JIANG Peipei,WANG Qian,CHEN Yanjiao,LI Qi,SHEN Chao

DOI: https://doi.org/10.11959/j.issn.1000-436x.2021035

2021-01-01

Abstract:While the security of blockchain has been the central concern of both academia and industry since the very start, new security threats continue to emerge, which poses great risks to the blockchain ecosystem.A systematic study was conducted on the most state-of-the-art research on potential security issues of blockchain.Specifically, a taxonomy was developed by considering the blockchain framework as a four-layer system, and the analysis on the most recent attacks against security loopholes in each layer was provided.Countermeasures that can strengthen the blockchain were also discussed by highlighting their fundamental ideas and comparing different solutions.Finally, the forefront of research and potential directions of blockchain security were put forward to encourage further studies on the security of blockchain.

Ivan Homoliak,Sarad Venugopalan,Qingze Hum,Pawel Szalachowski

DOI: https://doi.org/10.48550/arXiv.1904.06898

2019-04-15

Abstract:Due to their interesting features, blockchains have become popular in recent years. They are full-stack systems where security is a critical factor for their success. The main focus of this work is to systematize knowledge about security and privacy issues of blockchains. To this end, we propose a security reference architecture based on models that demonstrate the stacked hierarchy of various threats (similar to the ISO/OSI hierarchy) as well as threat-risk assessment using ISO/IEC 15408. In contrast to the previous surveys, we focus on the categorization of security incidents based on their origins and using the proposed architecture we present existing prevention and mitigation techniques. The scope of our work mainly covers aspects related to the decentralized nature of blockchains, while we mention common operational security issues and countermeasures only tangentially.

Cryptography and Security

Nacha Chondamrongkul,Jing Sun,Ian Warren

DOI: https://doi.org/10.1016/j.scico.2021.102631

IF: 1.039

2021-01-01

Science of Computer Programming

Abstract:Analysing security in the architecture design of modern software systems is a challenging task. Emerging technologies utilised in building software systems may pose security threats, so software engineers need to consider both the structure and behaviour of architectural styles that employ these supporting technologies. This paper presents an automated approach to security analysis that helps to identify security characteristics at the architectural level. Key techniques used by our approach include the use of metrics, vulnerability identification and attack scenarios. Our modelling is expressive in defining architectural styles and security characteristics. Our analysis approach gives insightful results that allow software engineers to trace through the design to find parts of the system that may be impacted by attacks. We have developed an analysis tool that allows user to seamlessly model the software architecture design and analyse security. The evaluation has been conducted to assess the accuracy and performance of our approach. The results show that our analysis approach performs reasonably well to analyse the security in the architectural design. (C) 2021 Elsevier B.V. All rights reserved.

Chen Wanfa,Zheng Qing'an,Chen Shuzhen,Fu Hongyi,Chen Liang

DOI: https://doi.org/10.23919/jcc.fa.2023-0715.202406

2024-06-21

China Communications

Abstract:In recent years, blockchain technology integration and application has gradually become an important driving force for new technological innovation and industrial transformation. While blockchain technology and applications are developing rapidly, the emerging security risks and obstacles have gradually become prominent. Attackers can still find security issues in blockchain systems and conduct attacks, causing increasing losses from network attacks every year. In response to the current demand for blockchain application security detection and assessment in all industries, and the insufficient coverage of existing detection technologies such as smart contract detectiontechnology, this paper proposes a blockchain core technology security assessment system model, and studies the relevant detection and assessment key technologies and systems. A security assessment scheme based on a smart contract and consensus mechanism detection scheme is designed. And the underlying blockchain architecture supports the traceability of detection results using super blockchains. Finally, the functionality and performance of the system were tested, and the test results show that the model and solutions proposed in this paper have good feasibility.

telecommunications

Xiaoqi Li,Peng Jiang,Ting Chen,Xiapu Luo,Qiaoyan Wen

DOI: https://doi.org/10.48550/arXiv.1802.06993

2020-11-05

Abstract:Since its inception, the blockchain technology has shown promising application prospects. From the initial cryptocurrency to the current smart contract, blockchain has been applied to many fields. Although there are some studies on the security and privacy issues of blockchain, there lacks a systematic examination on the security of blockchain systems. In this paper, we conduct a systematic study on the security threats to blockchain and survey the corresponding real attacks by examining popular blockchain systems. We also review the security enhancement solutions for blockchain, which could be used in the development of various blockchain systems, and suggest some future directions to stir research efforts into this area.

