Blockchain: Concepts, Issues, and Applications

EnglishTürkçe

CHAPTER


DOI :10.26650/B/T8SSc4.2024.041.001   IUP :10.26650/B/T8SSc4.2024.041.001    Full Text (PDF)

Blockchain Security: Emerging Threats and Countermeasures

Ahmet Okan ArıkBüşra Özdenizci Köse

Blockchain is a decentralized ledger technology that records and securely stores transactions. It enables the tracking and verification of transactions between participants securely and transparently without the need for intermediaries like banks or governments. Due to the requiring simultaneously attack multiple blocks, the core structure of the blockchain makes more difficult for attackers to manipulate the data or compromise the system. However, security issues arise with any technology, and blockchain security is still a concern because the technology is not flawless. Therefore, it is essential to be aware of the different types of attacks that could target blockchain systems, such as double spending, eclipse, sybil, 51% attacks and to take security measurements like encryption and multi-factor authentication to strengthen blockchain security. Today, proper key management, regular security audits, and compliance with security standards are critical for ensuring best practices for blockchain security. The future of blockchain presents both potential challenges and opportunities. As blockchain advances, it is critical to be aware of arising security concerns and resolutions to ensure integrity and security for blockchain networks. This book chapter aims to present a comprehensive analysis of blockchain security concepts and explore emerging threats and countermeasures of blockchain security. Various blockchain attacks, security measures, best practices, quantum based cryptography will be presented, along with the challenges and risks behind blockchain technology. The study will provide valuable insights into the development and implementation of blockchain security for the stakeholders, including businesses and policymakers.


