Security and privacy issues in blockchain and its applications

Abstract

Blockchain technology has emerged and evolved as a disruptive technology with the potential to be applied in various fields, including digital finance, healthcare, and the Internet of Things (IoT). Besides being a distributed ledger, blockchain enables decentralized and trusted storage/computation without relying on a central trusted party. However, the growing heterogeneity of blockchain platforms and the expanding range of applications have resulted in escalating security and privacy concerns. These concerns encompass persistent privacy breaches, vulnerabilities in smart contracts, and the “impossible triangle” problem. These challenges have emerged as the primary obstacles to the development and seamless integration of blockchain technology with industry applications.

To address the security and privacy challenges in blockchain platforms and its applications, numerous researchers have conducted extensive studies in this field by leveraging advanced technologies, including new cryptographic protocols and deep learning techniques. This special issue aims to highlight research perspectives, articles, and experimental studies pertaining to “Security and Privacy Issues in Blockchain and Its Applications”.

In this special issue, we received a total of 19 papers, out of which 17 underwent a rigorous peer-review process. However, two papers were excluded from the peer-reviewed selection because one was submitted in a draft form and the other was voluntarily withdrawn by the authors. Out of the 17 papers submitted for review, 10 were accepted for publication, six were rejected without being transferred, and one was rejected and referred to a transfer service. The exceptional quality of all the submissions played a crucial role in ensuring the success of this special issue.

These accepted papers can be classified into two categories, namely blockchain application security and cross-chain interaction security. The papers in the first category focus on analyzing and providing insights into the security of blockchain applications. Their objective is to keep readers informed about the latest trends, developments, challenges, and opportunities in blockchain application security. Moreover, significant research efforts have been dedicated to security analysis and detection in typical blockchain applications. The papers in this category are of Zhou et al., Grybniak et al., Lv et al., Li et al., Gong et al., Xiao et al. and Videira et al. These contributions further enhance our understanding and capability to safeguard blockchain applications from potential security threats. The second category of papers presents novel solutions that target the enhancement of security in cross-system interactions. These papers are of Feng et al., Xu et al. and Yu et al. By addressing the specific challenges associated with cross-system communication, these solutions contribute to the development of robust and secure blockchain networks. A brief presentation of each of the papers in the special issue is as follows.

Zhou et al. present WASMOD, a prototype system designed to detect vulnerabilities in WebAssembly (Wasm) smart contracts. WASMOD utilizes a combination of bytecode instrumentation, run-time validation, and grey-box fuzzing techniques to identify integer overflow and stack overflow vulnerabilities. The tool was effectively applied to the EOSIO blockchain, successfully detecting vulnerable smart contracts.

Grybniak et al. propose “Waterfall: Gozalandia”, a distributed protocol based on the Proof of Stake approach. This protocol enables fast finality, proven safety, and liveness in a network utilizing BlockDAG structures. By employing cross-voting for block ordering, the protocol ensures swift consensus and the ability to detect dishonest behaviors. The protocol assumes the presence of a Coordinating network that holds information about the approved ordering. This Coordinating network serves to significantly enhance security and improve network synchronization in a qualitative manner. Through load testing, the protocol has demonstrated its ability to handle a throughput of 3200–3600 transactions per second, with an average confirmation waiting time of 20 seconds.

Lv et al. propose a graph-based embedding classification method for phishing detection on the Ethereum blockchain. The method involves constructing multiple subgraphs using the transaction records collected from Ethereum and introduces a modified version of Graph2Vec called imgraph2vec. This modified approach aims to learn more meaningful information from the subgraphs. To identify phishing attempts, the Extreme Gradient Boosting (XGBoost) algorithm is utilized.

Li et al. introduce BlockDetective, an innovative framework based on GCN that employs a student-teacher architecture to identify fraudulent cryptocurrency transactions. The framework incorporates pre-training and fine-tuning, enabling the pre-trained model (teacher) to effectively adapt to the new data distribution and improve prediction performance. Meanwhile, a lightweight model (student) is trained to provide abstract and high-level information. Experimental results demonstrate that BlockDetective outperforms state-of-the-art methods.

Gong et al. propose a novel method called SCGformer, which aims to detect vulnerabilities in smart contracts. This novel method combines the power of a control flow graph (CFG) and a transformer model to enhance the accuracy and effectiveness of vulnerability detection. SCGformer involves constructing the CFGs using the operation codes (opcodes) of smart contracts. By focusing on the opcodes, SCGformer provides a language-agnostic solution, ensuring consistent vulnerability detection regardless of specific language versions. The authors conduct experiments to assess the efficacy of SCGformer, yielding an accuracy rate of 94.36%.

Xiao et al. introduce a blockchain-based image copyright protection system named BB-RICP. By leveraging the distributed storage technique of blockchain, BB-RICP aims to solve the vulnerabilities of centralized storage, such as data loss and tampering. The system provides a novel solution for managing the entire lifecycle of copyright. It utilizes spread spectrum watermarking to enable traceability and incorporates GM algorithms and the PBFT consensus algorithm to enhance its functionality and effectiveness. Lastly, to enhance the practicality of the system, they implement a copyright blockchain framework called ICP-Chain and conduct evaluations to assess its security and reliability.

Feng et al. introduce a novel federated learning framework that leverages a Directed Acyclic Graph (DAG) to enhance interoperability among different blockchains. The framework comprises a shard chain and a main chain, featuring replaceable consensus mechanisms and a weighted context graph to enhance efficiency. The experimental results unequivocally demonstrate the efficacy of the proposed federated framework. Specifically, the framework significantly reduces the global computation requirements while simultaneously increasing the blockchain throughput.

Xu et al. introduce ChainKeeper, a cross-chain scheme for governing the chain by chain. ChainKeeper incorporates several key components, including a modular node proxy program, a verifiable node random selection method (VNRS), and a verifiable identity threshold signature method (VITS). These components work together to ensure universality, efficiency, and security throughout the cross-chain process. The scheme is resilient against malicious behaviors and collaborative attacks from both business nodes and supervision nodes. The experimental results demonstrate the effectiveness of ChainKeeper in cross-chain supervision scenarios.

Yu et al. present SPRA, a policy-based regulatory architecture designed to regulate blockchain transactions. The architecture comprises four layers: permission layer, regulation layer, bridge layer, and business layer. To facilitate interoperability between these layers, they introduce XRPL, a regulatory policy description language. The regulation layer incorporates JuryBC, a decentralized jury mechanism based on the Shamir threshold secret sharing algorithm and Pedersen commitment. At the business layer, they implement RDShare, a secure and efficient regulatory data sharing mechanism that utilizes attribute-based encryption.

All the selected papers in this special issue showcase the continuous advancements in the field of blockchain and its application security. However, it is important to recognize that security and privacy issues in blockchain and its applications continue to pose significant challenges. These challenges serve as a driving force for further research and exploration of new technologies. They highlight the need for ongoing efforts to enhance the security and privacy aspects of blockchain, fostering a more resilient and trustworthy blockchain ecosystem.

Liangmin Wang received his B.S. degree in computational mathematics in Jilin University, Changchun, China in 1999, and his PhD degree in cryptology from Xidian University, Xi'an, China in 2007. He is a full professor in the School of Cyber Science and Engineering, Southeast University, Nanjing, China. He has been honored as a “Wan-Jiang Scholar” of Anhui Province since November 2013. Now his research interests include data security and privacy. He has published over 70 technical papers at premium international journals and conferences, for example, IEEE/ACM Transactions on Networking and IEEE International Conference on Computer Communications. He has severed as a TPC member of many IEEE conferences, such as IEEE ICC, IEEE HPCC, IEEE Trust-COM.

Victor S. Sheng received his master's degree in computer science from the University of New Brunswick, Canada, in 2003, and his PhD degree in computer science from Western University, Ontario, Canada, in 2007. He is an associate professor of computer science, Texas Tech University, and the founding director of the Data Analytics Lab (DAL). His research interests include data mining, machine learning, and related applications. He was an associate research scientist and NSERC postdoctoral fellow in information systems at Stern Business School, New York University, after he obtained his PhD. He is a senior member of the IEEE and a lifetime member of the ACM. He received the test-of-time award for research from KDD’20, the best paper award runner-up from KDD’08, and the best paper award from ICDM’11. He is an area chair and SPC/PC member for several international top conferences and an associate editor for several international journals.

Boris Düdder is an associate professor at the department of computer science (DIKU) at the University of Copenhagen (UCPH), Denmark. He is head of the research group Software Engineering & Formal Methods at DIKU. His primary research interests are formal methods and programming languages in software engineering of trustworthy distributed systems, where he is studying automated program generation for adaptive systems with high-reliability guarantees. He is working on the computational foundations of reliable and secure Big Data ecosystems. His research is bridging the formal foundations of computer science and complex industrial applications.

Haiqin Wu received her B.E. degree in computer science and PhD degree in computer application technology from Jiangsu University in 2014 and 2019, respectively. She is an associate professor at the Shanghai Key Laboratory of Trustworthy Computing (Software Engineering Institute), East China Normal University, China. Before joining ECNU, she was a postdoctoral researcher in the Department of Computer Science, University of Copenhagen, Denmark. She was also a visiting student in the School of Computing, Informatics, and Decision Systems Engineering at Arizona State University, USA. Her research interests include data security and privacy protection, mobile crowdsensing/crowdsourcing, and blockchain-based applications.

Huijuan Zhu received her master's degree at School of Computer Science and Communication Engineering in Jiangsu University, Zhenjiang, China in 2010 and her PhD degree at School of Computer and Control Engineering in University of Chinese Academy of Sciences, Beijing, China in 2017. Her research interests include malware detection and machine learning. She is an associate professor in the School of Computer Science and Communication Engineering at Jiangsu University.