407 55 11MB
English Pages 414 Year 2020
BLOCKCHAIN TECHNOLOGIES AND CRYPTO-CURRENCIES
BLOCKCHAIN TECHNOLOGIES AND CRYPTO-CURRENCIES
Edited by:
Jovan Pehcevski
ARCLER
P
r
e
s
s
www.arclerpress.com
Blockchain Technologies and Crypto-Currencies Jovan Pehcevski
Arcler Press 2010 Winston Park Drive, 2nd Floor Oakville, ON L6H 5R7 Canada www.arclerpress.com Tel: 001-289-291-7705 001-905-616-2116 Fax: 001-289-291-7601 Email: [email protected] e-book Edition 2020 ISBN: 978-1-77407-422-0 (e-book)
This book contains information obtained from highly regarded resources. Reprinted material sources are indicated. Copyright for individual articles remains with the authors as indicated and published under Creative Commons License. A Wide variety of references are listed. Reasonable efforts have been made to publish reliable data and views articulated in the chapters are those of the individual contributors, and not necessarily those of the editors or publishers. Editors or publishers are not responsible for the accuracy of the information in the published chapters or consequences of their use. The publisher assumes no responsibility for any damage or grievance to the persons or property arising out of the use of any materials, instructions, methods or thoughts in the book. The editors and the publisher have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission has not been obtained. If any copyright holder has not been acknowledged, please write to us so we may rectify. Notice: Registered trademark of products or corporate names are used only for explanation and identification without intent of infringement. © 2020 Arcler Press ISBN: 978-1-77407-356-8 (Hardcover)
Arcler Press publishes wide variety of books and eBooks. For more information about Arcler Press and its products, visit our website at www.arclerpress.com
DECLARATION Some content or chapters in this book are open access copyright free published research work, which is published under Creative Commons License and are indicated with the citation. We are thankful to the publishers and authors of the content and chapters as without them this book wouldn’t have been possible.
ABOUT THE EDITOR
Jovan obtained his PhD in Computer Science from RMIT University in Melbourne, Australia in 2007. His research interests include big data, business intelligence and predictive analytics, data and information science, information retrieval, XML, web services and service-oriented architectures, and relational and NoSQL database systems. He has published over 30 journal and conference papers and he also serves as a journal and conference reviewer. He is currently working as a Dean and Associate Professor at European University in Skopje, Macedonia.
TABLE OF CONTENTS
List of Contributors .......................................................................................xv List of Abbreviations .................................................................................... xxi Preface................................................................................................... ....xxv SECTION I: BLOCKCHAIN TECHNOLOGY AND METHODS Chapter 1
Distributed Sequential Consensus in Networks: Analysis of Partially Connected Blockchains with Uncertainty ................................................. 3 Abstract ..................................................................................................... 3 Introduction ............................................................................................... 4 Problem Formulation ................................................................................. 7 Main Results ............................................................................................ 14 Proof-of-Concept Example ....................................................................... 19 Summary and Discussion......................................................................... 23 Acknowledgments ................................................................................... 24 References ............................................................................................... 25
Chapter 2
Blockchain Technology: Is It a Good Candidate for Securing IoT Sensitive Medical Data? .................................................................... 29 Abstract ................................................................................................... 29 Introduction ............................................................................................. 30 Related Works ......................................................................................... 31 Proposed Architecture.............................................................................. 36 Proposed Solution.................................................................................... 37 Performance Analysis of the System ......................................................... 45 Implementation of The Solution ............................................................... 47 Conclusion and Future Works .................................................................. 51 Acknowledgments ................................................................................... 51 References ............................................................................................... 53
Chapter 3
Towards Secure Network Computing Services for Lightweight Clients Using Blockchain......................................................................... 57 Abstract ................................................................................................... 57 Introduction ............................................................................................. 58 Related Work ........................................................................................... 61 Blockchain-Based Secure Service Provisioning System............................. 64 Analysis and Evaluation ........................................................................... 69 Conclusions ............................................................................................. 76 Acknowledgments ................................................................................... 77 References ............................................................................................... 78
Chapter 4
Analysis of R & D Capability of China’s Blockchain Technologies........... 83 Abstract ................................................................................................... 83 Introduction ............................................................................................. 84 Theoretical Background ........................................................................... 87 Blockchain Technology Leading Enterprises ............................................. 89 Analysis of Innovation Ability .................................................................. 93 Conclusions and Implications .................................................................. 98 References ............................................................................................. 101 SECTION II: BLOCKCHAIN IN THE WORLD OF FINANCE
Chapter 5
Blockchain and Digital Currency in the World of Finance .................... 105 Abstract ................................................................................................. 105 Introduction ........................................................................................... 106 Overview of the It Revolution and Innovations Related to Money .......... 107 The Potential of Cryptocurrency ............................................................. 112 The Omission and Risks of Cryptocurrencies ......................................... 115 Anticipation of Bitcoin Acceptance and “Critical Mass” ......................... 116 Technology Adoption in The Presence of “Network Externalities” .......... 118 Financial Privacy: Could Bitcoin Hide The Criminals? ............................ 119 The Way Forward: Technology Revolution and Monetary Evolution ....... 120 Conclusion ............................................................................................ 122 References ............................................................................................. 125
x
Chapter 6
BAVP: Blockchain-Based Access Verification Protocol in LEO Constellation Using IBE Keys....................................... 129 Abstract ................................................................................................. 129 Introduction ........................................................................................... 130 Related Work ......................................................................................... 131 Protocol Design ..................................................................................... 132 Distributed Pki ....................................................................................... 144 Simulation and Evaluation ..................................................................... 149 Conclusion and Future Work ................................................................. 156 Acknowledgments ................................................................................. 157 References ............................................................................................. 158
Chapter 7
Blockchain: The Next Breakthrough in the Rapid Progress of AI ........... 161 Abstract ................................................................................................. 161 Introduction ........................................................................................... 162 The Uniqueness of Blockchain: Decentralized, Authenticated and Immutable Information at Lower Costs .................................. 163 Why Blockchain is a Disruptive Technology........................................... 164 Applications .......................................................................................... 169 Other Blockchain Applications .............................................................. 171 Specialized Blockchain VC Firms and Geographical Distribution of Funding ................................................................ 171 Ethereum ............................................................................................... 171 Future Prospects .................................................................................... 173 Supply Chain Operations ....................................................................... 177 Smart Blockchain Contracts Instead of Lawyers ...................................... 177 Decentralized Autonomous Organizations (DAOs) ................................ 178 Other Applications................................................................................. 178 Challenges ............................................................................................. 179 Government Operations ........................................................................ 181 Digital Currencies .................................................................................. 181 The Banking and Financial Sector .......................................................... 182 Supply Chain Operations ....................................................................... 183 Conclusions ........................................................................................... 184 References ............................................................................................. 187
xi
SECTION III: INTERNET-OF-THINGS (IOT) APPLICATIONS OF BLOCKCHAIN Chapter 8
Blockchain Platform for Industrial Internet of Things ........................... 195 Abstract ................................................................................................. 195 Introduction ........................................................................................... 196 Related Work ......................................................................................... 196 Key Contributions of Proposed Work ..................................................... 197 Blockchain Concepts ............................................................................. 198 Blockchain Platform For Industrial Internet of Things .............................. 202 Applications of Bpiiot Platform .............................................................. 205 Implementation Case Study ................................................................... 207 Conclusion & Future Work .................................................................... 209 References ............................................................................................. 213
Chapter 9
Blockchain Based Credibility Verification Method for IoT Entities ........ 215 Abstract ................................................................................................. 215 Introduction ........................................................................................... 216 Related Works ....................................................................................... 217 Problem Statement................................................................................. 218 Credibility Verification Method .............................................................. 219 Analysis and Discussion ........................................................................ 225 Experiments and Evolution..................................................................... 228 Conclusion ............................................................................................ 232 Acknowledgments ................................................................................. 233 References ............................................................................................. 234
Chapter 10 A Blockchain-Based Contractual Routing Protocol for the Internet of Things Using Smart Contracts.................... 239 Abstract ................................................................................................. 239 Introduction ........................................................................................... 240 Related Works ....................................................................................... 241 System Model ........................................................................................ 242 Attack Model ......................................................................................... 246 The Blockchain-Based Contractual Routing (Bcr) Protocol ..................... 247 Performance Evaluation ......................................................................... 255 Simulation Results ................................................................................. 258
xii
Conclusion ............................................................................................ 262 Acknowledgments ................................................................................. 262 References ............................................................................................. 263 Chapter 11 A Survey of How to Use Blockchain to Secure Internet of Things and the Stalker Attack .............................................. 267 Abstract ................................................................................................. 267 Introduction ........................................................................................... 268 Theoretical Foundation .......................................................................... 269 Blockchain ............................................................................................ 278 Cases of Use For Providing Security and Privacy at Iot Using Blockchain .................................................................... 294 The Stalker Miner................................................................................... 312 Final Considerations, Future Prospects, and Open Issues ....................... 320 Acknowledgments ................................................................................. 320 References ............................................................................................. 322 SECTION IV: SMART SIGNATURES AND DATA PRIVACY Chapter 12 Research on a New Signature Scheme on Blockchain ........................... 331 Abstract ................................................................................................. 331 Introduction ........................................................................................... 332 Preliminaries.......................................................................................... 333 Core of The New Signature Scheme ....................................................... 337 New Signature Scheme on Blockchain................................................... 340 Application of Signatures Scheme .......................................................... 345 Concluding ............................................................................................ 348 Appendix ............................................................................................... 349 Acknowledgments ................................................................................. 350 References ............................................................................................. 351 Chapter 13 IOV Privacy Protection System Based on Double-Layered Chains ........ 355 Abstract ................................................................................................. 355 Introduction ........................................................................................... 356 Related Works ....................................................................................... 357 Model and Protocol Design ................................................................... 358 System Design ....................................................................................... 366 xiii
Performance Analysis ............................................................................. 374 Conclusion ............................................................................................ 377 Acknowledgments ................................................................................. 378 References ............................................................................................. 379 Index ..................................................................................................... 381
xiv
LIST OF CONTRIBUTORS
Francisco Prieto-Castrillo Media Laboratory, Massachusetts Institute of Technology, Cambridge, MA 02139-4307, USA Harvard T. H. Chan School of Public Health, Harvard University, Boston, MA 02115, USA BISITE Research Group, University of Salamanca, Edificio Multiusos I+D+i, 37008 Salamanca, Spain Sergii Kushch BISITE Research Group, University of Salamanca, Edificio Multiusos I+D+i, 37008 Salamanca, Spain Juan Manuel Corchado BISITE Research Group, University of Salamanca, Edificio Multiusos I+D+i, 37008 Salamanca, Spain Nabil Rifi COSMO, IBISC Laboratory, University of Evry, Paris Saclay University, France Lebanese University, Faculty of Engineering and Azm Center for Researches, Tripoli, Lebanon Nazim Agoulmine COSMO, IBISC Laboratory, University of Evry, Paris Saclay University, France Nada Chendeb Taher Lebanese University, Faculty of Engineering and Azm Center for Researches, Tripoli, Lebanon ElieRachkidi COSMO, IBISC Laboratory, University of Evry, Paris Saclay University, France
xv
Yang Xu School of Information Science and Engineering, Central South University, Changsha 410083, China Guojun Wang School of Computer Science and Educational Software, Guangzhou University, Guangzhou 510006, China Jidian Yang School of Information Science and Engineering, Central South University, Changsha 410083, China Ju Ren School of Information Science and Engineering, Central South University, Changsha 410083, China Yaoxue Zhang School of Information Science and Engineering, Central South University, Changsha 410083, China ChengZhang School of Information Science and Engineering, Central South University, Changsha 410083, China Xiaoyu Liu School of Statistics, Jiangxi University of Finance and Economics, Nanchang, China Duyun Peng School of Statistics, Jiangxi University of Finance and Economics, Nanchang, China Youdong Wen School of Statistics, Jiangxi University of Finance and Economics, Nanchang, China Tatjana Boshkov Goce Delcev University, Shtip, Macedonia
xvi
Songjie Wei School of Computer Science and Engineering, Nanjing University of Science & Technology and State Key Laboratory of Air Traffic Management System and Technology, Nanjing 210094, China Shuai Li School of Computer Science and Engineering, Nanjing University of Science & Technology, Nanjing 210094, China Peilong Liu Shanghai Engineering Center for Microsatellites, Shanghai 201203, China Meilin Liu Shanghai Institute of Satellite Engineering, Shanghai 200240, China Spyros Makridakis Faculty University of Nicosia, Members of the Blockchain/AI Team, Institute For the Future (IFF), Nicosia Antonis Polemitis Faculty University of Nicosia, Members of the Blockchain/AI Team, Institute For the Future (IFF), Nicosia George Giaglis Faculty University of Nicosia, Members of the Blockchain/AI Team, Institute For the Future (IFF), Nicosia Soula Louca Faculty University of Nicosia, Members of the Blockchain/AI Team, Institute For the Future (IFF), Nicosia Arshdeep Bahga Georgia Institute of Technology, Atlanta, GA, USA Vijay K. Madisetti Georgia Institute of Technology, Atlanta, GA, USA Chao Qu School of Computer Science and Network Security, Dongguan University of Technology, Dongguan 523808, China xvii
Ming Tao School of Computer Science and Network Security, Dongguan University of Technology, Dongguan 523808, China Jie Zhang School of Computer Science and Network Security, Dongguan University of Technology, Dongguan 523808, China Xiaoyu Hong School of Computer Science and Network Security, Dongguan University of Technology, Dongguan 523808, China Ruifen Yuan School of Computer Science and Network Security, Dongguan University of Technology, Dongguan 523808, China Gholamreza Ramezan Department of Electrical and Computer Engineering, The University of British Columbia, Vancouver, Canada Cyril Leung Department of Electrical and Computer Engineering, The University of British Columbia, Vancouver, Canada Emanuel Ferreira Jesus Institute of Computing (IC), Fluminense Federal University (UFF), Niterói, RJ, Brazil Vanessa R. L. Chicarino Institute of Computing (IC), Fluminense Federal University (UFF), Niterói, RJ, Brazil Célio V. N. de Albuquerque Institute of Computing (IC), Fluminense Federal University (UFF), Niterói, RJ, Brazil Antônio A. de A. Rocha Institute of Computing (IC), Fluminense Federal University (UFF), Niterói, RJ, Brazil xviii
Chao Yuan State Key Laboratory of Mathematical Engineering and Advanced Computing, Information Engineering University, Zhengzhou 450001, China Mi-xue Xu State Key Laboratory of Mathematical Engineering and Advanced Computing, Information Engineering University, Zhengzhou 450001, China Xue-ming Si State Key Laboratory of Mathematical Engineering and Advanced Computing, Information Engineering University, Zhengzhou 450001, China Yin Ru Chen Shanghai Key Laboratory of Integrate Administration Technologies for Information Security, School of Cyber Security, Shanghai Jiao Tong University, Shanghai 200240, China Jin Rui Sha Shanghai Key Laboratory of Integrate Administration Technologies for Information Security, School of Cyber Security, Shanghai Jiao Tong University, Shanghai 200240, China Zhi Hong Zhou Shanghai Key Laboratory of Integrate Administration Technologies for Information Security, School of Cyber Security, Shanghai Jiao Tong University, Shanghai 200240, China
xix
LIST OF ABBREVIATIONS AODV
Ad-hoc On-Demand Distance Vector
AN
Arbitration Node
AI
Artificial Intelligence
AKA
Authentication and key agreement
AV
Autonomous vehicles
BIC
Bayesian Information Criterion
BER
Bit error rate
BAVP
Blockchain-based Access Verification Protocol
BCR
Blockchain-based contractual routing
BC
Blockchain
BPIIoT
Blockchain Platform for Industrial Internet of Things
BCS
Blockchain Structures
CA
Certificate authority
CBM
Cloud-Based Manufacturing
CSP
Cloud Service Provider
CH
Cluster head
CARS
Conditional anonymous ring authentication solution
BTC
Cryptocurrency Bitcoin
CSSP
cleanroom security service protocol
DAG
Directed Acyclic Graph
DEA
Data Envelopment Analysis
DAO
Decentralized Autonomous Organization
DoS
Denial of service attacks
DHT
Distributed hash table
DAG
Directed acyclic graph
DAC
Distributed Autonomous Corporations
ESP
Edge Service Provider
EFT
Electronic Funds Transfer
ECC
Elliptic curve cryptography
ECDSA
Elliptic Curve Digital Signature Algorithm
EMR
Electronic Medical Record
EVM
Ethereum Virtual Machine
EOAs
Externally Owned Accounts
FBI
Federal Bureau of Investigation
FP
Forged nodes
GEO
Geosynchronous Earth Orbit
GHOST
Greedy Heaviest Observed Subtree
GUI
Graphical User Interface
GHOST
Greedy Heaviest Observed Subtree
GDP
Gross domestic product
HaaS
Hardware-as-a-Service
IBE
Identity-based encryption
IaaS
Infrastructure-as-a-Service
ICO
Initial Coin Offerings
IBM
International Business Machines Corporation
ITU
International Telecommunication Union
IoT
Internet of Things
IOV
Internet of Vehicle
JBA
Japanese Bankers Association
KGC
Key Generation Center
KPA
Key privacy authority
LC
Lightweight Client
LN
Lightweight Node
LEO
Low-Earth-Orbit
M2M
Machine-to-machine
MEO
Medium Earth Orbit
MCN
Multihop Cellular Networks
MPC
Multi-Party Computation
NIST
National Institute of Standards and Technology
xxii
NSERC
Natural Sciences and Engineering Research Council
NCC
Network control center
OBU
On-board unit
OTP
One-time-programmable
OSR
Optimal and secure routing
OLSR
Optimized Link State Routing
OECD
Organization for Economic Cooperation and Development
OTA
Over the air
PDR
Packet Delivery Ratio
PSP
Payment service provider
P2P
Peer-to-Peer
PaaS
Platform-as-a-Service
PBFT
Practical Byzantine fault tolerance
PoA
Proof of Authority
PoeT
Proof of elapsed time
PoS
Proof of Stake
POW
Proof-of-Work
PKI
Public Key Infrastructure
PK
Public Key
QoS
Quality of service
RFID
Radio frequency
RSU
Remote Subscriber Unit
R&D
Research and development
RL
Revocation List
RSU
Roadside unit
RAL
Route Acquisition Latency
RERR
Route Error
RREP
Route Reply
RREQ
Route Request
RO
Routing Overhead
RPC
Remote Procedure Call
SWoT
Semantic Web of Things xxiii
SP
Service Providers
SBC
Single-board computer
SaaS
Software-as-a-Service
tps
Transactions per second
TA
Trusted Authority
TPM
Trusted platform module
TTP
Trusted Third Party
UEFI
Unified Extensible Firmware Interface
USN
Universal Sharing Network
VANETs
Vehicular ad hoc networks
WBAN
Wireless Body Area Network
WSN
Wireless Sensor Networks
ZKP
Zero-knowledge proof
xxiv
PREFACE
Blockchain is a distributed database that is shared across a network of computers (nodes). Once a record has been added to the chain, it is very difficult to change. To ensure all the copies of the database are the same, the network makes constant checks. Blockchains have been used to underpin cyber-currencies like bitcoin, but many other possible uses are emerging. Blockchain implementation is in a form of a complex database, designed as a transactional database, which records transactions or operations that are shared between all nodes participating in a crypto protocol-based system. Everything is kept within a network of servers that act as a replicated database, and each server contains all transaction data. To understand what this network looks like, one needs to learn the difference between the conventional money transfer network and this blockchain-based one. The conventional network rests on a centralized network, where the main nodes are made up of authoritative centers, such as banks, state agencies, and so on, while the blockchain network is completely decentralized with records distributed across the nodes in the network. Bitcoin is the first digital currency to be decentralized and distributed. This means that there are no banks or state agencies behind the currency. There are certain nodes within a network called the validators, with the function of checking each transaction and granting or rejecting transactions based on transaction rules and analysis, while all the other nodes within the network have the same function and value. The full copy, i.e. the complete blockchain database, contains all transactions ever made with the selected cryptocurrency. Thanks to these records, the currency is completely transparent. It is therefore possible, for example, to find out how much bitcoin was at each location – at any time in history. Imagine if this would have been possible with the classical money transfer system. The blockchain base itself is built on the principle of the chain using so-called blocks, and for this reason the name for the technology is block-chain. Each block contains a hash data of the previous block, together with a timestamp. Within a certain time period, one piece of the chain is made, followed by another, and so on. As each piece of the chain links data to the previous one, this results
in the ability to keep track of all data transfers, all the way chronologically backwards. Each block is also guaranteed to arrive in order, after the previous one, because otherwise the hash of the previous block would not have been known. Writing and creating a new block is exactly what the mining servers in the blockchain network perform. They solve complex mathematical problems for transactions verification, record the new money data, and in turn receive cryptocurrencies (such as bitcoins). How does this complex system work? It is best to look at it through a description of a transaction where money is sent from person A to person B. Person A sends a request to send money to the person B. The transaction is sent to the network in the form of a new block. The block is distributed to all online participants. All members check if the transaction is correct; then the block is added to the chain of all other blocks and becomes transparent data. As a final step, the money is transferred to the person B. This book edition covers different concepts of the blockchain technology and its associated cryptocurrencies. Section 1 focuses on the blockchain technology and its methods, describing analysis of partially connected blockchains with uncertainty, securing IoT sensitive medical data, securing network computing services for lightweight clients using blockchain, analysis of R&D capability of China’s blockchain technologies. Section 2 focuses on blockchain in the world of finance, describing blockchain and digital currencies used by financial institutions, the blockchain economics and marketing, the design of the blockchain smart contract, a blockchain-based access verification protocol in LEO constellation, and the next blockchain breakthrough fueled by the rapid progress of artificial intelligence. Section 3 focuses on the IoT applications of blockchain, describing a blockchain platform for industrial internet of things and a blockchain based credibility verification method for IoT entities, a blockchain-based contractual routing protocol for the Internet of things using smart contracts, an incentive mechanism of data storage based on blockchain for wireless sensor networks, and how to use blockchain to secure Internet of things and the stalker attack. Section 4 focuses on smart signatures and data privacy, describing new signature scheme on blockchain.
xxvi
SECTION I: BLOCKCHAIN TECHNOLOGY AND METHODS
Distributed Sequential Consensus in Networks: Analysis of Partially Connected Blockchains with Uncertainty
1
Francisco Prieto-Castrillo1,2,3, Sergii Kushch3 , and Juan Manuel Corchado3 Media Laboratory, Massachusetts Institute of Technology, Cambridge, MA 02139-4307, USA 1
2
Harvard T. H. Chan School of Public Health, Harvard University, Boston, MA 02115, USA
BISITE Research Group, University of Salamanca, Edificio Multiusos I+D+i, 37008 Salamanca, Spain 3
ABSTRACT This work presents a theoretical and numerical analysis of the conditions under which distributed sequential consensus is possible when the state of a portion of nodes in a network is perturbed. Specifically, it examines the consensus level of partially connected blockchains under failure/ attack events. To this end, we developed stochastic models for both verification probability once an error is detected and network breakdown Citation: Francisco Prieto-Castrillo, Sergii Kushch, and Juan Manuel Corchado, “Distributed Sequential Consensus in Networks: Analysis of Partially Connected Blockchains with Uncertainty,” Complexity, vol. 2017, Article ID 4832740. Copyright: © 2017 Francisco Prieto-Castrillo et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
4
Blockchain Technologies and Crypto-Currencies
when consensus is not possible. Through a mean field approximation for network degree we derive analytical solutions for the average network consensus in the large graph size thermodynamic limit. The resulting expressions allow us to derive connectivity thresholds above which networks can tolerate an attack.
INTRODUCTION Trust is usually conceived as the additive aggregation of reliable pieces. However, when it comes to cyber-security or privacy requirements, the challenge is how to collaboratively create trust out of uncertain sources in a networked environment [1–6]. A remarkable success story of this approach is Bitcoin [7]. In Bitcoin, trust is built by a set of agents—miners—which collaborates in sequencing blocks of transactions in a chain. Blockchain(BC) is the underpinning technology of Bitcoin, a protocol in which miners compete to solve a computationally expensive problem, known as Proofof-Work (POW) [8]. The miners’ results are then assembled together in a distributed data chain. The outcomes are only embedded in the final version of the chain after consensus, which is only reached if the order relationships are consistent. POW is a proxy of trust and, hence, reliability increases as the chain grows; it is incrementally more difficult to revert—hack—the chain since this requires increasing computing power. Thus, although each agent generates insecure information locally, the resulting aggregate becomes more and more reliable over time. Recently however, these advantages have also caused concerns about how the BC paradigm can be exported to domains other than cryptocurrency, such as the Internet-of-Things (IoT) or Wireless Sensor Networks (WSN) [9, 10]. This difficulty arises from the limitations of the BC architecture, which hamper the possibility of extending it to small devices (e.g., sensors). Sensors, in particular, lack the computing power to perform POW. An even more challenging fact is that BC requires full connectivity to operate (which is unfeasible for WSNs). Therefore, the question at issue is how to design blockchains without POW and partial connectivity while maintaining robustness to failures and attacks. Distributed consistency is not a novel concept. In [11] the authors analyse the consistency of distributed databases by using algorithms which are closely related to epidemiological models [12]. Two information diffusion mechanisms, antientropy and rumor mongering, happen to be particularly useful for modelling distributed consistency. Antientropy regularises entries
Distributed Sequential Consensus in Networks: Analysis of Partially....
5
in the databases while rumor mongering updates the last information content from neighbour instances. This trade-off between ordered and random infection allow the authors to find exponential epidemic growth by using a mean field approach. The concept of diffusion in partially connected networks is treated rigorously in [13] in the context of glassy relaxation. Here, the geometrical aspects of the return probability of a Markovian hypercube walk are also analysed using mean field theory. The effect of graph topology on information spreading has been extensively discussed in the literature (e.g., [14–16]). However, the model in [16] (a random graph superposed to a ring lattice) is particularly relevant to our discussion, since it ensures a minimum connectivity while maintaining the small-world property (i.e., high clustering coefficient and small characteristic path length [17]). In [18] the general distributed consensus problem is described; 𝑛 nonfailing sites out of 𝑚 choices have to decide on a common value V.The authors of that study found that the key components for consensus breakdown are asynchronicity and failure, which both inject uncertainty into the system at different scales. Distributed consensus in networks is also analysed in [19], where the authors address the most important applications of the concept, such as clock synchronisation in WSNs. The authors introduce the average consensus as the limit to which initial states converge, provided this limit is equal to the averaged initial values. Interestingly, a randomised consensus protocol (where only a fraction of sites needs to agree on a value) is shown to be more robust against crash than a deterministic algorithm [20]. When consensus is not reached, systems usually break down. From the point of view of control theory, a number of interesting results have been obtained in studies focused on this issue, for example, [19], aimed at self-healing the system momentously after failure. However, security and resilience are multidimensional objects which can be tackled more consistently through a complex systems approach [21, 22]. For instance, [23] proposes a phone call model where 𝑛 players broadcast rumors randomly among their partners. The authors study the effect of node failure and concentrate on an interesting result; if failure patterns are random, 𝐹 crashing nodes result in only (𝐹) uninformed players with high probability. The work also shows that any randomised rumor spreading algorithm running for (log 𝑛) rounds requires 𝑂(𝑛) transmissions. This is consistent with what we know from network science [24]; random failures do not spread so easily. The model considered in [25] consists of 𝑛 sites running processes
6
Blockchain Technologies and Crypto-Currencies
asynchronously where failures are modelled as a Bernoulli process. In [26] the problem is set in terms of a voter model and an invasion process; agreed values are exported from a set of sites but imported errors infect the rest of nodes. When it comes to blockchain implementations, [27] analyses information propagation in the Bitcoin network. This work highlights the limitations of the synchronisation mechanisms in BC and the system’s weaknesses under attack. Here, the communication network is modelled as a random graph with a mean degree of ≈32 and it is found that the block verification process can majorly contribute to delay propagation and inconsistency. In their experiments the authors show that the probability distribution of the rate at which nodes learn about a block has a long tail. This means that there is a nonnegligible portion of nodes which does not receive information timely. The effect is equivalent to considering an incomplete consensus network. A typical example of organised attack in the BC is the so-called selfishmine strategy. This consists of a subset of nodes which diffuse information partially to targets, instead of distributing updates homogeneously [28]. In [29] a Markov chain model is used to analyse the selfish-mine strategy in Bitcoin. This and other block-withholding behaviour can have a devastating effect on the performance if the dishonest community is around half the size of the network. All these works provide key insights into the problem of network resilience, diffusion, and consensus from different perspectives. However, to the authors’ knowledge, a mathematical model of partially connected blockchains is still missing. Therefore, in this paper we make a theoretical and numerical analysis of the conditions under which a distributed sequential consensus is possible. In concrete, we examine the consensus level of partially connected blockchains under failure/attack events. To this end, we develop stochastic models for both verification probability once an error is detected and network breakdown when consensus is not possible. The resulting expressions allow us to derive connectivity thresholds above which networks can tolerate attack. The paper is organised as follows. In Section 2 we formulate the problem. The results obtained in the study are presented in Section 3. Finally, we present the conclusions obtained from our research and discuss the possibilities for future work in Section 5.
Distributed Sequential Consensus in Networks: Analysis of Partially....
7
PROBLEM FORMULATION Blockchains can be conceived as dynamical distributed databases whose constituents (blocks) are collaboratively and incrementally built by a set of agents. There are three key factors in this process: (a) how information spreads, (b) how consensus can be achieved, and (c) how errors affect the overall performance. We elaborate on these elements below.
Partial Connectivity in Consensus Networks From a network perspective we consider a Peer-to-Peer (P2P) infrastructure with two types of nodes: communication sites and processing sites, miners (Figure 1). Users connected to nodes can launch transactions to other users in the network. If a group of users {1, 2, 3, 4} is involved in a transaction arrangement, one or more miners can attempt to verify the intended transactions and if successful, pack them into a block. This problem can be conceived as the interplay of three graphs: communication, transactions, and miners. As stressed, the usual BC protocol takes the full graph for granted, which is not always possible; there may either be failures or intentional attacks on a portion of the network.
Figure 1: Schematic of nodes, transactions, and layers in the blockchain problem. A subset of the communication P2P nodes (a) are sites responsible for block processing, miners (light blue circles). When a user intends to make a transaction (b) to another user (dark blue lines) with weight w13, the miner consensus network (c) needs to reach a consensus. However, the full connectivity
8
Blockchain Technologies and Crypto-Currencies
of the miners’ graph is not guaranteed as there can be attacks (red line) or failures (thin black lines).
However, it is unlikely for a network to get disconnected under normal operation. Hence, graph connectedness is a reasonable lower bound assumption (particularly in the case of sensor networks and IoT). This leads us to consider the network proposed in [16];
=
∪ 𝐺, consisting of a
. This model still exhibits the random graph 𝐺 superposed to a ring lattice smallworld property found in [14, 15] but it is closer to the real requirements of minimum connectivity found in WSNs and other networked systems such as computer networks [30]. At this point it seems that information spreading in the BC can be reduced to the well-known problem of diffusion on graphs. This area is vastly covered in the literature (see, e.g., [13]). However, BC diffusion holds some subtleties under the hood as we show below.
Why Order Matters: Sequential Diffusion At every transaction arrangement, the ordering of each operation in the set is a key factor. Consider the simple arrangement shown in Figure 1(b), which represents four possible transactions. These can be formalised as the directed links 𝐸 = {𝑒13, 𝑒34, 𝑒23, 𝑒35} shown in the graph. There are |𝐸|! ways to sort this set but not all of them are consistent. The type of consistency we refer to is that which avoids the doublespending problem. Take two possible order relationships ⪯1 and ⪯2 implemented by the bijections 𝑇1,2 :𝐸→ . They result in
(1)
Distributed Sequential Consensus in Networks: Analysis of Partially....
9
The first ordering does not induce any inconsistency but the ordered set (𝐸, ⪯2) violates the double spend constraint depending on the weights 𝜔𝑖𝑗. If we label by (𝑛) = (𝑠1(𝑛), 𝑠2(𝑛), 𝑠3(𝑛), 𝑠4(𝑛)) the state vector at step 𝑛, a transition, say 𝑒13, results in the update equation:Δ𝑆13 = −𝜔13𝑢1𝐿13 where 𝑢1 represents the row-base vector (1, 0, 0, 0) and 𝐿𝑖𝑗 is the graph Laplacian corresponding to the transaction subgraph 𝑔𝑖𝑗 = ({𝑖, 𝑗}, 𝑒𝑖𝑗). The ordering allows writing compact update equations as
(2) where 𝜔(𝑛), 𝑋(𝑛), and 𝐿(𝑛) represent transaction weights, base vectors, and graph Laplacians for each transaction. In Table 1, we show the evolution of states in the case (𝑛) = 1, ∀𝑛 with initial state 𝑆(0) = (1, 1, 0, 0, 0) for ⪯1 and ⪯2. Notice that for ⪯2 node 3 has ran out of values at step 2 but it still intends to perform a transaction to node 5 at step 3. This is like having a balance of $10 in a bank account and spending it twice by sending $10 to two different recipients. When it comes to measurements in WSNs (say energy consumption data) avoiding these inconsistencies is imperative [31]. If a miner attempted to pack these transactions along with ⪯2 into a block, he will reach an inconsistency. These order constraints make the BC diffusion different to regular graph diffusion [13]. In fact, BC protocol ensures that doublespending paradoxes cannot occur by imposing constraints such as 𝑠(𝑛) ≥ 0, ∀𝑘, 𝑛. An example of this is the distributed ledger in Bitcoin [27]. The next question is how this ordering couples with failures in the network. Table 1: Evolution of states in the transaction graph shown in Figure 1(b) obtained by iterating (1) 𝑛 = 1, . . . , 4 steps for ⪯2 (a) and ⪯2 (b) orderings. The initial state is (0) = (1, 1, 0, 0, 0) and 𝜔(𝑛) = 1, ∀𝑛. The order relationship ⪯2 induces the double spending effect
10
Blockchain Technologies and Crypto-Currencies
Attack and Failure in Consensus Dynamics Blockchain technology copes with the above restrictions efficiently by elevating the transaction order relationships to the block scale. Thus, every block (which can hold one or more transactions) in the resulting blockchain builds on top of the preceding block to preserve sequential diffusion. This strategy can however be used by dishonest users to create massive damage in the network. Consider the case depicted in Figure 2 where 6 miners collaborate to build a blockchain. Without loss of generality we can label the miners according to the order of their block resolution (it is very unlikely that two miners solve a block at the same time and, if this happens, BC would still sort the resulting blocks in order with high probability [20]). Node 3 is a failure node; it sends an error/attack to either a nonneighboring node (a) or to a miner who happens to be the one solving the next block (b). Below each graph, we also show the evolution of the chain. In this schematic, rows represent sites and columns represent iterations within the cycle. A row stands for the local instance of the chain at a given site and a column represents the collective blockchain built up to a given step. The blockchain is constructed as follows. At step 0 all sites own the 0-genesis block. At step i if miner ni finds no error in the last block of his local instance of the chain he solves the next block and broadcasts the solution to neighbours. The nonreached sites simply replicate their state. However, if the sending site is a failure node, it will broadcast a failure to one of his neighbours. In this case, if the affected block finds the error in his solving step, he still has a chance to restore the block upon consensus from his acquaintances. In case this consensus is not possible the blockchain breaks down. This flow is depicted in Figure 3.
