Preserving Data Secrecy and Integrity for Cloud Storage Using Smart Contracts and Cryptographic Primitives

Cloud computing has emerged as a viable alternative to traditional computing infrastructures,offering various benefits.However,the adoption of cloud storage poses significant risks to data secrecy and integrity.This article presents an effective mechanism to preserve the secrecy and integrity of data stored on the public cloud by leveraging blockchain technology,smart contracts,and cryptographic primitives.The proposed approach utilizes a Solidity-based smart contract as an auditor for maintaining and verifying the integrity of outsourced data.To preserve data secrecy,symmetric encryption systems are employed to encrypt user data before outsourcing it.An extensive performance analysis is conducted to illustrate the efficiency of the proposed mechanism.Additionally,a rigorous assessment is conducted to ensure that the developed smart contract is free from vulnerabilities and to measure its associated running costs.The security analysis of the proposed system confirms that our approach can securely maintain the confidentiality and integrity of cloud storage,even in the presence of malicious entities.The proposed mechanism contributes to enhancing data security in cloud computing environments and can be used as a foundation for developing more secure cloud storage systems.

Mitigating Blackhole and Greyhole Routing Attacks in Vehicular Ad Hoc Networks Using Blockchain Based Smart Contracts

The rapid increase in vehicle traffic volume in modern societies has raised the need to develop innovative solutions to reduce traffic congestion and enhance traffic management efficiency.Revolutionary advanced technology,such as Intelligent Transportation Systems(ITS),enables improved traffic management,helps eliminate congestion,and supports a safer environment.ITS provides real-time information on vehicle traffic and transportation systems that can improve decision-making for road users.However,ITS suffers from routing issues at the network layer when utilising Vehicular Ad Hoc Networks(VANETs).This is because each vehicle plays the role of a router in this network,which leads to a complex vehicle communication network,causing issues such as repeated link breakages between vehicles resulting from the mobility of the network and rapid topological variation.This may lead to loss or delay in packet transmissions;this weakness can be exploited in routing attacks,such as black-hole and gray-hole attacks,that threaten the availability of ITS services.In this paper,a Blockchain-based smart contracts model is proposed to offer convenient and comprehensive security mechanisms,enhancing the trustworthiness between vehicles.Self-Classification Blockchain-Based Contracts(SCBC)and Voting-Classification Blockchain-Based Contracts(VCBC)are utilised in the proposed protocol.The results show that VCBC succeeds in attaining better results in PDR and TP performance even in the presence of Blackhole and Grayhole attacks.

A Review of Deep Learning-Based Vulnerability Detection Tools for Ethernet Smart Contracts

In recent years,the number of smart contracts deployed on blockchain has exploded.However,the issue of vulnerability has caused incalculable losses.Due to the irreversible and immutability of smart contracts,vulnerability detection has become particularly important.With the popular use of neural network model,there has been a growing utilization of deep learning-based methods and tools for the identification of vulnerabilities within smart contracts.This paper commences by providing a succinct overview of prevalent categories of vulnerabilities found in smart contracts.Subsequently,it categorizes and presents an overview of contemporary deep learning-based tools developed for smart contract detection.These tools are categorized based on their open-source status,the data format and the type of feature extraction they employ.Then we conduct a comprehensive comparative analysis of these tools,selecting representative tools for experimental validation and comparing them with traditional tools in terms of detection coverage and accuracy.Finally,Based on the insights gained from the experimental results and the current state of research in the field of smart contract vulnerability detection tools,we suppose to provide a reference standard for developers of contract vulnerability detection tools.Meanwhile,forward-looking research directions are also proposed for deep learning-based smart contract vulnerability detection.

The Detection of Fraudulent Smart Contracts Based on ECA-EfficientNet and Data Enhancement

