Securing blockchain-based timed data release against adversarial attacks

IF 0.9 Q4 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Computer Security Pub Date : 2023-11-10 DOI:10.3233/jcs-230001

Jingzhe Wang, Balaji Palanisamy

{"title":"Securing blockchain-based timed data release against adversarial attacks","authors":"Jingzhe Wang, Balaji Palanisamy","doi":"10.3233/jcs-230001","DOIUrl":null,"url":null,"abstract":"Timed data release refers to protecting sensitive data that can be accessed only after a pre-determined amount of time has passed. While blockchain-based solutions for timed data release provide a promising approach for decentralizing the process, designing an attack-resilient timed-release service that is resilient to malicious adversaries in a blockchain network is inherently challenging. A timed-release service on a blockchain network is inevitably exposed to the risk of post-facto attacks where adversaries may launch attacks after the data is released in the blockchain network. Existing incentive-based solutions for timed data release in Ethereum blockchains guarantee protection under the assumption of a fully rational adversarial environment in which every peer acts rationally. However, these schemes fail invariably when even a single participating peer node in the protocol starts acting maliciously and deviates from the rational behavior. In this paper, we propose a systematic solution for attack-resilient and practical blockchain-based timed data release in a mixed adversarial environment, where both malicious adversaries and rational adversaries exist. We first propose an effective uncertainty-aware reputation measure to capture the behaviors of the peer involved in timed data release activities in the network. In light of such a measure, we present the design of a basic protocol that consists of two critical ingredients, namely reputation-aware peer recruitment and verifiable enforcement protocols. The former, prior to the start of the enforcement protocols, performs peer recruitment based on the reputation measure to make the design probabilistically attack-resilient to the post-facto attacks. The latter is responsible for contractually guarding the recruited peers at runtime by transparently reporting observed adversarial behaviors. However, the basic recruitment design is only aware of the reputation of the peers and it does not consider the working time schedule of the participating peers and as a result, it results in lower attack-resilience. To enhance the attack resilience further without impacting the verifiable enforcement protocols, we propose a temporal graph-based reputation-aware peer recruitment algorithm that carefully determines the peer recruitment plan to make the service more attack-resilient. In our proposed approach, we formally capture the timed data release service as a temporal graph and we develop a novel maximal attack-resilient path-finding algorithm on the temporal graph for the participating peers. We implement a prototype of the proposed approach using Smart Contracts and deploy it on the Ethereum official test network, Rinkeby. For extensively evaluating the proposed techniques, we perform simulation experiments to validate the effectiveness of the reputation-aware timed data release protocols as well as our proposed temporal-graph-based improvements. The results demonstrate the effectiveness and strong attack resilience of the proposed mechanisms and our approach incurs only a modest gas cost.","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":null,"pages":null},"PeriodicalIF":0.9000,"publicationDate":"2023-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Computer Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3233/jcs-230001","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Timed data release refers to protecting sensitive data that can be accessed only after a pre-determined amount of time has passed. While blockchain-based solutions for timed data release provide a promising approach for decentralizing the process, designing an attack-resilient timed-release service that is resilient to malicious adversaries in a blockchain network is inherently challenging. A timed-release service on a blockchain network is inevitably exposed to the risk of post-facto attacks where adversaries may launch attacks after the data is released in the blockchain network. Existing incentive-based solutions for timed data release in Ethereum blockchains guarantee protection under the assumption of a fully rational adversarial environment in which every peer acts rationally. However, these schemes fail invariably when even a single participating peer node in the protocol starts acting maliciously and deviates from the rational behavior. In this paper, we propose a systematic solution for attack-resilient and practical blockchain-based timed data release in a mixed adversarial environment, where both malicious adversaries and rational adversaries exist. We first propose an effective uncertainty-aware reputation measure to capture the behaviors of the peer involved in timed data release activities in the network. In light of such a measure, we present the design of a basic protocol that consists of two critical ingredients, namely reputation-aware peer recruitment and verifiable enforcement protocols. The former, prior to the start of the enforcement protocols, performs peer recruitment based on the reputation measure to make the design probabilistically attack-resilient to the post-facto attacks. The latter is responsible for contractually guarding the recruited peers at runtime by transparently reporting observed adversarial behaviors. However, the basic recruitment design is only aware of the reputation of the peers and it does not consider the working time schedule of the participating peers and as a result, it results in lower attack-resilience. To enhance the attack resilience further without impacting the verifiable enforcement protocols, we propose a temporal graph-based reputation-aware peer recruitment algorithm that carefully determines the peer recruitment plan to make the service more attack-resilient. In our proposed approach, we formally capture the timed data release service as a temporal graph and we develop a novel maximal attack-resilient path-finding algorithm on the temporal graph for the participating peers. We implement a prototype of the proposed approach using Smart Contracts and deploy it on the Ethereum official test network, Rinkeby. For extensively evaluating the proposed techniques, we perform simulation experiments to validate the effectiveness of the reputation-aware timed data release protocols as well as our proposed temporal-graph-based improvements. The results demonstrate the effectiveness and strong attack resilience of the proposed mechanisms and our approach incurs only a modest gas cost.