Distributed Sequential Consensus in Networks: Analysis of Partially....
11
Figure 2: Two ways for error propagation in the miners consensus network: to a nonneighboring node (a) and to the next block solver (b). The tables summarise the blockchain dynamics in a cycle. Rows represent sites and columns represent iterations. In the first case, the error (represented as E) cannot be restored and it persists in the blockchain. In the second case, an additional recovery step 3* can restore the error to the agreed value of 1.
Figure 3: Blockchain dynamics workflow. At step 0 all sites own the 0-genesis block. At step i if miner ni finds no error in the last block of his local instance of the chain he solves the next block and broadcasts the solution to neighbours. The nonreached sites simply replicate their state. However, if the sending site is a failure node, it will broadcast a failure to one of his neighbours. In this case, if the affected block finds the error in his solving step, he still has a chance to
12
Blockchain Technologies and Crypto-Currencies
restore the block upon consensus from his acquaintances. In case this consensus is not possible the blockchain collapses.
Both situations shown in Figure 2 trigger different phenomena and have different effects in the overall network performance. In the first case, the error (represented as E in the table) has no chance of being restored and it persists in the blockchain. However, in the second case an additional recovery step 3* can restore the error to the agreed value of 1. Notice also that since the network is not fully connected there are sites that lack state updates and their local instances of the chain are not synchronised. This limits the information spreading in the network as we show in the next section.
Figure 4: Sequence diagram comparison between Bitcoin blockchain (a) and the sequential model proposed in this work (b) for a simple miners network (c). In (a) if site 𝑆1 at time 𝑡1 sends a block 𝑏1 to 𝑆2, this miner will forward it to 𝑆3 after a short verification lag 𝑡2. Then, 𝑆2 will release 𝑏2 after a much larger mining delay. In (b) however, since there is no POW, 𝑆2 will broadcast 𝑏2 to neighbours pretty soon at epoch 𝑡2.
We highlight the fact that, in the Bitcoin implementation, miners asynchronously relay blocks and transactions as soon as they either receive or mine them [32]. In our case agents hold received blocks and transmit their knowledge to neighbours sequentially. In Figure 4 we compare the sequence diagrams for both models in the case of three miners (for the sake of simplicity we have only considered one thread per miner. Since mining
Distributed Sequential Consensus in Networks: Analysis of Partially....
13
times are much larger than relay times, splitting mining and relay processes in two threads would not affect the conclusions of this comparison). Without loss of generality miners 𝑆1−3 will solve blocks 𝑏1−3 in first, second, and third order. In the Bitcoin blockchain implementation (a) the processes of mining and the relay of blocks have different timescales; ≈10 minutes for mining and a few seconds for block forwarding. However in a context where POW is absent (b), the mining lags tend to zero and the processes of mining, verification, and relay converge. In (a) if site 𝑆1 at time 𝑡1 sends a block 𝑏1 to 𝑆2, this miner will forward it to 𝑆3 after a short verification lag 𝑡2. Then, 𝑆2 will release 𝑏2 after a big mining delay. However, in (b), since there is no POW, 𝑆2 will broadcast 𝑏2 to neighbours pretty soon at epoch 𝑡2. This enables saving time and reducing the network traffic considerably.
Mathematical Model By putting all these facts together, we obtain a minimum blockchain model that captures the dynamics described above: (a) partial connectivity, (b) sequential diffusion, and (c) failure spreading. Below we develop a stochastic process analysis to examine the averaged network performance under different conditions. With the graph model of size N described in Section 2.1 we represent each information block (or measure state in general) at site 𝑛𝛼 at the 𝑖th iteration as 𝑠𝛼(𝑖). As stressed above, all sites start from the 0-genesis block: 𝑠(0) = 0, ∀𝛼. Then, following the flow depicted in Figure 3, at iteration 𝑖 node 𝑛𝑖, checks its state and adds a block to the chain. We collect the number of sites matching the current block in the variable 𝑋𝑖, which is equal to the node degree 𝑘𝑖 plus a noise term 𝜎𝑖 ∈ {0, 1}. If 𝑛𝑖 sends an error signal to 𝑛𝑖+1 which cannot be reverted to the state 𝑠𝑖+1(𝑖) = 𝑖, then 𝜎𝑖 = 0 and 𝜎𝑖 = 1 in any other case. The performance ratio per iteration 𝑚𝑖 = 𝑋𝑖/𝑁= (𝑘𝑖 + 𝜎𝑖)/𝑁 is a measure of the consensus level reached at step 𝑖. Depending on whether consensus is reached or not the whole chain may collapse. In an ensemble of chains Ω we define both the failure and matching random variables : Ω → , respectively. 𝐹=1 in {0, 1}, 𝑀:Ω→𝑅, and 𝜔 → 𝑀(𝜔) = (1 − 𝐹(𝜔)) case there is one or more steps where consensus is not possible. Hence the ensemble mean for 𝑀 can be expressed as
(3)
where
—with p as connection probability—represents
14
Blockchain Technologies and Crypto-Currencies
the network average degree, , and and 𝑃𝐹 = 𝑃(“𝐹=1”) stands for the failure probability. Since a chain failure can only happen after verification, 𝑃𝐹 = 𝑃𝐹|𝑉𝑃𝑉, where 𝑃𝑉 = (“𝑉”) is the verification probability and 𝑃𝐹|𝑉 = 𝑃(“𝐹” | “𝑉”) the respective conditional probability. Notice that even in the failure-free case there is an upper bound in the mean efficiency imposed by the lack of full connectivity (full connectivity and full recovery with would result in the limit ⟨𝑀⟩ = 1 (i.e., 100% efficiency)). Hence, both size and connectivity limit network performance due to the partial sequential diffusion, specific for the BC architecture. Next, we look into chain failure probability. Firstly, it is clear that failure can only happen when at iteration 𝑖 the last block of node 𝑛𝑖+1 is an error state.This requires (a) the emisor node to be an attack node with probability 𝜓 and (b) the receiving node is indeed 𝑛𝑖+1. Since connections in 𝐺 are uniformly random, the verification probability at step 𝑖 can be expressed as 𝑃(𝑖) = 𝜓/𝑘𝑖. Also, because the chain is verified if at least one step needs verification, consequently the probability of blockchain verification is (4)
MAIN RESULTS Mean Field Approximation for the Chain Verification Probability By using a mean field approximation [11] we replace node degree by the mean network degree 𝑘. In this case, for large 𝑁, 𝑃𝑉 renders (5) In Figure 5 we compare expression (5) with Monte Carlo simulation. For a ring lattice of size 𝑁 = 60 we generated 105 synthetic networks with increasing connections and attack strength until graph saturation. Each experimental point (50 runs with the same parameters) represents the fraction of networks that reported a verification step. As the ratio of attacking nodes increases verifications grow exponentially, like the epidemics in [11]. As expected, graph connectivity (measured with the percentage of additional links until saturation) decreases the verification rate.
Distributed Sequential Consensus in Networks: Analysis of Partially....
15
Figure 5: Exponential behaviour of the verification probability. As the ratio of attacking nodes increases, verifications grow exponentially. Graph connectivity decreases the verification rate. The inset shows the lower and upper connectivity bounds (40% and 100%) along with an intermediate connectivity of 70%.
It is important to provide this estimate because a large number of verification steps translate directly to cost and efficiency in real implementations. Next, we investigate in detail the probability of a chain failure after a verification step.
Network Consensus Mechanisms As stressed, if node 𝑛𝑖 sends an error code to node 𝑛𝑖+1 at iteration 𝑖, there is a chance for node 𝑛𝑖+1 to revert this error provided that the consensus reached among its neighbours is over a given threshold. The problem can be formulated as follows. Let 𝑈𝑗 represent the neighbours of node 𝑛𝑗. Notice that, at iteration 𝑖, nodes in 𝑈̃𝑖+1 ≡ {𝑖} ∪ (𝑈𝑖+1 ∩ 𝑈𝑖) have value 𝑖 while the remaining nodes in 𝑈𝑖+1 can attain any value from the set Γ ≡ {𝐸} ∪ {0, 1, . . . , 𝑖 − 1}. Given a consensus threshold 𝑧 ∈ N, let 𝜒 ≡ max𝛾∈Γ{∑𝑥∈𝑈𝑖+1 1𝛾(𝑥)} denote the maximum frequency of values in 𝑈i+1 which are different than 𝑖.There is agreement when (6)
where the notation ⌊𝑥⌋ stands for the floor value of 𝑥 ∈ R. Notice that 𝑧=2 defines a simple majority based consensus among the 𝑈𝑖+1 sites.
16
Blockchain Technologies and Crypto-Currencies
Consequently, inspired by the antientropy and rumor mongering concepts [11], we split the consensus problem of (6) in two mechanisms: clustering and random infection (we use the mathematical epidemiology terminology for infected nodes as those receiving a given state. Notice that in our case infection is not necessarily a negative phenomenon unless the broadcasted quantity is an attack). In the former, 𝑛𝑖+1 neighbours get an update from 𝑛𝑖 to value 𝑖. In the latter case 𝑛𝑖+1 neighbours eventually agree on a value 𝑖 arriving from other sites different than 𝑛𝑖 or from their own replications along the preceding steps in the blockchain cycle. Notice that the number of symbols in Γ increases with the number of iterations. Therefore, it is increasingly less likely to reach consensus by random infection. On the other hand, the link consensus mechanism does not decrease with the iterations. Hence, the link consensus will dominate over random consensus in the thermodynamic limit 𝑁≫1. For a reasonable network size (say 𝑁 > 50) this enables us to neglect the random term contribution to the failure probability. Below we elaborate more on this stochastic approximation.
Stochastic Network Failure in the Thermodynamic Limit As demonstrated before, cluster consensus occurs when there are at least ⌊𝑘𝑖+1/𝑧⌋ sites out of 𝑘𝑖+1 − 1 possible nodes (the −1 term is because site 𝑛𝑖 already holds an 𝑖 state) with state 𝑖. Equivalently, it can be assumed that 𝑛𝑖 is connected to at least ⌊𝑘𝑖+1/𝑧⌋ nodes in 𝑈𝑖+1 \ {𝑖}. In this way, we can model the process as a Bernoulli trial (akin to [25]) where the success variable follows the binomial ∼(𝑘𝑖+1 − 1, 𝑝). The resulting failure probability renders (7)
Since the blockchain failure probability can be expressed as (8) by using (8) and (3) and 𝑃𝐹(𝑖, 𝑧) = 𝑃𝑉(𝑖)𝑃𝐹|𝑉(𝑖, 𝑧) = 𝜓𝑃𝐹|𝑉(𝑖, 𝑧)/𝑘𝑖 we arrive to the expression (9) Now, provided that the quantity 𝜓𝑃𝐹|(𝑖, 𝑧)/𝑘𝑖 is small compared to 1, we approximate the logarithm in the last expression by its first-order series
Distributed Sequential Consensus in Networks: Analysis of Partially....
17
expansion. By implementing the same mean field approximation as for 𝑃𝑉 in the preceding section we obtain the equation
(10) where denotes the corresponding mean field approximation for 𝑃𝐹|𝑉(𝑖, 𝑧). In Figure 6 we show the mean field approximation to the blockchain performance measured as the average network consensus for 𝑁 = 60 and 𝑧=2. As for 𝑃𝑉 we generated 105 synthetic networks with increasing connections and attack strength until graph saturation. For each network instance, we monitored the number of sites with value 𝑖 at iteration 𝑖 within the blockchain cycle. This gives us an empirical estimate for the network match per iteration 𝑚𝑖. Then, we averaged the 𝑚𝑖 quantities over the cycle, which results into a measure for the network performance (i.e., consensus level). Finally, we obtain the mean value of this quantity from our Monte Carlo dataset. Each experimental point represents 50 runs with the same parameters.
Figure 6: Mean field approximation to the blockchain performance for 𝑁 = 60 and 𝑧=2. Starting from the complete graph limit in the top right corner, as connectivity 𝑝 decreases and attack strength 𝜓 increases, the network match decreases according to (10). The black line represents the 𝑀𝑜 upper bound limit. The vertical dotted line at 𝑝 = 0.66 represents an estimate (see the last part of
Blockchain Technologies and Crypto-Currencies
18
Section 3.3) for the limit ⟨𝑀⟩ → 𝑀0 where performance starts to be independent of 𝜓. The inset shows a zoom for the cut 𝑝 ∈ [0.5, 0.6].
Notice that 100% performance—blockchain limit—can only be achieved for full connectivity 𝑝→1. The 𝑀𝑜 upper bound (black straight line) limits the network match for partial connectivity; as we increase the link probability the performance increases according to (10). Also, stronger attack strategies (larger 𝜓 values) result in lower performance as expected.
A remarkable result in Figure 6 is that beyond a critical value of connectivity 𝑝𝑐; consensus is only limited by information spreading and not by failure. This fact motivates us to look closely at possible estimates of 𝑝𝑐.
Estimate for the Attack Tolerance Critical Connectivity Noticing that
is nothing else than the cumulative distribution
function for the binomial the binomial distribution as
, we use the normal approximation for
where 𝐸𝑟𝑓(𝑥) is the error function and
(11)
(12) If 𝜖 ∈ denotes a small quantity, we inquire the conditions under which ⟨𝑀⟩ tends to 𝑀0, or more specifically |⟨𝑀⟩ − 𝑀0| ≤ 𝜖𝑀0. To this end, we derive conditions for equality in this expression from (11) and (12). Also, by using the log(1 − 𝜖) ≈ −𝜖 approximation, the following condition holds: In the large 𝑁 limit approximated as
(13) and also assuming
, 𝐴(𝑝, 𝑧) can be
(14) From (14) one could attempt to solve (13) for 𝜖, 𝑁, 𝑝, and 𝜓. But this is not possible because the function 𝐸𝑟𝑓−1(𝑥 − 1) diverges for 𝑥=0. Still, an interesting case occurs when 𝜖 = 𝜓/(2𝑝). At this limit, (13) only makes
Distributed Sequential Consensus in Networks: Analysis of Partially....
19
sense if (𝑝, 𝑧) vanishes, or, the equivalent, if 𝑝=𝑝∗ ≡ (1/𝑧 + 1/𝑁). However, this value does not provide the asymptotic limit we are looking for. If we express 𝜖 in terms of 𝛼 ∈ through the rescaling 𝜖 ≡ 𝜓/(𝑝𝛼) and we ∗ also rewrite (13) in terms of 𝑝−𝑝 we obtain (15) where we have introduced the function: Φ(𝛼) ≡ (2/𝑁)1/2𝐸𝑟𝑓−1(1 − 2/𝛼).
An operative approximation is possible by considering Φ(𝛼)2 ≪ 1. Then, by using the corresponding solution 𝑝 ≈ 𝑝∗ + Φ(𝛼) and for large 𝑁 we find (16)
This is nothing more than a useful parametrisation of (13). For 𝛼=2 we recover the case 𝑝𝑐 = 𝑝∗. However, larger 𝛼 values allow us to explore the limit ⟨𝑀⟩ → 𝑀0 closely. For instance, for 𝛼 = 10, 𝑁 = 60, and 𝑧=2 we arrive at the solution 𝑝𝑐 = 0.66. This means that, for maximum attach strength (𝜓=1), beyond 𝑝=𝑝𝑐, the percentage of the deviation of ⟨𝑀⟩ from 𝑀0 with respect to 𝑀0 is lower than 15%. By setting other attack tolerance thresholds the 𝑝𝑐 value can be adjusted in different realisations of the blockchain network. The value 𝑝𝑐 = 0.66 represented in Figure 6 can then be conceived as a reasonable threshold for minimum network connectivity ensuring attack tolerance with the above parameters.
PROOF-OF-CONCEPT EXAMPLE Notice that the mathematical model addressed in this work abstracts the specifics about transactions, blocks, network architectures, communication protocols, and so on. The implementer must therefore provide definitions for (a) what is a transaction, (b) criterion for consistent ordering of transactions (this is equivalent to defining the analogous to the doublespending problem), (c) how transactions can be packed into blocks, and (d) how is the information spread over the network. When these specifications are provided there are at least two possible scenarios where the findings addressed in this work can be applied: Wireless Sensor Networks and the Internet-of-Things. As stressed, there are fundamental discrepancies between the proposed model and the current blockchain protocol implementation in cryptocurrencies.
20
Blockchain Technologies and Crypto-Currencies
In particular, in our approach the information is not transmitted immediately to the miners once blocks are created; it is sequentially diffused as shown in Figure 4. This has its pros and cons depending on the application domain.
When there is no Proof-of-Work requirement the block mining lags tend to zero and the verification and generation delays become comparable. This way the blockchain construction speed is dominated by network latency. Therefore, in the absence of POW, one can reschedule agent’s diffusion to save network operations. In the following example we show a proof-of-concept example in the IoT domain where we compare our model with an asynchronous diffusion scheme akin to the conventional blockchain implementation. In the context of IoT consider the problem of human mobility tracking where two individuals leave rooms A and B to reach rooms D, E through hall C (Figure 7). Five presence sensors A–D are continuously capturing data of the form 𝑥𝑖 = {𝑆ID, 𝑡, V} where 𝑆ID identifies the sensor, 𝑡 represent the measurement time, and V ∈ {0, 1} stands for the presence event. Measures are collected at Δ𝑇 intervals and then checked for consistency. Within Δ𝑇, time is split into 𝛿𝑡 length subintervals. These quantities represent the minimum displacement time between home areas or any other relevant time scale. In general they will be functions of the sensor sampling rates. Therefore, we discretise the continuous variable 𝑡 into measurement epochs 𝑛 implicitly defined as
(17) This allows preprocessing raw data 𝑥𝑖 into a dataset with entries of the form {𝑆ID, 𝑛} ∈ , where we also drop V = 0 values. Maintaining our cryptocurrency metaphor, we define transactions as ordered pairs in ≡ ((𝑋, 𝑛), (𝑌, 𝑘)). For instance, = ((A, 1), (C, 2)) represents the movement of a person from room A at epoch 1 to the hall C at epoch 2. Some transactions do not represent real movement (e.g.,
). A possible
is 𝑋 𝑌 if 𝑘>𝑛. This restricts criterion for the validness of a transaction the type of movements allowed in a specific way, but any other criterion can also be defined.
Distributed Sequential Consensus in Networks: Analysis of Partially....
21
Complexity
9
A
D A
D C
C B
M2
M1
M3
E B
(a)
01 eAC
E
M2 2 3
01 12 eAC eCD
5
01 12 23 eAC eCD eBC
9
01 12 23 34 eAC eCD eBC eCE
M1 1 01 eAC
01 12 6 eAC eCD
M3
01 eAC
4
7 8
10
11
13
12
(b)
01 eAC 01 12 eAC eCD 01 12 23 eAC eCD eBC
M2 2
01 12 eAC eCD 01 12 23 eCD eBC eAC 01 12 23 34 eAC eCD eBC eCE
M1 01 1 eAC
01 12 4 eAC eCD
3 7
5 6
8
9
11
M3
10
01 12 eAC eCD 01 12 23 eAC eCD eBC
01 12 34 eAC eCD eCE
01 12 23 eAC eCD eBC
12 23 34 e01 AC eCD eBC eCE
14
15
01 12 23 34 eAC eCD eBC eCE
01 12 23 34 M1 eAC eCD eBC eCE
M1
01 12 34 eAC eCD eCE
01 12 23 34 eCD eBC eCE M2 eAC
M2
01 12 23 34 eAC eCD eBC eCE
01 12 23 34 M3 eAC eCD eBC eCE
M3
01 12 23 eAC eCD eBC
Verify & relay Mine & relay
Verify & mine & relay
Figure 7: Schematic of a possible application of the model developed in this work. Five presence sensors monitor the movement from rooms
A, B to D, E (top left panel). A minimal network of three distributed agents—miners (top right panel)—build consistent orderer aggregations Figure 7: Schematic a possible application ofblockchain the model developed in this of measurements. In the bottom panelof we compare the sequence diagrams from the real and the sequential model. work. Five presence sensors monitor the movement from rooms A, B to D, E (top left panel). A minimal network of three distributed agents—miners (top 01 In (a), first 𝑀𝑀1 extracts and validates transactionorderer 𝑒𝑒AC from aggregations However in theof sequential diffusion model In (b), the as right panel)—build consistent measurements. stressed, agents do not immediately forward transactions/ 𝐸𝐸 and broadcasts the corresponding block to the network (1bottom panel the weblock, compare sequence the real and blocks as they from receive them; nodes blockchain propagate information forwards it to 𝑀𝑀3 diagrams 2). After validating 𝑀𝑀2 in turnthe 12 when they generate new blocks. In the absence of POW, (3-4). At a later time, 𝑀𝑀2 validates 𝑒𝑒CD , adds it to its local the sequential model. agents can synchronise to save unnecessary communication copy (5), and distributes the information among other nodes 23 (6, 7). Next node 3 has itself mined 𝑒𝑒BC (8) which is then validated and sent to the network (9–11). Finally, node 1 only 34 finds it consistent to add 𝑒𝑒CE to its local chain (12) and then it broadcasts the information to the network for its validation and transmission (13–15).
01 (2 ) to node processes. This way, node 2 does not forward 𝑒𝑒AC
3 after receiving it from node of 1 (1 );transactions. the information is sent Next we define a 𝑝𝑎𝑡ℎ 𝑃 as an ordered sequence If 12 when packing 𝑒𝑒CD (3 ) and so on. This reduces the network traffic considerably. miners round is completed 𝐸 denotes the set of possible transactions among When the ameasurements innode 𝑀𝑀2 sends a sync message (dotted line from 8 to 9 ) to the next collected in Δ𝑇, consider two possible paths:
(18)
22
Blockchain Technologies and Crypto-Currencies
Both paths represent the movement of two individuals from A, B to D, E. However, 𝑃’ is not consistent, since the person in B intends to move from C to E before reaching C.
Since we neglect POW, we can consider blocks containing one transaction only which can therefore be generated immediately. The order criterion provides means for building the information chain avoiding the type of order inconsistencies commented above. We also consider a minimal set of three distributed agents (miners in our analogy) which will build the chain. Depending on the network architecture and the communication protocol the information flow among agents can be defined in different ways. However, the model provided in Section 2 allows a considerable reduction of network operations which is more amenable for an IoT implementation. In the bottom panel of Figure 7 we use simplified sequence diagrams to compare the information flow of blockchain (a) and sequential diffusion (b) models as we did in Figure 4. In the lower part, we have also included a summary of the local information stored at each node. Without loss of generality the mining ordering can be mapped to nodes 1–3 (again, as in Figure 4, we use a single thread for verification and mining processes in the nodes, since mining times are much larger than verification from 𝐸 and times). In (a), first 𝑀1 extracts and validates transaction broadcasts the corresponding block to the network (1- 2). After validating the block, 𝑀2 in turn forwards it to 𝑀3 (3-4). At a later time, 𝑀2 validates
, adds it to its local copy (5), and distributes the information among other (8) which is then validated nodes (6, 7). Next node 3 has itself mined and sent to the network (9–11). Finally, node 1 only finds it consistent to add 𝑒 34 CE to its local chain (12) and then it broadcasts the information to the network for its validation and transmission (13–15). However in the sequential diffusion model (b), as stressed, agents do not immediately forward transactions/ blocks as they receive them; nodes propagate information when they generate new blocks. In the absence of POW, agents can synchronise to save unnecessary communication processes.
This way, node 2 does not forward to node 3 after receiving it from (3’ ) and so on. This node 1 (1’ ); the information is sent when packing reduces the network traffic considerably. When a miners round is completed node 𝑀2 sends a sync message (dotted line from 8’ to 9’ ) to the next first mining node (𝑀1 in this case) until there are no more transactions to verify. If there are 𝑁𝑀 agents and transactions, the number of messages grows as
Distributed Sequential Consensus in Networks: Analysis of Partially....
23
in (a) and as in (b), where 𝑘𝑖 is the degree of each node in the agents’ network. The maximum overhead is attained for the full graph where 𝑘𝑖 = 𝑁𝑀 − 1 and both models coincide.
Since WSNs and IoT have in general very low battery capacities, this dramatically limits the size of network traffic. Therefore the model addressed here can add value to these situations.
SUMMARY AND DISCUSSION In this paper we have analysed, both theoretically and numerically, the conditions under which distributed sequential consensus is possible in presence of partial connectivity and uncertainty. A minimum sequential diffusion model consisting of the superposition of a ring lattice with a random graph along with ordered infection rules allowed us to capture key blockchain elements: partial connectivity, sequential diffusion, and failure spreading. In our setting a mean field approximation for network degree was helpful in deriving closed-form expressions for the probability of chain verification once errors are detected. We found that verifications grow exponentially with attack. As expected, graph connectivity reduces verification rates. This is a remarkable result because a large number of verification steps translate directly to cost and efficiency in real implementations. We have also provided expressions for the probability of network breakdown when consensus is not possible. To this end, we have investigated analytically the constituents of the consensus problem in blockchains. We found that clustering dominates over random infection in the large network size limit. This allowed us to derive an expression for the average network performance as a function of connectivity and failure strength. We validated this expression by Monte Carlo simulation. As expected, 100% performance—blockchain limit—can only be achieved for full connectivity. Furthermore, there is an upper bound for network match for partial connectivity. Stronger attack strategies result in lower performance. The resulting expressions allow us to derive connectivity thresholds above which networks can tolerate attack. Beyond that, lower bound consensus is only limited by information spreading and not by failure. A set of reasonable assumptions and algebraic manipulations allowed us to derive operational expressions for this bound. Specifically, for 𝑁 = 60 simple
24
Blockchain Technologies and Crypto-Currencies
majority based consensus, we arrived at the solution; 𝑝𝑐 = 0.66. This means that in a scenario with maximum attach strength, beyond 𝑝𝑐, the percentage deviation of blockchain consensus with respect to the upper connectivity bound is lower than 15%. Clearly this contribution is just a first step in the understanding of partially connected blockchains; the problem still needs further elaboration in order to foster more robust implementations. For instance, we have neglected some communication issues such as delay or bandwidth limitations. In a future work we will research other topological models such as scale-free and spatial networks with heterogeneous links. Multiplex networks will also allow us to inquire into different attack patterns and the possible counterattacking strategies.
ACKNOWLEDGMENTS This research was partially supported by the Regional Ministry of Education from Castilla y León (Spain) and the European Social Fund under the MOVIURBAN project with Ref. SA070U16.
Distributed Sequential Consensus in Networks: Analysis of Partially....
25
REFERENCES 1.
S. Seebacher and R. Schüritz, “Blockchain Technology as an Enabler of Service Systems: A Structured Literature Review,” in Exploring Services Science, vol. 279 of Lecture Notes in Business Information Processing, pp. 12–23, Springer International Publishing, Cham, 2017. 2. S. Amini, F. Pasqualetti, and H. Mohsenian-Rad, “Dynamic Load Altering Attacks Against Power System Stability: Attack Models and Protection Schemes,” IEEE Transactions on Smart Grid, pp. 1–1. 3. S. Sicari, A. Rizzardi, L. A. Grieco, and A. Coen-Porisini, “Security, privacy and trust in Internet of Things: the road ahead,” Computer Networks, vol. 76, pp. 146–164, 2015. 4. H. Menashri and G. Baram, “Critical infrastructures and their interdependence in a cyber attack - the case of the u.s,” Military and Strategic Affairs, vol. 7, no. 1, p. 22, 2015. 5. R. Roman, J. Zhou, and J. Lopez, “On the features and challenges of security and privacy in distributed internet of things,” Computer Networks, vol. 57, no. 10, pp. 2266–2279, 2013. 6. A. Chakravorty, T. Wlodarczyk, and C. Rong, “Privacy preserving data analytics for smart homes,” in Proceedings of the 2nd IEEE Security and Privacy Workshops, SPW 2013, pp. 23–27, usa, May 2013. 7. S. Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System, https:// bitcoin.org/en/. 8. A. Gervais, G. O. Karame, K. Wüst, V. Glykantzis, H. Ritzdorf, and S. Čapkun, “On the security and performance of Proof of Work blockchains,” in Proceedings of the 23rd ACM Conference on Computer and Communications Security, CCS 2016, pp. 3–16, aut, October 2016. 9. A. Dorri, S. S. Kanhere, R. Jurdak, and P. Gauravaram, “Blockchain for IoT security and privacy: The case study of a smart home,” in Proceedings of the 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), pp. 618–623, Kona, Big Island, HI, USA, March 2017. 10. M. Swan, Blueprint for a New Economy, O’Reilly Media, 1st edition, 2015. 11. A. Demers, D. Greene, C. Hauser, W. Irish, and J. Larson, “Epidemic algorithms for replicated database maintenance,” in Proceedings of the the sixth annual ACM Symposium, pp. 1–12, Vancouver, British
26
12. 13.
14. 15.
16.
17.
18.
19.
20. 21.
22. 23.
Blockchain Technologies and Crypto-Currencies
Columbia, Canada, August 1987. A. Vespignani, “Modelling dynamical process in complex sociotechnical systems,” Nature Physics, vol. 8, no. 1, pp. 32–39, 2012. A. J. Bray and G. J. Rodgers, “Diffusion in a sparsely connected space: a model for glassy relaxation,” Physical Review. B. Condensed Matter. Third Series, vol. 38, no. 16, part A, pp. 11461–11470, 1988. D. J. Watts and S. H. Strogatz, “Collective dynamics of ‘small-world’ networks,” Nature, vol. 393, no. 6684, pp. 440–442, 1998. M. E. Newman and D. J. Watts, “Renormalization group analysis of the small-world network model,” Physics Letters A, vol. 263, no. 4-6, pp. 341–346, 1999. R. Monasson, “Diffusion, localization and dispersion relations on “small-world” lattices,” The European Physical Journal B, vol. 12, no. 4, pp. 555–567, 1999. H. Mehlhorn and F. Schreiber, “Small-world property (encyclopedia of systems biology),” in Encyclopedia of Systems Biology, W. Dubitzky, O. Wolkenhauer, K.-H. Cho, and H. Yokota, Eds., pp. 1957–1959, Springer, NY, USA, 2013. R. Guerraoui, M. Hurfinn, A. Mostefaoui, R. Oliveira, M. Raynal, and A. Schiper, “Consensus in Asynchronous Distributed Systems: A Concise Guided Tour,” in Advances in Distributed Systems, vol. 1752 of Lecture Notes in Computer Science, pp. 33–47, Springer Berlin Heidelberg, Berlin, Heidelberg, 2000. A. Babaee and M. Draief, “Distributed Binary Consensus in Dynamic Networks,” in Information Sciences and Systems 2013, vol. 264 of Lecture Notes in Electrical Engineering, pp. 57–65, Springer International Publishing, Cham, 2013. R. Wattenhofer, The Science of the Blockchain, CreateSpace Independent Publishing Platform, 2016. D. Braha, A. A. Minai, and Y. Bar-Yam, Complex Engineered Systems, New England Complex Systems Institute series on complexity, Springer, Berlin, Heidelberg, 2006. J. Scheffran, “The complexity of security,” Complexity, vol. 14, no. 1, pp. 13–21, 2008. R. Karp, C. Schindelhauer, S. Shenker, and B. Vocking, “Randomized rumor spreading,” in Proceedings of the 41st Annual Symposium on Foundations of Computer Science, pp. 565–574.
Distributed Sequential Consensus in Networks: Analysis of Partially....
27
24. R. Albert, H. Jeong, and A.-L. Barabási, “Error and attack tolerance of complex networks,” Nature, vol. 406, no. 6794, pp. 378–382, 2000. 25. F. P. Junqueira and K. Marzullo, “Synchronous consensus for dependent process failures,” in Proceedings of the 23th IEEE International Conference on Distributed Computing Systems, pp. 274–283, usa, May 2003. 26. V. Sood, T. Antal, and S. Redner, “Voter models on heterogeneous networks,” Physical Review E: Statistical, Nonlinear, and Soft Matter Physics, vol. 77, no. 4, Article ID 041121, 2008. 27. C. Decker and R. Wattenhofer, “Information propagation in the Bitcoin network,” in Proceedings of the 13th IEEE International Conference on Peer-to-Peer Computing, IEEE P2P 2013, ita, September 2013. 28. I. Eyal and E. G. Sirer, “Majority Is Not Enough: Bitcoin Mining Is Vulnerable,” in Financial Cryptography and Data Security, vol. 8437 of Lecture Notes in Computer Science, pp. 436–454, Springer Berlin Heidelberg, Berlin, Heidelberg, 2014. 29. J. Göbel, H. P. Keeler, A. E. Krzesinski, and P. G. Taylor, “Bitcoin blockchain dynamics: The selfish-mine strategy in the presence of propagation delay,” Performance Evaluation, vol. 104, pp. 23–41, 2016. 30. F. Prieto-Castrillo, A. Astillero, and M. Botón-Fernández, “A Stochastic Process Approach to Model Distributed Computing on Complex Networks,” Journal of Grid Computing, vol. 13, no. 2, pp. 215–232, 2015. 31. J. Bajo, J. F. De Paz, G. Villarrubia, and J. M. Corchado, “Selforganizing architecture for information fusion in distributed sensor networks,” International Journal of Distributed Sensor Networks, vol. 2015, Article ID 231073, 13 pages, 2015. 32. A. M. Antonopoulos, astering Bitcoin: Unlocking Digital CryptoCurrencies, O’Reilly Media, Inc., 1st edition, 2014.
Blockchain Technology: Is It a Good Candidate for Securing IoT Sensitive Medical Data?
