With the increase in IoT(Internet of Things)devices comes an inherent challenge of security.In the world today,privacy is the prime concern of every individual.Preserving one’s privacy and keeping anonymity throughou...With the increase in IoT(Internet of Things)devices comes an inherent challenge of security.In the world today,privacy is the prime concern of every individual.Preserving one’s privacy and keeping anonymity throughout the system is a desired functionality that does not come without inevitable trade-offs like scalability and increased complexity and is always exceedingly difficult to manage.The challenge is keeping confidentiality and continuing to make the person innominate throughout the system.To address this,we present our proposed architecture where we manage IoT devices using blockchain technology.Our proposed architecture works on and off blockchain integrated with the closed-circuit television(CCTV)security camera fixed at the rental property.In this framework,the CCTV security camera feed is redirected towards the owner and renter based on the smart contract conditions.One entity(owner or renter)can see the CCTV security camera feed at one time.There is no third-party dependence except for the CCTV security camera deployment phase.Our contributions include the proposition of framework architecture,a novel smart contract algorithm,and the modification to the ring signatures leveraging an existing cryptographic technique.Analyses are made based on different systems’security and key management areas.In an empirical study,our proposed algorithm performed better in key generation,proof generation,and verification times.By comparing similar existing schemes,we have shown the proposed architectures’advantages.Until now,we have developed this system for a specific area in the real world.However,this system is scalable and applicable to other areas like healthcare monitoring systems,which is part of our future work.展开更多
Decentralized finance(DeFi)is a general term for a series of financial products and services.It is based on blockchain technology and has attracted people’s attention because of its open,transparent,and intermediary ...Decentralized finance(DeFi)is a general term for a series of financial products and services.It is based on blockchain technology and has attracted people’s attention because of its open,transparent,and intermediary free.Among them,the DeFi ecosystem based on Ethereum-based blockchains attracts the most attention.However,the current decentralized financial system built on the Ethereum architecture has been exposed to many smart contract vulnerabilities during the last few years.Herein,we believe it is time to improve the understanding of the prevailing Ethereum-based DeFi ecosystem security issues.To that end,we investigate the Ethereum-based DeFi security issues:1)inherited from the real-world financial system,which can be solved by macro-control;2)induced by the problems of blockchain architecture,which require a better blockchain platform;3)caused by DeFi invented applications,which should be focused on during the project development.Based on that,we further discuss the current solutions and potential directions ofDeFi security.According to our research,we could provide a comprehensive vision to the research community for the improvement of Ethereum-basedDeFi ecosystem security.展开更多
With the development of hardware devices and the upgrading of smartphones,a large number of users save privacy-related information in mobile devices,mainly smartphones,which puts forward higher demands on the protecti...With the development of hardware devices and the upgrading of smartphones,a large number of users save privacy-related information in mobile devices,mainly smartphones,which puts forward higher demands on the protection of mobile users’privacy information.At present,mobile user authenticationmethods based on humancomputer interaction have been extensively studied due to their advantages of high precision and non-perception,but there are still shortcomings such as low data collection efficiency,untrustworthy participating nodes,and lack of practicability.To this end,this paper proposes a privacy-enhanced mobile user authentication method with motion sensors,which mainly includes:(1)Construct a smart contract-based private chain and federated learning to improve the data collection efficiency of mobile user authentication,reduce the probability of the model being bypassed by attackers,and reduce the overhead of data centralized processing and the risk of privacy leakage;(2)Use certificateless encryption to realize the authentication of the device to ensure the credibility of the client nodes participating in the calculation;(3)Combine Variational Mode Decomposition(VMD)and Long Short-TermMemory(LSTM)to analyze and model the motion sensor data of mobile devices to improve the accuracy of model certification.The experimental results on the real environment dataset of 1513 people show that themethod proposed in this paper can effectively resist poisoning attacks while ensuring the accuracy and efficiency of mobile user authentication.展开更多
The widespread adoption of blockchain technology has led to the exploration of its numerous applications in various fields.Cryptographic algorithms and smart contracts are critical components of blockchain security.De...The widespread adoption of blockchain technology has led to the exploration of its numerous applications in various fields.Cryptographic algorithms and smart contracts are critical components of blockchain security.Despite the benefits of virtual currency,vulnerabilities in smart contracts have resulted in substantial losses to users.While researchers have identified these vulnerabilities and developed tools for detecting them,the accuracy of these tools is still far from satisfactory,with high false positive and false negative rates.In this paper,we propose a new method for detecting vulnerabilities in smart contracts using the BERT pre-training model,which can quickly and effectively process and detect smart contracts.More specifically,we preprocess and make symbol substitution in the contract,which can make the pre-training model better obtain contract features.We evaluate our method on four datasets and compare its performance with other deep learning models and vulnerability detection tools,demonstrating its superior accuracy.展开更多
This paper examines the bipartite consensus problems for the nonlinear multi-agent systems in Lurie dynamics form with cooperative and competitive communication between different agents. Based on the contraction theor...This paper examines the bipartite consensus problems for the nonlinear multi-agent systems in Lurie dynamics form with cooperative and competitive communication between different agents. Based on the contraction theory, some new conditions for the nonlinear Lurie multi-agent systems reaching bipartite leaderless consensus and bipartite tracking consensus are presented. Compared with the traditional methods, this approach degrades the dimensions of the conditions, eliminates some restrictions of the system matrix, and extends the range of the nonlinear function. Finally, two numerical examples are provided to illustrate the efficiency of our results.展开更多
Cloud computing has emerged as a viable alternative to traditional computing infrastructures,offering various benefits.However,the adoption of cloud storage poses significant risks to data secrecy and integrity.This a...Cloud computing has emerged as a viable alternative to traditional computing infrastructures,offering various benefits.However,the adoption of cloud storage poses significant risks to data secrecy and integrity.This article presents an effective mechanism to preserve the secrecy and integrity of data stored on the public cloud by leveraging blockchain technology,smart contracts,and cryptographic primitives.The proposed approach utilizes a Solidity-based smart contract as an auditor for maintaining and verifying the integrity of outsourced data.To preserve data secrecy,symmetric encryption systems are employed to encrypt user data before outsourcing it.An extensive performance analysis is conducted to illustrate the efficiency of the proposed mechanism.Additionally,a rigorous assessment is conducted to ensure that the developed smart contract is free from vulnerabilities and to measure its associated running costs.The security analysis of the proposed system confirms that our approach can securely maintain the confidentiality and integrity of cloud storage,even in the presence of malicious entities.The proposed mechanism contributes to enhancing data security in cloud computing environments and can be used as a foundation for developing more secure cloud storage systems.展开更多