Cryptography and Security

Joydip Das,Syed Ashraf Al Tasin,Md. Forhad Rabbi,Md Sadek Ferdous

2024-09-16

Abstract:Blockchain is a growing decentralized system built for transparency and immutability. There have been several major attacks on blockchain-based systems, leaving a gap in the trustability of this system. This article presents a comprehensive study of 23 attacks on blockchain systems and categorizes them using a layer-based approach. This approach provides an in-depth analysis of the feasibility and motivation of these attacks. In addition, a framework is proposed that enables a systematic analysis of the impact and interconnection of these attacks, thereby providing a means of identifying potential attack vectors and designing appropriate countermeasures to strengthen any blockchain system.

Cryptography and Security,Emerging Technologies

Nacha Chondamrongkul,Jing Sun,Ian Warren

DOI: https://doi.org/10.1109/icsa-c50368.2020.00024

2020-01-01

Abstract:Designing a software system that applied the microservice architecture style is a challenging task, as its characteristics are vulnerable to various security attacks. Software architect, therefore, needs to pinpoint the security flaws in the design before the implementation can proceed. This task is error-prone as it requires manual analysis on the design model, to identify security threats and trace possible attack scenarios. This paper presents an automated security analysis approach for microservice architecture. Our approach can automatically identify security threats according to a collection of formally defined security characteristics and provide an insightful result that demonstrates how the attack scenarios may happen. A collection of formally defined security characteristics can be extended to support other security characteristics not addressed in this paper.

Jiewu Leng,Man Zhou,J. Leon Zhao,Yongfeng Huang,Yiyang Bian

DOI: https://doi.org/10.1109/tsc.2020.3038641

IF: 11.019

2022-01-01

IEEE Transactions on Services Computing

Abstract:Blockchain, an emerging paradigm of secure and shareable computing, is a systematic integration of 1) chain structure for data verification and storage, 2) distributed consensus algorithms for generating and updating data, 3) cryptographic techniques for guaranteeing data transmission and access security, and 4) automated smart contracts for data programming and operations. However, the progress and promotion of Blockchain have been seriously impeded by various security issues in blockchain-based applications. Furthermore, previous research on blockchain security has been mostly technical, overlooking considerable business, organizational, and operational issues. To address this research gap from the perspective of information systems, we review blockchain security research in three levels, namely, the process level, the data level, and the infrastructure level, which we refer to as the PDI model of blockchain security. In this survey, we examine the state of blockchain security in the literature. Based on the insights obtained from this initial analysis, we then suggest future directions of research in blockchain security, shedding light on urgent business and industrial concerns in related computing disciplines.

computer science, information systems, software engineering

Reza M. Parizi,Ali Dehghantanha,Kim-Kwang Raymond Choo,Amritraj Singh

DOI: https://doi.org/10.5555/3291291.3291303

2018-09-08

Abstract:The emerging blockchain technology supports decentralized computing paradigm shift and is a rapidly approaching phenomenon. While blockchain is thought primarily as the basis of Bitcoin, its application has grown far beyond cryptocurrencies due to the introduction of smart contracts. Smart contracts are self-enforcing pieces of software, which reside and run over a hosting blockchain. Using blockchain-based smart contracts for secure and transparent management to govern interactions (authentication, connection, and transaction) in Internet-enabled environments, mostly IoT, is a niche area of research and practice. However, writing trustworthy and safe smart contracts can be tremendously challenging because of the complicated semantics of underlying domain-specific languages and its testability. There have been high-profile incidents that indicate blockchain smart contracts could contain various code-security vulnerabilities, instigating financial harms. When it involves security of smart contracts, developers embracing the ability to write the contracts should be capable of testing their code, for diagnosing security vulnerabilities, before deploying them to the immutable environments on blockchains. However, there are only a handful of security testing tools for smart contracts. This implies that the existing research on automatic smart contracts security testing is not adequate and remains in a very stage of infancy. With a specific goal to more readily realize the application of blockchain smart contracts in security and privacy, we should first understand their vulnerabilities before widespread implementation. Accordingly, the goal of this paper is to carry out a far-reaching experimental assessment of current static smart contracts security testing tools, for the most widely used blockchain, the Ethereum and its domain-specific programming language, Solidity to provide the first...

