Pub Date : 2019-12-01DOI: 10.1109/TPS-ISA48467.2019.00013
Abdulrahman Alzahrani, Hani Alshahrani, A. Alshehri, Huirong Fu
Malware variants exhibit polymorphic attacks due to the tremendous growth of the present technologies. For instance, ransomware, an astonishingly growing set of monetary-gain threats in the recent years, is peculiarized as one of the most treacherous cyberthreats against innocent individuals and businesses by locking their devices and/or encrypting their files. Many proposed attempts have been introduced by cybersecurity researchers aiming at mitigating the epidemic of the ransomware attacks. However, this type of malware is kept refined by utilizing new evasion techniques, such as sophisticated codes, dynamic payloads, and anti-emulation techniques, in order to survive against detection systems. This paper introduces RanDetector, a new automated and lightweight system for detecting ransomware applications in Android platform based on their behavior. In particular, this detection system investigates the appearance of some information that is related to ransomware operations in an inspected application before integrating some supervised machine learning models to classify the application. RanDetector is evaluated and tested on a dataset of more 450 applications, including benign and ransomware. Hence, RanDetector has successfully achieved more that 97.62% detection rate with nearly zero false positive.
{"title":"An Intelligent Behavior-Based Ransomware Detection System For Android Platform","authors":"Abdulrahman Alzahrani, Hani Alshahrani, A. Alshehri, Huirong Fu","doi":"10.1109/TPS-ISA48467.2019.00013","DOIUrl":"https://doi.org/10.1109/TPS-ISA48467.2019.00013","url":null,"abstract":"Malware variants exhibit polymorphic attacks due to the tremendous growth of the present technologies. For instance, ransomware, an astonishingly growing set of monetary-gain threats in the recent years, is peculiarized as one of the most treacherous cyberthreats against innocent individuals and businesses by locking their devices and/or encrypting their files. Many proposed attempts have been introduced by cybersecurity researchers aiming at mitigating the epidemic of the ransomware attacks. However, this type of malware is kept refined by utilizing new evasion techniques, such as sophisticated codes, dynamic payloads, and anti-emulation techniques, in order to survive against detection systems. This paper introduces RanDetector, a new automated and lightweight system for detecting ransomware applications in Android platform based on their behavior. In particular, this detection system investigates the appearance of some information that is related to ransomware operations in an inspected application before integrating some supervised machine learning models to classify the application. RanDetector is evaluated and tested on a dataset of more 450 applications, including benign and ransomware. Hence, RanDetector has successfully achieved more that 97.62% detection rate with nearly zero false positive.","PeriodicalId":129820,"journal":{"name":"2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130078310","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-12-01DOI: 10.1109/TPS-ISA48467.2019.00011
Ian Y. Garrett, Ryan M. Gerdes
Reinforcement learning techniques are increasingly utilized in cyber physical systems and traditional control systems, since they allow the controlling logic to learn through its interactions with its environment. However, reinforcement learning techniques have been found to be vulnerable to malicious influence, in the form of so-called adversarial examples, that can lead to, for example, destabilization of the system. In this paper, an optimization method is proposed to provide a directed attack towards a system resulting in destabilization. The attack differs from previous adversarial work against machine learning algorithms in that it focused on cyber physical systems and, in contrast to false-data injection or actuator attacks, assumed that an adversary is able to directly influence the state(s) of the system, to some degree. Furthermore, it is assumed that the system is controlled using a pre-learned optimal policy; i.e., the attack does not poison the learning process but rather leverages imperfections in the learned policy. This means the reinforcement learning algorithm can be vulnerable even while operating under an optimal policy. The optimization approach increases the feasibility of the attack by reducing the overall cost expended by the adversary. This paper describes the theory supporting the attack by proposing an algorithm and its corresponding proof. The attack is validated using OpenAI's gym and the physics simulator Mujoco to simulate the attack on a cyber physical system trained using a deep reinforcement learning method.
