No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Knocking on Tangle's Doors: Security Analysis of IOTA Ports
... (5) Security of the DAG-based blockchain: Conti et al. [18], Bramas [10,11], Shabandri et al. [83], Bhandary et al. [7], Li et al. [61], Wang et al. [91,95], Madenouei [64], Brighente et al. [12] and Fan et al. [28]. In addition, the parasite chain attacks are discussed by Staupe [87], Cullen et al. [20] and Penzkofer et al. [71]. ...
... (8) Throughput of the DAG-based blockchain: Zhang et al. [103], Madenouei [64], Brighente et al. [12] and Fan et al. [28]. ...
Note that the serial structure of blockchain has a number of essential pitfalls, and, thus, a data network structure and its DAG-based blockchain are introduced to resolve the blockchain pitfalls. From such a network perspective, analysis of the DAG-based blockchain systems becomes interesting but difficult and challenging. So, the simulation models are adopted widely. In this paper, we first describe a simple Markov model for the DAG-based blockchain with IOTA Tangle by means of two layers of tips and internal tips' impatient connection behavior. Then we set up a continuous-time Markov process to analyze the DAG-based blockchain system and show that this Markov process is a level-dependent quasi-birth-and-death (QBD) process. Based on this, we prove that the QBD process must be irreducible and positive recurrent. Furthermore, once the stationary probability vector of the QBD process is given, we provide performance analysis of the DAG-based blockchain system. Nextly, we propose a new effective method for computing the average sojourn time of any arriving internal tip at this system by means of the first passage times and the PH distributions. Finally, we use numerical examples to check the validity of our theoretical results and indicate how some key system parameters influence the performance measures of this system. Therefore, we hope that the methodology and results developed in this paper shed light on the DAG-based blockchain systems such that a series of promising research can be developed potentially.
Tangle provides an enlightening paradigm for DAG-based structures. We build a simple but flexible simulation network for Tangle by identifying its features. Based on that, we construct three types of attack strategies via defining basic actions and behaviours. We further evaluate these attacks in multi-dimensions with 12 sets of experiments, followed by comprehensive discussions. The results show the trend under different strategies and configurations. Our work provides an educational example for both attack and defense towards Tangle-based blockchains.
As data collected and provided by Internet of Things (IoT) devices power an ever-growing number of applications and services, it is crucial that this data can be trusted. Data provenance solutions combined with blockchain technology are one way to make data more trustworthy by providing tamper-proof information about the origin and history of data records. However, current blockchain-based solutions for data provenance fail to take the heterogeneous nature of IoT applications and their data into account. In this work, we identify functional and non-functional requirements for a secure and extensible IoT data provenance framework, and conceptualise the framework as a layered architecture. Evaluating the framework using a proof-of-concept implementation based on Ethereum smart contracts, we conclude that our framework can be used to realise data provenance concepts for a wide range of IoT use cases. While blockchain technology generally poses constraints on scalability and privacy, we discuss multiple solutions aiming to overcome these issues.
Data provenance and data integrity are among the key concerns in IoT based environments such as smart cities, smart grids, and vehicular networks etc. Many IoT devices suffer from both impersonation and data tampering attacks due to their architectural and computational limitations, which are unable to provide adequate level of security. This paper aims to provide and enforce data provenance and data integrity in IoT environments by using Physical Unclonable Functions (PUFs) and Ethereum, a blockchain variant with smart contracts. PUFs provide unique hardware fingerprints to establish data provenance while Ethereum provides a decentralized digital ledger which is able to withstand data tampering attacks.
Access control is a fundamental component of the design of distributed ledgers, influencing many aspects of their functionality, such as fairness, efficiency, traditional notions of network security, and adversarial attacks such as Denial-of-Service (DoS) attacks.
<sup>1</sup>
In this work, we consider the security of a recently proposed access control protocol for directed acyclic graph-based distributed ledgers. We present a number of attack scenarios and potential vulnerabilities of the protocol and introduce a number of additional features which enhance its resilience. Specifically, a blacklisting algorithm, which is based on a reputation-weighted threshold, is introduced to handle both spamming and multirate malicious attackers. A solidification request component is also introduced to ensure the fairness and consistency of the network in the presence of attacks. Finally, a timestamp component is also introduced to maintain the consistency of the network in the presence of multirate attackers. Simulations to illustrate the efficacy and robustness of the revised protocol are also presented.
Direct Acyclic Graph (DAG)-based blockchain and the corresponding consensus algorithm has been identified as a promising technology for Internet of Things (IoT). Compared with Proof-of-Work (PoW) and Proof-of-Stake (PoS) that have been widely used in the existing blockchains, the consensus algorithm designed based on DAG structure (simply called as DAG consensus) can overcome some shortcomings such as high resource consumption, high transaction fee, low transaction throughput and long confirmation delay. However, the theoretic analysis on the DAG consensus is an untapped venue to be explored. To this end, based on one of the most typical DAG consensuses, Tangle, we investigate the impact of network load on the blockchain performance and security. Considering unsteady network load, we first propose a Markov chain model to capture the behavior of DAG consensus process under dynamic load conditions. The key performance metrics, i.e., cumulative weight and confirmation delay are analysed based on the proposed model. Then, we leverage a stochastic model to analyse the probability of a successful double-spending attack in different network load regimes. The results can provide insightful understanding of DAG consensus process, e.g., how the network load affects the confirmation delay and the probability of a successful attack. Meanwhile, we also demonstrate the trade-off between security level and confirmation delay, which can act as a guidance for practical deployment of DAG-based blockchain systems.
In this paper we survey a number of interesting applications of blockchain technology not related to cryptocurrencies. As a matter of fact, after an initial period of application to cryptocurrencies and to the financial world, blockchain technology has been successfully exploited in many other different scenarios, where its unique features allowed the definition of innovative and sometimes disruptive solutions. In particular, this paper takes into account the following application scenarios: end-to-end verifiable electronic voting, healthcare records management, identity management systems, access control systems, decentralized notary (with a focus on intellectual property protection) and supply chain management. For each of these, we firstly analyse the problem, the related requirements and the advantages the adoption of blockchain technology might bring. Then, we present a number of relevant solutions proposed in the literature both by academia and companies.
Blockchain technology has attracted considerable attention owing to its wide range of potential applications. It first appeared as a cryptocurrency, called Bitcoin, but has since been used in many other business and nonbusiness applications. Unlike most existing systems that are based on centralized frameworks, this new technology utilizes peer‐to‐peer networks and distributed systems which includes blockchain registers to store transactions. Its structure is designed as a digital log file and stored as a series of linked groups, called blocks. Each individual block is locked cryptographically with the previous block. Once a block has been added, it cannot be altered. Many security experts speculate that the inherent cryptographic nature of the blockchain system is sufficient to withstand constant hacking and security threats. However, previous studies on the security and privacy of blockchain technology have shown that many applications have fallen victim to successful cyberattacks. Owing to the increasing demand for cryptocurrency and its current security challenges, previous studies have not focused on blockchain technology cybersecurity vulnerabilities extensively. Here, our study extends upon the previous studies on vulnerabilities and investigates the types of potential attacks. Our study then provides further direction to highlight possible countermeasures against blockchain technology vulnerability to cybersecurity.
We present an empirical investigation into the prevalence and impact of distributed denial-of-service (DDoS) attacks on operators in the Bitcoin economy. To that end, we gather and analyze posts mentioning “DDoS” on the popular Bitcoin forum bitcointalk.org. Starting from around 3 000 different posts made between May 2011 and October 2013, we document 142 unique DDoS attacks on 40 Bitcoin services. We find that 7% of all known operators have been attacked, but that currency exchanges, mining pools, gambling operators, eWallets, and financial services are much more likely to be attacked than other services. Not coincidentally, we find currency exchanges and mining pools are much more likely to have DDoS protection such as CloudFlare, Incapsula, or Amazon Cloud. We show that those services that have been attacked are more than three times as likely to buy anti-DDoS services than operators who have not been attacked. We find that big mining pools (those with historical hashrate shares of at least 5%) are much more likely to be DDoSed than small pools. We investigate Mt. Gox as a case study for DDoS attacks on currency exchanges and find a disproportionate amount of DDoS reports made during the large spike in trading volume and exchange rates in spring 2013. We conclude by outlining future opportunities for researching DDoS attacks on Bitcoin.
Port scans represent a sizable portion of today's Internet traffic. However, there has been little research characterizing port scan activity. The goal of this project is to analyze sample network traces to discover and classify properties of port scans. We hope that this work will help to generate better network intrusion detection systems and increase general network security.
A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers. The network itself requires minimal structure. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting the longest proof-of-work chain as proof of what happened while they were gone.
IOTA: feeless and free
- S Popov
- Q Lu
Exploring the attack surface of blockchain: A systematic overview
- saad
Defenses against TCP SYN flooding attacks
- W M Eddy
Exploring the attack surface of blockchain: A systematic overview
- M Saad
- J Spaulding
- L Njilla
- C Kamhoua
- S Shetty
- D Nyang
Transmission control protocol