Blockchain for Distributed Systems Security E-Book

IEEE Press Editorial BoardEkram Hossain, Editor in Chief

Giancarlo Fortino

Andreas Molisch

Linda Shafer

David Alan Grier

Saeid Nahavandi

Mohammad Shahidehpour

Donald Heirman

Ray Perez

Sarah Spurgeon

Xiaoou Li

Jeffrey Reed

Ahmet Murat Tekalp

About IEEE Computer Society

IEEE Computer Society is the world’s leading computing membership organization and the trusted information and career-development source for a global workforce of technology leaders including: professors, researchers, software engineers, IT professionals, employers, and students. The unmatched source for technology information, inspiration, and collaboration, the IEEE Computer Society is the source that computing professionals trust to provide high-quality, state-of-the-art information on an on-demand basis. The Computer Society provides a wide range of forums for top minds to come together, including technical conferences, publications, and a comprehensive digital library, unique training webinars, professional training, and the TechLeader Training Partner Program to help organizations increase their staff’s technical knowledge and expertise, as well as the personalized information tool myComputer. To find out more about the community for technology leaders, visit http://www.computer.org.

IEEE/Wiley Partnership

The IEEE Computer Society and Wiley partnership allows the CS Press authored book program to produce a number of exciting new titles in areas of computer science, computing, and networking with a special focus on software engineering. IEEE Computer Society members continue to receive a 15% discount on these titles when purchased throughWiley or at wiley.com/ieeecs.

To submit questions about the program or send proposals, please contact Mary Hatcher, Editor, Wiley-IEEE Press: Email: [email protected], Telephone: 201-748-6903, JohnWiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030-5774.

Blockchain for Distributed Systems Security

Copyright © 2019 the IEEE Computer Society, Inc. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey. Published simultaneously in Canada.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permission.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Cataloging-in-Publication Data is available.

ISBN: 978-1-119-51960-7

CONTENTS

Cover

IEEE Press Editorial Board

Foreword

Preface

Note

List of Contributors

Part I Introduction to Blockchain

1 Introduction

1.1 Blockchain Overview

1.2 Overview of the Book

References

2 Distributed Consensus Protocols and Algorithms

2.1 Introduction

2.2 Fault-tolerant Consensus in a Distributed System

2.3 The Nakamoto Consensus

2.4 Emerging Blockchain Consensus Algorithms

2.5 Evaluation and Comparison

2.6 Summary

Acknowledgment

References

Notes

3 Overview of Attack Surfaces in Blockchain

3.1 Introduction

3.2 Overview of Blockchain and its Operations

3.3 Blockchain Attacks

3.4 Blockchain's Peer-to-Peer System

3.5 Application Oriented Attacks

3.6 Related Work

3.7 Conclusion and Future Work

References

Part II Blockchain Solutions for Distributed Systems Security

4 ProvChain: Blockchain-based Cloud Data Provenance

4.1 Introduction

4.2 Background and Related Work

4.3 ProvChain Architecture

4.4 ProvChain Implementation

4.5 Evaluation

4.6 Conclusions and Future Work

Acknowledgment

References

5 A Blockchain-based Solution to Automotive Security and Privacy

5.1 Introduction

5.2 An Introduction to Blockchain

5.3 The Proposed Framework

5.4 Applications

5.5 Evaluation and Discussion

5.6 Related Works

5.7 Conclusion

References

6 Blockchain-based Dynamic Key Management for IoT-Transportation Security Protection

6.1 Introduction

6.2 Use Case

6.3 Blockchain-based Dynamic Key Management Scheme

6.4 Dynamic Transaction Collection Algorithm

6.5 Time Composition

6.6 Performance Evaluation

6.7 Conclusion and Future Work

References

7 Blockchain-enabled Information Sharing Framework for Cybersecurity

7.1 Introduction

7.2 The BIS Framework

7.3 Transactions on BIS

7.4 Cyberattack Detection and Information Sharing

7.5 Cross-group Attack Game in Blockchain-based BIS Framework: One-way Attack

7.6 Cross-group Attack Game in Blockchain-based BIS Framework: Two-way Attack

7.7 Stackelberg Game for Cyberattack and Defense Analysis

7.8 Conclusion

References

Part III Blockchain Security Analysis

8 Blockcloud Security Analysis

8.1 Introduction

8.2 Blockchain Consensus Mechanisms

8.3 Blockchain Cloud and Associated Vulnerabilities

8.4 System Model

8.5 Augmenting with Extra Hash Power

8.6 Disruptive Attack Strategy Analysis

8.7 Simulation Results and Discussion

8.8 Conclusions and Future Directions

Acknowledgment

References

9 Permissioned and Permissionless Blockchains

9.1 Introduction

9.2 On Choosing Your Peers Wisely

9.3 Committee Election Mechanisms

9.4 Privacy in Permissioned and Permissionless Blockchains

9.5 Conclusion

References

Note

10 Shocking Blockchain's Memory with Unconfirmed Transactions: New DDoS Attacks and Countermeasures

10.1 Introduction

10.2 Related Work

10.3 An Overview of Blockchain and Lifecycle

10.4 Threat Model

10.5 Attack Procedure

10.6 Countering the Mempool Attack

10.7 Experiment and Results

10.8 Conclusion

References

11 Preventing Digital Currency Miners from Launching Attacks Against Mining Pools Using a Reputation-based Paradigm

11.1 Introduction

11.2 Preliminaries

11.3 Literature Review

11.4 Reputation-based Mining Model and Setting

11.5 Mining in a Reputation-based Model

11.6 Evaluation of Our Model Using Game-theoretical Analyses

11.7 Concluding Remarks

Acknowledgment

References

Part IV Blockchain Implementation

12 Private Blockchain Configurations for Improved IoT Security

12.1 Introduction

12.2 Blockchain-enabled Gateway

12.3 Blockchain-enabled Smart End Devices

12.4 Related Work

12.5 Conclusion

References

Notes

13 Blockchain Evaluation Platform

13.1 Introduction

13.2 Hyperledger Fabric

13.3 Measures of Performance

13.4 Simple Blockchain Simulation

13.5 Blockchain Simulation Introduction

13.6 Conclusion and Future Work

References

14 Summary and Future Work

14.1 Introduction

14.2 Blockchain and Cloud Security

14.3 Blockchain and IoT Security

14.4 Blockchain Security and Privacy

14.5 Experimental Testbed and Performance Evaluation

14.6 The Future

Index

List of Tables

Chapter 2

Table 2.1

Table 2.2

Table 2.3

Table 2.4

Table 2.5

Table 2.6

Chapter 4

Table 4.1

Table 4.2

Chapter 5

Table 5.1

Chapter 6

Table 6.1

Table 6.2

Table 6.3

Table 6.4

Table 6.5

Chapter 7

Table 7.1

Chapter 8

Table 8.1

Chapter 10

Table 10.1

Chapter 11

Table 11.1

Table 11.2

Chapter 13

Table 13.1

List of Illustrations

Chapter 1

Figure 1.1 Block structure.

Figure 1.2 Blockchain architecture.

Figure 1.3 Supply-chain provenance overview.

Chapter 2

Figure 2.1 Example for Theorem 1—a three-component message-passing system with one compone...

Figure 2.2 The normal operation protocol of VSR for a three-replica system.

Figure 2.3 The normal operation protocol of PBFT for a four-replica system.

Figure 2.4 One-hop block propagation between two nodes.

Chapter 3

Figure 3.1 Hard fork resulting from a set of peers following conflicting rules.

Figure 3.2 Stale vs. orphan blocks. Note that the stale block (block 2, bottom, and block ...

Figure 3.3 Illustration of selfish mining.

Chapter 4

Figure 4.1 ProvChain system interaction.

Figure 4.2 ProvChain system architecture.

Figure 4.3 Provenance data collection and storage.

Figure 4.4 Merkle tree.

Figure 4.5 Blockchain receipt.

Figure 4.6 Transaction and block information.

Figure 4.7 Average response time with different file size.

Figure 4.8 Bytes throughput over time.

Figure 4.9 Number of transactions per second.

Figure 4.10 Response time distribution.

Chapter 5

Figure 5.1 The structure of a Merkle tree.

Figure 5.2 An evaluation of the processing time for validating new blocks [6].

Figure 5.3 An overview of the proposed method.

Figure 5.4 WRSU process utilizing the BC architecture.

Figure 5.5 (a) The WVI prototype based on a BeagleBone Black and our developed communicati...

Figure 5.6 A comparison of the packet overhead of BC-based and certificate-based framework...

Figure 5.7 A comparison of the latency of BC-based and certificate-based frameworks.

Chapter 6

Figure 6.1 The relationship between ITS, VCS, and IoT.

Figure 6.2 The conventional mobile node handover process.

Figure 6.3 VCS network structure; (a) traditional structure; (b) blockchain-based structur...

Figure 6.4 Cross-domain key handover handshake procedures in traditional structure.

Figure 6.5 Same-domain key handover handshake procedures in traditional structure.

Figure 6.6 Handshake procedures of cross-domain handover in distributed ledger technology ...

Figure 6.7 Computation time of cryptographic schemes with respect to the transaction numbe...

Figure 6.8 The block preparation time with respect to the transaction number.

Figure 6.9 Key handover processing time comparison between structures and schemes; (a) tim...

Figure 6.10 Average transaction number under various traffic levels.

Figure 6.11 Key handover time under the transaction collection periods.

Figure 6.12 Key handover time results measured in one second; (a) key handover time compari...

Figure 6.13 Decreased key handover time in percentage.

Chapter 7

Figure 7.1 A typical Blockchain-based information-sharing framework among multiple organiz...

Figure 7.2 A typical structure of Blockchain for information sharing [13].

Figure 7.3 Variation of expected utility vs. the number of cross-group participants, where...

Figure 7.4 Example of expected group utilities.

Figure 7.5 Expected utility of different organizations with different security/investment ...

Figure 7.6 Expected security/investment levels caused by cyberattack impact vs. iterations...

Figure 7.7 Variation of attack impact vs. iterations.

Figure 7.8 Variation of expected attacker utility vs. iterations.

Chapter 8

Figure 8.1 Overview of block mining process.

Figure 8.2 Layout of a block in Blockchain.

Figure 8.3 Proof of Activity (PoA) in flow.

Figure 8.4 Effect on average reward in proportional pool.

Figure 8.5 Effect on average number of

Shares

in proportional pool.

Figure 8.6 Effect on average reward in PPLNS pool.

Figure 8.7 PPLNS reward variation vs. window length (

N

).

Chapter 10

Figure 10.1 Transaction life cycle in a Blockchain-based cryptocurrency.

Figure 10.2 Temporal study of mempool size and mining fee paid by the users in a popular Bl...

Figure 10.3 Analysis of fee-based design. Notice that as the mining fee increases, the memp...

Figure 10.4 Analysis of age-based design. Notice that with age-based design, the accuracy, ...

Figure 10.5 Performance of fee-based and age-based designs under mempool DDoS attack. Notic...

Chapter 11

Figure 11.1 Reputation-based mining model.

Chapter 12

Figure 12.1 The blockchain-enabled gateway strategy implemented for a smart home.

Figure 12.2 Our Ethereum gateway prototype implements a local access control solution. In t...

Figure 12.3 An edited snippet of the Solidity smart contract used to manage the building ac...

Figure 12.4 The Blockchain-enabled End Devices strategy implemented for a smart home. This ...

Figure 12.5 Our Hyperledger-fabric enabled temperature sensors host a blockchain between th...

Figure 12.6 A Hyperledger smart contract storing sensor values.

Figure 12.7 Our hardware-integrated smart contract architecture allows for device drivers i...

Figure 12.8 The contract of

Org1

invokes the sensor reading function

putSensor

of the smart...

Chapter 13

Figure 13.1 Screenshot of artifact generation script output.

Figure 13.2 Screenshot of console outputs from the start script for the basic-network examp...

Figure 13.3 Example view of a docker-compose yml configuration file.

Figure 13.4 Example terminal results for the docker ps command of the basic network.

Figure 13.5 Terminal view of the output logs produced by the orderer node.

Figure 13.6 Terminal output for the Kafka example.

Figure 13.7 Terminal results for the docker ps command while running the Kafka system.

Figure 13.8 Terminal output from the initialize_all script that runs and tests the Kafka bl...

Figure 13.9 Terminal output from the docker ps command; notice the chaincode containers tha...

Figure 13.10 Terminal output after stopping the network.