The rapid increase in vehicle traffic volume in modern societies has raised the need to develop innovative solutions to reduce traffic congestion and enhance traffic management efficiency.Revolutionary advanced techno...The rapid increase in vehicle traffic volume in modern societies has raised the need to develop innovative solutions to reduce traffic congestion and enhance traffic management efficiency.Revolutionary advanced technology,such as Intelligent Transportation Systems(ITS),enables improved traffic management,helps eliminate congestion,and supports a safer environment.ITS provides real-time information on vehicle traffic and transportation systems that can improve decision-making for road users.However,ITS suffers from routing issues at the network layer when utilising Vehicular Ad Hoc Networks(VANETs).This is because each vehicle plays the role of a router in this network,which leads to a complex vehicle communication network,causing issues such as repeated link breakages between vehicles resulting from the mobility of the network and rapid topological variation.This may lead to loss or delay in packet transmissions;this weakness can be exploited in routing attacks,such as black-hole and gray-hole attacks,that threaten the availability of ITS services.In this paper,a Blockchain-based smart contracts model is proposed to offer convenient and comprehensive security mechanisms,enhancing the trustworthiness between vehicles.Self-Classification Blockchain-Based Contracts(SCBC)and Voting-Classification Blockchain-Based Contracts(VCBC)are utilised in the proposed protocol.The results show that VCBC succeeds in attaining better results in PDR and TP performance even in the presence of Blackhole and Grayhole attacks.展开更多
With the development of technology,the connected vehicle has been upgraded from a traditional transport vehicle to an information terminal and energy storage terminal.The data of ICV(intelligent connected vehicles)is ...With the development of technology,the connected vehicle has been upgraded from a traditional transport vehicle to an information terminal and energy storage terminal.The data of ICV(intelligent connected vehicles)is the key to organically maximizing their efficiency.However,in the context of increasingly strict global data security supervision and compliance,numerous problems,including complex types of connected vehicle data,poor data collaboration between the IT(information technology)domain and OT(operation technology)domain,different data format standards,lack of shared trust sources,difficulty in ensuring the quality of shared data,lack of data control rights,as well as difficulty in defining data ownership,make vehicle data sharing face a lot of problems,and data islands are widespread.This study proposes FADSF(Fuzzy Anonymous Data Share Frame),an automobile data sharing scheme based on blockchain.The data holder publishes the shared data information and forms the corresponding label storage on the blockchain.The data demander browses the data directory information to select and purchase data assets and verify them.The data demander selects and purchases data assets and verifies them by browsing the data directory information.Meanwhile,this paper designs a data structure Data Discrimination Bloom Filter(DDBF),making complaints about illegal data.When the number of data complaints reaches the threshold,the audit traceability contract is triggered to punish the illegal data publisher,aiming to improve the data quality and maintain a good data sharing ecology.In this paper,based on Ethereum,the above scheme is tested to demonstrate its feasibility,efficiency and security.展开更多
Contract Bridge,a four-player imperfect information game,comprises two phases:bidding and playing.While computer programs excel at playing,bidding presents a challenging aspect due to the need for information exchange...Contract Bridge,a four-player imperfect information game,comprises two phases:bidding and playing.While computer programs excel at playing,bidding presents a challenging aspect due to the need for information exchange with partners and interference with communication of opponents.In this work,we introduce a Bridge bidding agent that combines supervised learning,deep reinforcement learning via self-play,and a test-time search approach.Our experiments demonstrate that our agent outperforms WBridge5,a highly regarded computer Bridge software that has won multiple world championships,by a performance of 0.98 IMPs(international match points)per deal over 10000 deals,with a much cost-effective approach.The performance significantly surpasses previous state-of-the-art(0.85 IMPs per deal).Note 0.1 IMPs per deal is a significant improvement in Bridge bidding.展开更多
The fast-paced development of blockchain technology is evident.Yet,the security concerns of smart contracts represent a significant challenge to the stability and dependability of the entire blockchain ecosystem.Conve...The fast-paced development of blockchain technology is evident.Yet,the security concerns of smart contracts represent a significant challenge to the stability and dependability of the entire blockchain ecosystem.Conventional smart contract vulnerability detection primarily relies on static analysis tools,which are less efficient and accurate.Although deep learning methods have improved detection efficiency,they are unable to fully utilize the static relationships within contracts.Therefore,we have adopted the advantages of the above two methods,combining feature extraction mode of tools with deep learning techniques.Firstly,we have constructed corresponding feature extraction mode for different vulnerabilities,which are used to extract feature graphs from the source code of smart contracts.Then,the node features in feature graphs are fed into a graph convolutional neural network for training,and the edge features are processed using a method that combines attentionmechanismwith gated units.Ultimately,the revised node features and edge features are concatenated through amulti-head attentionmechanism.The result of the splicing is a global representation of the entire feature graph.Our method was tested on three types of data:Timestamp vulnerabilities,reentrancy vulnerabilities,and access control vulnerabilities,where the F1 score of our method reaches 84.63%,92.55%,and 61.36%.The results indicate that our method surpasses most others in detecting smart contract vulnerabilities.展开更多
Traditional blockchain key management schemes store private keys in the same location,which can easily lead to security issues such as a single point of failure.Therefore,decentralized threshold key management schemes...Traditional blockchain key management schemes store private keys in the same location,which can easily lead to security issues such as a single point of failure.Therefore,decentralized threshold key management schemes have become a research focus for blockchain private key protection.The security of private keys for blockchain user wallet is highly related to user identity authentication and digital asset security.The threshold blockchain private key management schemes based on verifiable secret sharing have made some progress,but these schemes do not consider participants’self-interested behavior,and require trusted nodes to keep private key fragments,resulting in a narrow application scope and low deployment efficiency,which cannot meet the needs of personal wallet private key escrow and recovery in public blockchains.We design a private key management scheme based on rational secret sharing that considers the self-interest of participants in secret sharing protocols,and constrains the behavior of rational participants through reasonable mechanism design,making it more suitable in distributed scenarios such as the public blockchain.The proposed scheme achieves the escrow and recovery of personal wallet private keys without the participation of trusted nodes,and simulate its implementation on smart contracts.Compared to other existing threshold wallet solutions and keymanagement schemes based on password-protected secret sharing(PPSS),the proposed scheme has a wide range of applications,verifiable private key recovery,low communication overhead,higher computational efficiency when users perform one-time multi-key escrow,no need for trusted nodes,and personal rational constraints and anti-collusion attack capabilities.展开更多