2
Nabil Rifi1,2 , Nazim Agoulmine1 , Nada Chendeb Taher2 , and ElieRachkidi1 COSMO, IBISC Laboratory, University of Evry, Paris Saclay University, France
1
Lebanese University, Faculty of Engineering and Azm Center for Researches, Tripoli, Lebanon
2
ABSTRACT In the past few years, the number of wireless devices connected to the Internet has increased to a number that could reach billions in the next few years. While cloud computing is being seen as the solution to process this data, security challenges could not be addressed solely with this technology. Security problems will continue to increase with such a model, especially for private and sensitive data such as personal data and medical data collected Citation: Nabil Rifi, Nazim Agoulmine, Nada Chendeb Taher, and Elie Rachkidi, “Blockchain Technology: Is It a Good Candidate for Securing IoT Sensitive Medical Data?,” Wireless Communications and Mobile Computing, vol. 2018, Article ID 9763937 Copyright: © 2018 Nabil Rifi et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
30
Blockchain Technologies and Crypto-Currencies
with more and more smarter connected devices constituting the so called Internet of Things. As a consequence, there is an urgent need for a fully decentralized peer-to-peer and secure technology solution to overcome these problems. The blockchain technology is a promising just-in-time solution that brings the required properties to the field. However, there are still challenges to address before using it in the context of IoT. This paper discusses these challenges and proposes a secure IoT architecture for medical data based on blockchain technology. The solution introduces a protocol for data access, smart contracts and a publisher-subscriber mechanism for notification. A simple analytical model is also presented to highlight the performance of the system. An implementation of the solution as a proof of concept is also presented.
INTRODUCTION IoT is taking over the world; it is estimated that the number of devices connected to the Internet forming the Internet of Things will reach 50 billion by 2020 [1]. One critical application is the eHealth smart homes. In fact, this technology allows monitoring elderly or individuals with diseases and automatically sending the data to a remote server for processing by doctors. This data is recorded in the so-called EMR (Electronic Medical Record). Secure access to this EMR is problematic considering privacy issues, transparency, etc. This is why in order to develop secure and reliable solutions for eHealth smart homes, it requires unprecedented coordination and collaboration between all pieces of the system. All devices must work together and be integrated with all other devices, and all devices must communicate and interact seamlessly with remote systems and infrastructures in a secure way. Such a solution is possible, however it can be expensive and time consuming. Thus, there is a need for new ideas and new technologies that will drive IoT security towards a more decentralized model. Having this huge amount of data, being centralized and sometimes monitored by one single provider, may create many problems. The cloud as a computing/storing technology cannot only by itself protect the security and privacy of its users. Using a decentralized approach for IoT network security is eventually an interesting way to solve many of the challenges IoT technology is facing today. Adopting a peer-to-peer model to handle billions of transactions between the billions of interconnected devices will decrease dramatically the costs of installation and maintenance of data centers and servers. It will also allow the distribution of storage and processing power
Blockchain Technology: Is it a Good Candidate for Securing IoT .....
31
on different devices and components of the network increasing the reliability of the system; e.g., the failure of one node will not cause the entire network to halt or collapse. However, in order to establish well-defined peer-to-peer communication protocols, a whole other set of challenges will need to be addressed, mainly security and privacy. Some level of peers validation and consensus must be reached in order to prevent spoofing and theft, an important characteristic that any peer-to-peer distributed solution must have, especially large scale IoT networks. A successful approach to decentralized control of IoT must not only be a peer-to-peer approach, but also a trust environment in which no participant needs to be trusted, and no single point of trust failure exists. Blockchain technology offers these features and proved its efficiency in financial applications such as Bitcoin [2, 3], and it can be of great value and importance in this domain. In this paper we discuss first important background to understand blockchain technology value as well as related works. Then, we present the specific problem we want to address in the context of IoT and finally propose a solution architecture and model. The proposed solution is based on smart contracts [4] and Publisher-Subscriber mechanism. In the following, we present a mathematical model to evaluate the performance of the system and its implementation. Finally, we end up with a conclusion and some future works.
RELATED WORKS Background Blockchain In 2008 Satoshi Nakamoto introduced Bitcoin [5], a fully digital and decentralized cryptocurrency. In order to solve the double spending problem in Bitcoin, blockchain technology was introduced. It is a peer-to-peer decentralized distributed ledger that is replicated on all nodes participating in the system. It is a complete transparent technology that can show all the transactions that have been made since its creation, without tampering or fraud [6]. Blockchain is a group of blocks that are connected, each block to the one before. The first block is called the “Genesis” block and it is hard coded into the software. Think of the blockchain as a log whose records are batched into timestamped blocks, each block being identified by its
32
Blockchain Technologies and Crypto-Currencies
cryptographic hash. Each block references the hash of the block that came before it. This establishes a link between the blocks, thus creating a chain of blocks or blockchain. Any node with access to this ordered, back-linked list of blocks can read it and figure out what is the world state of the data that is being exchanged on the network. To understand how blockchain works, we will first explain how a blockchain network works. This is a set of nodes that operate and interact on the same network using the replicated blockchain copy each node holds. One node might be used as an entry point for multiple users or devices, but let first assume that each node transacts on the network by itself only. First of all, the interaction between users nodes and the blockchain is done via a pair of private and public keys. The transactions are signed using the private keys, and then addressed by other nodes using the corresponding public keys [7]. The use of asymmetric cryptography is very important in terms of providing integrity, nonrepudiation, and authentication to the blockchain network. After a transaction is signed, it is broadcasted by the node to all other nodes it is connected to. The nodes, or peers, need to ensure that the transaction is valid, thus they need to trigger a validation process called “mining”. A transaction in the blockchain can be defined as any transfer of data that has a value (Bitcoin, IoT data, etc.). After a transaction is validated via the mining process, it is then added to the blockchain as a new block of transaction and data. Since the blockchain is transparent, these transactions are available for all nodes connected to the network. These blocks are organized in a linear sequence that grows overtime, where each block contains a timestamp and the hash of the previous block. This organization of the blocks constitutes the so called blockchain. When presenting blockchain technology, there are two main platforms to mention: Bitcoin blockchain which is the famous cryptocurrency blockchain, and Ethereum blockchain [8]. Ethereum is another public blockchain that allows users to implement smart contracts, create private blockchain, and test transactions. In our proof of concept implementation, we have used the Ethereum blockchain.
Proof of Work It is used in the blockchain in such a way that each node participates to solve difficult mathematical puzzles that their solution validates blocks. This puzzle is usually a function of the previous blocks hash, in order to maintain
Blockchain Technology: Is it a Good Candidate for Securing IoT .....
33
the chronological order and solving the double spending problem. Once this puzzle is solved, there is a “winner” that publishes the solution. Once the solution is published, it is easy for other nodes to verify the solution. However, solving the puzzle is expensive when it comes to computational power. Once a majority of the peers accept the solution, all the nodes in the network begin working on the next block; and a repeating process takes place. Proof of work is one approach to reach consensus. It is very efficient in terms of securing the transactions and making the blockchain immutable, because it requires a great amount of resources, from computational resources to electrical and CPU powers. However, this approach has its weaknesses since it is inefficient for typical devices that are not very powerful. The motivation behind proof of work is that the nodes which invest significant resources into the network are less likely to attack or cheat.
Proof of Stake Proof of stake is another approach that aims to solve the computational power problem. In order to validate a certain block or transaction, the amount of cryptocurrency is what matters. 51 % of the digital currency owners need to agree on the current state. The reason behind proof of stake approach is quite simple. The higher is the stake in the system, the more expensive it is for nodes to maintain a secure network. Proof of stake is less secure than proof of work, however it provides a more efficient approach to the lack of computational power issue.
Smart Contracts It is possible to include code to be executed in the blockchain allowing general purpose computation. Similar to a contract between any two individuals, the smart contract is a piece of code that can have conditions to be trigerred and actions to execute if conditions are verified. The importance of smart contracts comes with their capabilities to manage the interactions between nodes and participants of the system based on the data. Smart contracts like any other node have addresses in the blockchain. Triggering a smart contract is done by addressing a transaction to it. The security of these contracts is however very important in the blockchain [9].
Mining Mining is one of the most important processes in blockchain technology. Mining is the act of validating new blocks so that they could be added to
34
Blockchain Technologies and Crypto-Currencies
the blockchain. Mining is done by providing “proof of work” to validate a block; i.e., each block contains a mathematical puzzle that needs to be solved by the miner in order to provide proof of work. This process can be very expensive regarding computational power. Miners are individuals or organizations having dedicated considerable computational power for mining and maintaining the blockchain.
Related Works in the Integration of IoT, Blockchain, and eHealth After an exhaustive investigation of this field, we found out that blockchain is a great candidate for future decentralized IoT architectures and models. For example, authors in [1] have defined a complete IoT architecture composed of three layers, where blockchain is used as the storage layer. The authors also defined a data management and a data sharing protocol, along with a study on different mechanisms and their impacts on the system i.e. direct blockchain access, server client access, and publisher/subscriber access. Based on this study, we found that the publisher/subscriber mechanism is very important and the most flexible mechanism. Therefore, we decided to adopt it in our solution. Blockchain technology is also considered in several ehealthcare solution. As example, authors of paper [10] have highlighted the general role and future impact of blockchain technology in healthcare. In the paper [11], a smart contracts based solution has been defined by the authors to manage the access to electronic medical records. Contribution in [11] is also important since it has defined the basic use of smart contracts in managing relationships between different parties of a blockchain. Another study that focused on the use of smart contracts in the context of IoT [12] and presents important aspects and different points of view regarding the benefit of using smart contracts. A use case of Internet of Things in the context of eHealth is to have medical sensors composing a Wireless Body Area Network (WBAN) and generating data. This approach is discussed in [13]. Authors have used a cryptographic approach applied to the blockchain and an intermediate device to manage data flow and connection to the blockchain. Authors of papers [14, 15] have also described a cryptographic approach where blockchain is implemented as a solution to protect personal data. Authors in [16] has discussed the design issues of integrated IoT and blockchain. The discussion is very helpful to understand the different possible implementation options (fully centralized, pseudocentralized, distributed, and fully distributed). Paper [17] discusses the data privacy and integrity issues in the area of eHealth and more particularly clinical trials.
Blockchain Technology: Is it a Good Candidate for Securing IoT .....
35
Authors have proposed in this contribution a solution that integrates IoT and blockchain to achieve their objective. This work is highly related to our research but focuses more on the relation between parties in the context of clinical trials. The paper [18] is not fullyin the area of eHealth but it presents a comprehensive solution to secure data in the context of smart homes. Authors of the paper have proposed a solution based on the integration of IoT and blockchain to prevent security attacks against external attacks by monitoring the IoT devices transactions. Our research aims to take benefits from all these state of art contributions to derive a well-defined solution to use blockchain technology for IoT data access protection. In the next section, we will highlight the exact challenges to face when applying blockchain to IoT. We would like also to mention that this paper is an extended version of our previous work presented in [19].
Challenges in Using Blockchain Technology with IoT As previously mentioned, blockchain is a peer-to-peer decentralized technology that provides transparent and powerful certification mechanisms while removing the need to trust external third parties. While this is a very important advantage, it comes also with some important challenges. First of all, with the intrinsic architecture of the blockchain, the ledger is replicated on all nodes connected to the blockchain. Therefore, the storage of large amount of data is inefficient if it is in the blockchain itself. This is indeed a big problem for IoT devices such as typical sensors that do have limited computing and storage resources. In addition, since there is no third parties involved in the system, every block added to the blockchain needs to be validated by each of its nodes. This is called the “‘Mining”’ process as previousely explained and it requires high computational power demand [20] to runencryption algorithms. As the IoT ecosystem is very diverse and could consist of heterogeneous devices with very different computing capabilities, all these devices will not be able to execute the same encryption algorithms at the desired speed and this should be taken into account in the proposed architectural solution. Another characteristic of IoT that renders the problem even more complicated is the scalability problem. Indeed, when the number of IoT nodes increases, the number of generated data will also increase and therefore the the number of transactions to the blockchain will also increase. The mining and validation process of the blockchain will then take more time to complete and this should be mitigated as much as possible to acheive the scalability property of IoT systems. In this paper, we aim to
Blockchain Technologies and Crypto-Currencies
36
address specifically this mining problem and the time taken by the system to complete the transactions. We have therefore focused our research on the factors and parameters that might have the higher impact on the complexity of the mining process such as the block size and the block time. In the next section, we will discuss the proposed architecture of the distributed IoT system followed by the proposed solution mechanisms.
PROPOSED ARCHITECTURE The main idea of our approach to solve the problem of the high computational power needed in order to communicate with the blockchain is to introduce a centralized/decentralized combined architecture, i.e., to introduce intermediate servers between IoT devices and the blockchain. A very good candidate for such an intermediate system is a cloud edge server, easily accessible by clients, and with high computational power. The other proposition is to use of a publish-subscribe notification mechanism. In particular, we have taken into account the results obtained from the authors of paper [1] who have shown that the publish-subscribe mechanism is very efficient in terms of filtering data and introducing intermediates to address the high demand of electrical and computational powers from blockchain mechanisms. In addition, we propose to use in our solution smart contracts to maintain rules, authentication, and communication between the different Wirelessnodes Communications and Mobile Computing and parties of our system.
Client Node
5
Client Node
IoT Device Client Node IoT Device
Publisher Node
Subscriber Node Client Node IoT Blockchain
IoT Device
Client Node IPFS Database
Figure 1: Proposed architecture presenting IoT devices connected to the Publisher node itself connected to the blockchain. On the other side, clients are either connected to subscriber nodes or directly to the blockchain.
Figure 1: Proposed architecture presenting IoT devices connected to the Publisher node itself connected to the blockchain. On the other side, clients are 1: function ⊳ either connected to subscriber nodes or directly to thePublisher blockchain. Smart home
Home Ownver Gateway (Publisher)
Blockchain
Authorized person
Figure 2: An architecture for the smart home blockchain IoT
2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12:
𝑆𝑆𝑆𝑆𝑆𝑆𝑅𝑅𝑆𝑆𝑅𝑅𝑅𝑅𝑆𝑆𝑖𝑖𝑅𝑅𝐺𝐺𝑆𝑆𝑆𝑆𝑅𝑅𝑆𝑆𝑆𝑆𝐸𝑅𝑅𝑆𝑆 while 𝑅𝑅𝑅V𝑅𝑅𝑆𝑆𝑅𝑅𝑒𝑒𝑆𝑆𝑅𝑅𝑒𝑒𝑅𝑅𝑆𝑆𝑆𝑆𝑅𝑅𝑆𝑆𝑅𝑅𝑅𝑅V𝑆𝑆𝑅𝑅𝑅𝑅 𝑖 𝑆𝑆𝑆𝑆𝑆𝑆𝑅𝑅𝑅 do 𝑅𝑅𝑅𝑅 𝐷𝐷𝐷 𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑘𝑘𝑖𝑖 𝑅 𝑅𝑅 𝐷𝐷𝐷 𝑆𝑆𝑅𝑅𝑆𝑆𝑅𝑅𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑅𝑅𝑆𝑆𝑅𝑅𝑅𝑅V𝑆𝑆𝑅𝑅𝑅𝑅𝑆𝑆𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅 if (𝑅𝑅 = True) then 𝑅𝑅 𝐷𝐷𝐷 𝑆𝑆𝑅𝑅𝑅𝑅𝑆𝑆𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝐶𝐶𝐶𝐶𝑅𝑅𝑅𝑅𝑅𝑅 𝐻𝐻𝑃𝑃 𝐷𝐷𝐷 𝐺𝐺𝑅𝑅𝑆𝑆𝐺𝐺𝑅𝑅𝑆𝑆𝑆𝑆𝑅𝑅𝑅𝑅𝑆𝑆𝑅𝐻𝐻𝑅𝑅𝑆𝑆𝐸𝑅𝑅𝑅𝑅𝑅 for 𝑅𝑆𝑆𝑗𝑗 ∈ 𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑅𝑅𝑆𝑆𝑆𝑆𝑆𝑆𝑅𝑅𝑅𝑅𝑅𝑅𝑆𝑆𝑆𝑆𝑅𝑅𝑅𝐺𝐺𝑘𝑘 𝑅𝑅 do 𝐸𝐸𝑅𝑅𝐸𝐸𝑆𝑆𝑅𝑅𝑆𝑆𝑅𝑅𝑅𝐻𝐻𝑃𝑃, 𝑆𝑆𝑗𝑗 𝑅 end for end if
Blockchain Technology: Is it a Good Candidate for Securing IoT .....
37
Finally, since the transaction of messages with large amount of data highly negatively impact the performance of the blockchain, we propose to use an off-chain database to store the data, in our case we have used IPFS [21] as peer to peer storage system. The Figure 1 presents a high level diagram of the proposed architecture identifying the different actors, the blockchain and the IoT devices. In the next sections, we will first present the considered scenario then the details of the proposed architecture in terms of components and their interactions.
PROPOSED SOLUTION Defining the Scenario To design our solution, we have first specified a potential real life scenario to help identifying the required components and functionalities. This scenario is related to the eHealth smart home and the remote monitoring of patients. We considered a home equipped with numerous connected sensors (i.e., connected things) that collect environmental data from the home (e.g. temperature, humidity, etc.) as well as medical sensors that collect health data from inhabitant (e.g., heart beats, ECG, etc.). The problem we aimed to address is the following: how can the monitored persons can ensure that the data that is collected from their private environment and their own body and sent outside their home is only accessed by authorized persons (e.g., authorized doctors) and that it is not altered for any malicious reason by a third party ? The direction that has been followed to solve this problem is actually to protect the location where the collected data is stored. To acheive this objective, we will highlight how the components of our blockchain IoT architecture (blockchain, smart contracts, intermediate servers, and offchain database) could be efficiently glued together for this purpose. The main actors of this scenario are the publishers of data and the subscribers to these data while the end-providers and consumers are the IoT devices and the end-users (data generators and data consumers). Figure 2 presents our solution to be deployed in the smart home that is derived from the more general architecture presented in Figure 1.
IPFS Database
38
Figure 1: Proposed architecture presenting IoT devices connected to the Publisher node side, clients are either connected to subscriber nodes or directly to the blockchain. Blockchain Technologies and Crypto-Currencies
Smart home Home Ownver Gateway (Publisher)
Blockchain
Authorized person
Figure 2: architecture An architecture thehome smartblockchain home blockchain IoT Figure 2: An for thefor smart IoT that identifies the that identifies the gateway to the blockchain, the owners, andtothe gateway to the blockchain, the owners, and the authorized persons access the authorized private data. persons to access the private data.
1: function 2: 𝑆𝑆𝑆𝑆𝑆𝑆𝑅𝑅𝑆𝑆𝑅𝑅𝑅𝑅 3: while 4: 𝑅𝑅 5: 𝑅𝑅 6: if 7: 8: 9: 10: 11: 12: en 13: end w 14: end func
The main idea of the solution is highlighted in Figure 2 that is to overcome the limitation of connected objects in a smart home not able to directly(v) connect to the blockchain due to to their limiteddata processing 𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅: function retrieve from thecapacity and energy power. This is achieved using intermediary edge system that local buffer connects the smart home to the blockchain and called the gateway. This (xv) 𝑒𝑒𝑅𝑅𝑅𝑅𝑅𝑅𝐸𝑅𝐻𝐻𝑠𝑠 gateway expected to be more powerful than normal sensors will play hash 𝐻𝐻𝑠𝑠 (vi)is 𝑆𝑆𝑅𝑅𝑆𝑆𝑅𝑅𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑅𝑅𝑆𝑆𝑅𝑅𝑅𝑅V𝑆𝑆𝑅𝑅𝑅𝑅𝑆𝑆𝑅𝑅𝑅𝑅: function to retrieve the and ID of the role of the the sending publisherIoT to the blockchain. Eventually, it will publish the device data received from the set of connected sensors in the smart home to the After describing (vii) 𝑆𝑆𝑅𝑅𝑅𝑅𝑆𝑆𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅: to store data in the off-chain blockchain. The owners offunction this data are the monitored persons (e.g. elderly) the behavior of t who live indatabase their homes and have access to this data. These persons can generated from specify a set of authorized individuals or organisation that are authorized to should occur are (viii) function to generate pointer to location access this 𝐺𝐺𝑅𝑅𝑆𝑆𝐺𝐺𝑅𝑅𝑆𝑆𝑆𝑆𝑅𝑅𝑅𝑅𝑆𝑆𝑅𝑅: data.
chain database ( pointing to the l Defining the Smart Contracts (ix) 𝐻𝐻: the Hash pointing to the location in the database hash to every nod In order to specify the formal relation between data owners, consumers, and 𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑅𝑅𝑆𝑆𝑆𝑆𝑆𝑆𝑅𝑅𝑅𝑅𝑅𝑅𝑆𝑆𝑆𝑆𝑅𝑅𝑅𝐺𝐺𝑅: function the list ofIoT subclients, (x) smart contracts are the corner stonetoofreturn our blockchain system.publisher. All the client, which is a scribers that of subscribed publisher We have defined 3 types contracts. to The proposedPsmart contracts are preThe publisher be sented in Figure 3. (xi) 𝐸𝐸𝑅𝑅𝐸: reference to the blockchain client In the follow subscriber upon (xii) 𝐶𝐶𝑗𝑗 : set of j clients having the same subscriber that it is subscr (xiii) 𝑆𝑆𝑅𝑅𝑅𝑅𝑅𝑆𝑆𝑅: function that allows the client to retrieve the publisher, the blo message sent by a subscriber S and extracts the the address of th (xiv) 𝐶𝐶𝑅𝑅𝑆𝑆𝑆𝑆𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝐶𝐶𝑃𝑃𝑅: function to connect to database 𝑅𝑅𝐶𝐶𝑃𝑃 in the database
Blockchain Technology: Is it a Good Candidate for Securing IoT .....
39
Figure 3: Proposed smart contracts: publisher contract, subscriber contract, and client contract.
The Publisher Contract The first contract is the publisher contract that is deployed by the publisher. One can think about contracts as functions that take input, check it, and sendback results. When an individual subscribes to the system and connects his smart home gateway to the blockchain, he must first specify his gateway or publisher contract. Once accepted, he receives an unique ID mapped to his blockchain address (Ethereum [22] address in the case of Ethereum blockchain). He must also specify the list of IoT devices to connect to the blockchain. This can be done by names to ease access and comprehension of the generated data. In addition, he must specify a type of sharing mechanism to manage the publisher/subscriber relationship, and finally, he mustspecify the list of addresses that have permission to access the data (usually these are the addresses of subscribers who are authorized to access the data).
Blockchain Technologies and Crypto-Currencies
40
The Subscriber Contract The second contract is the subscriber contract. It must contain the address of the subscriber in the blockchain, and the list of publishers to which it subscribes. It must also specify the specific list of sensors to subscribe to. The sensors can be chosen by type, by name or using a wildcard to select all the available sensors connected to a particular publisher. This is the critical component of the publisher-subscriber algorithm, since based on the information stored in that contract, the generated data can be filtered before sending it to a subscriber.
The Client Contract The third contract is the client contract. It serves as a mapping contract between normal nodes, or clients connected to the blockchain, and their respective subscriber contracts. It contains the client name, so that it would be simpler for clients to communicate between each other using a frontend application. This name is mapped to the corresponding address in the blockchain.
The Protocol Description Before describing our protocol, we first define some notations that will be later used in the paper: (i)
Pk: publisher number k
(ii) (iii) (iv)
: device i connected to publisher k Sj: subscriber number j Cj: client number j
(v)
: function to retrieve data from the local buffer
(vi)
: function to retrieve the ID of the sending IoT device (vii) : function to store data in the off-chain database (viii) : function to generate pointer to location in the database (ix) H: the Hash pointing to the location in the database (x) (xi)
: function to return the list of subscribers that subscribed to publisher P Eth: reference to the blockchain client
Blockchain Technology: Is it a Good Candidate for Securing IoT .....
41
(xii) Cj: set of j clients having the same subscriber (xiii)
: function that allows the client to retrieve the message sent by a subscriber S
: function to connect to database DBP (xiv) (xv) : function to retrieve data corresponding to hash Hs After describing the contracts, we specify in this section the behavior of the publisher node after receiving new data generated from the connected IoT devices. The steps that should occur are the following (1) store the data in the off-chain database (IPFS in our case), (2) generate the hash pointing to the location in the database, then (3) send that hash to every node on the blockchain that is subscribed to this publisher. All the transactions are sent using the blockchain client, which is an Ethereum client in our implementation. The publisher behavior algorithm is specified in Algorithm 1. Algorithm 1
In the following, we will describe the behavior of a subscriber upon receiving a transaction sent by a publisher that it is subscribed to. Once a transaction is sent by a publisher, the blockchain client of the subscriber receives it and extracts the included hash. The subscriber first verifies the address of the publisher to make sure that it is not an error or a spam. If not, the action of the subscriber is different depending on whether the client is directly connected to the blockchain or not. If it is directly connected, this means that the client has deployed its own subscriber node therefore it receives the transaction directly through the blockchain client part of its subscriber node. Alternatively, the client may not have its own subscriber node and is therefore using another subscriber node to the blockchain along
Blockchain Technologies and Crypto-Currencies
42
with other clients. This part implements the possibility of having several clients behind only one subscriber node handling the data on their behalf in the blockchain and forwarding it to all of them. The clients registered with the subscriber are part of the set Sj The algorithm that shows this behavior is specified in Algorithm 2.
Algorithm 2
The third part describes the fetching of the data using the received hash in the second part. The client connects to the IPFS node whenever the enduser requests it, and uses the hash code to fetch the data generated by the IoT devices. This behavior is specified in Algorithm 3. Algorithm 3
Figure 4 highlights the specific modules of the subscriber node and the publisher node. In the subscriber node, the Graphical User Interface (GUI) is the entry point for the end-user. The Ethereum client connects the node to the blockchain and the local database stores the received data (it works as a cache to reduce response time of future accesses).
Wireless Communications and Mobile Computing Blockchain Technology: Is it a Good Candidate for Securing IoT .....
43
T Function
Eth Client
GUI
RegisterPub
Subscriber Code Local Client Database Blockchain Client Node (Subscriber)
Eth Client
IoTDevice
RegisterSub
AddSensor
Subscriber Code DB Access Control Offchain Publisher Database
Publisher Node
Figure 4: Internal structure of the client and subscriber nodes and
Figure 4: Internal structure of the client and subscriber nodes and publisher. publisher.
It is also worthy to mention that one important step of the process is not actually visible in the Figure 4 that is the mining. Indeed, for each transaction taking place, the nodes on the blockchain (miners) shall validate Figure 5 shows the sequence diagram of the proposed the transaction as previousely explained. This increases the time to deliver a protocol depicts exchanged between impact the message fromthat a publisher to athe subscriber and it messages has also an important components of the architecture. The previously on different the performance of the overall system in terms of response time.
presented algorithms specify the internal behaviors of the Figure 5 shows the sequence diagram of the proposed protocol that publisher and the subscriber nodes asthe welldifferent as the information depicts the exchanged messages between components of that transit between them. The miner behavior corresponds the architecture. The previously presented algorithms specify the internal to the mining process happens each a transaction is behaviors of the publisher andthat the subscriber nodestime as well as the information transmitted to the blockchain. that transit between them. The miner behavior corresponds to the mining 1 describes thea main functions used in theblockchain. impleprocessTable that happens each time transaction is transmitted to the mentation of the proposed protocol. Each function is also described in this table. In Table 2, the main used variables that allow the protocol to function correctly are described. The variables presented in Table 2 constitute the input or output parameters to the functions described in Table 1.
RegisterToS
Notify StoreData
GenerateHa
Ta Data Type PubID
PubAddress SubID
8
Blockchain Technologies and Crypto-Currencies
44
Wireless Communications and Mobile Computing
IoT Device
Publisher
Subscriber
Blockchain
RegisterPublisher (PubID, PubAddress)
Miner
Mine Transaction
AddSensor (SensorInfo) Mine Transaction RegisterSubscriber (SibId, SubAddress Mine Transaction RegisterToSensor (PubID, PubAddress, SensorInfo) Mine Transaction Notify(PubID, SubAddress) Generate NewData StoreData(NewData) && GenerateHash() Mine Transaction Notify(PubID, SubAddress, HashPointer)
Figure 5: Sequence diagram of the Publisher-Subscriber protocol implemented on the blockchain.
Figure 5: Sequence diagram of the Publisher-Subscriber protocol implemented on the blockchain. In theinsame this can be generalized able to interpret Table the received ECG data. the In this case, functions heart 1 describes main used the way implementation of the to all the generated data from all publishers. We obtain the following measurements should be sampled and sent at high rate. This proposed protocol. signals. Each For function described in this table. In Table 2, formulation: is not true for all types of physiological instance,is it also is not criticalthe to measure at high main body usedtemperature variables thatfrequency. allow the protocol to function correctly are 𝑁𝑁𝑃𝑃 𝑁𝑁𝑡𝑡 Thus, changing the sampling rate of the ECG signal without 𝑃𝑃 𝑃𝑃 (1) ∑ 𝑁𝑁 𝑖𝑖 × 𝑟𝑟 described. variables the 𝑑𝑑 input 𝑑𝑑 𝑖𝑖 ≥ or output a careful validation from The doctors may not bepresented good for anin Table 2 constitute 𝑇𝑇𝑏𝑏 𝑛𝑛𝑛𝑛 accurate interpretation of the we consider in in Table 1. parameters todata. theTherefore, functions described In this formulation, we did not take into account the work and this work the mining time as the main performance metric to time taken by the subscriber and the publisher for their own evaluate the performance of our proposed system: Table 1: Protocol functions and description operations. We consider indeed that these times are negligible Let 𝑁𝑁𝑑𝑑 be the number of devices connected to a publisher. comparing to the mining time which constitutes the most Let 𝑟𝑟𝑑𝑑 be the rate of IoT device data generation, and important part of the delay. consequently the associated rate of generation of new blocks Function Description in the blockchain. RegisterPublisher This function’s identify the publisher the The total data rate generated by one publisher that has 𝑁𝑁𝑑𝑑role is 6. to Implementation of thetoSolution associated IoT devices, assuming that all the devices have blockchain. Athe publisher registration consists of an ID and To implement our solution, we have chosen to use a same data rate 𝑟𝑟𝑑𝑑 is equal to 𝑁𝑁𝑑𝑑 ×𝑟𝑟𝑑𝑑 sampleits of address data per second. in the blockchain. framework called Embark [24]. This framework is based Each new data will generate a new transaction which in on the concept of decentralized (DApps) and to RegisterPublisher function, but for the applications subturn will triggerRegisterSubscriber the mining of a new blockSimilar in the blockchain. was fitting our technical requirements. Embark framework In this case, the mining rate will depend on the block size 𝑁𝑁 scriber nodes. 𝑡𝑡 implements the Ethereum blockchain, IPFS database, and and the time to mine the generated block 𝑇𝑇𝑏𝑏 . The block size AddSensor This one function is available forprotocol the publisher In order Whisper used to nodes. send messages between multiple depends itself on the number of transactions block can DApps. We have chosen to use the an GoEthereum (geth) to add sensors, a publisher should provide a type and fit; it varies indeed from one blockchain platform to another. client, along with SolidityC [25] language for smart contracts As previously indicated, Bitcoin uses a fixed block ID size for for theitssensor. programming. HTML, Javascript and JQuery langages have while Ethereum uses a variable size. RegisterToSensor Subscriber a publisher’s sensor, and been used to program added the frontend and the GUI. We have In this context, the mining rate willThe correspond to thecan check implemented blockchain as well as oneone or all successfully sensors, depending on our ID private or Type. fraction 𝑁𝑁𝑡𝑡 /𝑇𝑇𝑏𝑏 bps. There are two possibleregister cases; thetofirst the notification smart contracts. We have considered two is when the generated publisher lower Notify data rate from theThe notifyisfunction is critical, sinceaitlaptop advertises data, Pi. We have types of nodes, and anew Raspberry than the mining rate and the second case is when it is higher. new publishers, and new sensors. successfully connected both of gateways to the blockchain. The maximum delay time for each case is formulated is the The Raspberry Pi permits to generate real data from its following: embedded sensors. Case 1: Max Delay = 𝑇𝑇𝑏𝑏 if 𝑁𝑁𝑑𝑑 × 𝑟𝑟𝑑𝑑 ≤ 𝑁𝑁𝑡𝑡 /𝑇𝑇𝑏𝑏 Case 2: Max Delay = 𝑁𝑁𝑏𝑏 × 𝑇𝑇𝑏𝑏 where 𝑁𝑁𝑏𝑏 is the number of necessary blocks to accommodate all transactions if 𝑁𝑁𝑑𝑑 × 𝑟𝑟𝑑𝑑 ≥ 𝑁𝑁𝑡𝑡 /𝑇𝑇𝑏𝑏 . Technical Details. In this section, we discuss the settings of 𝑁𝑁𝑏𝑏 can be calculated supposing t=1s 𝑁𝑁𝑏𝑏 = (𝑁𝑁𝑑𝑑 × 𝑟𝑟𝑑𝑑 )/𝑁𝑁𝑡𝑡 . the system and the implementation details of the testbed.
Blockchain Technology: Is it a Good Candidate for Securing IoT ..... StoreData GenerateHash
45
When new data is generated, it is stored in the decentralized storage. After storage, a hash of the pointer to the location of the data in the storage is generated, and then broadcasted to interested subscribers using the Notify function.
Table 2: Protocol data types and description Data Type PubID
Description The publisher ID needed for registration, and used by subscriber to subscribe to, of type String. PubAddress The publisher address in the blockchain needed for registration, and used by subscriber to subscribe to, of type address. SubID The subscriber ID needed for registration, of type String. SubAddress The subscriber address in the blockchain needed for registration, of type address. SensorInfo The sensor type and ID, of type String. HashPointer The main data type transferred between publishers and subscribers, using the Notify function, can be of type base58.
PERFORMANCE ANALYSIS OF THE SYSTEM As previously mentioned, the mining process is an important part of the system and should be explicitly considered in the performance evaluation of the system mainly in terms of response time. Eventually, to optimize the performance of such a system, many factors should be taken into account. The main performance parameter is the delay of processing a transaction and therefore it is important to identify the parameters/factors that could have an important impact on this delay. In this system, the transaction time obviousely depends on the rate and This rate is important because it impacts the size of the data; . mining process. If the rate of data generated by IoT devices increases, the transaction time will also increase. The mining process depends also on the capability of a device processor to validate a transaction, so does the delay time [23]. The best approach to reduce the transaction time is to lower the rate and the size of the data. Unfortunately, this is not always possible. First, it is not always possible to control the CPU computing capacity since it
Blockchain Technologies and Crypto-Currencies
46
comes with the device hardware and moreover it is not always possible to control the rate and the size of data transmitted by sensors (this also depends on the application logic). For example, monitoring in real time the ECG of an individual can be critical. For that, doctors must be able to interpret the received ECG data. In this case, heart measurements should be sampled and sent at high rate. This is not true for all types of physiological signals. For instance, it is not critical to measure body temperature at high frequency. Thus, changing the sampling rate of the ECG signal without a careful validation from doctors may not be good for an accurate interpretation of the data. Therefore, we consider in this work the mining time as the main performance metric to evaluate the performance of our proposed system: Let Nd be the number of devices connected to a publisher.
