Traditional email systems can only achieve one-way communication,which means only the receiver is allowed to search for emails on the email server.In this paper,we propose a blockchain-based certificateless bidirectio...Traditional email systems can only achieve one-way communication,which means only the receiver is allowed to search for emails on the email server.In this paper,we propose a blockchain-based certificateless bidirectional authenticated searchable encryption model for a cloud email system named certificateless authenticated bidirectional searchable encryption(CL-BSE)by combining the storage function of cloud server with the communication function of email server.In the new model,not only can the data receiver search for the relevant content by generating its own trapdoor,but the data owner also can retrieve the content in the same way.Meanwhile,there are dual authentication functions in our model.First,during encryption,the data owner uses the private key to authenticate their identity,ensuring that only legal owner can generate the keyword ciphertext.Second,the blockchain verifies the data owner’s identity by the received ciphertext,allowing only authorized members to store their data in the server and avoiding unnecessary storage space consumption.We obtain a formal definition of CL-BSE and formulate a specific scheme from the new system model.Then the security of the scheme is analyzed based on the formalized security model.The results demonstrate that the scheme achieves multikeyword ciphertext indistinguishability andmulti-keyword trapdoor privacy against any adversary simultaneously.In addition,performance evaluation shows that the new scheme has higher computational and communication efficiency by comparing it with some existing ones.展开更多
Smart contract has been the core of blockchain systems and other blockchain-based systems since Blockchain 2.0.Various operations on blockchain are performed through the invocation and execution of smart contracts.Thi...Smart contract has been the core of blockchain systems and other blockchain-based systems since Blockchain 2.0.Various operations on blockchain are performed through the invocation and execution of smart contracts.This leads to extensive combinations between blockchain,smart contract,Internet of Things(IoT)and Cyber-Physical System(CPS)applications,and then many blockchain-based IoT or CPS applications emerge to provide multiple benefits to the economy and society.In this case,obtaining a better understanding of smart contracts will contribute to the easier operation,higher efficiency and stronger security of those blockchain-based systems and applications.Many existing studies on smart contract analysis are based on similarity calculation and smart contract classification.However,smart contract is a piece of code with special characteristics and most of smart contracts are stored without any category labels,which leads to difficulties of smart contract classification.As the back end of a blockchain-based Decentralized Application(DApp)is one or several smart contracts,DApps with labeled categories and open source codes are applied to achieve a supervised smart contract classification.A three-phase approach is proposed to categorize DApps based on various data features.In this approach,5,659 DApps with smart contract source codes and pre-tagged categories are first obtained based on massive collected DApps and smart contracts from Ethereum,State of the DApps and DappRadar.Then feature extraction and construction methods are designed to form multi-feature vectors that could present the major characteristics of DApps.Finally,a fused classification model consisting of KNN,XGBoost and random forests is applied to the multi-feature vectors of all DApps for performing DApp classification.The experimental results show that the method is effective.In addition,some positive correlations between feature variables and categories,as well as several user behavior patterns of DApp calls,are found in this paper.展开更多
As an advantageous technique and service,the blockchain has shown great development and application prospects.However,its security has also met great challenges,and many security vulnerabilities and attack issues in b...As an advantageous technique and service,the blockchain has shown great development and application prospects.However,its security has also met great challenges,and many security vulnerabilities and attack issues in blockchain-based services have emerged.Recently,security issues of blockchain have attracted extensive attention.However,there is still a lack of blockchain security research from a full-stack architecture perspective,as well as representative quantitative experimental reproduction and analysis.We aim to provide a security architecture to solve security risks in blockchain services from a full-stack architecture perspective.Meanwhile,we propose a formal definition of the full-stack security architecture for blockchain-based services,and we also propose a formal expression of security issues and defense solutions from a full-stack security perspective.We use ConCert to conduct a smart contract formal verification experiment by property-based testing.The security vulnerabilities of blockchain services in the Common Vulnerabilities and Exposures(CVE)and China Nation Vulnerability Database(CNVD)are selected and enumerated.Additionally,three real contract-layer real attack events are reproduced by an experimental approach.Using Alibaba's blockchain services and Identity Mixer in Hyperledger Fabric as a case study,the security problems and defense techniques are analyzed and researched.At last,the future research directions are proposed.展开更多
With the advantages of lightweight and high resource utilization,cloud-native technology with containers as the core is gradually becoming themainstreamtechnical architecture for information infrastructure.However,mal...With the advantages of lightweight and high resource utilization,cloud-native technology with containers as the core is gradually becoming themainstreamtechnical architecture for information infrastructure.However,malware attacks such as Doki and Symbiote threaten the container runtime’s security.Malware initiates various types of runtime anomalies based on process form(e.g.,modifying the process of a container,and opening the external ports).Fortunately,dynamic monitoring mechanisms have proven to be a feasible solution for verifying the trusted state of containers at runtime.Nevertheless,the current routine dynamic monitoring mechanisms for baseline data protection are still based on strong security assumptions.As a result,the existing dynamicmonitoringmechanismis still not practical enough.To ensure the trustworthiness of the baseline value data and,simultaneously,to achieve the integrity verification of the monitored process,we combine blockchain and trusted computing to propose a process integrity monitoring system named IPMS.Firstly,the hardware TPM 2.0 module is applied to construct a trusted security foundation for the integrity of the process code segment due to its tamper-proof feature.Then,design a new format for storing measurement logs,easily distinguishing files with the same name in different containers from log information.Meanwhile,the baseline value data is stored on the blockchain to avoidmalicious damage.Finally,trusted computing technology is used to perform fine-grained integrity measurement and remote attestation of processes in a container,detect abnormal containers in time and control them.We have implemented a prototype system and performed extensive simulation experiments to test and analyze the functionality and performance of the PIMS.Experimental results show that PIMS can accurately and efficiently detect tampered processes with only 3.57% performance loss to the container.展开更多
The rapid development of blockchain technology has provided new ideas for network security research.Blockchain-based network security enhancement solutions are attracting widespread attention.This paper proposes an In...The rapid development of blockchain technology has provided new ideas for network security research.Blockchain-based network security enhancement solutions are attracting widespread attention.This paper proposes an Internet domain name verification method based on blockchain.The authenticity of DNS(Domain Name System)resolution results is crucial for ensuring the accessibility of Internet services.Due to the lack of adequate security mechanisms,it has always been a challenge to verify the authenticity of Internet domain name resolution results.Although the solution represented by DNSSEC(Domain Name System Security Extensions)can theoretically solve the domain name verification problem,it has not been widely deployed on a global scale due to political,economic,and technical constraints.We argue that the root cause of this problem lies in the significant centralization of the DNS system.This centralized feature not only reduces the efficiency of domain name verification but also has the hidden risks of single point of failure and unilateral control.Internet users may disappear from the Internet due to the results of fake,subverted,or misconfigured domain name resolution.This paper presents a decentralized DNS cache verification method,which uses the consortium blockchain to replace the root domain name server to verify the authenticity of the domain name.Compared with DNSSEC’s domain name verification process,the verification efficiency of this method has increased by 30%,and there is no single point of failure or unilateral control risk.In addition,this solution is incrementally deployable,and even if it is deployed on a small number of content delivery network servers,satisfactory results can be obtained.展开更多
Internet of things(IoT)field has emerged due to the rapid growth of artificial intelligence and communication technologies.The use of IoT technology in modern healthcare environments is convenient for doctors and pati...Internet of things(IoT)field has emerged due to the rapid growth of artificial intelligence and communication technologies.The use of IoT technology in modern healthcare environments is convenient for doctors and patients as it can be used in real-time monitoring of patients,proper administration of patient information,and healthcare management.However,the usage of IoT in the healthcare domain will become a nightmare if patient information is not securely maintainedwhile transferring over an insecure network or storing at the administrator end.In this manuscript,the authors have developed a secure IoT healthcare monitoring system using the Blockchainbased XOR Elliptic Curve Cryptography(BC-XORECC)technique to avoid various vulnerable attacks.Initially,thework has established an authentication process for patient details by generating tokens,keys,and tags using Length Ceaser Cipher-based PearsonHashingAlgorithm(LCC-PHA),EllipticCurve Cryptography(ECC),and Fishers Yates Shuffled Based Adelson-Velskii and Landis(FYS-AVL)tree.The authentications prevent unauthorized users from accessing or misuse the data.After that,a secure data transfer is performed using BC-XORECC,which acts faster by maintaining high data privacy and blocking the path for the attackers.Finally,the Linear Spline Kernel-Based Recurrent Neural Network(LSK-RNN)classification monitors the patient’s health status.The whole developed framework brings out a secure data transfer without data loss or data breaches and remains efficient for health care monitoring via IoT.Experimental analysis shows that the proposed framework achieves a faster encryption and decryption time,classifies the patient’s health status with an accuracy of 89%,and remains robust comparedwith the existing state-of-the-art method.展开更多
基金supported by the National Natural Science Foundation of China(Nos.62172337,62241207)Key Project of GansuNatural Science Foundation(No.23JRRA685).
