More Like this

1. A Resource-Efficient Smart Contract for Privacy Preserving Smart Home Systems

   https://doi.org/10.1109/SWC50871.2021.00079  

   Saquib, Nazmus; Bakir, Fatih; Krintz, Chandra; Wolski, Rich (October 2021, IEEE SmartWorld)

   Due to the proliferation of IoT and the popularity of smart contracts mediated by blockchain, smart home systems have become capable of providing privacy and security to their occupants. In blockchain-based home automation systems, business logic is handled by smart contracts securely. However, a blockchain-based solution is inherently resource-intensive, making it unsuitable for resource-constrained IoT devices. Moreover, time-sensitive actions are complex to perform in a blockchainbased solution due to the time required to mine a block. In this work, we propose a blockchain-independent smart contract infrastructure suitable for resource-constrained IoT devices. Our proposed method is also capable of executing time-sensitive business logic. As an example of an end-to-end application, we describe a smart camera system using our proposed method, compare this system with an existing blockchain-based solution, and present an empirical evaluation of their performance. 

   more » « less
2. Blockchain Security and Privacy: Threats, Challenges, Applications, and Tools

   https://doi.org/10.1145/3716323  

   Alghuried, Ahod; Alkinoon, Mohammed; Mohaisen, Manar; Wang, An; Zou, Cliff C; Mohaisen, David (February 2025, Distributed Ledger Technologies: Research and Practice)

   Blockchain technology has heralded a new era in digital innovation, revolutionizing our approach to designing and building distributed applications in the digital sphere. Blockchain technology operates as an immutable digital ledger, where each entry representing a digital transaction is indelible and cannot be altered once established. Initially designed as the fundamental framework for cryptocurrencies, blockchain has outgrown its original purpose, demonstrating significant potential in various industries and offering a variety of security and privacy features. Our study provides a thorough and current survey of blockchain applications, security, privacy concepts, primitives, and threat models. It stands out by concentrating on how blockchain technology intersects with emerging fields like IoT, EVs, FinTech, and healthcare systems in a single framework. To provide security and privacy features, blockchain systems employ different foundational notions and primitives while tackling diverse adversarial scenarios with various capabilities and goals. This study presents a fresh examination of the current state of applications, security and privacy notions and primitives, and threat models in blockchain systems. Additionally, this work highlights existing gaps in knowledge and outlines open questions, aiming to stimulate interest in further advancements in the field. 

   more » « less
3. Private Proof-of-Stake Blockchains using Differentially-Private Stake Distortion

   Wang, Chenghong; Pujol, David; Nayak, Kartik; Machanavajjhala, Ashwin (August 2023, Usenix)

   Safety, liveness, and privacy are three critical properties for any private proof-of-stake (PoS) blockchain. However, prior work (SP'21) has shown that to obtain safety and liveness, a PoS blockchain must, in theory, forgo privacy. In particular, to obtain safety and liveness, PoS blockchains elect parties proportional to their stake, which, in turn, can potentially reveal the stake of a party even if the transaction processing mechanism is private. In this work, we make two key contributions. First, we present the first stake inference attack that can be actually run in practice. Specifically, our attack applies to both deterministic and randomized PoS protocols and has exponentially lesser running time in comparison with the SOTA approach. Second, we use differentially private stake distortion to achieve privacy in PoS blockchains. We formulate certain privacy requirements to achieve transaction and stake privacy, and design two stake distortion mechanisms that any PoS protocol can use. Moreover, we analyze our proposed mechanisms with Ethereum 2.0, a well-known PoS blockchain that is already operating in practice. The results indicate that our mechanisms mitigate stake inference risks and, at the same time, provide reasonable privacy while preserving required safety and liveness properties. 

   more » « less
4. Private Proof-of-Stake Blockchains using Differentially-Private Stake Distortion

   Wang, Chenghong; Pujol, David; Nayak, Kartik; Machanavajjhala, Ashwin (August 2023, 32nd USENIX Security Symposium (USENIX Security 23))

   Safety, liveness, and privacy are three critical properties for any private proof-of-stake (PoS) blockchain. However, prior work (SP'21) has shown that to obtain safety and liveness, a PoS blockchain must in theory forgo privacy. In particular, to obtain safety and liveness, PoS blockchains elect parties proportional to their stake, which, in turn, can potentially reveal the stake of a party even if the transaction processing mechanism is private. In this work, we make two key contributions. First, we present the first stake inference attack that can be actually run in practice. Specifically, our attack applies to both deterministic and randomized PoS protocols and has exponentially lesser running time in comparison with the SOTA approach. Second, we use differentially private stake distortion to achieve privacy in PoS blockchains. We formulate certain privacy requirements to achieve transaction and stake privacy, and design two stake distortion mechanisms that any PoS protocol can use. Moreover, we analyze our proposed mechanisms with Ethereum 2.0, a well-known PoS blockchain that is already operating in practice. The results indicate that our mechanisms mitigate stake inference risks and, at the same time, provide reasonable privacy while preserving required safety and liveness properties. 

   more » « less
5. Quantifying location privacy in permissioned blockchain-based internet of things (IoT)

   https://doi.org/10.1145/3360774.3360800  

   Shahid, Abdur R.; Pissinou, Niki; Njilla, Laurent; Alemany, Sheila; Imteaj, Ahmed; Makki, Kia; Aguilar, Edwin (November 2019, MobiQuitous '19: Proceedings of the 16th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services)

   Vincent Poor and Zhu Han (Ed.)

   Recently, blockchain has received much attention from the mobility-centric Internet of Things (IoT). It is deemed the key to ensuring the built-in integrity of information and security of immutability by design in the peer-to-peer network (P2P) of mobile devices. In a permissioned blockchain, the authority of the system has control over the identities of its users. Such information can allow an ill-intentioned authority to map identities with their spatiotemporal data, which undermines the location privacy of a mobile user. In this paper, we study the location privacy preservation problem in the context of permissioned blockchain-based IoT systems under three conditions. First, the authority of the blockchain holds the public and private key distribution task in the system. Second, there exists a spatiotemporal correlation between consecutive location-based transactions. Third, users communicate with each other through short-range communication technologies such that it constitutes a proof of location (PoL) on their actual locations. We show that, in a permissioned blockchain with an authority and a presence of a PoL, existing approaches cannot be applied using a plug-and-play approach to protect location privacy. In this context, we propose BlockPriv, an obfuscation technique that quantifies, both theoretically and experimentally, the relationship between privacy and utility in order to dynamically protect the privacy of sensitive locations in the permissioned blockchain. 

   more » « less