Fig 12 - uploaded by Md. Sadek Ferdous
Content may be subject to copyright.
Petri Net of Block Withholding Attack

Petri Net of Block Withholding Attack

Source publication
Conference Paper
Full-text available
Blockchain technology has evolved through many changes and modifications, such as smart-contracts since its inception in 2008. The popularity of a blockchain system is due to the fact that it offers a significant security advantage over other traditional systems. However, there have been many attacks in various blockchain systems, exploiting differ...

Similar publications

Preprint
Full-text available
Blockchain technology has evolved through many changes and modifications, such as smart-contracts since its inception in 2008. The popularity of a blockchain system is due to the fact that it offers a significant security advantage over other traditional systems. However, there have been many attacks in various blockchain systems, exploiting differ...

Citations

... The token instantiation and multi-level systems dynamics of Petri nets lend themselves to blockchain interpretations as many projects take advantage of the 2-tier network structure (Table 2). also One project uses Petri nets to develop a rigorous blockchain security analysis system [Shahriar et al., 2020]. The system models the dynamism of a dozen different kinds of attacks (e.g. ...
Preprint
Full-text available
Blockchains are formal systems for equipping objects with value, transacting their exchange, and creating domain-specific event histories. Categorical cryptoeconomics is the application of category-theoretic methods to blockchain study with formalisms which pertain to blockchains and generalize to the programmable computational infrastructure more broadly. Section 1 provides an overview of twenty categorical cryptoeconomic primitives (in algebraic topology (persistent cohomology, semitopology), logic, sheaves, set theory, group theory, optics, and blockchain Petri nets) and their use in consensus, ledger construction, mining, and smart contract platforms. Section 2 introduces four progressively higher categorical cryptoeconomic formulations: HoTT (homotopy type theory) blockchains, Petri net computad ledgers, coregulator DAOs (decentralized autonomous organizations), and cohomology ZKPs (zero-knowledge proofs). The progression is first, nodes as themselves simplicial sets, fibrations, and 2-Segal spaces, second, nodes switched as gradients, third, time-modulated node and path propagation, and fourth, physics-agnostic node and path multiplexing. A 2-category of smart network technologies is envisioned with object instances of blockchains, AI, deep learning, robotics, autonomous vehicles, and digital biology health twins, and morphisms as structure-preserving functors.
... SPN is known for its high representativeness and is more intuitive than conventional approaches, such as Markov chains [8]. Other works have proposed models to analyze availability and costs in deployment [9,10], identify bottlenecks [11][12][13], and the behavior of the network in attack situations [14]. However, these efforts must model the resources available to execute transactions, considering queuing and parallel processing resources. ...
Preprint
Full-text available
Hyperledger Fabric is a platform for permissioned blockchain networks that enables secure and auditable distributed data storage for enterprise applications. There is a growing interest in applications based on this platform, but its use requires the configuration of different blockchain parameters. Various configurations impact the system's non-functional qualities, especially performance and cost. In this article, we propose a Stochastic Petri Net to model the performance of the Hyperledger Fabric platform with different blockchain parameters, computer capacity, and transaction rates. We also present a set of case studies to demonstrate the feasibility of the proposed model. This model serves as a practical guide to help administrators of permissioned blockchain networks find the best performance for their applications. The proposed model allowed us to identify the block size that leads to a high mean response time (ranging from 1 to 25 seconds) caused by a change in the arrival rate.
... Van Landuyt et al. [9] investigated threats using STRIDE and LINDDUN to distributed ledgers and blockchains. Shahriar et al. [10] investigated vulnerabilities in blockchain systems that can be exploitable solely by utilizing quantum computing. The study employed Petri Nets to create models encompassing a broad spectrum of attacks applicable to classical and quantum computers. ...
... Aunque la tecnología blockchain proporciona herramientas para gestionar y almacenar información de manera segura, también es vulnerable a diversos tipos de ataques. En la literatura se identifican principalmente seis categorías de vulnerabilidades [13]. Para comprender la seguridad de la plataforma seleccionada por el desarrollador del sistema, se asignará una calificación otorgada por Certified [12]. ...
Conference Paper
Full-text available
La tecnología blockchain ha despertado un gran interés en diversos sectores como son las finanzas, las aplicaciones empresariales y el Internet de las cosas (IoT), entre otros. A medida que las organizaciones van reconociendo la importancia estratégica de la tecnología blockchain, ha aumentado el interés por su adopción. Sin embargo, retos como la integración con los sistemas existentes, los problemas de seguridad, las incertidumbres normativas y la falta de experiencia complican su adopción. Al mismo tiempo cada vez hay un número mayor de plataformas blockchain y seleccionar la plataforma adecuada es un proceso complicado que requiere de una evaluación exhaustiva de su funcionalidad, adaptabilidad y compatibilidad. Las metodologías existentes ayudan a decidir cuándo utilizar la tecnología blockchain, pero no apoyan en la tarea de selección de una plataforma. En respuesta a esto, proponemos MEDAD, una metodología de selección de plataformas blockchain diseñada para agilizar el proceso de desarrollo de aplicaciones distribuidas. MEDAD se integra con los procesos de desarrollo de software existentes, ayudando en la adopción de blockchain al tiempo que minimiza la deuda técnica en solo 3 pasos.
... SPN is known for its high representativeness and is more intuitive than conventional approaches, such as Markov chains [8]. Other works have proposed models to analyze availability and costs in deployment [9,10], identify bottlenecks [11][12][13], and the behavior of the network in attack situations [14]. However, these efforts must model the resources available to execute transactions, considering queuing and parallel processing resources. ...
Article
Full-text available
Hyperledger Fabric is a platform for permissioned blockchain networks that enables secure and auditable distributed data storage for enterprise applications. There is a growing interest in applications based on this platform, but its use requires the configuration of different blockchain parameters. Various configurations impact the system’s non-functional qualities, especially performance and cost. In this article, we propose a Stochastic Petri Net to model the performance of the Hyperledger Fabric platform with different blockchain parameters, computer capacity, and transaction rates. We also present a set of case studies to demonstrate the feasibility of the proposed model. This model serves as a practical guide to help administrators of permissioned blockchain networks find the best performance for their applications. The proposed model allowed us to identify the block size that leads to a high mean response time (ranging from 1 to 25 seconds) caused by a change in the arrival rate.
... Petri nets have gained wide recognition as a convenient and visual tool for describing models and processes of information transformation (Baez and Master, 2020;Cassandras and Lafortune, 2021;Zhou and Wu, 2018). Unlike traditional automata, Petri nets make it possible to describe many different types of models and the processes occurring in them by establishing local relationships between components and tracking local changes in the states of the entire system of models (Cantrell, 2021;Grobelna and Karatkevich, 2021;Petty et al., 2022;Shahriar et al., 2020;Zhu et al., 2020). ...
Article
Full-text available
. Designing systems based on high-computational technologies of the Internet of Things, smart and mobile technologies require integrating security across all stages of the lifecycle. Those systems often evolve cyber-physical, socio-cyber-physical systems, which require consideration of their structure as multi-platform, and requires the formation of multi-circuit security systems. At the same time, in each platform (social, cloud and physical) it is necessary to form both internal and external security contours. This approach ensures not only objectivity, but also timely preventive measures to protect information. The article discusses the main approaches to modelling multi-circuit security systems taking into account the physical infrastructure. The proposed approaches provide not only a taxonomy of cybersecurity system models, but also allow to assess the advantages and disadvantages of each class and to ensure the necessary level of objectivity in modelling the security of social-cyberphysical systems.
... SPNs são conhecidas pelo alto grau de representatividade, sendo mais intuitivos que opções convencionais, como cadeias de Markov, para representar concorrência, paralelismo, e sincronização em sistemas , Pinheiro et al. 2019, Rodrigues et al. 2019, Ferreira et al. 2019, Silva et al. 2022]. Os trabalhos relacionados na Seção 2 propuseram modelos para analisar a disponibilidade e custos na implantação [Melo et al. 2022, Melo et al. 2021], identificar gargalos [Xu et al. 2021, Sukhwani et al. 2018, Yuan et al. 2020] e o comportamento da rede em situações de ataque [Shahriar et al. 2020]. Nenhum desses esforços, no entanto, modela a quantidade de recursos disponíveis para executar requisições, considerando recursos de enfileiramento e processamento paralelo. ...
... Por fim, modelos também foram utilizados para estudar o comportamento de sistemas Blockchain em situações de ataque. Em [Shahriar et al. 2020] os autores usaram em Redes de Petri capazes de identificar as vulnerabilidades que podem ser exploradas e as ameaças que o sistema está exposto. Os autores em [Zhou et al. 2021] utilizaram uma rede CTMC para avaliar a disponibilidade de um sistema de bitcoin sob um ataque Eclipse em diferentes taxas. ...
Conference Paper
Hyperledger Fabric é uma plataforma para redes blockchains permissionadas que permite o armazenamento e o acesso distribuído a dados de forma segura e auditável para aplicações corporativas. Existe um crescente interesse por aplicações dessa plataforma, mas o seu uso requer a configuração de uma blockchain com diferentes etapas de processamento de requisições. As diversas configurações possíveis impactam nas qualidades não funcionais da plataforma, em especial desempenho e custo. Este artigo propõe um modelo de Rede de Petri Estocástica (SPN) para modelar o desempenho de requisições na plataforma Hyperledger Fabric com variadas parametrizações para blockchain, capacidade de computadores e taxas de requisições. Apresentamos também um estudo de utilização do modelo que serve como uma exemplificação para auxiliar os administradores de redes blockchains permissionadas a adequar suas configurações encontrando o melhor desempenho para aplicações. O modelo permitiu, por exemplo, identificar o tamanho do bloco que leva a um tempo médio de resposta excessivamente alto (variando de 1 a 25 segundos) causado por alto enfileiramento de requisições.
... Additionally, the researchers outline real cases, e.g. the Decentralized Autonomous Organization (DAO) attack [16]. Shaharir et al. [17] describe comprehensively the flow of attacks against blockchain systems by using Petri Nets [18] following the STRIDE methodology. ...
... Among the methodologies, STRIDE is widely used [17]. Furthermore, attack trees allow a simple yet powerful way to structurally model threats. ...
Article
Full-text available
The concept of Self-Sovereign Identity (SSI) promises to strengthen the security and user-centricity of identity management. Since any secure online service relies on secure identity management, we comparatively analyze the intrinsic security of SSI. Thus, we adopt a hybrid threat modeling approach comprising STRIDE, attack trees, and ratings towards this unique context. Data flow diagrams of the isolated, centralized and the SSI model serve as the foundation for the assessment. The evolution of the paradigms shows an increasing complexity in security zones and communication paths between the components. We identified 35 threats to all SSI components and 15 protection measures that reduce the threats’ criticality. As a result, our research shows that the SSI paradigm’s threat surface is significantly higher compared to the traditional models. Besides the threat assessment on model level, the adapted methodology can evaluate a specific implementation. We analyzed uPort with a restricted scope to its user agent. Thus, 2 out of 10 threats were not properly addressed, leading to potential spoofing, denial, or repudiation of identity actions.
... Petri Net: (Kabashkin, 2017;Shahriar et al., 2020) DAG, Directed (Agarwal et al., 2021;Nguyen et al., 2020;Ofori-Boateng et al., 2021;Poursafaei et al., 2021;Tharani et al., 2021) Stability and security Linear, public, permissionless (ie. Tanwar et al., 2020) Tree-chain, public, permissionless. ...
Article
Full-text available
Blockchain has emerged as an innovative technology with potential to transform business management, through operational efficiency improvements. Nevertheless, several performance and vulnerability issues have been identified for the different typologies supporting the wide range of blockchain-based applications currently implemented in different domains. A variety of analytical and empirical models are being used to evaluate the issues associated with the different blockchain typologies, enabling systematic analyses of the corresponding efficiency impact, and technical or economic threats. A thorough systematic literature review of these models has been performed, followed by a detailed assessment on the way these models have been employed, and the target parameters and applications evaluated (336 research selected and analysed). We propose a co-classification of these models, allowing us to identify which ones are employed to a greater extent to address the different blockchain issues in scientific research. In a second step, a bibliometric analysis on the selected research is conducted, offering a complementary overview of the status of and trends in blockchain modelling, including the most prolific authors and leading contributing countries to the topic. The main outcome and contribution of the paper is the provision of a broad overview on how blockchain issues have been analytically tackled, through the synthesis and meta-analysis of the models used in the scientific literature since the inception of blockchain technology. The results have two main direct applications, firstly supporting novel vulnerability and performance analyses of existing blockchain applications by providing historical information on the models used so far, as well as the key parameters and typology of the blockchain-based applications evaluated. Secondly, in the implementation of new applications, by allowing the recognition of key issues identified that are associated with the different blockchain typologies and to determine the most suitable models to analyse the weaknesses and risks of the alternative designs under evaluation for these new implementations.
... On the other hand, this integration exposes SCADA-based IIoT networks to serious security threats and vulnerabilities, posing a significant danger to these networks and the trustworthiness of the systems [5]. The trustworthiness of an IIoT-enabled system ensures that it performs as expected while meeting a variety of security requirements, including trust, security, safety, reliability, resilience, and privacy [6][7][8]. Fig. 1 depicts the fundamental aspects of trustworthiness in an IIoTenabled network. The basic goal of the IIoT-enabled system is to increase trustworthiness by safeguarding identities, data, and services, and therefore to secure SCADA-based IIoT networks from cybercriminals [8,9]. ...
Article
A fundamental expectation of the stakeholders from the Industrial Internet of Things (IIoT) is its trustworthiness and sustainability to avoid the loss of human lives in performing a critical task. A trustworthy IIoT-enabled network encompasses fundamental security characteristics such as trust, privacy, security, reliability, resilience and safety. The traditional security mechanisms and procedures are insufficient to protect these networks owing to protocol differences, limited update options, and older adaptations of the security mechanisms. As a result, these networks require novel approaches to increase trust-level and enhance security and privacy mechanisms. Therefore, in this paper, we propose a novel approach to improve the trustworthiness of IIoT-enabled networks. We propose an accurate and reliable supervisory control and data acquisition (SCADA) network-based cyberattack detection in these networks. The proposed scheme combines the deep learning-based Pyramidal Recurrent Units (PRU) and Decision Tree (DT) with SCADA-based IIoT networks. We also use an ensemble-learning method to detect cyberattacks in SCADA-based IIoT networks. The non-linear learning ability of PRU and the ensemble DT address the sensitivity of irrelevant features, allowing high detection rates. The proposed scheme is evaluated on fifteen datasets generated from SCADA-based networks. The experimental results show that the proposed scheme outperforms traditional methods and machine learning-based detection approaches. The proposed scheme improves the security and associated measure of trustworthiness in IIoT-enabled networks.