Keywords: BlockchainSecurityAttacksThreatsVulnerabilitiesCountermeasures

References

  • Aggarwal, S., & Kumar, N. (2021). Attacks on blockchain. In Advances in computers (Vol. 121, pp. 399-410). Elsevier. https://doi.org/10.1016/bs.adcom.2020.08.020 google scholar
  • Anita, N., & Vijayalakshmi, M. (2019, July). Blockchain security attack: A brief survey. In 2019 10th Internati-onal Conference on Computing, Communication and Networking Technologies (ICCCNT) (pp. 1-6). IEEE. google scholar
  • Antonopoulos, A. M. (2014). Mastering Bitcoin: Unlocking Digital Cryptocurrencies. O’Reilly Media, Inc. google scholar
  • Bae, J., & Lim, H. (2018). Random Mining Group Selection to Prevent 51% Attacks on Bitcoin. 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), 81-82. https://doi.org/10.1109/DSN-W.2018.00040 google scholar
  • Baek, U.-J., Ji, S.-H., Park, J. T., Lee, M.-S., Park, J.-S., & Kim, M.-S. (2019). DDoS Attack Detection on Bitcoin Ecosystem using Deep-Learning. 2019 20th Asia-Pacific Network Operations and Management Symposium (APNOMS), 1-4. https://doi.org/10.23919/APNOMS.2019.8892837 google scholar
  • Bag, S., & Sakurai, K. (2016). Yet Another Note on Block Withholding Attack on Bitcoin Mining Pools. In M. Bishop & A. C. A. Nascimento (Eds.), Information Security (pp. 167-180). Springer International Publis-hing. https://doi.org/10.1007/978-3-319-45871-7_11 google scholar
  • Bag, S., Ruj, S., & Sakurai, K. (2017). Bitcoin Block Withholding Attack: Analysis and Mitigation. IEEE Transa-ctions on Information Forensics and Security, 12(8), 1967-1978. https://doi.org/10.1109/TIFS.2016.2623588 google scholar
  • Belotti, M., Kirati, S., & Secci, S. (2018). Bitcoin Pool-Hopping Detection. 2018 IEEE 4th International Forum on Research and Technology for Society and Industry (RTSI), 1-6. https://doi.org/10.1109/RTSI.2018.8548376 google scholar
  • Biryukov, A., & Feher, D. (2020). ReCon: Sybil-resistant consensus from reputation. Pervasive and Mobile Computing, 61, 101109. https://doi.org/10.1016/j.pmcj.2019.101109 google scholar
  • Borge, M., Kokoris-Kogias, E., Jovanovic, P., Gasser, L., Gailly, N., & Ford, B. (2017, April). Proof-of-person-hood: Redemocratizing permissionless cryptocurrencies. In 2017 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (pp. 23-26). IEEE. google scholar
  • Caldarelli, G., & Ellul, J. (2021). The Blockchain Oracle Problem in Decentralized Finance—A Multivocal Approach. Applied Sciences, 11(16), Article 16. https://doi.org/10.3390/app11167572 google scholar
  • Chang, S.-Y., & Park, Y. (2019). Silent Timestamping for Blockchain Mining Pool Security. 2019 Internatio-nal Conference on Computing, Networking and Communications (ICNC), 1-5. https://doi.org/10.1109/ ICCNC.2019.8685563 google scholar
  • Chaum, D., & Van Heyst, E. (1991). Group Signatures. In D. W. Davies (Ed.), Advances in Cryptology— EUROCRYPT ’91 (Vol. 547, pp. 257-265). Springer Berlin Heidelberg. https://doi.org/10.1007/3-540-46416-6_22 google scholar
  • Chen, H., Chen, Y., Xiong, Z., Han, M., He, Z., Liu, B., ... & Ma, Z. (2022). Prevention method of block with-holding attack based on miners’ mining behavior in blockchain. Applied Intelligence, 1-19. google scholar
  • Chen, Y., Chen, H., Zhang, Y., Han, M., Siddula, M., & Cai, Z. (2022). A survey on blockchain systems: Attacks, defenses, and privacy preservation. High-Confidence Computing, 2(2), 100048. https://doi.org/10.1016/j. hcc.2021.100048 google scholar
  • Chughtia, Z. A., Awais, M., & Rasheed, A. (2022). Distributed autonomous organization security in blockcha-in:(DAO attack). International Journal of Computational and Innovative Sciences, 1(2), 47-59. google scholar
  • Cortesi, E., Bruschi, F., Secci, S., & Taktak, S. (2022). A new approach for Bitcoin pool-hopping detection. Computer Networks, 205, 108758. google scholar