{"title":"Z Table: Cost-Optimized Attack on Reinforcement Learning","authors":"Ian Y. Garrett, Ryan M. Gerdes","doi":"10.1109/TPS-ISA48467.2019.00011","DOIUrl":"https://doi.org/10.1109/TPS-ISA48467.2019.00011","url":null,"abstract":"Reinforcement learning techniques are increasingly utilized in cyber physical systems and traditional control systems, since they allow the controlling logic to learn through its interactions with its environment. However, reinforcement learning techniques have been found to be vulnerable to malicious influence, in the form of so-called adversarial examples, that can lead to, for example, destabilization of the system. In this paper, an optimization method is proposed to provide a directed attack towards a system resulting in destabilization. The attack differs from previous adversarial work against machine learning algorithms in that it focused on cyber physical systems and, in contrast to false-data injection or actuator attacks, assumed that an adversary is able to directly influence the state(s) of the system, to some degree. Furthermore, it is assumed that the system is controlled using a pre-learned optimal policy; i.e., the attack does not poison the learning process but rather leverages imperfections in the learned policy. This means the reinforcement learning algorithm can be vulnerable even while operating under an optimal policy. The optimization approach increases the feasibility of the attack by reducing the overall cost expended by the adversary. This paper describes the theory supporting the attack by proposing an algorithm and its corresponding proof. The attack is validated using OpenAI's gym and the physics simulator Mujoco to simulate the attack on a cyber physical system trained using a deep reinforcement learning method.","PeriodicalId":129820,"journal":{"name":"2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132776969","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-12-01DOI: 10.1109/TPS-ISA48467.2019.00033
A. Shrestha, Julita Vassileva
Blockchain technology has evolved as a promising means to transform data management models in many domains including healthcare, agricultural research, tourism domains etc. In the research community, a usable blockchain-based system can allow users to create a proof of ownership and provenance of the research work, share research data without losing control and ownership of it, provide incentives for sharing and give users full transparency and control over who access their data, when and for what purpose. The initial adoption of such blockchain-based systems is necessary for continued use of the services, but their user acceptance behavioral model has not been well investigated in the literature. In this paper, we take the Technology Acceptance Model (TAM) as a foundation and extend the external constructs to uncover how the perceived ease of use, perceived usability, quality of the system and perceived enjoyment influence the intention to use the blockchain-based system. We based our study on user evaluation of a prototype of a blockchain-based research data sharing framework using a TAM validated questionnaire. Our results show that, overall, all the individual constructs of the behavior model significantly influence the intention to use the system while their collective effect is found to be insignificant. The quality of the system and the perceived enjoyment have stronger influence on the perceived usefulness. However, the effect of perceived ease of use on the perceived usefulness is not supported. Finally, we discuss the implications of our findings.
{"title":"User Acceptance of Usable Blockchain-Based Research Data Sharing System: An Extended TAM-Based Study","authors":"A. Shrestha, Julita Vassileva","doi":"10.1109/TPS-ISA48467.2019.00033","DOIUrl":"https://doi.org/10.1109/TPS-ISA48467.2019.00033","url":null,"abstract":"Blockchain technology has evolved as a promising means to transform data management models in many domains including healthcare, agricultural research, tourism domains etc. In the research community, a usable blockchain-based system can allow users to create a proof of ownership and provenance of the research work, share research data without losing control and ownership of it, provide incentives for sharing and give users full transparency and control over who access their data, when and for what purpose. The initial adoption of such blockchain-based systems is necessary for continued use of the services, but their user acceptance behavioral model has not been well investigated in the literature. In this paper, we take the Technology Acceptance Model (TAM) as a foundation and extend the external constructs to uncover how the perceived ease of use, perceived usability, quality of the system and perceived enjoyment influence the intention to use the blockchain-based system. We based our study on user evaluation of a prototype of a blockchain-based research data sharing framework using a TAM validated questionnaire. Our results show that, overall, all the individual constructs of the behavior model significantly influence the intention to use the system while their collective effect is found to be insignificant. The quality of the system and the perceived enjoyment have stronger influence on the perceived usefulness. However, the effect of perceived ease of use on the perceived usefulness is not supported. Finally, we discuss the implications of our findings.","PeriodicalId":129820,"journal":{"name":"2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114939945","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-12-01DOI: 10.1109/TPS-ISA48467.2019.00015
Tyler Phillips, Xiaoyuan Yu, Brandon Haakenson, X. Zou
In many domains, organizations must model personnel and corresponding data access privileges as fine-grained hierarchical access control models. One class of such models, Role-based Access Control (RBAC) models, has been widely accepted and deployed. However, RBAC models are often used without involving cryptographic keys nor considering confidentiality/privacy at the data level. How to design, implement and dynamically modify such a hierarchy, ensure user and data privacy and distribute and manage necessary cryptographic keys are issues of the utmost importance. One elegant solution for cryptography-based hierarchical access control combines the collusion-resistant and privacy-preserving Access Control Polynomial (ACP) and Atallah's Dynamic and Efficient Extended Key Management scheme. Such a model involves cryptographic keys used to encrypt data, can address confidentiality/privacy at the data level and can efficiently support dynamic changes to the RBAC access hierarchy. In this paper, we discuss several implementation challenges and propose solutions when deploying such a system including: data encryption and decryption, key storage and key distribution. Furthermore, we provide analysis of the efficiency and scalability of the resulting system.