Let rd be the rate of IoT device data generation, and consequently the associated rate of generation of new blocks in the blockchain. The total data rate generated by one publisher that has Nd associated IoT devices, assuming that all the devices have the same data rate rd is equal to sample of data per second. Each new data will generate a new transaction which in turn will trigger the mining of a new block in the blockchain. In this case, the mining rate will depend on the block size Nt and the time to mine the generated block Tb. The block size depends itself on the number of transactions one block can fit; it varies indeed from one blockchain platform to another. As previously indicated, Bitcoin uses a fixed size for its block while Ethereum uses a variable size. In this context, the mining rate will correspond to the fraction Nt/Tb bps. There are two possible cases; the first one is when the generated data rate from the publisher is lower than the mining rate and the second case is when it is higher. The maximum delay time for each case is formulated is the following: Case 2: Max Delay = Case 1: Max Delay = where Nb is the number of necessary blocks to accommodate all transactions if
.
Nb can be calculated supposing t=1s
.
In the same way this can be generalized to all the generated data from all publishers. We obtain the following formulation:
Blockchain Technology: Is it a Good Candidate for Securing IoT .....
47
(1) In this formulation, we did not take into account the work and time taken by the subscriber and the publisher for their own operations. We consider indeed that these times are negligible comparing to the mining time which constitutes the most important part of the delay.
IMPLEMENTATION OF THE SOLUTION To implement our solution, we have chosen to use a framework called Embark [24]. This framework is based on the concept of decentralized applications (DApps) and was fitting our technical requirements. Embark framework implements the Ethereum blockchain, IPFS database, and Whisper protocol used to send messages between multiple DApps. We have chosen to use the GoEthereum (geth) client, along with SolidityC [25] language for smart contracts programming. HTML, Javascript and JQuery langages have been used to program the frontend and the GUI. We have successfully implemented our private blockchain as well as the notification smart contracts. We have considered two types of nodes, a laptop and a Raspberry Pi. We have successfully connected both of gateways to the blockchain. The Raspberry Pi permits to generate real data from its embedded sensors. Technical Details. In this section, we discuss the settings of the system and the implementation details of the testbed. Figure 6 shows our testbed that is composed of two nodes, a Raspberry Pi acting as a passive publisher (i.e., it is not a miner node) and the laptop acting as a subscriber as well as a miner for the blockchain. To validate the system architecture, we have implemented the scenario presented in Figure 5. The scenario involves first a publisher that registers to the system. The registration of the publisher suffices providing its name, since the Ethereum address is automatically fetched using the “msg.sender” function. Once the publisher is registered, The system identify the list of sensors provided by this particular publisher. For that, an advertising protocol is used (it is a core function in the proposed pub-submodel). The sensor is modeled in the publisher contract as a record of two variables, the sensor ID and the sensor type. Once the publisher and its sensors are registered to the blockchain, any subscriber connecting to the blockchain can discover the publisher and it sensors. In the general case, when a particular subscriber registers to the system, it is possible for it to discover all the available publishers via this particular subscriber as well
48
Blockchain Technologies and Crypto-Currencies
as their provided sensing capabilities. It is then possible for a subscriber to subscribe to any of these publishers if it is authorized. If successfull, the address of the subscriber is added to the publisher’s contract.
Figure 6: Testbed composed of a Raspberry Pi 3 as the publisher to the blockchain and a laptop as a subscriber to the blockchain.
Once new data is generated from any of the sensors associated with a publisher, the gateway stores it in the IPFS storage and sends a broadcast message to the blockchain containing a hash pointing to the location where the data is stored. When the notification is received by a particular subscriber (in our testbed the laptop), its frontend module checks its contract that contains all the publishers’ addresses to verify whether this publisher is among its associated publishers list. If the notification source address does exist in the list then the notification is accepted otherwise it is filtered. The implementation of the system behavior was challenging since SolidityC was not completely mature, many features were not yet implemented at the implementation time. To verify that the GUI was working properly, we have performed several tests using the Embark dashboard. The different steps of the system implementation and deployment are the following:(i)Setting up the private blockchain using Geth.(ii)Configuring the laptop and the Raspberry Pi and connecting them to the blockchain. (iii)Programming the proposed smart contracts model using SolidityC.(iv) Deploying the contracts on the blockchain.(v)Programming the subscriber’s
Blockchain Technology: Is it a Good Candidate for Securing IoT .....
49
frontend (the HTML webpage).(vi)Programming the backend (Javascript to link the smart contracts and the frontend)(vii)Configuring IPFS off-chain database.(viii)Connecting all the elements using Embark framework. The implementation details of the different steps are described as follows: the first step to implement the system was to create a private blockchain to ease testing and experimentation. For that, we have used Geth (the command line interface for running a full Ethereum node implemented in Go) to create the Genesis file (the Genesis block is the first block in the blockchain), which is a Json file. After creating the Genesis file, we have specified some properties of the blockchain such as identity, rpcport, port, data directory and network Id. The next step was to test the blockchain by adding peers, connecting them to the blockchain, and sending Ethereum messages to make sure that the blockchain was working properly. Thanks are due to the Geth Javascript console and the Geth functions which allowed us to test the blockchain. Once the blockchain created, the following step was to create and deploy smart contracts. As previously stated, we have specified the contracts described in Section 5 and then used the SolidityC compiler to generate them. After successfully setting up the private blockchain and deploying the smart contracts, the backend was eventually complete. The next step was the deployment of GUI, i.e., the frontend of the DApp. The implemented frontend is composed of different files: html, Javascript and css files for the portal webpage and its interactions, along with several Embark configuration files. The visible part of the GUI is the portal webpage running on a webserver executed in the laptop. A webserver configuration file was also available in Embark. This environment was then used to deploy a blockchain storage GUI, the frontend and backend. Finally, we deployed the IPFS database and connected it to the private blockchain. All peers could then connect to the blockchain and store data in the IPFS off-chain database. This has completed the implementation and the deployment of the testbed. Tests and Results. Before presenting the results of the tests, we will first present the key parameters of a blockchain:(i)Number of transactions per block. It is calculated as the block size divided by the average transaction size. In fact, the number of transactions in a block in the Ethereum blockchain can reach 2200 transactions per block as a maximum value and 1050 transactions per block as a minimum value [26].(ii)Transaction throughput which depends on two main values: the block size and the expected time interval between blocks.(iii)Block time, mining time, or the time needed to validate a block.(iv)Number of transactions per second (tps).
50
Blockchain Technologies and Crypto-Currencies
We have evaluated the variation of the mining time against the blockchain scale. This was achieved by varying the number of transactions per second (tps). The difficulty level parameter of the Ethereum blockchain (i.e., level of difficulty to mine blocks) [26] is directly related to the mining time. In fact, the difficulty is a scalar value corresponding to the difficulty level applied during the nonce discovery of the processed block. It defines the mining target, which can be calculated from the previous blocks difficulty level and the timestamp. The higher the difficulty is, the statistically the more calculations a miner must perform to discover a valid block. This value is used to control the block generation time of a blockchain, keeping the block generation frequency within a target range. In our testbed, we have kept this value intentionally low to avoid waiting too long during tests. Indeed, since the discovery of a valid block is required to execute a transaction on the blockchain, the overall operation can take a lot of time. We have made our tests when the difficulty value was low, and after a certain time, we have conducted other tests when the difficulty value has increased to high values. In Bitcoin, the average expected system throughput value is 1.75 tps. It is worth noting that the miner, actually the laptop has the following technical configuration in this testbed: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz, 8.00GB RAM, 64 bit OS. Figure 7(a) shows the variation of the difficulty value versus the number of blocks. Actually, the difficulty increases linearly with the number of blocks which is a property known for the blockchain however Figure 7(b) shows that the mining time increaseing exponentially with the rate of the transaction (i.e., number of transactions per second) which is also inherent to the blockchain behavior since more transactions the blockchain needs to process per second higher the processing capacity is required from the blockchain Miners. The following Figure highlights also the difficulty value increases, the mining time increases significantly which is also a characteristic of the blockchain that impacts our solution. Therefore there is need to find the right tradeoff between the difficulty level and the target response time of the system which will be perceived by the end-users.
Blockchain Technology: Is it a Good Candidate for Securing IoT .....
51
Difficulty vs Nbr of Blocks
7 6
Mining Time (ms)
x 10000000
Wireless Communications and Mobile Computing
difficulty value
10
5 4 3 2 1 0
0
100
200 300 number of blocks
400
500
14000 12000 10000 8000 6000 4000 2000 0 −2000 0
Mining Time Variation
2
4 6 8 10 Transaction par seconde (tps)
12
Mining Time at low difficulty Mining time at high difficulty
(a)
(b)
Figure 7: Difficulty variation versus number of blocks and time variation versus transactions rate for different difficulty values.
Figure 7: Difficulty variation versus number of blocks and time variation versus overall operation can take a lot of time. We have made our This environment was for then different used to deploydifficulty a blockchain values. transactions rate tests when the difficulty value was low, and after a certain storage GUI, the frontend and backend. Finally, we deployed the IPFS database and connected it to the private blockchain. All peers could then connect to the blockchain and store data in the IPFS off-chain database. This has completed the implementation and the deployment of the testbed.
time, we have conducted other tests when the difficulty value has increased to high values. In Bitcoin, the average expected system throughput value is 1.75 tps. It is worth noting that the miner, actually the laptop has the following technical configuration in this testbed: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz, 8.00GB RAM, 64 bit OS. Figure 7(a) shows the variation of the difficulty value versus the number of blocks. Actually, the difficulty increases linearly with the number of blocks which is a property known for the blockchain however Figure 7(b) shows that the mining time increaseing exponentially with the rate of the transaction (i.e., number of transactions per second) which is also inherent to the blockchain behavior since more transactions the blockchain needs to process per second higher the processing capacity is required from the blockchain Miners. The following Figure highlights also the difficulty value increases, the mining time increases significantly which is also a characteristic of the blockchain that impacts our solution. Therefore there is need to find the right tradeoff between the difficulty level and the target response time of the system which will be perceived by the end-users.
CONCLUSION AND FUTURE WORKS
and Results. Before presenting the results of the tests, TheTests this workofwas to consider the possibility of using blockchain we objective will first present of the key parameters a blockchain: technology intransactions the area ofIt is IoT data access protection with a possible (i) Number of per block. calculated as the block size divided by the average transaction size. application innumber the ofeHealth with the protection of personal medical In fact, the transactions inarea a block in the Ethereum blockchain can reach 2200 transactions per information from medical block as a collected maximum value and 1050 transactions per sensors and environmental sensors in block as a minimum value [26]. smart(ii)homes. We have proposed an architecture of a solution designed for Transaction throughput which depends on two main values: the block the expected interval that purpose thatsizeisandbased ontime contracts between providers and consumers between blocks. of data. Totime, cope the of the data to store, we have proposed to (iii) Block miningwith time, or the size time needed to validate a block. associate the blockchain with an off-chain database. The block contains the (iv) Number of transactions per second (tps). mainWecontract information as mining welltime as reference to where the complete data have evaluated the variation of the against the blockchain scale. This was achieved by varying the 7. Conclusionthe and Future Works is stored. We have also discussed and presented performance of such a number of transactions per second (tps). The difficulty level parameter of the Ethereum blockchain The objective of this work was to consider the possibility system and the parameters that may haveof an impact on the time to process the (i.e., level of difficulty to mine blocks) [26] is directly related using blockchain technology in the area of IoT data to the mining time. In fact, the difficulty is a scalar valuetheaccess protection possible application the eHealth transactions. We have implemented system inwitha atestbed and inconducted corresponding to the difficulty level applied during the nonce area with the protection of personal medical information discovery of the to processed block. It defines mining target, ofcollected from medical components. sensors and environmental some tests validate thethebehavior the system Wesensors have which can be calculated from the previous blocks difficulty in smart homes. We have proposed an architecture of a shown that existing have level and the timestamp. Thetechnologies higher the difficulty is, the permitted solution designedto for implement that purpose that is the based proposed on contracts statistically the more calculations a miner must perform to between providers and consumers of data. To cope with the architecture. Finally, we have performed some performance measurement discover a valid block. This value is used to control the block size of the data to store, we have proposed to associate theof generation time of a blockchain, keeping the block generation blockchain with an off-chain database. The block contains the thefrequency system toa highlight the wesystem response time (mining time) varies within target range. In how our testbed, have main contract information as well as reference to where the kept this value intentionally low to avoid waiting too long complete data is stored. We have also discussed and presented against the rate of the transactions that is an important factor to consider during tests. Indeed, since the discovery of a valid block the performance of such a system and the parameters that is required to execute a transaction on the blockchain, the may have an impact on the time to process the transactions. when deploying such a system in eHealth realm. In our future work, we aim to extend the system to work on a public blockchain and conduct large scale evaluations.
ACKNOWLEDGMENTS This research was supported by the University of Evry Val dEssonne and by the Lebanese University and CNRS Lebanon. Part of this work was also
52
Blockchain Technologies and Crypto-Currencies
conducted in the frame of the PHC CEDRE Project N37319SK. The authors also thank their colleague Dr. Massum Hasan for the early discussions on the topic.
Blockchain Technology: Is it a Good Candidate for Securing IoT .....
53
REFERENCES 1.
S. H. Hashemi, F. Faghri, P. Rausch, and R. H. Campbell, “World of empowered IoT users,” in Proceedings of the 1st IEEE International Conference on Internet-of-Things Design and Implementation, IoTDI 2016, pp. 13–24, Berlin, Germany, April 2016. 2. N. Nakamoto, “A Peer-to-Peer Electronic Cash System,” 2008, https:// bitcoin.org/bitcoin.pdf. 3. F. Tschorsch and B. Scheuermann, “Bitcoin and beyond: A technical survey on decentralized digital currencies,” IEEE Communications Surveys & Tutorials, vol. 18, no. 3, pp. 2084–2123, 2016. 4. Nick. Szabo, The Idea of Smart Contracts, http://www.fon.hum. uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/ LOTwinterschool2006/szabo.best.vwh.net/idea.html. 5. N. Nakamoto, “Bitcoin: A peer-to-peer electronic cash system,” 2008, http://bitcoin.org/bitcoin.pdf. 6. M. E. Peck, “Blockchains: How they work and why they’ll change the world,” IEEE Spectrum, vol. 54, no. 10, pp. 26–35, 2017. 7. A. Judmayer, N. Stifter, K. Krombholz, and E. Weippl, “Blocks and Chains: Introduction to Bitcoin, Cryptocurrencies, and Their Consensus Mechanisms,” Synthesis Lectures on Information Security, Privacy, and Trust, vol. 9, no. 1, pp. 1–123, 2017. 8. “Ethereum homestead documentation,” http://www.ethdocs.org/en/ latest/. 9. N. Atzei, M. Bartoletti, and T. Cimoli, “A Survey of Attacks on Ethereum Smart Contracts (SoK),” in Principles of Security and Trust, vol. 10204 of Lecture Notes in Computer Science, pp. 164–186, Springer, Berlin, Germany, 2017. 10. M. Mettler, “Blockchain technology in healthcare: The revolution starts here,” in Proceedings of the 18th IEEE International Conference on e-Health Networking, Applications and Services, Healthcom 2016, Munich, Germany, September 2016. 11. A. Azaria, A. Ekblaw, T. Vieira, and A. Lippman, “MedRec: Using blockchain for medical data access and permission management,” in Proceedings of the 2nd International Conference on Open and Big Data, OBD ‘16, pp. 25–30, Vienna, Austria, August 2016. 12. K. Christidis and M. Devetsikiotis, “Blockchains and Smart Contracts for the Internet of Things,” IEEE Access, vol. 4, pp. 2292–2303, 2016.
54
Blockchain Technologies and Crypto-Currencies
13. J. Zhang, N. Xue, and X. Huang, “A Secure System for Pervasive Social Network-Based Healthcare,” IEEE Access, vol. 4, pp. 9239– 9250, 2016. 14. G. Zyskind, O. Nathan, and A. S. Pentland, “Decentralizing privacy: Using blockchain to protect personal data,” in Proceedings of the IEEE Security and Privacy Workshops, SPW 2015, pp. 180–184, San Jose, Calif, USA, May 2015. 15. M. Y. Jung and J. W. Jang, “Data management and searching system and method to provide increased security for IoT platform,” in Proceedings of the 2017 International Conference on Information and Communication Technology Convergence (ICTC), pp. 873–878, Jeju, South Korea, October 2017. 16. C.-F. Liao, S.-W. Bao, C.-J. Cheng, and K. Chen, “On design issues and architectural styles for blockchain-driven IoT services,” in Proceedings of the 4th IEEE International Conference on Consumer Electronics Taiwan, ICCE-TW 2017, pp. 351-352, Taipei, Taiwan, June 2017. 17. F. Angeletti, I. Chatzigiannakis, and A. Vitaletti, “The role of blockchain and IoT in recruiting participants for digital clinical trials,” in Proceedings of the 25th International Conference on Software, Telecommunications and Computer Networks, SoftCOM 2017, Split, Croatia, September 2017. 18. A. Dorri, S. S. Kanhere, R. Jurdak, and P. Gauravaram, “Blockchain for IoT security and privacy: The case study of a smart home,” in Proceedings of the 2017 IEEE International Conference on Pervasive Computing and Communications Workshops, PerCom Workshops 2017, pp. 618–623, Kona, Hawaii, USA, March 2017. 19. N. Rifi, N. Agoulmine, N. Chendeb Taher, and E. Rachkidi, “Towards using blockchain technology for data access management,” in Proceedings of the IEEE 17th International Conference on Ubiquitous Wireless Broadband (ICUWB Conference), 2017. 20. “Mining in Bitcoin,” https://en.bitcoin.it/wiki/Mining. 21. IPFS, “Content Addressed, Versioned, P2P File System,” https://ipfs. io/docs/. 22. “Ethereum whitepaper,” https://github.com/ethereum/wiki/wiki/ White-Paper. 23. J. A. Dev, “Bitcoin mining acceleration and performance quantification,” in Proceedings of the 2014 IEEE 27th Canadian Conference on
Blockchain Technology: Is it a Good Candidate for Securing IoT .....
55
Electrical and Computer Engineering, CCECE 2014, Toronto, Canada, May 2014. 24. “Embark framework,” https://github.com/iurimatias/embarkframework. 25. Solidity Introduction to Smart Contracts, http://solidity.readthedocs.io/ en/develop/introduction-to-smartcontracts.html. 26. “Ethereum charts and statistics,” https://etherscan.io/charts.
Towards Secure Network Computing Services for Lightweight Clients Using Blockchain
3
Yang Xu1 , Guojun Wang2 , Jidian Yang1 , Ju Ren1 , Yaoxue Zhang1 , and ChengZhang1 School of Information Science and Engineering, Central South University, Changsha 410083, China
1
School of Computer Science and Educational Software, Guangzhou University, Guangzhou 510006, China
2
ABSTRACT The emerging network computing technologies have significantly extended the abilities of the resource-constrained IoT devices through the networkbased service sharing techniques. However, such a flexible and scalable service provisioning paradigm brings increased security risks to terminals due to the untrustworthy exogenous service codes loading from the open network. Many existing security approaches are unsuitable for IoT Citation: Yang Xu, Guojun Wang, Jidian Yang, Ju Ren, Yaoxue Zhang, and Cheng Zhang, “Towards Secure Network Computing Services for Lightweight Clients Using Blockchain,” Wireless Communications and Mobile Computing, vol. 2018. Copyright: © 2018 Yang Xu et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
58
Blockchain Technologies and Crypto-Currencies
environments due to the high difficulty of maintenance or the dependencies upon extra resources like specific hardware. Fortunately, the rise of blockchain technology has facilitated the development of service sharing methods and, at the same time, it appears a viable solution to numerous security problems. In this paper, we propose a novel blockchain-based secure service provisioning mechanism for protecting lightweight clients from insecure services in network computing scenarios. We introduce the blockchain to maintain all the validity states of the off-chain services and edge service providers for the IoT terminals to help them get rid of untrusted or discarded services through provider identification and service verification. In addition, we take advantage of smart contracts which can be triggered by the lightweight clients to help them check the validities of service providers and service codes according to the on-chain transactions, thereby reducing the direct overhead on the IoT devices. Moreover, the adoptions of the consortium blockchain and the proof of authority consensus mechanism also help to achieve a high throughput. The theoretical security analysis and evaluation results show that our approach helps the lightweight clients get rid of untrusted edge service providers and insecure services effectively with acceptable latency and affordable costs.
INTRODUCTION The Internet of Things (IoT) industry has evolved remarkably in the last decade. Currently, there exist more than 13 billion connected IoT devices and this number would increase to 30 billion in the near future [1]. Meanwhile, the emerging network computing technologies, typically, fog/ edge computing [2, 3] and transparent computing [4, 5], have significantly extended the abilities of the existing resource-constrained IoT devices, through the network-based service provisioning and sharing mechanisms. For example, in the IoT-oriented edge transparent computing scenario [6, 7], with the aid of block-stream code loading and execution techniques [8], the resource-constrained wearable devices (e.g., wristbands and smartwatches) are enabled to alternately run numerous applications obtained from either the cloud servers or close edge servers (e.g., personal computers), which goes beyond the original capabilities of these local devices (see Figure 1) [9].
Towards Secure Network Computing Services for Lightweight Clients... 2
59
Wireless Communications and Mobile Computing Cloud Server
Edge Servers
Block-stream Loading IoT Devices Execution
Discard after running
Figure 1: The IoT-oriented edge transparent computing scenario.
Figure 1: The IoT-oriented edge transparent computing scenario. provisioning mechanism to protect the lightweight clients scenarios [12–16]. Based on integrity verification techniques, such serviceexogenous provisioning from insecure service codesparadigms from untrustworthy these works However, equip the terminals with flexible the abilities toand check scalable the edge servers in the edge transparent computing scenario. We validities of the acquired service programs before executions bring increased security risks to terminal devices unintentionally. Comparing leverage the blockchain to maintain all the validity states of with the help of static information (e.g., hash checksum) the off-chain services and edge servers updated prestored localtraditional trusted firmwareclosed [12–15] or architectures, trusted platto inthe the attack surfaces ofdynamically network by the arbitration cloud merchants, to help the lightweight form module (TPM) [16]. However, when it comes to IoT computing systems have inevitably increased due to the opening service clients get rid of untrusted or discarded services through scenarios [17] in which the vulnerable IoT devices are the provider identification exogenous and service verification. Besides, threatened by distributed cyberattacks, the[10, rigid 11]. prestored sharing over the network The frequent-changing service the specific smart contracts [30] are introduced and can be information is technically less maintainable for updating, loading onor the clients remoteto verify servers via the canservice the validities of thenetwork edge servers and while codes the spare firmware space specific hardwarefrom is usuallythe triggered codes on behalf of the lightweight clients according to the onunavailable. be unreliable, fragile, and even harmfulchain to transactions, the host terminals in absence of thereby reducing the direct costs of these Recently, the rise of blockchain technologies [18, 19] devices. Furthermore, a consortium blockchain with the inspires researcherssecurity for brand mechanisms new solutions. With theTo IoT adequate [12]. make things worse, the various edge proof of authority consensus mechanism [31, 32] is employed excellent features of openness, decentralization, and tamper servers intermingled vulnerable malicious ones certainly heighten to achieve a high throughput and low latency further. Finally, resistance, the blockchain techniques with have been used as the and we demonstrate the security of our approach and then test underlying security fabric for a bunch of emerging service the risks. it comprehensively. The evaluation results show that our provisioning and sharing systems [20–29]. These approaches approach protects lightweight clients untrusted edge leverage theSome blockchain to release service information so been early studies have already done for the protecting the from terminals service providers and undependable service codes effectively as to ensure that the clients can obtain services correctly. from illegal services schemes in network computing scenarios [12–16]. Based on with acceptable latency and affordable costs. Unfortunately, these blockchain-based usually have low throughput and high service latency problems and take Summarily, the major contributions of our work are integrity verification techniques, these works equip the terminals with the little consideration of necessary information updating as well threefold: as theabilities legality validation of the numerous service providers. (1) We design a blockchain system maintain the to check the validities of the acquired service programstobefore Even worse, few of them are designed for IoT scenarios and appendable and tamper-resistant validity states of the offexecutions with computing the helpand ofstorage staticcosts information (e.g.,and hash prestored thus bring about unaffordable to chain services edgechecksum) servers dynamically declared by the most existing IoT devices. arbitration cloud merchants, to help the lightweight in local trusted firmware [12–15] or trusted platform module (TPM) [16].clients get rid of insecure or deprecated services by the means of Motivated by the situations mentioned above, in this when it comes secure to IoT scenarios [17] in which vulnerable provider identification or servicethe verification. paper,However, we proposed a novel blockchain-based service
IoT devices are threatened by distributed cyberattacks, the rigid prestored
Blockchain Technologies and Crypto-Currencies
60
information is technically less maintainable for updating, while the spare firmware space or specific hardware is usually unavailable. Recently, the rise of blockchain technologies [18, 19] inspires researchers for brand new solutions. With the excellent features of openness, decentralization, and tamper resistance, the blockchain techniques have been used as the underlying security fabric for a bunch of emerging service provisioning and sharing systems [20–29]. These approaches leverage the blockchain to release service information so as to ensure that the clients can obtain services correctly. Unfortunately, these blockchain-based schemes usually have low throughput and high service latency problems and take little consideration of necessary information updating as well as the legality validation of the numerous service providers. Even worse, few of them are designed for IoT scenarios and thus bring about unaffordable computing and storage costs to most existing IoT devices. Motivated by the situations mentioned above, in this paper, we proposed a novel blockchain-based secure service provisioning mechanism to protect the lightweight clients from insecure exogenous service codes from untrustworthy edge servers in the edge transparent computing scenario. We leverage the blockchain to maintain all the validity states of the off-chain services and edge servers dynamically updated by the arbitration cloud merchants, to help the lightweight clients get rid of untrusted or discarded services through the provider identification and service verification. Besides, the specific smart contracts [30] are introduced and can be triggered to verify the validities of the edge servers and service codes on behalf of the lightweight clients according to the on-chain transactions, thereby reducing the direct costs of these IoT devices. Furthermore, a consortium blockchain with the proof of authority consensus mechanism [31, 32] is employed to achieve a high throughput and low latency further. Finally, we demonstrate the security of our approach and then test it comprehensively. The evaluation results show that our approach protects the lightweight clients from untrusted edge service providers and undependable service codes effectively with acceptable latency and affordable costs. Summarily, the major contributions of our work are threefold: (1)
We design a blockchain system to maintain the appendable and tamper-resistant validity states of the off-chain services and edge servers dynamically declared by the arbitration cloud merchants, to help the lightweight clients get rid of insecure or deprecated services by the means of provider identification or service verification.
Towards Secure Network Computing Services for Lightweight Clients...
61
(2)
We not only introduce smart contracts, which can be triggered by the lightweight clients to help them check the validities of the acquired services and edge servers according to the transactions on chain for reducing the costs of these IoT devices, but also employe the efficient consortium blockchain with the proof of authority consensus engine for ensuring the high throughput and low latency of the entire system. (3) We demonstrate the security of the proposed approach, implement a prototype based on the Ethereum project [33], and evaluate its effectiveness and efficiency in the IoT-oriented edge transparent computing environment. The rest of this paper is organized as follows. Section 2 gives an introduction to some related work and shores up our choice of blockchain technique for protecting lightweight clients from insecure service in network computing scenarios. In Section 3, we propose a blockchain-based secure service provisioning mechanism for lightweight clients in network computing scenarios. And then, we discuss the security of the proposed approach and evaluate it in experiments in Section 4. Finally, Section 5 concludes this paper and describes possible enhancement.
RELATED WORK In this section, we introduce some existing approaches about secure service sharing mechanisms which can be applied to the network computing environments. To defend against the threatening service codes loading from the remote servers via the open network, Kuang et al. [12] proposed a security-enhanced service sharing approach for local terminals in network computing by using the integrity checking technique. This approach deploys the checking procedures together with static hash results of services on the local firmware and checks the integrity of acquired service codes from the Internet. Therefore, the terminals are secured as any unmatched suspicious service code would be discarded without execution. Furthermore, the software engineers of Intel Cooperation [13–16] proposed a series of integrity-checking-based secure methods on the UEFI (Unified Extensible Firmware Interface) firmware collaborating with the dedicated TPM hardware. However, these security approaches become unpractical in the IoT scenarios. For one thing, the static information prestored in local device is rigid and technically less updatable, especially in IoT scenarios. For another, the requirements of extra supports
62
Blockchain Technologies and Crypto-Currencies
of firmware or specific hardware are usually unavailable for lightweight IoT devices. In recent years, the emergence and fast growth of blockchain technologies [18, 19] also contribute to the development of service sharing techniques and meanwhile indicate a new way to secure the local terminals from the threats of untrusted extraneous services. As a decentralized ledger built upon peer-to-peer (P2P) structure, blockchain eliminates the need of trusted third parties and has the features of decentralization, trustworthiness, and anonymity. According to the permissions of blockchain nodes, current blockchains can be divided into three types: the public blockchain (which is an open public system that can be partaken by any entities), the private blockchain (which is totally controlled by a single entity), and the consortium blockchain (which is maintained by several privileged entities with limited permissions to normal participants). As the soul of blockchain techniques, there exist several consensus algorithms; typically, the Proof of Work (PoW) is a very fair but costly hashrate-based algorithm fitting for public blockchains, while the Proof of Stake (PoS) is a stake-based algorithm, and the Proof of Authority (PoA) is an efficient and economical authority-determined algorithm often used in consortium blockchains. Besides, the smart contract is another important part of the blockchain. It is a set of promise codes that may be triggered for automatic execution when deployed on the blockchain. And the transactions of execution results will be generated and verified by all blockchain miners so that they will be appended on the blockchain trustworthily. Obviously, the booming of smart contracts makes the blockchain a functionally rich technology. Based on the outstanding features of blockchain technologies, some people started to use blockchain for content sharing. Kishigami et al. [20] proposed a digital content distribution system based on the blockchain. The content owner named licensor shares the data content with licensees over the Internet and all the transactions are recorded on the blockchain. Using blockchain for content distribution can guarantee certain security. With the support of such blockchain-based platforms, users can obtain rich services, while service developers can also control the deliveries of content-sharing services. This is the purpose of most schemes using blockchains for content distribution because a decentralized platform always gives users more freedom. Fotiou and Polyzos [21] presented a decentralized name-based security mechanism that aims to secure content distribution on the blockchain architecture. They leveraged Hierarchical Identity Based Encryption (HIBE) to solve the problem of content storage and verification. And the data content was divided into many small parts for flexible management. Similarly, Decent
Towards Secure Network Computing Services for Lightweight Clients...
63
[22] also uses a similar method for managing data in chunks. It splits the data into multiple pieces before sending it to consumers. However, this system does not take the rationality of data into account, such as whether the data is tampered or not. These approaches that utilize the decentralization characteristics of the blockchain for service sharing ignored the importance of service reliability. Apparently, due to the lack of appropriate security mechanism, the clients are exposed to risks as they may receive unexpected malicious services. Some relevant solutions based on blockchain techniques were proposed to improve the reliability of service sharing. Xu et al. [23] proposed an integrity-checking-based blockchain approach to improve the security of data sharing. They transmitted the personal data in an offchain manner and stored the corresponding hash value on the blockchain. However, it depends on users’ own subjective judgment to decide whether the obtained services are secure or not, thereby causing many subjective controversies. Zhou et al. [24] proposed a protocol named CSSP (cleanroom security service protocol) based on the consortium blockchain to provide network software services. Instead of using the PoW algorithm, it uses an arbitration node to mediate and record transactions which saves a lot in mining. However, these approaches are only imperfect mitigations for security problems. When it comes to our blockchain-based service provisioning scheme, it implemented an off-chain service delivery, dynamic on-chain verification mechanism, to help the lightweight IoT clients get rid of insecure services and service providers, without the participation of traditional trusted third party. The approaches mentioned above are mainly designed for the desktop environment. When it comes to the IoT scenarios, although blockchain and smart contracts have been introduced for improving the security of IoT systems [34–36], there are few practices using blockchains for achieving secure service sharing due to the limitations on the hardware and software in IoT environments. Boudguiga et al. [25] used blockchain as a platform to provide service updates for IoT devices. There are three entities in this system: manufacturer node, user node, and innocuousness checking node. Before manufacturers providing update service for clients, the innocuousness checking nodes will download the updates from the blockchain to check the innocuousness. And then they will respond with a message indicating whether the update is problematic or innocuous. The clients will not be allowed to download the update until more than half of the checking points prove that the current update is innocuous. This approach also makes use of an arbitrator node to ensure the reliability of services. Usually, these
64
Blockchain Technologies and Crypto-Currencies
authority-determined consensus algorithms (i.e., the PoA algorithm) are used in the consortium blockchain which is maintained by several privileged entities. There also exist some typical studies which used the PoA-based consortium blockchain in the IoT scenarios [26]. Undoubtedly, the success of the PoA-based consortium blockchain is quite inspiring. Except for security, efficiency is another important issue for service sharing on the IoT platform. Due to the limitations of hardware resources, IoT devices are not capable of performing too many service tasks. We can refer to some effective desktop methods in the IoT scenarios. The works [21, 22] reduced the pressure on a single data transfer by delivering content in chunks. Herbaut and Negru [27] divided regions on the blockchain by smart contracts; each contract manages a part of the edge users and content providers. This approach reduces the burden of content transfer on a single service node. Sharma et al. [28] proposed an edge-cloud architecture implemented as the blockchain system for service sharing in IoT environment. In this approach, the close fog nodes are responsible for service delivery for IoT devices. And all the services are stored in the blockchain cloud, thereby achieving the low-cost service access control. A similar approach is also proposed by Dorri et al. [29]. However, these architectures did not improve the performance from the perspectives of blockchain itself as well as the consensus mechanism. On the contrary, our platform took advantage of the PoA-based blockchain which achieves the high throughput and low latency of the entire system. In conclusion, comparing with the existing solutions, our blockchain-based service provisioning scheme implements an off-chain service delivery and dynamic on-chain verification mechanism to help the lightweight IoT clients get rid of insecure services and service providers, without the participation of traditional trusted third party. Our approach uses smart contracts to help the lightweight IoT clients check the validities of the acquired services and corresponding edge servers which significantly reduces the costs on the side of IoT devices. Besides, our system employs the efficient consortium blockchain with the PoA consensus engine which achieves the high throughput and low latency of the entire system.
BLOCKCHAIN-BASED SECURE SERVICE PROVISIONING SYSTEM In this section, we provide an overview of the secure service provisioning framework and then detail it in terms of its validity management and verification businesses.
Towards Secure Network Computing Services for Lightweight Clients...