  • Courtois, N. T., & Bahack, L. (2014). On subversive miner strategies and block withholding attack in bitcoin digital currency. arXiv preprint arXiv:1402.1718. google scholar
  • Dai, Q., Zhang, B., & Dong, S. (2022). Eclipse attack detection for blockchain network layer based on deep feature extraction. Wireless Communications and Mobile Computing, 2022. google scholar
  • de Haro-Olmo, F. J., Varela-Vaca, Â. J., & Âlvarez-Bermejo, J. A. (2020). Blockchain from the Perspective of Privacy and Anonymisation: A Systematic Literature Review. Sensors, 20(24), Article 24. https://doi. org/10.3390/s20247171 google scholar
  • Fatima Samreen, N., & Alalfi, M. H. (2020). Reentrancy Vulnerability Identification in Ethereum Smart Contra-cts. 2020 IEEE International Workshop on Blockchain Oriented Software Engineering (IWBOSE), 22-29. https://doi.org/10.1109/IWBOSE50093.2020.9050260 google scholar
  • Feng, Q., He, D., Zeadally, S., Khan, M. K., & Kumar, N. (2019). A survey on privacy protection in blockchain system. Journal of Network and Computer Applications, 126, 45-58. google scholar
  • Fernandez-Carames, T. M., & Fraga-Lamas, P. (2018). A Review on the Use of Blockchain for the Internet of Things. IEEE Access, 6, 32979-33001. google scholar
  • Fleder, M., Kester, M. S., & Pillai, S. (2015). Bitcoin transaction graph analysis. google scholar
  • Jia, B., & Liang, Y. (2020). Anti-D chain: A lightweight DDoS attack detection scheme based on heteroge-neous ensemble learning in blockchain. China Communications, 17(9), 11-24. https://doi.org/10.23919/ JCC.2020.09.002 google scholar
  • Jiang, Z., Lv, C., Zhang, B., Zhang, C., Lu, W., & Ji, S. (2020). Dynamic Network Configuration: An Effective Defensive Protocol for Public Blockchain. In C.-N. Yang, S.-L. Peng, & L. C. Jain (Eds.), Security with Intelligent Computing and Big-data Services (pp. 398-413). Springer International Publishing. https://doi. org/10.1007/978-3-030-16946-6_31 google scholar
  • Khan, K. M., Arshad, J., & Khan, M. M. (2020). Simulation of transaction malleability attack for blockchain-ba-sed e-voting. Computers & Electrical Engineering, 83, 106583. google scholar
  • Kwon, Y., Kim, D., Son, Y., Vasserman, E., & Kim, Y. (2017). Be Selfish and Avoid Dilemmas: Fork After Wit-hholding (FAW) Attacks on Bitcoin. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 195-209. https://doi.org/10.1145/3133956.3134019 google scholar
  • Li , Y., Qiao, L., & Lv, Z. (2021). An optimized byzantine fault tolerance algorithm for consortium blockchain. Peer-to-Peer Networking and Applications, 14, 2826-2839. google scholar
  • Liu, C., Liu, H., Cao, Z., Chen, Z., Chen, B., & Roscoe, B. (2018). ReGuard: Finding reentrancy bugs in smart contracts. Proceedings of the 40th International Conference on Software Engineering: Companion Procee-edings, 65-68. https://doi.org/10.1145/3183440.3183495 google scholar
  • Liu, L., Zhou, S., Huang, H., & Zheng, Z. (2021). From technology to society: An overview of blockchain-based DAO. IEEE Open Journal of the Computer Society, 2, 204-215. google scholar
  • Moubarak, J., Filiol, E., & Chamoun, M. (2018, April). On blockchain security and relevant attacks. In 2018 IEEE Middle East and North Africa Communications Conference (MENACOMM) (pp. 1-6). IEEE. google scholar
  • Nicolas, K., Wang, Y., Giakos, G. C., Wei, B., & Shen, H. (2020). Blockchain system defensive overview for double-spend and selfish mining attacks: A systematic approach. IEEE Access, 9, 3838-3857. google scholar
  • Otte, P., de Vos, M., & Pouwelse, J. (2020). TrustChain: A Sybil-resistant scalable blockchain. Future Generation Computer Systems, 107, 770-780. https://doi.org/10.1016/j.future.2017.08.048 google scholar
  • Panarello, A., Tapas, N., Merlino, G., Longo, F., & Puliafito, A. (2018). Blockchain and iot integration: A sys-tematic survey. Sensors, 18(8), 2575. google scholar
