January 2020 list
If you feel a paper should belong to another category, or that we missed a relevant paper just let us know. Participation is most welcome!
Categories:
- Attacks and defenses
- Blockchain-general
- Blockchain-noncrypto uses
- Ethereum
- Financial
- Internet of Things (IoT)
- Mathematical
- Proof of Work (PoW) alternatives
Attacks and defenses
Is Cryptojacking Dead after Coinhive Shutdown?
Authors: Said Varlioglu, Bilal Gonen, Murat Ozer, F. Mehmet Bastug
Abstract: Cryptojacking is the exploitation of victims’ computer resources to mine for cryptocurrency using malicious scripts. It has become popular after 2017. Coinhive, which was a mining service, legally produced scripts and provided servers for in-browser mining activities. Over 10 million web users had been victims every month before Coinhive shutdown that happened on Mar 2019. This paper explores the new era of the cryptojacking world after Coinhive discontinued its service. We aimed to see whether and how attackers continue cryptojacking, generate new malicious scripts, and developed new methods. We used a capable cryptojacking detector named CMTracker that proposed by Hong et al. in 2018. We automatically and manually examined 2770 websites that had been detected by CMTracker before Coinhive. The results revealed that 99% of sites no longer continue cryptojacking. 1% of websites still run 8 unique mining scripts. By tracking these mining scripts, we detected 632 unique cryptojacking websites. Moreover, open source investigations (OSINT) demonstrated that attackers still use the same methods. Therefore, we listed the typical patterns of cryptojacking. We concluded that cryptojacking is not dead after the Coinhive shutdown. It is still alive, but not as attractive as it used to be.
Blockchain-general
On the Convergence of Artificial Intelligence and Distributed Ledger Technology: A Scoping Review and Future Research Agenda
Authors: D. Konstantin Pandl, Scott Thiebes, Manuel Schmidt-Kraepelin, Ali Sunyaev
Abstract: Developments in Artificial Intelligence (AI) and Distributed Ledger Technology (DLT) currently lead lively debates in academia and practice. AI processes data to perform tasks that were previously thought possible only for humans to perform. DLT acts in uncertain environments to create consensus over data among a group of participants. In recent articles, both technologies complement each other. Examples include the design of secure distributed ledgers or the creation of allied learning systems distributed across multiple nodes. This can lead to technological convergence, which in the past, has paved the way for major IT product innovations. Previous work highlights several potential benefits of the convergence of AI and DLT but only provides a limited theoretical framework to describe upcoming real-world integration cases of both technologies. We aim to contribute by conducting a systematic literature review on the previous work and by providing rigorously derived future research opportunities. Our analysis identifies how AI and DLT exchange data, and how to use these integration principles to build new systems. Based on that, we present open questions for future research. This work helps researchers active in AI or DLT to overcome current limitations in their field, and engineers to develop systems along with the convergence of these technologies.
Segment blockchain: A size reduced storage mechanism for blockchain
Authors: Yibin Xu, Yangyu Huang
Abstract: The exponential growth of the blockchain size has become a major contributing factor that hinders the decentralisation of blockchain and its potential implementations in data-heavy applications. In this paper, we propose segment blockchain, an approach that segmentises blockchain and enables nodes to only store a copy of one blockchain segment. We use \emph{PoW} as a membership threshold to limit the number of nodes taken by an Adversary—the Adversary can only gain at most $n/2$ of nodes in a network of $n$ nodes when it has $50\%$ of the calculation power in the system (the Nakamoto blockchain security threshold). A segment blockchain system fails when an Adversary stores all copies of a segment, because the Adversary can then leave the system, causing a permanent loss of the segment. We theoretically prove that segment blockchain can sustain a $(AD/n)^m$ failure probability when the Adversary has no more than $AD$ number of nodes and every segment is stored by $m$ number of nodes. The storage requirement is mostly shrunken compared to the traditional design and therefore making the blockchain more suitable for data-heavy applications.
Effective scaling of blockchain beyond consensus innovations and Moore’s law
Authors: Yinqiu Liu, Kai Qian, Jinlong Yu, Kun Wang, Lei He
Abstract: As an emerging technology, blockchain has achieved great success in numerous application scenarios, from intelligent healthcare to smart cities. However, a long-standing bottleneck hindering its further development is the massive resource consumption attributed to the distributed storage and computation methods. This makes blockchain suffer from insufficient performance and poor scalability. Here, we analyze the recent blockchain techniques and demonstrate that the potential of widely-adopted consensus-based scaling is seriously limited, especially in the current era when Moore’s law-based hardware scaling is about to end. We achieve this by developing an open-source benchmarking tool, called Prism, for investigating the key factors causing low resource efficiency and then discuss various topology and hardware innovations which could help to scale up blockchain. To the best of our knowledge, this is the first in-depth study that explores the next-generation scaling strategies by conducting large-scale and comprehensive benchmarking.
KYChain: User-Controlled KYC Data Sharing and Certification
Authors: Cătălin Constantin Drăgan, Mark Manulis
Abstract: Under Know Your Customer (KYC) regulations, financial institutions are required to verify the identity and assess the trustworthiness of any new client during on-boarding, and maintain up-to-date records for risk management. These processes are time consuming, expensive, typically have sub-par record-keeping steps, and disadvantage clients with nomad lifestyle. In this paper, we introduce KYChain as a privacy-preserving certification mechanism that allows users to share (certified) up-to-date KYC data across multiple financial institutions. We base KYChain on immutable ledgers and show that it offers confidentiality and certification compliance of KYC data.
Blockchain-noncrypto uses
OAuth 2.0 authorization using blockchain-based tokens
Authors: Nikos Fotiou, Iakovos Pittaras, A. Vasilios Siris, Spyros Voulgaris, C. George Polyzos
Abstract: OAuth 2.0 is the industry-standard protocol for authorization. It facilitates secure service provisioning, as well as secure interoperability among diverse stakeholders. All OAuth 2.0 protocol flows result in the creation of an access token, which is then used by a user to request access to a protected resource. Nevertheless, the definition of access tokens is transparent to the OAuth 2.0 protocol, which does not specify any particular token format, how tokens are generated, or how they are used. Instead, the OAuth 2.0 specification leaves all these as design choices for integrators. In this paper, we propose a new type of OAuth 2.0 token backed by a distributed ledger. Our construction is secure, and it supports proof-of-possession, auditing, and accountability. Furthermore, we provide added-value token management services, including revocation, delegation, and fair exchange by leveraging smart contracts. We realized a proof-of-concept implementation of our solution using Ethereum smart contracts and the ERC-721 token specification.
IPPO: A Privacy-Aware Architecture for Decentralized Data-sharing
Authors: Maurizio Aiello, Enrico Cambiaso, Roberto Canonico, Leonardo Maccari, Marco Mellia, Antonio Pescapè, Ivan Vaccari
Abstract: Online trackers personalize ads campaigns, exponentially increasing their efficacy compared to traditional channels. The downside of this is that thousands of mostly unknown systems own our profiles and violate our privacy without our awareness. IPPO turns the table and re-empower users of their data, through anonymised data publishing via a Blockchain-based Decentralized Data Marketplace. We also propose a service based on machine learning and big data analytics to automatically identify web trackers and build Privacy Labels (PLs), based on the nutrition labels concept. This paper describes the motivation, the vision, the architecture and the research challenges related to IPPO.
Ethereum
Wallet Contracts on Ethereum
Authors: Monika Angelo di, Gernot Salzer
Abstract: In the area of blockchains, a wallet is anything that manages the access to cryptocurrencies and tokens. Off-chain wallets appear in different forms, from paper wallets to hardware wallets to dedicated wallet apps, while on-chain wallets are realized as smart contracts. Wallet contracts are supposed to increase trust and security by being transparent and by offering features like daily limits, approvals, multiple signatures, and recovery mechanisms. Ethereum is the most prominent platform for both, tokens and smart contracts, and thus also for on-chain wallets. Our work aims at a better understanding of Ethereum on-chain wallets, which represent one of the most frequent types of smart contracts. By analyzing source code, bytecode, and execution traces, we derive usage scenarios and patterns. We discuss several methods for identifying wallet contracts in a semi-automatic manner by looking at the deployed bytecodes and their interaction patterns. We extract blueprints for wallets and thereby compile a ground truth. Furthermore, we differentiate characteristics of wallets in use, and group them into six types. We provide numbers and temporal perspectives regarding the creation and use of wallets. We analyze the data of the Ethereum main chain up to block 8450000, mined on August 30, 2019.
Financial
Using Networks and Partial Differential Equations to Predict Bitcoin Price
Authors: Yufang Wang, Haiyan Wang
Abstract: Over the past decade, the blockchain technology and its Bitcoin cryptocurrency have received considerable attention. Bitcoin has experienced significant price swings in daily and long-term valuations. In this paper, we propose a partial differential equation (PDE) model on the bitcoin transaction network for predicting bitcoin price. Through analysis of bitcoin subgraphs or chainlets, the PDE model captures the influence of transaction patterns on bitcoin price over time and combines the effect of all chainlet clusters. In addition, Google Trends Index is incorporated to the PDE model to reflect the effect of bitcoin market sentiment. The experiment shows that the average accuracy of daily bitcoin price prediction is 0.82 for 362 consecutive days in 2017. The results demonstrate the PDE model is capable of predicting bitcoin price. The paper is the first attempt to apply a PDE model to the bitcoin transaction network for predicting bitcoin price.
Forecasting Bitcoin closing price series using linear regression and neural networks models
Authors: Nicola Uras, Lodovica Marchesi, Michele Marchesi, Roberto Tonelli
Abstract: This paper studies how to forecast daily closing price series of Bitcoin, using data on prices and volumes of prior days. Bitcoin price behaviour is still largely unexplored, presenting new opportunities. We compared our results with two modern works on Bitcoin prices forecasting and with a well-known recent paper that uses Intel, National Bank shares and Microsoft daily NASDAQ closing prices spanning a 3-year interval. We followed different approaches in parallel, implementing both statistical techniques and machine learning algorithms. The SLR model for univariate series forecast uses only closing prices, whereas the MLR model for multivariate series uses both price and volume data. We applied the ADF -Test to these series, which resulted to be indistinguishable from a random walk. We also used two artificial neural networks: MLP and LSTM. We then partitioned the dataset into shorter sequences, representing different price regimes, obtaining best result using more than one previous price, thus confirming our regime hypothesis. All the models were evaluated in terms of MAPE and relativeRMSE. They performed well, and were overall better than those obtained in the benchmarks. Based on the results, it was possible to demonstrate the efficacy of the proposed methodology and its contribution to the state-of-the-art.
Competitive equilibria between staking and on-chain lending
Authors: Tarun Chitra
Abstract: Proof of Stake (PoS) is a burgeoning Sybil resistance mechanism that aims to have a digital asset (“token”) serve as security collateral in crypto networks. However, PoS has so far eluded a comprehensive threat model that encompasses both Byzantine attacks from distributed systems and financial attacks that arise from the dual usage of the token as a means of payment and a Sybil resistance mechanism. In particular, the existence of derivatives markets makes malicious coordination among validators easier to execute than in Proof of Work systems. We demonstrate that it is also possible for on-chain lending smart contracts to cannibalize network security in PoS systems. When the yield provided by these contracts is more attractive than the inflation rate provided from staking, stakers will tend to remove their staked tokens and lend them out, thus reducing network security. In this paper, we provide a simple stochastic model that describes how rational validators with varying risk preferences react to changes in staking and lending returns. For a particular configuration of this model, we provide a formal proof of a phase transition between equilibria in which tokens are predominantly staked and those in which they are predominantly lent. We further validate this emergent adversarial behavior (e.g. reduced staked token supply) with agent-based simulations that sample transitions under more realistic conditions. Our results illustrate that rational, non-adversarial actors can dramatically reduce PoS network security if block rewards are not calibrated appropriately above the expected yields of on-chain lending.
Internet of Things (IoT)
Blockchain-based Smart-IoT Trust Zone Measurement Architecture
Authors: Jawad Ali, Toqeer Ali, Yazed Alsaawy, Shahrafidz Ahmad Khalid, Shahrulniza Musa
Abstract: With a rapid growth in the IT industry, Internet of Things (IoT) has gained a tremendous attention and become a central aspect of our environment. In IoT the things (devices) communicate and exchange the data without the act of human intervention. Such autonomy and proliferation of IoT ecosystem make the devices more vulnerable to attacks. In this paper, we propose a behavior monitor in IoT-Blockchain setup which can provide trust-confidence to outside networks. Behavior monitor extracts the activity of each device and analyzes the behavior using deep auto-encoders. In addition, we also incorporate Trusted Execution Technology (Intel SGX) in order to provide a secure execution environment for applications and data on blockchain. Finally, in evaluation we analyze three IoT devices data that is infected by mirai attack. The evaluation results demonstrate the ability of our proposed method in terms of accuracy and time required for detection.
Towards a secure behavior modeling for IoT networks using Blockchain
Authors: Jawad Ali, Shahrafidz Ahmad Khalid, Eiad Yafi, Shahrulniza Musa, Waqas Ahmed
Abstract: Internet of Things (IoT) occupies a vital aspect of our everyday lives. IoT networks composed of smart-devices which communicate and transfer the information without the physical intervention of humans. Due to such proliferation and autonomous nature of IoT systems make these devices threatened and prone to a severe kind of threats. In this paper, we introduces a behavior capturing, and verification procedures in blockchain supported smart-IoT systems that can be able to show the trust-level confidence to outside networks. We defined a custom \emph{Behavior Monitor} and implement on a selected node that can extract the activity of each device and analyzes the behavior using deep machine learning strategy. Besides, we deploy Trusted Execution Technology (TEE) which can be used to provide a secure execution environment (enclave) for sensitive application code and data on the blockchain. Finally, in the evaluation phase we analyze various IoT devices data that is infected by Mirai attack. The evaluation results show the strength of our proposed method in terms of accuracy and time required for detection.
Towards Secure IoT Communication with Smart Contracts in a Blockchain Infrastructure
Authors: Jawad Ali, Toqeer Ali, Shahrulniza Musa, Ali Zahrani
Abstract: The Internet of Things (IoT) is undergoing rapid growth in the IT industry, but, it continues to be associated with several security and privacy concerns as a result of its massive scale, decentralised topology, and resource-constrained devices. Blockchain (BC), a distributed ledger technology used in cryptocurrency has attracted significant attention in the realm of IoT security and privacy. However, adopting BC to IoT is not straightforward in most cases, due to overheads and delays caused by BC operations. In this paper, we apply a BC technology known as Hyperledgder Fabric, to an IoT network. This technology introduces an execute-order technique for transactions that separates the transaction execution from consensus, resulting in increased efficiency. We demonstrate that our proposed IoT-BC architecture is sufficiently secure with regard to fundamental security goals i.e., confidentiality, integrity, and availability. Finally, the simulation results are highlighted that shows the performance overheads associated with our approach are as minimal as those associated with the Hyperledger Fabric framework and negligible in terms of security and privacy.
Mathematical
RTM: Blockchain That Support Revocable Transaction Model
Authors: Victor Gates
Abstract: In many typical application scenarios, it is necessary to revoke the incorrect account operations caused by user mis-operation, financial fraud, illegal hacking, etc. Unfortunately, users often blur the lines between the concept of “transaction state revocable” and “business status revocable”, which result in revocable transaction not universally supported in blockchain systems at present. In this work, we propose GateChain , a blockchain that support revocable transaction model (RTM) on distributed ledger. Specifically, based on the state-of-the-art blockchain technologies, GateChain can safely withdraw the account status change operations by leveraging an improved account model and extra designed transaction types. On that basis, GateChain exploit the characteristics of functional completeness, easy to deployment and lower complexity.
Proof of Work (PoW) alternatives
BlockHouse: Blockchain-based Distributed Storehouse System
Authors: Doriane Perard, Lucas Gicquel, Jérôme Lacan
Abstract: We propose in this paper BlockHouse, a decentralized/P2P storage system fully based on private blockchains. Each participant can rent his unused storage in order to host data of other members. This system uses a dual Smart Contract and Proof of Retrievability system to automatically check at a fixed frequency if the file is still hosted. In addition to transparency, the blockchain allows a better integration with all payments associated to this type of system ( regular payments, sequestration to ensure good behaviors of users, …). Except the data transferred between the client and the server, all the actions go through a smart contract in the blockchain in order to log, pay and secure the entire storage process.
PoAh: A Novel Consensus Algorithm for Fast Scalable Private Blockchain for Large-scale IoT Frameworks
Authors: Deepak Puthal, P. Saraju Mohanty, P. Venkata Yanambaka, Elias Kougianos
Abstract: In today’s connected world, resource constrained devices are deployed for sensing and decision making applications, ranging from smart cities to environmental monitoring. Those recourse constrained devices are connected to create real-time distributed networks popularly known as the Internet of Things (IoT), fog computing and edge computing. The blockchain is gaining a lot of interest in these domains to secure the system by ignoring centralized dependencies, where proof-of-work (PoW) plays a vital role to make the whole security solution decentralized. Due to the resource limitations of the devices, PoW is not suitable for blockchain-based security solutions. This paper presents a novel consensus algorithm called Proof-of-Authentication (PoAh), which introduces a cryptographic authentication mechanism to replace PoW for resource constrained devices, and to make the blockchain application-specific. PoAh is thus suitable for private as well as permissioned blockchains. Further, PoAh not only secures the systems, but also maintains system sustainability and scalability. The proposed consensus algorithm is evaluated theoretically in simulation scenarios, and in real-time hardware testbeds to validate its performance. Finally, PoAh and its integration with the blockchain in the IoT and edge computing scenarios is discussed. The proposed PoAh, while running in limited computer resources (e.g. single-board computing devices like the Raspberry Pi) has a latency in the order of 3 secs.
Consistency of Proof-of-Stake Blockchains with Concurrent Honest Slot Leaders
Authors: Aggelos Kiayias, Saad Quader, Alexander Russell
Abstract: We improve the fundamental security threshold of Proof-of-Stake (PoS) blockchain protocols, reflecting for the first time the positive effect of rounds with multiple honest leaders. Current analyses of the longest-chain rule in PoS blockchain protocols reduce consistency to the dynamics of an abstract, round-based block creation process determined by three probabilities: $p_A$, the probability that a round has at least one adversarial leader; $p_h$, the probability that a round has a single honest leader; and $p_H$, the probability that a round has multiple, but honest, leaders. We present a consistency analysis that achieves the optimal threshold $p_h + p_H > p_A$. This is a first in the literature and can be applied to both the simple synchronous setting and the setting with bounded delays. We also achieve the optimal consistency error $e^{-Θ(k)}$, $k$ being the confirmation time. The consistency analyses in Ouroboros Praos (Eurocrypt 2018) and Genesis (CCS 2018) assume that $p_h – p_H > p_A$; the analyses in Sleepy Consensus (Asiacrypt 2017) and Snow White (Fin. Crypto 2019) assume that $p_h > p_A$. Thus existing analyses either incur a penalty for multiply-honest rounds, or treat them neutrally. In addition, previous analyses completely break down when $p_h < p_A$. Our new results can be directly applied to improve the consistency of these existing protocols. We emphasize that these thresholds determine the critical tradeoff between honest majority, network delays, and consistency error. We complement our results with a consistency analysis in the setting where uniquely honest slots are rare, event letting $p_h = 0$, under the added assumption that honest players adopt a consistent chain selection rule. Our analysis provides a direct connection between the Ouroboros analysis focusing on "relative margin" and the Sleepy analysis focusing on "strong pivots."
Leave a Comment