With the rise of blockchain technology,the security issues of smart contracts have become increasingly critical.Despite the availability of numerous smart contract vulnerability detection tools,many face challenges su...With the rise of blockchain technology,the security issues of smart contracts have become increasingly critical.Despite the availability of numerous smart contract vulnerability detection tools,many face challenges such as slow updates,usability issues,and limited installation methods.These challenges hinder the adoption and practicality of these tools.This paper examines smart contract vulnerability detection tools from 2016 to 2023,sourced from the Web of Science(WOS)and Google Scholar.By systematically collecting,screening,and synthesizing relevant research,38 open-source tools that provide installation methods were selected for further investigation.From a developer’s perspective,this paper offers a comprehensive survey of these 38 open-source tools,discussing their operating principles,installation methods,environmental dependencies,update frequencies,and installation challenges.Based on this,we propose an Ethereum smart contract vulnerability detection framework.This framework enables developers to easily utilize various detection tools and accurately analyze contract security issues.To validate the framework’s stability,over 1700 h of testing were conducted.Additionally,a comprehensive performance test was performed on the mainstream detection tools integrated within the framework,assessing their hardware requirements and vulnerability detection coverage.Experimental results indicate that the Slither tool demonstrates satisfactory performance in terms of system resource consumption and vulnerability detection coverage.This study represents the first performance evaluation of testing tools in this domain,providing significant reference value.展开更多
In recent years,blockchain technology integration and application has gradually become an important driving force for new technological innovation and industrial transformation.While blockchain technology and applicat...In recent years,blockchain technology integration and application has gradually become an important driving force for new technological innovation and industrial transformation.While blockchain technology and applications are developing rapidly,the emerging security risks and obstacles have gradually become prominent.Attackers can still find security issues in blockchain systems and conduct attacks,causing increasing losses from network attacks every year.In response to the current demand for blockchain application security detection and assessment in all industries,and the insufficient coverage of existing detection technologies such as smart contract detectiontechnology,this paper proposes a blockchain core technology security assessment system model,and studies the relevant detection and assessment key technologies and systems.A security assessment scheme based on a smart contract and consensus mechanism detection scheme is designed.And the underlying blockchain architecture supports the traceability of detection results using super blockchains.Finally,the functionality and performance of the system were tested,and the test results show that the model and solutions proposed in this paper have good feasibility.展开更多
The advent of Industry 4.0 has compelled businesses to adopt digital approaches that combine software toenhance production efficiency. In this rapidly evolving market, software development is an ongoing process thatmu...The advent of Industry 4.0 has compelled businesses to adopt digital approaches that combine software toenhance production efficiency. In this rapidly evolving market, software development is an ongoing process thatmust be tailored to meet the dynamic needs of enterprises. However, internal research and development can beprohibitively expensive, driving many enterprises to outsource software development and upgrades to externalservice providers. This paper presents a software upgrade outsourcing model for enterprises and service providersthat accounts for the impact of market fluctuations on software adaptability. To mitigate the risk of adverseselection due to asymmetric information about the service provider’s cost and asymmetric information aboutthe enterprise’s revenues, we propose pay-per-time and revenue-sharing contracts in two distinct informationasymmetry scenarios. These two contracts specify the time and transfer payments for software upgrades. Througha comparative analysis of the optimal solutions under the two contracts and centralized decision-making withfull-information, we examine the characteristics of the solutions under two information asymmetry scenarios andanalyze the incentive effects of the two contracts on the various stakeholders. Overall, our study offers valuableinsights for firms seeking to optimize their outsourcing strategies and maximize their returns on investment insoftware upgrades.展开更多
In recent years,the number of smart contracts deployed on blockchain has exploded.However,the issue of vulnerability has caused incalculable losses.Due to the irreversible and immutability of smart contracts,vulnerabi...In recent years,the number of smart contracts deployed on blockchain has exploded.However,the issue of vulnerability has caused incalculable losses.Due to the irreversible and immutability of smart contracts,vulnerability detection has become particularly important.With the popular use of neural network model,there has been a growing utilization of deep learning-based methods and tools for the identification of vulnerabilities within smart contracts.This paper commences by providing a succinct overview of prevalent categories of vulnerabilities found in smart contracts.Subsequently,it categorizes and presents an overview of contemporary deep learning-based tools developed for smart contract detection.These tools are categorized based on their open-source status,the data format and the type of feature extraction they employ.Then we conduct a comprehensive comparative analysis of these tools,selecting representative tools for experimental validation and comparing them with traditional tools in terms of detection coverage and accuracy.Finally,Based on the insights gained from the experimental results and the current state of research in the field of smart contract vulnerability detection tools,we suppose to provide a reference standard for developers of contract vulnerability detection tools.Meanwhile,forward-looking research directions are also proposed for deep learning-based smart contract vulnerability detection.展开更多
As big data,Artificial Intelligence,and Vehicle-to-Everything(V2X)communication have advanced,Intelligent Transportation Systems(ITS)are being developed to enable efficient and safe transportation systems.Electronic T...As big data,Artificial Intelligence,and Vehicle-to-Everything(V2X)communication have advanced,Intelligent Transportation Systems(ITS)are being developed to enable efficient and safe transportation systems.Electronic Toll Collection(ETC),which is one of the services included in ITS systems,is an automated system that allows vehicles to pass through toll plazas without stopping for manual payment.The ETC system is widely deployed on highways due to its contribution to stabilizing the overall traffic system flow.To ensure secure and efficient toll payments,designing a distributed model for sharing toll payment information among untrusted toll service providers is necessary.However,the current ETC system operates under a centralized model.Additionally,both toll service providers and toll plazas know the toll usage history of vehicles.It raises concerns about revealing the entire driving routes and patterns of vehicles.To address these issues,blockchain technology,suitable for secure data management and data sharing in distributed systems,is being applied to the ETC system.Blockchain enables efficient and transparent management of ETC information.Nevertheless,the public nature of blockchain poses a challenge where users’usage records are exposed to all participants.To tackle this,we propose a blockchain-based toll ticket model named AnonymousTollPass that considers the privacy of vehicles.The proposed model utilizes traceable ring signatures to provide unlinkability between tickets used by a vehicle and prevent the identity of the vehicle using the ticket from being identified among the ring members for the ticket.Furthermore,malicious vehicles’identities can be traced when they attempt to reuse tickets.By conducting simulations,we show the effectiveness of the proposed model and demonstrate that gas fees required for executing the proposed smart contracts are only 10%(when the ring size is 50)of the fees required in previous studies.展开更多
Due to the rapid advancements in network technology,blockchain is being employed for distributed data storage.In the Internet of Things(IoT)scenario,different participants manage multiple blockchains located in differ...Due to the rapid advancements in network technology,blockchain is being employed for distributed data storage.In the Internet of Things(IoT)scenario,different participants manage multiple blockchains located in different trust domains,which has resulted in the extensive development of cross-domain authentication techniques.However,the emergence of many attackers equipped with quantum computers has the potential to launch quantum computing attacks against cross-domain authentication schemes based on traditional cryptography,posing a significant security threat.In response to the aforementioned challenges,our paper demonstrates a post-quantum cross-domain identity authentication scheme to negotiate the session key used in the cross-chain asset exchange process.Firstly,our paper designs the hiding and recovery process of user identity index based on lattice cryptography and introduces the identity-based signature from lattice to construct a post-quantum cross-domain authentication scheme.Secondly,our paper utilizes the hashed time-locked contract to achieves the cross-chain asset exchange of blockchain nodes in different trust domains.Furthermore,the security analysis reduces the security of the identity index and signature to Learning With Errors(LWE)and Short Integer Solution(SIS)assumption,respectively,indicating that our scheme has post-quantum security.Last but not least,through comparison analysis,we display that our scheme is efficient compared with the cross-domain authentication scheme based on traditional cryptography.展开更多
Nowadays manufacturers are facing fierce challenge.Apart from the products,providing customers with multiple maintenance options in the service contract becomes more popular,since it can help to improve customer satis...Nowadays manufacturers are facing fierce challenge.Apart from the products,providing customers with multiple maintenance options in the service contract becomes more popular,since it can help to improve customer satisfaction,and ultimately promote sales and maximize profit for the manufacturer.By considering the combinations of corrective maintenance and preventive maintenance,totally three types of maintenance service contracts are designed.Moreover,attractive incentive and penalty mechanisms are adopted in the contracts.On this basis,Nash non-cooperative game is applied to analyze the revenue for both the manufacturer and customers,and so as to optimize the pricing mechanism of maintenance service contract and achieve a win-win situation.Numerical experiments are conducted.The results show that by taking into account the incentive and penalty mechanisms,the revenue can be improved for both the customers and manufacturer.Moreover,with the increase of repair rate and improvement factor in the preventive maintenance,the revenue will increase gradually for both the parties.展开更多
The main goal of the article is the creation and study of thermosensitive and wound-healing gelatin-alginate bio-polymer hydrogels modified with humic acids.Their rheological properties,swelling and contraction behavio...The main goal of the article is the creation and study of thermosensitive and wound-healing gelatin-alginate bio-polymer hydrogels modified with humic acids.Their rheological properties,swelling and contraction behavior were experimentally investigated,elucidated using Fourier transform infrared spectroscopy and used to achieve the physiological melting point,which is necessary for successful drug delivery.It has been shown that in the gelatin-alginate-humic acid biopolymer hydrogels systems,it is possible to obtain a gel-sol transition temperature close to the physiological temperature of 37°C,which is important for drug delivery in the treatment of wounds.By changing the type and concentration of humic acids in the gelatin-alginate hydrogel,it turned out to be achiev-able to regulate the softening time of the gel on the human body in the range from 6 to 20 min,which provides the possibility of controlled prolonged delivery of drugs.Based on the study of the influence of calcium ions on the properties of humic acids and ion exchange,as well as the interaction of humic acids,sodium alginate and gelatin with the formation of tighter gel networks,approaches to regulate the rate of softening of hydrogels at physiological temperature and their swelling,which simulates the absorption of exudate,were proposed and implemented.In addition,low shrinkage of the hydrogel surface due to cross-linking of gelatin-alginate networks when modified with humic acids was experimentally confirmed,which is important for avoiding problems of wound contracture and contour deformations when using dressings for wound healing.Thus,the developed opti-mized innovative biopolymer hydrogels synergistically combine the outstanding properties of natural molecular polymers and humic acids and are promising for the creation of effective medicines for wound healing.展开更多
The small and scattered enterprise pattern in the county economy has formed numerous sporadic pollution sources, hindering the centralized treatment of the water environment, increasing the cost and difficulty of trea...The small and scattered enterprise pattern in the county economy has formed numerous sporadic pollution sources, hindering the centralized treatment of the water environment, increasing the cost and difficulty of treatment. How enterprises can make reasonable decisions on their water environment behavior based on the external environment and their own factors is of great significance for scientifically and effectively designing water environment regulation mechanisms. Based on optimal control theory, this study investigates the design of contractual mechanisms for water environmental regulation for small and medium-sized enterprises. The enterprise is regarded as an independent economic entity that can adopt optimal control strategies to maximize its own interests. Based on the participation of multiple subjects including the government, enterprises, and the public, an optimal control strategy model for enterprises under contractual water environmental regulation is constructed using optimal control theory, and a method for calculating the amount of unit pollutant penalties is derived. The water pollutant treatment cost data of a paper company is selected to conduct empirical numerical analysis on the model. The results show that the increase in the probability of government regulation and public participation, as well as the decrease in local government protection for enterprises, can achieve the same regulatory effect while reducing the number of administrative penalties per unit. Finally, the implementation process of contractual water environmental regulation for small and medium-sized enterprises is designed.展开更多
基金This work was supported by Institute of Information&Communications Technology Planning&Evaluation(IITP)under the Artificial Intelligence Convergence Innovation Human Resources Development(IITP-2023-RS-2023-00255968)Grantthe ITRC(Information Technology Research Center)Support Program(IITP-2021-0-02051)funded by theKorea government(MSIT).
文摘With the increase in IoT(Internet of Things)devices comes an inherent challenge of security.In the world today,privacy is the prime concern of every individual.Preserving one’s privacy and keeping anonymity throughout the system is a desired functionality that does not come without inevitable trade-offs like scalability and increased complexity and is always exceedingly difficult to manage.The challenge is keeping confidentiality and continuing to make the person innominate throughout the system.To address this,we present our proposed architecture where we manage IoT devices using blockchain technology.Our proposed architecture works on and off blockchain integrated with the closed-circuit television(CCTV)security camera fixed at the rental property.In this framework,the CCTV security camera feed is redirected towards the owner and renter based on the smart contract conditions.One entity(owner or renter)can see the CCTV security camera feed at one time.There is no third-party dependence except for the CCTV security camera deployment phase.Our contributions include the proposition of framework architecture,a novel smart contract algorithm,and the modification to the ring signatures leveraging an existing cryptographic technique.Analyses are made based on different systems’security and key management areas.In an empirical study,our proposed algorithm performed better in key generation,proof generation,and verification times.By comparing similar existing schemes,we have shown the proposed architectures’advantages.Until now,we have developed this system for a specific area in the real world.However,this system is scalable and applicable to other areas like healthcare monitoring systems,which is part of our future work.
基金supported by the Key-Area Research and Development Program of Guangdong Province 2020B0101090003CCF-NSFOCUS Kunpeng Scientific Research Fund (CCFNSFOCUS 2021010)+4 种基金Innovation Fund Program of the Engineering Research Center for Integration and Application of Digital Learning Technology of Ministry of Education under Grant No.1221027National Natural Science Foundation of China (Grant Nos.61902083,62172115,61976064)Guangdong Higher Education Innovation Group 2020KCXTD007 and Guangzhou Higher Education Innovation Group (No.202032854)Guangzhou Fundamental Research Plan of“Municipal-School”Jointly Funded Projects (No.202102010445)Guangdong Province Science and Technology Planning Project (No.2020A1414010370).
文摘Decentralized finance(DeFi)is a general term for a series of financial products and services.It is based on blockchain technology and has attracted people’s attention because of its open,transparent,and intermediary free.Among them,the DeFi ecosystem based on Ethereum-based blockchains attracts the most attention.However,the current decentralized financial system built on the Ethereum architecture has been exposed to many smart contract vulnerabilities during the last few years.Herein,we believe it is time to improve the understanding of the prevailing Ethereum-based DeFi ecosystem security issues.To that end,we investigate the Ethereum-based DeFi security issues:1)inherited from the real-world financial system,which can be solved by macro-control;2)induced by the problems of blockchain architecture,which require a better blockchain platform;3)caused by DeFi invented applications,which should be focused on during the project development.Based on that,we further discuss the current solutions and potential directions ofDeFi security.According to our research,we could provide a comprehensive vision to the research community for the improvement of Ethereum-basedDeFi ecosystem security.
基金Wenzhou Key Scientific and Technological Projects(No.ZG2020031)Wenzhou Polytechnic Research Projects(No.WZY2021002)+3 种基金Key R&D Projects in Zhejiang Province(No.2021C01117)Major Program of Natural Science Foundation of Zhejiang Province(LD22F020002)the Cloud Security Key Technology Research Laboratorythe Researchers Supporting Project Number(RSP2023R509),King Saud University,Riyadh,Saudi Arabia.
文摘With the development of hardware devices and the upgrading of smartphones,a large number of users save privacy-related information in mobile devices,mainly smartphones,which puts forward higher demands on the protection of mobile users’privacy information.At present,mobile user authenticationmethods based on humancomputer interaction have been extensively studied due to their advantages of high precision and non-perception,but there are still shortcomings such as low data collection efficiency,untrustworthy participating nodes,and lack of practicability.To this end,this paper proposes a privacy-enhanced mobile user authentication method with motion sensors,which mainly includes:(1)Construct a smart contract-based private chain and federated learning to improve the data collection efficiency of mobile user authentication,reduce the probability of the model being bypassed by attackers,and reduce the overhead of data centralized processing and the risk of privacy leakage;(2)Use certificateless encryption to realize the authentication of the device to ensure the credibility of the client nodes participating in the calculation;(3)Combine Variational Mode Decomposition(VMD)and Long Short-TermMemory(LSTM)to analyze and model the motion sensor data of mobile devices to improve the accuracy of model certification.The experimental results on the real environment dataset of 1513 people show that themethod proposed in this paper can effectively resist poisoning attacks while ensuring the accuracy and efficiency of mobile user authentication.
基金supported by the National Key Research and Development Plan in China(Grant No.2020YFB1005500)。
文摘The widespread adoption of blockchain technology has led to the exploration of its numerous applications in various fields.Cryptographic algorithms and smart contracts are critical components of blockchain security.Despite the benefits of virtual currency,vulnerabilities in smart contracts have resulted in substantial losses to users.While researchers have identified these vulnerabilities and developed tools for detecting them,the accuracy of these tools is still far from satisfactory,with high false positive and false negative rates.In this paper,we propose a new method for detecting vulnerabilities in smart contracts using the BERT pre-training model,which can quickly and effectively process and detect smart contracts.More specifically,we preprocess and make symbol substitution in the contract,which can make the pre-training model better obtain contract features.We evaluate our method on four datasets and compare its performance with other deep learning models and vulnerability detection tools,demonstrating its superior accuracy.
基金Project supported by the National Natural Science Foundation of China(Grant No.62363005)the Jiangxi Provincial Natural Science Foundation(Grant Nos.20161BAB212032 and 20232BAB202034)the Science and Technology Research Project of Jiangxi Provincial Department of Education(Grant Nos.GJJ202602 and GJJ202601)。
文摘This paper examines the bipartite consensus problems for the nonlinear multi-agent systems in Lurie dynamics form with cooperative and competitive communication between different agents. Based on the contraction theory, some new conditions for the nonlinear Lurie multi-agent systems reaching bipartite leaderless consensus and bipartite tracking consensus are presented. Compared with the traditional methods, this approach degrades the dimensions of the conditions, eliminates some restrictions of the system matrix, and extends the range of the nonlinear function. Finally, two numerical examples are provided to illustrate the efficiency of our results.
文摘Cloud computing has emerged as a viable alternative to traditional computing infrastructures,offering various benefits.However,the adoption of cloud storage poses significant risks to data secrecy and integrity.This article presents an effective mechanism to preserve the secrecy and integrity of data stored on the public cloud by leveraging blockchain technology,smart contracts,and cryptographic primitives.The proposed approach utilizes a Solidity-based smart contract as an auditor for maintaining and verifying the integrity of outsourced data.To preserve data secrecy,symmetric encryption systems are employed to encrypt user data before outsourcing it.An extensive performance analysis is conducted to illustrate the efficiency of the proposed mechanism.Additionally,a rigorous assessment is conducted to ensure that the developed smart contract is free from vulnerabilities and to measure its associated running costs.The security analysis of the proposed system confirms that our approach can securely maintain the confidentiality and integrity of cloud storage,even in the presence of malicious entities.The proposed mechanism contributes to enhancing data security in cloud computing environments and can be used as a foundation for developing more secure cloud storage systems.
文摘The rapid increase in vehicle traffic volume in modern societies has raised the need to develop innovative solutions to reduce traffic congestion and enhance traffic management efficiency.Revolutionary advanced technology,such as Intelligent Transportation Systems(ITS),enables improved traffic management,helps eliminate congestion,and supports a safer environment.ITS provides real-time information on vehicle traffic and transportation systems that can improve decision-making for road users.However,ITS suffers from routing issues at the network layer when utilising Vehicular Ad Hoc Networks(VANETs).This is because each vehicle plays the role of a router in this network,which leads to a complex vehicle communication network,causing issues such as repeated link breakages between vehicles resulting from the mobility of the network and rapid topological variation.This may lead to loss or delay in packet transmissions;this weakness can be exploited in routing attacks,such as black-hole and gray-hole attacks,that threaten the availability of ITS services.In this paper,a Blockchain-based smart contracts model is proposed to offer convenient and comprehensive security mechanisms,enhancing the trustworthiness between vehicles.Self-Classification Blockchain-Based Contracts(SCBC)and Voting-Classification Blockchain-Based Contracts(VCBC)are utilised in the proposed protocol.The results show that VCBC succeeds in attaining better results in PDR and TP performance even in the presence of Blackhole and Grayhole attacks.
基金This work was financially supported by the National Key Research and Development Program of China(2022YFB3103200).
文摘With the development of technology,the connected vehicle has been upgraded from a traditional transport vehicle to an information terminal and energy storage terminal.The data of ICV(intelligent connected vehicles)is the key to organically maximizing their efficiency.However,in the context of increasingly strict global data security supervision and compliance,numerous problems,including complex types of connected vehicle data,poor data collaboration between the IT(information technology)domain and OT(operation technology)domain,different data format standards,lack of shared trust sources,difficulty in ensuring the quality of shared data,lack of data control rights,as well as difficulty in defining data ownership,make vehicle data sharing face a lot of problems,and data islands are widespread.This study proposes FADSF(Fuzzy Anonymous Data Share Frame),an automobile data sharing scheme based on blockchain.The data holder publishes the shared data information and forms the corresponding label storage on the blockchain.The data demander browses the data directory information to select and purchase data assets and verify them.The data demander selects and purchases data assets and verifies them by browsing the data directory information.Meanwhile,this paper designs a data structure Data Discrimination Bloom Filter(DDBF),making complaints about illegal data.When the number of data complaints reaches the threshold,the audit traceability contract is triggered to punish the illegal data publisher,aiming to improve the data quality and maintain a good data sharing ecology.In this paper,based on Ethereum,the above scheme is tested to demonstrate its feasibility,efficiency and security.
文摘Contract Bridge,a four-player imperfect information game,comprises two phases:bidding and playing.While computer programs excel at playing,bidding presents a challenging aspect due to the need for information exchange with partners and interference with communication of opponents.In this work,we introduce a Bridge bidding agent that combines supervised learning,deep reinforcement learning via self-play,and a test-time search approach.Our experiments demonstrate that our agent outperforms WBridge5,a highly regarded computer Bridge software that has won multiple world championships,by a performance of 0.98 IMPs(international match points)per deal over 10000 deals,with a much cost-effective approach.The performance significantly surpasses previous state-of-the-art(0.85 IMPs per deal).Note 0.1 IMPs per deal is a significant improvement in Bridge bidding.
基金the Gansu Province Higher Education Institutions Industrial Support Program:Security Situational Awareness with Artificial Intelligence and Blockchain Technology.Project Number(2020C-29).
文摘The fast-paced development of blockchain technology is evident.Yet,the security concerns of smart contracts represent a significant challenge to the stability and dependability of the entire blockchain ecosystem.Conventional smart contract vulnerability detection primarily relies on static analysis tools,which are less efficient and accurate.Although deep learning methods have improved detection efficiency,they are unable to fully utilize the static relationships within contracts.Therefore,we have adopted the advantages of the above two methods,combining feature extraction mode of tools with deep learning techniques.Firstly,we have constructed corresponding feature extraction mode for different vulnerabilities,which are used to extract feature graphs from the source code of smart contracts.Then,the node features in feature graphs are fed into a graph convolutional neural network for training,and the edge features are processed using a method that combines attentionmechanismwith gated units.Ultimately,the revised node features and edge features are concatenated through amulti-head attentionmechanism.The result of the splicing is a global representation of the entire feature graph.Our method was tested on three types of data:Timestamp vulnerabilities,reentrancy vulnerabilities,and access control vulnerabilities,where the F1 score of our method reaches 84.63%,92.55%,and 61.36%.The results indicate that our method surpasses most others in detecting smart contract vulnerabilities.
基金the State’s Key Project of Research and Development Plan under Grant 2022YFB2701400in part by the National Natural Science Foundation of China under Grants 62272124 and 62361010+4 种基金in part by the Science and Technology Planning Project of Guizhou Province under Grant[2020]5017in part by the Research Project of Guizhou University for Talent Introduction underGrant[2020]61in part by theCultivation Project of Guizhou University under Grant[2019]56in part by the Open Fund of Key Laboratory of Advanced Manufacturing Technology,Ministry of Education under Grant GZUAMT2021KF[01]the Science and Technology Program of Guizhou Province(No.[2023]371).
