Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00211
Xinchun Cui, Xueqing Li, Yiming Qin, Yong Ding
Many Internet service providers are still using traditional password strength evaluation methods, resulting in user passwords being vulnerable to social engineering attacks. We believe that the password strength evaluation method based on sensitive personal information has great research value for improving the security of password authentication system. In this paper, we use the structure segmentation algorithm and the bidirectional matching algorithm to investigate how users' personal information is used in passwords. Then, we present a sensitivity personal information coverage evaluation function that represents the correlation between users' password and their personal information. Finally, a password strength evaluation method based on sensitive personal information is proposed. This method is composed of three stages: preprocessing stage, prediction dictionary generation stage and password strength evaluation stage.
{"title":"A Password Strength Evaluation Algorithm based on Sensitive Personal Information","authors":"Xinchun Cui, Xueqing Li, Yiming Qin, Yong Ding","doi":"10.1109/TrustCom50675.2020.00211","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00211","url":null,"abstract":"Many Internet service providers are still using traditional password strength evaluation methods, resulting in user passwords being vulnerable to social engineering attacks. We believe that the password strength evaluation method based on sensitive personal information has great research value for improving the security of password authentication system. In this paper, we use the structure segmentation algorithm and the bidirectional matching algorithm to investigate how users' personal information is used in passwords. Then, we present a sensitivity personal information coverage evaluation function that represents the correlation between users' password and their personal information. Finally, a password strength evaluation method based on sensitive personal information is proposed. This method is composed of three stages: preprocessing stage, prediction dictionary generation stage and password strength evaluation stage.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128073866","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00150
M. Yousuf, Mingjun Wang, Zheng Yan, Fawad Khan
5G mobile networks are expected to be much bigger in size, faster in speeds and better in scalability, providing varied services to different users and businesses in contrast to previous networks. 5G will also help enabling new business models and use cases. “Network Slicing” is a driving architectural concept for multi-tenancy. Network Slicing enables Mobile Network Operators (MNOs) to deploy different services over shared physical infrastructure, increasing inter-operator resource sharing. As 5G is still in its nascent, inter operator cooperation is an area that requires immediate attention of research. Traditional inter operator trust relationship models cannot fully comprehend the needs of 5G networks. In this paper, we propose an Intel SGX based multi-MNO cooperation scheme for trusted, dynamic and efficient network slice sharing in order to support inter-operator trustworthy collaboration. Furthermore, we developed a Proof of Concept of our proposed scheme using Intel SGX, flask framework and Docker containers. The obtained results indicate the applicability of the proposed scheme with little effect on performance.
{"title":"Trusted Network Slicing among Multiple Mobile Network Operators","authors":"M. Yousuf, Mingjun Wang, Zheng Yan, Fawad Khan","doi":"10.1109/TrustCom50675.2020.00150","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00150","url":null,"abstract":"5G mobile networks are expected to be much bigger in size, faster in speeds and better in scalability, providing varied services to different users and businesses in contrast to previous networks. 5G will also help enabling new business models and use cases. “Network Slicing” is a driving architectural concept for multi-tenancy. Network Slicing enables Mobile Network Operators (MNOs) to deploy different services over shared physical infrastructure, increasing inter-operator resource sharing. As 5G is still in its nascent, inter operator cooperation is an area that requires immediate attention of research. Traditional inter operator trust relationship models cannot fully comprehend the needs of 5G networks. In this paper, we propose an Intel SGX based multi-MNO cooperation scheme for trusted, dynamic and efficient network slice sharing in order to support inter-operator trustworthy collaboration. Furthermore, we developed a Proof of Concept of our proposed scheme using Intel SGX, flask framework and Docker containers. The obtained results indicate the applicability of the proposed scheme with little effect on performance.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"94 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132555719","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00103
Lida Ketsbaia, B. Issac, Xiaomin Chen
Cyberbullying has become a highly problematic occurrence due to its potential of anonymity and its ease for others to join in the harassment of victims. The distancing effect that technological devices have, has led to cyberbullies say and do harsher things compared to what is typical in a traditional face-to-face bullying situation. Given the great importance of the problem, detection is becoming a key area of cyberbullying research. Therefore, it is highly necessary for a framework to accurately detect new cyberbullying instances automatically. To review the machine learning and deep learning approaches, two datasets were used. The first dataset was provided by the University of Maryland consisting of over 30,000 tweets, whereas the second dataset was based on the article ‘Automated Hate Speech Detection and the Problem of Offensive Language’ by Davidson et al., containing roughly 25,000 tweets. The paper explores machine learning approaches using word embeddings such as DBOW (Distributed Bag of Words) and DMM (Distributed Memory Mean) and the performance of Word2vec Convolutional Neural Networks (CNNs) to classify online hate.
{"title":"Detection of Hate Tweets using Machine Learning and Deep Learning","authors":"Lida Ketsbaia, B. Issac, Xiaomin Chen","doi":"10.1109/TrustCom50675.2020.00103","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00103","url":null,"abstract":"Cyberbullying has become a highly problematic occurrence due to its potential of anonymity and its ease for others to join in the harassment of victims. The distancing effect that technological devices have, has led to cyberbullies say and do harsher things compared to what is typical in a traditional face-to-face bullying situation. Given the great importance of the problem, detection is becoming a key area of cyberbullying research. Therefore, it is highly necessary for a framework to accurately detect new cyberbullying instances automatically. To review the machine learning and deep learning approaches, two datasets were used. The first dataset was provided by the University of Maryland consisting of over 30,000 tweets, whereas the second dataset was based on the article ‘Automated Hate Speech Detection and the Problem of Offensive Language’ by Davidson et al., containing roughly 25,000 tweets. The paper explores machine learning approaches using word embeddings such as DBOW (Distributed Bag of Words) and DMM (Distributed Memory Mean) and the performance of Word2vec Convolutional Neural Networks (CNNs) to classify online hate.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"89 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131797461","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/trustcom50675.2020.00006
{"title":"Welcome Messages from IEEE TrustCom 2020 Program Chairs","authors":"","doi":"10.1109/trustcom50675.2020.00006","DOIUrl":"https://doi.org/10.1109/trustcom50675.2020.00006","url":null,"abstract":"","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134222688","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00064
Yuzong Hu, Futai Zou, Linsen Li, P. Yi
In recent years, more and more anonymous network have been developed. Since user's identity is difficult to trace in anonymous networks, many illegal activities are carried out in darknet. In this paper, we propose a hierarchical classifier of darknet traffic which can distinguish four types of darknet(Tor, I2P, ZeroNet, Freenet) and 25 darknet users' behavior. Due to the lack of public datasets, we deployed a darknet data probe that can capture real darknet traffic in Tor, I2P, ZeroNet, Freenet. After collecting and labeling darknet traffic, we extract 26 time-based flow features that can represent the characteristics of darknet traffic and train a hierarchical classifier constructed by 6 local classifiers. Results show that the classifier can easily distinguish Tor, I2P, ZeroNet, Freenet four kinds of darknet clients with an accuracy of 96.9% and identify 8 kinds of user behaviors for each type of darknet with an accuracy of 91.6% on average. With the help of this hierarchical classification method, darknet user behaviors can be accurately distinguished at the traffic exit.
{"title":"Traffic Classification of User Behaviors in Tor, I2P, ZeroNet, Freenet","authors":"Yuzong Hu, Futai Zou, Linsen Li, P. Yi","doi":"10.1109/TrustCom50675.2020.00064","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00064","url":null,"abstract":"In recent years, more and more anonymous network have been developed. Since user's identity is difficult to trace in anonymous networks, many illegal activities are carried out in darknet. In this paper, we propose a hierarchical classifier of darknet traffic which can distinguish four types of darknet(Tor, I2P, ZeroNet, Freenet) and 25 darknet users' behavior. Due to the lack of public datasets, we deployed a darknet data probe that can capture real darknet traffic in Tor, I2P, ZeroNet, Freenet. After collecting and labeling darknet traffic, we extract 26 time-based flow features that can represent the characteristics of darknet traffic and train a hierarchical classifier constructed by 6 local classifiers. Results show that the classifier can easily distinguish Tor, I2P, ZeroNet, Freenet four kinds of darknet clients with an accuracy of 96.9% and identify 8 kinds of user behaviors for each type of darknet with an accuracy of 91.6% on average. With the help of this hierarchical classification method, darknet user behaviors can be accurately distinguished at the traffic exit.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"121 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134510491","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00031
Qi Feng, D. He, Min Luo, Zengxiang Li, K. Choo
In cryptocurrency and blockchain-based distributed ledgers, transfer of money (digital coins) can be presented as a transaction. Due to the irreversibility nature of blockchain transactions, a single fraudulent use of private key (used to sign transactions) could have significant consequences (e.g. financial loss). Key protection alone is not adequate in protecting cryp-tocurrencies, and threshold signature is a viable method to avoid fraudulent key usage or key theft. In this paper, we focus on the Edwards-curve digital security algorithm (EdDSA), which has been applied in several cryptocurrencies (e.g. Cardano, Zcash, and Decred) and design the first efficient two-party EdDSA signing protocol. Unlike standard secret sharing, a valid signature is generated using an interactive protocol without the original key ever being exposed. We mathematically prove the security of our proposed protocol. Findings from the performance evalation of the protocol show that it achieves good performance for curve Ed25519, with a single signing operation in the malicious setting taking approximately 3.32 ms between two devices.