查看原文本刊更多论文

保护基于区块链的定时数据发布免受对抗性攻击

定时数据释放是指在预先设定的时间过后才能访问的敏感数据。虽然基于区块链的定时数据发布解决方案为分散流程提供了一种有希望的方法，但在区块链网络中设计一种具有攻击弹性的定时发布服务，以抵御恶意对手，这本身就是一项挑战。区块链网络上的定时发布服务不可避免地会面临事后攻击的风险，即对手可能会在数据在区块链网络中发布后发起攻击。在以太坊区块链中，现有的基于激励的定时数据发布解决方案保证了在一个完全理性的对抗环境下的保护，在这个环境中，每个对等体都有理性的行为。然而，当协议中的单个参与对等节点开始恶意行为并偏离理性行为时，这些方案总是失败。在本文中，我们提出了一种系统的解决方案，用于在混合对抗环境中进行攻击弹性和实用的基于区块链的定时数据发布，其中存在恶意对手和理性对手。我们首先提出了一种有效的不确定性感知信誉度量，以捕获网络中参与定时数据发布活动的对等体的行为。鉴于这种措施，我们提出了一个基本协议的设计，该协议由两个关键组成部分组成，即声誉意识对等招聘和可验证的执行协议。前者，在执行协议开始之前，基于声誉度量执行对等招募，以使设计对事后攻击具有概率攻击弹性。后者负责通过透明地报告观察到的敌对行为，在运行时以契约的方式保护被招募的同伴。然而，基本的招聘设计只考虑了同行的声誉，而没有考虑参与同行的工作时间安排，这导致了较低的攻击弹性。为了在不影响可验证强制协议的情况下进一步增强攻击弹性，我们提出了一种基于时间图的声誉感知对等招聘算法，该算法仔细确定对等招聘计划，使服务更具攻击弹性。在我们提出的方法中，我们将定时数据发布服务形式化地捕获为一个时间图，并在参与节点的时间图上开发了一种新的最大攻击弹性寻路算法。我们使用智能合约实现了提议方法的原型，并将其部署在以太坊官方测试网络Rinkeby上。为了广泛评估所提出的技术，我们进行了模拟实验，以验证声誉感知定时数据发布协议以及我们提出的基于时间图的改进的有效性。结果证明了所提出机制的有效性和强大的攻击弹性，并且我们的方法仅产生适度的gas成本。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Computer Security COMPUTER SCIENCE, INFORMATION SYSTEMS-

CiteScore

1.70

自引率

0.00%

发文量

期刊介绍： The Journal of Computer Security presents research and development results of lasting significance in the theory, design, implementation, analysis, and application of secure computer systems and networks. It will also provide a forum for ideas about the meaning and implications of security and privacy, particularly those with important consequences for the technical community. The Journal provides an opportunity to publish articles of greater depth and length than is possible in the proceedings of various existing conferences, while addressing an audience of researchers in computer security who can be assumed to have a more specialized background than the readership of other archival publications.