-based blockchains such as the Bitcoin blockchain. In this paper, we present two new types of double-spending attacks in the context of the PoW-based blockchain and discuss the insights behind them. By considering more practical network parameters, such as the number of confirmation blocks, the hashpower of the double-spending attacker, the amount of coins in the target transaction, and the network-status parameter, we first analyze the success probability of the conventional double-spending attack, named Naive DSA. Based on Naive DSA, we create two new adaptive DSA, i.e., the Adaptive DSA and the Reinforcement Adaptive DSA (RA-DSA). In our analytical models, a double-spending attack is converted into a Markov Decision Process. We then exploit the Stochastic Dynamic Programming (SDP) approach to obtain the optimal attack strategies under Adaptive DSA and RA-DSA. Numerical simulation results demonstrate the correlations between each critical network parameter and the expected attacker's reward. Through the proposed analytical models, we aim to alert the PoW-based blockchain ecosystem that the threat of double-spending attacks is still at a dangerous level. For example, our findings show that the attacker can launch a successful attack with a small hashpower proportion much lower than 51% under RA-DSA.

Computer Science

Cong-Cong YE,Guo-Qiang LI,Hong-Ming CAI,Yong-Gen GU

DOI: https://doi.org/10.13328/j.cnki.jos.005500

2018-01-01

Abstract:Blockchain is the basic technology of bitcoin,which is a decentralized peer-to-peer transaction system.Blockchain consists of distributed storage,peer-to-peer transfer,consensus mechanism and encryption algorithm.The security of blockchain is always the focus of people's attention.Many researches use mathematic methods to analyze the impact of each attack in blockchain,however the types of attacks in blockchain have not been fully identified.Evaluating the security of blockchain by analyzing the impact of each attack separately is incomplete.In this paper,a method is proposed to detect and evaluate the security of each state in blockchain by simulating blockchain's process.This simulation method uses two strategies,attacking algorithm and honest algorithm,to get all states of blockchain including attacking states.When a block contains illusory transactions connecting with more than six blocks,the state of blockchain is regarded as attacking state and others are called honest state.According to simulating process,the probability that honest state becomes attacking state is analyzed.When the probability exceeds a high value,people will get a warning,they can wait a longer time to accept the transactions in order to defend being attacked and improve the security of blockchain.Some experiments are also carried out to measure this method and various forms are used to analyze the results that show the method is correct and feasible.

Yiming Jiang,Jiangfan Zhang

2024-02-27

Abstract:Numerous blockchain applications are designed with tasks that naturally have finite durations, and hence, a double-spending attack (DSA) on such blockchain applications leans towards being conducted within a finite timeframe, specifically before the completion of their tasks. Furthermore, existing research suggests that practical attackers typically favor executing a DSA within a finite timeframe due to their limited computational resources. These observations serve as the impetus for this paper to investigate a time-restricted DSA (TR-DSA) model on Proof-of-Work based blockchains. In this TR-DSA model, an attacker only mines its branch within a finite timeframe, and the TR-DSA is considered unsuccessful if the attacker's branch fails to surpass the honest miners' branch when the honest miners' branch has grown by a specific number of blocks. First, we developed a general closed-form expression for the success probability of a TR-DSA. This developed probability not only can assist in evaluating the risk of a DSA on blockchain applications with timely tasks, but also can enable practical attackers with limited computational resources to assess the feasibility and expected reward of launching a TR-DSA. In addition, we provide rigorous proof that the success probability of a TR-DSA is no greater than that of a time-unrestricted DSA where the attacker indefinitely mines its branch. This result implies that blockchain applications with timely tasks are less vulnerable to DSAs than blockchain applications that provide attackers with an unlimited timeframe for their attacks. Furthermore, we show that the success probability of a TR-DSA is always smaller than one even though the attacker controls more than half of the hash rate in the network. This result alerts attackers that there is still a risk of failure in launching a TR-DSA even if they amass a majority of the hash rate in the network.

Cryptography and Security

Jin Wang,Wei Ou,Wenhai Wang,R. Simon Sherratt,Yongjun Ren,Xiaofeng Yu

DOI: https://doi.org/10.32604/cmc.2023.034148

2023-01-01

Abstract:With the rapid development of information technology, the devel-opment of blockchain technology has also been deeply impacted. When performing block verification in the blockchain network, if all transactions are verified on the chain, this will cause the accumulation of data on the chain, resulting in data storage problems. At the same time, the security of data is also challenged, which will put enormous pressure on the block, resulting in extremely low communication efficiency of the block. The traditional blockchain system uses the Merkle Tree method to store data. While verifying the integrity and correctness of the data, the amount of proof is large, and it is impossible to verify the data in batches. A large amount of data proof will greatly impact the verification efficiency, which will cause end-to-end communication delays and seriously affect the blockchain system's stability, efficiency, and security. In order to solve this problem, this paper proposes to replace the Merkle tree with polynomial commitments, which take advantage of the properties of polynomials to reduce the proof size and communication consumption. By realizing the ingenious use of aggregated proof and smart contracts, the verification efficiency of blocks is improved, and the pressure of node communication is reduced.

Yujuan Wen,Fengyuan Lu,Yufei Liu,Xinli Huang

DOI: https://doi.org/10.1016/j.comnet.2021.107978

IF: 5.493

2021-05-01

Computer Networks

Abstract:<p>Blockchain is an emerging technology with the characteristics of decentralization and transparency and has received extensive attention and in-depth research for the past few years. With security features such as immutability and decentralization, blockchain is used to ensure the security of other applications and services. However, the security issues of the blockchain itself are always easily overlooked. In this paper, we conducted a comprehensive literature survey on the security issues of the blockchain itself. From the perspective of architectural layering, each layer of the blockchain has its own corresponding security issues. We systematically review and analyze attacks against blockchains based on the basic framework of blockchain and conduct a state-of-the-art investigation of the corresponding countermeasures against those attacks. Furthermore, we conclude our observation and point out the future direction of blockchain security issues. The purpose of this paper is to provide researchers with future development insights of blockchain security and to stimulate more efforts about blockchain security issues.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Yibo Cao,Yuyang Cheng,Chunyu Yang,Anqi Zhan,Chuxiao Xu

DOI: https://doi.org/10.1088/1742-6596/1820/1/012158

2021-03-01

Journal of Physics: Conference Series

Abstract:Abstract As more and more people accept Bitcoin, block chain technology has received extensive attention and research. Block chain is a decentralized open dean technology that combines data blocks with the chain structure in chronological order, and combines encryption, protocol mechanisms, and smart contracts. Block chain technology has the characteristics of decentralization, high security, difficult information tampering, traceability, and transparency. Therefore, more and more companies and institutions are focusing on block chain technology research. In the wide application of block chain technology, the current centralized transaction model of e-commerce has gradually exposed some problems, such as the obvious monopoly trend of third-party platforms caused by the excessive central power, the difficulty of cross-border transactions, and the insecurity of user privacy information. Difficulties in accountability for transaction disputes, numerous phishing websites, and proliferation of fakes. Moreover, the current block chain transactions lack legal supervision and protection, transaction efficiency is low, smart contract functions are limited and difficult to understand, and block chain is highly professional and difficult to be accepted by the general public. Based on this, this article proposes a product anti-counterfeiting traceability system using a dual-chain block chain based on an improved Virginia algorithm, analyzes the security of the traceability system, and verifies the feasibility of the system through simulation experiments. The further combination of chain block chain technology and product security field provides reference and reference.