Figure 13.11 Illustration of the process to measure a single transaction per second.

Figure 13.12 Illustration of measuring total system transactions per second.

Figure 13.13 Example output of performance in simulated proof-of-stake blockchain system.

Figure 13.14 Example output of performance in simulated proof-of-stake blockchain system wit...

Figure 13.15 Example output reporting the average number of times the highest staked holder ...

Figure 13.16 Illustration of a basic configuration of Hyperledger Fabric.

Figure 13.17 Illustration of a practical Byzantine fault tolerant consensus process.

Figure 13.18 Performance in transactions per second to process a single transaction with PBF...

Figure 13.19 Performance in transactions per second to process a single transaction with Kaf...

Figure 13.20 Illustration of linked list similarities to blockchain data structures.

Figure 13.21 Illustration of a simulated blockchain system.

Figure 13.22 Illustration of a Hyperledger Fabric system connected and interacting with a si...

Figure 13.23 Image of the type of entities that are in the simulated world.

Figure 13.24 Top down view of the simulated environment.

Figure 13.25 Game view of the simulated world with entities connected to the real blockchain...

Guide

Cover

Table of Contents

Chapter

Pages

C1

ii

iii

iv

xiii

xiv

xv

xvi

xvii

xix

xx

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

319

320

321

322

323

324

e1

Foreword

The success of the United States Department of Defense (DoD) in the future battlefield will hinge on the ability to protect the cyber infrastructure from loss of personal identifiable information, tampering of sensitive data, and interruption of services. Although all cyber risks are critical and need to be addressed, issues related to data integrity are most acute, as data tampering can have a huge impact on mission critical services that depend upon reliable data. The current cyber defense solutions are unable to combat data breaches effectively and are typically reactive in nature, and cannot keep up with the exponentially increasing cyber threats. Cyber defense solutions should be able to protect data despite attempts by adversaries to derail their effectiveness.

There is a pressing need for a paradigm shift in the development of next generation cyber defense strategies. Blockchain is an emerging technology that could address cyber security challenges, such as identity management and data provenance for distributed systems. Blockchain technology provides several advantages in building resilient cyber defense solutions. First, blockchains are shared, distributed, and fault-tolerant databases that every participant in the network can share, but no entity can control, and is resilient to single point of failure. Second, data integrity is ensured as tampering of blockchains is extremely challenging due to the use of a cryptographic data structure and lack of reliance on secrets. Third, blockchains assume the presence of adversaries in the network, making compromise by adversaries significantly expensive. Blockchain solutions for cyber security could represent a paradigm shift in how data manipulation will be defended by creating a trusted system in a trustless environment. Cloud, the Internet of Things (IoT), and the Internet of Battlefield Things (IoBT) are being used as distributed platforms. However, these platforms are plagued by numerous vulnerabilities that allow adversaries to gain access to sensitive information and disrupt services. A blockchain-empowered security platform will ensure the integrity of the data exchanged in these systems and reduce risks from data breach attacks.

Under the 2018 National Defense Authorization Act, the DoD will conduct a comprehensive study of blockchain, particularly in the context of cybersecurity. There have been DoD investments (research grants, SBIR/STTR awards, etc.) in the investigation of blockchain for secure message delivery in tactical scenarios, additive manufacturing, and the protection of supply chains. On the flip side, there is growing concern that malware or other illicit content, once introduced into a blockchain, would be very hard to remove. There is also growing concern about the threat to blockchain posed by quantum computing.

The focus of the book is on providing blockchain-based solutions to distributed systems to ensure a resilient and reliable cyberinfrastructure for operations and missions. Most current books on blockchain only focus on impacts in the financial sector. There is a need for books to understand how the blockchain's impact goes beyond cryptocurrency, and to address security and privacy issues in cloud and IoT/IoBT platforms. The topics in the book provide blockchain-empowered solutions to protect cloud and IoT/IoBT platforms. The book also presents security challenges that must be addressed for blockchain technologies to reach their full potential.

Dr. Ananthram Swami Senior Research Scientist (ST) for Network Science, ARL Fellow, IEEE Fellow US Army Research Laboratory, Adelphi, MD

Preface

Cyberattacks have increasingly targeted commercial, government, and military enterprises with the goal to steal sensitive information and/or disrupt service. There is an urgent need for cyber defense solutions to ensure traceable and tamper-evident accountability and auditability of command and control, logistics, and other critical mission data as future operations will involve the convergence of multiple domains and a heavily contested cyberspace. Thus, the emphasis needs to be on cyber defense solutions that can ensure resilient operation during adversarial attempts to thwart normal operation. The existing cyber defense solutions are reactive and are not able to combat the impact of the exponential rise in cyber threats. Centralized or homogenous information assurance systems and databases must evolve to possess distributed, disintermediated, and secure capabilities.

The cyber warfare strategy will come down to the ability to conduct operations on data in a secure and trusted environment. In order to win the cyber warfare, the military needs to protect data operations by (i) preventing adversarial access to networks housing critical data, (ii) ensuring the integrity of data despite the presence of the adversary on the network, and (iii) being resilient to the adversary's efforts to manipulate data. At the same time, the emergence of cloud and the Internet of Things to support on-demand computing, dynamic provisioning, and management of autonomous systems has increased the need to improve their security. Security assurance of intracloud and intercloud data management and transfer is a key issue. Cloud auditing can only be effective if all operations on the data can be tracked reliably. Assured provenance data can help detect access violations within the cloud computing infrastructure. The Internet of Things (IoT) in the military context interconnects warfighting resources, such as sensors, munitions, weapons, vehicles, robots, and wearable devices, to perform tasks such as sensing, communicating, acting, and collaborating with human warfighters. The massive scale and distributed nature of IoT devices will create several security and privacy challenges. Firstly, the underlying IoT networking and communication infrastructure needs to be flexible and adaptive to support dynamics military missions. This dynamic change to the communication infrastructure needs to happen in an autonomous fashion without reliance on centralized maintenance services. Second, there is a need to ensure the veracity of the information made available through the IoT devices. There is a need for a trusted platform to ensure the information consumed by the human warfighters are accurate.