With the increasing popularity of Ethereum,smart contracts have become a prime target for fraudulent activities such as Ponzi,honeypot,gambling,and phishing schemes.While some researchers have studied intelligent fraud detection,most research has focused on identifying Ponzi contracts,with little attention given to detecting and preventing gambling or phishing contracts.There are three main issues with current research.Firstly,there exists a severe data imbalance between fraudulent and non-fraudulent contracts.Secondly,the existing detection methods rely on diverse raw features that may not generalize well in identifying various classes of fraudulent contracts.Lastly,most prior studies have used contract source code as raw features,but many smart contracts only exist in bytecode.To address these issues,we propose a fraud detection method that utilizes Efficient Channel Attention EfficientNet(ECA-EfficientNet)and data enhancement.Our method begins by converting bytecode into Red Green Blue(RGB)three-channel images and then applying channel exchange data enhancement.We then use the enhanced ECA-EfficientNet approach to classify fraudulent smart contract RGB images.Our proposed method achieves high F1-score and Recall on both publicly available Ponzi datasets and self-built multi-classification datasets that include Ponzi,honeypot,gambling,and phishing smart contracts.The results of the experiments demonstrate that our model outperforms current methods and their variants in Ponzi contract detection.Our research addresses a significant problem in smart contract security and offers an effective and efficient solution for detecting fraudulent contracts.

Deep Learning-Based Program-Wide Binary Code Similarity for Smart Contracts

Recently,security issues of smart contracts are arising great attention due to the enormous financial loss caused by vulnerability attacks.There is an increasing need to detect similar codes for hunting vulnerability with the increase of critical security issues in smart contracts.Binary similarity detection that quantitatively measures the given code diffing has been widely adopted to facilitate critical security analysis.However,due to the difference between common programs and smart contract,such as diversity of bytecode generation and highly code homogeneity,directly adopting existing graph matching and machine learning based techniques to smart contracts suffers from low accuracy,poor scalability and the limitation of binary similarity on function level.Therefore,this paper investigates graph neural network to detect smart contract binary code similarity at the program level,where we conduct instruction-level normalization to reduce the noise code for smart contract pre-processing and construct contract control flow graphs to represent smart contracts.In particular,two improved Graph Convolutional Network(GCN)and Message Passing Neural Network(MPNN)models are explored to encode the contract graphs into quantitatively vectors,which can capture the semantic information and the program-wide control flow information with temporal orders.Then we can efficiently accomplish the similarity detection by measuring the distance between two targeted contract embeddings.To evaluate the effectiveness and efficient of our proposed method,extensive experiments are performed on two real-world datasets,i.e.,smart contracts from Ethereum and Enterprise Operation System(EOS)blockchain-based platforms.The results show that our proposed approach outperforms three state-of-the-art methods by a large margin,achieving a great improvement up to 6.1%and 17.06%in accuracy.

Elastic Smart Contracts in Blockchains

In this paper,we deal with questions related to blockchains in complex Internet of Things(IoT)-based ecosystems.Such ecosystems are typically composed of IoT devices,edge devices,cloud computing software services,as well as people,who are decision makers in scenarios such as smart cities.Many decisions related to analytics can be based on data coming from IoT sensors,software services,and people.However,they are typically based on different levels of abstraction and granularity.This poses a number of challenges when multiple blockchains are used together with smart contracts.This work proposes to apply our concept of elasticity to smart contracts and thereby enabling analytics in and between multiple blockchains in the context of IoT.We propose a reference architecture for Elastic Smart Contracts and evaluate the approach in a smart city scenario,discussing the benefits in terms of performance and self-adaptability of our solution.

Mining Bytecode Features of Smart Contracts to Detect PonziScheme on Blockchain

The emergence of smart contracts has increased the attention of industry and academia to blockchain technology,which is tamper-proofing,decentralized,autonomous,and enables decentralized applications to operate in untrustworthy environments.However,these features of this technology are also easily exploited by unscrupulous individuals,a typical example of which is the Ponzi scheme in Ethereum.The negative effect of unscrupulous individuals writing Ponzi scheme-type smart contracts in Ethereum and then using these contracts to scam large amounts of money has been significant.To solve this problem,we propose a detection model for detecting Ponzi schemes in smart contracts using bytecode.In this model,our innovation is shown in two aspects:We first propose to use two bytes as one characteristic,which can quickly transform the bytecode into a high-dimensional matrix,and this matrix contains all the implied characteristics in the bytecode.Then,We innovatively transformed the Ponzi schemes detection into an anomaly detection problem.Finally,an anomaly detection algorithm is used to identify Ponzi schemes in smart contracts.Experimental results show that the proposed detection model can greatly improve the accuracy of the detection of the Ponzi scheme contracts.Moreover,the F1-score of this model can reach 0.88,which is far better than those of other traditional detection models.

Smart Contract Vulnerability Detection Method Based on Feature Graph and Multiple Attention Mechanisms

The fast-paced development of blockchain technology is evident.Yet,the security concerns of smart contracts represent a significant challenge to the stability and dependability of the entire blockchain ecosystem.Conventional smart contract vulnerability detection primarily relies on static analysis tools,which are less efficient and accurate.Although deep learning methods have improved detection efficiency,they are unable to fully utilize the static relationships within contracts.Therefore,we have adopted the advantages of the above two methods,combining feature extraction mode of tools with deep learning techniques.Firstly,we have constructed corresponding feature extraction mode for different vulnerabilities,which are used to extract feature graphs from the source code of smart contracts.Then,the node features in feature graphs are fed into a graph convolutional neural network for training,and the edge features are processed using a method that combines attentionmechanismwith gated units.Ultimately,the revised node features and edge features are concatenated through amulti-head attentionmechanism.The result of the splicing is a global representation of the entire feature graph.Our method was tested on three types of data:Timestamp vulnerabilities,reentrancy vulnerabilities,and access control vulnerabilities,where the F1 score of our method reaches 84.63%,92.55%,and 61.36%.The results indicate that our method surpasses most others in detecting smart contract vulnerabilities.

Digital assets rights management through smart legal contracts and smart contracts

Intellectual property rights(IPR)management needs to evolve in a digital world where not only companies but also many independent content creators contribute to our culture with their art,music,and videos.In this respect,blockchain has recently emerged as a promising infrastructure,providing a trustworthy and immutable environment through the use of smart contracts,which may enable more agile management of digital rights and streamline royalty payments.However,no widespread consensus has been reached on the ability of this technology to adequately manage and transfer IPR.This paper presents an innovative approach to digital rights management developed within the scope of an international research endeavour co-financed by the European Commission named MediaVerse.The approach proposes the combined usage of smart legal contracts and blockchain smart contracts to take care of the legally binding contractual aspects of IPR and,at the same time,the need for notarization,rights transfer,and royalty payments.The work being conducted represents a contribution to advancing the current literature on IPR management that may lead to an improved and fairer monetization process for content creators as a means of individual empowerment.

ADEFGuard:Anomaly detection framework based on Ethereum smart contracts behaviours

Smart contracts are the building blocks of blockchain systems that enable automated peer-to-peer transactions and decentralized services.Smart contracts certainly provide a powerful functional surplus for maintaining the consistency of transactions in applications governed by blockchain technology.Smart contracts have become lucrative and profitable targets for attackers because they can hold a large amount of money.Formal verification and symbolic analysis have been employed to combat these destructive scams by analysing the codes and function calls,yet each scam's vulnerability should be discreetly predefined.In this work,we introduce ADEFGuard,a new anomaly detection framework based on the behaviour of smart contracts,as a new feature.We design a learning and monitoring module to determine fraudulent smart contract behaviours.Our framework is advantageous over basic algorithms in three aspects.First,ADEFGuard provides a unified solution to different genres of scams,relieving the need for code analysis skills.Second,ADEFGuard's inference is orders of magnitude faster than code analysis.Third,the experimental results show that ADEFGuard achieves high accuracy(85%),precision(75%),and recall(90%)for malicious contracts and is potentially useful in detecting new malicious behaviours of smart contracts.

TABS: Transforming automatically BPMN models into blockchain smart contracts

Research on blockchains addresses multiple issues,with one being the automated creation of smart contracts.Developing smart contract methods is more difficult than mainstream software development as the underlying blockchain infrastructure poses additional complexity.We report on a new approach to developing smart contracts with the objective of automating the process to increase developer efficiency and reduce the risk of errors introduced by software developers.To support industry adoption,we use Business Process Model and Notation(BPMN)modeling to describe an application while targeting applications in the trade vertical.We describe a system that transforms a BPMN model into a multi-modal model that combines Discrete Event(DE)modeling for concurrency with Hierarchical State Machines(HSMs)to represent application functionality.Then,further transformations are used to transform the DE-HSM model into methods in smart contracts.The system lets the modeler decide which of the independent patterns should be transformed into methods of a separate smart contract that is deployed on a sidechain for the purpose of(i)reducing processing costs and/or(ii)providing privacy so that other participants in the smart contract do not have visibility into the processing of the pattern.We also briefly describe a proof-of-concept tool we built to demonstrate the feasibility of our approach.