文摘Traditional email systems can only achieve one-way communication,which means only the receiver is allowed to search for emails on the email server.In this paper,we propose a blockchain-based certificateless bidirectional authenticated searchable encryption model for a cloud email system named certificateless authenticated bidirectional searchable encryption(CL-BSE)by combining the storage function of cloud server with the communication function of email server.In the new model,not only can the data receiver search for the relevant content by generating its own trapdoor,but the data owner also can retrieve the content in the same way.Meanwhile,there are dual authentication functions in our model.First,during encryption,the data owner uses the private key to authenticate their identity,ensuring that only legal owner can generate the keyword ciphertext.Second,the blockchain verifies the data owner’s identity by the received ciphertext,allowing only authorized members to store their data in the server and avoiding unnecessary storage space consumption.We obtain a formal definition of CL-BSE and formulate a specific scheme from the new system model.Then the security of the scheme is analyzed based on the formalized security model.The results demonstrate that the scheme achieves multikeyword ciphertext indistinguishability andmulti-keyword trapdoor privacy against any adversary simultaneously.In addition,performance evaluation shows that the new scheme has higher computational and communication efficiency by comparing it with some existing ones.
基金supported by the National Natural Science Foundation of China(62032025,62002393)the Technology Program of Guangzhou,China(202103050004).
文摘Smart contract has been the core of blockchain systems and other blockchain-based systems since Blockchain 2.0.Various operations on blockchain are performed through the invocation and execution of smart contracts.This leads to extensive combinations between blockchain,smart contract,Internet of Things(IoT)and Cyber-Physical System(CPS)applications,and then many blockchain-based IoT or CPS applications emerge to provide multiple benefits to the economy and society.In this case,obtaining a better understanding of smart contracts will contribute to the easier operation,higher efficiency and stronger security of those blockchain-based systems and applications.Many existing studies on smart contract analysis are based on similarity calculation and smart contract classification.However,smart contract is a piece of code with special characteristics and most of smart contracts are stored without any category labels,which leads to difficulties of smart contract classification.As the back end of a blockchain-based Decentralized Application(DApp)is one or several smart contracts,DApps with labeled categories and open source codes are applied to achieve a supervised smart contract classification.A three-phase approach is proposed to categorize DApps based on various data features.In this approach,5,659 DApps with smart contract source codes and pre-tagged categories are first obtained based on massive collected DApps and smart contracts from Ethereum,State of the DApps and DappRadar.Then feature extraction and construction methods are designed to form multi-feature vectors that could present the major characteristics of DApps.Finally,a fused classification model consisting of KNN,XGBoost and random forests is applied to the multi-feature vectors of all DApps for performing DApp classification.The experimental results show that the method is effective.In addition,some positive correlations between feature variables and categories,as well as several user behavior patterns of DApp calls,are found in this paper.
基金supported by the National Key Research and Devel-opment Program of China(2018YFB0803403)Fundamental Research Funds for the Central Universities(FRF-AT-20-11)from the Ministry of Education of China。
文摘As an advantageous technique and service,the blockchain has shown great development and application prospects.However,its security has also met great challenges,and many security vulnerabilities and attack issues in blockchain-based services have emerged.Recently,security issues of blockchain have attracted extensive attention.However,there is still a lack of blockchain security research from a full-stack architecture perspective,as well as representative quantitative experimental reproduction and analysis.We aim to provide a security architecture to solve security risks in blockchain services from a full-stack architecture perspective.Meanwhile,we propose a formal definition of the full-stack security architecture for blockchain-based services,and we also propose a formal expression of security issues and defense solutions from a full-stack security perspective.We use ConCert to conduct a smart contract formal verification experiment by property-based testing.The security vulnerabilities of blockchain services in the Common Vulnerabilities and Exposures(CVE)and China Nation Vulnerability Database(CNVD)are selected and enumerated.Additionally,three real contract-layer real attack events are reproduced by an experimental approach.Using Alibaba's blockchain services and Identity Mixer in Hyperledger Fabric as a case study,the security problems and defense techniques are analyzed and researched.At last,the future research directions are proposed.
基金supported by China’s National Natural Science Foundation (U19A2081,61802270,61802271)Ministry of Education and China Mobile Research Fund Project (MCM20200102,CM20200409)Sichuan University Engineering Characteristic Team Project 2020SCUNG129.
