A Framework for Enhancing Privacy and Anonymity in Blockchain-Enabled IoT Devices

With the increase in IoT(Internet of Things)devices comes an inherent challenge of security.In the world today,privacy is the prime concern of every individual.Preserving one’s privacy and keeping anonymity throughout the system is a desired functionality that does not come without inevitable trade-offs like scalability and increased complexity and is always exceedingly difficult to manage.The challenge is keeping confidentiality and continuing to make the person innominate throughout the system.To address this,we present our proposed architecture where we manage IoT devices using blockchain technology.Our proposed architecture works on and off blockchain integrated with the closed-circuit television(CCTV)security camera fixed at the rental property.In this framework,the CCTV security camera feed is redirected towards the owner and renter based on the smart contract conditions.One entity(owner or renter)can see the CCTV security camera feed at one time.There is no third-party dependence except for the CCTV security camera deployment phase.Our contributions include the proposition of framework architecture,a novel smart contract algorithm,and the modification to the ring signatures leveraging an existing cryptographic technique.Analyses are made based on different systems’security and key management areas.In an empirical study,our proposed algorithm performed better in key generation,proof generation,and verification times.By comparing similar existing schemes,we have shown the proposed architectures’advantages.Until now,we have developed this system for a specific area in the real world.However,this system is scalable and applicable to other areas like healthcare monitoring systems,which is part of our future work.

A Review on the Security of the Ethereum-Based DeFi Ecosystem

Decentralized finance(DeFi)is a general term for a series of financial products and services.It is based on blockchain technology and has attracted people’s attention because of its open,transparent,and intermediary free.Among them,the DeFi ecosystem based on Ethereum-based blockchains attracts the most attention.However,the current decentralized financial system built on the Ethereum architecture has been exposed to many smart contract vulnerabilities during the last few years.Herein,we believe it is time to improve the understanding of the prevailing Ethereum-based DeFi ecosystem security issues.To that end,we investigate the Ethereum-based DeFi security issues:1)inherited from the real-world financial system,which can be solved by macro-control;2)induced by the problems of blockchain architecture,which require a better blockchain platform;3)caused by DeFi invented applications,which should be focused on during the project development.Based on that,we further discuss the current solutions and potential directions ofDeFi security.According to our research,we could provide a comprehensive vision to the research community for the improvement of Ethereum-basedDeFi ecosystem security.

Privacy Enhanced Mobile User Authentication Method Using Motion Sensors

With the development of hardware devices and the upgrading of smartphones,a large number of users save privacy-related information in mobile devices,mainly smartphones,which puts forward higher demands on the protection of mobile users’privacy information.At present,mobile user authenticationmethods based on humancomputer interaction have been extensively studied due to their advantages of high precision and non-perception,but there are still shortcomings such as low data collection efficiency,untrustworthy participating nodes,and lack of practicability.To this end,this paper proposes a privacy-enhanced mobile user authentication method with motion sensors,which mainly includes:(1)Construct a smart contract-based private chain and federated learning to improve the data collection efficiency of mobile user authentication,reduce the probability of the model being bypassed by attackers,and reduce the overhead of data centralized processing and the risk of privacy leakage;(2)Use certificateless encryption to realize the authentication of the device to ensure the credibility of the client nodes participating in the calculation;(3)Combine Variational Mode Decomposition(VMD)and Long Short-TermMemory(LSTM)to analyze and model the motion sensor data of mobile devices to improve the accuracy of model certification.The experimental results on the real environment dataset of 1513 people show that themethod proposed in this paper can effectively resist poisoning attacks while ensuring the accuracy and efficiency of mobile user authentication.

Automated Vulnerability Detection of Blockchain Smart Contacts Based on BERT Artificial Intelligent Model

The widespread adoption of blockchain technology has led to the exploration of its numerous applications in various fields.Cryptographic algorithms and smart contracts are critical components of blockchain security.Despite the benefits of virtual currency,vulnerabilities in smart contracts have resulted in substantial losses to users.While researchers have identified these vulnerabilities and developed tools for detecting them,the accuracy of these tools is still far from satisfactory,with high false positive and false negative rates.In this paper,we propose a new method for detecting vulnerabilities in smart contracts using the BERT pre-training model,which can quickly and effectively process and detect smart contracts.More specifically,we preprocess and make symbol substitution in the contract,which can make the pre-training model better obtain contract features.We evaluate our method on four datasets and compare its performance with other deep learning models and vulnerability detection tools,demonstrating its superior accuracy.