Cryptography and Security

Tian Min,Wei Cai

DOI: https://doi.org/10.48550/arXiv.1906.05538

2019-06-13

Cryptography and Security

Abstract:Blockchain gaming is an emerging entertainment paradigm. However, blockchain games are still suffering from security issues, due to the immature blockchain technologies and its unsophisticated developers. In this work, we analyzed the blockchain game architecture and reveal the possible penetration methods of cracking. We scanned more than 600 commercial blockchain games to summarize a security overview from the perspective of the web server and smart contract, respectively. We also conducted three case studies for blockchain games to show detailed vulnerability detection.

Lin Liu,Eric Yu,John Mylopoulos

DOI: https://doi.org/10.1109/compsac.2006.159

2006-01-01

Abstract:Design for security is extremely complicated due to the unique nature of the issue. It requires a thorough understanding about the social setting of the security system. To obtain such understanding, sensible steps to take include identifying the players involved in the system, recognizing their personal preferences, agenda and power in relation to other players, identifying the assets being protected, the vulnerable points at which the systems may fail when attacked. Equally important is to taking rationale steps to predict most likely attackers, knowing their possible motivations, and capabilities enabled by latest the technologies and resource occupations. Only based on integrated analysis on both sides, rationale, informative and efficient tradeoffs on security can be made. Unfortunately, current system development practices treat design decisions on security in an adhoc way, often as an afterthought. This paper proposes to use social modeling concepts to analyze the business and organizational context of systems with regard to security. The main concepts used are actor, role, agent and goal, task, and resource dependencies between actors. The approach encompasses several analysis steps on the functional and non-functional requirements in relevance to security, thus integrating security into the system design process from the outset.

Dmitry Tanana

DOI: https://doi.org/10.48550/arXiv.2301.11569

2023-01-27

Cryptography and Security

Abstract:With rise of blockchain popularity, more and more people seek to implement blockchain technology into their projects. Most common way is to take existing blockchain stack, such as Azure Blockchain Workbench or Oracle Blockchain Platform. While the blockchain technology is well-protected by its algorithms it is still vulnerable because its privacy relies on regular cryptography. And mistakes or vulnerabilities in key management protocols can affect even the most secure blockchain projects. This article considers question of vulnerabilities within Azure Blockchain Workbench key management system. We describe potential threats for each stage of key management lifecycle based on public reports and then assess how likely are those threats to realize within Azure Blockchain Workbench environment based on the technical documentation for Azure Blockchain Workbench and Azure Key Vault. Finally, we compile results of our assessment into the key management threat table with three distinct degrees of protection: fully protected, partially protected and not protected.

Chengjie Li,Xiaochao Sun,Zhen Zhang

DOI: https://doi.org/10.1109/access.2021.3104875

IF: 3.9

2021-01-01

IEEE Access

Abstract:In satellite communication systems, satellite power and processing capacities are limited, which means that storage and security are also constrained. Satellite communication channels are extremely vulnerable to hackers and external interference signals. Protecting satellite networks from illegal information access and use can be extremely challenging. In this paper, an architecture composed of satellite and ground equipment is developed that integrates communication network authentication and privacy protection structures. In the proposed scheme, the communication, registration, authentication, and revocation of information are achieved through stages to improve communication security. The satellite forwards the collected information to a ground base station, which has a strong data processing capacity. The ground base station records all the key parameters in the distributed blockchain, and all malicious node certificates are removed from the system. To further enhance data transmission security, the key is transferred using an asymmetric encryption algorithm. To measure the robustness of using the proposed network architecture, under the same attack condition, an invulnerability analysis is performed. After conducting simulation experiments, the results show that the proposed scheme greatly improves communication security and protection.