Cryptographic obfuscation for smart contracts: Trustless bitcoin bridge and more

Privacy protection for smart contracts is currently inadequate.Existing solutions for privacy-preserving smart contracts either support only a limited class of smart contracts or rely on noncryptographic assumptions.We propose a cryptographic obfuscation scheme for smart contracts based on existing blockchain mechanisms,standard cryptographic assumptions,and witness encryption.In the proposed scheme,an obfuscated smart contract does not reveal its algorithm and hardcoded secrets and preserves encrypted states.Any user can provide it with encrypted inputs and allow an untrusted third party to execute it.Although multiparty computation(MPC)among dynamically changing users is necessary,its privacy is protected if at least one user is honest.If the MPC does not finish within a period of time,anyone can cancel and restart it.The proposed scheme also supports decentralized obfuscation where even the participants of the obfuscation process cannot learn secrets in the obfuscated smart contract unless all of them are malicious.As its applications,we present a new trustless bitcoin bridge mechanism that exposes no secret key and privacy-preserving anti-money laundering built into smart contracts.

Automated Vulnerability Detection of Blockchain Smart Contacts Based on BERT Artificial Intelligent Model

The widespread adoption of blockchain technology has led to the exploration of its numerous applications in various fields.Cryptographic algorithms and smart contracts are critical components of blockchain security.Despite the benefits of virtual currency,vulnerabilities in smart contracts have resulted in substantial losses to users.While researchers have identified these vulnerabilities and developed tools for detecting them,the accuracy of these tools is still far from satisfactory,with high false positive and false negative rates.In this paper,we propose a new method for detecting vulnerabilities in smart contracts using the BERT pre-training model,which can quickly and effectively process and detect smart contracts.More specifically,we preprocess and make symbol substitution in the contract,which can make the pre-training model better obtain contract features.We evaluate our method on four datasets and compare its performance with other deep learning models and vulnerability detection tools,demonstrating its superior accuracy.

Mutation Testing for Integer Overflow in Ethereum Smart Contracts

Integer overflow is a common vulnerability in Ethereum Smart Contracts(ESCs)and often causes huge economic losses.Smart contracts cannot be changed once it is deployed on the blockchain and thus demand further testing.Mutation testing is a fault-based testing method that can effectively improve the sufficiency of a test for smart contracts.However,existing methods cannot efficiently perform mutation testing specifically for integer overflow in ESCs.Therefore,by analyzing integer overflow in ESCs,we propose five special mutation operators to address such vulnerability in terms of detecting sufficiency in ESC testing.An empirical study on 40 open-source ESCs is conducted to evaluate the effectiveness of the proposed mutation operators.Results show that(1)our proposed mutation operators can reproduce all 179 integer overflow vulnerabilities in 40 smart contracts,and the generated mutants have high compilation pass rate and integer overflow vulnerability generation rate;moreover,(2)the generated mutants can find the shortcomings of existing testing methods for integer overflow vulnerability,thereby providing effective support to improve the sufficiency of the test.

Systematic literature review on smart contracts in the construction industry: Potentials,benefits, and challenges

The development of digital transformation in the construction industry has led to the increasing adoption of smart contracts.As programmable applications to automatically write,verify,and enforce transaction conditions,smart contracts can be used in different areas mainly to improve automation level,information security,and built digital environment enhancement.However,the smart contract is commonly mentioned as a blockchain appendage,while its unique connotation and value in the construction industry have not been recognized.Therefore,this study carries out a systematic review based on 81 research articles published from 2014 to 2021 on smart contract applications in construction to explore and highlight their potentials under domain-specific requirements.Results are analyzed according to research type categorization and domain codification.Eight research domains are identified,where the three most highly explored domains are contract and payment,supply chain and logistics,and information management.The integration of smart contracts with other innovative concepts and advanced technologies is analyzed.The applicability,benefits,and challenges of smart contract applications regarding different research domains are discussed.

