As the world grapples with increasing environmental challenges,innovative technologies are essential for promoting sustainability and accountability.This study examined the impact of environmental performance indices(...As the world grapples with increasing environmental challenges,innovative technologies are essential for promoting sustainability and accountability.This study examined the impact of environmental performance indices(EPIs)on the growth and investment trends of blockchain-based sustainability-focused companies in 15 countries(Belgium,Czechia,Denmark,Estonia,Finland,France,Germany,Italy,Norway,Poland,Sweden,Spain,Switzerland,the United Kingdom,and the United States)from Europe and America during 2010-2022.This study used the negative binomial regression model to assess the relationship between EPIs and blockchain-based sustainability-focused companies based on the data from the CrunchBase and EarthData.Results indicated that in ecosystem vitality,national terrestrial biome protection efforts were negatively correlated the formation of blockchain-based sustainability-focused companies,while global terrestrial biome protection efforts and marine protected areas had a positive impact on the formation of these companies and the number of funding rounds.In environmental health,PM2.5 exposure had a positive impact on the number of funding rounds.Conversely,pollutants such as sulfur dioxide(SO_(2))and ocean plastics deterred the formation of blockchain-based sustainability-focused companies and reduced the number of funding rounds.In climate change performance,adjusted emission growth rate for carbon dioxide(CO_(2)),adjusted emission growth rate for F-gases,and adjusted emission growth rate for black carbon had a significantly positive impact on the formation of blockchain-based sustainability-focused companies.Conversely,adjusted emission growth rate for Nitrous Oxide(N_(2)O)and projected greenhouse gas emissions in 2050 negatively affected the formation of these companies.These findings highlight the dual role of EPIs as driving factors and barriers in the development and investment of blockchain-based sustainability-focused companies in countries from Europe and America.展开更多
The purpose of the covert communication scheme is to conceal the communication behavior entirely.In such schemes,the sender and receiver rely on secret keys to establish a covert channel.However,conventional key excha...The purpose of the covert communication scheme is to conceal the communication behavior entirely.In such schemes,the sender and receiver rely on secret keys to establish a covert channel.However,conventional key exchange protocols would expose the key exchange process between them.An adversary who observes the key exchange would be aware of the existence of communication behavior.The keys used in covert communication are not suitable to be generated through conventional key exchange schemes.To address this,we propose a blockchain-based covert elliptic-curve Diffie-Hellman key exchange scheme(BCDH)to conceal the process of the key exchange in blockchain transactions.Following a straightforward setup,BCDH allows the sender and receiver to covertly exchange a secret key on a blockchain without direct communication.Furthermore,we expand the BCDH approach to operate across multiple blockchains,further enhancing its covertness and stability.We analyze BCDH from several perspectives,including covertness,security,randomness,etc.Additionally,we implement a prototype of BCDH on the Ethereum platform to assess its feasibility and performance.Our evaluation demonstrates that BCDH is efficient and well-suited for real-world applications.展开更多
Electronic auctions(e-auctions)remove the physical limitations of traditional auctions and bring this mechanism to the general public.However,most e-auction schemes involve a trusted auctioneer,which is not always cre...Electronic auctions(e-auctions)remove the physical limitations of traditional auctions and bring this mechanism to the general public.However,most e-auction schemes involve a trusted auctioneer,which is not always credible in practice.Some studies have applied cryptography tools to solve this problem by distributing trust,but they ignore the existence of collusion.In this paper,a blockchain-based Privacy-Preserving and Collusion-Resistant scheme(PPCR)for double auctions is proposed by employing both cryptography and blockchain technology,which is the first decentralized and collusion-resistant double auction scheme that guarantees bidder anonymity and bid privacy.A two-server-based auction framework is designed to support off-chain allocation with privacy preservation and on-chain dispute resolution for collusion resistance.A Dispute Resolution agreement(DR)is provided to the auctioneer to prove that they have conducted the auction correctly and the result is fair and correct.In addition,a Concise Dispute Resolution protocol(CDR)is designed to handle situations where the number of accused winners is small,significantly reducing the computation cost of dispute resolution.Extensive experimental results confirm that PPCR can indeed achieve efficient collusion resistance and verifiability of auction results with low on-chain and off-chain computational overhead.展开更多