Myles Lewis,Chris Crawford

DOI: https://doi.org/10.54941/ahfe1003726

2024-01-04

Abstract:As time progresses, the need for more secure applications grows exponentially. The different types of sensitive information that is being transferred virtually has sparked a rise in systems that leverage blockchain. Different sectors are beginning to use this disruptive technology to evaluate the risks and benefits. Sectors like finance, medicine, higher education, and wireless communication have research regarding blockchain. Futhermore, the need for security standards in this area of research is pivotal. In recent past, several attacks on blockchain infrastructures have resulted in hundreds of millions dollars lost and sensitive information compromised. Some of these attacks include DAO attacks, bZx attacks, and Parity Multisignature Wallet Double Attacks which targeted vulnerabilities within smart contracts on the Ethereum network. These attacks exposed the weaknesses of current smart contract development practices which has led to the increase in distrust and adoption of systems that leverage blockchain for its functionality. In this paper, I identify common software vulnerabilities and attacks on blockchain infrastructures, thoroughly detail the smart contract development process and propose a model for ensuring a stronger security standard for future systems leveraging smart contracts. The purpose for proposing a model is to promote trust among end users in the system which is a foundational element for blockchain adoption in the future.

Cryptography and Security

Wen Wen,Xiao Han

DOI: https://doi.org/10.1002/mde.4043

2024-01-26

Managerial and Decision Economics

Abstract:Internet of Things (IoT)–based financial systems leverage the capabilities of blockchain and artificial intelligence (AI) to enable seamless transactions and data exchange between devices. IoT‐based financial systems involve interconnected devices and services, such as payment terminals, wearables, and smart appliances, which collect, transmit, and process sensitive financial information. The study explores security methods incorporated in the financial systems designed using IoT and blockchain technologies to improve the background features. The study data were gathered from Complaint Data from the Consumer Financial Protection Bureau 2018–2022, and data‐based analysis is used in this study for detecting illegitimate interrupted transactions. Propensity Score Matching (PSM) is used for the robustness and endogeneity test; descriptive statistics is utilized in this study. Financial security systems are introduced to reduce the forging and breaching of intruders amid transactions. This study offers a novel contribution to the field of blockchain technology by furnishing a comprehensive analysis of the features of IoT‐based financial security systems from the perspective of the transaction, broadening the understanding of the feature focusing on financial security, and providing practical recommendations to address the features of IoT‐based financial security systems in blockchain technology. The study highlights how IoT devices can securely record and verify financial transactions by leveraging the blockchain's distributed ledger, preventing tampering or unauthorized access. The results of the study identify that the TS3 program relies on the transaction gaps between financial sessions, security requests between successive transactions, and sessions saved depending on the time delay. The study finds that sessions were analyzed for violations and fraud using information stored on the blockchain. The study suggests the design and building of devices and sensors in an IoT in financial security systems. Transparency should contribute to setting data privacy and safety problems in financial security systems.

economics,management

Kelsie Nabben

DOI: https://doi.org/10.3389/fcomp.2020.599406

2021-03-22

Frontiers in Computer Science

Abstract:The notion that blockchains offer decentralized, “trustless” guarantees of security through technology is a fundamental misconception held by many advocates. This misconception hampers participants from understanding the security differences between public and private blockchains and adopting blockchain technology in suitable contexts. This paper introduces the notion of “people security” to argue that blockchains hold inherent limitations in offering accurate security guarantees to people as participants in blockchain-based infrastructure, due to the differing nature of the threats to participants reliant on blockchain as secure digital infrastructure, as well as the technical limitations between different types of blockchain architecture. This paper applies a sociotechnical security framework to assess the social, software, and infrastructural layers of blockchain applications to reconceptualize “blockchain security” as “people security.” A sociotechnical security analysis of existing macrosocial level blockchain systems surfaces discrepancies between the social, technical, and infrastructural layers of a blockchain network, the technical and governance decisions that characterize the network, and the expectations of, and threats to, participants using the network. The results identify a number of security and trust assumptions against various blockchain architectures, participants, and applications. Findings indicate that private blockchains have serious limitations for securing the interests of users in macrosocial contexts, due to their centralized nature. In contrast, public blockchains reveal trust and security shortcomings at the micro and meso-organizational levels, yet there is a lack of suitable desktop case studies by which to analyze sociotechnical security at the macrosocial level. These assumptions need to be further investigated and addressed in order for blockchain security to more accurately provide “people security”.

