JIANG Peipei,WANG Qian,CHEN Yanjiao,LI Qi,SHEN Chao

DOI: https://doi.org/10.11959/j.issn.1000-436x.2021035

2021-01-01

Abstract:While the security of blockchain has been the central concern of both academia and industry since the very start, new security threats continue to emerge, which poses great risks to the blockchain ecosystem.A systematic study was conducted on the most state-of-the-art research on potential security issues of blockchain.Specifically, a taxonomy was developed by considering the blockchain framework as a four-layer system, and the analysis on the most recent attacks against security loopholes in each layer was provided.Countermeasures that can strengthen the blockchain were also discussed by highlighting their fundamental ideas and comparing different solutions.Finally, the forefront of research and potential directions of blockchain security were put forward to encourage further studies on the security of blockchain.

Xiaoqi Li,Peng Jiang,Ting Chen,Xiapu Luo,Qiaoyan Wen

DOI: https://doi.org/10.48550/arXiv.1802.06993

2020-11-05

Abstract:Since its inception, the blockchain technology has shown promising application prospects. From the initial cryptocurrency to the current smart contract, blockchain has been applied to many fields. Although there are some studies on the security and privacy issues of blockchain, there lacks a systematic examination on the security of blockchain systems. In this paper, we conduct a systematic study on the security threats to blockchain and survey the corresponding real attacks by examining popular blockchain systems. We also review the security enhancement solutions for blockchain, which could be used in the development of various blockchain systems, and suggest some future directions to stir research efforts into this area.

Cryptography and Security

Jiewu Leng,Man Zhou,J. Leon Zhao,Yongfeng Huang,Yiyang Bian

DOI: https://doi.org/10.1109/tsc.2020.3038641

IF: 11.019

2022-01-01

IEEE Transactions on Services Computing

Abstract:Blockchain, an emerging paradigm of secure and shareable computing, is a systematic integration of 1) chain structure for data verification and storage, 2) distributed consensus algorithms for generating and updating data, 3) cryptographic techniques for guaranteeing data transmission and access security, and 4) automated smart contracts for data programming and operations. However, the progress and promotion of Blockchain have been seriously impeded by various security issues in blockchain-based applications. Furthermore, previous research on blockchain security has been mostly technical, overlooking considerable business, organizational, and operational issues. To address this research gap from the perspective of information systems, we review blockchain security research in three levels, namely, the process level, the data level, and the infrastructure level, which we refer to as the PDI model of blockchain security. In this survey, we examine the state of blockchain security in the literature. Based on the insights obtained from this initial analysis, we then suggest future directions of research in blockchain security, shedding light on urgent business and industrial concerns in related computing disciplines.

computer science, information systems, software engineering

Liehuang Zhu,Baokun Zheng,Meng Shen,Shui Yu,Feng Gao,Hongyu Li,Kexin Shi,Keke Gai

DOI: https://doi.org/10.48550/arXiv.1812.02009

2018-12-05

Cryptography and Security

Abstract:With the more and more extensive application of blockchain, blockchain security has been widely concerned by the society and deeply studied by scholars. Moreover, the security of blockchain data directly affects the security of various applications of blockchain. In this survey, we perform a comprehensive classification and summary of the security of blockchain data. First, we present classification of blockchain data attacks. Subsequently, we present the attacks and defenses of blockchain data in terms of privacy, availability, integrity and controllability. Data privacy attacks present data leakage or data obtained by attackers through analysis. Data availability attacks present abnormal or incorrect access to blockchain data. Data integrity attacks present blockchain data being tampered. Data controllability attacks present blockchain data accidentally manipulated by smart contract vulnerability. Finally, we present several important open research directions to identify follow-up studies in this area.

Kaustubh Dwivedi,Ankit Agrawal,Ashutosh Bhatia,Kamlesh Tiwari

2024-04-28

Abstract:The widespread adoption of blockchain technology has amplified the spectrum of potential threats to its integrity and security. The ongoing quest to exploit vulnerabilities emphasizes how critical it is to expand on current research initiatives. Thus, using a methodology based on discrete blockchain layers, our survey study aims to broaden the existing body of knowledge by thoroughly discussing both new and known attack vectors inside the blockchain ecosystem. This survey proposes a novel classification of blockchain attacks and an in-depth investigation of blockchain data security. In particular, the paper provides a thorough discussion of the attack techniques and vulnerabilities that are specific to each tier, along with a detailed look at mitigating techniques. We reveal the deep dynamics of these security concerns by closely investigating the fundamental causes of attacks at various blockchain tiers. We clarify mitigation methods for known vulnerabilities and offer new information on recently developed attack vectors. We also discuss the implications of quantum computing in blockchain and the weaknesses in the current technology that can be exploited in the future. Our study advances the field of blockchain security and privacy research while also contributing to our understanding of blockchain vulnerabilities and attacks. This survey paper is a useful tool for readers who want to learn more about the intricacies of blockchain security. It also invites researchers to help strengthen blockchain privacy and security, paving the way for further developments in this dynamic and ever-evolving field.

Cryptography and Security

Joydip Das,Syed Ashraf Al Tasin,Md. Forhad Rabbi,Md Sadek Ferdous

2024-09-16

Abstract:Blockchain is a growing decentralized system built for transparency and immutability. There have been several major attacks on blockchain-based systems, leaving a gap in the trustability of this system. This article presents a comprehensive study of 23 attacks on blockchain systems and categorizes them using a layer-based approach. This approach provides an in-depth analysis of the feasibility and motivation of these attacks. In addition, a framework is proposed that enables a systematic analysis of the impact and interconnection of these attacks, thereby providing a means of identifying potential attack vectors and designing appropriate countermeasures to strengthen any blockchain system.

Cryptography and Security,Emerging Technologies

Yi Li,Jinsong Wang,Hongwei Zhang

DOI: https://doi.org/10.1016/j.jnca.2023.103686

IF: 7.574

2023-08-01

Journal of Network and Computer Applications

Abstract:Blockchain has been widely used in various fields, such as health management, finance, the Internet of Things (IoT), identity management, and supply chains. However, the performance of blockchain, including its throughput and transaction processing latency, has hindered its large-scale practical application, which is known as the scalability issue of blockchain. Many on-chain and off-chain solutions have been proposed to solve this problem, such as directed acyclic graph (DAG) blockchain and Rollup schemes. Despite these schemes’ ability to enhance the scalability of the blockchain, they compromise on other essential properties. The consensus is that the DAG blockchain can never provide deterministic security for transactions, and Rollup is disputed because it makes a trade-off of decentralization for scalability. Sharding technology is a proposed solution for these limitations, promising to tackle the scalability issue while maintaining security and decentralization at the same time. To date, no survey has been done on sharding design models and their key components and corresponding attack surfaces. To fill this gap, in this survey, we first provide a detailed analysis and comparison of both permissioned and permissionless sharding blockchains. Then, we describe the common building blocks chosen by the above sharding schemes as key components. Finally, we investigate how these components may be attacked and suggest corresponding countermeasures. Several open challenges are also given as future research directions. The survey aims to help researchers, engineers, and educators quickly grasp a consolidated body of knowledge about current sharding blockchain development.

computer science, interdisciplinary applications, software engineering, hardware & architecture

Muhammad Saad,Jeffrey Spaulding,Laurent Njilla,Charles Kamhoua,Sachin Shetty,DaeHun Nyang,Aziz Mohaisen

DOI: https://doi.org/10.48550/arXiv.1904.03487

2019-04-07

Abstract:In this paper, we systematically explore the attack surface of the Blockchain technology, with an emphasis on public Blockchains. Towards this goal, we attribute attack viability in the attack surface to 1) the Blockchain cryptographic constructs, 2) the distributed architecture of the systems using Blockchain, and 3) the Blockchain application context. To each of those contributing factors, we outline several attacks, including selfish mining, the 51% attack, Domain Name System (DNS) attacks, distributed denial-of-service (DDoS) attacks, consensus delay (due to selfish behavior or distributed denial-of-service attacks), Blockchain forks, orphaned and stale blocks, block ingestion, wallet thefts, smart contract attacks, and privacy attacks. We also explore the causal relationships between these attacks to demonstrate how various attack vectors are connected to one another. A secondary contribution of this work is outlining effective defense measures taken by the Blockchain technology or proposed by researchers to mitigate the effects of these attacks and patch associated vulnerabilities