{"title":"Design and Implementation of Privacy-Preserving, Flexible and Scalable Role-Based Hierarchical Access Control","authors":"Tyler Phillips, Xiaoyuan Yu, Brandon Haakenson, X. Zou","doi":"10.1109/TPS-ISA48467.2019.00015","DOIUrl":"https://doi.org/10.1109/TPS-ISA48467.2019.00015","url":null,"abstract":"In many domains, organizations must model personnel and corresponding data access privileges as fine-grained hierarchical access control models. One class of such models, Role-based Access Control (RBAC) models, has been widely accepted and deployed. However, RBAC models are often used without involving cryptographic keys nor considering confidentiality/privacy at the data level. How to design, implement and dynamically modify such a hierarchy, ensure user and data privacy and distribute and manage necessary cryptographic keys are issues of the utmost importance. One elegant solution for cryptography-based hierarchical access control combines the collusion-resistant and privacy-preserving Access Control Polynomial (ACP) and Atallah's Dynamic and Efficient Extended Key Management scheme. Such a model involves cryptographic keys used to encrypt data, can address confidentiality/privacy at the data level and can efficiently support dynamic changes to the RBAC access hierarchy. In this paper, we discuss several implementation challenges and propose solutions when deploying such a system including: data encryption and decryption, key storage and key distribution. Furthermore, we provide analysis of the efficiency and scalability of the resulting system.","PeriodicalId":129820,"journal":{"name":"2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122225843","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-12-01DOI: 10.1109/TPS-ISA48467.2019.00016
Kyle Haefner, I. Ray
This work takes a novel approach to classifying the behavior of devices by exploiting the single-purpose nature of IoT devices and analyzing the complexity and variance of their network traffic. We develop a formalized measurement of complexity for IoT devices, and use this measurement to precisely tune an anomaly detection algorithm for each device. We postulate that IoT devices with low complexity lead to a high confidence in their behavioral model and have a correspondingly more precise decision boundary on their predicted behavior. Conversely, complex general purpose devices have lower confidence and a more generalized decision boundary. We show that there is a positive correlation to our complexity measure and the number of outliers found by an anomaly detection algorithm. By tuning this decision boundary based on device complexity we are able to build a behavioral framework for each device that reduces false positive outliers. Finally, we propose an architecture that can use this tuned behavioral model to rank each flow on the network and calculate a trust score ranking of all traffic to and from a device which allows the network to autonomously make access control decisions on a per-flow basis.