65
Overview of the Model The blockchain-based secure service provisioning framework builds on the edge transparent computing model and is working in on-chain and off-chain Wireless Communications Computing 5 collaboration mode,andasMobile shown in Figure 2. Services
Cloud Service Provider (CSP)
Edge Service Provider (ESP)
Lightweight Client (LC)
Service Request
Service Response
Transaction (Tx): Approved Service
Arbitration Node (AN)
Lightweight Node (LN)
Tx: Forbidden Service
Inquiry Validity Result
Tx: Approved ESP Tx: Forbidden ESP Consortium blockchain with the PoA consensus engine
Figure 2: The secure service provisioning in edge transparent computing.
The validity transaction of ESP: Tx = ⟨𝐸𝐸𝐸𝐸𝐸𝐸 ; V; query secure the validity service states about provisioning the ESPs or the Figure 2:toacquired The in(i) edge transparent computing. service codes. Each LC is also an LN in our C; T⟩, E
blockchain network.
ID
where 𝐸𝐸𝐸𝐸𝐸𝐸 is the MAC address of the ESP, V is ItInconsists of both the legacy entities of edge transparent computing the validity state, C is the comments, and T is theand this framework, the LCs mainly request and obtain service timestamp. codesnew from close ESPs. For protecting the LCs from untrusted several entities of blockchain system. ESPs and undependable services, they are allowed to trigger (ii) The validity transaction of service: Tx = ⟨S ; ID
S
NAME
the smart contract (oracle smart contract, SC ) deployed on S ; V; C; T⟩, The Legacy Entities ofstatesEdge Transparent Computing(i)Cloud Service the blockchain to figure out the validity of the current where S is the service name, S = serving ESPs or the acquired service codes according to hash (service codes),provider V is the validity Provider (CSP): The CSP is the powerful cloud-tier service which existing validity transactions, so that the LCs can determine state, C is the comments, and T is the timestamp. whether to execute the service programs or not. Besides, to provides trusted codes to ESPsBy in an off-chain manner. There exist keep thethe validity states of theservice ESPs and service codes updated, appending new Tx and Tx with corresponding validity the ANs would continually append the new transactions of states to the blockchain, the declare new legal several CSPs which belong to different organizations inANs thecansystem andESPseach validity into the blockchain. and service programs, discard the existing ESPs and service In ourconsist approach, theof service business iscloud off-chain while programs when necessary (e.g., bugs Provider discovered), update the CSP may several servers.(ii)Edge Service (ESP): the security business is on-chain, which helps to achieve service version, or even declare malicious ESPs and service the security with low-performance overheads. Additionally, programs. In addition, the transactions and corresponding The ESP is the off-chain weak service provider closeallto the LCs. It is able to the blockchain is implemented as a consortium blockchain addresses will also be stored into the public database of a the service PoA consensus engine for performance reasons as cachewith the programs from the CSPs and deliver to the LCs maintainer smart contract them (SC ) synchronously to make when the well. transactions efficiently searchable for the smart contract SC Next, we describe the major businesses of our approach, requested. The ESPs and their services are not always (the on-chain address of SC dependable. is embedded in SC ). Devices namely, the validity maintenance and verification in detail. Notice that we reasonably assume that all the ANs such as laptops and routers are usuallycanacting as codes the and ESPs ininformation practice.(iii) obtain service necessary about 3.2. Validity Maintenance Business. The ANs keep the validity ESPs which are engaged in the transactions; meanwhile, the Lightweight Client (LC): is theESPterminal eager states of the ESPs and service codes The updatedLC by continauthenticationwhich and serviceis security testingto are request out of ually appending the new transactions of validity into the the scope of this work. Besides, the MAC address-based and execute the service codes from the service providers. The LCs blockchain. The transaction structures are given as follows: identification used in our case is an exemplary method are abstractions of the physical IoT devices. O
HASH
NAME
HASH
Keccak-256
E
S
M
O
M
O
The Entities of Blockchain System(i)Arbitration Node (AN): The ANs are privileged nodes in the consortium blockchain and maintain a distributed
Blockchain Technologies and Crypto-Currencies
66
ledger together which records smart contracts and transactions of the validities of ESPs and service codes. The ANs are responsible for initiating transactions of validities, verifying the candidate block, and executing smart contracts. All the ANs work in the PoA consensus mode in which each AN packages and broadcasts new block in turn while the others vote to reach a consensus according to the plurality (more than 50%) rule. In our approach, each CSP acts as an AN in the blockchain network (theANs are deployed on legacy cloud servers in practice).(ii)Lightweight Node (LN): The LN is the less privileged entity which is only allowed to read the information on the blockchain and trigger the smart contract to query the validity states about the ESPs or the acquired service codes. Each LC is also an LN in our blockchain network. In this framework, the LCs mainly request and obtain service codes from close ESPs. For protecting the LCs from untrusted ESPs and undependable services, they are allowed to trigger the smart contract (oracle smart contract, SCO) deployed on the blockchain to figure out the validity states of the current serving ESPs or the acquired service codes according to existing validity transactions, so that the LCs can determine whether to execute the service programs or not. Besides, to keep the validity states of the ESPs and service codes updated, the ANs would continually append the new transactions of validity into the blockchain. In our approach, the service business is off-chain while the security business is on-chain, which helps to achieve the security with lowperformance overheads. Additionally, the blockchain is implemented as a consortium blockchain with the PoA consensus engine for performance reasons as well. Next, we describe the major businesses of our approach, namely, the validity maintenance and verification in detail.
Validity Maintenance Business The ANs keep the validity states of the ESPs and service codes updated by continually appending the new transactions of validity into the blockchain. The transaction structures are given as follows: (i)
, where The validity transaction of ESP: is the MAC address of the ESP, V is the validity state, C is the comments, and T is the timestamp.
(ii)
The
validity
transaction
of
service:
Towards Secure Network Computing Services for Lightweight Clients...
67
, where is the service name, (service codes), V is the validity state, C is the comments, and T is the timestamp. By appending new TxE and TxS with corresponding validity states to the blockchain, the ANs can declare new legal ESPs and service programs, discard the existing ESPs and service programs when necessary (e.g., bugs discovered), update the service version, or even declare malicious ESPs and service programs. In addition, all the transactions and corresponding addresses will also be stored into the public database of a maintainer smart contract (SCM) synchronously to make the transactions efciently searchable for the smart contract SCO (the on-chain address of SCM is embedded in SCO). Notice that we reasonably assume that all the ANs can obtain service codes and necessary information aboutESPs which are engaged in the transactions; meanwhile, the ESP authentication and service security testing are out of the scope of this work. Besides, the MAC address-based identification used in our case is an exemplary method which can be replaced or combined with other identification mechanisms. And defending against identification spoofing attacks such as MAC spoofing are complementary to our work.
Validity Verification Business For security purpose, when LCs request and obtain service codes from ESPs, they can trigger the oracle smart contract (SCO) with the corresponding indices of the current ESPs or the service codes, to query the corresponding validity states. The workflow of the secure service provisioning is as follows: (1) (2) (3)
(4)
LC initiates an of-chain service request ⟨SNAME⟩ to a close ESP. The ESP returns service codes to the LC in an off-chain manner. LC (i.e., LN) calculates the hash value of the service codes by the Keccak-256 algorithm and then triggers SCO with a vector . SCO invokes SCM for corresponding on-chain records about ⟨SNAME⟩ and and then compares them with the received ones. Matching a valid record means the corresponding ESP or service codes are secure while matching an invalid record means the opposite. Note that an invalid result will also be given if there . Finally, SCO outputs the is no record related to ⟨SNAME⟩ or
Blockchain Technologies and Crypto-Currencies
68
result in the form of the on-chain transaction so that LC can make decisions accordingly. The process of validity verification is shown in Figure 3.
Figure 3: The workflow of validity verification.
Case Study This section demonstrates an example of our approach to help people understand how it works concretely. Assume there exists a blockchain-based secure service provisioning system which includes the following validity transactions in the blockchain:
(1) Then, we assume that LC initiates an off-chain service request to a close ESP. Then, the ESP returns service codes to LC in an off-chain manner. After receiving the service codes from the ESP, the LCcalculates the hash value of the service codes by Keccak-256 algorithm and then triggers with a vector before execution:
Towards Secure Network Computing Services for Lightweight Clients...
69
(2) SCO invokes SCM for the latest on-chain records about and and then compares them with the received vector from the LC. Since the valid records TxE1 and TxS1 are found in the blockchain, SCO outputs the valid result in the form of on-chain transaction (cf. Figures 4(a) and 5(a)). Finally, the LC fnds the result transaction and believes that corresponding ESP and service codes are secure.
Figure 4: The checking results of service given by the smart contract.
Figure 5: The checking results of the ESPs given by the smart contract.
On the contrary, if the vector submitted to SCO from the LC is , SCO outputs the invalid result in the form of on-chain transaction (cf. Figures 4(c) and 5(b)) because no valid record can be found in the blockchain. Terefore, the LC fnds this result transaction and then denies the service codes from the unreliable ESP.
ANALYSIS AND EVALUATION This section demonstrates the security of our approach and then analyzes the experimental results in terms of effectiveness and efficiency.
Security Analysis Threat Model We assume that the adversary can set illegal ESPs to provide malicious or vulnerable service codes for attacking clients. Besides, the benign ESPs may also provide illegal services, e.g., outdated unpatched codes, due to
70
Blockchain Technologies and Crypto-Currencies
the improper maintenance, thereby putting clients at risks. However, the adversary can neither compromise the majority of arbitration nodes to tamper the blockchain system nor forge digital signatures without corresponding private keys, which is the basic security assumption of general blockchain network commonly accepted. Note that defending against identification spoofing attacks such as MAC spoofing attacks on ESPs are out of the scope of this work as the MAC-based identification used in this approach is only an exemplary method which can be replaced or combined with other advanced mechanisms.
Analysis Since the ESPs and service codes are not always reliable, our security mechanism makes use of the smart contract to check the latest validity states of edge servers and service codes recorded in the form of transactions on the blockchain, so as to help the lightweight clients get rid of illegal service providers and avoid running the unknown or discarded service codes, thereby mitigating the risks. Obviously, the security of our approach mainly depends on the correctness of validity transactions and the proper executions of smart contracts. For the validity transactions, since every transaction is publicly checked and maintained by all the distributed arbitration nodes, according to the basic security assumption of blockchain network, it is almost impossible to tamper existing transactions in blocks or package incorrect transactions into new blocks because, in the PoA consensus mechanism, the adversary can hardly compromise the majority of arbitrators (more than 50% ANs), which are deployed on well-maintained cloud servers. Besides, with the aid of the digital signature technique integrated into the blockchain, the adversary is unable to add malicious transactions with forged digital signatures of legal arbitration nodes because the adversary does not have corresponding private keys. Therefore, the validity transactions are trustworthy in our approach. When it comes to the smart contracts, just like the ordinary transactions in the blockchain, they are also publicly verified and will be executed by all the arbitration nodes. Since the codes of the smart contracts are designed to be immutable, they cannot be modified after deployment even by the creators. Besides, all the execution results given by smart contracts are verified and packaged as transactions within the blocks by all arbitration nodes; therefore, these results are tamper-proof as well. Consequently, according to the analysis above, the validity transactions of service codes and ESPs
Towards Secure Network Computing Services for Lightweight Clients...
71
are trusted, and the smart contracts would be executed correctly. Therefore, the IoT clients can obtain the trusted results for security decisions, thereby getting rid of illegal service providers and insecure service codes effectively. Additionally, as a blockchain-based approach, our security facilitates work in a decentralized P2P manner without relying on a single trusted third party and thus is more robust against security problems like the single point of failure which can be caused by distributed denial of service attacks that often happen in IoT scenarios [17].
Experimental Evaluations In this section, we conducted experiments to evaluate the effectiveness and efficiency of our system. We simulated cloud nodes on a single physical machine; each of them acts as an arbitration node in the consortium blockchain, and they have the highest power as miners. Also, we simulated several edge nodes to serve client nodes. There also exists virtual IoT client to request service. The details of the arbitration node, edge service node, and client node are listed in Table 1. Table 1: The specifications of the testing devices Parameter CPU frequency CPU core Network RAM ROM OS
Cloud (arbitration) node (Virtual cloud server) 3.4 GHz Quad-core 100 Mbps 16 G 1T CentOS 6.0
Edge node (Virtual laptop) 2.6 GHz Dual-core 100 Mbps 8G 512 G Fedora 12
IoT node (Virtual IoT client) 512 MHz Single-core 100 Mbps 256 M 4G Ubuntu Mate
We use the Ethereum Geth_1.8.11 which supports the PoA consensus mechanism to implement the consortium blockchain-based approach.
Effectiveness To test the efectiveness, we simulated 20 edge nodes and 6 of them are set to provide the wrong service to the clients. Besides, we simulated 10 arbitration nodes on the consortium blockchain. When receiving the service codes, the client will calculate the corresponding hash value and then submit the result together with the identifcation of the edge node to the oracle smart contract
72
Blockchain Technologies and Crypto-Currencies
SCO for checking. Ten, SCO will query the corresponding service hash in SCM. Finally, it puts the result on the block which can be referred by the LC. Terefore, the IoT device can decide to abandon the service or start to use it. For visualization purpose, we use Ethereum-Wallet’s graphical interface to show the feedback from the smart contract, and Figure 4 consists of the screenshots of corresponding information of the service. As we can see, SCO returns the query result with the help of SCM, which includes the service name (version), the check result, and the comments. Figure 4(a) shows that the service is a legitimate service, because the hash value of the service is consistent with what the IoT device provides. And the contract will return “1” to confrm the legitimacy of the service. Figure 4(b) shows that the version of the service is invalid, and the IoT device fnds “0” as the result. Te edge node may not be malicious, but it has not updated the service so that the contract will identify this service as an expired service. Figure 4(c) indicates that the service provided by the edge node is completely unreliable because the integrity checking failed, and the data being transmitted is likely to be malicious and must be deprecated by the IoT node. The contract will also check the information of the edge node. Figure 5(a) shows that the edge node is legitimate, and the result is “1.” And we can see that the MAC address is also recorded. Figure 5(b) shows an illegal edge node that has not been registered on the blockchain. If the registration of an edge node is past due, it cannot be accepted and Figure 5(c) shows such information in this case. According to the results of the experiments, our smart contracts correctly record and send back the details of the ESPs and service codes. The system is considered effective and the security is assured.
Performance To measure the performance of our system, we conducted comparative experiments on the blockchain using the consensus algorithm of the PoA and the PoW (with the mining difficulty 0x131072), respectively. We simulated 100 IoT devices to request services from edge servers. To be more practical, we enforced the IoT clients following the Poisson probability distribution ( = 0.2 × n) to initiate requests. There are 20 edge nodes to provide 87 kinds of services with corresponding information recorded in the blockchain. We also simulated 10 cloud servers (i.e., arbitration nodes) whose major tasks are mining blocks and updating the validity states of various services. Through the experiment, we recorded experimental results to show the performance
Towards Secure Network Computing Services for Lightweight Clients...
73
of the system inWireless termsCommunications of system and delays Figure 6), throughput (see Mobile (see Computing Wireless Communications Mobile Computing Figure 7), and gas consumption (seeand Figures 8and 9). 600
300000
500
500
400
400
300 300 200 200 100 100 00
a
a
b
b
c
c
d
Event
d
e
e
Average Gas Consumption (gas)
300000
Average Gas Consumption (gas)
Average Packaging Time (s)
Average Packaging Time (s)
600
200000
100000 100000
0
0
f
f
200000
a
a
b
Event
Average Gas Consumption PoA PoW PoA PoW new SC M a Deploy newnew SC Mtransaction and sync b Add a Deploy SCtransaction and synchronize b Addcnew M Execution Deploy new SC O c SCMdExecution e Add newnew SC Oaddress on SC O d Deploy SCaddress O Execution e Addf new on SC O f SCO Execution Figure 8: The average gas cost
O
f SCO Execution Figure 6: The average packaging time of each transaction.
Figure 6: The averagetime packaging of each transaction. Figure 6: The average packaging of time each transaction.
80000
60000
60000
40000
40000 20000 20000 0 5 10 15 20 Concurrent requests (amount/s)
25
25
Gas Consumption (million gas units/month)
80000
Figure 8: The average gas cost of each p Gas Consumption (million gas units/month)
Transaction Throughput (amount/h) Average Average Transaction Throughput (amount/h)
d
Average Gas Consumption
Average Packaging Time Average PoAPackaging PoWTime PoA newPoW SC M a Deploy new transaction and synchronize SC M Deploy new SC M ba Add cb SC Add new transaction and synchronize SC M M Execution new SC O dc Deploy SCM Execution ed Add new address Deploy new SC on SC O fe SCO ExecutionO Add new address on SC
Average Transaction 5 10 Throughput 15 20 PoAConcurrent requests (amount/s) PoW
c
c Event
Event
0
b
600
600 500 500 400 400 300 300 200 200 100 0
100 0
200
400 600 The number o
Gas Consumption 200 PoA 400 600
PoWThe number of clients
8
Gas Consumption Figure 9: The PoAgas cost under the differen Average7:Transaction Throughput Figure The throughput of transactions. month. PoA PoW PoW performance of the system in terms of system delays (see Figure the9:adoption of under the PoA our appro The gas cost the in different numb
Figure 7: The
Figure 6), throughput Figureof7), and gas consumption month. scale throughout, the platform based Figure 7: The(see throughput transactions. (see Figures 8 and 9). will have better performance. The ex throughput of transactions. The packaging time is a measure of the speed of block that, in general, the packaging time performance of the system in terms of system delays (see the adoption of the PoA in our approach. In output; to some extent, it determines how fast the system can and acceptable. In particular, it is neg Figure 6),transactions. throughput (see Figure 7), and gas6,consumption throughout, the platform based on the P complete As shown in Figure the packaging scalethe service provisioning process. (see Figures 8 and 9). will have better performance. The experime time delay for each event is almost the same (about 500us We also conducted an experime packaging time a measure the speed of block in general, the packagingthe time for each whenThe using the PoW andis300us whenofusing the PoA). We can that,throughput by studying relationsh output; to some extent,time it determines how fastmechanism the system can acceptable. In particular, it is negligible see that the packaging under the PoA is only and service requests and transaction ou about 60%transactions. of that under PoW,inwhich benefit of the service in Figure 7, belowprocess. a certain amount complete Asthe shown Figureshows 6, the the packaging provisioning
time delay for each event is almost the same (about 500us when using the PoW and 300us when using the PoA). We can
We also conducted an experiment to m throughput by studying the relationship betw
cations and Mobile Computing
9
Blockchain Technologies and Crypto-Currencies
74
nications and Mobile Computing
9
Average Gas Consumption (gas) Average Gas Consumption (gas)
300000 300000
200000 200000
100000
bb
cc
dd
ee
100000
00
ff
aa
bb
cc dd Event Event
Event Event
ge Transaction Throughput 5 10 15 20 PoA PoW Concurrent requests (amount/s)
25
25
7: The throughput of transactions. e Transaction Throughput PoAsystem in terms of system delays (see he PoW (see Figure 7), and gas consumption hput
8: The of average gas cost of each process. averageFigure gas cost each process. Gas Consumption (million gas units/month) Gas Consumption (million gas units/month)
5 10 15 20 Concurrent requests (amount/s)
f f
Average Gas Consumption Average Gas Consumption PoA PoW PoA PoW a Deploy new SC M new SC a bDeploy M Add new transaction and synchronize SC M new transaction and synchronize SC M b cAdd Execution SCM c dSCDeploy Execution new SC M O Add new newaddress SC O on SC O d eDeploy SCO Execution e fAdd new address on SC O f SCO Execution Figure 8: The average gas cost of each process.
ckagingTime Time kaging PoW PoW ew SC M wtransaction SC M and synchronize SC M ransaction and synchronize SC M cution ution ew SC O waddress SC O on SC O cution on SC address O ution verage packaging time of each transaction.
erage packaging time of each transaction. Figure 8: The
e e
600
600 500 400 500 300
400
200
300
100
200 100 0
0
200
400 600 800 The number of clients
1000
Gas Consumption PoA
200 PoW
400 600 800 1000 The number of clients Figure 9: The gas cost under the different numbers of LCs in one Gas Consumption month. PoA
the adoption ofPoW the PoA in our approach. In the case of large scale throughout, theunder platform based on the PoA mechanism Figure 9: The gas cost the different numbers of LCs in one 9). will have better performance. The experiment result shows : The throughput of transactions. month. Figure 9:block The gas cost underthe thepackaging different of LCs in one month. time is a measure of the speed of that, in general, timenumbers for each event is small tent, it determines how fast the system can and acceptable. In particular, it is negligible to the clients in eons. system in terms of system delays (see the of inprocess. our approach. the caseof of large As shown in Figure 6, the packaging theadoption service The packaging timeprovisioning isthea PoA measure of theInspeed block output; to some put (see Figure 7), the andsame gas consumption throughout, the platform based on thetoPoA mechanism h event is almost (about 500us scale We also conducted an experiment measure system extent, it determines how fast the system can complete W and 300us when using the PoA). We can will throughput by studying the relationship between concurrent 9). have better performance. The experiment result shows transactions. As ing time under the PoA mechanism is only service requests and transaction output speed. As shown shown Figure packaging time event is almost the time is a measure of the speed ofinblock that,6,inthe general, the packaging time delay for each for event each is small under the PoW, which shows benefit in Figure 7, below a certainit amount of concurrent service ent, it determines how fast thethe system canof and acceptable. In particular, is negligible to the clients in
ons. As shown in Figure 6, the packaging h event is almost the same (about 500us W and 300us when using the PoA). We can ng time under the PoA mechanism is only nder the PoW, which shows the benefit of
the service provisioning process. We also conducted an experiment to measure system throughput by studying the relationship between concurrent service requests and transaction output speed. As shown in Figure 7, below a certain amount of concurrent service
Towards Secure Network Computing Services for Lightweight Clients...
75
same (about 500us when using the PoW and 300us when using the PoA). We can see that the packaging time under the PoA mechanism is only about 60% of that under the PoW, which shows the benefit of the adoption of the PoA in our approach. In the case of large scale throughout, the platform based on the PoA mechanism will have better performance. The experiment result shows that, in general, the packaging time for each event is small and acceptable. In particular, it is negligible to the clients in the service provisioning process. We also conducted an experiment to measure system throughput by studying the relationship between concurrent service requests and transaction output speed. As shown in Figure 7, below a certain amount of concurrent service requests, given a fixed period of time, the output speed of transactions increases at a certain rate along with the increase of concurrent service requests. But when the amount of concurrent requests is over 22 per second, the curve starts to converge, and the output speed of the transaction gradually tends to a stable value. The system throughput cannot increase indefinitely because it is limited by the speed of blocks creations and the capability of each block. And our maximum transaction throughput is approximately 80000 per hour. At its best, the platform can complete about 80000 transactions per hour, i.e., about 22 transactions per second, which is a relatively high and stable throughput large enough for service business. When it comes to the PoW-based approach, the transaction throughout curve converges earlier (since the concurrent request amount is 16 per second) and the maximum throughput is about 55000 per hour, which is obviously inferior to our PoA-based approach. In the Ethereum-based blockchain, each mining node (i.e., ANs in our case) participating in the network will perform the blockchain protocol. With the creation of a transaction, a certain amount of gas will be charged. The gas price is the unit price of gas (e.g., 1 ether ≈ 210 USD) set by the initiator of the transaction, and the total cost of the transaction is cost (ether) = gas × gas price. Therefore, we also logged the average gas consumption of all the events in our approach, seen as shown in Figure 8. When using the PoA mechanism, event (a) costs about 33800 gas units. Events (b), (c), (e), and (f) cost about 21000 gas units per transaction. Event (d) costs around 257000 gas units. Similar results were observed from the experiment using the PoW mechanism. As we can see, the gas usage of each execution event is almost the same. But the deployment ofSCO costs much gas units than other events. We believe the reason is that the codes of SCO are more complex than those of the others. Besides, as for the setup events, events (a)
76
Blockchain Technologies and Crypto-Currencies
and (d) only happen once in the initialization while events (b) and (e) occur when new validity state of service codes or an ESP is appended. The gas price in this experiment is 0.02 ether per million gas units; therefore, it costs about 0.0058 ethers (≈ 1.2 USD) to deploy the smart contracts which are necessary to make our system functional. And as for normal transactions, we can record 1000 transactions with the cost of only 0.042 ethers (≈ 8.8 USD). We can see that the cost of our platform is relatively small and acceptable. Besides, we also simulated n (n = 100, 200, 300, …, 1000) IoT devices to request services from edge servers within a month and recorded the gas consumption. We also enforced the IoT devices following the Poisson probability distribution (λ = 0.2 × n) to initiate requests. In Figure 9, the x-coordinate represents the number ofLCs increasing from 100 to 1000 with the increment of 100. The y-coordinate represents the monthly gas consumption in the certain number of LCs. As shown in Figure 9, when the number of clients is 100, the monthly gas consumption is about 125 million gas units (≈ 5.25 USD per client) under the PoA, compared with 130 million gas units (≈ 5.46 USD per client) under the PoW. We can see that the gas consumption maintains a slow and stable growth along with the increase of clients. When the number of clients is 1000, the monthly gas consumption of the system under the PoA consensus mechanism is about 400 million gas units (≈ 1.68 USD per client), compared with 580 million gas units (≈ 2.436 USD per client) in the PoW-based one. Besides, the gas consumption of both the PoA and PoW relies on a stable growth, which means adding IoT devices does not impose a great overhead; therefore, our system has a low consumption and sufficient scalability.
CONCLUSIONS In this paper, we proposed a novel blockchain-based secure service provisioning mechanism to protect the lightweight clients from insecure exogenous service codes from untrustworthy edge servers in the edge transparent computing scenario. We introduce the blockchain to keep all the validity states of the off-chain services and edge service providers for helping the IoT terminals get rid of undependable services through edge servers’ identification and service verification. Besides, we develop and deploy the smart contracts that can be triggered by the lightweight clients to check the validities of both the service codes and edge servers according to the transactions on chain, thereby reducing the direct overheads of these resource-constrained IoT devices. Additionally, to ensure the high
Towards Secure Network Computing Services for Lightweight Clients...
77
throughput and low latency, we adopt the efficient permissioned blockchain together with the PoA consensus engine. The security analysis and the evaluation results show that our approach protects the lightweight clients from untrusted edge service providers and undependable service codes effectively, and the validation latency is acceptable while the overheads are affordable to IoT devices. Next, we would like to establish a blockchain-based reputation system for the service providers according to the feedbacks from IoT terminals, so as to achieve a better trade-off among flexibility, availability, and security of service provisioning. Besides, service auditing and charging are also interesting issues that can be further studied.
ACKNOWLEDGMENTS This work was supported by the National Natural Science Foundation of China [Grant nos. 61632009, 61702561, 61702562, and 61472451], the Hunan Provincial Innovation Foundation for Postgraduate [Grant no. CX2015B047], and the Guangdong Provincial Natural Science Foundation [Grant no. 2017A030308006].
78
Blockchain Technologies and Crypto-Currencies
REFERENCES 1.
C. MacGillivray and P. Gorman, “Connecting the IoT: The Road to Success,” International Data Corporation (IDC) Report, 2018. 2. R. Mahmud, R. Kotagiri, and R. Buyya, “Fog Computing: A Taxonomy, Survey and Future Directions,” in Internet of Everything, Internet of Things, pp. 103–130, Springer Singapore, Singapore, 2018. 3. W. Shi, J. Cao, Q. Zhang, Y. Li, and L. Xu, “Edge computing: vision and challenges,” IEEE Internet of Things Journal, vol. 3, no. 5, pp. 637–646, 2016. 4. Y. Zhang, K. Guo, J. Ren et al., “Transparent Computing: A Promising Network Computing Paradigm,” Computing in Science & Engineering, vol. 19, no. 1, pp. 7–20, 2017. 5. J. He, Y. Zhang, J. Lu, M. Wu, and F. Huang, “Block-Stream as a Service: A More Secure, Nimble, and Dynamically Balanced Cloud Service Model for Ambient Computing,” IEEE Network, vol. 32, no. 1, pp. 126–132, 2018. 6. J. Ren, H. Guo, C. Xu, and Y. Zhang, “Serving at the Edge: A Scalable IoT Architecture Based on Transparent Computing,” IEEE Network, vol. 31, no. 5, pp. 96–105, 2017. 7. H. Guo, J. Ren, D. Zhang, Y. Zhang, and J. Hu, “A scalable and manageable IoT architecture based on transparent computing,” Journal of Parallel and Distributed Computing, vol. 118, no. 1, pp. 5–13, 2017. 8. X. Peng, J. Ren, L. She, D. Zhang, J. Li, and Y. Zhang, “BOAT: A BlockStreaming App Execution Scheme for Lightweight IoT Devices,” IEEE Internet of Things Journal, vol. 5, no. 3, pp. 1816–1829, 2018. 9. W. Li, B. Wang, J. Sheng, K. Dong, Z. Li, and Y. Hu, “A Resource Service Model in the Industrial IoT System Based on Transparent Computing,” Sensors, vol. 18, no. 4, pp. 981–1022, 2018. 10. Y. Zhang, L. T. Yang, Y. Zhou, and W. Kuang, “Information security underlying transparent computing: Impacts, visions and challenges,” Web Intelligence and Agent Systems, vol. 8, no. 2, pp. 203–217, 2010. 11. G. Wang, Q. Liu, Y. Xiang, and J. Chen, “Security from the transparent computing aspect,” in Proceedings of the 2014 International Conference on Computing, Networking and Communications, ICNC 2014, pp. 216–220, USA, February 2014.
Towards Secure Network Computing Services for Lightweight Clients...
79
12. W. Kuang, Y. Zhang, Y. Zhou, and H. Yang, “RBIS: Security Enhancement for MRBP and MRBP2 Using Integrity Check,” Journal of Chinese Computer Systems, vol. 28, no. 02, pp. 251–254, 2007. 13. M. Wu, “Analysis and a Case Study of Transparent Computing Implementation with UEFI,” International Journal of Cloud Computing, vol. 1, no. 4, pp. 312–328, 2012. 14. M. Wu, “How to Make Transparent Computing Secure – Several Security Considerations in Transparent Computing Design and Implementation,” in Proceedings of the Workshop on Trusted Computing (Guangzhou) Presentation, 2018. 15. V. J. Zimmer and D. Wei, “UEFI Technical Updates and Platform Innovations,” in Proceedings of the Transparent Computing Summit (Shanghai) Presentation, 2010. 16. V. J. Zimmer, “Platform trust beyond BIOS using the Unified Extensible Firmware Interface,” in Proceedings of the 2007 International Conference on Security and Management, SAM’07, pp. 400–405, USA, June 2007. 17. C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas, “DDoS in the IoT: mirai and other botnets,” IEEE Computer Society, vol. 50, no. 7, pp. 80–84, 2017. 18. S. Nakamoto, Bitcoin: A peer-to-peer electronic cash system, 2008. 19. Z. Zheng, S. Xie, H. Dai et al., “Blockchain Challenges and Opportunities: A Survey,” International Journal of Web & Grid Services, 2016. 20. J. Kishigami, S. Fujimura, H. Watanabe, A. Nakadaira, and A. Akutsu, “The Blockchain-Based Digital Content Distribution System,” in Proceedings of the 5th IEEE International Conference on Big Data and Cloud Computing, BDCloud 2015, pp. 187–190, China, August 2015. 21. N. Fotiou and G. C. Polyzos, “Decentralized name-based security for content distribution using blockchains,” in Proceedings of the 35th IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2016, pp. 415–420, USA, April 2016. 22. M. Michalko and J. Sevcik, DECENT Whitepaper, DECENT Foundation Documentation, 2015. 23. X. Xu, C. Pautasso, L. Zhu et al., “The blockchain as a software connector,” in Proceedings of the 13th Working IEEE/IFIP Conference
80
24.
25.
26.
27.
28.
29. 30.
31.
Blockchain Technologies and Crypto-Currencies
on Software Architecture, WICSA 2016, pp. 182–191, Italy, April 2016. L. Zhou, G. Wang, T. Cui, and X. Xing, “Cssp: The Consortium Blockchain Model for Improving the Trustworthiness of Network Software Services,” in Proceedings of the 2017 IEEE International Symposium on Parallel and Distributed Processing with Applications and 2017 IEEE International Conference on Ubiquitous Computing and Communications (ISPA/IUCC), pp. 101–107, Guangzhou, December 2017. A. Boudguiga, N. Bouzerna, L. Granboulan et al., “Towards better availability and accountability for IoT updates by means of a blockchain,” in Proceedings of the 2nd IEEE European Symposium on Security and Privacy Workshops, EuroS and PW 2017, pp. 50–58, France, April 2017. Z. Li, J. Kang, R. Yu, D. Ye, Q. Deng, and Y. Zhang, “Consortium Blockchain for Secure Energy Trading in Industrial Internet of Things,” IEEE Transactions on Industrial Informatics, vol. 14, no. 8, pp. 3690–3700, 2018. N. Herbaut and N. Negru, “A Model for Collaborative BlockchainBased Video Delivery Relying on Advanced Network Services Chains,” IEEE Communications Magazine, vol. 55, no. 9, pp. 70–76, 2017. P. K. Sharma, M.-Y. Chen, and J. H. Park, “A Software Defined Fog Node Based Distributed Blockchain Cloud Architecture for IoT,” IEEE Access, vol. 6, pp. 115–124, 2018. A. Dorri, S. S. Kanhere, and R. Jurdak, “Blockchain in Internet of Things: Challenges and Solutions,” https://arxiv.org/abs/1608.05187. L. Luu, D.-H. Chu, H. Olickel, P. Saxena, and A. Hobor, “Making smart contracts smarter,” in Proceedings of the 23rd ACM Conference on Computer and Communications Security, CCS 2016, pp. 254–269, Austria, October 2016. X. Li, P. Jiang, T. Chen, X. Luo, and Q. Wen, “A survey on the security of blockchain systems,” Future Generation Computer Systems, In press, corrected proof, Available online 23 August 2017.
Towards Secure Network Computing Services for Lightweight Clients...
81
32. S. D. Angelis, L. Aniello, R. Baldoni et al., “PBFT vs Proof-ofauthority: Applying the CAP Theorem to Permissioned Blockchai,” in Proceedings of the Italian Conference on Cybersecurity, pp. 1–11, 2018. 33. https://www.ethereum.org/. 34. E. F. Jesus, V. R. L. Chicarino, C. V. N. de Albuquerque, and A. A. Rocha, “A Survey of How to Use Blockchain to Secure Internet of Things and the Stalker Attack,” Security and Communication Networks, vol. 2018, Article ID 9675050, 27 pages, 2018. 35. H. Shafagh, L. Burkhalter, A. Hithnawi, and S. Duquennoy, “Towards blockchain-based auditable storage and sharing of iot data,” in Proceedings of the 8th ACM Cloud Computing Security Workshop, CCSW 2017, pp. 45–50, ACM, TX, USA. 36. K. Christidis and M. Devetsikiotis, “Blockchains and Smart Contracts for the Internet of Things,” IEEE Access, vol. 4, pp. 2292–2303, 2016.