Cryptography and Security

Qi Feng,Debiao He,Sherali Zeadally,Muhammad Khurram Khan,Neeraj Kumar

DOI: https://doi.org/10.1016/j.jnca.2018.10.020

IF: 7.574

2019-01-01

Journal of Network and Computer Applications

Abstract:Blockchain, as a decentralized and distributed public ledger technology in peer-to-peer network, has received considerable attention recently. It applies a linked block structure to verify and store data, and applies the trusted consensus mechanism to synchronize changes in data, which makes it possible to create a tamper-proof digital platform for storing and sharing data. It is believed that blockchain can be utilized in diverse Internet interactive systems (e.g., Internet of Things, supply chain systems, identity management, and so on). However, there are some privacy challenges that may hinder the applications of blockchain. The goal of this survey is to provide some insights into the privacy issues associated with blockchain. We analyze the privacy threats in blockchain and discuss existing cryptographic defense mechanisms, i.e., anonymity and transaction privacy preservation. Furthermore, we summarize some typical implementations of privacy preservation mechanisms in blockchain and explore future research challenges that still need to be addressed in order to preserve privacy when blockchain is used.

computer science, interdisciplinary applications, software engineering, hardware & architecture

Ivan Homoliak,Sarad Venugopalan,Qingze Hum,Pawel Szalachowski

DOI: https://doi.org/10.48550/arXiv.1904.06898

2019-04-15

Abstract:Due to their interesting features, blockchains have become popular in recent years. They are full-stack systems where security is a critical factor for their success. The main focus of this work is to systematize knowledge about security and privacy issues of blockchains. To this end, we propose a security reference architecture based on models that demonstrate the stacked hierarchy of various threats (similar to the ISO/OSI hierarchy) as well as threat-risk assessment using ISO/IEC 15408. In contrast to the previous surveys, we focus on the categorization of security incidents based on their origins and using the proposed architecture we present existing prevention and mitigation techniques. The scope of our work mainly covers aspects related to the decentralized nature of blockchains, while we mention common operational security issues and countermeasures only tangentially.

Cryptography and Security

Rajesh Kumar

DOI: https://doi.org/10.55041/ijsrem11514

2022-01-24

INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT

Abstract:Since when bitcoin make an entry in cryptocurrency which is based on blockchain technology gets so much popularity just from initial phase itself, now most of the cryptocurrency are moving towards blockchain framework and using different hashing function. In this advancement most of the works are now using blockchain technology from cryptocurrency to smart online retails platforms which has been used by Walmart. since its going to be most used term and popular technology most of the attackers are targeting and just by using some loopholes and any other technical glitches or any other way they are attacking over this technology. since its going to be future and everyone is concerned for its security and privacy, here we did a good comparison of many attacks already did on this blockchain frameworks and we summarize this attacks and we tried to give our own opinion to make it more reliable and flexible. Key Words: Consensus, PoW, PoS, PoL, PoI, Bloch Chain,

Bilash Saha,Md Mehedi Hasan,Nafisa Anjum,Sharaban Tahora,Aiasha Siddika,Hossain Shahriar

2023-06-21

Abstract:Blockchain technology transformed the digital sphere by providing a transparent, secure, and decentralized platform for data security across a range of industries, including cryptocurrencies and supply chain management. Blockchain's integrity and dependability have been jeopardized by the rising number of security threats, which have attracted cybercriminals as a target. By summarizing suggested fixes, this research aims to offer a thorough analysis of mitigating blockchain attacks. The objectives of the paper include identifying weak blockchain attacks, evaluating various solutions, and determining how effective and effective they are at preventing these attacks. The study also highlights how crucial it is to take into account the particular needs of every blockchain application. This study provides beneficial perspectives and insights for blockchain researchers and practitioners, making it essential reading for those interested in current and future trends in blockchain security research.

Cryptography and Security,Computers and Society,Databases,Distributed, Parallel, and Cluster Computing

Xiaoying Zheng,Yongxin Zhu,Xueming Si

DOI: https://doi.org/10.3390/app9224731

2019-01-01

Applied Sciences

Abstract:Blockchain naturally fits multiple industry sectors due its characteristics of decentralization, enhanced security, tamper-proof, improved traceability and transparency. However, there is a significant concern of blockchain’s performance, since blockchain trades off its performance for a completely distributed feature, which enhances its security. In this paper, we investigate the state-of-the-art progress of blockchain, mainly from a performance and security perspective. We extracted 42 primary papers from major scientific databases and 34 online technical articles. The objective is to understand the current research trends, challenges and future directions. We briefly introduce the key technologies of blockchain including distributed ledger, cryptography, consensus, smart contracts and benchmarks. We next summarize the performance and security concerns raised in the investigation. We discuss the architectural choices, performance metrics, database management enhancements, and hybrid blockchains, and try to identify the effort that the state-of-the-art has made to balance between the performance and security. We also make experiments on Ethereum and survey other popular blockchain platforms on the scalability feature of blockchain. We later discuss the potential applications and present the lessons learned. Finally, we attempt to identify the open issues and possible research directions.