{"title":"ComplexIoT: Behavior-Based Trust For IoT Networks","authors":"Kyle Haefner, I. Ray","doi":"10.1109/TPS-ISA48467.2019.00016","DOIUrl":"https://doi.org/10.1109/TPS-ISA48467.2019.00016","url":null,"abstract":"This work takes a novel approach to classifying the behavior of devices by exploiting the single-purpose nature of IoT devices and analyzing the complexity and variance of their network traffic. We develop a formalized measurement of complexity for IoT devices, and use this measurement to precisely tune an anomaly detection algorithm for each device. We postulate that IoT devices with low complexity lead to a high confidence in their behavioral model and have a correspondingly more precise decision boundary on their predicted behavior. Conversely, complex general purpose devices have lower confidence and a more generalized decision boundary. We show that there is a positive correlation to our complexity measure and the number of outliers found by an anomaly detection algorithm. By tuning this decision boundary based on device complexity we are able to build a behavioral framework for each device that reduces false positive outliers. Finally, we propose an architecture that can use this tuned behavioral model to rank each flow on the network and calculate a trust score ranking of all traffic to and from a device which allows the network to autonomously make access control decisions on a per-flow basis.","PeriodicalId":129820,"journal":{"name":"2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)","volume":"170 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132020195","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-12-01DOI: 10.1109/TPS-ISA48467.2019.00023
Hyunsu Mun, Youngseok Lee
In web or mobile app online used markets, users often leave their private contact information intentionally to sell their goods through quick communication. However, the Personally identifiable information (PII) uploaded by users is vulnerable to unwanted advertisement, exploits or even crime. In this work, we examine how PII elements are exposed at popular online used markets in Brazil, China and Korea. Regardless of country, platform, and PII protection system, PII are exposed. From 1-year data collection, we found that phone numbers and email addresses are frequently observed such that 69.43% of posts include phone numbers and 90.86% showed email addresses, and that 36.41% of PII lasted longer than 90 days with the slow PII decay rate of 0.03% per day in Korean used market. To protect the privacy of sellers exposed on the posts, we present a simple nudging web browser extension that detects and notifies PII elements.
{"title":"Analysis and Nudging of Personally Identifiable Information in Online Used Markets","authors":"Hyunsu Mun, Youngseok Lee","doi":"10.1109/TPS-ISA48467.2019.00023","DOIUrl":"https://doi.org/10.1109/TPS-ISA48467.2019.00023","url":null,"abstract":"In web or mobile app online used markets, users often leave their private contact information intentionally to sell their goods through quick communication. However, the Personally identifiable information (PII) uploaded by users is vulnerable to unwanted advertisement, exploits or even crime. In this work, we examine how PII elements are exposed at popular online used markets in Brazil, China and Korea. Regardless of country, platform, and PII protection system, PII are exposed. From 1-year data collection, we found that phone numbers and email addresses are frequently observed such that 69.43% of posts include phone numbers and 90.86% showed email addresses, and that 36.41% of PII lasted longer than 90 days with the slow PII decay rate of 0.03% per day in Korean used market. To protect the privacy of sellers exposed on the posts, we present a simple nudging web browser extension that detects and notifies PII elements.","PeriodicalId":129820,"journal":{"name":"2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121931810","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-12-01DOI: 10.1109/TPS-ISA48467.2019.00027
Naila Bushra, Naresh Adhikari, M. Ramkumar
A graph is a non-linear data structure with nodes and edges for depicting relationships between nodes in a wide range of systems such as social networks, maps, dependency network, electronic circuits, etc. Graphs are often inputs to various computational processes such as those for finding shortest paths between nodes, minimum spanning tree, graph coloring, etc. Such algorithms are essential components of many large-scale information systems. Guaranteeing the integrity of responses to various graph queries (like shortest path, number of disjoint sets, etc.) becomes especially challenging for graphs with very large numbers of nodes and/or edges. The goal of the blockchain-based Secure Queryable Dynamic Graphs (SQDG) protocol is to assure the correctness of responses to various types of graph queries, irrespective of the scale of the graph, without the need to rely on trusted third parties.