文摘Traditional blockchain key management schemes store private keys in the same location,which can easily lead to security issues such as a single point of failure.Therefore,decentralized threshold key management schemes have become a research focus for blockchain private key protection.The security of private keys for blockchain user wallet is highly related to user identity authentication and digital asset security.The threshold blockchain private key management schemes based on verifiable secret sharing have made some progress,but these schemes do not consider participants’self-interested behavior,and require trusted nodes to keep private key fragments,resulting in a narrow application scope and low deployment efficiency,which cannot meet the needs of personal wallet private key escrow and recovery in public blockchains.We design a private key management scheme based on rational secret sharing that considers the self-interest of participants in secret sharing protocols,and constrains the behavior of rational participants through reasonable mechanism design,making it more suitable in distributed scenarios such as the public blockchain.The proposed scheme achieves the escrow and recovery of personal wallet private keys without the participation of trusted nodes,and simulate its implementation on smart contracts.Compared to other existing threshold wallet solutions and keymanagement schemes based on password-protected secret sharing(PPSS),the proposed scheme has a wide range of applications,verifiable private key recovery,low communication overhead,higher computational efficiency when users perform one-time multi-key escrow,no need for trusted nodes,and personal rational constraints and anti-collusion attack capabilities.
基金supported by the Major Public Welfare Special Fund of Henan Province(No.201300210200)the Major Science and Technology Research Special Fund of Henan Province(No.221100210400).
文摘With the rise of blockchain technology,the security issues of smart contracts have become increasingly critical.Despite the availability of numerous smart contract vulnerability detection tools,many face challenges such as slow updates,usability issues,and limited installation methods.These challenges hinder the adoption and practicality of these tools.This paper examines smart contract vulnerability detection tools from 2016 to 2023,sourced from the Web of Science(WOS)and Google Scholar.By systematically collecting,screening,and synthesizing relevant research,38 open-source tools that provide installation methods were selected for further investigation.From a developer’s perspective,this paper offers a comprehensive survey of these 38 open-source tools,discussing their operating principles,installation methods,environmental dependencies,update frequencies,and installation challenges.Based on this,we propose an Ethereum smart contract vulnerability detection framework.This framework enables developers to easily utilize various detection tools and accurately analyze contract security issues.To validate the framework’s stability,over 1700 h of testing were conducted.Additionally,a comprehensive performance test was performed on the mainstream detection tools integrated within the framework,assessing their hardware requirements and vulnerability detection coverage.Experimental results indicate that the Slither tool demonstrates satisfactory performance in terms of system resource consumption and vulnerability detection coverage.This study represents the first performance evaluation of testing tools in this domain,providing significant reference value.
基金supported by Education and Scientific Research Special Project of Fujian Provincial Department of Finance(Research on the Application of Blockchain Technology in Prison Law Enforcement Management),Fujian Provincial Social Science Foundation Public Security Theory Research Project(FJ2023TWGA004).
文摘In recent years,blockchain technology integration and application has gradually become an important driving force for new technological innovation and industrial transformation.While blockchain technology and applications are developing rapidly,the emerging security risks and obstacles have gradually become prominent.Attackers can still find security issues in blockchain systems and conduct attacks,causing increasing losses from network attacks every year.In response to the current demand for blockchain application security detection and assessment in all industries,and the insufficient coverage of existing detection technologies such as smart contract detectiontechnology,this paper proposes a blockchain core technology security assessment system model,and studies the relevant detection and assessment key technologies and systems.A security assessment scheme based on a smart contract and consensus mechanism detection scheme is designed.And the underlying blockchain architecture supports the traceability of detection results using super blockchains.Finally,the functionality and performance of the system were tested,and the test results show that the model and solutions proposed in this paper have good feasibility.
文摘The advent of Industry 4.0 has compelled businesses to adopt digital approaches that combine software toenhance production efficiency. In this rapidly evolving market, software development is an ongoing process thatmust be tailored to meet the dynamic needs of enterprises. However, internal research and development can beprohibitively expensive, driving many enterprises to outsource software development and upgrades to externalservice providers. This paper presents a software upgrade outsourcing model for enterprises and service providersthat accounts for the impact of market fluctuations on software adaptability. To mitigate the risk of adverseselection due to asymmetric information about the service provider’s cost and asymmetric information aboutthe enterprise’s revenues, we propose pay-per-time and revenue-sharing contracts in two distinct informationasymmetry scenarios. These two contracts specify the time and transfer payments for software upgrades. Througha comparative analysis of the optimal solutions under the two contracts and centralized decision-making withfull-information, we examine the characteristics of the solutions under two information asymmetry scenarios andanalyze the incentive effects of the two contracts on the various stakeholders. Overall, our study offers valuableinsights for firms seeking to optimize their outsourcing strategies and maximize their returns on investment insoftware upgrades.
基金funded by the Major PublicWelfare Special Fund of Henan Province(No.201300210200)the Major Science and Technology Research Special Fund of Henan Province(No.221100210400).
文摘In recent years,the number of smart contracts deployed on blockchain has exploded.However,the issue of vulnerability has caused incalculable losses.Due to the irreversible and immutability of smart contracts,vulnerability detection has become particularly important.With the popular use of neural network model,there has been a growing utilization of deep learning-based methods and tools for the identification of vulnerabilities within smart contracts.This paper commences by providing a succinct overview of prevalent categories of vulnerabilities found in smart contracts.Subsequently,it categorizes and presents an overview of contemporary deep learning-based tools developed for smart contract detection.These tools are categorized based on their open-source status,the data format and the type of feature extraction they employ.Then we conduct a comprehensive comparative analysis of these tools,selecting representative tools for experimental validation and comparing them with traditional tools in terms of detection coverage and accuracy.Finally,Based on the insights gained from the experimental results and the current state of research in the field of smart contract vulnerability detection tools,we suppose to provide a reference standard for developers of contract vulnerability detection tools.Meanwhile,forward-looking research directions are also proposed for deep learning-based smart contract vulnerability detection.
基金supported by the National Research Foundation of Korea(NRF)grant funded by the Korea government(MSIT)(No.2021R1A2C1095591).
文摘As big data,Artificial Intelligence,and Vehicle-to-Everything(V2X)communication have advanced,Intelligent Transportation Systems(ITS)are being developed to enable efficient and safe transportation systems.Electronic Toll Collection(ETC),which is one of the services included in ITS systems,is an automated system that allows vehicles to pass through toll plazas without stopping for manual payment.The ETC system is widely deployed on highways due to its contribution to stabilizing the overall traffic system flow.To ensure secure and efficient toll payments,designing a distributed model for sharing toll payment information among untrusted toll service providers is necessary.However,the current ETC system operates under a centralized model.Additionally,both toll service providers and toll plazas know the toll usage history of vehicles.It raises concerns about revealing the entire driving routes and patterns of vehicles.To address these issues,blockchain technology,suitable for secure data management and data sharing in distributed systems,is being applied to the ETC system.Blockchain enables efficient and transparent management of ETC information.Nevertheless,the public nature of blockchain poses a challenge where users’usage records are exposed to all participants.To tackle this,we propose a blockchain-based toll ticket model named AnonymousTollPass that considers the privacy of vehicles.The proposed model utilizes traceable ring signatures to provide unlinkability between tickets used by a vehicle and prevent the identity of the vehicle using the ticket from being identified among the ring members for the ticket.Furthermore,malicious vehicles’identities can be traced when they attempt to reuse tickets.By conducting simulations,we show the effectiveness of the proposed model and demonstrate that gas fees required for executing the proposed smart contracts are only 10%(when the ring size is 50)of the fees required in previous studies.
基金This work was supported by the Defense Industrial Technology Development Program(Grant No.JCKY2021208B036).
文摘Due to the rapid advancements in network technology,blockchain is being employed for distributed data storage.In the Internet of Things(IoT)scenario,different participants manage multiple blockchains located in different trust domains,which has resulted in the extensive development of cross-domain authentication techniques.However,the emergence of many attackers equipped with quantum computers has the potential to launch quantum computing attacks against cross-domain authentication schemes based on traditional cryptography,posing a significant security threat.In response to the aforementioned challenges,our paper demonstrates a post-quantum cross-domain identity authentication scheme to negotiate the session key used in the cross-chain asset exchange process.Firstly,our paper designs the hiding and recovery process of user identity index based on lattice cryptography and introduces the identity-based signature from lattice to construct a post-quantum cross-domain authentication scheme.Secondly,our paper utilizes the hashed time-locked contract to achieves the cross-chain asset exchange of blockchain nodes in different trust domains.Furthermore,the security analysis reduces the security of the identity index and signature to Learning With Errors(LWE)and Short Integer Solution(SIS)assumption,respectively,indicating that our scheme has post-quantum security.Last but not least,through comparison analysis,we display that our scheme is efficient compared with the cross-domain authentication scheme based on traditional cryptography.
基金supported by the National Natural Science Foundation of China(71671035)。
文摘Nowadays manufacturers are facing fierce challenge.Apart from the products,providing customers with multiple maintenance options in the service contract becomes more popular,since it can help to improve customer satisfaction,and ultimately promote sales and maximize profit for the manufacturer.By considering the combinations of corrective maintenance and preventive maintenance,totally three types of maintenance service contracts are designed.Moreover,attractive incentive and penalty mechanisms are adopted in the contracts.On this basis,Nash non-cooperative game is applied to analyze the revenue for both the manufacturer and customers,and so as to optimize the pricing mechanism of maintenance service contract and achieve a win-win situation.Numerical experiments are conducted.The results show that by taking into account the incentive and penalty mechanisms,the revenue can be improved for both the customers and manufacturer.Moreover,with the increase of repair rate and improvement factor in the preventive maintenance,the revenue will increase gradually for both the parties.
文摘The main goal of the article is the creation and study of thermosensitive and wound-healing gelatin-alginate bio-polymer hydrogels modified with humic acids.Their rheological properties,swelling and contraction behavior were experimentally investigated,elucidated using Fourier transform infrared spectroscopy and used to achieve the physiological melting point,which is necessary for successful drug delivery.It has been shown that in the gelatin-alginate-humic acid biopolymer hydrogels systems,it is possible to obtain a gel-sol transition temperature close to the physiological temperature of 37°C,which is important for drug delivery in the treatment of wounds.By changing the type and concentration of humic acids in the gelatin-alginate hydrogel,it turned out to be achiev-able to regulate the softening time of the gel on the human body in the range from 6 to 20 min,which provides the possibility of controlled prolonged delivery of drugs.Based on the study of the influence of calcium ions on the properties of humic acids and ion exchange,as well as the interaction of humic acids,sodium alginate and gelatin with the formation of tighter gel networks,approaches to regulate the rate of softening of hydrogels at physiological temperature and their swelling,which simulates the absorption of exudate,were proposed and implemented.In addition,low shrinkage of the hydrogel surface due to cross-linking of gelatin-alginate networks when modified with humic acids was experimentally confirmed,which is important for avoiding problems of wound contracture and contour deformations when using dressings for wound healing.Thus,the developed opti-mized innovative biopolymer hydrogels synergistically combine the outstanding properties of natural molecular polymers and humic acids and are promising for the creation of effective medicines for wound healing.
文摘The small and scattered enterprise pattern in the county economy has formed numerous sporadic pollution sources, hindering the centralized treatment of the water environment, increasing the cost and difficulty of treatment. How enterprises can make reasonable decisions on their water environment behavior based on the external environment and their own factors is of great significance for scientifically and effectively designing water environment regulation mechanisms. Based on optimal control theory, this study investigates the design of contractual mechanisms for water environmental regulation for small and medium-sized enterprises. The enterprise is regarded as an independent economic entity that can adopt optimal control strategies to maximize its own interests. Based on the participation of multiple subjects including the government, enterprises, and the public, an optimal control strategy model for enterprises under contractual water environmental regulation is constructed using optimal control theory, and a method for calculating the amount of unit pollutant penalties is derived. The water pollutant treatment cost data of a paper company is selected to conduct empirical numerical analysis on the model. The results show that the increase in the probability of government regulation and public participation, as well as the decrease in local government protection for enterprises, can achieve the same regulatory effect while reducing the number of administrative penalties per unit. Finally, the implementation process of contractual water environmental regulation for small and medium-sized enterprises is designed.