Wenkai Li,Jiuyang Bu,Xiaoqi Li,Hongli Peng,Yuanzheng Niu,Yuqing Zhang

DOI: https://doi.org/10.1016/j.jksuci.2022.10.028

2022-10-26

Abstract:DeFi, or Decentralized Finance, is based on a distributed ledger called blockchain technology. Using blockchain, DeFi may customize the execution of predetermined operations between parties. The DeFi system use blockchain technology to execute user transactions, such as lending and exchanging. The total value locked in DeFi decreased from \$200 billion in April 2022 to \$80 billion in July 2022, indicating that security in this area remained problematic. In this paper, we address the deficiency in DeFi security studies. To our best knowledge, our paper is the first to make a systematic analysis of DeFi security. First, we summarize the DeFi-related vulnerabilities in each blockchain layer. Additionally, application-level vulnerabilities are also analyzed. Then we classify and analyze real-world DeFi attacks based on the principles that correlate to the vulnerabilities. In addition, we collect optimization strategies from the data, network, consensus, smart contract, and application layers. And then, we describe the weaknesses and technical approaches they address. On the basis of this comprehensive analysis, we summarize several challenges and possible future directions in DeFi to offer ideas for further research.

Cryptography and Security

Rui Zhang,Rui Xue,Ling Liu

DOI: https://doi.org/10.1145/3316481

IF: 16.6

2020-05-31

ACM Computing Surveys

Abstract:Blockchain offers an innovative approach to storing information, executing transactions, performing functions, and establishing trust in an open environment. Many consider blockchain as a technology breakthrough for cryptography and cybersecurity, with use cases ranging from globally deployed cryptocurrency systems like Bitcoin, to smart contracts, smart grids over the Internet of Things, and so forth. Although blockchain has received growing interests in both academia and industry in the recent years, the security and privacy of blockchains continue to be at the center of the debate when deploying blockchain in different applications. This article presents a comprehensive overview of the security and privacy of blockchain. To facilitate the discussion, we first introduce the notion of blockchains and its utility in the context of Bitcoin-like online transactions. Then, we describe the basic security properties that are supported as the essential requirements and building blocks for Bitcoin-like cryptocurrency systems, followed by presenting the additional security and privacy properties that are desired in many blockchain applications. Finally, we review the security and privacy techniques for achieving these security properties in blockchain-based systems, including representative consensus algorithms, hash chained storage, mixing protocols, anonymous signatures, non-interactive zero-knowledge proof, and so forth. We conjecture that this survey can help readers to gain an in-depth understanding of the security and privacy of blockchain with respect to concept, attributes, techniques, and systems.

computer science, theory & methods

Kervins Nicolas,Yi Wang,George C. Giakos,Bingyang Wei,Hongda Shen

DOI: https://doi.org/10.1109/access.2020.3047365

IF: 3.9

2021-01-01

IEEE Access

Abstract:Blockchain is a technology that ensures data security by verifying database of records established in a decentralized and distributed network. Blockchain-based approaches have been applied to secure data in the fields of the Internet of Things, software engineering, healthcare systems, financial services, and smart power grids. However, the security of the blockchain system is still a major concern. We took the initiative to present a systematic study which sheds light on what defensive strategies are used to secure the blockchain system effectively. Specifically, we focus on blockchain data security that aims to mitigate the two data consistency attacks: double-spend attack and selfish mining attack. We employed the systematic approach to analyze a total of 40 selected studies using the proposed taxonomy of defensive strategies: monitoring, alert forwarding, alert broadcasting, inform, detection, and conceptual research design. It presents a comparison framework for existing and future research on blockchain security. Finally, some recommendations are proposed for blockchain researchers and developers.

computer science, information systems,telecommunications,engineering, electrical & electronic

Dan Wang,Jindong Zhao,Yingjie Wang

DOI: https://doi.org/10.1109/access.2020.2994294

IF: 3.9

2020-01-01

IEEE Access

Abstract:As a kind of point-to-point distributed public ledger technology, blockchain has been widely concerned in recent years. The privacy protection of blockchain technology has always been the core issue of people's attention. In this paper, some existing solutions to the current problems of user identity and transaction privacy protection are surveyed, including coin mixing mechanism, zero knowledge proof, ring signature and other technologies. Secondly, five typical applications of privacy protection technology based on blockchain are proposed and analyzed, which are mainly divided into technology applications based on coin mixing protocol, encryption protocol, secure channel protocol and so on. Finally, in view of the shortages of the existing blockchain privacy protection technology, we explore future research challenges that need to be studied in order to preserve privacy in blockchain system, and looks forward to the future development direction.

computer science, information systems,telecommunications,engineering, electrical & electronic

Mauro Conti,Sandeep Kumar E,Chhagan Lal,Sushmita Ruj

DOI: https://doi.org/10.1109/COMST.2018.2842460

2017-12-26

Abstract:Bitcoin is a popular cryptocurrency that records alltransactions in a distributed append-only public ledger calledblockchain. The security of Bitcoin heavily relies on the incentive-compatible proof-of-work (PoW) based distributed consensus pro-tocol, which is run by network nodes called miners. In exchangefor the incentive, the miners are expected to honestly maintainthe blockchain. Since its launch in 2009, Bitcoin economy hasgrown at an enormous rate, and it is now worth about 170 billions of dollars. This exponential growth in the market valueof Bitcoin motivates adversaries to exploit weaknesses for profit,and researchers to discover new vulnerabilities in the system,propose countermeasures, and predict upcoming <a class="link-external link-http" href="http://trends.In" rel="external noopener nofollow">this http URL</a> this paper, we present a systematic survey that covers thesecurity and privacy aspects of Bitcoin. We start by presenting anoverview of the Bitcoin protocol and its major components alongwith their functionality and interactions within the system. Wereview the existing vulnerabilities in Bitcoin and its underlyingmajor technologies such as blockchain and PoW based consensusprotocol. These vulnerabilities lead to the execution of varioussecurity threats to the normal functionality of Bitcoin. Wethen discuss the feasibility and robustness of the state-of-the-art security solutions. Additionally, we present current privacyand anonymity considerations in Bitcoin and discuss the privacy-related threats to Bitcoin users along with the analysis of theexisting privacy-preserving solutions. Finally, we summarize thecritical open challenges and suggest directions for future researchtowards provisioning stringent security and privacy techniquesfor Bitcoin.

Cryptography and Security

Baodong Wen,Yujue Wang,Yong Ding,Haibin Zheng,Bo Qin,Changsong Yang

DOI: https://doi.org/10.1016/j.ins.2023.119322

IF: 8.1

2023-06-17

Information Sciences

Abstract:As a key technology for building trust networks and implementing value interconnections, blockchain has received extensive attention. There are numerous technical use cases for blockchains in a variety of areas, such as digital currency systems, Internet of Things (IoT), smart grids, supply blockchain and finance. However, the widespread application of blockchain also encounters many security and privacy issues. This article presents an overview and analysis of privacy protection, security supervision and data exchange in blockchain-based applications, providing a comprehensive analysis of the wide application of blockchain. Moreover, blockchain's future research directions and development trends are discussed.

computer science, information systems

Ziyao Liu,Nguyen Cong Luong,Wenbo Wang,Dusit Niyato,Ping Wang,Ying-Chang Liang,Dong In Kim

DOI: https://doi.org/10.1109/ACCESS.2019.2909924

IF: 3.9

2019-01-01

IEEE Access

Abstract:Over the past decade, blockchain technology has attracted tremendous attention from both academia and industry. The popularity of blockchains was originated from the concept of crypto-currencies to serve as a decentralized and tamper-proof transaction data ledger. Nowadays, blockchains as the key framework in the decentralized public data-ledger have been applied to a wide range of scenarios far beyond crypto-currencies, such as the Internet of Things, healthcare, and insurance. This survey aims to fill the gap between a large number of studies on blockchain networks, where game theory emerges as an analytical tool, and the lack of a comprehensive survey on the game theoretical approaches applied in blockchain-related issues. In this survey, we review the game models proposed to address common issues in the blockchain network. The focus is placed on security issues, e.g., selfish mining, majority attack and denial of service attack, issues regarding mining management, e.g., computational power allocation, reward allocation, and pool selection, as well as issues regarding blockchain economic and energy trading. Additionally, we discuss the advantages and disadvantages of these selected game theoretical models and solutions. Finally, we highlight important challenges and future research directions of applying game theoretical approaches to incentive mechanism design and the combination of blockchain with other technologies.