Muhammad Saad,Jeffrey Spaulding,Laurent Njilla,Charles Kamhoua,Sachin Shetty,DaeHun Nyang,Aziz Mohaisen

DOI: https://doi.org/10.48550/arXiv.1904.03487

2019-04-07

Abstract:In this paper, we systematically explore the attack surface of the Blockchain technology, with an emphasis on public Blockchains. Towards this goal, we attribute attack viability in the attack surface to 1) the Blockchain cryptographic constructs, 2) the distributed architecture of the systems using Blockchain, and 3) the Blockchain application context. To each of those contributing factors, we outline several attacks, including selfish mining, the 51% attack, Domain Name System (DNS) attacks, distributed denial-of-service (DDoS) attacks, consensus delay (due to selfish behavior or distributed denial-of-service attacks), Blockchain forks, orphaned and stale blocks, block ingestion, wallet thefts, smart contract attacks, and privacy attacks. We also explore the causal relationships between these attacks to demonstrate how various attack vectors are connected to one another. A secondary contribution of this work is outlining effective defense measures taken by the Blockchain technology or proposed by researchers to mitigate the effects of these attacks and patch associated vulnerabilities

Cryptography and Security

S. Vani,M. Doshi,A. Nanavati,A. Kundu

DOI: https://doi.org/10.48550/arXiv.2212.07387

2022-12-15

Abstract:Blockchain platforms and smart contracts are vulnerable to security breaches. Security breaches of smart contracts have led to huge financial losses in terms of cryptocurrencies and tokens. In this paper, we present a systematic survey of vulnerability analysis of smart contracts. We begin by providing a brief about the major types of attacks and vulnerabilities that are present in smart contracts. Then we discuss existing frameworks, methods and technologies used for vulnerability detection. We summarise our findings in a table which lists each framework and the attacks it protects against.

Cryptography and Security

Mubashar Iqbal,Raimundas Matulevicius

DOI: https://doi.org/10.1007/978-3-030-20948-3_16

2019-12-20

Abstract:Although the blockchain-based applications are considered to be less vulnerable due to the nature of the distributed ledger, they did not become the silver bullet with respect to securing the information against different security risks. In this paper, we present a literature review on the security risks that can be mitigated by introducing the blockchain technology, and on the security risks that are identified in the blockchain-based applications. In addition, we highlight the application and technology domains where these security risks are observed. The results of this study could be seen as a preliminary checklist of security risks when implementing blockchain-based applications.

Cryptography and Security

Yuhong Wen,Haihong Zhao,Lin Liu

DOI: https://doi.org/10.1109/RePa.2011.6046726

2011-01-01

Abstract:Security requirements analysis for business information systems in today's networked organization is difficult due to the complexity of the systems and the frequent change in the environment. Thus, it requires security knowledge to be explicitly represented, and well understood by system analysts and designer, which in turn being applied in feasible problem contexts. System requirements are often represented in modelling frameworks with different analytical focus, so security requirements knowledge shall reflect such difference and form an integrated treatment. This paper proposes to use modelling concepts from the i* and PF modeling language to capture recurring patterns of security problems. The main concepts used are actors, assets, and relations such as ownership and permissions. The major contribution of the approach is proposing the specific problem frames such as ownership, authorization, attack and protection, by decomposing a large problem into sub-problems (base frames), then evaluate the potential threats (attacking frames) applicable to each sub-problem by evaluate the compatibility of the two, security analysis is integrated into the system design process from the outset. The proposal can be generalized to the design of defensive measures as well as other NFR treatments. © 2011 IEEE.