Verification and Validation for data marketplaces via a blockchain and smart contracts

Actual challenges with data in physical infrastructure include:1)the adversity of its velocity based on access and retrieval,thus integration;2)its value as its intrinsic quality;3)its extensive volume with a limited variety in terms of systems;and finally,4)its veracity,as data can be modified to obtain an economical advantage.Physical infrastructure design based on Agile project management and minimum viable products provides benefits against the traditional waterfall method.Agile supports an early return on investment that promotes circular reinvesting while making the product more adaptable to variable social-economical environments.However,Agile also presents inherent issues due to its iterative approach.Furthermore,project information requires an efficient record of the aims,requirements,and governance not only for the investors,owners,or users but also to keep evidence in future health&safety and other statutory compliance.In order to address these issues,this article presents a Validation and Verification(V&V)model for data marketplaces with a hierarchical process;each data V&V stage provides a layer of data abstraction,value-added services,and authenticity based on Artificial Intelligence(AI).In addition,this proposed solution applies Distributed Ledger Technology(DLT)for a decentralised approach where each user keeps and maintains the data within a ledger.The presented model is validated in real data marketplace applications:1)live data for the Newcastle Urban Observatory Smart City Project,where data are collected from sensors embedded within the smart city via APIs;2)static data for University College London(UCL)—Real Estate—PEARL Project,where different project users and stakeholders introduce data into a Project Information Model(PIM).

Using blockchain and semantic web technologies for the implementation of smart contracts between individuals and health insurance organizations

Blockchains and smart contracts are gaining momentum as enabling technologies for a wide set of applications where data distribution and sharing among decentralized infrastructures is required.In this work,we present a distributed application developed using blockchain technologies that allows individuals and health insurance organizations to come into agreement during the implementation of the healthcare insurance policies in each contract.For this purpose,health standards and semantic web technologies were used for the formal expression of both the insured individual's data and contract terms.Accordingly,a fine-grained data access policy was applied for evaluating contract terms on the basis of relevant data captured in healthcare settings.A prototype was implemented involving the development of several different smart contracts for the Ethereum platform as well as the necessary visual environment for accessing them.The developed system validates various features related to blockchain and smart contract features that are briefly discussed in this work,part of which can be mitigated or resolved through the use of a private permissioned blockchain.The application of well-established techniques for potential malfunctions of external services could also boost the security of the system and prevent it from potential attacks.

Eth2Vec:Learning contract-wide code representations for vulnerability detection on Ethereum smart contracts

Ethereum smart contracts are computer programs that are deployed and executed on the Ethereum blockchain to enforce agreements among untrusting parties.Being the most prominent platform that supports smart contracts,Ethereum has been targeted by many attacks and plagued by security incidents.Consequently,many smart contract vulnerabilities have been discovered in the past decade.To detect and prevent such vulnerabilities,different security analysis tools,including static and dynamic analysis tools,have been created,but their performance decreases drastically when codes to be analyzed are constantly being rewritten.In this paper,we propose Eth2Vec,a machine-learning-based static analysis tool that detects smart contract vulnerabilities.Eth2Vec maintains its robustness against code rewrites;i.e.,it can detect vulnerabilities even in rewritten codes.Other machine-learning-based static analysis tools require features,which analysts create manually,as inputs.In contrast,Eth2Vec uses a neural network for language processing to automatically learn the features of vulnerable contracts.In doing so,Eth2Vec can detect vulnerabilities in smart contracts by comparing the similarities between the codes of a target contract and those of the learned contracts.We performed experiments with existing open databases,such as Etherscan,and Eth2Vec was able to outperform a recent model based on support vector machine in terms of well-known metrics,i.e.,precision,recall,and F1-score.

Analysis of smart contracts balances

We define a technique for analyzing updates of smart contracts balances due to transfers of digital assets.The analysis addresses a lightweight smart contract language and consists of a two-step translation.First,we define the input-output behaviors of smart contract functions by means of a simple functional language with static dispatch.Then we associate the terms of this intermediate language with cost equations that compute the loss or gain of digital assets.The resulting equations can be fed to an off-the-shelf cost analyzer to provide upper bounds to the loss or gain.Our analysis has been prototyped and we report its assessments and discuss extensions with additional features.

FUTURE OF LAW CONFERENCE： THE INTERNET OF THINGS, SMART CONTRACTS AND INTELLIGENT MACHINES

From 26 to 27 October 2017, the Centre for Cross-Border Commercial Law in Asia of Singapore Management University （SMU） Law School held an international conference entitled ＂Future of Law Conference： The Internet of Things, Smart Contracts and Intelligent Machines＂ in Singapore. The conference brought together the leading thinkers in academia and practice in the field of information technology law to discuss the legal and regulatory implications of recent technological developments. Associate Professor ZHANG Jiyu and Associate Professor DING Xiaodong of the Law and Technology Institute of Renmin Law School were invited to attend the conference.