Mitigating smart contract vulnerabilities in electronic toll collection using blockchain security

IF 6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Internet of Things Pub Date : 2024-11-14 DOI:10.1016/j.iot.2024.101429

Olfa Ben Rhaiem , Marwa Amara , Radhia Zaghdoud , Lamia Chaari , Maha Metab

{"title":"Mitigating smart contract vulnerabilities in electronic toll collection using blockchain security","authors":"Olfa Ben Rhaiem , Marwa Amara , Radhia Zaghdoud , Lamia Chaari , Maha Metab","doi":"10.1016/j.iot.2024.101429","DOIUrl":null,"url":null,"abstract":"<div><div>The Internet of Vehicles (IOV) is a distributed network that provides several services based on vehicle information (e.g., location, speed), such as Electronic Toll Collection (ETC). ETC has been introduced to replace traditional toll booths, where vehicles need to line up to pay, especially during peak travel times. The main advantage of ETC is improved traffic efficiency. However, existing ETC systems often fail to secure the privacy of vehicle information and are vulnerable to fund theft. This makes automatic payments inefficient and susceptible to attacks like the Reentrancy attack.</div><div>In this paper, we leverage the Ethereum blockchain and smart contracts to facilitate automatic payments within the ETC system. The primary challenges addressed include authenticating vehicle data, automatically deducting fees from users’ wallets, and safeguarding against Reentrancy attacks in smart contracts, all while maintaining the confidentiality of distance-related information necessary for fee calculation. To address these concerns, we implement a decentralized application featuring a comprehensive end-to-end verification algorithm that operates at both entry and exit toll points, incorporating robust measures to protect sensitive distance data from potential leaks.</div><div>Results show that the accuracy of fees remains relatively high, with reasonable execution times. Additionally, our system’s gas consumption is more efficient compared to related works, making transactions more cost-effective. These outcomes demonstrate that the proposed system not only secures transactions but also ensures correct and efficient payment services, positioning it as a viable solution for improving the security and functionality of ETC systems.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"28 ","pages":"Article 101429"},"PeriodicalIF":6.0000,"publicationDate":"2024-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Internet of Things","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2542660524003706","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The Internet of Vehicles (IOV) is a distributed network that provides several services based on vehicle information (e.g., location, speed), such as Electronic Toll Collection (ETC). ETC has been introduced to replace traditional toll booths, where vehicles need to line up to pay, especially during peak travel times. The main advantage of ETC is improved traffic efficiency. However, existing ETC systems often fail to secure the privacy of vehicle information and are vulnerable to fund theft. This makes automatic payments inefficient and susceptible to attacks like the Reentrancy attack.

In this paper, we leverage the Ethereum blockchain and smart contracts to facilitate automatic payments within the ETC system. The primary challenges addressed include authenticating vehicle data, automatically deducting fees from users’ wallets, and safeguarding against Reentrancy attacks in smart contracts, all while maintaining the confidentiality of distance-related information necessary for fee calculation. To address these concerns, we implement a decentralized application featuring a comprehensive end-to-end verification algorithm that operates at both entry and exit toll points, incorporating robust measures to protect sensitive distance data from potential leaks.

Results show that the accuracy of fees remains relatively high, with reasonable execution times. Additionally, our system’s gas consumption is more efficient compared to related works, making transactions more cost-effective. These outcomes demonstrate that the proposed system not only secures transactions but also ensures correct and efficient payment services, positioning it as a viable solution for improving the security and functionality of ETC systems.

查看原文本刊更多论文

利用区块链安全缓解电子收费中的智能合约漏洞

车辆互联网（IOV）是一个分布式网络，可根据车辆信息（如位置、速度）提供多种服务，如电子收费（ETC）。ETC 的推出是为了取代传统的收费站，因为传统的收费站需要车辆排队缴费，尤其是在交通高峰期。ETC 的主要优点是提高交通效率。然而，现有的 ETC 系统往往无法确保车辆信息的私密性，而且容易发生资金被盗的情况。在本文中，我们利用以太坊区块链和智能合约来促进 ETC 系统内的自动支付。解决的主要挑战包括验证车辆数据、自动从用户钱包中扣除费用、防范智能合约中的重入攻击，同时保持费用计算所需的距离相关信息的机密性。为了解决这些问题，我们实施了一个去中心化的应用程序，该应用程序采用了一种全面的端到端验证算法，可在入口和出口收费点同时运行，并采用了稳健的措施来保护敏感的距离数据免遭潜在泄漏。此外，与相关研究相比，我们系统的气体消耗效率更高，使交易更具成本效益。这些结果表明，建议的系统不仅能确保交易安全，还能确保正确、高效的支付服务，是提高 ETC 系统安全性和功能性的可行解决方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Internet of Things Multiple-

CiteScore

3.60

自引率

5.10%

发文量

115

审稿时长

37 days

期刊介绍： Internet of Things; Engineering Cyber Physical Human Systems is a comprehensive journal encouraging cross collaboration between researchers, engineers and practitioners in the field of IoT & Cyber Physical Human Systems. The journal offers a unique platform to exchange scientific information on the entire breadth of technology, science, and societal applications of the IoT. The journal will place a high priority on timely publication, and provide a home for high quality. Furthermore, IOT is interested in publishing topical Special Issues on any aspect of IOT.