Blockchain and distributed ledger technologies as a whole demonstrate the potential of a truly distributed and disintermediated mechanism for accountability and auditability. Blockchains are shared, distributed, and fault-tolerant databases that every participant in the network can share, but no entity can control. Blockchains assume the presence of adversaries in the network and nullify adversarial strategies by harnessing the computational capabilities of the honest nodes, and the information exchanged is resilient to manipulation and destruction. This ability allows leaders to continue military operations despite adversarial attempts to cause disruption. Blockchain solutions for cyber security will represent a paradigm shift in how data manipulation will be defended. Blockchain has the ability to create a trusted system in a trustless environment.

Tampering of blockchains is extremely challenging due to the use of a cryptographic data structure and no reliability of secrets. Blockchain has the potential to enhance cyber defense with its ability to prevent unauthorized actions through distributed consensus mechanisms and provision of data integrity through its immutability, auditability, and operational resilience (ability to withstand a single point of failure) mechanisms. Though blockchain is not a panacea for all cyber security challenges, the technology does have the ability to help organizations tackle cyber security risk issues such as identity management, provenance, and data integrity.

The focus of the book is on providing blockchain-based solutions to distributed systems to ensure a resilient and reliable cyberinfrastructure for operations and missions. There is a need to understand how blockchain's impact goes beyond cryptocurrency and can address distributed security and privacy issues in cloud and IoT platforms. The topics in the book describe the properties underlying formal foundations of blockchain technologies and practical issues for deployment in cloud and IoT platforms. In addition, the book also presents security and privacy issues that must be solved for blockchain technologies to reach full potential. Three book chapters (Chapters 4,5, and 8) are based on research articles that were voted as Top Blockchain papers at the 2019 Blockchain Connect Conference.1

This material is based on research sponsored by the Air Force Research Laboratory (AFRL) under agreement number FA8750-16-0301, and we would like to thank AFRL for their financial support, collaboration, and guidance. The US Government is authorized to reproduce and distribute reprints for governmental purposes notwithstanding any copyright notation thereon. The work described in this book was also partially supported by other sources acknowledged in individual chapters.

The editors would like to acknowledge the contributions of the following individuals (in alphabetical order): Abdulhamid Adebayo, Philip Asuquom, Shihan Bao, Yue Cao, Haitham Cruickshank, Ali Dorri, Peter Foytik, Arash Golchubian, Y. Thomas Hou, Raja Jurdak, Salil S. Kanhere, Kevin Kwiat, Adriaan Larmuseau, Ao Lei, Jin Li, Xueping Liang, Wenjing Lou, Andrew Miller, Aziz Mohaisen, Mehrdad Nojoumian, DaeHun Nyang, Danda B. Rawat, Muhammad Saad, Devu Manikantan Shila, Jeffrey Spaulding, Marco Steger, Zhili Sun, Deepak Tosh, Yang Xiao, and Ning Zhang. We would like to extend our thanks to Misty Blowers, Jerry Clarke, Jim Perretta, and Val Red for their valuable support and guidance. We would like to thank Paul Ratazzi, Robert Reschly, and Michael Weisman for technical review support. Last, we would like to extend thanks and acknowledgment to Jovina E. Allen, Walter J. Bailey, Sandra B. Fletcher, Lisa M. Lacey, Sandra H. Montoya, Lorri E. Roth, and Jessica D. Schultheis, who helped edit and collect the text into its final form, and to Mary Hatcher and Vishnu Narayanan of Wiley for their kind assistance in guiding this book through the publication process.

Disclaimer: The views and content expressed in this book are those of the authors and do not reflect the official policy or position of the Department of Defense, or the US Government.

Note

1

https://medium.com/blockchain-connect-conference/top-50-blockchainpapers-and-research-team-lead-you-to-the-frontier-of-blockchainacademic-277b0358b784

List of Contributors

Abdulhamid Adebayo

Howard University

Philip Asuquom

University of Surrey

Shihan Bao

University of Surrey

Yue Cao

Northumbria University

Haitham Cruickshank

University of Surrey

Ali Dorri

University of New South Wales

Peter Foytik

Old Dominion University

Arash Golchubian

Florida Atlantic University

Y. Thomas Hou

Virginia Tech

Raja Jurdak

University of New South Wales

Salil S. Kanhere

University of New South Wales

Kevin Kwiat

CAESAR Group

Adriaan Larmuseau

United Technologies Research Center China

Ao Lei

University of Surrey

Jin Li

Guangzhou University, Guangzhou, China

Xueping Liang

Old Dominion University

Wenjing Lou

Virginia Tech

Andrew Miller

University of Illinois at Urbana-Champaign

Aziz Mohaisen

University of Central Florida

Mehrdad Nojoumian

Florida Atlantic University

DaeHun Nyang

Inha University

Danda B. Rawat

Howard University

Muhammad Saad

University of Central Florida

Devu Manikantan Shila

United Technologies Research Center

Jeffrey Spaulding

University of Central Florida

Marco Steger

Virtual Vehicle Research Center, Graz, Styria, Austria

Zhili Sun

University of Surrey

Deepak Tosh

University of Texas at El Paso

Yang Xiao

Virginia Tech

Ning Zhang

Washington University in St. Louis

Part IIntroduction to Blockchain

1Introduction

Sachin S. Shetty,1 Laurent Njilla,2 and Charles A. Kamhoua3

1Old Dominion University, Virginia Modeling, Analysis and Simulation Center, Norfolk, VA, USA

2US Air Force Research Lab, Cyber Assurance Branch, Rome, NY, USA

3US Army Research Laboratory, Network Security Branch, Adelphi, MD, USA

1.1 Blockchain Overview

Blockchain technology has attracted tremendous interest from a wide range of stakeholders, which include finance, healthcare, utilities, real estate, and government agencies [1–5]. Examples of potential applications of this technology are claims processing, transparency and auditing of operations, identity management, supply chain provenance to address the threat of counterfeit products, and integrity of the information acquired from Internet of Things (IoT) devices. Blockchains are a shared, distributed, and fault-tolerant database that every participant in the network can share, but no entity can control. The technology is designed to operate in a highly contested environment against adversaries who are determined to compromise. Blockchains assume the presence of adversaries in the network and nullify the adversarial strategies by harnessing the computational capabilities of the honest nodes, and the information exchanged is resilient to manipulation and destruction. Blockchains facilitate the development of trustworthy networks in a trustless environment.

The premise of blockchain is that applications do not need a trusted central authority to operate and can function in a decentralized fashion. Blockchain enables exchange of information among distrusting entities. Blockchain enables trustless networks and allows entities to engage in transactions in the absence of mutual trust. There is an assumption that a communication medium could be compromised by insiders or outsiders. The reconciliation process between entities is sped up due to the absence of a trusted central authority or intermediary. Tampering of blockchains is extremely challenging due to the use of a cryptographic data structure and no reliability of secrets. Blockchain networks are fault tolerant, which allows nodes to eliminate compromised nodes.

Blockchains have the following advantages over centralized databases: (i) ability to directly share a database across diverse boundaries of trust in situations where it is difficult to identify a trusted, centralized arbitrator to enforce constraints of proof of authorization and validity. In a blockchain, transactions leverage their own proof of validity and authorization based on a verification process managed by multiple validating nodes and a consensus mechanism that ensures synchronization; and (ii) ability to provide robustness in an economical fashion without the need for expensive infrastructure for replication and disaster recovery. Blockchain requires no configuration to connect and synchronize nodes in a peer-to-peer (p2p) fashion, with built-in redundancy and no need for close monitoring. It can tolerate multiple communication link failures, allows external users to transmit transactions to any node, and ensures disconnected nodes will be caught up on missed transactions.

Blockchain's distributed database maintains a continuously growing list of records, called blocks, secured from tampering and revision by distributed storage and continuous verification. The blocks contain a temporal listing of transactions that are stored in a public ledger using a persistent, immutable, and append-only data structure that is globally viewable by every participant in the underlying p2p network. When such an elegant data structure is considered to track data transactions in a distributed environment, the block structure contains attributes such as the set of user transactions, a timestamp, a reference to a previous block in the blockchain, Merkle root of the transactions, and so on. In this manner, the blocks are linked together to form a chain, where the hash of the previous blocks helps to maintain the integrity of the whole blockchain (Figure 1.1).

Figure 1.1 Block structure.

1.1.1 Blockchain Building Blocks

Blockchain technology's effectiveness hinges on the following three main components: a decentralized network, distributed consensus, and cryptographically secure algorithms. Figure 1.2 illustrates the basic blockchain architecture.

Figure 1.2 Blockchain architecture.

The key features of each of the components are as follows:

Decentralized Network

—The function of the decentralized network is to ensure the propagation of transaction messages among the nodes responsible for maintaining the distributed ledger. The network protocol allows the transaction message to be broadcast from any node to all nodes in the decentralized network. However, the network is not a pure broadcast medium and allows nodes to propagate messages that represent valid transactions. The network can be part of a private or public blockchain that has ramifications on network performance and security. Irrespective of whether the blockchain is public or private, the decentralized network is based on a p2p architecture. The nodes can join and leave freely. There is no centralized arbitrator. The network has built-in redundancy and robustness to mitigate node and link failures.

Distributed Consensus

—Blockchain uses consensus protocols over a decentralized p2p network for verification of transactions prior to adding blocks to the public ledger. The consensus protocol receives messages from the p2p network and inserts transactions in the distributed ledger. The consensus protocol is responsible for mining blocks and reaching consensus on their integration in the blockchain. The consensus protocol chooses the set of transactions that is accepted after passing a verification process. The verification process is determined by users and does not require a centralized administrator. The consensus protocols ensure that the newly added transactions are not at odds with the confirmed transactions in the blockchain and maintain the correct chronological order. The newly added transactions that are waiting to be confirmed are packed in a block and submitted to the blockchain network for validation.

Cryptographically Secure Algorithm

—The foundational component of blockchain technology is the cryptosystem. State-of-the art blockchains’ cryptography systems use public key algorithms such as Elliptic Curve Cryptography, and message digests such as SHA3-256. In a typical blockchain application, an Elliptic Curve key pair that contains a public key and private key is generated based on Secp256K1 curves. The private key has the traditional usage of being kept secret and utilized to sign transactions. For instance, in the case of bitcoin use, when a user exchanges bitcoins with another user, the user will sign the transaction with their private key prior to announcing to the network. Once the transaction is signed, the miners in the network will use consensus algorithms to verify the validity of the transaction signature, and validation is achieved.

1.1.2 Blockchain Commercial Use Cases

Home IoT—“Smart home” is an emerging Internet of Things (IoT) application that aims to provide higher accessibility to all home accessories and personalized user experience for the appliances. To operate efficiently, IoT hubs in smart homes collect and analyze a lot of sensible data from the home area network of all smart devices. With the gathered data, it is easy to derive usage patterns and user behaviors in the home environment, thus creating a digital trail of families in smart homes. However, this information could easily fall into the wrong hands, or the vendors could use the information to promote additional products. Therefore, when more smart technologies are added to smart homes, there is an increased possibility of a severe privacy breach. Conventional approaches may fail to achieve credible security and privacy in IoT because the IoT framework has particular characteristics. These characteristics include decentralized topology, resource-constrained devices, limited network performance, and minimal security standards for IoT devices. The introduction of blockchain technology could potentially address smart home challenges in an efficient manner because of the following facts: blockchain does not rely on a centralized control; instead, it works in a distributed network setting that is similar to IoT. As a result, blockchain avoids the problem of single-point failure and improves scalability. Moreover, blockchain inherently offers the anonymity that is required in the IoT environment, where identities must be kept private. Irrespective of the several advantages produced by blockchain technology, integration in the smart home environment may create the following obstacles: first, blockchain mining is computationally intensive in nature, and this requires decent computing capabilities in the participating devices; however, IoT devices have a heterogeneous computational power that may not be sufficient to mine blocks in a desirable amount of time. The second problem is that of data storage since blockchain is nothing but a distributed ledger stored locally to verify transactions; however, smart devices, such as various sensors, have a limited storage capacity. Finally, blockchain protocols also consume significant network capacity for internal communication, which may be undesirable for bandwidth-seeking smart devices.

Transportation Sector—In vehicle-to-vehicle (V2V) systems, vehicles communicate information with other vehicles. In vehicle-to-infrastructure (V2I) systems, vehicles communicate with the road network infrastructure to improve the safety and efficiency of the vehicle transportation infrastructure. Early examples of such systems are web-enabled tools such as Waze, a tool that provides real-time traffic conditions based on users, speed, and vehicle location. Even simple systems, such as automatic toll collection, stem from the idea of V2I. Futuristic examples are systems in which a car communicates its position on the road with other cars around it to prevent collisions, or for that vehicle to communicate with the transportation infrastructure, such as traffic signals, to provide better information on arriving vehicles to help it better manage traffic. In a global sense, each vehicle, traffic controller, and piece of road infrastructure can potentially become an IoT device, and each piece is connected to and can communicate through the Internet. The integrity of these devices must be ensured; the data that they produce will be critical. Blockchain technology can be applied to this area by confirming that a vehicle's ID is what it says it is, which is done by tracking its location on the road network. This would also prevent spoofed vehicles from tampering with or maliciously affecting automated systems. In 2014, Israeli students spoofed the Waze transportation application to report heavy congestion on a road when there was no traffic [6]. The students did this by reporting data on fake vehicles on the network at a particular road segment. A blockchain solution could have helped to autonomously manage vehicles IDs and their movements over the road network, and this would not allow systems such as Waze to account for vehicles that have just dropped onto particular segments. Moreover, the transportation infrastructure can ensure the integrity of vehicle data to help the autonomous systems make decisions based on a level of confidence in the data, backed by the knowledge of the valid history of the data.

Energy Sector—Blockchain technology has been proposed for use in the electric sector in the following application areas:

Transactive energy—support distributed energy resource (DER) and its interaction with DER management systems (DERMS)

eMobility—ability to transact energy charging at stations in multiple service territories

Customer contracts—removing the middleman from the retail energy market

Blockchain technology can be used to provide supply chain security for the electric sector. Utilities are constantly installing new operations technology (OT) equipment and updating existing software and firmware in control system devices. One problem with this method is ensuring the integrity of the software and/or firmware. Some vendors use a digital signature when they distribute software and/or firmware updates, but this does not address the initial deployment. In addition, some vendors use a hash (typically MD5) as an integrity check. MD5 is not technically secure because it has a collision problem. That is, the same hash value can be computed on two different messages. Blockchain technology can be used to ensure software and/or firmware integrity in the electric sector security supply chain.

Consumer Electronics—Blockchain technology will impact the Consumer Electronics (CE) industry by providing cyber supply-chain provenance [7], where the customers as well as providers expect transparency for product information and delivery [8, 9]. Blockchain technology can mitigate cyber supply-chain risks for the CE industry by providing open access to the processes of planning, implementing, and controlling the movement of materials and finished goods to end users. Developing techniques and tools to provide provenance assurance are the top priority for addressing cyber supply-chain risks in the CE industry such as counterfeits, unauthorized production, tampering, theft, insertion of malicious software and hardware, as well as poor manufacturing and development practices. The globalization of the cyber supply chain has resulted in software and firmware being developed by offshore enterprises and has resulted in tremendous savings for the electronic data systems (EDS) sector. However, the dependency on third-party services has resulted in more maliciousness across the stages of the cyber supply chain. Specifically, there is a need for tools or technologies that can adequately address the risks involved in supply-chain processes, sourcing, third-party vendor management (every actor that has physical or virtual access to software code and/or systems), acquisition of compromised software or hardware purchases from suppliers, embedded malware in hardware or counterfeit hardware, and third-party data storage or data aggregators. Solutions exist, such as side-channel fingerprinting, reverse engineering, and formal methods, which are mostly deployed at the chip level to detect the presence of counterfeit chips. However, these methods cannot be scaled to protect the whole cyber supply chain. Thus, there is a need for blockchain-based methodology to maintain provenance across the supply-chain stages, as depicted in Figure 1.3. Radical evolution of IoT technology also attracts the majority of the CE industry to operate over cloud infrastructure [10]; thus, building a data provenance system will preserve transaction integrity and prevent malicious activities by alerting the users in real time.

Figure 1.3 Supply-chain provenance overview.

Medical Sector—The recent influx of wearable medical devices promises to bring rich dividends to healthcare stakeholders. Wearable medical devices are networked computing devices equipped with sensors to track the patient's vital signs and physical activities. The data and the analytics can also be linked to Electronic Health Records (EHR), which can benefit patients by helping them to monitor their personal health, aid doctors in prescribing personalized medicine, and allow insurance providers to gain insight into the cost of providing medical care.

However, due to security and privacy concerns, it has been reported that medical device manufacturers have only instrumented 20–30% of their networked devices to be used in hospitals. There have been several vulnerabilities reported with medical devices. For instance, ICS-CERT reported that Hospira's Symbiq drug infusion pump [11], used by medical facilities to automatically administer doses of medication to patients based on the amount specified by the caretaker, is vulnerable. The vulnerability allows an attacker to change doses of the prescribed medicine and impact patient safety. In 2017, the US Food and Drug Administration (FDA) reported vulnerabilities in St. Jude Medical's heart devices [12]. It is obvious that connected medical devices are here to stay, and the likelihood for compromising medical devices will grow exponentially. The current cyber-security solutions for identity management are inefficient and lack the ability to immediately track failure and accountability.

In addition to compromised medical devices, there are several privacy concerns with health data collected from both wearable devices and EHR systems. Patients are concerned about the lack of transparency in which a healthcare stakeholder has access to their data and how their data are used. Current healthcare cyber-security solutions focus on improving data providers' responsibilities to detect data disclosure activities; however, it is equally important to protect data access and provide immediate notifications of improper data disclosure risks. In addition, over 300 EHR systems use a centralized architecture that is prone to single point of failure and suffers from lack of interoperability that results in the absence of a holistic and thorough view of personal health. It is reported that 62% of insured adults rely on their doctors to manage their health records [13], which limits their ability to interact with healthcare providers other than their primary doctor. Moreover, even though health providers are supposed to follow rules or laws, such as HIPAA (Health Insurance Portability and Accountability Act of 1996), there are still many entities that are not covered by any laws. Therefore, it is crucial that any provider with access to data should be accountable for their operations on the data, and any operation on the data needs to be audited.

Blockchain's capability to capture data provenance will facilitate secure tracking of medical devices from production to ongoing use. The provenance information encoded in the blockchain provides immutable and reliable workflow with a trusted ground truth. The ground truth can be used for transparent traceability and accountability when any device malfunctions, accidentally or as a result of a security attack. The capability will also be useful for autonomous monitoring and preventive maintenance of medical devices. As compared to existing cyber-defense solutions, blockchain's distributed consensus protocols, cryptography techniques, and decentralized control will reduce cyber threat risks for medical devices. Other benefits include streamlining the secure tracking of medical devices, cost savings, and improving patient privacy by secure and targeted access to patient data.