  • Qin, K., Zhou, L., Livshits, B., & Gervais, A. (2021, March). Attacking the defi ecosystem with flash loans for fun and profit. In International conference on financial cryptography and data security (pp. 3-32). Berlin, Heidelberg: Springer Berlin Heidelberg. google scholar
  • Rathod, N., & Motwani, D. (2018). Security threats on blockchain and its countermeasures. Int. Res. J. Eng. Technol, 5(11), 1636-1642. google scholar
  • Recabarren, R., & Carbunar, B. (2017). Hardening stratum, the bitcoin pool mining protocol. arXiv preprint arXiv:1703.06545. google scholar
  • Rivest, R. L., Shamir, A., & Tauman, Y. (2001). How to Leak a Secret. In C. Boyd (Ed.), Advances in Crypto-logy—ASIACRYPT 2001 (Vol. 2248, pp. 552-565). Springer Berlin Heidelberg. https://doi.org/10.1007/3-540-45682-1_32 google scholar
  • Rosenfeld, M. (2011). Analysis of Bitcoin Pooled Mining Reward Systems (arXiv:1112.4980). arXiv. https:// doi.org/10.48550/arXiv.1112.4980 google scholar
  • Saad, M., Njilla, L., Kamhoua, C., & Mohaisen, A. (2019). Countering Selfish Mining in Blockchains. 2019 International Conference on Computing, Networking and Communications (ICNC), 360-364. https://doi. org/10.1109/ICCNC.2019.8685577 google scholar
  • Saad, M., Spaulding, J., Njilla, L., Kamhoua, C. A., Nyang, D., & Mohaisen, A. (2019). Overview of attack surfaces in blockchain. Blockchain for Distributed Systems Security, 51-66. google scholar
  • Saha, B., Hasan, M. M., Anjum, N., Tahora, S., Siddika, A., & Shahriar, H. (2023). Protecting the Decentra-lized Future: An Exploration of Common Blockchain Attacks and their Countermeasures. arXiv preprint arXiv:2306.11884. google scholar
  • Saito, Y., & Rose, J. A. (2023). Reputation-based Decentralized Autonomous Organization for the non-profit sector: Leveraging blockchain to enhance good governance. Frontiers in Blockchain, 5, 1083647. google scholar
  • Saminathan, K., Kondaveeti, H. K., & Karunanithi, S. (2021). Structure security attacks and countermeasures in the blockchain network. Convergence of Blockchain Technology and E-Business, 61-84. google scholar
  • Sarker, A., Wuthier, S., & Chang, S.-Y. (2019). Anti-Withholding Reward System to Secure Blockchain Mining Pools. 2019 Crypto Valley Conference on Blockchain Technology (CVCBT), 43-46. https://doi.org/10.1109/ CVCBT.2019.00004 google scholar
  • Sayeed, S., Marco-Gisbert, H., & Caira, T. (2020). Smart contract: Attacks and protections. IEEE Access, 8, 24416-24427. google scholar
  • Schrijvers, O., Bonneau, J., Boneh, D., & Roughgarden, T. (2017). Incentive Compatibility of Bitcoin Mining Pool Reward Functions. In J. Grossklags & B. Preneel (Eds.), Financial Cryptography and Data Security (pp. 477-498). Springer. https://doi.org/10.1007/978-3-662-54970-4_28 google scholar
  • Shah, Z., Ullah, I., Li, H., Levula, A., & Khurshid, K. (2022). Blockchain based solutions to mitigate distributed denial of service (DDoS) attacks in the Internet of Things (IoT): A survey. Sensors, 22(3), 1094. google scholar
  • Shahsavari, Y., Zhang, K., & Talhi, C. (2020). A theoretical model for block propagation analysis in bitcoin network. IEEE Transactions on Engineering Management, 69(4), 1459-1476. google scholar
  • Shalini, S., & Santhi, H. (2019, April). A survey on various attacks in bitcoin and cryptocurrency. In 2019 Inter-national Conference on Communication and Signal Processing (ICCSP) (pp. 0220-0224). IEEE. google scholar
  • Sheth, H., & Dattani, J. (2019). Overview of Blockchain Technology. Asian Journal For Convergence In Tech-nology (AJCT) ISSN -2350-1146. https://asianssr.org/index.php/ajct/article/view/728 google scholar
  • Siddiqui, S. T., Ahmad, R., Shuaib, M., & Alam, S. (2020). Blockchain security threats, attacks and countermea-sures. In Ambient Communications and Computer Systems: RACCCS 2019 (pp. 51-62). Springer Singapore. google scholar