Analysis of R & D Capability of China’s Blockchain Technologies
4
Xiaoyu Liu, Duyun Peng, Youdong Wen School of Statistics, Jiangxi University of Finance and Economics, Nanchang, China
ABSTRACT As the pioneer of emerging technologies, China’s blockchain technologyled enterprises are crucial to R & D capabilities. Through the collection of relevant data from 2015 to 2017, the input and output indicators were constructed; the DEA analysis method was used to evaluate the R & D efficiency, and the EM iterative algorithm was used for cluster analysis. The 15 companies were divided into three categories. It was found that the company’s average pure technical efficiency was 0.68, and UFIDA’s R & D investment was the largest. There were eight companies with input redundancy and insufficient output. There is a high degree of correlation between R & D scale efficiency and EM clustering results. If a firm is Citation: Liu, X., Peng, D. and Wen, Y. (2018) Analysis of R & D Capability of China’s Blockchain Technologies. Theoretical Economics Letters, 8, 1889-1904. doi: 10.4236/ tel.2018.810124. Copyright: © 2018 by authors and Scientific Research Publishing Inc. This work is licensed under the Creative Commons Attribution International License (CC BY). http:// creativecommons.org/licenses/by/4.0
84
Blockchain Technologies and Crypto-Currencies
increasing in size or constant in scale, it is often classified as Category 2 or Category 3, otherwise it is classified as Category 1. Keywords: Blockchain, R & D Capacity, EM Clustering, Efficiency
INTRODUCTION The report on the work of the government, which has been delivered at the First Session of the 13th National People’s Congress, pointed out that China’s investment in research and development (R & D) has grown at an average annual rate of 11 percent, ranking second in the world in scale. The contribution of technological advances to economic growth has risen from 52.2 to 57.5 percent. Judging from the preliminary estimation results of Annual Report on Comprehensive Statistics of Science and Technology, National Bureau of Statistics of China issued on February 13th, 2018, in 2017, China’s total R & D spending reached to 1.75 trillion yuan, while China’s gross domestic product (GDP) 82.71 trillion yuan, then the R & Dintensity (R & D/GDP) was 2.12 percent, increased by 0.01 percent over the previous year. R & D expenses refer to the expenses for fundamental researches, applications and experimental development in the specified statistical year. It includes the labor cost, material fee, management fee and other related expenses used in the R & D process, and it can be used to reflect and evaluate the capacity for innovations and scientific research strength of a country. In 2017, the R & D expenses increased by 11.6 percent year on year, and the growth rate increased by one point compared with the previous year. From the perspective of the whole world, the total amount of R & D investment in China now ranks the world’s second after the United States. Since the 18th National People’s Congress of China, R & D investment is on a continuous uptrend. The R & D intensity from 2014 to 2016 was 2.02 percent, 2.05 percent and 2.11 percent respectively. The most noteworthy R & D investment is the fundamental research, which refers to the underlying research to explore the basic principle of phenomena and facts, and to research experimentally and theoretically on possible new knowledge. China’s fundamental research funding in 2017 was 92 billion yuan, registering year-on-year growth of 11.8 percent, and its share in the total R & D expenses had grown to 5.3 percent, up from 5.2 percent. Nevertheless, the proportion is not big in general. R & D activities mainly include universities, enterprises and research institutes, among which enterprises are the biggest contributors. The comprehensive R & D funding
Analysis of R & D Capability of China’s Blockchain Technologies
85
was 1.37 trillion yuan in 2017, registering year-on-year growth of 13.1 percent, and maintained a double-digit growth for two years straight; The R & D funding of the high-efficient and scientific research institutions was 0.24 trillion yuan and 0.11 trillion yuan, registering year-on-year growth of 7 percent and 5.2 percent respectively. The report, delivered at the 19th National People’s Congress of China, pointed out that the concept of “innovation” involved in the Party’s theory, practice, system, culture and other aspects. The world is changing, we must firmly commit innovation-driven development strategy. Innovation is not limited to certain areas, but usually combines with science and technology. As the report emphasizes, the principles and policies of country’s innovative construction must focus on the theme of the development of science and technology. But in recent years, many enterprises focus on exploration of emerging technologies blockchain technology and have carried on development strategic plan in order to positively respond to the national policy of innovation and development. The Organization for Economic Cooperation and Development (OECD) published the Scientific and Technological Innovation Outlook in 2016, in which the report listed the top-ten hot spots of future technology development, including blockchain technology [1] . In October 18th, 2017, the ministry of industry pointed out that financial services will be blockchain’s first field for application, due to its high reliability, simplified process, easily-tracked transaction, data quality improvement and other characteristics. And blockchain can be applied to the financial payment, clearing and settlement, asset management, security trading, identity, credit, etc. In May, 2016, the publication of the domestic book, Blockchains: Define the New Pattern of Future Finance and Economy [2] thoroughly pushed “blockchain” to public’s view, and what differences blockchain technology has brought to future finance, and economy was introduced in detail in this book. Blockchain is an emerging decentralized architecture and distributed computing paradigm underlying Bit coin and other crypto currencies, and has recently attracted intensive attention from governments, financial institutions, high-tech enterprises, and the capital markets. Blockchain’s key advantages include decentralization, time-series data, collective maintenance, programmability and security, and thus is particularly suitable for constructing a programmable monetary system, financial system, and even the macroscopic societal system. The birth of blockchain is inseparable
86
Blockchain Technologies and Crypto-Currencies
from bitcoin. The former is the underlying technology and infrastructure of the latter, but the latter is just an application of the former. Blockchain, which was introduced by the founder of the currency Satoshi Nakamoto after the financial crisis, originated from the foundation of society and can be simply described as a decentralized and trustless way to safeguard the distributed database jointly. Blockchain is an essentially common database to record and update transactions. The blockchain technology has been promoted for less than 10 years, but it has aroused great attention. Especially in last two years, blockchain has gradually become an independent innovation hot point. It creating a new distributed data storage technology with an innovation change on system/ program design. Maybe, it will subvert the organizational model of current business community in future. So, it received more and more attention from Business and Technology communities. Many practitioners have made new explorations in combination with their fields. Finance is a high frequency field of science and technology innovation, which has a better perception and response ability of blockchain technology than others, and the advantages of its own capital ensure that it has enough strength in the new technology and can be applied to financial practices. Postal Savings Bank of China and International Business Machines Corporation (IBM) announced a cooperation on blockchain technology. Hundreds of transactions had been concluded since the system was launched on October, 2016. The specific objectives of this study are 1) to analyze R & D efficiency of blockchain technology leading enterprises and 2) to analyze input and output indexes of blockchain of each listed company. And the rest of the paper is organized under four sections. Section2 discusses the development and application of blockchain by reviewing the literature. Objects and data used in this study are presented in Section 3.The preliminary and empirical results are captured in the Section 4. Section 5provides the conclusion and implication of the findings. At present, although there are many commercial products using blockchain technology, but the basic theory and technology research are still immature and not conducive to the long-term development of the blockchain technology. This paper conducts theoretical and empirical research on the technological innovation ability of China’s blockchain technology service providers, hoping to provide references and inspiration for future researches.
Analysis of R & D Capability of China’s Blockchain Technologies
87
THEORETICAL BACKGROUND Since the history of blockchain technology is not long and the relevant research results are not many, domestic and foreign researches mainly focus on the principle and practice of blockchain technology. Foreign researches start relatively earlier and are more mature, most of which use currency as starting point for research and discuss how to apply digital encryption on currencies. Moreover, they also attach great importance to the study of blockchain technology application scenarios. One of the earliest researches by Satoshi [3] claim that blockchain technology is the underlying technology and the foundation of Bitcoins technology, mainly for encrypting data structure and transmission and realizing the mining and trading of Bitcoins. Lewis [4] vividly compares the blockchain technology to a public ledger, which is not independently owned but can be widely spread and shared, whereas Chris [5] emphasizes on the aspects of practical application. He believes blockchain will promote the development of financial technology, and at the same time, it will be the instrument of political and social transformation. He also believes it is full of infinite possibilities to commercialize the blockchain, which will make a significant contribution to set up a decentralized world. Swan [6] divides the application fields systematically into monetary, financial and non-financial aspects, and focuses on the social science research of blockchain technology. Moser et al. [7] design a set of customized application frameworks for the application of financial field, and emphasize the advantages of using blockchain technology, such as high security, high elasticity, high resistance to the attack of a higher degree and so on. Meanwhile, some scholars have discussed the blockchain technology from different aspects, such as intelligent contract, privacy protection, security and so on. Bigi et al. [8] prepare an agreement after the optimum organization of formalized models and game theory. This agreement can distribute intelligence so that it is a method with a great development prospect and the value of further research and development. Mougayar et al. [9] comprehensively analyzed Bitcoins using blockchain as the fundamental technology, and found security bugs. Mougayar also analyzed its trend and put forward corresponding countermeasures and suggestions. Compared with foreign countries, the domestic researches are slightly insufficient, especially researches of the fundamental theory, and scholars usually focus on the selection and discussion of practical application path. Zhang Bo [10] summed up relevant experience according to the application
88
Blockchain Technologies and Crypto-Currencies
of blockchain technology in foreign financial industry, and believed that it could reduce financial risk, especially credit risk. Zhang Rui [11] analyzed the comprehensive influence of blockchain technology on the development of financial industry and considered that the effect was subversive. Xian Jingchen [12] suggested that “blockchain technology +” will produce a series of catalytic effects, such as reducing trust cost, real-time accounting, optimizing the structure of big data, etc. Lin Xiaoxuan [13] believes that the development of blockchain technology and financial industry will achieve a win-win situation and energize China’s Internet industries. However, some scholars have questioned the security, privacy and compliance of blockchain technology. Chen Yixi [14] suggested that high efficiency with low energy, high security and decentralization can’t be satisfied at the same time, all of which form an unstable triangle, so there may be big potential safety hazards after a wide promotion of the blockchain technology. Li Lihui [15] pointed out that Banking Regulatory Commission needs to pay special attention to the huge impact on the financial risks blockchain technology brought, and must supervise effectively at technology while establishing laws and regulations. Wei Changjiang, Jiang Runxiang [16] summarized that current bondages and restrictions in the development of blockchain come mainly from the concept aspect and legal aspect, and at the same time from a competitive technical challenge. They suggested that there is still a need to overcome the existence of technology hitting a plateau and the future is not very clear. Han Feng [17] believed that the most important thing for blockchain to achieve is the establishment of the basic agreement, which involves the basis of global mutual trust. Zheng Yao [18] pointed out that although the blockchain technology has many uncertain factors, but it does bring good opportunities for the development of the banking industry. Despite still many problems to solve, more and more scholars have carried on useful attempts. Yang Huiqin [19] used blockchain technology as the core to build a supply chain information platform with mutual trust and win-win situations and provided a new way for automobile supply chain. By sorting out and summarizing the above researches, we will find that most scholars have positive expectations and certain concerns for blockchain technology, and they are keen to apply this technique to actual business. But few scholars choose to study the science and technology innovation ability of the current blockchain technology service provider in China, so our researches will help to understand future competitive advantages of blockchain technology in our country.
Analysis of R & D Capability of China’s Blockchain Technologies
89
BLOCKCHAIN TECHNOLOGY LEADING ENTERPRISES Technology is constantly improving, and in the near future blockchain technology will provide customers with more modern services. However, it is an indispensable condition in reality that although more and more financial institutions focus on the application of blockchain technology, they do not have the core, just to apply a new tech. For this emerging technology, the innovation ability of blockchain underlying technology service providers is about whether financial enterprises can get sufficient technical supports in the process of innovation. For example, Postal Savings Bank of Chinais cooperating with IBM to carry out scientific and technological innovation instead of seeking a proper domestic technology service provider. For the emergence of a technology, commercial companies often have two choices, one is the development and improvement of the underlying technology, and the other is the development and promotion in the application layer. The former is very difficult. In the case of non-open source technology, many technicians often have to give up, not even have the opportunity to imitate. However, it is relatively easy to apply, using the underlying technology that has been produced before to design, frame and implement according to their own ideas. For example, many applications (APPs) became popular in capital market. What capital parties value most is not the design of the program itself, but the customer value and future business potentials behind. The underlying technology of APP development and application is often some abroad underlying programming language, such as C, Python, Java, etc., while the domestic research team is in the application layer to conduct on the basis of the code. In addition, the production and prophase investment of underlying technology are very large, but the development cycle in application layer is often shorter, faster in rewards, able to meet the marketing demand in time in accordance with the requirements of the business plan for high frequency modification and debugging. Therefore, without sufficient technology strength and innovation ability, it is difficult to achieve a major technological breakthrough. By the end of April, 2017, there are 1230 blockchain enterprises in the world, and China and Europe are in the leading positions. “Blockchain: from Digital Currency to Credit Society” [20] , summarizes 52 blockchain projects in China in the appendix. Most blockchain enterprises are located in developed cities such as Beijing, Shanghai, Hangzhou Guangdong and etc. Matrix finance companies are positioned as underlying applications, whose
90
Blockchain Technologies and Crypto-Currencies
financing amount for A round is 150 million from Wanxiang Group. Other companies also receive a different number of financing amount, which overall is not very high, and most are less than 10 million yuan. Generally speaking, companies balancing or focusing on the underlying technology development are more popular with the investment institutions, the total financing amount of which are 458 million yuan. With a new technology from birth to constant improvement to commercial applications, creating profits often require a long process. Especially fierce competition in the information age today, the prophase development process often needs a lot of money, which is usually a common short board of initial venture companies. However, many listed companies with vision and investment strategy will choose to diversify their operations and choose to track investment in blockchain technology in order to obtain good returns in the future. Or there are some listed companies that are mainly engaged in the peripheral business of blockchain and will increase the development of blockchain technology in the case of national encouragement policy and market demanding stimulation. Therefore, it is possible to understand the R & D investment and R & D efficiency of the blockchain technology in China through the R & D scale of all current blockchain listed companies. For which the listed company should be incorporated into the concept of blockchain, different financial information terminal will give different results, for example, blockchain plate of Wind contains 15 companies including Guang Bo Group, Heng Bao, GRG Banking Equipment, while blockchain plate of iFinD contains 21 companies including First Capital Securities, Yuan Guang soft, Kingdom Sci-Tech. iFinD contains 6 companies more than Wind. According to the terminal market share of the domestic financial situation, Wind has a major share, whose software license purchase price is also the most expensive, and there are also Hundsun Ju Yuan, Fin china Financial Big Data, Tian Xiang, Hong Kong and Macao information, Genius Finance and so on. In addition, considering the authenticity and convenience of obtaining the data, the6 unselected enterprises did not release the data related to R & D in their annual financial reports, which brought great difficulties to the data collection. Therefore, the 15 blockchain listed companies are finally selected into the R & D efficiency and cluster analysis, and the specific list is shown in Table 1.
Analysis of R & D Capability of China’s Blockchain Technologies
91
Table 1: Details in blockchain technology leading enterprises in wind terminala Stock Code
Abbreviation of Securities
Abbreviation of Companies
Number of Employees
Registered Capital (billion yuan)
Province
Keyboard Attributes
300377.SZ
Ying Shisheng
YSS
1539
7.4238
Guangdong Province
Private Enterprise
300468.SZ
Sifang Jingchuang
SFJC
1707
1.0537
Guangdong Province
Private Enterprise
300130.SZ
Xin Guodu
XGD
1513
2.6516
Guangdong Province
Private Enterprise
600446.SH
Xin Zheng
JZGF
5735
8.3501
Guangdong Province
Public Enterprise
002103.SZ
Guang Bo
GBGF
2460
5.4921
Zhejiang Province
Private Enterprise
002537.SZ
Hailian Jinhui
HLJH
4218
12.5135
Shandong Province
Private Enterprise
600570.SH
Hundsun Dianzi
HSDZ
6829
6.1781
Zhejiang Province
Private Enterprise
600797.SH
Zheda Wangxin
ZDWX
4773
10.5599
Zhejiang Province
Other Enterprise
002152.SZ
Guangdian Yuntong
GDYT
21,311
24.2889
Guangdong Province
Local Stateowned Enterprise
002177.SZ
Yu Yin
YYGF
396
7.6119
Guangdong Province
Private Enterprise
002104.SZ
Heng Bao
HBGF
1413
7.1203
Jiangsu Province
Private Enterprise
002268.SZ
Wei Shitong
WST
2092
8.3834
Sichuan Province
Central State-Owned Enterprise
300386.SZ
Feitian Chengxin
FTCX
946
4.1804
Beijing
Private Enterprise
300465.SZ
Gao Weida
GWD
2984
4.5038
Beijing
Private Enterprise
600588.SH
Yongyou
YYWL
14,037
14.6422
Beijing
Private Enterprise
a. Source: Wind.
92
Blockchain Technologies and Crypto-Currencies
According to the actual data and Table 1, the establishment date of the 15 listed companies was between 1992 and 2004.8 companies were established before 2000, and the remaining 7 were founded in the 21st century. The average number of employees is 4797, the lowest is YYGF and the largest is GDYT, followed by YYWL. The average of registered capital is 833 million yuan, the standard deviation is 5.66, the standard deviation coefficient of 68.02%, and full range is 2.324 billion yuan, all of which show that the distribution of registered capital of 15 companies is not centralized, and there is a big difference and a low representative average. The largest number of listed companies are in Guangdong province, followed by Beijing and Zhejiang province. In addition, Guiyang is a city who has a relatively mature big data industry, but Guizhou, a province in which it belongs, has not appeared in the blockchain plate. Only two of the 15 companies are state-owned: GDYT and WST, and the remaining 13 are privately owned. If we analyze the management scope of the 15 listed companies carefully, we will find that only 2 companies are not based on computer or financial hardware and software. Management scopes of the remaining 13 cover the following items: electronic equipment manufacturing, computer application system and the development of supplementary equipment, import and export of technology, ticket machines, electronic products, bank card electronic payment terminal products, certificates, bills, password envelopes, smart tags, intelligent terminal, the commercial password products approved by China’s Password Administration Institution, system integration, communication and information security, Internet data and so on. Taken together, most of the above blockchains technology of listed companies have a certain business and technical basis. Because essentially, the blockchain technology is software development, containing many computer technologies such as tickets, account books, distributed database, and its application in domestic for the first time is in financial filed. All listed companies with financial terminal services experiences also joined in the R & D team. As a result, we can argue that although the above companies are not professional software development companies, but they have a positive effect on R & D of blockchain and blockchain has been integrated into their development strategies. Executives of GDYT adhere to the concept of “pre-research, development, and the promotion” and organize a work team of doctors to actively develop blockchain technology and pay close attention to the information on the digital currency. YSS found a chain stone company, which aims to establish new financial fundamental services to achieve a
Analysis of R & D Capability of China’s Blockchain Technologies
93
simpler and more efficient situation in the supply chain of finance, investment management and other fields. SFJC with IBM has established a blockchain cooperation relationship to jointly develop the cross-border financial hightech application products. XGD is actively promoting the development of blockchain technology and constructing a closed-loop ecology in electronic payment. ZDWX bought a company recently, which is committed to build national-independent blockchain platform, With the sales and operation of ATM machines of YYGF, the team is studying the application opportunities of blockchain technology in information security and identification field to improve safety and efficiency. HBGF says it has a certain reserve on the blockchain technology, focusing on information security, data exchange, and has already pushed the project into the application stage, so it is with WST. While FTCX believes that their products belong to terminal auxiliary products in the blockchain, and the market with great uncertainty. GWD has deep business and talent accumulation in the paper market, and it has made relevant layout in application. YYWL made a strategic investment of science and technology on CXKJ to obtain a 21.03% share. CXKJ is an innovation company that located in development and application of blockchain technology.
ANALYSIS OF INNOVATION ABILITY Analysis of R & D Efficiency R & D is the source of innovation, the precondition of transforming scientific results. Block chain, as an emerging technology, will become a thing that the listed company will compete for. Through the analysis of R & D input and output of each company in near five years, we can objectively understand a company’s research strength, and analyzing its R & D efficiency can reflect the achievement transformation ability. We choose the most popular method, Data Envelopment Analysis (DEA), to evaluate the efficiency of R & D. Zhang Yuqing [21] introduces the DEA method is a nonparametric evaluation method based on the evaluation unit which has already been introduced by A. Charnes, W. W. Cooper in 1978. Two indexes (output and input) are represented in Table 2. The R & D expenses and operation revenue in Table 2 are collected from the financial reports of the companies in 2015 and 2016 and the financial reports in 2017. The number of technicians in R & D is calculated from the average data of 2015 and 2016. The statistical time of the number of
Blockchain Technologies and Crypto-Currencies
94
applicated patents and number of published patents is from 2015 to 2017, which should be explained in particular that in the calculating process of the listed companies’ patents, some is0. And this will be replaced by querying and summing up the number of patents of its 100% owned subsidiaries. Table 2: Input and output index system of blockchain technology leading enterprisesa Abbreviation of Companies
Input Indexes R & D ExNumber of pense (million Technicians yuan) in R & D
Output Indexes
YYWL
2524.63
4392
Number of Applicated Patents 176
NumOperation ber of Revenue Published (million Patents yuan) 223 11756.93
HSDZ
2421.94
3889
34
94
5475.99
GDYT
847.17
1093
419
478
9926.54
JZGF
951.58
2668
1
2
8118.27
ZDWX
356.08
792
12
15
10613.49
HBGF
364.91
476
102
109
3832.82
WST
454.22
604
64
99
3967.11
XGD
345.29
440
104
115
2609.36
FTCX
273.68
418
333
415
2206.99
YYGF
226.51
196
76
91
2161.89
YSS
303.02
991.5
14
14
796.53
SFJC
160.32
433
1
1
864.72
GWD
159.57
205
3
3
2439.38
GBGF
49.65
159
1
1
4183.05
HLJH
158.36
477
74
75
6388.60
a. Source: Wind; iFinD; Bai Teng. Among them, JZGF announced a patent in 2015. The number of patents filed by royal bank of China holding from 2015 to 2017 was 76, and the number of patents of YYGF was 91. YYGF Will declare 5 patents from 2015 to 2017, and 5 patents will be announced. The number of patents declared by HLJH from 2015 to 2017 is 76, and the number of patents announced is 91. GWD reported 3 patents from 2015 to 2017. The number of patents filed by ZDWX from 2015 to 2017 is 12, and the number of patents announced
Analysis of R & D Capability of China’s Blockchain Technologies
95
is 15. However, after such calculations, there are still some companies whose patent applications and publications are 0. In order to carry out DEA analysis, they are assigned a value of 1 and add 1 to all other companies’ corresponding projects. It can be seen from Figure 1, the median in R & D expenses of YYWL is the largest, which of GBGF is the smallest. Moreover, the R & D expenses of HSDZ is second to YYWL. In the boxplot, the position of YYWL’s box body is the highest, and the horizontal line between the lower quartile and the upper quartile represents the position of the median, indicating that its R & D expense is relatively highest. Similarly, GBGF is the smallest. But its inter quartile range is the largest with the longest box body. Combining with concrete data, it shows a geometric average growth of 26.09% in 20122016. The largest growth of R & D expenses can be seen in JZGF, from 1.1186 million yuan in 2012 to 4.3766 million yuan in 2016, and the smallest is GBGF.
Figure 1: Boxplots of R & D expenses of blockchain technology leading enterprises in 2012-2016.
In general, all the listed companies’ R & D expenses are increasing constantly. It was the critical period for the blockchain technology in 2015 and 2016, only the R & D expenses of ZJWX decreased by 41.44 million yuan in 2016 compared to 2015. After using deap to deal with the data, we get the results in Table 3, calculation of mean of each efficiency is: 0.653, 0.820, 0.781. The purely technical efficiencies of YYWL, GDYT, ZDWX, FTCX, YYGF, GBGF
Blockchain Technologies and Crypto-Currencies
96
and HLJH are all 1. From Table 4, we can learn that company that has an insufficient output is XGD, and companies with both insufficient output and redundant input are HSDZ, JZGF, HBGF, YSS, SFJC and GWD. If the purely technical efficiency of listed companies is 1, but the scale efficiency is less than 1, it means that there is no need to reduce the input and to increase the output. The overall efficiency of listed companies is not effective, because of its size and mismatching of input and output, which means that it need an increase or a reduction in the size, for example, GDYT and ZDWX need a reduction in the size.
Cluster Analysis of Expectation Maximization The Expectation Maximization (EM) Algorithm is an iterative algorithm [22] , which is used for the maximum likelihood estimation of the probabilistic model parameters of implicit variables. Each iteration consists of two steps: E step for expectation; M step for maximum value. EM algorithm is widely used in cluster analysis, machine learning and other fields. For E step, to calculate the probability of each cluster as weight: if a large point is possibly belonging to a cluster, then it will be set a corresponding probability close to 1. And for that there might be a point belongs to two or more clusters, it needs to establish a probability distribution of clustering. Table 3: DEA efficiency evaluation of blockchain technology leading enterprises Abbreviation of Companies
Overall Efficiency
0.142
Purely Technical Efficiency 1
YYWL
Scale Efficiency
0.142
drs
HSDZ
0.073
0.092
0.79
drs
GDYT
0.728
1
0.728
drs
JZGF
0.116
0.249
0.464
drs
ZDWX
0.522
1
0.522
drs
HBGF
0.519
0.538
0.965
drs
WST
0.381
0.398
0.957
drs
XGD
0.462
0.521
0.887
irs
FTCX
1
1
1
-
YYGF
0.806
1
0.806
irs
Analysis of R & D Capability of China’s Blockchain Technologies
97
YSS
0.065
0.193
0.338
irs
SFJC
0.078
0.367
0.212
irs
GWD
0.464
0.78
0.595
irs
GBGF
1
1
1
-
HLJH
0.819
1
0.819
drs
Table 4: Slack variables of input and output indexes of blockchain technology leading enterprises Abbreviation Input Indexes of CompaR&D Number nies Expense of Techni(million cians in R yuan) &D YYWL 0 0
Output Indexes
0
Number of Operation Published Revenue Patents (million yuan) 0 0
HSDZ
9.887
0
48.462
0
0
GDYT
0
0
0
0
0
JZGF
0
118.606
6.732
7.568
0
ZDWX
0
0
0
0
0
HBGF
62.985
0
0
16.597
0
WST
61.067
0
16.703
0
0
XGD
0
0
0
12.749
205.013
FTCX
0
0
0
0
0
YYGF
0
0
0
0
0
YSS
0
22.02
0
3.211
3309.144
SFJC
9.22
0
0
0
3318.33
GWD
70.166
0
0
0.4
1689.772
GBGF
0
0
0
0
0
HLJH
0
0
0
0
0
Number of Applicated Patents
So, EM algorithm has a feature, there is no strict rules that one point must belong to one cluster. For step M, the weight is used to calculate the estimate the parameters of each cluster (mean and variance): each data point uses a probability from E-step as its weight, then we calculate means and variances of each cluster, and then calculate the overall probability or maximum likelihood clustering. In this way, it is possible to increase the
98
Blockchain Technologies and Crypto-Currencies
total logarithmic likelihood through E-step and M-step until convergence, and the maximum value is likely to fall into local optimum, so multiple iterations are required. By using Mclust packages of R and writing codes [23] [24] [25] , we analyzed input and output indexes of blockchain of each listed companies, and got the classification results: the total can be divided into three categories, the number of companies followed by 6, 5, 4, the value of maximum likelihood estimate is 440.50, Bayesian Information Criterion (BIC) value is 1027.24, ICL value is 1027.24. BIC in Figure 2 is a measure of model fitting degree and complexity. The larger this value is, the worse the fitting degree is. When the sample is divided into three categories, BIC value is the smallest. Therefore, from Figures 2-4, we can know that: Category 1 contains: YYWL, HSDZ, GDYT, JZGF, ZDWX, HLJH; Category 2 contains: XGD, HBGF, YYGF, GWD, GBGF; Category3 contains: WST, YSS, FTCX, SFJC.
CONCLUSIONS AND IMPLICATIONS Through the above analysis, we find that YYWL is the strongest power company, which is not only with a largest R & D expenses, an effective purely technical efficiency, but also no input redundancy or output deficiency.
Figure 2: BIC values of cluster analysis of EM.
Analysis of R & D Capability of China’s Blockchain Technologies
Figure 3: Classification chart of cluster analysis of EM.
Figure 4: Density map of cluster analysis of EM.
99
100
Blockchain Technologies and Crypto-Currencies
Although R & D expenses of HSDZ is large, it has a redundant investment and insufficient output, and the purely technical efficiency is very low. Among the 15 blockchain listed companies, only 7 companies have no redundant input and insufficient output, and the pure technical efficiency is 0.68 with 0.32 to improve. In addition, by combining the results of R & D efficiency and EM clustering analysis, it can be seen that there is a high correlation between R & D scale efficiency and EM clustering results. If a company is under increasing or constant returns to scale, it is often divided into category 2 or category 3. If it is under decreasing returns to scale, it is often divided into category 1. Blockchain technology is currently in a crucial period, all the above companies must accept high risks, even no returns while seizing development opportunities. Therefore: 1) Hi-Tech Industry tends to be in the hands of a few technicians, so that enterprises should formulate personalized talent introduction system, meet the requirements of people on welfare as far as possible under the condition of an adequate budget. 2) Blockchain technology needs to be combined with business for commercial use intime, otherwise, it is easy to face the problem of funds shortage, which leads to the failure of the research. (3) The security of developed technologies and the research results should be strengthened to prevent leakage and theft.
Analysis of R & D Capability of China’s Blockchain Technologies
101
REFERENCES 1.
2. 3. 4.
5. 6.
7.
8.
9.
10. 11. 12.
13.
Technology and Innovation Outlook in 2016. The OECD Science. http:// www.ewi-valaanderen.e/sites/deafault/files/bestandenecd_seience_ technology_and_inovation_outlook_2016 Zhang, J. (2016) Block Chain: Defining the Future Financial and Economic Structure. Machinery Industry Press. Satoshi, N. (n.d.) Bitcoin: A Peer-to-peer Electronic Cash System. http://bitcoin.org/bitcoin.pdf Lewis (2015) A Gentle Introduction to Blockchain Technology. The Retrieved from Bits on Blocks. http://bitson-blocks.net/2015/09/09/agentle-introduction-to-blockchain Chris, G. and Alos, D. (2016) Increasing Supply Chain Assurance Via the Blockchain. Carnegie Mellon University, Pittsburgh. Swan, M. (2015) Blockchain Thinking: The Brain as a Decentralized Autonomous Corporation. IEEE Technology and Society Magazine, 34, 41-52.https://doi.org/10.1109/MTS.2015.2494358 Moser, M., Bohme, R. and Breuker, D. (2013) An Inquiry into Money Laundering Tools in the Bitcoins Ecosystem. APWG eCrime Researchers Summit, San Francisco, 17-18 Sept. 2013. https://doi. org/10.1109/eCRS.2013.6805780 Bigi, G., Bracciali, A., Meacci, G., et al. (2015) The Validation of Decentralized Smart Contracts through Game Going and Formal Methods.http://dspace.Stirtheac.UK/bitstream/1893/23914/1bhalo_ degano2015.PDF Mougayar, W. (2016) According to Fragmentation Threatens the Promise of Blockchain. http://www.coindesk.com/fragmentblockchain-identity-market Zhang, B. (2016) Application of Foreign Blockchain Technology and Relevant Enlightenment. Southwestern Finance, 10, 18-23. Zhang, R. (2016) Traditional Financial Reform and Innovation Based on Blockchain. Financial Accounting, 4, 46-50. Xian, J.C. (2016) The Important Direction of the Future Transformation and Development of China’s Financial Industry: “Blockchain +”. Southern Finance, 12, 87-91. Lin, X.X. (2016) Application of Blockchain Technology in Financial Industry. China Finance, 8, 17-18.
102
Blockchain Technologies and Crypto-Currencies
14. Chen, Y.S. (2016) Research on the “Impossible Triangle” of Blockchain Technology and the Problems Needing Attention. Zhejiang Finance, 2, 41-45. 15. Li, L.H. (2016). Supervision Layer Should Intervene in Blockchain Rule. Financial News of Shanghai Securities Journal, 9, 24. 16. Wei, C. and Jiang, R. (2016) Application Progress and Value of Blockchain. Gansu Finance, No. 6, 73-91. 17. Han, F. (2016) Migration from Big Data to Blockchain. Financial Expo, No. 3, 16-17. 18. Zheng, Y. (2016) Challenges and Opportunities for the Credit Construction of Banking Customers by Blockchain. Banker, No. 7, 2021. 19. Yang, H., Sun, L. and Zhao, X. (2017) Building a Win-Win Supply Chain Information Platform Based on Block Chain Technology. Technological Progress and Countermeasures, 12, 1-11. 20. Han, F. (2016) Blockchain: From Digital Currency to Credit Society. CityPress. 21. Zhang, Y., Yi, Z. and Zhou, Y. (2013) Activity Efficiency Evaluation Study-Based on DEA and SFA Model. Scientific Management Research, 31, 90-93. 22. Xiong, W., Xue, M. and Li, Y. (2013) Semi-Supervised Local Weighted PLS Online Modeling Method Based on EM Algorithm. Journal of System Simulation, 30, 8-17. 23. Fan, J. (2017) Cluster Analysis of Comments on Weibo. Anhui University, Hefei. 24. Lu, Y. and Li, P. (2016) A Method of Clustering Analysis of Weighted Principal Component Distance. Statistical Research, 33, 102-108. 25. Zhu, R. (2015) Design and Implementation of Network Self-Media Hot Spot Mining System Based on Hadoop and R Language. University of Electronic Science and Technology, Chengdu.