{"title":"Secure Queryable Dynamic Graphs using Blockchain","authors":"Naila Bushra, Naresh Adhikari, M. Ramkumar","doi":"10.1109/TPS-ISA48467.2019.00027","DOIUrl":"https://doi.org/10.1109/TPS-ISA48467.2019.00027","url":null,"abstract":"A graph is a non-linear data structure with nodes and edges for depicting relationships between nodes in a wide range of systems such as social networks, maps, dependency network, electronic circuits, etc. Graphs are often inputs to various computational processes such as those for finding shortest paths between nodes, minimum spanning tree, graph coloring, etc. Such algorithms are essential components of many large-scale information systems. Guaranteeing the integrity of responses to various graph queries (like shortest path, number of disjoint sets, etc.) becomes especially challenging for graphs with very large numbers of nodes and/or edges. The goal of the blockchain-based Secure Queryable Dynamic Graphs (SQDG) protocol is to assure the correctness of responses to various types of graph queries, irrespective of the scale of the graph, without the need to rely on trusted third parties.","PeriodicalId":129820,"journal":{"name":"2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117303222","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-12-01DOI: 10.1109/TPS-ISA48467.2019.00012
A. Gjerdrum, H. Johansen, L. Brenna, D. Johansen
The emerging serverless cloud paradigm, also known as Function as a Service (FaaS), enables auto-scalable cloud services on-demand, but requires complete trust in the surrounding infrastructure. Workloads hosting sensitive data, such as medical records or financial transactions, may not be able to use such cloud services due to these trust assumptions. This paper introduces Diggi, a native secure FaaS runtime for scalable function deployment requiring minimal trust in the underlying hardware/software stack. We demonstrate that Diggi is practical and that it holds comparable performance to conventional FaaS software.
{"title":"Diggi: A Secure Framework for Hosting Native Cloud Functions with Minimal Trust","authors":"A. Gjerdrum, H. Johansen, L. Brenna, D. Johansen","doi":"10.1109/TPS-ISA48467.2019.00012","DOIUrl":"https://doi.org/10.1109/TPS-ISA48467.2019.00012","url":null,"abstract":"The emerging serverless cloud paradigm, also known as Function as a Service (FaaS), enables auto-scalable cloud services on-demand, but requires complete trust in the surrounding infrastructure. Workloads hosting sensitive data, such as medical records or financial transactions, may not be able to use such cloud services due to these trust assumptions. This paper introduces Diggi, a native secure FaaS runtime for scalable function deployment requiring minimal trust in the underlying hardware/software stack. We demonstrate that Diggi is practical and that it holds comparable performance to conventional FaaS software.","PeriodicalId":129820,"journal":{"name":"2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134561416","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-12-01DOI: 10.1109/tps-isa48467.2019.00001
{"title":"Title Page I","authors":"","doi":"10.1109/tps-isa48467.2019.00001","DOIUrl":"https://doi.org/10.1109/tps-isa48467.2019.00001","url":null,"abstract":"","PeriodicalId":129820,"journal":{"name":"2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114565725","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-12-01DOI: 10.1109/TPS-ISA48467.2019.00014
Kuheli Sai, D. Tipper
Blockchain was originally developed to support decentralized cryptocurrency applications within a single network. However, the proliferation of blockchain technology has led to the need of supporting transactions across multiple networks requiring interoperability. Thus far, minimal analysis has been dedicated to the interoperability scenario and in particular the prevention of double-spending attacks across interoperable blockchain networks. In this paper, we propose the use of neutral observers to monitor transactions that span multiple blockchains and design a protocol that obviates the double-spending problem across interoperable blockchain networks. We show that the observers, can detect double spending, while remaining honest to the protocol as it is more profitable to them than colluding due to our proposed disincentivization scheme. Leveraging Ethereum's smart-contract functionality, we simulate our proposed disincentivization scheme and show its cost-effectiveness.
{"title":"Disincentivizing Double Spend Attacks Across Interoperable Blockchains","authors":"Kuheli Sai, D. Tipper","doi":"10.1109/TPS-ISA48467.2019.00014","DOIUrl":"https://doi.org/10.1109/TPS-ISA48467.2019.00014","url":null,"abstract":"Blockchain was originally developed to support decentralized cryptocurrency applications within a single network. However, the proliferation of blockchain technology has led to the need of supporting transactions across multiple networks requiring interoperability. Thus far, minimal analysis has been dedicated to the interoperability scenario and in particular the prevention of double-spending attacks across interoperable blockchain networks. In this paper, we propose the use of neutral observers to monitor transactions that span multiple blockchains and design a protocol that obviates the double-spending problem across interoperable blockchain networks. We show that the observers, can detect double spending, while remaining honest to the protocol as it is more profitable to them than colluding due to our proposed disincentivization scheme. Leveraging Ethereum's smart-contract functionality, we simulate our proposed disincentivization scheme and show its cost-effectiveness.","PeriodicalId":129820,"journal":{"name":"2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114664598","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: