2021 IEEE International Conference on Blockchain (Blockchain)最新文献

{"title":"Message from the Workshop on Advances in Artificial Intelligence for Blockchain (AIChain) 2021 Co-Chairs","authors":"","doi":"10.1109/blockchain53845.2021.00010","DOIUrl":"https://doi.org/10.1109/blockchain53845.2021.00010","url":null,"abstract":"","PeriodicalId":372721,"journal":{"name":"2021 IEEE International Conference on Blockchain (Blockchain)","volume":"153 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132378941","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"InterTrust: Towards an Efficient Blockchain Interoperability Architecture with Trusted Services","authors":"G. Wang, M. Nixon","doi":"10.1109/Blockchain53845.2021.00029","DOIUrl":"https://doi.org/10.1109/Blockchain53845.2021.00029","url":null,"abstract":"Blockchain as a potentially disruptive technology can advance many different fields, e.g., cryptocurrencies, supply chains, and the industrial Internet of Things. The next-generation blockchain ecosystem is expected to consist of various homogeneous and heterogeneous distributed ledgers. These ledger systems will inevitably require a certain level of proper cooperation of multiple blockchains to enrich advanced functionalities and enhance interoperable capabilities for future applications. The interoperability among blockchains will revolutionize current blockchain design principles, like the emergence of the Internet. However, the development of cross-blockchain applications involves much complexity regarding the variety of underlying cross-blockchain communication. With that regard, we propose an efficient, interoperable blockchain architecture, InterTrust, to support interoperability and trustworthiness among arbitrary blockchain systems (including homogeneous and heterogeneous blockchains). It consists of an atomic cross-chain communication protocol, which can be considered an agnostic protocol to integrate existing blockchain systems smoothly. InterTrust is powered by two innovative techniques: threshold signature scheme and trusted hardware. The threshold signature scheme guarantees consistency and verifiability in the target blockchain systems, and the trusted hardware guarantees trusted services among distinct blockchain systems. Combining these two techniques provides an efficient cross-chain communication protocol to facilitate atomic swaps and interoperable operations between different blockchain systems. Our interoperable architecture is robust to support arbitrary blockchain systems. We also present the security analysis on the scenarios of integrating our protocol into Byzantine fault tolerance based blockchain systems.","PeriodicalId":372721,"journal":{"name":"2021 IEEE International Conference on Blockchain (Blockchain)","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132395603","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"DWH-DIM: A Blockchain Based Decentralized Integrity Verification Model for Data Warehouses","authors":"Jeroen Bergers, Zeshun Shi, Ken Korsmit, Zhiming Zhao","doi":"10.1109/Blockchain53845.2021.00037","DOIUrl":"https://doi.org/10.1109/Blockchain53845.2021.00037","url":null,"abstract":"Data manipulation is often considered a serious problem in industrial applications as data tampering can lead to inaccurate financial reporting or even a corporate security crisis. A correct representation of company data is essential for the companies' core business processes and is requested by governments and investors. However, the current solution, third-party auditing, is expensive and cannot be fully trusted. In this paper, we present the Data Warehouse Decentralized Integrity Model (DWH-DIM) to validate the integrity of the data warehouse and replace the current process. To address the challenge that the existing distributed integrity verification models cannot handle GDPR and are limited by scalability, our model uses a distributed file system to store attributes that can be used for the integrity verification task. The blockchain further confirms the authenticity of the files. Based on the proposed model, we present a detailed implementation of the DWH-DIM tool. The implementation is tested with a use case and several benchmarks. Experimental results demonstrate that our proposed model is feasible and meets the requirement for certificate warehouse data.","PeriodicalId":372721,"journal":{"name":"2021 IEEE International Conference on Blockchain (Blockchain)","volume":"99 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127346754","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Full-Stack Hierarchical Fusion of Static Features for Smart Contracts Vulnerability Detection","authors":"Wanqing Jie, Arthur Sandor Voundi Koe, Pengfei Huang, Shiwen Zhang","doi":"10.1109/Blockchain53845.2021.00091","DOIUrl":"https://doi.org/10.1109/Blockchain53845.2021.00091","url":null,"abstract":"The security of smart contracts has drawn attention in recent years due to their immutability and ability to hold assets. Existing machine learning and deep learning methods addressing vulnerabilities in smart contracts often partially combine pooled features from first the contract source code, second, the build based approach made of features extracted during source code compilation, and third, the bytecode approach relying on features obtained from the Ethereum virtual machine bytecode analysis. Together those three approaches form the full-stack, and they are usually being conducted under static analysis thanks to its speed of execution. However, to the best of our knowledge, no single work has yet simultaneously undertaken a full-stack intralayer and cross-layer features fusion for smart contracts vulnerability assessment under static analysis, without making use of expert-based patterns nor without manually fusing the various features extracted from shuffled partial combinations of layers in the full-stack. This paper introduces a full-stack hierarchical fusion of static features for smart contracts vulnerability detection. In our construction, we associate each layer of the full-stack to a modality and leverage automatic intramodality and crossmodality pooled features fusion from state-of-the-art artificial neural networks and deep neural networks. Additionally, our models are applied to the hierarchy of power set layers in the full-stack, without any expert-based rule. Furthermore, our work aims to assess the increase in vulnerability detection performance and provide guidance for future research on smart contracts vulnerability detection.","PeriodicalId":372721,"journal":{"name":"2021 IEEE International Conference on Blockchain (Blockchain)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127212871","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Region-based Neighbor Selection in Blockchain Networks","authors":"H. Matsuura, Yoshinori Goto, Hidehiro Sao","doi":"10.1109/Blockchain53845.2021.00015","DOIUrl":"https://doi.org/10.1109/Blockchain53845.2021.00015","url":null,"abstract":"Blockchain networks are mainly used in financial verification processes, the most famous of which is the Bitcoin network consisting of a huge number of nodes. Expansion of blockchain technology, however, to other areas, such as healthcare, arts, culture, and entertainment, is being considered internationally. Especially important challenges for ensuring the reliability of blockchain networks and the security of peer-to-peer networks are shortening the block propagation times throughout a blockchain network to reduce fork and preventing malicious eclipse attacks against targeted nodes in a network. Previous methods have tried to increase the block propagation speed at the expense of imposing a higher burden on each node and a higher risk of eclipse attack. This paper proposes a new neighbor selection method based on the neighbor's regional information. That is, each node has a relatively small number neighbors located outside its region. By using this simple method, the distribution of blocks throughout the network becomes faster and the random neighbor selection nature in a blockchain network is kept intact; thus, risk of eclipse attack is low.","PeriodicalId":372721,"journal":{"name":"2021 IEEE International Conference on Blockchain (Blockchain)","volume":"84 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125434510","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"EtherProv: Provenance-Aware Detection, Analysis, and Mitigation of Ethereum Smart Contract Security Issues","authors":"Shlomi Linoy, S. Ray, Natalia Stakhanova","doi":"10.1109/Blockchain53845.2021.00014","DOIUrl":"https://doi.org/10.1109/Blockchain53845.2021.00014","url":null,"abstract":"The rapid adoption of blockchain technologies and particularly smart contracts has been overshadowed by numerous security concerns. Over the past few years, a number of reports exposed smart contracts vulnerabilities and exploits, which mainly stem from the immaturity of the field, and consequently a lack of knowledge and tools for automated analysis and verification of smart contracts. The restricting properties of the blockchain environment, such as the immutability of deployed contracts, encumber the analysis and mitigation of vulnerabilities and bugs in deployed contracts. To address these challenges, we propose EtherProv, a novel provenance tracking system that leverages static and dynamic analysis synergy to enable detection and mitigation of known security issues in Ethereum smart contracts. EtherProv leverages Solidity source code static and dynamic analysis data through contract bytecode instrumentation. The collected data is transformed into a unified, high-level representation, which can be queried using concise and descriptive Datalog queries. Within the provenance framework, EtherProv is able to analyze contracts' execution flow over time, to detect vulnerabilities within a single contract execution flow and across multiple interacting contracts, and to mitigate new security threats in already deployed contracts. Our evaluation shows that EtherProv can efficiently and precisely identify vulnerable contracts with an average contract instrumentation gas overhead of 18.9%.","PeriodicalId":372721,"journal":{"name":"2021 IEEE International Conference on Blockchain (Blockchain)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130683260","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Evaluating Upgradable Smart Contract","authors":"Van Cuong Bui, S. Wen, Jiangshan Yu, Xin Xia, M. S. Haghighi, Yang Xiang","doi":"10.1109/Blockchain53845.2021.00041","DOIUrl":"https://doi.org/10.1109/Blockchain53845.2021.00041","url":null,"abstract":"Smart contracts have been developed and employed in both permissioned and permissionless blockchains recently, mainly to enforce agreements among parties without the need for intermediaries. This achievement is the result of blockchain immutability which guarantees that no party can alter the conditions of an already deployed contract. However, immutability also makes patching or updating contracts impossible even when incorrectness, unfairness, or security flaws are spotted in them. So far, researchers in academia and industry have developed two main methods, data segregation and proxy storage, with six patterns to make deployed contracts upgradable. However, until now, there has been no comprehensive framework that can simultaneously offer upgradability, security resilience, and scalability features. For example, none of the existing solutions have implemented any security mechanism that can resist attacks such as the DAO one. Through extensive analysis and implementation of all these patterns, and taking state-of-the-art attacks on the Ethereum network into consideration, we propose our innovative framework, “Comprehensive-Data-Proxy pattern” which uses data segregation on the top of proxy pattern, that can completely defend against any types of Reentrancy attacks. Additionally, this solution mitigates the scalability issue of the proxy pattern. Our experiments show that the framework can address these two issues with negligible impact on performance.","PeriodicalId":372721,"journal":{"name":"2021 IEEE International Conference on Blockchain (Blockchain)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128041782","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Photrace: A Blockchain-Based Traceability System for Photographs on the Internet","authors":"Tatsuya Igarashi, Takabayashi Kazuhiko, Yoshiyuki Kobayashi, H. Kuno, E. Diehl","doi":"10.1109/Blockchain53845.2021.00089","DOIUrl":"https://doi.org/10.1109/Blockchain53845.2021.00089","url":null,"abstract":"This paper proposes a blockchain-based traceability system of photos. Thanks to a novel scheme that securely chains certificates of image data originating from a trusted origin certificate, the system authenticates the provenance of original and converted images, e.g., which digital camera created it. The system requires a Public Key Infrastructure (PKI) of digital cameras to authenticate the trusted origin certificate signed by the certified digital camera. It does not require a PKI of image conversion software. The proposed solution is suitable for the traceability system of photos on the Internet as the scheme of chaining certificates applies to any image conversion software, including open source-based photo editing applications and cloud server software that converts image data of photos. We have implemented a prototype of the traceability system using Ethereum as a permissioned blockchain and evaluated the system's feasibility.","PeriodicalId":372721,"journal":{"name":"2021 IEEE International Conference on Blockchain (Blockchain)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128028398","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"SECAUCTEE: Securing Auction Smart Contracts using Trusted Execution Environments","authors":"H. Desai, Murat Kantarcioglu","doi":"10.1109/Blockchain53845.2021.00069","DOIUrl":"https://doi.org/10.1109/Blockchain53845.2021.00069","url":null,"abstract":"Smart contracts running on blockchains have emerged as an indispensable mechanism to enhance trust, security, transparency and traceability of data shared among critical distributed applications. Unfortunately, a smart contract deployed on a blockchain by itself is usually inadequate in maintaining data security and privacy because the data are replicated to all the nodes on the network. There has been some recent work that tries to tackle this privacy leakage issue in smart contract execution by integrating blockchains with hardware supported trusted execution environments(TEEs). Although TEEs ensure privacy to some extent, the smart contract execution can still be compromised if the developed code does not use the TEEs' capabilities correctly. One important security issue for leveraging TEEs in practice is the memory access pattern disclosure. Even though the TEEs encrypt all the memory content during the program execution, the memory access sequence can be observed by the malicious operating system, and can be used to infer sensitive information such as “who submitted the second highest bid to the auction?”. Hence, for enhanced security for TEE based applications, the memory access pattern leakage need to be addressed. Given these observations, an apparent question that comes to light is, how can we use TEEs correctly to enable efficient, privacy enhancing and secure applications? In this work, we address this challenge in the context of digital auctions. We develop a novel generic and secure framework that allow an auction smart contract to run inside secure enclaves over Intel SGX based TEEs on a blockchain. To our knowledge, this is the first work that provides access pattern leakage free TEE based secure auction smart contract deployment. We achieve this by implementing oblivious execution (i.e., no memory access pattern leakage) of both first price and second price sealed bid auctions as templates. Furthermore, we implement an end-to-end encryption service to keep the bids secure. Our empirical results and privacy analysis show that this architecture does not cause a significant impact to efficiency given the level of security achieved.","PeriodicalId":372721,"journal":{"name":"2021 IEEE International Conference on Blockchain (Blockchain)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134543928","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"SAID: ECC-Based Secure Authentication and Incentive Distribution Mechanism for Blockchain-Enabled Data Sharing System","authors":"Muhammad Rizwan, Muhammad Sohail, Alia Asheralieva, A. Anjum, Pelin Angin","doi":"10.1109/Blockchain53845.2021.00080","DOIUrl":"https://doi.org/10.1109/Blockchain53845.2021.00080","url":null,"abstract":"The fast digital transformation the world experienced in the past few decades has created a multitude of information resources distributed over the Internet and accessed by many different entities. The sharing of these resources needs to be secure and trustworthy to protect the privacy of data and data providers. Privacy and reliability are major concerns especially in blockchain-based data storage systems, as data are held by different owners. Each data provider tries to increase its share of profit by collaborating with other data providers. To ensure secure data sharing in such a decentralized environment, authentication and verification of shared data is needed. This paper proposes a mutual authentication mechanism based on Elliptic Curve Cryptography (ECC) using hash-based message authentication code (HMAC) to provide anonymity and integrity during the communication process in blockchain-based data sharing. To evaluate the fairness of profit sharing based on data providers' contributions and data utility, we propose the use of the Shapley value techniques. The performed security analysis demonstrates that our proposed approach is resilient against replay, secret disclosure, and traceability attacks.","PeriodicalId":372721,"journal":{"name":"2021 IEEE International Conference on Blockchain (Blockchain)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130140620","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}