SECTION II: BLOCKCHAIN IN THE WORLD OF FINANCE
Blockchain and Digital Currency in the World of Finance
5
Tatjana Boshkov Goce Delcev University, Shtip, Macedonia
ABSTRACT High-tech enables payment evolution and global competition. The ambiguities surrounding of the digital currency still leave enough space for the analysis of its unreserved acceptance, trust and anticipation, which are the main driver for the spread of the network. Banks should carefully consider the technology underlying these cryptocurrencies as a potential generic new way of transferring ownership of the value over the long term. The chapter provides an analysis of the use of cryptocurrencies in general, especially Bitcoin as the technology adoption in the presence of network externalities. The objective attitude is the future of the digital currency in the moment is still unsolved issue due to the existence of “critical mass”. Citation: Tatjana Boshkov (November 5th 2018). Blockchain and Digital Currency in the World of Finance [Online First], IntechOpen, DOI: 10.5772/intechopen.79456. Available from: https://www.intechopen.com/online-first/blockchain-and-digital-currency-in-theworld-of-finance. Copyright: © 2018 by authors and Intech. This paper is an open access article distributed under a Creative Commons Attribution 3.0 License
106
Blockchain Technologies and Crypto-Currencies
Further, the chapter explores financial privacy which is very sensitive issue in using digital currency (or cryptocurrency) and discuss about private choices versus political rules. The research has shown that the future of cryptocurrencies can be bright if some institutional-formal conditions are met due to the fact that success evolution of e-money requires building safety payments through three criteria–standardization, compatibility and innovation. Keywords: Blockchain, digital currency, network externalities, critical mass, technology, payment evolution
INTRODUCTION Electronic money is not a new phenomenon. Trade over the Internet has increased the use of new technologies, thereby increasing the demand for new electronic payment methods. What really is new is electronic payment in retail and use of the Internet as new monetary market. Today, money becomes ready information on the microprocessor or in the database. Without a doubt, the purpose of such an instrument is to improve the efficiency of the traditional payment method. At this moment, there are still no clear standards in the Blockchain mechanism and therefore we do not know the boundaries, so participants can easily communicate without the presence of a regulator. Behind Blockchain technology is the universal Internet currency, which in turn raises many questions about the utilization of the advantages and risks/ damages that would be arisen from the application. High-tech enables payment evolution and global competition. But still the ambiguities surrounding the use of the digital currency leave enough space for the analysis of its unreserved acceptance, trust and anticipation, which are the main driver for the spread of the network. More precisely, the spread of the network requires interdependence of demand, which means the Network, must reach the minimum required volume before it reaches a balance. The minimum volume of the network is called “critical mass”. Therefore, the objective attitude is the future of the digital currency in the moment is still unsolved issue due to the existence of “critical mass”. This chapter underlines the technology adoption in the presence of network externalities. Payment innovations that involve the creation of a network between the manufacturer and the consumer are product that inevitably involves network externalities that must touch the critical mass of the user before it starts to use it successfully. Network externalities exist
Blockchain and Digital Currency in the World of Finance
107
due to the average consumer benefits from such an instrument, only if other consumers and traders use the same payment instrument. Further, the chapter explores financial privacy which is very sensitive issue in using digital currency (or cryptocurrency). The analysis explores what are the private choices versus political rules. Success evolution of e-money requires building safety payments through three criteria— standardization, compatibility and innovation. The diffusion that digital currency brings in the modern era expands the antitrust issues related to network externalities and global competition between most explored world currencies. This is the reason to include a review of social costs and benefits, as possible risks of using digital currency. These mean that in order to remain compatible with each other, all users should use software that meets the same rules. Therefore, all users and developers have a strong incentive to protect this consensus and set up a regulator. At the end, the chapter examines the question—are there prospects of taking hand in hand the technology revolution and monetary evolution without risks in the real world?!
OVERVIEW OF THE IT REVOLUTION AND INNOVATIONS RELATED TO MONEY The online trade increased the use of new technologies, and thus increased the demand for new electronic payment methods. This began especially in the mid-1990s with the information revolution, the decline in computer prices and the networking of the same. Cohen introduces the term “change the geography of money” [1]. This term occurs as a result of the electronic payment in retail and use of the Internet as a new monetary market. Due to the information revolution, a new electronic payment method has been introduced, known as electronic cash, e-bag, e-currency, digital currency, digital money or digital cash. Without a doubt, the purpose of such an instrument is to improve the efficiency of the traditional payment method. Bitcoin is a digital currency whose value varies according to the worldwide customer acceptance. This is primarily due to the fact that, unlike the standard currencies we use, such as the dollar or the euro, which are regulated by central banks, for Bitcoin there is no regulation. Therefore, transactions with Bitcoin are considered more private and anonymous due to the open system and no existence of a regulatory body and/or intermediary
108
Blockchain Technologies and Crypto-Currencies
in the performance of transactions. Transactions are carried out using cryptographic protection, and their execution is done through a network of public electronic books called “ledgers”. For verification of transactions, it is necessary to have specific hardware and software that users can set up and after a certain number of transactions they receive a proportion of Bitcoin. In this way, it is also performed an additional commissioning of this digital currency.
Development of e-payment and Digital Currency From the aspect of the development of e-payment method, digital currency is not physically printed by the Central Bank. For now, digital currency is considered with its own rules of the game. In the literature, all those who support the use of Bitcoin underscore the characteristic as a currency that does not cause financial crises. Namely, the view is that banks can print more money to cover their national debt, thus devaluing their currencies, Bitcoin does not function in such a way. Electronic payment method exists from the 1960s, i.e. from the development of Electronic Funds Transfer (EFT), which became more sophisticated and applicable in a growing number of countries [2]. EFT implies the application of computer and telecommunication technology in payment. This method was used by banks and other financial institutions to exchange and transfer a large amount of money on a national and international level. The basis for the operation of EFT is that the money moves through a network as a substitute for cash or checks to execute a transaction. In this way, the time for paying should be shortened and the transaction costs reduced. The use of EFT has significantly increased with the emergence and acceptance of ATMs, which allow money transfer at the point of sale (EFTPOS). EFT is considered as first degree in the electronization of transactions. In the early 1980s, thanks to the development of network technology, the costs of telecommunications and data processing were reduced, and electronic payments became more useful with the appearance of credit and debit cards, which for several years (after their appearance) became the most popular electronic small transaction tool. Also, the development of encryption has played a major role in successful card payments. This innovation is considered as a second degree in the electronization of transactions. The growth and acceptance of card payments had negative consequences
Blockchain and Digital Currency in the World of Finance
109
for the traditional way of payment. Many countries have made a move from the use of paper instruments, such as cash and checks, to the use of electronic instruments. For the first time in many countries, the number of checks payments has been reduced. Namely, checks as a very popular payment instrument loose the market role, thereby reducing their use [3].
e-Payment and Transaction Costs In classical trade payments require at least one buyer and one seller, both having to have accounts in banks that are connected through clearing houses. Payments with traditional instruments such as checks require intervention of a financial intermediary like bank. Payment with e-money is similar to the traditional scheme—there are two parties—one or two banks. However, the whole process becomes more efficient and easier. The transaction does not require any code and cannot exceed the previously defined amount. If the amount that is on the chip is fully spent, the card can be automatically refilled at the merchant, without charging any fees, thanks to the special POS mechanism [4]. Once the chip is full, the user does not need to require an ATM or an exact amount of cash. Additionally, the problem of stealing or losing money is reduced to a minimum. An e-money transaction does not require an intermediary at present because the money expressed in units (called bits) is electronically transferred from the buyer to the seller. The amount of money that has been paid is prepared at the seller’s terminal, i.e. his account is transferred to the financial institution from time to time. Payment with e-money reduces transaction costs, and time is shortened compared to other forms of payment. Humphrey and colleagues estimate that the cost of using electronic money amounts to one third to half of the cost of paying paper money. When all transactions in one country would be carried out electronically, it would be possible to save more than 1% per year BDP.
A Brief History of Digital Currency From the era of barter economy, metal and coins to gold and silver, continuing to the modern monetary systems and checks, and ending with the latest developments in the global currency, such as the introduction of cryptocurrency like Bitcoin, have passed centuries. Each type of money plays a crucial role in transactional activities in some period of time. As human society and markets developed in particular, there was a need for
110
Blockchain Technologies and Crypto-Currencies
more sophisticated instruments for the exchange of goods. In this regard, the introduction of cryptocurrency revolutionized the international payment system in a size that only a few years ago was unimaginable. The cryptocurrency is a digital or virtual currency that uses cryptography for security. Cryptocurrency is hard to forge because of this security feature. The determining characteristic of cryptocurrency, and probably the most attractive, is its organic nature as the fact that it is not issued by any central authority. Cryptocurrencies have their own advantages and disadvantages. The main benefits of using cryptocurrencies are that they transfer the funds more easily between two parties in the transaction [5]. These transactions are facilitated through the use of public and private keys for security purposes. These fund transfers are carried out with minimal processing costs, allowing users to avoid the large fees for online transactions charged by most banks. There are two reasons for the emergence of electronic money and digital currencies. The first, according to the Austrian School of Economic Analysis money is a “social institution” subject to the already initiated institutional change and is interpreted as a consequence of a spontaneous evolution that should overcome the shortcomings of the swap and the double coincidence of desires [6, 7]. Today e-money is the last stage of this development and represents an additional degree of institutional change [8]. Their main role is to support online e-commerce, enable transactions, reduce their costs, or replace the payment of money and coins in retail. The second reason for the emergence of e-money is the information revolution, which is characterized by the integration of electronic information processing and telecommunication technologies, which reduces the geographical differences by means of which information can be transmitted to the whole world. The information revolution has changed the financial sector, making payment modes more secure and more efficient, giving an additional reason for the emergence of new monetary innovations [9]. Unlike the information revolution, the emergence of e-money is a new way of processing information for transferring purchasing power. Many financial innovations are not a new form of money, but a different way of using existing money in transactions [10]. Regardless of the consequences of the mentioned technological development, the nature of the money is still identical i.e. money serves as a means of exchange, as an asset and as a value. The nature of the money will never change, so the money will remain only an intermediary in the exchange of goods and services. e-Money card is a different payment method that allows electronic transfer of the value
Blockchain and Digital Currency in the World of Finance
111
from the card to the terminal or from the card in the wallet, both in real time and through networks [11]. It is considered that e-money is the most important achievement that transfers the predetermined monetary value so it can be used for more transactions of lesser value. e-Pocket consists of a microcomputer that contains information about the monetary value that can be used. It is a higher degree of technological development compared to magnetic tape cards. Also, the e-pouch is more secure, which can reduce deception because cards with a chip can be more difficult to abuse than magnetic tape cards.
Reasons for Blockchain Occurrence Although cash is a quick and efficient payment method, the disadvantages of its use are numerous. Keeping cash is followed with many costs, including fraud, money loss, depositing, as well as the costs associated with managing money in financial institutions. The purpose of e-money is replacing the cash in transactions of small values, thus avoiding its shortcomings, for example French experience with Moneo. Moneo is designed to reduce the cost of keeping cash and purchasing power to be temporarily transferred in a more efficient manner. This structure should be applied to various retail transactions of lesser value in order to eventually become a substitute for cash. Moneo offers great advantages for consumers and retailers. Benefits for consumers are: greater transaction speed and potential benefit in the form of a discount on future purchases. Consumers do not have to have an exact amount of cash each time. There will be many mistakes in cash recovery. The owners of the Moneo card should carry fewer bank cards, especially if the features of debit and credit cards are included, and thus they would feel more secure [12]. Traders would receive cash before sending material goods or services, loyalty to customers would increase, the process of payment at the place of purchase would be speeded up, thereby reducing the processing costs of the transaction itself. If the benefit of using Moneo cards would be greater than the cost, retailers could pay to customers to use such a card [11]. If we make comparison between Moneo and POS, it turns out that the former has significant advantages over the POS. Namely, debit and credit cards are not as effective a payment method for low value transactions as transaction-related costs become higher for retailers and buyers, and e-money can be used with much lower costs. Paying for e-money is followed by much lower costs compared to other payment methods, primarily credit and debit
112
Blockchain Technologies and Crypto-Currencies
cards. Another argument that accompanies the Moneo card is that it has a newer encryption technology compared to other cards, which increases security and limits the possibility of fraud. Because Moneo does not require any authorization or identification of the buyer, it allows additional reduction in transaction costs. The new technology of digital payments and currencies will allow real property to be used as a means of exchange. How much e-money will be used depends largely on the motivation of its publishers, consumers and traders [13, 14, 15]. Consumers’ demand will depend on the advantages and disadvantages of e-money in the form of payment, issuers’ fees, consumer confidence in the use of e-money, ease of use, merchants’ readiness to accept e-money. Motivation for the issuers covers the revenues from the collected fee from card users (traders and consumers), income from investing the remaining amount of money, i.e. for banks—issuers, savings of less retained cash, in the range in which e-money replaces cash). Potential shortcomings for publishers can be expected costs for future regulation. The willingness of retailers to accept e-money is closely related to the fee that will be charged by publishers or operators. For consumers and retailers the most important will be their willingness to embrace new technology. Most researchers believe that the use of e-money will be moderate in the short and medium term, while in the long run e-money can be very widespread.
THE POTENTIAL OF CRYPTOCURRENCY There are different and confronted opinions regarding the future of cryptocurrencies in general. The optimistic view of the use of cryptocurrencies is supported by the fact that they easily transfer funds between two parties in the transaction. These transactions are facilitated by the use of public and private keys for security purposes. These fund transfers are made with minimal processing costs, allowing users to avoid large fees charged by most banks. In addition, many countries have begun to accept Bitcoin as a valid currency. In particular, countries that aim to get rid of cash have a very friendly approach to encryption. The argument that the promoters use for Bitcoin is the market capitalization of Bitcoin, ether and other cryptocurrencies, claiming that the cryptocurrency market has become very large and powerful, and the ban would be expensive for each country. Today, the total value of all cryptocurrencies has reached a record of value of more than $ 390 billion. This means that the market value of cryptocurrencies is greater than the value of the Citigroup. The new record was reached in
Blockchain and Digital Currency in the World of Finance
113
December when the most famous cryptocurrency Bitcoin grew to $ 19,000. Among other significant cryptocurrencies are Ripple and Ethereum. The cryptocurrency Ripple, designed for banks and global money transfers, has seen a major feat in the value of its digital currency that has risen in recent months. On December 10, the company had a market capitalization of just over $ 9 billion. In the end of December, its market value rose to a mere 51%, with a total value of $ 18.1 billion. Today it is worth $ 39 billion. Ripple’s cryptocurrency is adopted by banks and other financial institutions. These companies believe that Ripple’s system offers better prices and is more secure than other digital currencies, including Bitcoin. It allows users to send, receive and hold any currency in a decentralized way through the Ripple network. The company has a positive cash flow relationship and owns a huge shop on the XRP (Ripple Market), which is periodically released on the market. Investors who believe that cryptocurrencies can reach peak, are looking for others that could provide a greater return in the long run. However, the company has made some significant milestones in recent months. By the end of October 2017, Ripple licensed its Blockchain technologies to more than 100 banks. Its real attraction is the Ripple XRP system, which is ideal for banks because of its liquidity, speed and efficiency since the transaction lasts only 4 seconds, like no other cryptocurrency transaction. However, the support for cryptocurrencies like Ripple is certainly superfluous and is something that should be understood by potential buyers and sellers because it gives those financial institutions a much higher level of control over Ripple than most other cryptocurrencies in the market. Bitcoin, Ethereum and other cryptocurrencies are completely decentralized, meaning that no one has real control over the network, Ripple’s nodes are handled by Ripple Labs. These independent servers do not have to provide calculations for work evidence, such as Bitcoin, nodes simply validate transactions by themselves like traditional banks. Although the value of the Ethereum is not like Bitcoin, it is great for trading, and some of its more advanced features give exciting potential for the future. Ethereum functions as well as most other cryptocurrencies. Ethereum token—Ether, works similar like Bitcoin. You can buy and sell with confirmation of transactions that are handled through the block. It is completely decentralized, without bank securing of the certificates needed to check the transactions. “Diggers” around the world fulfill this role by running powerful calculation algorithms. Completing these algorithms, the gob is rewarded with Ether, much like digging a Bitcoin that rewards with
Blockchain Technologies and Crypto-Currencies
114
Bitcoin. As far as Ethereum and Bitcoin have some similarities, however, both platforms have different goals. Bitcoin is a strictly digital currency, designed to function as a means of payment or a warehouse with value, Ethereum takes a greater approach. Ethereum functions as a platform through which people can use ether tokens to create and execute applications and more importantly smart deals. Smart contracts are contracts written in the code, which the creator transfers to the block. Each time one of those contracts is executed, each node of the network executes it, set to Blockchain [16]. Thus, it is preserved in the public book, theoretically protected from evidence. Like other cryptocurrencies, Ethereum is prone to wild fluctuations in value. While Ethereum has risen high late, it is also susceptible to falls as well as other cryptocurrencies. Ethereum whether it is strong enough to survive a long run, or is a short-lived trend, remains on time. From here we will conclude what are the advantages of the cryptocurrencies [17]: •
•
•
•
•
No inflation—the maximum number of coins is strictly limited (for example, 21 million in Bitcoin). Since there are neither political forces nor corporations that can change this order, there is no possibility of developing inflation in the system. Peer-to-peer cryptocurrency network—in such networks there is no master server, which is responsible for all operations. The exchange of information (in this case—money) is between 2 and 3 or more software customers. All installed by programmers-users who are part of the network. Each client stores a record of all transactions executed and the number in each wallet. Transactions are made from hundreds of distributed servers. Neither banks nor taxes, nor governments can control the exchange of money between. Unlimited possibilities for a transaction—each of the wallet holders can pay to everyone, anywhere and any amount. The transaction cannot be controlled or prevented, so you can make transfers anywhere in the world wherever a user is placed with a wallet. No borders—payments made in this system are impossible for cancelation. Coins cannot be forged, copied or spent twice. These opportunities guarantee the integrity of the field system. Decentralization—there is no central controlling authority in the network, the network is alluded to all participants, each computer
Blockchain and Digital Currency in the World of Finance
•
•
•
•
115
crypto-valued member is a member of this system. This means that the central government has no power to dictate rules to cryptocurrency owners. And even if some part of the network goes offline, the payment system will continue to function steadily. Anonymity—completely anonymously and at the same time completely transparent. Each company can create an infinite number of crypto address addresses, regardless of name, address, or any other information. Transparency—Bitcoin stores the history of transactions that have ever happened. It is called a sequential block of blocks or a blockhead. The block keeps information about everything. So, if the company publicly uses the Bitcoin address for example, then everyone can see how much Bitcoin is owned. If the address of the company is not publicly confirmed, then nobody will ever know that it belongs to this company. For full anonymity, companies use the unique bitcoin address for each transaction. Bitcoin’s open digging code applies the same algorithms used in online banking. The only difference in online banking is the disclosure of information to users. All information about the transaction in the BTC network is shared (like, when), but there is no data for the recipient or the sender of the currencies (no access to the owner’s personal data). Transaction speed—the ability to send money everywhere and everyone within minutes after the network of the crypto-currency will process the payment.
THE OMISSION AND RISKS OF CRYPTOCURRENCIES Cryptocurrency opponents argue that cryptocurrencies are highly unstable, can be used for money laundering or financing illegal activities. In this regard, Humphrey, for example, is giving reasons why the cryptocurrency is not a viable electronic currency [18] . He notes that Bitcoin is illiquid and has shown price volatility and that the discounted monetary value of Bitcoin is zero. Further, he notes that the currency does not have a central issuer, and that there is no financial or economic basis for its creation. They are: •
Strong instability—almost all the ups and downs of the value of some cryptocurrencies. This instability creates the problem in the
116
Blockchain Technologies and Crypto-Currencies
short term. • Difficult to understand—crypto-valves are relatively new and come with a learning curve. People end up investing without proper knowledge and are losing money for something they have not learned. • Lack of knowledge—people are not aware of how to use cyberattacks and hence be exposed to hackers. The technology is somewhat complex and therefore we need to educate ourselves before investing. • There is no way to cancel the payment—if you’re mistaken for someone using the cryptocurrency, then there is no way to get a refund of the amount paid. All you can do is asking the person to return the funds and if your request is denied, then just forget the money. • Major risks for investing in cryptocurrencies that need to be considered in the medium and long term. Many experts believe that the list of deficiencies in crypto-voltages is much longer and related to the risk of money laundering, terrorist financing and other illegal activities, the lack of a central publisher, which means that there is no legal formal guarantee person in the case of bankruptcy, and the like. Although it is very difficult to predict, many academics and professionals in this topic argue that the future of cryptocurrency is bright because it will remove trade barriers and intermediaries, reduce transaction costs, thereby boosting trade and the economy.
ANTICIPATION OF BITCOIN ACCEPTANCE AND “CRITICAL MASS” Analyzing the process of money accepting, shows that money is usable as individuals believe that others will be used them for different needs in society. Krueger believes that individuals will accept the e-money system as long as its value is compounded and not reduced drastically [19]. The fact that the individual accepts the money stems from what others accept. Anticipating factor is the key determinant of accepting money. Acceptance, trust and anticipation are the basic factors that enable the spread of the network. However, these factors are not enough because the size of the network also requires interdependence of demand, which means that the network must reach the minimum required size before it reaches a balance.
Blockchain and Digital Currency in the World of Finance
117
Economides and Himmelberg such a minimal magnitude of the network determinate as “critical mass” [20]. Oliver defined the critical mass as “a smaller segment of the population that wants to make a big contribution to collective action, while most work little or nothing” [21]. A critical mass or starting base plays a key role in the development of the network. Electronic money cards, like other innovations that involve creation of a network between the manufacturer and the consumer, are a product that inevitably involves the network externality must touch the critical mass of the user before starting to use it successfully. The indicated phenomenon in literature is called a two-sided market. The development of the payment instrument first depends on two types of externalities associated with their application and use. The outsourcing of the network exists because the average consumer benefits from such an instrument, only if other consumers and traders use the same payment instrument. Additionally, the total benefit from the use of e-money card exceeds the usage limit realized by the individual consumer. By accessing one user to the network, the benefits for other users are increased. Thus, the user’s critical mass will be achieved when the demand-side dependency between retailers and consumers will not be more economically significant, i.e. when the expectations of the consumer benefit will not significantly change depending on the new members of the network [22]. Consumer benefits will increase when more merchants accept the new payment instrument, while the commercial benefit will increase if consumers use the new instrument more often. Additionally, the attractiveness of such an instrument can be reduced due to the incompatibility and competitiveness of the composition, as in the case of video recorders a few decades ago [23]. The use and distribution of the network is a complex issue because the interdependence of demand will remain an obstacle until the network reaches a critical mass, either independently or with the help of a regulator. According to the analyses of Katza and Shapira the growth of the network in its nature can be self-fulfilling [24]. Accomplish a critical mass in using Blockchain is not easy because traders must invest in special POS devices to be able to use e-money; and consumers will have to use e-money in a retail transaction as a substitute for coins and paper money. The goal of this problem is to convince a large number of users to start using e-money. One of the reasons that few people use this payment method is precisely the habit of using cash for a retail transaction. At the same time, the banks’ habits in carrying out a transaction may be the reason for the
118
Blockchain Technologies and Crypto-Currencies
slow implementation of new insurances. Consumers gained confidence in financial intermediaries over time, and therefore did not get used to doing a transaction without their presence. Therefore, consumers are not ready for change. More consumers need more time to get to know the functioning of the new payment system. Accordingly, most of them would look forward to seeing the development of the situation because they want to gain more confidence before accepting innovation. As each phenomenon goes through stages of development, it is possible to expect further progress and an economy without cash using the digital economy.
TECHNOLOGY ADOPTION IN THE PRESENCE OF “NETWORK EXTERNALITIES” The use of e-money is a complicated phenomenon and firstly depends on the interactions between users of products and services. According to Schmalensee the network can be defined as a composition of directly or indirectly coupled nodes [25]. Schmalensee considered that the main hallmark of the network is the fact that there is a network externality. The above concept is often applied in economic literature; also often appears in the literature on industrial organizations and public finances [20, 26]. From a user’s perspective, Bitcoin is a mobile application or a computer program that provides personal money, Bitcoin, and allows users to send and receive Bitcoins through them. This is the way how Bitcoin works for the most users. The network of Bitcoin is sharing a public book called “block chain”. This book contains any transaction ever processed, allowing the user’s computer to verify the validity of each transaction. The authenticity of each transaction is protected by digital signatures and corresponds to the sent address, allowing for all users to have complete control over the sent Bitcoins from their own Bitcoin addresses. So, anyone can perform processing of transactions using computer with specialized hardware, and earn Bitcoins for this service. The term “network externalities” refers to the product or service to get better value for consumers, as many people use them and thus continuously increases the number of network users (a significant proportion of the value of the products or network refers to its other participants). This concept has positive spiral. It is often mentioned in relation to products used in digital technology, i.e. with products whose use significantly increases with the increase in the number of consumers. Farrell et al., for the first time presented
Blockchain and Digital Currency in the World of Finance
119
the Economic Analysis of the Network Outsourcing [24, 27]. They classified the network externalities into two groups-direct and indirect. Direct network externalities exist when increasing the size of the network increases the number of other users with whom it can be completely “communicated”. In such a network there are inactions and complementarity between users of the same product or service. Indirect network externalities exist when increasing the size of the network increases the supply of products or services available for network users. Network externality introduces dynamic elements for network users when deciding on entering the network, as well as for manufacturers of such products when making a production decision [16]. Consumers in the decision to enter the network must take into account the size of the network for the future. The companies are motivated to invest in building a network from which they would make a lease later.
FINANCIAL PRIVACY: COULD BITCOIN HIDE THE CRIMINALS? Five years ago Bitcoin showed the opportunity for being anonymous. But this is changing starting with Federal Bureau of Investigation (FBI) and other law enforcement, for example. The biggest part of Bitcoin users are lawabiding people motivated by privacy concerns. Also there are people that see the anonymity as a tool for financial crime. This was a reason to show attempt for virtual currency regulation. It’s well known that Governments are grappling with the virtual currencies as it continues to gain popularity. So, in 2013 the U.S. Department of Treasury issued Guide how to use digital currency and money transmitters. In that time was taken some steps for Bitcoin regulation, meaning that cryptocurrency should be threaten as a taxable property. Conducting transactions in digital currencies has emerged as one of the preferred payment methods because it provides anonymity and privacy. At the begging as it previous mention in the text, digital currency was subject of interest for criminals. Bitcoins are transferred between transacting parties without an intermediary, thus offering providing level of privacy and anonymity. A public ledger contains the transactions as cryptographic representations, but no personal information is recorded. Exchanging Bitcoins in a transaction is much like exchanging cash, but through the Internet. In attempting to regulate digital currencies is that doing so dismantles a technology that fosters privacy. Regulation erodes the privacy linked with digital currency.
Blockchain Technologies and Crypto-Currencies
120
Think of it as transacting in an account that is protected by strong secrecy laws. In order to regulate those transactions, the system has to eliminate the secrecy. Regulation of digital currencies would undermine the system as an enabler of privacy and reduce its appeal. Users who seek the opportunity of privacy in digital currencies will look to other venues to conduct their business, in countries with less regulation. But the consequence of regulation of digital currency will be enabling privacy violations because in such a circumstances business and individuals have to share information with the government and others [28]. These potential risks of having no regulation for digital currency distract many users in the world because there is no confidence [29]. A regulatory framework for digital currencies is more than need for public protection and combating criminal activities. However, caution should be exercised to avoid stifling the development of an innovative technology. Regulation of digital currencies should be sufficiently balanced with privacy, business development and innovative technology.
THE WAY FORWARD: TECHNOLOGY REVOLUTION AND MONETARY EVOLUTION Key Success Factors The current cryptocurrency market is highly competitive and fragmented. Experts identified more factors that will determinate and rise the attractiveness and confidence in using cryptocurrency [30]: The cryptocurrencies should be: • • • • • • • • •
Cost effective to issue Available immediately Governed and regulated Instantly liquid—liquidity should be instantly generated or generated on demand Secure and immutable—cannot be double spent Trusted—backed by a lender of last resort (e.g. a central bank) Free from fractional reserve banking in its crypto-form Transparent with transaction finality (directly or remotely)
Blockchain and Digital Currency in the World of Finance
121
•
Add purpose to economic activity (commerce) and have sustainable value • Have standards to enable interoperability • Be legitimate—a competent authority to impose these standards Cryptocurrencies will undoubtedly benefit market participants. The benefits include [10, 29]: •
• •
•
•
•
• •
•
•
Immediate asset availability—the cryptocurrency will be available immediately for consumers and businesses to spend, without any waiting period. Immediate access to liquidity—the cryptocurrency will be highly liquid—liquidity generated instantly on demand. Free up working capital—the need for banks to hold reserves will be minimized as the money held for use as reserves will be available for other purposes thus optimizing intraday liquidity. Transaction efficiency—cryptocurrency transactions are fast and immediate—they improve efficiency by cutting out the middle man and avoiding lengthy back-office reconciliation processes. Transaction security—central bank-issued cryptocurrency transactions can be tracked protecting security. Security is also enhanced as there is no double spending. Over and above these benefits, a central bank-issued cryptocurrency can have a much larger impact on the wider economy and for all market participants because it can: Boost economic growth—a central bank issued cryptocurrency can permanently boost economic growth. Act as an enabler for mobile and digital commerce—it can replace current immediate payment models by delivering the currency into the market in a more immediate, efficient and effective manner. Ensure stability in the financial system—a cryptocurrency can help maintain financial stability and provide policy makers with more effective tools to smooth out financial booms and busts. In periods of high inflation for fiat currencies, banks can hold cryptocurrencies, thus protecting their wealth. Work as a crypto-reserve currency—commercial banks can keep a portion of their reserves in cryptocurrency rather than in fiat
122
Blockchain Technologies and Crypto-Currencies
currency, thus complementing the fractional reserve banking system. • Effectively monitor the supply of money—a central bank issued cryptocurrency can help policy makers control the amount of money in the economy, as well as the supply of the cryptocurrency. This is currently not possible as banks create money by using deposits as loans. • Lower costs—cryptocurrencies will enable the banking system to cut the costs of bank-note issuance, circulation and handling. In addition, transaction costs will be significantly reduced especially for cross border transactions. • Allow for traceability—transactions in central bank issued cryptocurrencies can be tracked, and simultaneously ensure that the users information remains protected, thus protecting privacy. A central bank issued currency follows KYB and KYC procedures which will allow the central bank to identify users when there is a need to. Taking in an account that in the world of digital currency is needed regulation, increasing the attractiveness of using cryptocurrencies is found in support by central bank. The central bank with its authority and confidence that it has from the market participants, needs to do some reforms in the moment of deploying a cryptocurrency [31]. At the beginning, central bank is the most relevant factor to define the framework and standards for all participants. Regarding this, central bank can create and give policy guidance where all players will know policy and regulation very clear. Central bank following KYB and KYC procedures ensures control of financial criminal. In the moment when central bank issued cryptocurrency under legal framework it will have the status of legal tender. The role of central banks raises more for all users in the economy. In the traditional way, central bank has no direct connection with consumers, which is a big difference when central bank issued cryptocurrency and has direct link with market participants.
CONCLUSION The chapter was intended to provide an analysis for the use of cryptocurrencies in general and especially Bitcoin. The research has shown that the future of
Blockchain and Digital Currency in the World of Finance
123
cryptocurrencies can be bright if some institutional-formal conditions are met. The advantages of using cryptocurrencies in trade facilitation, cost reduction and others are recognized by the majority of academics. Bitcoin and other cryptocurrencies have the potential to replace traditional and new payment methods. But in order to achieve this and become the dominant force in the global payment system, they must provide a distinctive individual value, deal with and overcome a number of critical challenges, such as formal regulatory issues. It is unlikely to happen in a short period of time. Also, banks should carefully consider the technology underlying these cryptocurrencies as a potential generic new way of transferring ownership of the value over the long term. On the other hand, we have seen that cryptocurrencies as a new rise in society constitute a new way of transparent and fluid flow of resources that can spur every economy. The advances in information and communication technology enabled the development of new forms of electronic payment, both in the real world with card products and in the virtual world (software products). The reason for the growing prevalence of these products is precisely their great perceptions compared to the traditional way of payment. However, statistics confirm that the evolution of e-money is in the initial phase, and that cash is still the most important form of payment for retail transactions. Cash has not yet been replaced by any form of electronic payment. One of the reasons is precisely the fact that e-money is a rather sophisticated form of payment that requires some investment in new technology among retailers, as well as developing new experiences among the users. Therefore, the use of electronic money does not extend significantly. Because Bitcoin is controlled by all users, and they are free to choose the software of their choice. Therefore, in order to maintain compatibility, users must change this, that is, they should use software that meets the same rules. Only Bitcoin can work properly with a complete consensus among all users. Ripple enabled us to look at how banks began to use it, in order to become more polyclinic in their work. The Ethereum has enabled us to get to know the extra possibilities of cryptocurrencies through Smart Arrangements. They could relieve individuals of the limitations of the legal system and big business. Taking in account the success of cryptocurrencies, there is opinion that consumers, consortiums or large financial institutions would not be successful in launching cryptocurrencies. Further, here is believed that its success will be greater if the digital currencies are lunched by central banks.
124
Blockchain Technologies and Crypto-Currencies
So, we should be thinking in using this tool more efficiency for the world economy, supportive than understanding them as possibility to disrupting the financial system. More detail, central bank has the authority to bring participants together and will increase the attractiveness of fiat money for exchange in clearing, payments and settlement. In this moment some experts asked two question according cryptocurrency and central banks. The first is linked with the deepness and preciseness of policy and economic implications of launching a central bank-issued cryptocurrency. The second issue is focused on impact of central bank-issued cryptocurrency on the banking system.
Blockchain and Digital Currency in the World of Finance
125
REFERENCES 1. 2.
3. 4. 5. 6.
7. 8.
9.
10. 11.
12. 13. 14. 15.
Cohen BJ. The Future of Money, Chapter Seven. Princeton: Princeton University Press; 2004 Bounie D, Abel F. Les déterminants de la détention et de l’usage des instruments de paiement: éléments théoriques et empiriques. Revue d’Economie Financière. 2006;83:159-173 European Central Bank. The Blue Book. Bucharest: European Central Bank; 2005 Baddeley M. Using E-cash in the new economy: An economic analysis of micropayment systems online.. Journal of Electronic Commerce. 2004;5(4):239-253 David P. Positive feedbacks and research productivity in science: Reopening another black box. In: Grandstrand O, editor. Economics of Technology. London: Elsevier Science; 1994. pp. 65-89 Menger C. On the origin of money. Economic Journal. 1892;2(83):239255 von Hayek F. Denationalisation of Money: An Analysis of the Theory and Practice of Concurrent Currencies. Londres: Institute of Economic Affairs; 1976 Schmitz SW. The institutional character of electronic money schemes: Redeemability and the unit of account. In: Latzer M, Schmitz SW, editors. Carl Menger and the Evolution of Payment Systems: From Barter to Electronic Money. Cheltenham, UK and Northampton, MA: Edward Elgar; 2001 Goodhart CAE, Krueger M. The impact of technology on cash usage. The Magazine of De La Rue. 2001;(4):9-11 White LH. The technology revolution and monetary evolution. In: Dorn JA, editor. The Future of Money in the Information Age. Washington, D.C.: CATO Institute; 1996 Chakravorti S, Victor L. Payment instrument choice: The case of prepaid cards. Economic Perspectives. 2006;2Q:29-44 Gerald S. The Electronic Purse: An Overview of Recent Development and Policy Issues. Bank of Canada; 1996 BIS. Implications for Central Banks of the Development of Digital Money. Basel: Bank of International Settlements; 1996 BIS. Survey of Developments in Electronic Money and Internet and
126
16. 17.