Blockchain relies on pseudoanonymity (replacing names with identifiers) and public key infrastructure (PKI) to maintain the privacy of users. The workshop [14] co-conducted by the Office of the National Coordinator (ONC) for Health IT and the National Institute for Standards and Technology (NIST) focused on blockchain usage in healthcare and research, aiming to clarify the implications of blockchain as an infrastructure for healthcare use cases including privacy preservation for predictive modeling, increasing interoperability between institutions on a large scale, immutability of health records, health insurance claim process improvement, health information exchange, healthcare delivery models with artificial intelligence, identity management, monetization strategies, and data provenance requirements.

Data Provenance in the Cloud—Assured data provenance in cloud computing is needed to keep track of data transactions generated by data operations in the cloud and detect malicious activities. The current state-of-the-art data provenance technologies involve comparing logged data generated by execution of software on physical or virtual resources. However, they fail to detect integrity violations and are typically conducted in a private setting to allow better ownership of assets. Also, the process is not scalable to federated cloud environments, is costly, and lacks transparency. Hence, there is a strong need to develop a data provenance framework for the cloud computing environment, where multiple representatives or virtual stakeholders can participate in maintaining transparent and immutable provenance information. Blockchain technology, where data are stored in a public, distributed and immutable ledger and maintained by a decentralized network of computing nodes, provides a decentralized and permanent record-keeping capability, which is critical for data provenance and access control in cloud data protection.

1.1.3 Blockchain Military Cyber Operations Use Cases

Blockchain as a distributed ledger system provides many features and functionalities that are needed for cyber operations, such as auditing of historical information, assured data provenance, guaranteed variability of integrity violations of historical data, and auditing of contents from tampering. Besides, blockchain has both cost effectiveness merits as well as transparency features, making it an appealing system for military cyber operations.

Generation of cyber assets—Blockchain can be utilized to generate cyber assets that will enable applications that rely on direct interaction between customers and assets. The blockchain system can aid in assuring the processes of issuance, transaction processing, and housing of cyber assets and identities.

Transfer of ownership of cyber assets—The blockchain system allows transfer of cyber assets between owners by leveraging the property of blockchain so that once a transaction is guaranteed, it cannot be reversed. Any changes will have to be appended and will not result in change of an already validated transaction, thereby ensuring nonreversibility of transfer of ownership.

Transparent and assured data provenance—Every operation on the cyber asset is encoded in the blockchain transaction using a publicly available and immutable ledger. The blockchain system ensures that provenance of every operation on the cyber asset is recorded and traceable.

Verifiability and audit—The distributed ledger keeps track of transactions pertaining to creation and transfer of cyber assets. The tamper-resistant property of the ledger facilitates variability and audit of operations.

Military Cyber Operations—Ensuring traceable and tamper-evident accountability and auditability of command and control, logistics, and other critical mission data among international partners is paramount as our future operations involve the convergence of multiple domains and a heavily contested cyberspace. Centralized or homogenous information systems and databases must evolve distributed, disintermediated, and secure capabilities. As such, trust with respect to operations involving international entities must not be rooted in one single entity. Trust must be decentralized and built around robust, innovative cryptographic paradigms transcending the traditional PKI typically utilized in most homogenous enterprises.

An innovative, distributed trust and identity management mechanism is a crucial enabling technology assuring identification, authentication, and authorization in a way that would further allow disintermediated accountability and auditability. Emerging blockchain and distributed ledger technologies as a whole demonstrate the potential of a truly distributed and disintermediated mechanism for accountability and auditability. The current production application of cryptocurrencies has already created unprecedented accountability and auditability in a way that disrupts traditional fiat currencies and disintermediates the way people are able to transact internationally via pseudonymous identity management via wallets in permissionless and public blockchain implementations.

The nuances of disintermediated international partnerships and information exchange involve some mutually exclusive research and development challenges distinct from the permissionless and public implementations of blockchain. For the level of identification, authentication, authorization, accountability, and auditability challenges that encompasses overall integrity concerns for international operations, even more robust distributed identity management mechanisms must be investigated. Furthermore, the underlying practice of consensus must vary from the latency-tolerant and performance-heavy implementations observed in cryptocurrencies. Most importantly, the distributed ledger technology mechanism may be private and permissioned; however, it must also not be vested in one single vendor's implementation in a way that inadvertently and ironically intermediates and centralizes information exchanges. We must thoroughly assess and demand interoperability and standardization among blockchain implementations for mission data, which further enables the disintermediated accountability and auditability required in our increasingly complex international operations in multiple domains.

1.1.4 Blockchain Challenges

Blockchain does have the potential to address cyber security issues in distributed systems. However, blockchain cannot be considered a panacea to address all cyber security concerns. Blockchain does have inherent capabilities to address integrity violations. However, assurance of confidentiality, availability, and authenticity is not guaranteed by blockchain and will require integration with several security solutions. Organizations that are considering blockchain to address cyber security issues should carefully assess whether the technology is a good fit. Specifically, the below outline is a good start to identify whether the organization does need blockchain to replace the existing solution [15]:

Do you have concerns regarding the ability of the centralized database to withstand failures?

Are there multiple stakeholders responsible for modifying the contents of the database?

Do the multiple parties operate under differing trust domains?

Are there clear defined rules to control data input?

Is there a value proposition in having validators in the form of consensus?

Once the need for distributed blockchain has been justified, the next steps are to identify the blockchain solution that's a good fit for the organization. There are several aspects that need to be addressed, such as the type of data encoded in the blockchain transactions, frequency of transactions, the infrastructure used to store the blockchain (public or permissioned), key management system, number of validators, bootstrap time, ability of smart contracts to learn rules dynamically, attack surfaces in the blockchain solution, etc. For instance, for the healthcare sector, the type of data stored in the blockchain needs to be carefully identified as any sensitive information can be subjected to confidentiality attacks. Any organization that would like to ensure that activities of participants in the blockchain are compliant would prefer permissioned blockchain [16].

Below is a summary of key research challenges that need to be addressed for realizing a practical blockchain solution.

Scalability—Bitcoin's current implementations are not scalable due to the fact that it takes 10 minutes or longer to confirm transactions and seven transactions is the maximum throughput that can be achieved. There is a need for fundamental research to develop a scalable blockchain platform. Prior to developing a scalable blockchain platform, it is imperative to not only define scalability in the context of blockchain, but also identify metrics to quantify scalability. There have been efforts to improve the scalability in blockchain by modifying parameters such as block size and block intervals. However, these efforts to achieve scaling through reparameterization alone can only realize limited benefits and do not address network performance issues. Network performance is exacerbated due to blockchain's p2p overlay network protocol, degree of decentralization, and number of peers in the network. The throughput of blockchain depends on the throughput of the overlay network that determines the rate at which blocks propagate and the percentage of nodes involved in the exchange of blocks in a given time interval. For example, if the transaction rate reaches 80% of the throughput, it is quite possible that 10–20% of the p2p nodes will not be able to render services and reduce effective network mining power.

There is a need to develop new architectures for blockchain to ensure sufficient scalability without sacrificing decentralization. The architecture should involve protocol design strategies across several layers, namely network, consensus, and storage. There is also a need to identify and measure scalability metrics such as throughput, latency, bootstrap time, storage, cost of confirmed transaction, fairness, and network utilization. The architecture will also need to be designed to address issues such as, “Does exploitation of system parameters to improve scalability sacrifice security properties?” and “What is the degree of resilience of the system during a cyberattack?”

Network Layer—The objective of the network layer in the blockchain architecture is to provide an effective mechanism to propagate transaction messages. The network layer ensures that messages from any participant can be transmitted to all the nodes in the blockchain network. However, the network layer does not operate in full broadcast mode and nodes exchange messages that contain validated transactions. And, in most current implementations of the blockchain network, the network is heavily underutilized and limits throughput. Thus, the network layer in blockchain is a bottleneck in the processing of transactions.

Consensus Layer—The consensus layer is responsible for validating transactions and uses the network layer to deliver messages and record the transactions in the distributed ledger. The consensus protocols include proof of work (PoW), proof of stake (PoS), and byzantine fault tolerance. Traditional blockchain technology relies heavily on the underlying PoW mechanism to achieve consensus in the decentralized system where the miner has to spend its computational power to solve the cryptopuzzle so as to successfully include its block in the blockchain. With such an approach, miners opt for various specialized hardware to achieve their computational ability. The eventual goal of the miners is to win the block-adding race so that they can be rewarded, and a significant amount of energy is required to do so. For a simple example, if we consider the case of Bitcoin's blockchain, the miners compete to get the reward of 25 Bitcoin, which is worth approximately $20,000 and is freshly minted for the winning miner every 10 minutes. Thus, the amount of reward per second is $33.30, and if we assume the rate of industrial electricity is $0.01/KWhr, then we can approximately state that Bitcoin miners use energy of 1100 MW per second. This substantial quantity is spent to reach consensus using the PoW approach and most of it is used in computing the irreversible SHA256 hashing function. Since the value of direct incentives will diminish eventually, the critical question of “how will the PoW miners be motivated to mine?" has to be addressed so as to smoothly run the consensus process. PoS consensus protocol is interestingly attractive; it provides block inclusion decision-making power to those entities that have stakes in the system irrespective of the blockchain's length or history of the public ledger. The principal motivation behind this scheme is to place the power of leader election in the blockchain update process into the hands of the stakeholders. This is done to ensure that the security of the system will be maintained while the members’ stakes are at risk. Roughly speaking, this approach is similar to the PoW consensus except the computational part. Hence, a stakeholder's chances to extend the blockchain by including its own block depend proportionately on the amount of stake it has in the system.

There is a need for developing a customized consensus engine that will not require participants to make significant investments in computation and will balance the tradeoff between the number of transactions processed, transaction validation time, incentives, and security rules set by participators. The customized consensus engine will choose the optimal combination of consensus protocols to achieve the aforementioned objectives.

Privacy—Permissioned blockchain platforms, such as Hyperledger Fabric and JP Morgan's Quorum, claim that privacy is a goal; but the way they achieve it is actually quite limited. These systems consist of several validating nodes, each of which sees the entire transaction log in plaintext. That is, while the systems are designed to provide availability/consistency even when some of the nodes fail, they cannot guarantee privacy if one of the nodes suffers a data breach. Some permissioned blockchain platforms offer a feature where you can create a “private channel” comprising just a subset of these nodes; however, among this subset, it is still the case that any data breach would leak the transaction data and then the private channel cannot interact with the other channels. With the existing systems, there is an inherent tradeoff between resilience and expressiveness on the one hand, and privacy on the other.

There are a variety of technical approaches that can provide better operating points. These include threshold cryptography/multi-party computation, zero knowledge proofs, and homomorphic encryption. The theory for these approaches is well established in general, but in concrete terms it is a great open challenge to (a) find efficient algorithms for applications of interest, and (b) integrate with existing systems. So, focusing on building better privacy mechanisms could be a well-motivated and technically interesting challenge to add.

Security—Despite the advantages of using blockchain for distributed systems security, there have been numerous instances of reported security risks associated with this technology [17–19]. In 2016, it was reported that an adversary was able to withdraw $50 million from “The DAO”, a decentralized autonomous organization that operates on blockchain-based smart contracts [20]. In June 2017, Bitfinex reported a distributed denial-of-service (DDoS) attack that led to a temporary suspension. Several exchanges of Bitcoin and Ethereum (a blockchain-based distributed computing platform) have also suffered from DDoS attacks and Domain Name System (DNS) attacks frequently, hampering service availability to the users.

The attack surfaces in blockchain can be broadly classified into the following three main categories: (i) Threats associated with the techniques employed for creating/maintaining the distributed ledger (e.g. blockchain forks, stale blocks, orphaned blocks, etc.), (ii) threats to the blockchain system's underlying network infrastructures (e.g. attacks on consensus protocols that cause delays, decreased throughput, inconsistencies, DDoS attack, DNS attacks, Fork After Withholding [FAW] attacks, etc.), and (iii) threats associated with frontend/backend applications integrated with blockchain technology (stealing of private keys, attacks on certificate authorities, attacks on membership services in permissioned blockchain, blockchain ingestion, double spending, wallet theft, etc.).

1.2 Overview of the Book