Potential Defenses Against Security Threats on Blockchain

Table of Contents:

Potential defenses which assure security against man-in-the-middle-attacks, hardware Trojans, etc., include the following schemes: ^[1]

statistical model. Any significant variation/deviation would be considered to be a Trojan. Side-channel fingerprinting is not able to assure authenticity or piracy, counterfeiting, or reverse-engineering attacks.

• Reverse Engineering (RE): This technique can also be constructively utilized to detect hardware Trojans. For RE, the state-of-the-art of blockchain should be made aware by the researcher to become successful in the detection of HTs inserted by foreign attackers. A typical RE flow should pass through depackaging, delayering, and image processing of a blockchain.

Mainly, its design and blocks are uncovered by RE scheme following the aforementioned steps is studied with a golden one (this means with no attack).

This RE approach is both time-consuming and also destructive in nature. Hence, the RE technique is less applicable for HTs detection [20]. RE is generally used to assure about the Trojan-free blockchain used in the golden blockchain model development required for test time and runtime golden blockchain models.

• Code analysis: The code of blockchain functionality is analyzed to detect for any hardware Trojans inserted into the system. Also, any secured encryption algorithm and hash functions can be used for the confidentiality of transaction and hence protect from Trojan attacks on blocks. Code analysis is not able to protect the blockchain against piracy, reverse engineering, and counterfeiting attacks.
• Obfuscation: A code-obfuscation technique can be used by the blockchain designer for the mystification of transactions. This obfuscation is able to prevent hardware Trojan attacks indirectly as attackers would not be able to insert meaningful and stealthy hardware Trojans in such an obfuscated transaction sequences. Obfuscation is able to prevent hardware Trojans and reverse engineering, but not piracy or counterfeiting.
• Locking: A blockchain designer is able to add locks (i.e., digital multiplexers) which manage and control the flow of transactions among blocks or other blockchain components. These transactions will proceed further in a correct manner if and only if the correct secret key is applied, otherwise wrong

TABLE 8.1

Summary of potential defenses

Name of Defense	Name of Attack
Name of Defense	Trojans	Piracy	Reverse Engineering	Counterfeiting
Watermarking	No	No*	Yes	No*
Metering	No	No*	Yes	No*
Side-channel Fingerprinting	No*	No	No	No
Reverse Engineering	Yes	No	...	No
Code Analysis	No*	No	No	No
Obfuscation	Yes	No	Yes	No
Locking	Yes*	Yes	Yes	Yes

transactions will proceed which results in an erroneous output. This key should be preserved in a tamper-proof memory in order to protect from vulnerabilities as the key is erased during reverse-engineering duration. Hardware Trojans are not able to be inserted since the blockchain functionality is hidden by the key. Locking prevents all aforementioned attacks: piracy, reverse engineering, and counterfeiting attacks, Trojans after fabrication, except for Trojans inserted during chip fabrication of the blockchain in industry.

Comparisons and Results Analysis

In this section, all the potential defenses are summarized in Table 8.1 along with the statistics of comparisons among them. From the aforementioned Table, it is confirmed that the locking defense provides the best assurance for security issues in blockchain, followed by the obfuscation defense.

Depending on their business strategy and budget, companies and industry firms can choose any one or multiple aforementioned techniques to protect the blockchain against different known and existing attacks.

Symbols used in Table 8.1 meanings:

• Yes means both detection and prevention possible.
• Yes* means detect and prevent those Trojans inserted only after fabrication, but not those before fabrication.
• No means cannot detect, also not prevent.
• No* means only detection, but not prevention.

Discussion about Critical Infrastructures for Securing Blockchain

Because all the aforementioned techniques have their own pros and cons, one proposed direction is to use each for the highest HT coverage. For example, an RE- based scheme can guarantee a golden blockchain required for test time and runtime golden blockchain models. Side-channel and functional testing approaches are able to detect large and small HTs respectively that were inserted during chip fabrication. Runtime approaches can finally conclude to work as a last scheme of defense.