Bipartite consensus problems of Lurie multi-agent systems over signed graphs: A contraction approach

This paper examines the bipartite consensus problems for the nonlinear multi-agent systems in Lurie dynamics form with cooperative and competitive communication between different agents. Based on the contraction theory, some new conditions for the nonlinear Lurie multi-agent systems reaching bipartite leaderless consensus and bipartite tracking consensus are presented. Compared with the traditional methods, this approach degrades the dimensions of the conditions, eliminates some restrictions of the system matrix, and extends the range of the nonlinear function. Finally, two numerical examples are provided to illustrate the efficiency of our results.

Mitigating Blackhole and Greyhole Routing Attacks in Vehicular Ad Hoc Networks Using Blockchain Based Smart Contracts

The rapid increase in vehicle traffic volume in modern societies has raised the need to develop innovative solutions to reduce traffic congestion and enhance traffic management efficiency.Revolutionary advanced technology,such as Intelligent Transportation Systems(ITS),enables improved traffic management,helps eliminate congestion,and supports a safer environment.ITS provides real-time information on vehicle traffic and transportation systems that can improve decision-making for road users.However,ITS suffers from routing issues at the network layer when utilising Vehicular Ad Hoc Networks(VANETs).This is because each vehicle plays the role of a router in this network,which leads to a complex vehicle communication network,causing issues such as repeated link breakages between vehicles resulting from the mobility of the network and rapid topological variation.This may lead to loss or delay in packet transmissions;this weakness can be exploited in routing attacks,such as black-hole and gray-hole attacks,that threaten the availability of ITS services.In this paper,a Blockchain-based smart contracts model is proposed to offer convenient and comprehensive security mechanisms,enhancing the trustworthiness between vehicles.Self-Classification Blockchain-Based Contracts(SCBC)and Voting-Classification Blockchain-Based Contracts(VCBC)are utilised in the proposed protocol.The results show that VCBC succeeds in attaining better results in PDR and TP performance even in the presence of Blackhole and Grayhole attacks.

Preserving Data Secrecy and Integrity for Cloud Storage Using Smart Contracts and Cryptographic Primitives

Cloud computing has emerged as a viable alternative to traditional computing infrastructures,offering various benefits.However,the adoption of cloud storage poses significant risks to data secrecy and integrity.This article presents an effective mechanism to preserve the secrecy and integrity of data stored on the public cloud by leveraging blockchain technology,smart contracts,and cryptographic primitives.The proposed approach utilizes a Solidity-based smart contract as an auditor for maintaining and verifying the integrity of outsourced data.To preserve data secrecy,symmetric encryption systems are employed to encrypt user data before outsourcing it.An extensive performance analysis is conducted to illustrate the efficiency of the proposed mechanism.Additionally,a rigorous assessment is conducted to ensure that the developed smart contract is free from vulnerabilities and to measure its associated running costs.The security analysis of the proposed system confirms that our approach can securely maintain the confidentiality and integrity of cloud storage,even in the presence of malicious entities.The proposed mechanism contributes to enhancing data security in cloud computing environments and can be used as a foundation for developing more secure cloud storage systems.

FADSF:A Data Sharing Model for Intelligent Connected Vehicles Based on Blockchain Technology

With the development of technology,the connected vehicle has been upgraded from a traditional transport vehicle to an information terminal and energy storage terminal.The data of ICV(intelligent connected vehicles)is the key to organically maximizing their efficiency.However,in the context of increasingly strict global data security supervision and compliance,numerous problems,including complex types of connected vehicle data,poor data collaboration between the IT(information technology)domain and OT(operation technology)domain,different data format standards,lack of shared trust sources,difficulty in ensuring the quality of shared data,lack of data control rights,as well as difficulty in defining data ownership,make vehicle data sharing face a lot of problems,and data islands are widespread.This study proposes FADSF(Fuzzy Anonymous Data Share Frame),an automobile data sharing scheme based on blockchain.The data holder publishes the shared data information and forms the corresponding label storage on the blockchain.The data demander browses the data directory information to select and purchase data assets and verify them.The data demander selects and purchases data assets and verifies them by browsing the data directory information.Meanwhile,this paper designs a data structure Data Discrimination Bloom Filter(DDBF),making complaints about illegal data.When the number of data complaints reaches the threshold,the audit traceability contract is triggered to punish the illegal data publisher,aiming to improve the data quality and maintain a good data sharing ecology.In this paper,based on Ethereum,the above scheme is tested to demonstrate its feasibility,efficiency and security.

Bridge Bidding via Deep Reinforcement Learning and Belief Monte Carlo Search

Contract Bridge,a four-player imperfect information game,comprises two phases:bidding and playing.While computer programs excel at playing,bidding presents a challenging aspect due to the need for information exchange with partners and interference with communication of opponents.In this work,we introduce a Bridge bidding agent that combines supervised learning,deep reinforcement learning via self-play,and a test-time search approach.Our experiments demonstrate that our agent outperforms WBridge5,a highly regarded computer Bridge software that has won multiple world championships,by a performance of 0.98 IMPs(international match points)per deal over 10000 deals,with a much cost-effective approach.The performance significantly surpasses previous state-of-the-art(0.85 IMPs per deal).Note 0.1 IMPs per deal is a significant improvement in Bridge bidding.

Smart Contract Vulnerability Detection Method Based on Feature Graph and Multiple Attention Mechanisms

The fast-paced development of blockchain technology is evident.Yet,the security concerns of smart contracts represent a significant challenge to the stability and dependability of the entire blockchain ecosystem.Conventional smart contract vulnerability detection primarily relies on static analysis tools,which are less efficient and accurate.Although deep learning methods have improved detection efficiency,they are unable to fully utilize the static relationships within contracts.Therefore,we have adopted the advantages of the above two methods,combining feature extraction mode of tools with deep learning techniques.Firstly,we have constructed corresponding feature extraction mode for different vulnerabilities,which are used to extract feature graphs from the source code of smart contracts.Then,the node features in feature graphs are fed into a graph convolutional neural network for training,and the edge features are processed using a method that combines attentionmechanismwith gated units.Ultimately,the revised node features and edge features are concatenated through amulti-head attentionmechanism.The result of the splicing is a global representation of the entire feature graph.Our method was tested on three types of data:Timestamp vulnerabilities,reentrancy vulnerabilities,and access control vulnerabilities,where the F1 score of our method reaches 84.63%,92.55%,and 61.36%.The results indicate that our method surpasses most others in detecting smart contract vulnerabilities.

Blockchain-Based Key Management Scheme Using Rational Secret Sharing

Traditional blockchain key management schemes store private keys in the same location,which can easily lead to security issues such as a single point of failure.Therefore,decentralized threshold key management schemes have become a research focus for blockchain private key protection.The security of private keys for blockchain user wallet is highly related to user identity authentication and digital asset security.The threshold blockchain private key management schemes based on verifiable secret sharing have made some progress,but these schemes do not consider participants’self-interested behavior,and require trusted nodes to keep private key fragments,resulting in a narrow application scope and low deployment efficiency,which cannot meet the needs of personal wallet private key escrow and recovery in public blockchains.We design a private key management scheme based on rational secret sharing that considers the self-interest of participants in secret sharing protocols,and constrains the behavior of rational participants through reasonable mechanism design,making it more suitable in distributed scenarios such as the public blockchain.The proposed scheme achieves the escrow and recovery of personal wallet private keys without the participation of trusted nodes,and simulate its implementation on smart contracts.Compared to other existing threshold wallet solutions and keymanagement schemes based on password-protected secret sharing(PPSS),the proposed scheme has a wide range of applications,verifiable private key recovery,low communication overhead,higher computational efficiency when users perform one-time multi-key escrow,no need for trusted nodes,and personal rational constraints and anti-collusion attack capabilities.

A Systematic Review and Performance Evaluation of Open-Source Tools for Smart Contract Vulnerability Detection

With the rise of blockchain technology,the security issues of smart contracts have become increasingly critical.Despite the availability of numerous smart contract vulnerability detection tools,many face challenges such as slow updates,usability issues,and limited installation methods.These challenges hinder the adoption and practicality of these tools.This paper examines smart contract vulnerability detection tools from 2016 to 2023,sourced from the Web of Science(WOS)and Google Scholar.By systematically collecting,screening,and synthesizing relevant research,38 open-source tools that provide installation methods were selected for further investigation.From a developer’s perspective,this paper offers a comprehensive survey of these 38 open-source tools,discussing their operating principles,installation methods,environmental dependencies,update frequencies,and installation challenges.Based on this,we propose an Ethereum smart contract vulnerability detection framework.This framework enables developers to easily utilize various detection tools and accurately analyze contract security issues.To validate the framework’s stability,over 1700 h of testing were conducted.Additionally,a comprehensive performance test was performed on the mainstream detection tools integrated within the framework,assessing their hardware requirements and vulnerability detection coverage.Experimental results indicate that the Slither tool demonstrates satisfactory performance in terms of system resource consumption and vulnerability detection coverage.This study represents the first performance evaluation of testing tools in this domain,providing significant reference value.

Strategic Contracting for Software Upgrade Outsourcing in Industry 4.0

The advent of Industry 4.0 has compelled businesses to adopt digital approaches that combine software toenhance production efficiency. In this rapidly evolving market, software development is an ongoing process thatmust be tailored to meet the dynamic needs of enterprises. However, internal research and development can beprohibitively expensive, driving many enterprises to outsource software development and upgrades to externalservice providers. This paper presents a software upgrade outsourcing model for enterprises and service providersthat accounts for the impact of market fluctuations on software adaptability. To mitigate the risk of adverseselection due to asymmetric information about the service provider’s cost and asymmetric information aboutthe enterprise’s revenues, we propose pay-per-time and revenue-sharing contracts in two distinct informationasymmetry scenarios. These two contracts specify the time and transfer payments for software upgrades. Througha comparative analysis of the optimal solutions under the two contracts and centralized decision-making withfull-information, we examine the characteristics of the solutions under two information asymmetry scenarios andanalyze the incentive effects of the two contracts on the various stakeholders. Overall, our study offers valuableinsights for firms seeking to optimize their outsourcing strategies and maximize their returns on investment insoftware upgrades.

High-Level Security Dimension Evaluation of Blockchain BaaS System and Key Technology

In recent years,blockchain technology integration and application has gradually become an important driving force for new technological innovation and industrial transformation.While blockchain technology and applications are developing rapidly,the emerging security risks and obstacles have gradually become prominent.Attackers can still find security issues in blockchain systems and conduct attacks,causing increasing losses from network attacks every year.In response to the current demand for blockchain application security detection and assessment in all industries,and the insufficient coverage of existing detection technologies such as smart contract detectiontechnology,this paper proposes a blockchain core technology security assessment system model,and studies the relevant detection and assessment key technologies and systems.A security assessment scheme based on a smart contract and consensus mechanism detection scheme is designed.And the underlying blockchain architecture supports the traceability of detection results using super blockchains.Finally,the functionality and performance of the system were tested,and the test results show that the model and solutions proposed in this paper have good feasibility.

A Review of Deep Learning-Based Vulnerability Detection Tools for Ethernet Smart Contracts

In recent years,the number of smart contracts deployed on blockchain has exploded.However,the issue of vulnerability has caused incalculable losses.Due to the irreversible and immutability of smart contracts,vulnerability detection has become particularly important.With the popular use of neural network model,there has been a growing utilization of deep learning-based methods and tools for the identification of vulnerabilities within smart contracts.This paper commences by providing a succinct overview of prevalent categories of vulnerabilities found in smart contracts.Subsequently,it categorizes and presents an overview of contemporary deep learning-based tools developed for smart contract detection.These tools are categorized based on their open-source status,the data format and the type of feature extraction they employ.Then we conduct a comprehensive comparative analysis of these tools,selecting representative tools for experimental validation and comparing them with traditional tools in terms of detection coverage and accuracy.Finally,Based on the insights gained from the experimental results and the current state of research in the field of smart contract vulnerability detection tools,we suppose to provide a reference standard for developers of contract vulnerability detection tools.Meanwhile,forward-looking research directions are also proposed for deep learning-based smart contract vulnerability detection.

Anonymous TollPass: A Blockchain-Based Privacy-Preserving Electronic Toll Payment Model

As big data,Artificial Intelligence,and Vehicle-to-Everything(V2X)communication have advanced,Intelligent Transportation Systems(ITS)are being developed to enable efficient and safe transportation systems.Electronic Toll Collection(ETC),which is one of the services included in ITS systems,is an automated system that allows vehicles to pass through toll plazas without stopping for manual payment.The ETC system is widely deployed on highways due to its contribution to stabilizing the overall traffic system flow.To ensure secure and efficient toll payments,designing a distributed model for sharing toll payment information among untrusted toll service providers is necessary.However,the current ETC system operates under a centralized model.Additionally,both toll service providers and toll plazas know the toll usage history of vehicles.It raises concerns about revealing the entire driving routes and patterns of vehicles.To address these issues,blockchain technology,suitable for secure data management and data sharing in distributed systems,is being applied to the ETC system.Blockchain enables efficient and transparent management of ETC information.Nevertheless,the public nature of blockchain poses a challenge where users’usage records are exposed to all participants.To tackle this,we propose a blockchain-based toll ticket model named AnonymousTollPass that considers the privacy of vehicles.The proposed model utilizes traceable ring signatures to provide unlinkability between tickets used by a vehicle and prevent the identity of the vehicle using the ticket from being identified among the ring members for the ticket.Furthermore,malicious vehicles’identities can be traced when they attempt to reuse tickets.By conducting simulations,we show the effectiveness of the proposed model and demonstrate that gas fees required for executing the proposed smart contracts are only 10%(when the ring size is 50)of the fees required in previous studies.

Design and pricing of maintenance service contract based on Nash non-cooperative game approach

Nowadays manufacturers are facing fierce challenge.Apart from the products,providing customers with multiple maintenance options in the service contract becomes more popular,since it can help to improve customer satisfaction,and ultimately promote sales and maximize profit for the manufacturer.By considering the combinations of corrective maintenance and preventive maintenance,totally three types of maintenance service contracts are designed.Moreover,attractive incentive and penalty mechanisms are adopted in the contracts.On this basis,Nash non-cooperative game is applied to analyze the revenue for both the manufacturer and customers,and so as to optimize the pricing mechanism of maintenance service contract and achieve a win-win situation.Numerical experiments are conducted.The results show that by taking into account the incentive and penalty mechanisms,the revenue can be improved for both the customers and manufacturer.Moreover,with the increase of repair rate and improvement factor in the preventive maintenance,the revenue will increase gradually for both the parties.

A Post-Quantum Cross-Domain Authentication Scheme Based on Multi-Chain Architecture

Due to the rapid advancements in network technology,blockchain is being employed for distributed data storage.In the Internet of Things(IoT)scenario,different participants manage multiple blockchains located in different trust domains,which has resulted in the extensive development of cross-domain authentication techniques.However,the emergence of many attackers equipped with quantum computers has the potential to launch quantum computing attacks against cross-domain authentication schemes based on traditional cryptography,posing a significant security threat.In response to the aforementioned challenges,our paper demonstrates a post-quantum cross-domain identity authentication scheme to negotiate the session key used in the cross-chain asset exchange process.Firstly,our paper designs the hiding and recovery process of user identity index based on lattice cryptography and introduces the identity-based signature from lattice to construct a post-quantum cross-domain authentication scheme.Secondly,our paper utilizes the hashed time-locked contract to achieves the cross-chain asset exchange of blockchain nodes in different trust domains.Furthermore,the security analysis reduces the security of the identity index and signature to Learning With Errors(LWE)and Short Integer Solution(SIS)assumption,respectively,indicating that our scheme has post-quantum security.Last but not least,through comparison analysis,we display that our scheme is efficient compared with the cross-domain authentication scheme based on traditional cryptography.

Contract Mechanism of Water Environment Regulation for Small and Medium Sized Enterprises Based on Optimal Control Theory

The small and scattered enterprise pattern in the county economy has formed numerous sporadic pollution sources, hindering the centralized treatment of the water environment, increasing the cost and difficulty of treatment. How enterprises can make reasonable decisions on their water environment behavior based on the external environment and their own factors is of great significance for scientifically and effectively designing water environment regulation mechanisms. Based on optimal control theory, this study investigates the design of contractual mechanisms for water environmental regulation for small and medium-sized enterprises. The enterprise is regarded as an independent economic entity that can adopt optimal control strategies to maximize its own interests. Based on the participation of multiple subjects including the government, enterprises, and the public, an optimal control strategy model for enterprises under contractual water environmental regulation is constructed using optimal control theory, and a method for calculating the amount of unit pollutant penalties is derived. The water pollutant treatment cost data of a paper company is selected to conduct empirical numerical analysis on the model. The results show that the increase in the probability of government regulation and public participation, as well as the decrease in local government protection for enterprises, can achieve the same regulatory effect while reducing the number of administrative penalties per unit. Finally, the implementation process of contractual water environmental regulation for small and medium-sized enterprises is designed.

MetaOracle:A High-Throughput Decentralized Oracle for Web 3.0-Empowered Metaverse

Recent rapid advancements in communication technology have brought forth the era of Web 3.0,representing a substantial transformation in the Internet landscape.This shift has led to the emergence of various decentralized metaverse applications that leverage blockchain as their underlying technology to enable users to exchange value directly from point to point.However,blockchains are blind to the real world,and smart contracts cannot directly access data from the external world.To address this limitation,the technology of oracles has been introduced to provide real-world data for smart contracts and other blockchain applications.In this paper,we focus on mitigating the risks associated with oracles providing corrupt or incorrect data.We propose a novel Web 3.0 architecture for the Metaverse based on the multiidentifier network(MIN),and its decentralized blockchain oracle model called Meta Oracle.The experimental results show that the proposed scheme can achieve minor time investment in return for significantly more reliable data and increased throughput.