This work carried out a measurement study of the Ethereum Peer-to-Peer(P2P)network to gain a better understanding of the underlying nodes.Ethereum was applied because it pioneered distributed applications,smart contra...This work carried out a measurement study of the Ethereum Peer-to-Peer(P2P)network to gain a better understanding of the underlying nodes.Ethereum was applied because it pioneered distributed applications,smart contracts,and Web3.Moreover,its application layer language“Solidity”is widely used in smart contracts across different public and private blockchains.To this end,we wrote a new Ethereum client based on Geth to collect Ethereum node information.Moreover,various web scrapers have been written to collect nodes’historical data fromthe Internet Archive and the Wayback Machine project.The collected data has been compared with two other services that harvest the number of Ethereumnodes.Ourmethod has collectedmore than 30% more than the other services.The data trained a neural network model regarding time series to predict the number of online nodes in the future.Our findings show that there are less than 20% of the same nodes daily,indicating thatmost nodes in the network change frequently.It poses a question of the stability of the network.Furthermore,historical data shows that the top ten countries with Ethereum clients have not changed since 2016.The popular operating system of the underlying nodes has shifted from Windows to Linux over time,increasing node security.The results have also shown that the number of Middle East and North Africa(MENA)Ethereum nodes is neglected compared with nodes recorded from other regions.It opens the door for developing new mechanisms to encourage users from these regions to contribute to this technology.Finally,the model has been trained and demonstrated an accuracy of 92% in predicting the future number of nodes in the Ethereum network.展开更多
Ethereum, currently the most widely utilized smart contracts platform, anchors the security of myriad smartcontracts upon its own robustness. Its foundational peer-to-peer network facilitates a dependable node connect...Ethereum, currently the most widely utilized smart contracts platform, anchors the security of myriad smartcontracts upon its own robustness. Its foundational peer-to-peer network facilitates a dependable node connectionmechanism, whereas an efficient data-sharing protocol constitutes as the bedrock of Blockchain network security.In this paper, we propose NodeHunter, an Ethereum network detector implemented through the application ofsimulation technology, which is capable of aggregating all node records within the network and the interconnectednessbetween them. Utilizing this connection information, NodeHunter can procure more comprehensive insightsfor network status analysis compared to preceding detection methodologies. Throughout a three-month period ofunbroken surveillance of the Ethereum network, we obtained an excess of two million node records along with overone hundred million node acquaintances. Analysis of the gathered data revealed that an alarming 49% or more ofthese node records were maliciously forged.展开更多
Unmanned aerial vehicles(UAVs),or drones,have revolutionized a wide range of industries,including monitoring,agriculture,surveillance,and supply chain.However,their widespread use also poses significant challenges,suc...Unmanned aerial vehicles(UAVs),or drones,have revolutionized a wide range of industries,including monitoring,agriculture,surveillance,and supply chain.However,their widespread use also poses significant challenges,such as public safety,privacy,and cybersecurity.Cyberattacks,targetingUAVs have become more frequent,which highlights the need for robust security solutions.Blockchain technology,the foundation of cryptocurrencies has the potential to address these challenges.This study suggests a platform that utilizes blockchain technology tomanage drone operations securely and confidentially.By incorporating blockchain technology,the proposed method aims to increase the security and privacy of drone data.The suggested platform stores information on a public blockchain located on Ethereum and leverages the Ganache platform to ensure secure and private blockchain transactions.TheMetaMask wallet for Ethbalance is necessary for BCT transactions.The present research finding shows that the proposed approach’s efficiency and security features are superior to existing methods.This study contributes to the development of a secure and efficient system for managing drone operations that could have significant applications in various industries.The proposed platform’s security measures could mitigate privacy concerns,minimize cyber security risk,and enhance public safety,ultimately promoting the widespread adoption of UAVs.The results of the study demonstrate that the blockchain can ensure the fulfillment of core security needs such as authentication,privacy preservation,confidentiality,integrity,and access control.展开更多
This research paper puts emphasis on using cloud computing with Blockchain(BC)to improve the security and privacy in a cloud.The security of data is not guaranteed as there is always a risk of leakage of users’data.B...This research paper puts emphasis on using cloud computing with Blockchain(BC)to improve the security and privacy in a cloud.The security of data is not guaranteed as there is always a risk of leakage of users’data.Blockchain can be used in a multi-tenant cloud environment(MTCE)to improve the security of data,as it is a decentralized approach.Data is saved in unaltered form.Also,Blockchain is not owned by a single organization.The encryption process can be done using a Homomorphic encryption(HE)algorithm along with hashing technique,hereby allowing computations on encrypted data without the need for decryption.This research paper is composed of four objectives:Analysis of cloud security using Blockchain technology;Exceptional scenario of Blockchain architecture in an enterprise-level MTCE;Implementation of cipher-text policy attribute-based encryption(CPABE)algorithm;Implementation of Merkle tree using Ethereum(MTuE)in a Multi-tenant system.Out of these four objectives,the main focus is on the implementation of CP-ABE algorithm.CP-ABE parameters are proposed for different levels of tenants.The levels include inner tenant,outer tenant,Inner-Outer-Tenant,Inner-Outer-External-Tenant,Outer-Inner-Tenant,External-Outer-Inner-Tenant and the parameters such as token,private key,public key,access tree,message,attribute set,node-level,cipher-text,salting which will help in providing better security using CP-ABE algorithm in a multitenant environment(MTE)where tenants can be provided with different levels of security and achieved 92 percentage of authenticity and access-control of the data.展开更多
Cryptoassets have experienced dramatic volatility in their prices,especially during the COVID-19 pandemic era.This pilot study explores the volatility asymmetry and correlations among three popular cryptoassets(Bitcoi...Cryptoassets have experienced dramatic volatility in their prices,especially during the COVID-19 pandemic era.This pilot study explores the volatility asymmetry and correlations among three popular cryptoassets(Bitcoin,Ethereum,and Dogecoin)as well as Gold.Multiple Generalized Autoregressive Conditional Heteroskedasticity(GARCH)models are analyzed.We find that positive shocks have a greater impact on the volatility of these financial assets than negative shocks of the same magnitude,perhaps a manifestation of the fear of missing out(FOMO)effect.Our research is one of the first to use COVID-19-period volatility of financial assets(in-sample data)to forecast their later COVID-19-period volatility(out-of-sample data).This forecast accuracy is compared to that produced by forecasts using the same out-of-sample data and a longer in-sample data.Our results indicate that generally,the larger in-sample dataset gives a higher forecast accuracy though the smaller in-sample dataset is from the same regime as the out-of-sample data.We also evaluate the correlations among the assets using the Dynamic Conditional Correlation(DCC)framework and find that there is an elevated positive correlation between Gold and Bitcoin during the past two years.The Gold-Bitcoin correlation hit its peak during the peak of the COVID-19 pandemic and then fell back to around zero in July 2021 when the pandemic crisis eased.Unsurprisingly,there is a strong positive correlation among the cryptocurrencies.Pairwise correlation among all four assets was stronger during the COVID-19 pandemic.Such continuing analysis can inform portfolio asset allocation as well as general financial policy decisions.展开更多
Most previous studies on the market efficiency of cryptocurrencies consider time evolution but do not provide insights into the potential driving factors.This study addresses this limitation by examining the time-vary...Most previous studies on the market efficiency of cryptocurrencies consider time evolution but do not provide insights into the potential driving factors.This study addresses this limitation by examining the time-varying efficiency of the two largest cryptocurrencies,Bitcoin and Ethereum,and the factors that drive efficiency.It uses daily data from August 7,2016,to February 15,2023,the adjusted market inefficiency magnitude(AMIMs)measure,and quantile regression.The results show evidence of time variation in the levels of market(in)efficiency for Bitcoin and Ethereum.Interestingly,the quantile regressions indicate that global financial stress negatively affects the AMIMs measures across all quantiles.Notably,cryptocurrency liquidity positively and significantly affects AMIMs irrespective of the level of(in)efficiency,whereas the positive effect of money flow is significant when the markets of both cryptocurrencies are efficient.Finally,the COVID-19 pandemic positively and significantly affected cryptocurrency market inefficiencies across most quantiles.展开更多
智能合约是代码和数据的集合,一旦部署便无法更改,且其自身持有金融属性,若出现安全漏洞问题将会造成巨大损失,可见编写出安全可靠的智能合约是至关重要的。为此,基于Ethereum平台研究并分析智能合约的安全漏洞,总结了几种易见的安全漏...智能合约是代码和数据的集合,一旦部署便无法更改,且其自身持有金融属性,若出现安全漏洞问题将会造成巨大损失,可见编写出安全可靠的智能合约是至关重要的。为此,基于Ethereum平台研究并分析智能合约的安全漏洞,总结了几种易见的安全漏洞,包括可重入漏洞、整数溢出漏洞、拒绝服务(denial of service,DoS)漏洞、时间戳依赖漏洞、交易序列依赖漏洞等;针对上述合约的漏洞进行详细的原理分析和场景复现,提出了相应的预防安全策略并通过实验进行有效性验证;最后分析并比较了几种主流的智能合约安全漏洞检测工具。展开更多
The blockchain technology allows participants to establish pseudonymous addresses, decoupling their real-world identities from their activities on the blockchain network. However, pseudonymity is not completely anonym...The blockchain technology allows participants to establish pseudonymous addresses, decoupling their real-world identities from their activities on the blockchain network. However, pseudonymity is not completely anonymous and several attacks pose a growing threat to transaction privacy between users. We propose a privacy protection scheme utilizing random mixing on Ethereum, which includes three strategies: RandomMix, TRandomMix, and VRandomMix. The three strategies can protect the sender accounts, the receiver accounts, and the transaction values for one transaction, two transactions, and some equal-value transactions, respectively. We conduct experiments to evaluate both security and performance. The security evaluation results indicate that RandomMix and TRandomMix can resist account clustering attacks, transaction fingerprinting analysis attacks, and Sybil attacks, while VRandomMix can safeguard against account clustering attacks, and is weak against the latter two attacks. In terms of performance, VRandomMix acquires fewer on-chain transactions than RandomMix and TRandomMix. Furthermore, all of them need no off-chain communication and low gas consumption.展开更多
This paper explores the critical role of Public Key Infrastructure(PKI)in ensuring the security of electronic transactions,particularly in validating the authenticity of websites in online environments.Traditional Cen...This paper explores the critical role of Public Key Infrastructure(PKI)in ensuring the security of electronic transactions,particularly in validating the authenticity of websites in online environments.Traditional Centralised PKIs(CPKIs)relying on Certificate Authorities(CAs)face a significant drawback due to their susceptibility to a single point of failure.To address this concern,Decentralised PKIs(DPKIs)have emerged as an alternative.However,both centralised and decentralised approaches encounter specific challenges.Researchers have made several attempts using blockchain-based PKI,which implements a reward and punishment mechanism to enhance the security of traditional PKI.Most of the attempts are focused on CA-based PKI,which still suffers from the risk of a single point of failure.Inspired by ETHERST,which is a blockchainbased PKI that implements Web of Trust(WoT)with reward and punishment,we introduce ETHERST version 3.0,with improvements in its secure level algorithm that enhances trustworthiness measurement.Comparative simulations between ETHERST version 2.0 and ETHERST version 3.0 reveal the superior performance of the latter in trustworthiness measurement and ensure the higher security of a virtual community.The new simulation algorithm with different node type definitions and assumptions presents results through tables and graphs,showing that ETHERST version 3.0 outperforms ETHERST version 2.0.This research contributes to advancing the field by introducing an innovative PKI solution with enhanced trustworthiness and security features.展开更多
Programming errors in Ethereum smart contracts can result in catastrophic financial losses from stolen cryptocurrency.While vulnerability detectors can prevent vulnerable contracts from being deployed,this does not me...Programming errors in Ethereum smart contracts can result in catastrophic financial losses from stolen cryptocurrency.While vulnerability detectors can prevent vulnerable contracts from being deployed,this does not mean that such contracts will not be deployed.Once a vulnerable contract is instantiated on the blockchain and becomes the target of attacks,the identification of exploit transactions becomes indispensable in assessing whether it has been actually exploited and identifying which malicious or subverted accounts were involved.In this work,we study the problem of post-factum investigation of Ethereum attacks using Indicators of Compromise(IoC)specially crafted for use in the blockchain.IoC definitions need to capture the side-effects of successful exploitation in the context of the Ethereum blockchain.Therefore,we define a model for smart contract execution,comprising multiple abstraction levels that mirror the multiple views of code execution on a blockchain.Subsequently,we compare IoCs defined across the different levels in terms of their effectiveness and practicality through EtherClue,a prototype tool for investigating Ethereum security incidents.Our results illustrate that coarse-grained IoCs defined over blocks of transactions can detect exploit transactions with less computation.However,they are contract-specific and suffer from false negatives.On the other hand,fine-grained IoCs defined over virtual machine instructions can avoid these pitfalls at the expense of increased computation,which is nevertheless applicable for practical use.展开更多
Federated Learning(FL)enables joint training over distributed devices without data exchange but is highly vulnerable to attacks by adversaries in the form of model poisoning and malicious update injection.This work pr...Federated Learning(FL)enables joint training over distributed devices without data exchange but is highly vulnerable to attacks by adversaries in the form of model poisoning and malicious update injection.This work proposes Secured-FL,a blockchain-based defensive framework that combines smart contract-based authentication,clustering-driven outlier elimination,and dynamic threshold adjustment to defend against adversarial attacks.The framework was implemented on a private Ethereum network with a Proof-of-Authority consensus algorithm to ensure tamper-resistant and auditable model updates.Large-scale simulation on the Cyber Data dataset,under up to 50%malicious client settings,demonstrates Secured-FL achieves 6%-12%higher accuracy,9%-15%lower latency,and approximately 14%less computational expense compared to the PPSS benchmark framework.Additional tests,including confusion matrices,ROC and Precision-Recall curves,and ablation tests,confirm the interpretability and robustness of the defense.Tests for scalability also show consistent performance up to 500 clients,affirming appropriateness to reasonably large deployments.These results make Secured-FL a feasible,adversarially resilient FL paradigm with promising potential for application in smart cities,medicine,and other mission-critical IoT deployments.展开更多
Integer overflow is a common vulnerability in Ethereum Smart Contracts(ESCs)and often causes huge economic losses.Smart contracts cannot be changed once it is deployed on the blockchain and thus demand further testing...Integer overflow is a common vulnerability in Ethereum Smart Contracts(ESCs)and often causes huge economic losses.Smart contracts cannot be changed once it is deployed on the blockchain and thus demand further testing.Mutation testing is a fault-based testing method that can effectively improve the sufficiency of a test for smart contracts.However,existing methods cannot efficiently perform mutation testing specifically for integer overflow in ESCs.Therefore,by analyzing integer overflow in ESCs,we propose five special mutation operators to address such vulnerability in terms of detecting sufficiency in ESC testing.An empirical study on 40 open-source ESCs is conducted to evaluate the effectiveness of the proposed mutation operators.Results show that(1)our proposed mutation operators can reproduce all 179 integer overflow vulnerabilities in 40 smart contracts,and the generated mutants have high compilation pass rate and integer overflow vulnerability generation rate;moreover,(2)the generated mutants can find the shortcomings of existing testing methods for integer overflow vulnerability,thereby providing effective support to improve the sufficiency of the test.展开更多
Blockchain platform Ethereum has involved millions of accounts due to its strong potential for providing numerous services based on smart contracts.These massive accounts can be divided into diverse categories,such as...Blockchain platform Ethereum has involved millions of accounts due to its strong potential for providing numerous services based on smart contracts.These massive accounts can be divided into diverse categories,such as miners,tokens,and exchanges,which is termed as account diversity in this paper.The benefit of investigating diversity are multi-fold,including understanding the Ethereum ecosystem deeper and opening the possibility of tracking certain abnormal activities.Unfortunately,the exploration of blockchain account diversity remains scarce.Even the most relevant studies,which focus on the deanonymization of the accounts on Bitcoin,can hardly be applied on Ethereum since their underlying protocols and user idioms are different.To this end,we present the first attempt to demystify the account diversity on Ethereum.The key observation is that different accounts exhibit diverse behavior patterns,leading us to propose the heuristics for classification as the premise.We then raise the coverage rate of classification by the statistical learning model Maximum Likelihood Estimation(MLE).We collect real-world data through extensive efforts to evaluate our proposed method and show its effectiveness.Furthermore,we make an in-depth analysis of the dynamic evolution of the Ethereum ecosystem and uncover the abnormal arbitrage actions.As for the former,we validate two sweeping statements reliably:(1)standalone miners are gradually replaced by the mining pools and cooperative miners;(2)transactions related to the mining pool and exchanges take up a large share of the total transactions.The latter analysis shows that there are a large number of arbitrage transactions transferring the coins from one exchange to another to make a price difference.展开更多
The Atomic Crosschain Transaction for Ethereum Private Sidechains protocol allows composable programming across permissioned Ethereum blockchains.It allows for inter-contract and inter-blockchain function calls that a...The Atomic Crosschain Transaction for Ethereum Private Sidechains protocol allows composable programming across permissioned Ethereum blockchains.It allows for inter-contract and inter-blockchain function calls that are both synchronous and atomic:if one part fails,the whole call tree of function calls is discarded.The protocol is not based on existing techniques such as Hash Time Locked Contracts,relay chains,block header transfer,or trusted intermediaries.It uses(a)threshold signatures to prove values across blockchains,(b)coordination contracts to manage the state of crosschain transactions,and(c)a function call tree commitment scheme to allow users to commit to a call tree and then later check that the correct function calls have been executed.This paper analyses the processing overhead of using this technique compared to using multiple standard non-atomic single blockchain transactions.The additional processing is analysed for four scenarios involving multiple blockchains:a Trade–Finance system,the Hotel–Train problem,a Supply Chain with Provenance,and an Oracle.The protocol is shown to have both safety and liveness properties.展开更多
基金the Arab Open University for Funding this work through AOU Research Fund No.(AOURG-2023-006).
文摘This work carried out a measurement study of the Ethereum Peer-to-Peer(P2P)network to gain a better understanding of the underlying nodes.Ethereum was applied because it pioneered distributed applications,smart contracts,and Web3.Moreover,its application layer language“Solidity”is widely used in smart contracts across different public and private blockchains.To this end,we wrote a new Ethereum client based on Geth to collect Ethereum node information.Moreover,various web scrapers have been written to collect nodes’historical data fromthe Internet Archive and the Wayback Machine project.The collected data has been compared with two other services that harvest the number of Ethereumnodes.Ourmethod has collectedmore than 30% more than the other services.The data trained a neural network model regarding time series to predict the number of online nodes in the future.Our findings show that there are less than 20% of the same nodes daily,indicating thatmost nodes in the network change frequently.It poses a question of the stability of the network.Furthermore,historical data shows that the top ten countries with Ethereum clients have not changed since 2016.The popular operating system of the underlying nodes has shifted from Windows to Linux over time,increasing node security.The results have also shown that the number of Middle East and North Africa(MENA)Ethereum nodes is neglected compared with nodes recorded from other regions.It opens the door for developing new mechanisms to encourage users from these regions to contribute to this technology.Finally,the model has been trained and demonstrated an accuracy of 92% in predicting the future number of nodes in the Ethereum network.
基金the National Key Research and Development Program of China(No.2020YFB1005805)Peng Cheng Laboratory Project(Grant No.PCL2021A02)+2 种基金Guangdong Provincial Key Laboratory of Novel Security Intelligence Technologies(2022B1212010005)Shenzhen Basic Research(General Project)(No.JCYJ20190806142601687)Shenzhen Stable Supporting Program(General Project)(No.GXWD20201230155427003-20200821160539001).
文摘Ethereum, currently the most widely utilized smart contracts platform, anchors the security of myriad smartcontracts upon its own robustness. Its foundational peer-to-peer network facilitates a dependable node connectionmechanism, whereas an efficient data-sharing protocol constitutes as the bedrock of Blockchain network security.In this paper, we propose NodeHunter, an Ethereum network detector implemented through the application ofsimulation technology, which is capable of aggregating all node records within the network and the interconnectednessbetween them. Utilizing this connection information, NodeHunter can procure more comprehensive insightsfor network status analysis compared to preceding detection methodologies. Throughout a three-month period ofunbroken surveillance of the Ethereum network, we obtained an excess of two million node records along with overone hundred million node acquaintances. Analysis of the gathered data revealed that an alarming 49% or more ofthese node records were maliciously forged.
基金supported by the Deanship forResearch&Innovation,Ministry of Education in Saudi Arabia with the Grant Code:IFP22UUQU4281768DSR205.
文摘Unmanned aerial vehicles(UAVs),or drones,have revolutionized a wide range of industries,including monitoring,agriculture,surveillance,and supply chain.However,their widespread use also poses significant challenges,such as public safety,privacy,and cybersecurity.Cyberattacks,targetingUAVs have become more frequent,which highlights the need for robust security solutions.Blockchain technology,the foundation of cryptocurrencies has the potential to address these challenges.This study suggests a platform that utilizes blockchain technology tomanage drone operations securely and confidentially.By incorporating blockchain technology,the proposed method aims to increase the security and privacy of drone data.The suggested platform stores information on a public blockchain located on Ethereum and leverages the Ganache platform to ensure secure and private blockchain transactions.TheMetaMask wallet for Ethbalance is necessary for BCT transactions.The present research finding shows that the proposed approach’s efficiency and security features are superior to existing methods.This study contributes to the development of a secure and efficient system for managing drone operations that could have significant applications in various industries.The proposed platform’s security measures could mitigate privacy concerns,minimize cyber security risk,and enhance public safety,ultimately promoting the widespread adoption of UAVs.The results of the study demonstrate that the blockchain can ensure the fulfillment of core security needs such as authentication,privacy preservation,confidentiality,integrity,and access control.
文摘This research paper puts emphasis on using cloud computing with Blockchain(BC)to improve the security and privacy in a cloud.The security of data is not guaranteed as there is always a risk of leakage of users’data.Blockchain can be used in a multi-tenant cloud environment(MTCE)to improve the security of data,as it is a decentralized approach.Data is saved in unaltered form.Also,Blockchain is not owned by a single organization.The encryption process can be done using a Homomorphic encryption(HE)algorithm along with hashing technique,hereby allowing computations on encrypted data without the need for decryption.This research paper is composed of four objectives:Analysis of cloud security using Blockchain technology;Exceptional scenario of Blockchain architecture in an enterprise-level MTCE;Implementation of cipher-text policy attribute-based encryption(CPABE)algorithm;Implementation of Merkle tree using Ethereum(MTuE)in a Multi-tenant system.Out of these four objectives,the main focus is on the implementation of CP-ABE algorithm.CP-ABE parameters are proposed for different levels of tenants.The levels include inner tenant,outer tenant,Inner-Outer-Tenant,Inner-Outer-External-Tenant,Outer-Inner-Tenant,External-Outer-Inner-Tenant and the parameters such as token,private key,public key,access tree,message,attribute set,node-level,cipher-text,salting which will help in providing better security using CP-ABE algorithm in a multitenant environment(MTE)where tenants can be provided with different levels of security and achieved 92 percentage of authenticity and access-control of the data.
文摘Cryptoassets have experienced dramatic volatility in their prices,especially during the COVID-19 pandemic era.This pilot study explores the volatility asymmetry and correlations among three popular cryptoassets(Bitcoin,Ethereum,and Dogecoin)as well as Gold.Multiple Generalized Autoregressive Conditional Heteroskedasticity(GARCH)models are analyzed.We find that positive shocks have a greater impact on the volatility of these financial assets than negative shocks of the same magnitude,perhaps a manifestation of the fear of missing out(FOMO)effect.Our research is one of the first to use COVID-19-period volatility of financial assets(in-sample data)to forecast their later COVID-19-period volatility(out-of-sample data).This forecast accuracy is compared to that produced by forecasts using the same out-of-sample data and a longer in-sample data.Our results indicate that generally,the larger in-sample dataset gives a higher forecast accuracy though the smaller in-sample dataset is from the same regime as the out-of-sample data.We also evaluate the correlations among the assets using the Dynamic Conditional Correlation(DCC)framework and find that there is an elevated positive correlation between Gold and Bitcoin during the past two years.The Gold-Bitcoin correlation hit its peak during the peak of the COVID-19 pandemic and then fell back to around zero in July 2021 when the pandemic crisis eased.Unsurprisingly,there is a strong positive correlation among the cryptocurrencies.Pairwise correlation among all four assets was stronger during the COVID-19 pandemic.Such continuing analysis can inform portfolio asset allocation as well as general financial policy decisions.
文摘Most previous studies on the market efficiency of cryptocurrencies consider time evolution but do not provide insights into the potential driving factors.This study addresses this limitation by examining the time-varying efficiency of the two largest cryptocurrencies,Bitcoin and Ethereum,and the factors that drive efficiency.It uses daily data from August 7,2016,to February 15,2023,the adjusted market inefficiency magnitude(AMIMs)measure,and quantile regression.The results show evidence of time variation in the levels of market(in)efficiency for Bitcoin and Ethereum.Interestingly,the quantile regressions indicate that global financial stress negatively affects the AMIMs measures across all quantiles.Notably,cryptocurrency liquidity positively and significantly affects AMIMs irrespective of the level of(in)efficiency,whereas the positive effect of money flow is significant when the markets of both cryptocurrencies are efficient.Finally,the COVID-19 pandemic positively and significantly affected cryptocurrency market inefficiencies across most quantiles.
文摘智能合约是代码和数据的集合,一旦部署便无法更改,且其自身持有金融属性,若出现安全漏洞问题将会造成巨大损失,可见编写出安全可靠的智能合约是至关重要的。为此,基于Ethereum平台研究并分析智能合约的安全漏洞,总结了几种易见的安全漏洞,包括可重入漏洞、整数溢出漏洞、拒绝服务(denial of service,DoS)漏洞、时间戳依赖漏洞、交易序列依赖漏洞等;针对上述合约的漏洞进行详细的原理分析和场景复现,提出了相应的预防安全策略并通过实验进行有效性验证;最后分析并比较了几种主流的智能合约安全漏洞检测工具。
基金supported by the Key Research and Development Program of Jiangsu Province of China under Grant No.BE2021002-3.
文摘The blockchain technology allows participants to establish pseudonymous addresses, decoupling their real-world identities from their activities on the blockchain network. However, pseudonymity is not completely anonymous and several attacks pose a growing threat to transaction privacy between users. We propose a privacy protection scheme utilizing random mixing on Ethereum, which includes three strategies: RandomMix, TRandomMix, and VRandomMix. The three strategies can protect the sender accounts, the receiver accounts, and the transaction values for one transaction, two transactions, and some equal-value transactions, respectively. We conduct experiments to evaluate both security and performance. The security evaluation results indicate that RandomMix and TRandomMix can resist account clustering attacks, transaction fingerprinting analysis attacks, and Sybil attacks, while VRandomMix can safeguard against account clustering attacks, and is weak against the latter two attacks. In terms of performance, VRandomMix acquires fewer on-chain transactions than RandomMix and TRandomMix. Furthermore, all of them need no off-chain communication and low gas consumption.
基金supported by the Multimedia University’s GRA scheme and the Telekom Malaysia Research&Development Grant(RDTC/221045).
文摘This paper explores the critical role of Public Key Infrastructure(PKI)in ensuring the security of electronic transactions,particularly in validating the authenticity of websites in online environments.Traditional Centralised PKIs(CPKIs)relying on Certificate Authorities(CAs)face a significant drawback due to their susceptibility to a single point of failure.To address this concern,Decentralised PKIs(DPKIs)have emerged as an alternative.However,both centralised and decentralised approaches encounter specific challenges.Researchers have made several attempts using blockchain-based PKI,which implements a reward and punishment mechanism to enhance the security of traditional PKI.Most of the attempts are focused on CA-based PKI,which still suffers from the risk of a single point of failure.Inspired by ETHERST,which is a blockchainbased PKI that implements Web of Trust(WoT)with reward and punishment,we introduce ETHERST version 3.0,with improvements in its secure level algorithm that enhances trustworthiness measurement.Comparative simulations between ETHERST version 2.0 and ETHERST version 3.0 reveal the superior performance of the latter in trustworthiness measurement and ensure the higher security of a virtual community.The new simulation algorithm with different node type definitions and assumptions presents results through tables and graphs,showing that ETHERST version 3.0 outperforms ETHERST version 2.0.This research contributes to advancing the field by introducing an innovative PKI solution with enhanced trustworthiness and security features.
基金supported by the European Commission under the Horizon 2020 Programme(H2020)part of the LOCARD(https://locard.eu)(Grant Agreement No.832735)project.
文摘Programming errors in Ethereum smart contracts can result in catastrophic financial losses from stolen cryptocurrency.While vulnerability detectors can prevent vulnerable contracts from being deployed,this does not mean that such contracts will not be deployed.Once a vulnerable contract is instantiated on the blockchain and becomes the target of attacks,the identification of exploit transactions becomes indispensable in assessing whether it has been actually exploited and identifying which malicious or subverted accounts were involved.In this work,we study the problem of post-factum investigation of Ethereum attacks using Indicators of Compromise(IoC)specially crafted for use in the blockchain.IoC definitions need to capture the side-effects of successful exploitation in the context of the Ethereum blockchain.Therefore,we define a model for smart contract execution,comprising multiple abstraction levels that mirror the multiple views of code execution on a blockchain.Subsequently,we compare IoCs defined across the different levels in terms of their effectiveness and practicality through EtherClue,a prototype tool for investigating Ethereum security incidents.Our results illustrate that coarse-grained IoCs defined over blocks of transactions can detect exploit transactions with less computation.However,they are contract-specific and suffer from false negatives.On the other hand,fine-grained IoCs defined over virtual machine instructions can avoid these pitfalls at the expense of increased computation,which is nevertheless applicable for practical use.
文摘Federated Learning(FL)enables joint training over distributed devices without data exchange but is highly vulnerable to attacks by adversaries in the form of model poisoning and malicious update injection.This work proposes Secured-FL,a blockchain-based defensive framework that combines smart contract-based authentication,clustering-driven outlier elimination,and dynamic threshold adjustment to defend against adversarial attacks.The framework was implemented on a private Ethereum network with a Proof-of-Authority consensus algorithm to ensure tamper-resistant and auditable model updates.Large-scale simulation on the Cyber Data dataset,under up to 50%malicious client settings,demonstrates Secured-FL achieves 6%-12%higher accuracy,9%-15%lower latency,and approximately 14%less computational expense compared to the PPSS benchmark framework.Additional tests,including confusion matrices,ROC and Precision-Recall curves,and ablation tests,confirm the interpretability and robustness of the defense.Tests for scalability also show consistent performance up to 500 clients,affirming appropriateness to reasonably large deployments.These results make Secured-FL a feasible,adversarially resilient FL paradigm with promising potential for application in smart cities,medicine,and other mission-critical IoT deployments.
基金supported by National Key R&D Program of China(No.2018YFB1403400)the National Natural Science Foundation of China(No.61702544)+1 种基金Natural Science Foundation of Jiangsu Province,China(Nos.BK20160769 and BK20141072)China Postdoctoral Science Foundation(No.2016M603031)。
文摘Integer overflow is a common vulnerability in Ethereum Smart Contracts(ESCs)and often causes huge economic losses.Smart contracts cannot be changed once it is deployed on the blockchain and thus demand further testing.Mutation testing is a fault-based testing method that can effectively improve the sufficiency of a test for smart contracts.However,existing methods cannot efficiently perform mutation testing specifically for integer overflow in ESCs.Therefore,by analyzing integer overflow in ESCs,we propose five special mutation operators to address such vulnerability in terms of detecting sufficiency in ESC testing.An empirical study on 40 open-source ESCs is conducted to evaluate the effectiveness of the proposed mutation operators.Results show that(1)our proposed mutation operators can reproduce all 179 integer overflow vulnerabilities in 40 smart contracts,and the generated mutants have high compilation pass rate and integer overflow vulnerability generation rate;moreover,(2)the generated mutants can find the shortcomings of existing testing methods for integer overflow vulnerability,thereby providing effective support to improve the sufficiency of the test.
基金supported by Key-Area Rescearch and Development Program of Guangdong Province(2020B010109005)the National Natural Science Foundation of China(Grant No.62072197)。
文摘Blockchain platform Ethereum has involved millions of accounts due to its strong potential for providing numerous services based on smart contracts.These massive accounts can be divided into diverse categories,such as miners,tokens,and exchanges,which is termed as account diversity in this paper.The benefit of investigating diversity are multi-fold,including understanding the Ethereum ecosystem deeper and opening the possibility of tracking certain abnormal activities.Unfortunately,the exploration of blockchain account diversity remains scarce.Even the most relevant studies,which focus on the deanonymization of the accounts on Bitcoin,can hardly be applied on Ethereum since their underlying protocols and user idioms are different.To this end,we present the first attempt to demystify the account diversity on Ethereum.The key observation is that different accounts exhibit diverse behavior patterns,leading us to propose the heuristics for classification as the premise.We then raise the coverage rate of classification by the statistical learning model Maximum Likelihood Estimation(MLE).We collect real-world data through extensive efforts to evaluate our proposed method and show its effectiveness.Furthermore,we make an in-depth analysis of the dynamic evolution of the Ethereum ecosystem and uncover the abnormal arbitrage actions.As for the former,we validate two sweeping statements reliably:(1)standalone miners are gradually replaced by the mining pools and cooperative miners;(2)transactions related to the mining pool and exchanges take up a large share of the total transactions.The latter analysis shows that there are a large number of arbitrage transactions transferring the coins from one exchange to another to make a price difference.
文摘The Atomic Crosschain Transaction for Ethereum Private Sidechains protocol allows composable programming across permissioned Ethereum blockchains.It allows for inter-contract and inter-blockchain function calls that are both synchronous and atomic:if one part fails,the whole call tree of function calls is discarded.The protocol is not based on existing techniques such as Hash Time Locked Contracts,relay chains,block header transfer,or trusted intermediaries.It uses(a)threshold signatures to prove values across blockchains,(b)coordination contracts to manage the state of crosschain transactions,and(c)a function call tree commitment scheme to allow users to commit to a call tree and then later check that the correct function calls have been executed.This paper analyses the processing overhead of using this technique compared to using multiple standard non-atomic single blockchain transactions.The additional processing is analysed for four scenarios involving multiple blockchains:a Trade–Finance system,the Hotel–Train problem,a Supply Chain with Provenance,and an Oracle.The protocol is shown to have both safety and liveness properties.