Conclusions

Though blockchain technology was designed to act as a backbone for crypto currency bitcoin from the beginning, blockchain is applied in other fields such as clinical diagnostic healthcare, government organizations, Intelligent Transportation System, etc., due to its open and decentralized framework, secure environment and tamper-proof characteristics. Though blockchain is a complex technology, it has had proved the potential to handle all record keeping processes, audit and assurance in the means transactions are initiated, processed, authenticated, recorded and reported at the time of demand with providing secured, trust and integrity. While blockchain technology cannot achieve its goal of other demanding features such as scalability, privacy and confidentiality. Hence it needs the attention of researchers as active areas of research and development due to the fact that these features are less matured. In the last few years, a number of cryptocurrencies, consensus protocols, and hashing functions have been developed in the networks. A few examples of the cryptocurrencies are NXT, Ripple, NEO, Cardano, Stellar, EOS, Litecoin, IOTA, Dash, Lisk, Zcash, Dogecoin, and many more. Finally, we hope that blockchain has the power to shape the 21st century.

Over the next decade, researchers will try a number of blockchain concepts and ideas, out of which some will succeed. But in the process some real-world problems will be solved and new businesses along with business models will emerge for the use of blockchain in better real-life state-of-the-art applications.

References

1. D. Vujicic, D. Jagodic, and S. Randic, (2018) Blockchain Technology, Bitcoin, and Ethereum: A Brief Overview, March 2018, in 17th International Symposium INFOTEH- JAHORINA (INFOTEH). pp. 1-6.
2. F. Tschorsch and B. Scheuermann, (2016) Bitcoin and beyond: a technical survey on decentralized digital currencies. IEEE Communications Surveys & Tutorials, vol. 18, no.
3. pp. 2084-2123.
3. S. Nakamoto, (2008) Bitcoin: a peer-to-peer electronic cash system. Available at: https:// bitcoin.org/bitcoin.pdf.
4. A. Castor, A short guide to Bitcoin forks, March 2017. Available at: www.coindesk.com/ short-guide-bitcoin-forks-explained/.
5. T. Lee, (2013) Major glitch in Bitcoin network sparks sell-off; price temporarily falls 23%, Arstechnica.
6. V. Buterin, (2013) Ethereum white paper: a next generation smart contract & decentralized application platform, Available at: www.theblockchain.com/docs/Ethereum_white_ paper_a_next_generation_smart_contract_and_decentralized application platform- vitalik-buterin.pdf
7. F. Coppola, (2016) A Painful Lesson For The Ethereum Community, Forbes.
8. С. M. Gillespie, (2016) Official NXT Decision: No Blockchain Rollback. Cryptocoin News.
9. A. Lei, H. Cruickshank. Y. Cao, P. Asuquo, С. P. A. Ogah. andZ. Sun, (2017) Blockchain- based dynamic key management for heterogeneous intelligent transportation systems, IEEE Internet of Things Journal, vol. 4, no. 6. pp. 1832-1843.
10. M. A. Khan and K. Salah, (2018) IoT security: Review, Blockchain solutions, and open challenges, Future Generation Computer Systems, vol. 82, pp. 395-411.
11. S. Wang, Y. Zhang, and Y. Zhang, (2018) A Blockchain-based framework for data sharing with fine-grained access control in decentralized storage systems, IEEE Access, vol. 6, pp. 38437-38450.
12. M. Conti, N. Dragoni, V. Lesyk, (2016) A survey of man in the middle attacks, IEEE Communications Surveys Tutorials 18 (3), 2027-2051.
13. J. Tang, M. Ibrahim, K. Chakrabarty, R. Karri, (2018) Secure Randomized Checkpointing for Digital Microfluidic Biochips, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 37, no. 6, pp. 1119-1132.
14. N. Jacob, D. Merli, J. Heyszl, and G. Sigl. (2014) Hardware Trojans: current challenges and approaches. IET Computers Digital Techniques, vol. 8, no. 6, pp. 264-273.

15. G. Maxwell, (2013) Coinjoin: Bitcoin privacy for the real world. Available at: https:// bitcointalk.org/index.php?topic=279249.0.2013.
16. Baliga, Arati (2017) “Understanding blockchain consensus models.” Persistent.
17. Watanabe, H., Fujimura, S., Nakadaira, A., Miyazaki, Y., Akutsu, A., & Kishigami, J. (2016, January')- Blockchain contract: Securing a blockchain applied to smart contracts. In 2016 IEEE international conference on consumer electronics (ICCE) (pp. 467-468). IEEE.
18. Bastiaan, M. (2.015, January). Preventing the 51%-attack: a stochastic analysis of two phase proof of work in bitcoin. Available at http://referaat. cs. utwente. nl/conference/ 22/paper/7473/preventingthe-51-attack-a-stochasticanalysis-oftwo-phase-proof-of- work-in-bitcoin. pdf.
19. Xu, Jennifer J. (2016) “Are blockchains immune to all malicious attacks?” Financial Innovation 2.1 (2016): 25.
20. S. E. Quadir, J. Chen, D. Forte, N. Asadizanjani, S. Shahbazmohamadi, L. Wang, J. Chandy, and M. Tehranipoor, (2016) A survey on chip to system reverse engineering, J. Emerg. Technol. Comput. Syst., vol. 13, pp. 6:1-6:34.
21. Bruice Schneier, Applied Cryptography, Wiley Press, Second Edition.
22. Douglas R. Stinson, Cryptography Theory' and Practice, CRC Press, Second Edition.
23. Cryptocurrency Market Capitalizations, Available at: https://coinmarketcap.com/
24. А. АН, M. M. Afzal, (2018) Confidentiality in Blockchain, International Journal of Engineering
25. Science Invention (IJESI), vol. 7. no. 1. pp. 50-52.
26. D. Shrier, W. Wu, A. Pentland, (2016) Blockchain & Infrastructure (Identity, Data Security), Available at: www.getsmarter.com/career-advice/wp-content/ uploads/2017/ 07/mit blockchain and infrastructure report.pdf.
27. C. Bao, D. Forte, and A. Srivastava, (2014) On application of one-class SVM to reverse engineering-based hardware trojan detection, in ISQED, IEEE, pp. 47-54.
28. R. Guo, H. Shi, Q. Zhao, and D. Zheng, (2018) Secure attribute-based signature scheme with multiple authorities for Blockchain in electronic health records systems, IEEE Access, vol. 776, no. 99, pp. 1-12.
29. Blockchain has the power to shape 21st century'. Available at: https://economictimes. indiatimes.com/markets/stocks/news/blockchainhas-the-power-to-shape-21st-century/ articleshow/ 65680293.cms
30. Mohamed Amine Ferrag, Makhlouf Derdour, Mithun Mukherjee, Abdelouahid Derhab, Leandros Maglaras, Helge Janicke, (2019) Blockchain Technologies for the Internet of Things: Research Issues and Challenges, IEEE Internet of Things Journal, in Press.
31. Leandros A. Maglaras, Ki-Hy ung Kim, Helge Janicke, Mohamed Amine Ferrag, Sty lianos Rallis, Pavlina Fragkou, Athanasios Maglaras, Tiago J. Cruz, (2018) Cyber Security of Critical Infrastructures, ICT Express (Elsevier), volume no. 4, issue no. 1, pp. 42-45.
32. Leandros Maglaras, Mohamed Amine Ferrag, Abdelouahid Derhab, Mithun Mukherjee, Helge Janicke, Stylianos Rallis, (2018) Threats, Protection and Attribution of Cyber Attacks on National Critical Infrastructures, EAI Transactions on Security and Safety, volume no. 5, issue no. 16, pp. 1-9.
33. D. Gountia (2019) Towards Scalability Trade-off and Security Issues in State-of-the-art Blockchain, EAI Endorsed Transactions on Emerging Topics in Security and Safety, vol. 5, issue no. 18, pp. 1-9.

[1] Watermarking: Someone requests a transaction directly known as client orvia something called a wallet. The transaction directly request from the clientwill deliver either a commit or by a process at the server where the transaction initiated known as the master. In watermarking, the original client’s digitalsignature is provided with the request. Watermarks are able to assure ownership as these are much more difficult to identify and modify. Unfortunately,the watermarking technique is not able to guarantee security against hardwareTrojans. • Metering: In this technique, both the public signature of wallet/master andthe client’s digital signature are added to the transaction request as processingconstraints. This metering scheme is not also able to assure protection againsthardware Trojans as the attacker is able to create and hide a malicious Trojan inthe circuit due to availability of the design functionality. • Side-channel fingerprinting: This scheme is able to detect hardware Trojanseasily as the manufactured parametric characteristics, such as power, area,delay, and block characteristics of the transaction are compared with those of

Potential Defenses Against Security Threats on Blockchain

Comparisons and Results Analysis

Discussion about Critical Infrastructures for Securing Blockchain

Conclusions

References

Potential security threat from 5G

Security Threats

Model Comparison: Accuracy Results

Results Analysis

Italy’s cyber security architecture and critical infrastructure

Critical Infrastructure