{"title":"Practical Secure Two-Party EdDSA Signature Generation with Key Protection and Applications in Cryptocurrency","authors":"Qi Feng, D. He, Min Luo, Zengxiang Li, K. Choo","doi":"10.1109/TrustCom50675.2020.00031","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00031","url":null,"abstract":"In cryptocurrency and blockchain-based distributed ledgers, transfer of money (digital coins) can be presented as a transaction. Due to the irreversibility nature of blockchain transactions, a single fraudulent use of private key (used to sign transactions) could have significant consequences (e.g. financial loss). Key protection alone is not adequate in protecting cryp-tocurrencies, and threshold signature is a viable method to avoid fraudulent key usage or key theft. In this paper, we focus on the Edwards-curve digital security algorithm (EdDSA), which has been applied in several cryptocurrencies (e.g. Cardano, Zcash, and Decred) and design the first efficient two-party EdDSA signing protocol. Unlike standard secret sharing, a valid signature is generated using an interactive protocol without the original key ever being exposed. We mathematically prove the security of our proposed protocol. Findings from the performance evalation of the protocol show that it achieves good performance for curve Ed25519, with a single signing operation in the malicious setting taking approximately 3.32 ms between two devices.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133372672","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00066
Yu Fu, Siming Tong, Xiangyu Guo, Liang Cheng, Yang Zhang, D. Feng
Fuzzing has been widely adopted as an effective techniques to detect vulnerabilities in softwares. However, existing fuzzers suffer from the problems of generating excessive test inputs that either cannot pass input validation or are ineffective in exploring unvisited regions in the program under test (PUT). To tackle these problems, we propose a greybox fuzzer called MuFuzzer based on AFL, which incorporates two heuristics that optimize seed selection and automatically extract input formatting information from the PUT to increase the chance of generating valid test inputs, respectively. In particular, the first heuristic collects the branch coverage and execution information during a fuzz session, and utilizes such information to guide fuzzing tools in selecting seeds that are fast to execute, small in size, and more importantly, more likely to explore new behaviors of the PUT for subsequent fuzzing activities. The second heuristic automatically identifies string comparison operations that the PUT uses for input validation, and establishes a dictionary with string constants from these operations to help fuzzers generate test inputs that have higher chances to pass input validation. We have evaluated the performance of MuFuzzer, in terms of code coverage and bug detection, using a set of realistic programs and the LAVA-M test bench. Experiment results demonstrate that MuFuzzer is able to achieve higher code coverage and better or comparative bug detection performance than state-of-the-art fuzzers.
{"title":"Improving the Effectiveness of Grey-box Fuzzing By Extracting Program Information","authors":"Yu Fu, Siming Tong, Xiangyu Guo, Liang Cheng, Yang Zhang, D. Feng","doi":"10.1109/TrustCom50675.2020.00066","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00066","url":null,"abstract":"Fuzzing has been widely adopted as an effective techniques to detect vulnerabilities in softwares. However, existing fuzzers suffer from the problems of generating excessive test inputs that either cannot pass input validation or are ineffective in exploring unvisited regions in the program under test (PUT). To tackle these problems, we propose a greybox fuzzer called MuFuzzer based on AFL, which incorporates two heuristics that optimize seed selection and automatically extract input formatting information from the PUT to increase the chance of generating valid test inputs, respectively. In particular, the first heuristic collects the branch coverage and execution information during a fuzz session, and utilizes such information to guide fuzzing tools in selecting seeds that are fast to execute, small in size, and more importantly, more likely to explore new behaviors of the PUT for subsequent fuzzing activities. The second heuristic automatically identifies string comparison operations that the PUT uses for input validation, and establishes a dictionary with string constants from these operations to help fuzzers generate test inputs that have higher chances to pass input validation. We have evaluated the performance of MuFuzzer, in terms of code coverage and bug detection, using a set of realistic programs and the LAVA-M test bench. Experiment results demonstrate that MuFuzzer is able to achieve higher code coverage and better or comparative bug detection performance than state-of-the-art fuzzers.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134293779","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/trustcom50675.2020.00014
{"title":"SmartITC 2020 Organizing and Program Committees","authors":"","doi":"10.1109/trustcom50675.2020.00014","DOIUrl":"https://doi.org/10.1109/trustcom50675.2020.00014","url":null,"abstract":"","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129118217","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00019
Young Choon Lee, Jayden King, Young Ki Kim, Seok-Hee Hong
In large-scale distributed systems, such as clouds, failures are rather the norm than the exception. These failures include job failures, server failures, network outage and power failure. Among them, server failures are most common. With the wide adoption of cloud computing, the impact of server failures in clouds is far greater than that in traditional computer clusters as jobs of different tenants are often co-located (multi-tenancy). In this paper, we address the problem of robust scheduling, with realistic failure modeling, to minimize such impact on the execution of (co-located) jobs. To this end, we develop four online failure-aware (FA) scheduling algorithms, FAFF-WJ, FAFF-FC, FABF-WJ and FABF-FC, considering the availability and reliability of servers. In particular, FF (First-Fit) and BF (Best-Fit) indicate how the availability of servers is checked while WJ (Waiting Job) and FC (Failure Count) differ primarily in whether the reliability is measured from job's perspective or server's perspective. All four algorithms are designed essentially by combining these availability and reliability check methods. We evaluate our scheduling algorithms with failures generated based on our failure modeling of six real-world server failure traces. Our evaluation results show the effectiveness of our scheduling algorithms in robust job execution, with respect to both performance and cost.