Traditional email systems can only achieve one-way communication,which means only the receiver is allowed to search for emails on the email server.In this paper,we propose a blockchain-based certificateless bidirectio...Traditional email systems can only achieve one-way communication,which means only the receiver is allowed to search for emails on the email server.In this paper,we propose a blockchain-based certificateless bidirectional authenticated searchable encryption model for a cloud email system named certificateless authenticated bidirectional searchable encryption(CL-BSE)by combining the storage function of cloud server with the communication function of email server.In the new model,not only can the data receiver search for the relevant content by generating its own trapdoor,but the data owner also can retrieve the content in the same way.Meanwhile,there are dual authentication functions in our model.First,during encryption,the data owner uses the private key to authenticate their identity,ensuring that only legal owner can generate the keyword ciphertext.Second,the blockchain verifies the data owner’s identity by the received ciphertext,allowing only authorized members to store their data in the server and avoiding unnecessary storage space consumption.We obtain a formal definition of CL-BSE and formulate a specific scheme from the new system model.Then the security of the scheme is analyzed based on the formalized security model.The results demonstrate that the scheme achieves multikeyword ciphertext indistinguishability andmulti-keyword trapdoor privacy against any adversary simultaneously.In addition,performance evaluation shows that the new scheme has higher computational and communication efficiency by comparing it with some existing ones.展开更多
Smart contract has been the core of blockchain systems and other blockchain-based systems since Blockchain 2.0.Various operations on blockchain are performed through the invocation and execution of smart contracts.Thi...Smart contract has been the core of blockchain systems and other blockchain-based systems since Blockchain 2.0.Various operations on blockchain are performed through the invocation and execution of smart contracts.This leads to extensive combinations between blockchain,smart contract,Internet of Things(IoT)and Cyber-Physical System(CPS)applications,and then many blockchain-based IoT or CPS applications emerge to provide multiple benefits to the economy and society.In this case,obtaining a better understanding of smart contracts will contribute to the easier operation,higher efficiency and stronger security of those blockchain-based systems and applications.Many existing studies on smart contract analysis are based on similarity calculation and smart contract classification.However,smart contract is a piece of code with special characteristics and most of smart contracts are stored without any category labels,which leads to difficulties of smart contract classification.As the back end of a blockchain-based Decentralized Application(DApp)is one or several smart contracts,DApps with labeled categories and open source codes are applied to achieve a supervised smart contract classification.A three-phase approach is proposed to categorize DApps based on various data features.In this approach,5,659 DApps with smart contract source codes and pre-tagged categories are first obtained based on massive collected DApps and smart contracts from Ethereum,State of the DApps and DappRadar.Then feature extraction and construction methods are designed to form multi-feature vectors that could present the major characteristics of DApps.Finally,a fused classification model consisting of KNN,XGBoost and random forests is applied to the multi-feature vectors of all DApps for performing DApp classification.The experimental results show that the method is effective.In addition,some positive correlations between feature variables and categories,as well as several user behavior patterns of DApp calls,are found in this paper.展开更多
Blockchain is one of the most influential technologies in the new round of digital economy development.In order to promote the prosperity of the digital economy with blockchain technology,we need to understand the ess...Blockchain is one of the most influential technologies in the new round of digital economy development.In order to promote the prosperity of the digital economy with blockchain technology,we need to understand the essence of blockchain and the actual demands of relevant business.This paper delves into the nature of blockchain as a broadcast transmission technology from the perspective of technology evolution and analyzes the necessity of building a blockchain-based public Information Technology(IT)system.In addition,this paper analyzes the architecture,characteristics,and applications regarding trusted public IT system construction by drawing on the design ideas and architecture of Blockchain-based Service Network(BSN).展开更多
As an advantageous technique and service,the blockchain has shown great development and application prospects.However,its security has also met great challenges,and many security vulnerabilities and attack issues in b...As an advantageous technique and service,the blockchain has shown great development and application prospects.However,its security has also met great challenges,and many security vulnerabilities and attack issues in blockchain-based services have emerged.Recently,security issues of blockchain have attracted extensive attention.However,there is still a lack of blockchain security research from a full-stack architecture perspective,as well as representative quantitative experimental reproduction and analysis.We aim to provide a security architecture to solve security risks in blockchain services from a full-stack architecture perspective.Meanwhile,we propose a formal definition of the full-stack security architecture for blockchain-based services,and we also propose a formal expression of security issues and defense solutions from a full-stack security perspective.We use ConCert to conduct a smart contract formal verification experiment by property-based testing.The security vulnerabilities of blockchain services in the Common Vulnerabilities and Exposures(CVE)and China Nation Vulnerability Database(CNVD)are selected and enumerated.Additionally,three real contract-layer real attack events are reproduced by an experimental approach.Using Alibaba's blockchain services and Identity Mixer in Hyperledger Fabric as a case study,the security problems and defense techniques are analyzed and researched.At last,the future research directions are proposed.展开更多