文摘With the advantages of lightweight and high resource utilization,cloud-native technology with containers as the core is gradually becoming themainstreamtechnical architecture for information infrastructure.However,malware attacks such as Doki and Symbiote threaten the container runtime’s security.Malware initiates various types of runtime anomalies based on process form(e.g.,modifying the process of a container,and opening the external ports).Fortunately,dynamic monitoring mechanisms have proven to be a feasible solution for verifying the trusted state of containers at runtime.Nevertheless,the current routine dynamic monitoring mechanisms for baseline data protection are still based on strong security assumptions.As a result,the existing dynamicmonitoringmechanismis still not practical enough.To ensure the trustworthiness of the baseline value data and,simultaneously,to achieve the integrity verification of the monitored process,we combine blockchain and trusted computing to propose a process integrity monitoring system named IPMS.Firstly,the hardware TPM 2.0 module is applied to construct a trusted security foundation for the integrity of the process code segment due to its tamper-proof feature.Then,design a new format for storing measurement logs,easily distinguishing files with the same name in different containers from log information.Meanwhile,the baseline value data is stored on the blockchain to avoidmalicious damage.Finally,trusted computing technology is used to perform fine-grained integrity measurement and remote attestation of processes in a container,detect abnormal containers in time and control them.We have implemented a prototype system and performed extensive simulation experiments to test and analyze the functionality and performance of the PIMS.Experimental results show that PIMS can accurately and efficiently detect tampered processes with only 3.57% performance loss to the container.
基金This work was supported in National Natural Science Foundation of China(Grant Nos.61976064,U20B2046)National Defence Science and Technology Key Laboratory Fund 61421190306)+1 种基金Guangdong Province Universities and Colleges Pearl River Scholar Funded Scheme(2019)National Key research and Development Plan(Grant No.2018YFB1800702).
文摘The rapid development of blockchain technology has provided new ideas for network security research.Blockchain-based network security enhancement solutions are attracting widespread attention.This paper proposes an Internet domain name verification method based on blockchain.The authenticity of DNS(Domain Name System)resolution results is crucial for ensuring the accessibility of Internet services.Due to the lack of adequate security mechanisms,it has always been a challenge to verify the authenticity of Internet domain name resolution results.Although the solution represented by DNSSEC(Domain Name System Security Extensions)can theoretically solve the domain name verification problem,it has not been widely deployed on a global scale due to political,economic,and technical constraints.We argue that the root cause of this problem lies in the significant centralization of the DNS system.This centralized feature not only reduces the efficiency of domain name verification but also has the hidden risks of single point of failure and unilateral control.Internet users may disappear from the Internet due to the results of fake,subverted,or misconfigured domain name resolution.This paper presents a decentralized DNS cache verification method,which uses the consortium blockchain to replace the root domain name server to verify the authenticity of the domain name.Compared with DNSSEC’s domain name verification process,the verification efficiency of this method has increased by 30%,and there is no single point of failure or unilateral control risk.In addition,this solution is incrementally deployable,and even if it is deployed on a small number of content delivery network servers,satisfactory results can be obtained.
基金This project has been funded by the Scientific Research Deanship at the University of Ha’il-Saudi Arabia through project number BA-2105.
文摘Internet of things(IoT)field has emerged due to the rapid growth of artificial intelligence and communication technologies.The use of IoT technology in modern healthcare environments is convenient for doctors and patients as it can be used in real-time monitoring of patients,proper administration of patient information,and healthcare management.However,the usage of IoT in the healthcare domain will become a nightmare if patient information is not securely maintainedwhile transferring over an insecure network or storing at the administrator end.In this manuscript,the authors have developed a secure IoT healthcare monitoring system using the Blockchainbased XOR Elliptic Curve Cryptography(BC-XORECC)technique to avoid various vulnerable attacks.Initially,thework has established an authentication process for patient details by generating tokens,keys,and tags using Length Ceaser Cipher-based PearsonHashingAlgorithm(LCC-PHA),EllipticCurve Cryptography(ECC),and Fishers Yates Shuffled Based Adelson-Velskii and Landis(FYS-AVL)tree.The authentications prevent unauthorized users from accessing or misuse the data.After that,a secure data transfer is performed using BC-XORECC,which acts faster by maintaining high data privacy and blocking the path for the attackers.Finally,the Linear Spline Kernel-Based Recurrent Neural Network(LSK-RNN)classification monitors the patient’s health status.The whole developed framework brings out a secure data transfer without data loss or data breaches and remains efficient for health care monitoring via IoT.Experimental analysis shows that the proposed framework achieves a faster encryption and decryption time,classifies the patient’s health status with an accuracy of 89%,and remains robust comparedwith the existing state-of-the-art method.