{"title":"Robust Scheduling for Large-Scale Distributed Systems","authors":"Young Choon Lee, Jayden King, Young Ki Kim, Seok-Hee Hong","doi":"10.1109/TrustCom50675.2020.00019","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00019","url":null,"abstract":"In large-scale distributed systems, such as clouds, failures are rather the norm than the exception. These failures include job failures, server failures, network outage and power failure. Among them, server failures are most common. With the wide adoption of cloud computing, the impact of server failures in clouds is far greater than that in traditional computer clusters as jobs of different tenants are often co-located (multi-tenancy). In this paper, we address the problem of robust scheduling, with realistic failure modeling, to minimize such impact on the execution of (co-located) jobs. To this end, we develop four online failure-aware (FA) scheduling algorithms, FAFF-WJ, FAFF-FC, FABF-WJ and FABF-FC, considering the availability and reliability of servers. In particular, FF (First-Fit) and BF (Best-Fit) indicate how the availability of servers is checked while WJ (Waiting Job) and FC (Failure Count) differ primarily in whether the reliability is measured from job's perspective or server's perspective. All four algorithms are designed essentially by combining these availability and reliability check methods. We evaluate our scheduling algorithms with failures generated based on our failure modeling of six real-world server failure traces. Our evaluation results show the effectiveness of our scheduling algorithms in robust job execution, with respect to both performance and cost.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129110558","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00260
Hossein Rezaeighaleh, C. Zou
Bitcoin and other altcoin cryptocurrencies use the Elliptic-Curve cryptography to control the ownership of coins. A user has one or more private keys to sign a transaction and send coins to others. The user locks her private keys with a password and stores them on a piece of software or a hardware wallet to protect them. A challenge in cryptocurrencies is losing access to private keys by its user, resulting in inaccessible coins. These coins are assigned to addresses which access to their private keys is impossible. Today, about 20 percent of all possible bitcoins are inaccessible and lost forever. A promising solution is the off-chain recovery transaction that aggregates all available coins to send them to an address when the private key is not accessible. Unfortunately, this recovery transaction must be regenerated after all sends and receives, and it is time-consuming to generate on hardware wallets. In this paper, we propose a new mechanism called lean recovery transaction to tackle this problem. We make a change in wallet key management to generate the recovery transaction as less frequently as possible. In our design, the wallet generates a lean recovery transaction only when needed and provides better performance, especially for micropayment. We evaluate the regular recovery transaction on two real hardware wallets and implement our proposed mechanism on a hardware wallet. We achieve a %40 percentage of less processing time for generating payment transactions with few numbers of inputs. The performance difference becomes even more significant, with a larger number of inputs.
{"title":"Efficient Off-Chain Transaction to Avoid Inaccessible Coins in Cryptocurrencies","authors":"Hossein Rezaeighaleh, C. Zou","doi":"10.1109/TrustCom50675.2020.00260","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00260","url":null,"abstract":"Bitcoin and other altcoin cryptocurrencies use the Elliptic-Curve cryptography to control the ownership of coins. A user has one or more private keys to sign a transaction and send coins to others. The user locks her private keys with a password and stores them on a piece of software or a hardware wallet to protect them. A challenge in cryptocurrencies is losing access to private keys by its user, resulting in inaccessible coins. These coins are assigned to addresses which access to their private keys is impossible. Today, about 20 percent of all possible bitcoins are inaccessible and lost forever. A promising solution is the off-chain recovery transaction that aggregates all available coins to send them to an address when the private key is not accessible. Unfortunately, this recovery transaction must be regenerated after all sends and receives, and it is time-consuming to generate on hardware wallets. In this paper, we propose a new mechanism called lean recovery transaction to tackle this problem. We make a change in wallet key management to generate the recovery transaction as less frequently as possible. In our design, the wallet generates a lean recovery transaction only when needed and provides better performance, especially for micropayment. We evaluate the regular recovery transaction on two real hardware wallets and implement our proposed mechanism on a hardware wallet. We achieve a %40 percentage of less processing time for generating payment transactions with few numbers of inputs. The performance difference becomes even more significant, with a larger number of inputs.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134086542","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: