Blockchain interoperability enables seamless communication and asset transfer across isolated permissioned blockchain systems,but it introduces significant security and privacy vulnerabilities.This review aims to syst...Blockchain interoperability enables seamless communication and asset transfer across isolated permissioned blockchain systems,but it introduces significant security and privacy vulnerabilities.This review aims to systematically assess the security and privacy landscape of interoperability protocols for permissioned blockchains,identifying key properties,attack vectors,and countermeasures.Using PRISMA 2020 guidelines,we analysed 56 peerreviewed studies published between 2020 and 2025,retrieved from Scopus,ScienceDirect,Web of Science,and IEEE Xplore.The review focused on interoperability protocols for permissioned blockchains with security and privacy analyses,including only English-language journal articles and conference proceedings.Risk of bias in the included studies was assessed using the MMAT.Methods for presenting and synthesizing results included descriptive analysis,bibliometric analysis,and content analysis,with findings organized into tables,charts,and comparative summaries.The review classifies interoperability protocols into relay,sidechain,notary scheme,HTLC,and hybrid types and identifies 18 security and privacy properties along with 31 known attack types.Relay-based protocols showed the broadest security coverage,while HTLC and notary schemes demonstrated significant security gaps.Notably,93% of studies examined fewer than four properties or attack types,indicating a fragmented research landscape.The review identifies underexplored areas such as ACID properties,decentralization,and cross-chain attack resilience.It further highlights effective countermeasures,including cryptographic techniques,trusted execution environments,zero-knowledge proofs,and decentralized identity schemes.The findings suggest that despite growing adoption,current interoperability protocols lack comprehensive security evaluations.More holistic research is needed to ensure the resilience,trustworthiness,and scalability of cross-chain operations in permissioned blockchain ecosystems.展开更多
In this paper, a new scheme that uses digraph substitution rules to conceal the mechanism or activity re- quired to derive password-images is proposed. In the pro- posed method, a user is only required to click on one...In this paper, a new scheme that uses digraph substitution rules to conceal the mechanism or activity re- quired to derive password-images is proposed. In the pro- posed method, a user is only required to click on one of the pass-image instead of both pass-images shown in each chal- lenge set for three consecutive sets. While this activity is sim- ple enough to reduce login time, the images clicked appear to be random and can only be obtained with complete knowl- edge of the registered password along with the activity rules. Thus, it becomes impossible for shoulder-surfing attackers to obtain the information about which password images and pass-images are used by the user. Although the attackers may know about the digraph substitution rules used in the pro- posed method, the scenario information used in each chal- lenge set remains. User study results reveal an average login process of less than half a minute. In addition, the proposed method is resistant to shoulder-surfing attacks.展开更多
基金supported by the International Scientific and Technological Cooperation Project of Huangpu and Development Districts in Guangzhou(2023GH17)the National Science and Technology Council in Taiwan under grant number NSTC-113-2224-E-027-001,Private Funding(PV009-2023)the KW IPPP(Research Maintenance Fee)Individual/Centre/Group(RMF1506-2021)at Universiti Malaya,Malaysia.
文摘Blockchain interoperability enables seamless communication and asset transfer across isolated permissioned blockchain systems,but it introduces significant security and privacy vulnerabilities.This review aims to systematically assess the security and privacy landscape of interoperability protocols for permissioned blockchains,identifying key properties,attack vectors,and countermeasures.Using PRISMA 2020 guidelines,we analysed 56 peerreviewed studies published between 2020 and 2025,retrieved from Scopus,ScienceDirect,Web of Science,and IEEE Xplore.The review focused on interoperability protocols for permissioned blockchains with security and privacy analyses,including only English-language journal articles and conference proceedings.Risk of bias in the included studies was assessed using the MMAT.Methods for presenting and synthesizing results included descriptive analysis,bibliometric analysis,and content analysis,with findings organized into tables,charts,and comparative summaries.The review classifies interoperability protocols into relay,sidechain,notary scheme,HTLC,and hybrid types and identifies 18 security and privacy properties along with 31 known attack types.Relay-based protocols showed the broadest security coverage,while HTLC and notary schemes demonstrated significant security gaps.Notably,93% of studies examined fewer than four properties or attack types,indicating a fragmented research landscape.The review identifies underexplored areas such as ACID properties,decentralization,and cross-chain attack resilience.It further highlights effective countermeasures,including cryptographic techniques,trusted execution environments,zero-knowledge proofs,and decentralized identity schemes.The findings suggest that despite growing adoption,current interoperability protocols lack comprehensive security evaluations.More holistic research is needed to ensure the resilience,trustworthiness,and scalability of cross-chain operations in permissioned blockchain ecosystems.
文摘In this paper, a new scheme that uses digraph substitution rules to conceal the mechanism or activity re- quired to derive password-images is proposed. In the pro- posed method, a user is only required to click on one of the pass-image instead of both pass-images shown in each chal- lenge set for three consecutive sets. While this activity is sim- ple enough to reduce login time, the images clicked appear to be random and can only be obtained with complete knowl- edge of the registered password along with the activity rules. Thus, it becomes impossible for shoulder-surfing attackers to obtain the information about which password images and pass-images are used by the user. Although the attackers may know about the digraph substitution rules used in the pro- posed method, the scenario information used in each chal- lenge set remains. User study results reveal an average login process of less than half a minute. In addition, the proposed method is resistant to shoulder-surfing attacks.