Within the framework of the 2030 Agenda and to achieve the Sustainable Development Goals(SDGs),science,technology and innovation play an even more central role.Building on this foundation,the primary objective of this...Within the framework of the 2030 Agenda and to achieve the Sustainable Development Goals(SDGs),science,technology and innovation play an even more central role.Building on this foundation,the primary objective of this paper is to explore the potential applications of blockchain in supporting the achievement of these sustainability goals.Starting from a review of the relevant literature on this topic,the main fields in which blockchain can contribute to sustainable development will be identified.The main blockchain applications will then be analyzed and categorized according to these SDGs.This research will then critically present the main blockchain-based projects that emerged in the first stage of the study and were implemented by the United Nations.The main objectives and benefits of each project will be analyzed.This is where the originality of this paper lies.To the best of the author’s knowledge,this is one of the first attempts to present a comprehensive overview of the United Nations’projects related to SDGs 1,2,5,7,9,13,and 16.This paper,which bridges the gap between innovation management and the sustainability field,will contribute to the increasingly current debate on sustainability issues and be beneficial to scholars,practitioners,and policymakers alike.展开更多
The rapid development of blockchain technology has provided new ideas for network security research.Blockchain-based network security enhancement solutions are attracting widespread attention.This paper proposes an In...The rapid development of blockchain technology has provided new ideas for network security research.Blockchain-based network security enhancement solutions are attracting widespread attention.This paper proposes an Internet domain name verification method based on blockchain.The authenticity of DNS(Domain Name System)resolution results is crucial for ensuring the accessibility of Internet services.Due to the lack of adequate security mechanisms,it has always been a challenge to verify the authenticity of Internet domain name resolution results.Although the solution represented by DNSSEC(Domain Name System Security Extensions)can theoretically solve the domain name verification problem,it has not been widely deployed on a global scale due to political,economic,and technical constraints.We argue that the root cause of this problem lies in the significant centralization of the DNS system.This centralized feature not only reduces the efficiency of domain name verification but also has the hidden risks of single point of failure and unilateral control.Internet users may disappear from the Internet due to the results of fake,subverted,or misconfigured domain name resolution.This paper presents a decentralized DNS cache verification method,which uses the consortium blockchain to replace the root domain name server to verify the authenticity of the domain name.Compared with DNSSEC’s domain name verification process,the verification efficiency of this method has increased by 30%,and there is no single point of failure or unilateral control risk.In addition,this solution is incrementally deployable,and even if it is deployed on a small number of content delivery network servers,satisfactory results can be obtained.展开更多
With the advantages of lightweight and high resource utilization,cloud-native technology with containers as the core is gradually becoming themainstreamtechnical architecture for information infrastructure.However,mal...With the advantages of lightweight and high resource utilization,cloud-native technology with containers as the core is gradually becoming themainstreamtechnical architecture for information infrastructure.However,malware attacks such as Doki and Symbiote threaten the container runtime’s security.Malware initiates various types of runtime anomalies based on process form(e.g.,modifying the process of a container,and opening the external ports).Fortunately,dynamic monitoring mechanisms have proven to be a feasible solution for verifying the trusted state of containers at runtime.Nevertheless,the current routine dynamic monitoring mechanisms for baseline data protection are still based on strong security assumptions.As a result,the existing dynamicmonitoringmechanismis still not practical enough.To ensure the trustworthiness of the baseline value data and,simultaneously,to achieve the integrity verification of the monitored process,we combine blockchain and trusted computing to propose a process integrity monitoring system named IPMS.Firstly,the hardware TPM 2.0 module is applied to construct a trusted security foundation for the integrity of the process code segment due to its tamper-proof feature.Then,design a new format for storing measurement logs,easily distinguishing files with the same name in different containers from log information.Meanwhile,the baseline value data is stored on the blockchain to avoidmalicious damage.Finally,trusted computing technology is used to perform fine-grained integrity measurement and remote attestation of processes in a container,detect abnormal containers in time and control them.We have implemented a prototype system and performed extensive simulation experiments to test and analyze the functionality and performance of the PIMS.Experimental results show that PIMS can accurately and efficiently detect tampered processes with only 3.57% performance loss to the container.展开更多
Internet of things(IoT)field has emerged due to the rapid growth of artificial intelligence and communication technologies.The use of IoT technology in modern healthcare environments is convenient for doctors and pati...Internet of things(IoT)field has emerged due to the rapid growth of artificial intelligence and communication technologies.The use of IoT technology in modern healthcare environments is convenient for doctors and patients as it can be used in real-time monitoring of patients,proper administration of patient information,and healthcare management.However,the usage of IoT in the healthcare domain will become a nightmare if patient information is not securely maintainedwhile transferring over an insecure network or storing at the administrator end.In this manuscript,the authors have developed a secure IoT healthcare monitoring system using the Blockchainbased XOR Elliptic Curve Cryptography(BC-XORECC)technique to avoid various vulnerable attacks.Initially,thework has established an authentication process for patient details by generating tokens,keys,and tags using Length Ceaser Cipher-based PearsonHashingAlgorithm(LCC-PHA),EllipticCurve Cryptography(ECC),and Fishers Yates Shuffled Based Adelson-Velskii and Landis(FYS-AVL)tree.The authentications prevent unauthorized users from accessing or misuse the data.After that,a secure data transfer is performed using BC-XORECC,which acts faster by maintaining high data privacy and blocking the path for the attackers.Finally,the Linear Spline Kernel-Based Recurrent Neural Network(LSK-RNN)classification monitors the patient’s health status.The whole developed framework brings out a secure data transfer without data loss or data breaches and remains efficient for health care monitoring via IoT.Experimental analysis shows that the proposed framework achieves a faster encryption and decryption time,classifies the patient’s health status with an accuracy of 89%,and remains robust comparedwith the existing state-of-the-art method.展开更多
Blockchain-based commodity traceability is an emerging technology developed in recent years;it plays a vital role in monitoring product quality and responding to product safety problems.Considering the perceived value...Blockchain-based commodity traceability is an emerging technology developed in recent years;it plays a vital role in monitoring product quality and responding to product safety problems.Considering the perceived value of product traceability for consumers and the cost of using blockchain technology,determining whether merchants adopt blockchain-based commodity traceability technology deserves attention.Based on the information asymmetry between consumers and merchants,this paper establishes a two-party evolutionary game model to understand whether merchants enable the commodity traceability function and whether consumers choose to be involved in the commodity traceability relationship based on the Foote,Cone,and Belding grid theory.The model explores the influence boundary of merchants enabling the commodity traceability function for consumers with different degrees of involvement in purchasing behavior.The results show that traceability cost,consumer involvement,commodity price,and the value-added traceability nature of different commodities affect the evolution results.These results indicate that businesses need to constantly reduce the cost of traceability to improve consumer involvement and the perceived value of commodity traceability.Businesses must identify consumers with different involvement levels,and commodities with different traceability levels should provide targeted services for consumers and commodities.展开更多
Internet of Things(IoT) devices are becoming increasingly ubiquitous, and their adoption is growing at an exponential rate. However, they are vulnerable to security breaches, and traditional security mechanisms are no...Internet of Things(IoT) devices are becoming increasingly ubiquitous, and their adoption is growing at an exponential rate. However, they are vulnerable to security breaches, and traditional security mechanisms are not enough to protect them. The massive amounts of data generated by IoT devices can be easily manipulated or stolen, posing significant privacy concerns. This paper is to provide a comprehensive overview of the integration of blockchain and IoT technologies and their potential to enhance the security and privacy of IoT systems. The paper examines various security issues and vulnerabilities in IoT and explores how blockchain-based solutions can be used to address them. It provides insights into the various security issues and vulnerabilities in IoT and explores how blockchain can be used to enhance security and privacy. The paper also discusses the potential applications of blockchain-based IoT(B-IoT) systems in various sectors, such as healthcare, transportation, and supply chain management. The paper reveals that the integration of blockchain and IoT has the potential to enhance the security,privacy, and trustworthiness of IoT systems. The multi-layered architecture of B-IoT, consisting of perception, network, data processing, and application layers, provides a comprehensive framework for the integration of blockchain and IoT technologies.The study identifies various security solutions for B-IoT, including smart contracts, decentralized control, immutable data storage,identity and access management(IAM), and consensus mechanisms. The study also discusses the challenges and future research directions in the field of B-IoT.展开更多