  • Singh, S. K., Salim, M. M., Cho, M., Cha, J., Pan, Y., & Park, J. H. (2019). Smart Contract-Based Pool Hop-ping Attack Prevention for Blockchain Networks. Symmetry, 11(7), Article 7. https://doi.org/10.3390/ sym11070941 google scholar
  • Swathi, B. H., Meghana, M. S., & Lokamathe, P. (2021, May). An analysis on blockchain consensus protocols for fault tolerance. In 2021 2nd International Conference for Emerging Technology (INCET) (pp. 1-4). IEEE. google scholar
  • Swathi, P., Modi, C., & Patel, D. (2019, July). Preventing Sybil Attack in Blockchain using Distributed Behavior Monitoring of Miners. 2019 10th International Conference on Computing, Communication and Networking Technologies (ICCCNT), 1-6. https://doi.org/10.1109/ICCCNT45670.2019.8944507 google scholar
  • Tang, C., Wu, L., Wen, G., & Zheng, Z. (2020). Incentivizing Honest Mining in Blockchain Networks: A Re-putation Approach. IEEE Transactions on Circuits and Systems II: Express Briefs, 67(1), 117-121. https:// doi.org/10.1109/TCSII.2019.2901746 google scholar
  • Wen, Y., Lu, F., Liu, Y., & Huang, X. (2021). Attacks and countermeasures on blockchains: A survey from laye-ring perspective. Computer Networks, 191, 107978. google scholar
  • Wu, X. B., & Sun, W. (2018). Blockchain Quick Start Guide: A beginner’s guide to developing enterprise-grade decentralized applications. Packt Publishing Ltd. google scholar
  • Xu, G., Guo, B., Su, C., Zheng, X., Liang, K., Wong, D. S., & Wang, H. (2020). Am I eclipsed? A smart detector of eclipse attacks for Ethereum. Computers & Security, 88, 101604. https://doi.org/10.1016/j. cose.2019.101604 google scholar
  • Yang, R., Chang, X., Misic, J., Misic, V., & Zhu, H. (2022, May). Evaluating fork after withholding (FAW) attack in Bitcoin. In Proceedings of the 19th ACM International Conference on Computing Frontiers (pp. 67-74). google scholar
  • Yang, X., Chen, Y., & Chen, X. (2019). Effective Scheme against 51% Attack on Proof-of-Work Blockchain with History Weighted Information. 2019 IEEE International Conference on Blockchain (Blockchain), 261-265. https://doi.org/10.1109/Blockchain.2019.00041 google scholar
  • Yin, Y., Lv, D., Huang, X., Liu, J., Xie, S., & Zhang, Y. (2021, December). Research on Blockchain Security Protection. In 2021 7th International Conference on Computer and Communications (ICCC) (pp. 15451550). IEEE. google scholar
  • Zhang, K., Liang, X., Lu, R., & Shen, X. (2014). Sybil attacks and their defenses in the internet of things. IEEE Internet of Things Journal, 1(5), 372-383. google scholar
  • Zhang, R., & Preneel, B. (2017). Publish or Perish: A Backward-Compatible Defense Against Selfish Mining in Bitcoin. In H. Handschuh (Ed.), Topics in Cryptology - CT-RSA 2017 (pp. 277-292). Springer International Publishing. https://doi.org/10.1007/978-3-319-52153-4_16 google scholar
  • Zhang, R., Xue, R., & Liu, L. (2020). Security and Privacy on Blockchain. ACM Computing Surveys, 52(3), 1-34. https://doi.org/10.1145/3316481 google scholar
  • Zhang, Y., Chen, Y., Miao, K., Ren, T., Yang, C., & Han, M. (2022). A Novel Data-Driven Evaluation Framework for Fork after Withholding Attack in Blockchain Systems. Sensors, 22(23), 9125. google scholar
  • Zhou, C., Xing, L., Liu, Q., & Wang, H. (2022). Effective Selfish Mining Defense Strategies to Improve Bitcoin Dependability. Applied Sciences, 13(1), 422. google scholar
  • Zhou, L., Xiong, X., Ernstberger, J., Chaliasos, S., Wang, Z., Wang, Y., ... & Gervais, A. (2022). Sok: Decentra-lized finance (defi) attacks. Cryptology Archive. google scholar


SHARE




Istanbul University Press aims to contribute to the dissemination of ever growing scientific knowledge through publication of high quality scientific journals and books in accordance with the international publishing standards and ethics. Istanbul University Press follows an open access, non-commercial, scholarly publishing.