文摘As the world grapples with increasing environmental challenges,innovative technologies are essential for promoting sustainability and accountability.This study examined the impact of environmental performance indices(EPIs)on the growth and investment trends of blockchain-based sustainability-focused companies in 15 countries(Belgium,Czechia,Denmark,Estonia,Finland,France,Germany,Italy,Norway,Poland,Sweden,Spain,Switzerland,the United Kingdom,and the United States)from Europe and America during 2010-2022.This study used the negative binomial regression model to assess the relationship between EPIs and blockchain-based sustainability-focused companies based on the data from the CrunchBase and EarthData.Results indicated that in ecosystem vitality,national terrestrial biome protection efforts were negatively correlated the formation of blockchain-based sustainability-focused companies,while global terrestrial biome protection efforts and marine protected areas had a positive impact on the formation of these companies and the number of funding rounds.In environmental health,PM2.5 exposure had a positive impact on the number of funding rounds.Conversely,pollutants such as sulfur dioxide(SO_(2))and ocean plastics deterred the formation of blockchain-based sustainability-focused companies and reduced the number of funding rounds.In climate change performance,adjusted emission growth rate for carbon dioxide(CO_(2)),adjusted emission growth rate for F-gases,and adjusted emission growth rate for black carbon had a significantly positive impact on the formation of blockchain-based sustainability-focused companies.Conversely,adjusted emission growth rate for Nitrous Oxide(N_(2)O)and projected greenhouse gas emissions in 2050 negatively affected the formation of these companies.These findings highlight the dual role of EPIs as driving factors and barriers in the development and investment of blockchain-based sustainability-focused companies in countries from Europe and America.
文摘The purpose of the covert communication scheme is to conceal the communication behavior entirely.In such schemes,the sender and receiver rely on secret keys to establish a covert channel.However,conventional key exchange protocols would expose the key exchange process between them.An adversary who observes the key exchange would be aware of the existence of communication behavior.The keys used in covert communication are not suitable to be generated through conventional key exchange schemes.To address this,we propose a blockchain-based covert elliptic-curve Diffie-Hellman key exchange scheme(BCDH)to conceal the process of the key exchange in blockchain transactions.Following a straightforward setup,BCDH allows the sender and receiver to covertly exchange a secret key on a blockchain without direct communication.Furthermore,we expand the BCDH approach to operate across multiple blockchains,further enhancing its covertness and stability.We analyze BCDH from several perspectives,including covertness,security,randomness,etc.Additionally,we implement a prototype of BCDH on the Ethereum platform to assess its feasibility and performance.Our evaluation demonstrates that BCDH is efficient and well-suited for real-world applications.
基金supported by the National Key R&D Program of China (No.2020YFB1005500)the Leading-edge Technology Program of Jiangsu Natural Science Foundation (No.BK20202001)+1 种基金the Fundamental Research Funds for the Central Universities (No.XJSJ23040)the Postdoctoral Science Foundation of Jiangsu Province (No.2021K596C)。
文摘Electronic auctions(e-auctions)remove the physical limitations of traditional auctions and bring this mechanism to the general public.However,most e-auction schemes involve a trusted auctioneer,which is not always credible in practice.Some studies have applied cryptography tools to solve this problem by distributing trust,but they ignore the existence of collusion.In this paper,a blockchain-based Privacy-Preserving and Collusion-Resistant scheme(PPCR)for double auctions is proposed by employing both cryptography and blockchain technology,which is the first decentralized and collusion-resistant double auction scheme that guarantees bidder anonymity and bid privacy.A two-server-based auction framework is designed to support off-chain allocation with privacy preservation and on-chain dispute resolution for collusion resistance.A Dispute Resolution agreement(DR)is provided to the auctioneer to prove that they have conducted the auction correctly and the result is fair and correct.In addition,a Concise Dispute Resolution protocol(CDR)is designed to handle situations where the number of accused winners is small,significantly reducing the computation cost of dispute resolution.Extensive experimental results confirm that PPCR can indeed achieve efficient collusion resistance and verifiability of auction results with low on-chain and off-chain computational overhead.
基金supported by the National Natural Science Foundation of China(Nos.62172337,62241207)Key Project of GansuNatural Science Foundation(No.23JRRA685).
文摘Traditional email systems can only achieve one-way communication,which means only the receiver is allowed to search for emails on the email server.In this paper,we propose a blockchain-based certificateless bidirectional authenticated searchable encryption model for a cloud email system named certificateless authenticated bidirectional searchable encryption(CL-BSE)by combining the storage function of cloud server with the communication function of email server.In the new model,not only can the data receiver search for the relevant content by generating its own trapdoor,but the data owner also can retrieve the content in the same way.Meanwhile,there are dual authentication functions in our model.First,during encryption,the data owner uses the private key to authenticate their identity,ensuring that only legal owner can generate the keyword ciphertext.Second,the blockchain verifies the data owner’s identity by the received ciphertext,allowing only authorized members to store their data in the server and avoiding unnecessary storage space consumption.We obtain a formal definition of CL-BSE and formulate a specific scheme from the new system model.Then the security of the scheme is analyzed based on the formalized security model.The results demonstrate that the scheme achieves multikeyword ciphertext indistinguishability andmulti-keyword trapdoor privacy against any adversary simultaneously.In addition,performance evaluation shows that the new scheme has higher computational and communication efficiency by comparing it with some existing ones.
基金supported by the National Natural Science Foundation of China(62032025,62002393)the Technology Program of Guangzhou,China(202103050004).
文摘Smart contract has been the core of blockchain systems and other blockchain-based systems since Blockchain 2.0.Various operations on blockchain are performed through the invocation and execution of smart contracts.This leads to extensive combinations between blockchain,smart contract,Internet of Things(IoT)and Cyber-Physical System(CPS)applications,and then many blockchain-based IoT or CPS applications emerge to provide multiple benefits to the economy and society.In this case,obtaining a better understanding of smart contracts will contribute to the easier operation,higher efficiency and stronger security of those blockchain-based systems and applications.Many existing studies on smart contract analysis are based on similarity calculation and smart contract classification.However,smart contract is a piece of code with special characteristics and most of smart contracts are stored without any category labels,which leads to difficulties of smart contract classification.As the back end of a blockchain-based Decentralized Application(DApp)is one or several smart contracts,DApps with labeled categories and open source codes are applied to achieve a supervised smart contract classification.A three-phase approach is proposed to categorize DApps based on various data features.In this approach,5,659 DApps with smart contract source codes and pre-tagged categories are first obtained based on massive collected DApps and smart contracts from Ethereum,State of the DApps and DappRadar.Then feature extraction and construction methods are designed to form multi-feature vectors that could present the major characteristics of DApps.Finally,a fused classification model consisting of KNN,XGBoost and random forests is applied to the multi-feature vectors of all DApps for performing DApp classification.The experimental results show that the method is effective.In addition,some positive correlations between feature variables and categories,as well as several user behavior patterns of DApp calls,are found in this paper.
基金supported by the National Social Science Fund of China(No.22&ZD153).
文摘Blockchain is one of the most influential technologies in the new round of digital economy development.In order to promote the prosperity of the digital economy with blockchain technology,we need to understand the essence of blockchain and the actual demands of relevant business.This paper delves into the nature of blockchain as a broadcast transmission technology from the perspective of technology evolution and analyzes the necessity of building a blockchain-based public Information Technology(IT)system.In addition,this paper analyzes the architecture,characteristics,and applications regarding trusted public IT system construction by drawing on the design ideas and architecture of Blockchain-based Service Network(BSN).
基金supported by the National Key Research and Devel-opment Program of China(2018YFB0803403)Fundamental Research Funds for the Central Universities(FRF-AT-20-11)from the Ministry of Education of China。
文摘As an advantageous technique and service,the blockchain has shown great development and application prospects.However,its security has also met great challenges,and many security vulnerabilities and attack issues in blockchain-based services have emerged.Recently,security issues of blockchain have attracted extensive attention.However,there is still a lack of blockchain security research from a full-stack architecture perspective,as well as representative quantitative experimental reproduction and analysis.We aim to provide a security architecture to solve security risks in blockchain services from a full-stack architecture perspective.Meanwhile,we propose a formal definition of the full-stack security architecture for blockchain-based services,and we also propose a formal expression of security issues and defense solutions from a full-stack security perspective.We use ConCert to conduct a smart contract formal verification experiment by property-based testing.The security vulnerabilities of blockchain services in the Common Vulnerabilities and Exposures(CVE)and China Nation Vulnerability Database(CNVD)are selected and enumerated.Additionally,three real contract-layer real attack events are reproduced by an experimental approach.Using Alibaba's blockchain services and Identity Mixer in Hyperledger Fabric as a case study,the security problems and defense techniques are analyzed and researched.At last,the future research directions are proposed.
文摘Within the framework of the 2030 Agenda and to achieve the Sustainable Development Goals(SDGs),science,technology and innovation play an even more central role.Building on this foundation,the primary objective of this paper is to explore the potential applications of blockchain in supporting the achievement of these sustainability goals.Starting from a review of the relevant literature on this topic,the main fields in which blockchain can contribute to sustainable development will be identified.The main blockchain applications will then be analyzed and categorized according to these SDGs.This research will then critically present the main blockchain-based projects that emerged in the first stage of the study and were implemented by the United Nations.The main objectives and benefits of each project will be analyzed.This is where the originality of this paper lies.To the best of the author’s knowledge,this is one of the first attempts to present a comprehensive overview of the United Nations’projects related to SDGs 1,2,5,7,9,13,and 16.This paper,which bridges the gap between innovation management and the sustainability field,will contribute to the increasingly current debate on sustainability issues and be beneficial to scholars,practitioners,and policymakers alike.
基金This work was supported in National Natural Science Foundation of China(Grant Nos.61976064,U20B2046)National Defence Science and Technology Key Laboratory Fund 61421190306)+1 种基金Guangdong Province Universities and Colleges Pearl River Scholar Funded Scheme(2019)National Key research and Development Plan(Grant No.2018YFB1800702).
文摘The rapid development of blockchain technology has provided new ideas for network security research.Blockchain-based network security enhancement solutions are attracting widespread attention.This paper proposes an Internet domain name verification method based on blockchain.The authenticity of DNS(Domain Name System)resolution results is crucial for ensuring the accessibility of Internet services.Due to the lack of adequate security mechanisms,it has always been a challenge to verify the authenticity of Internet domain name resolution results.Although the solution represented by DNSSEC(Domain Name System Security Extensions)can theoretically solve the domain name verification problem,it has not been widely deployed on a global scale due to political,economic,and technical constraints.We argue that the root cause of this problem lies in the significant centralization of the DNS system.This centralized feature not only reduces the efficiency of domain name verification but also has the hidden risks of single point of failure and unilateral control.Internet users may disappear from the Internet due to the results of fake,subverted,or misconfigured domain name resolution.This paper presents a decentralized DNS cache verification method,which uses the consortium blockchain to replace the root domain name server to verify the authenticity of the domain name.Compared with DNSSEC’s domain name verification process,the verification efficiency of this method has increased by 30%,and there is no single point of failure or unilateral control risk.In addition,this solution is incrementally deployable,and even if it is deployed on a small number of content delivery network servers,satisfactory results can be obtained.
基金supported by China’s National Natural Science Foundation (U19A2081,61802270,61802271)Ministry of Education and China Mobile Research Fund Project (MCM20200102,CM20200409)Sichuan University Engineering Characteristic Team Project 2020SCUNG129.
文摘With the advantages of lightweight and high resource utilization,cloud-native technology with containers as the core is gradually becoming themainstreamtechnical architecture for information infrastructure.However,malware attacks such as Doki and Symbiote threaten the container runtime’s security.Malware initiates various types of runtime anomalies based on process form(e.g.,modifying the process of a container,and opening the external ports).Fortunately,dynamic monitoring mechanisms have proven to be a feasible solution for verifying the trusted state of containers at runtime.Nevertheless,the current routine dynamic monitoring mechanisms for baseline data protection are still based on strong security assumptions.As a result,the existing dynamicmonitoringmechanismis still not practical enough.To ensure the trustworthiness of the baseline value data and,simultaneously,to achieve the integrity verification of the monitored process,we combine blockchain and trusted computing to propose a process integrity monitoring system named IPMS.Firstly,the hardware TPM 2.0 module is applied to construct a trusted security foundation for the integrity of the process code segment due to its tamper-proof feature.Then,design a new format for storing measurement logs,easily distinguishing files with the same name in different containers from log information.Meanwhile,the baseline value data is stored on the blockchain to avoidmalicious damage.Finally,trusted computing technology is used to perform fine-grained integrity measurement and remote attestation of processes in a container,detect abnormal containers in time and control them.We have implemented a prototype system and performed extensive simulation experiments to test and analyze the functionality and performance of the PIMS.Experimental results show that PIMS can accurately and efficiently detect tampered processes with only 3.57% performance loss to the container.
基金This project has been funded by the Scientific Research Deanship at the University of Ha’il-Saudi Arabia through project number BA-2105.
文摘Internet of things(IoT)field has emerged due to the rapid growth of artificial intelligence and communication technologies.The use of IoT technology in modern healthcare environments is convenient for doctors and patients as it can be used in real-time monitoring of patients,proper administration of patient information,and healthcare management.However,the usage of IoT in the healthcare domain will become a nightmare if patient information is not securely maintainedwhile transferring over an insecure network or storing at the administrator end.In this manuscript,the authors have developed a secure IoT healthcare monitoring system using the Blockchainbased XOR Elliptic Curve Cryptography(BC-XORECC)technique to avoid various vulnerable attacks.Initially,thework has established an authentication process for patient details by generating tokens,keys,and tags using Length Ceaser Cipher-based PearsonHashingAlgorithm(LCC-PHA),EllipticCurve Cryptography(ECC),and Fishers Yates Shuffled Based Adelson-Velskii and Landis(FYS-AVL)tree.The authentications prevent unauthorized users from accessing or misuse the data.After that,a secure data transfer is performed using BC-XORECC,which acts faster by maintaining high data privacy and blocking the path for the attackers.Finally,the Linear Spline Kernel-Based Recurrent Neural Network(LSK-RNN)classification monitors the patient’s health status.The whole developed framework brings out a secure data transfer without data loss or data breaches and remains efficient for health care monitoring via IoT.Experimental analysis shows that the proposed framework achieves a faster encryption and decryption time,classifies the patient’s health status with an accuracy of 89%,and remains robust comparedwith the existing state-of-the-art method.
基金supported by the National Natural Science Foundation of China(Grant No.:72171187)partially supported by the Key Project of Shaanxi International Science and Technology Cooperation(Grant No.:2018KWZ-04).
文摘Blockchain-based commodity traceability is an emerging technology developed in recent years;it plays a vital role in monitoring product quality and responding to product safety problems.Considering the perceived value of product traceability for consumers and the cost of using blockchain technology,determining whether merchants adopt blockchain-based commodity traceability technology deserves attention.Based on the information asymmetry between consumers and merchants,this paper establishes a two-party evolutionary game model to understand whether merchants enable the commodity traceability function and whether consumers choose to be involved in the commodity traceability relationship based on the Foote,Cone,and Belding grid theory.The model explores the influence boundary of merchants enabling the commodity traceability function for consumers with different degrees of involvement in purchasing behavior.The results show that traceability cost,consumer involvement,commodity price,and the value-added traceability nature of different commodities affect the evolution results.These results indicate that businesses need to constantly reduce the cost of traceability to improve consumer involvement and the perceived value of commodity traceability.Businesses must identify consumers with different involvement levels,and commodities with different traceability levels should provide targeted services for consumers and commodities.
文摘Internet of Things(IoT) devices are becoming increasingly ubiquitous, and their adoption is growing at an exponential rate. However, they are vulnerable to security breaches, and traditional security mechanisms are not enough to protect them. The massive amounts of data generated by IoT devices can be easily manipulated or stolen, posing significant privacy concerns. This paper is to provide a comprehensive overview of the integration of blockchain and IoT technologies and their potential to enhance the security and privacy of IoT systems. The paper examines various security issues and vulnerabilities in IoT and explores how blockchain-based solutions can be used to address them. It provides insights into the various security issues and vulnerabilities in IoT and explores how blockchain can be used to enhance security and privacy. The paper also discusses the potential applications of blockchain-based IoT(B-IoT) systems in various sectors, such as healthcare, transportation, and supply chain management. The paper reveals that the integration of blockchain and IoT has the potential to enhance the security,privacy, and trustworthiness of IoT systems. The multi-layered architecture of B-IoT, consisting of perception, network, data processing, and application layers, provides a comprehensive framework for the integration of blockchain and IoT technologies.The study identifies various security solutions for B-IoT, including smart contracts, decentralized control, immutable data storage,identity and access management(IAM), and consensus mechanisms. The study also discusses the challenges and future research directions in the field of B-IoT.