18. 19.
20.
21.
22.
23.
24.
25. 26.
27. 28.
Blockchain Technologies and Crypto-Currencies
Mobile Payments. Basel: Bank of International Settlements; 2004 BIS. Statistics on Payment and Settlement Systems in Selected Countries. Basel: Bank of International Settlements; 2006 Klenow JP. Evidence on Learning and Network Externalities in the Diffusion of Home Computers. Federal Reserve Bank of Minneapolis and NBER; 2002 Centi JP. Currency competition and the monetary union. Unpublished PhD dissertation. Aix-Marseille University; 1979 Humphrey D, Kim M, Vale B. Realizing the gains from electronic payments: Costs, pricing and payment choice. Journal of Money, Credit and Banking. 2001;33(2):216-234 Krueger M. Toward a moneyless world. In: Paper Prepared for the International Atlantic Economic Conference Vienna; March 16-23, 1999 Economides N, Himmelberg C. Critical mass and network evolution in telecommunications. In: Brock G, editor. Toward a Competitive Telecommunication Industry: Selected Papers for the 1994 Telecommunications Policy Research Conference. Mahwah, NJ: Lawrence Erlbaum; 1995. pp. 47-63 Oliver PE, Marwell G, Teixeira R. A theory of the critical mass. I. Interdependence group heterogeneity, and the production of collective action. American Journal of Sociology. 1985;91:522-556 Osterberg W, Thomson J. Network externalities: The Catch-22 of retail payment innovations. In: Economic Commentary. Federal Reserve Bank of Cleveland; 1998 Stavins J. Effect of consumer characteristics on the use of payment instruments. Federal Reserve Bank of Boston New England Economic Review. 2001:20-31 Katz ML, Shapiro C. Technology adoption in the presence of network externalities. Journal of Political Economy. 1986;94:822-841 Schmalensee R. On antitrust issues related to networks. In: Testimony Before the Federal Trade Commission, Hearings on Global Competition/ High-Tech Innovation, December 1. 1995 Economides N. Economics of networks. International Journal of Industrial Organization. 1996;14:673-700 Farrell J, Saloner G. Standardization, compatibility and innovation. RAND Journal of Economics. 1985;16:70-83
Blockchain and Digital Currency in the World of Finance
127
29. Iwai K. 1997. Evolution of money. In: Paper Presented at the Workshop on Evolution and Economics; Certosa di Pontignano, Siena 30. Stavins J. A comparison of social costs and benefits of paper check presentment and ECP with truncation. New England Economic Review (July/August). 1997;12:27-44 31. Rahn RW. The future of financial privacy: Private choices versus political rules. In: The Future of Money and Financial Privacy, Chapter 6. 2000 32. Mokyr J. Are we living in the middle of an industrial revolution? Federal Reserve Bank of Kansas City Economic Review. 1999;(14):31
BAVP: Blockchain-Based Access Verification Protocol in LEO Constellation Using IBE Keys
6
Songjie Wei1 , Shuai Li2 , Peilong Liu3 , and Meilin Liu4 1 School of Computer Science and Engineering, Nanjing University of Science & Technology and State Key Laboratory of Air Traffic Management System and Technology, Nanjing 210094, China
School of Computer Science and Engineering, Nanjing University of Science & Technology, Nanjing 210094, China 2
3
Shanghai Engineering Center for Microsatellites, Shanghai 201203, China
4
Shanghai Institute of Satellite Engineering, Shanghai 200240, China
ABSTRACT LEO constellation has received intensive research attention in the field of satellite communication. The existing centralized authentication protocols traditionally used for MEO/GEO satellite networks cannot accommodate LEO satellites with frequent user connection switching. This paper Citation: Songjie Wei, Shuai Li, Peilong Liu, and Meilin Liu, “BAVP: BlockchainBased Access Verification Protocol in LEO Constellation Using IBE Keys,” Security and Communication Networks, vol. 2018, Article ID 7202806. Copyright: © 2018 Songjie Wei et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
130
Blockchain Technologies and Crypto-Currencies
proposes a fast and efficient access verification protocol named BAVP by combining identity-based encryption and blockchain technology. Two different key management schemes with IBE and blockchain, respectively, are investigated, which further enhance the authentication reliability and efficiency in LEO constellation. Experiments on OPNET simulation platform evaluate and demonstrate the effectiveness, reliability, and fastswitching efficiency of the proposed protocol. For LEO networks, BAVP surpasses the well-known existing solutions with significant advantages in both performance and scalability which are supported by theoretical analysis and simulation results.
INTRODUCTION This paper is based on the conference paper [1]. Low-Earth-Orbit (LEO) satellite network systems as represented by the Iridium system and Globalstar system have become one of the most heated areas of research. Because of the low orbits, LEO networks have the advantages of short delay and low pathloss compared with traditional satellite networks. In addition, a constellation of multiple satellites in a LEO satellite network system brings true global coverage and efficient frequency reuse. LEO satellite systems play an important role in mobile satellite communications and are supposed to be one of the most important components in future global communications. Due to the open nature of satellite networks, communications can be easily intercepted by unauthorized or malicious attackers. Mechanisms for ensuring secure communication within satellite networks are key for achieving security within satellite network systems. In these communications systems, the use of encryption algorithms to maintain confidentiality is a common and effective method. There is significant difference between satellite networks and terrestrial networks in many respects, such as computing capability, storage space, high packet loss rate, and dynamic topology. Consequently, the terrestrial authentication protocols represented by a series of protocols with certificates are less applicable in such scenarios with satellites. On the other hand, the existing public key infrastructure (PKI) must ensure dependability of a third party such as a certificate authority (CA) in general. Certificates and key management overhead are not negligible. Thus, when considering the design of authentication protocols, we ensure secure communication with concern about computation and storage overhead and the number of steps and nodes involved. Unlike traditional satellite networks, LEO satellite networks have the characteristics of dynamic topology and frequent
BAVP: Blockchain-Based Access Verification Protocol in LEO ....
131
connection switching. The authentication protocol running on satellite nodes has to be as light-weighted and cost-effective as possible in premise of ensuring security. This means cryptography used in authentication has to be carefully selected and customized for satellites onboard. A short response time during authentication is also preferred. However, there are a lot of concerns within the centralized authentication protocols in satellite network, such as complex computation, central bottleneck, and long response time, which make the above desires not easily achievable. This paper proposes a Blockchain-based Access Verification Protocol (BAVP) by combining identity-based encryption (IBE) and decentralized blockchain technology. IBE brings in the advantage of fast key generation with specified identity string provided by users, which eliminates the cost of certificates used in traditional authentication protocols. Blockchain contributes to the decentralizing of both data storage and computation.
RELATED WORK Regarding the related literature on centralized authentication protocols used in existing satellite network, Cruickshank proposes an authentication protocol [2] that uses asymmetrical encryption algorithms. However, the operations involved in his protocol are too complicated to implement. Hwang et al. redesign the authentication protocol without a public key cryptosystem [3], but the shared secret key still needs to be updated every time when a user is authenticated. Y. F. Chang and C. C. Chang propose a mutual authentication protocol that requires only XOR and hash function [4], where, during every authentication procedure, a network control center (NCC) need not generate a private key and a temporary identity for user. However, the NCC is involved in every authentication session as critical bottleneck and single-point-offailure resource which may bring in higher delay during authentication. The performance of the authentication protocol is restricted by NCC. Zheng et al. propose an authentication protocol avoiding these weaknesses by involving a gateway in authentication [5]. Their proposed protocol involves not only users and satellites but also the gateway and NCC during authentication. The number of interactive steps is inflated resulting in a variant response time of authentication. Lin’s paper compares and summarizes the characteristics of symmetric encryption, asymmetric encryption, and the certificate system used in satellite network [6]. Additionally, traditional centralized authentication protocols are designed mainly for MEO (Medium Earth Orbit) and GEO (Geosynchronous Earth Orbit). There is less consideration
132
Blockchain Technologies and Crypto-Currencies
on distributed handover authentication which is unavoidable in LEO satellite networks with frequent link switching and narrow single-satellite coverage. By simply applying the existing centralized authentication protocols in LEO satellite networks, each handover authentication in a LEO satellite network requires a new complete authentication. This magnifies the disadvantages with these protocols discussed above and thus is inappropriate for LEO satellite networks. There are several schemes focusing on LEO satellite network as noted in papers [4, 7, 8]. In paper [7], the author proposes an efficient and secure anonymous authentication scheme that requires only XOR and hash function and improves the disadvantages such as user’s privacy not being kept confidential compared to paper [4]. However, it still has the NCC bottleneck during authentication. Wu et al. propose a lightweight authentication and key agreement (AKA) scheme [8] based on the synchronization mechanism of user’s temporary identity which fixes the security problems found in paper [9]. All these papers utilize the XOR and hash function for efficient computation, but none of them is optimized for LEO satellite network with NCC still involved. In summary, PKI is still the most fundamental for implementing key management and not appropriate for LEO with resource constraint. In addition, referring to decentralized authentication protocol used in satellite network, previous researches are relatively lacking. In other resource constraint scenarios similar to satellite networks, such as wireless sensor networks, the authentication protocols investigated intensively focus on mainly cluster and mostly centralized ones.
PROTOCOL DESIGN In the proposed Blockchain-based Access Verification Protocol (BAVP) for LEO authentication, Key Generation Center (KGC) generates public and private keys of all roles (users and satellites) with its private key and these roles’ identities. Meanwhile, based on blockchain, a trust chain consisting of KGC, satellites, and users is the core base for rapid handover authentication. With distributed storage in blockchain, this protocol records users’ registration, cancellation, login, logout, handover, and other related logs as plugin. Authentication is divided into two parts: access authentication and handover authentication. During access verification, users and satellites can implement mutual authentication through their public and private keys,
BAVP: Blockchain-Based Access Verification Protocol in LEO ....
133
and a user’s authority is checked against his token. Meanwhile, the relevant authentication logs are recorded in a form of blocks which would be merged and distributed between satellites and the KGC. We describe the logical structure of this system as in Figure 1. A satellite in each orbit is selected as a logical root responsible for the interaction of blocks with KGC. This logical structure is also the basis of blocks’ merging and distribution. Before presenting the detailed design, we first briefly review IBE and blockchain technology as background knowledge.
Figure 1: Logical structure of this system.
Background Identity-Based Encryption In IBE [10], a user’s public key can be derived directly using his unique identity string, such as a phone number and email. IBE eliminates the computation and storage overhead with certificates. In this way, we can create the mapping between identity and public key. IBE requires a trusted third-party KGC to provide key generation services for different roles in this system. When registering, a user needs to provide his identity to the KGC; then the KGC uses its private and public key together with related system parameters to calculate a pair of public and private keys for this user and also securely transmit them to the user. When sending confidential information, a user needs no certificate but the public key which corresponds to the receiver’s identity in order to encrypt
134
Blockchain Technologies and Crypto-Currencies
messages before sending. The most efficient IBE schemes are based on bilinear pairings of elliptic curves, and currently IBE based on pairing is mainly divided into three categories: exponent inversion, full domain hash, and commutative blinding. The full-domain-hash mechanism requires much computation for the mapping between user’s identity and a point on elliptic curve, which is not suitable for resource constrained scenarios such as satellite networks. Thus, in a scenario with limited computing power like in satellite networks, the other two schemes are more suitable to be adopted.
Blockchain Blockchain [11] is the underlying technology that supports Bitcoin. It is essentially a distributed ledger secured by cryptography. Its core strength is that trust is built among distributed nodes and data ensured for integrity without being tampered or forged. Furthermore, blockchain supports customization with smart contracts according to diverse demands. Data integrity and distributed consensus on trust are the two main advantages of blockchain. The former is guaranteed when each node in the network stores a complete copy of data. And the latter primarily depends on the effectiveness of consensus mechanism with no need for Trusted Third Party (TTP) among nodes. According to different scenarios, blockchain can be classified into three types, namely, public blockchain, private blockchain, and consortium blockchain. The major differences are found in their adopted consensus mechanisms. In the case of LEO satellite network system, consortium blockchain would be more suitable in terms of architecture and various demands like being controllable and manageable. Fabric (a consortium blockchain platform) supported by Hyperledger (a global open source collaboration hosted by the Linux Foundation) is a representation of consortium blockchain with a modular architecture delivering high degrees of confidentiality, resiliency, flexibility, and scalability. Additionally, there are also some new blockchain technologies emerging like IOTA which takes directed acyclic graph (DAG) instead of linked list as its underlying architecture. Generally speaking, the most popular public blockchain platforms are still Bitcoin and Ethereum. Blockchain technology is still under continuous development and evolution.
Smart Contract Smart contract is a program protocol intended to verify, facilitate, or enforce the performance of a contract. In this paper, smart contract refers
BAVP: Blockchain-Based Access Verification Protocol in LEO ....
135
particularly to a contract program running on blockchain as the greatest achievement in blockchain 2.0. Taking Ethereum as an example, smart contract is implemented by EVM (Ethereum Virtual Machine) which is Turing-complete. When a smart contract being programmed by solidity or other smart contract programing languages and deployed on blockchain, it is encoded as EVM bytecode and executed by all mining full nodes. Full node refers to those with a complete copy of data of the blockchain while light node refers to nodes with only partial data in the blockchain. Due to its programmability, atomicity, consistency, and unambiguity, smart contract contributes greatly to blockchain technology. Users can verify the correctness of smart contract by comparing the bytecode of source code provided by promulgator with the bytecode stored in blockchain. And access control is supported based on accounts within smart contract. Accordingly, smart contract can implement specific business logic on blockchain which makes blockchain more promising and practical in various applications.
BAVP Principles and Processes BAVP has two major parts: key management implemented with IBE; authentication and records of related logging which is based on both blockchain and IBE. In describing this protocol, we use the symbolic conventions as shown in Table 1. Table 1: Symbols and meanings
136
Blockchain Technologies and Crypto-Currencies
When explaining the principles of each phase, all messages included in this protocol are timestamped by default, and nodes receiving the messages always check the timestamp. The BAVP control procedure is shown in Figure 2.
Figure 2: Authentication control flow of the proposed protocol.
Registration Phase A KGC is a trusted authority which is responsible for calculating a user’s public key, private key, and user token for authority. A registered user is allowed to access the satellite system at any time during the token’s period of validity. An authorized user submits his identity to KGC to obtain a pair
BAVP: Blockchain-Based Access Verification Protocol in LEO ....
137
of public and private keys calculated by the KGC, together with a token signed by the KGC. Te calculation is as follows: user A provides his identity IDA (such as , where user means the role of user). KGC uses hash user: function and PKGC to calculate PA. Next, the KGC calculates dA with dKGC. Satellites register themselves in the same way before issuance. Meanwhile, KGC constructs user token of A and signs it with dKGC. And IDA ‖ U authority ‖ Start time ‖ Stop time ‖ KGC Sign is the format of AuthToken where KGF_Sign means signature of the frst four felds in this token. Afer fnishing, KGC returns the pair of public and private keys, along with the token, to user A safely (e.g., via secure email). Aferwards, KGC packs this user’s registration log into blocks which would be stored in local blockchain. At this point, user A has completed the steps necessary for accessing the satellite system. Te diagram of the registration phase is shown in Figure 3.
Figure 3: Diagram of registration phase.
Access Authentication Phase The access authentication phase is shown in Figure 4, and the four steps are as follows:
Blockchain Technologies and Crypto-Currencies
138
Figure 4: Diagram of the protocol.
(a)
(b)
(c)
When user A wishes to access satellite S, he frst checks the identity of S and then uses the hash function to calculate PS with PKGC. Aferwards, A sends his identity to S. While receiving this message, S checks the identity of A and searches for latest cancellations to check the validity of A. Then S calculates PA accordingly, generates random number r together with session key k, and sends m1 to A as follows:
(1) After receiving this message, A decrypts it with dA, verifies the signature of r and k, and then saves them. Thereafter, A sends m2 to S as follows:
(2) UserInfo contains the location, time, and A’s identity when authentication starts.
BAVP: Blockchain-Based Access Verification Protocol in LEO ....
139
(d)
While receiving this message, S decrypts it with k, verifes the correctness of r, and searches for the latest cancellations to verify the validity of current user. If A is valid, then S verifes the signature of A’s AuthToken with PKGC. Te session key k uses symmetric encryption, such as the Rijndael algorithm. Next, S checks whether IDA in AuthToken is consistent with the identity provided at the beginning or not. With all the steps above without mistakes, S allocates the resources necessary to establish a secure connection with A and provides service according to the authority and expiration time in AuthToken. Moreover, S packs A’s access log which contains UserInfo mainly and then stores it into S’s local blockchain. Otherwise, S disconnects from A. The essence of this phase is to accomplish mutual authentication by IBE. A user needs not store the public key of each satellite in advance. Instead, only through the broadcasted network identification of a satellite, each user can calculate the corresponding public key directly. Authentication security is ensured of IBE. During authentication, a session key is negotiated, and a secure channel is established after each successful authentication.
Fast-Access Authentication Phase Once a new user is successfully authenticated, his information would be stored in the access satellite. With data traceability in blockchain, when this user reconnects a satellite for service again, he only needs to send m3 to the satellite, calculated as
(3) S3 stands for the satellite user A wants to access. Next, after receiving this message, S3 calculates PA according to IDA, verifes the signature, and then checks if IDS3 in this message corresponds to its own. If there is no mistake, then the satellite can search for data related to A in its local blockchain, return a new session key which is signed with dS3 and encrypted with PA, and provide relevant service according to the relevant data. Using this procedure, users can access satellites efficiently. The search time is log2(n) However, if the satellite being accessed is not in the same orbit as the original satellite where the user is previously authenticated, then the user cannot take this fast-access way due to the lack of related data in
Blockchain Technologies and Crypto-Currencies
140
this current satellite. User who needs the fast-access convenience should access at least one satellite in each orbit previously through regular access authentication procedure.
Handover Authentication Phase The handover authentication phase is illustrated in Figure 4, and the four steps are explained as follows: (a) (b)
Through the secure channel, user A informs the satellite (called S1) of his leaving information including IDA and IDS2. While S1 receives such messages from A, it checks whether the satellite that A wants to switch to is a neighbor or not. For neighbor, S1 will pack A’s handover log as into block and store this in its local blockchain. The handover log can also be extended according to user needs. Instantly, S1 calculates and returns m4 to A as
(4) (c) After receiving m4, A disconnects from S1, signs this message, and sends it to S2. (d) Subsequently, S2 checks the timestamp of the message received from A and also checks out whether S1 is its neighbor. If not, S2 denies A’s request. Otherwise, S2 calculates PS1 and PA to verify the signature in this message. When verification succeeds, S2 searches for the latest cancellations to check the validity of A. If A is valid, S2 returns a new session key signed with dS2 and encrypted with PA to A. Later, S2 officially allocates relevant resources and establishes secure connection with A by this new session key. Meanwhile, S2 packs A’s handover log which depends on packing the received message mainly into blocks and stores this in its local blockchain. Next, A decrypts the message received from S2 with dA. Then, A verifies the new session key’s signature and continues to obtain service through new secure channel between him and S2. If any step goes wrong, S2 disconnects from A. The core principle of implementing fast handover is its utilization of a trust chain consisting of satellites, users, and KGC. This also brings in
BAVP: Blockchain-Based Access Verification Protocol in LEO ....
141
consensus among all satellites. When a user is successfully authenticated by passing the check on one satellite in this system, other satellites should recognize the result of authentication as trust. When it is time to synchronize data (depending on the update interval), each satellite sends its own latest blocks (i.e., blocks that have not been sent out) to adjacent nodes according to the logical organization of the constellation. KGC or satellites would merge these blocks received from other nodes with their own blockchain on the basis of timestamp. If the amount of data at satellite side reaches the threshold, each satellite removes those blocks in accordance with predefined rules, to keep only the latest and mostly queried records. When a user cancels his identity, KGC packs the user’s cancellation record into a block and stores the block in its local blockchain database. Blocks containing the newest cancellation records are periodically or proactively synchronized with P2P distribution as in a typical blockchain. Regardless of merging or distribution, once a node receives blocks, it verifies the signature of blocks and then integrates these blocks with its local blockchain. The block structure in this protocol is consistent with blockchain. As for re-registration, a user should cancel his original identity and register with a new identity in the same way described in registration phase.
Performance and Advantages Analysis As a theoretical analysis of the computational costs required in this proposed protocol, taking symmetric encryption/decryption as P, asymmetric encryption/decryption with IBE as E, signing as N, and signature verification as V, the access authentication phase requires Ra (2P, 2E, 1N, and 2V). The fast-access authentication phase costs only Rf (2E, 2N, and 2V), and the handover authentication phase needs Rh (1E, 3N,and 3V). A comparison of authentication methods between Yoon et al.’s scheme and the protocol proposed in this paper is shown in Table 2. Table 2: Comparisons in authentication phase Yoon et al.
BAVP: access
BAVP: fast-access
BAVP: handover
Hash operations
2/4
(1)/1
(1)/1
-/-/2
MAC operations
2/2
-
-
-
Symmetric operations
-
1/1
-/-
-/-/-
Blockchain Technologies and Crypto-Currencies
142 Asymmetric operations
-
1/1
1/1
-/-/-1
Signing operations
-
-/1
1/1
1/1/1
Signature verifications
-
1/1
1/1
1/-/2
Communication levels
2
1
1
1
Authentication center
NCC
None
None
None
Since Yoon et al.’s scheme [7] is far superior to those proposed in related works as shown in their paper, Table 2shows the comparison between Yoon’s protocol and the proposed BAVP. As there are only hash and mac operations involved in Yoon et al.’s proposed scheme, this protocol appears less efficient in computation costs by comparison. Nevertheless, it is not only computation costs that decide whether an authentication protocol is efficient or not. Other factors like communication levels and existence of an authentication center would also affect the efficiency of authentication protocol. As mentioned in Section 2, in Yoon et al.’s scheme, NCC is still involved in authentication which may be the bottleneck of this whole authentication system. Meanwhile, there are two communication levels (user ↔ satellite and satellite ↔ NCC) during authentication in Yoon et al.’s scheme, while there is only one communication level with users and satellites in this proposed protocol. And considering the LEO satellite network that has the least network delay (10 ms–40 ms), the forward and backward delay of the extra communication level would bring at least 20 ms for response time of authentication protocol, which is far greater than the time for one operation of asymmetric encryption/decryption (in simulation environment with IBE, it is about 1.5 ms). From the analysis, we can conclude that BAVP has the following extra merits: (1) (2) (3)
With IBE, this protocol eliminates certificate cost. Using IBE and blockchain, decentralized access authentication and fast handover among satellites can be implemented. Based on the trust chain consensus, the system stores information about users and satellites using blockchain technology which ensures the accuracy, completeness, consistency, and traceability of data within the block.
BAVP: Blockchain-Based Access Verification Protocol in LEO ....
(4)
143
Auditing is also made possible for protection of network resources and the implementation of security policies by unforgeable logging in blockchain.
Security Analysis In the case of common attacks such as data tampering, eavesdropping, replay attacks, and man-in-the-middle attacks, this protocol has intrinsic resistance. Key Security. A malicious attacker cannot get the plaintexts from the ciphertexts obtained by eavesdropping or sniffing, as long as he cannot get the private key of any user or satellite. Attack cannot tamper with the message, which is based on the security of IBE and AES algorithms. Session security after successful authentication is ensured by session key. Session key negotiation is secured by private keys of users and satellites. As clarified in the previous four sections, private keys of users and satellites are not included directly in various authentication messages, which means these keys cannot be obtained by eavesdropping. When the KGC is credible (keeping dKGC secure and not storing or calculating user private keys illegally after users registered), users and satellites private keys are only known to themselves, which means users themselves are essentially responsible for security of their private keys. Replay Attacks. The protocol uses timestamps, which can resist such attacks effectively. If there is an attacker who copies an encrypted message by eavesdropping and sends it at another moment, the receiver satellite will reject it after validating the timestamp in the message. Moreover, the random number r during access authentication phase actually implements a challenge/response method, and also during other phases, the attacker will fail to get session key without possessing private key of the user relevant with the message he replayed; therefore, the satellite will not allocate related resources officially. Thus, this BAVP protocol is resistant to replay attacks. Man-in-the-Middle Attacks. The man in the middle cannot register with the role of a satellite or the role of an existing user in the system. Therefore, he cannot impersonate any existing role in this system. With IBE, user’s identity and relevant public key are bound together, and the receiver can find out whether a message is signed by a specific user. An attacker cannot get the KGC’s private key or those of satellites or registered users. Therefore, he cannot disguise himself as any role in the system in order to conduct manin-the-middle attacks. Impersonation Attacks. An attacker may attempt to impersonate an authorized user by forging an authentication request. As the
144
Blockchain Technologies and Crypto-Currencies
first response to such authentication request from satellite during all three kinds of authentication phases should be encrypted using this user’s private key, the attacker must know the exact content of right private key in order to be authenticated. However, he has no feasible way to know this private key. The attacker cannot even construct such authentication requests as he has no ability to forge the valid signature of an authorized user during fastaccess authentication or handover authentication. At satellite side, if there is an attacker, who attempts to impersonate a satellite, he would fail to forge a valid signature for the session key without possessing the right satellite private key. Even if he replays a previous valid response, he would fail in the next steps of the authentication process due to the check of valid timestamp and the inability to decrypt the session key. Thus, the proposed protocol is secure against impersonation attacks. Denial-of-Service Attacks. This protocol firstly checks whether the identity of current user is valid and then returns a response which is encrypted with the public key relevant to the identity during authentication. If there is a denial-of-service attack, it would not continue because the attacker has no corresponding private key, which means the satellite would not allocate relevant resources for service and the secure channel between this attacker and the satellite would not be established. Thus, this protocol can resist denial-of-service attacks. Also, there is no threat of an attack using stolen verification tables or smart cards, as BAVP does not use verification tables or smart cards. Meanwhile, blockchain can ensure accuracy, completeness, consistency, and traceability of data which makes authentication more efficient and more secure. However, the KGC must be completely trusted as required by IBE, which may have potential safety problems hidden within it. It is reasonable to assume that KGC is trustworthy since users must register at KGC with their information to obtain services.
DISTRIBUTED PKI In the proposed protocol, although KGC is not involved during authentication, it is still the center for key management and is able to calculate all private keys of users. Once it is hacked, the security of the whole system would be threatened. In spite of some solutions that have partially solved this, there are no real all-around solutions. For example, in paper [12], a method based on (n, t) threshold secret sharing cryptography is designed to avoid this problem. The user’s private key is split into n pieces and these key
BAVP: Blockchain-Based Access Verification Protocol in LEO ....
145
fragmentations are stored in different key privacy authority (KPA). Users only need to apply key fragmentation towards enough KPAs, and then they can restore their private key. Thus, this method can avoid the threat brought by centralized key management. Nevertheless, this solution brings additional costs for construction of KPAs, and also the number of KPAs should be large enough under individual owners for security. There are still concerns about KPA mechanism. For example, these KPAs need to take different strong safeguard procedures in order to increase the difficulty of breaking this system. Actually, IBE establishes mapping relations between identity and public key through mathematical methods which avoid the use of certificates, while we can realize this kind of mapping relations through smart contract on blockchain 2.0 like Ethereum. With such thought, we are actually building a distributed PKI (called DPKI).
Structure of DPKI There are mainly three functional parts of DPKI: key registration, key update, and key revocation. The structure of DPKI is shown in Figure 5.
Figure 5: Structure of DPKI.
Methodology DPKI is specifically built using smart contract with blockchain 2.0. Blockchain as a robust P2P network is able to ensure correctness of data stored in it. Thus, making centralized PKI distributed, which can overcome many weaknesses of traditional PKI, becomes possible. This section has the following structure: the first part explains how key registration works, followed by the principles of key update and key revocation and also the code template of DPKI smart contract.
Key Registration For traditional PKI using certificates, users need to provide proof of their
146
Blockchain Technologies and Crypto-Currencies
identity to get a valid certificate authorized by a trustworthy CA. With IBE, users need no certificates, but they simply provide a related identity string which can be an email address, ID number, or other strings, and then KGC calculates their private keys which are sent to users safely thereafter. In DPKI, users also submit proof for their identity and the authority they need. Users generate their public and private key pairs with any kind of asymmetrical encryption algorithm by themselves and then register their public key together with the standard name of algorithm used by invoking smart contract. After this, the administrator of the LEO system checks whether the identity is valid and afterwards passes their registration by invoking pass function of smart contract provided that nothing is wrong. In the satellite scenario, the asymmetrical encryption algorithm used should be limited to serval specified algorithms with consideration of resource constraints. The principles are shown in Figure 6.
Figure 6: Principles of key registration.
Key Update Out of security considerations, users should update their key pairs periodically. With a securely kept password, a user can update his key pairs proactively. During key registration, account address, public key, identity string, and algorithm used for key generation are bound together. Therefore, users willing to update their key pairs are able to do so through the smart contract update function at any time. The key update principles are shown in Figure 7.
BAVP: Blockchain-Based Access Verification Protocol in LEO ....
147
Figure 7: Principles of key update.
Key Revocation Generally, users need not revoke their key pairs. If their private keys are lost or stolen, they can generate new public and private key pairs and then update their key using the key update method. Nevertheless, when the passwords of users’ blockchain accounts are lost or stolen, the users lose all control of key update and revocation. Assuming that there is one user A whose blockchain account is lost or stolen, he can revoke his original identity by submitting relevant proof and then the administrator checks validity of this proof. If this proof is right, the administrator adds A’s original blockchain account to revocation list. Also, the administrator re-register A’s new account with original authority and relevant remaining time after A executes key registration with a new blockchain account. The principles are shown in Figure 8.
Figure 8: Principles of key revocation.
Smart Contract of DPKI With smart contract and blockchain, there is no need for a trustworthy
148
Blockchain Technologies and Crypto-Currencies
CA, no cost on storage, and no overhead involved in key management. Figure 9 shows the smart contract structure for DPKI.
Figure 9: Smart contract of DPKI.
Multiple administrators can be enrolled to enhance the security of this satellite system. This can be realized by applying (n, t) threshold secret sharing or multisignature cryptography, which needs the majority of administrators to agree when taking an operation. We can also simply deploy DPKI on current public blockchain platform like Ethereum or implement DPKI on consortium blockchain constructed by the union of this satellite system. The two approaches with public- or consortium-based blockchain differentiates as follows:(1)Public-based approach does not bring any storage overhead for users or the proprietor, and there is no money cost for construction of blockchain platform.(2)Public-based approach must accept the current consensus mechanism by the adopted blockchain platform, while the consortium-based one can design an appropriate consensus mechanism for custom business needs, more customizable and controllable.(3)A constructed consortium blockchain only contains data related to key management which makes it more efficient for query and other related respects.
Analysis of DPKI For security analysis, traditional PKI is mature and adequate while CA is completely trustworthy. As for DPKI, the algorithm adopted for the
BAVP: Blockchain-Based Access Verification Protocol in LEO ....
149
generation of users’ public and private key pairs should be adequately strong. Users themselves are responsible for choosing and maintaining such safety strength. In addition, each operation that invokes DPKI smart contract costs brokerage (known as gas price in Ethereum), which has a good resistance to denial-of-service attacks. With blockchain, there is no need for a trustworthy third party which avoids the potential threat in IBE. In addition, smart contract has the characteristics of atomicity and consistency. In respect of overhead, traditional PKI has a huge cost for key management which is also complex, and every time a user wants to communicate with someone that has legal certificates, he needs to communicate with CA to verify the validity of certificates. For IBE, if the KGC is dependable, it does not store private keys of users, all of storage overhead is for public parameters and its own public and private key. Also, the KGC can be integrated with NCC at a low price, which means there is no need for a reliable third party in this system. Thus, it can be ignored. Referring to DPKI, if it is publicblocked based, then there is no storage overhead for users and satellites in LEO scenario. Only two communications with any full node in blockchain are needed for query of public key before authentication or other secure communication. If it is consortium-block based, then storage overhead of those full nodes will increase with the increasing amount of data. In summary, considering that satellites cannot be set as a full node, the communication cost of querying public key is necessary. This is fatal for any efficient authentication protocol especially in high-delay scenarios like satellite networks. In future practice, consortium blockchain is also necessary because it is more controllable and customizable. With DPKI, users can cache the public keys of satellites they commonly connect to and save the calculation of satellites’ public key in the proposed authentication protocol, but this is not suitable for satellites. Thus, IBE is still the best solution provided that the KGC is totally credible. We simulated the performance of this proposed protocol using IBE on OPNET. However, it is also worth pointing out that DPKI is a promising scheme not only for satellite scenario but also for other scenarios with demands of secure communication.
SIMULATION AND EVALUATION We evaluate the proposed protocol with simulation using IBE. With the OpenSSL, PBC, and GMP libraries, we implement an IBE algorithm and compare it to RSA which is recommended by the ISO as the asymmetric encryption standard. For example, in Cruickshank’s paper, he uses RSA to
150
Blockchain Technologies and Crypto-Currencies
implement the function of signature and encryption. In order to analyze the performance of the proposed protocol, we implement the protocol simulation on OPNET.
Comparison between IBE and RSA To test whether IBE can be used in practice, we compared its performance to the RSA algorithm. While implementing IBE algorithm, we used the SHA1 algorithm that produces 160-bit digest as the hash function. We use the OpenSSL RSA algorithm. The experimental environment used by the test program is Ubuntu 16.04LTS with 4 GB memory and 3.30 Ghz 4 Core i5-4590 processor. After running the test program for twenty times, the computational overhead of two algorithms is shown in Figure 10.
Figure 10: Comparison between IBE and RSA.
In this experiment, the bilinear pairing used by IBE is generated by the function whose prototype ispbc_param_init_a_gen in PBC, where rbits is 160 and qbits is 512 by default. The average time consumed for key
BAVP: Blockchain-Based Access Verification Protocol in LEO ....
151
generation, encryption, and decryption in IBE is 7.251 ms, 1.468 ms, and 1.369 ms, respectively. In the case of RSA, the time spent for key generation, encryption, and decryption is 37.817 ms, 3.753 ms, and 4.109 ms on average. It shows that IBE is superior to RSA, and this is mainly because IBE is based on bilinear pairings while RSA is based on the difficulty of decomposing a large number. Hence, the performance of IBE can satisfy the need for practical applications on satellite networks, and some advanced LEO satellite systems such as Iridium already have their own processors onboard which are superior in performance. Moreover, the hash function, encryption, decryption, and other calculations involved in this protocol can be designed and implemented within particular hardware, so as to further reduce the demand for computing capability of satellite. In terms of the development with IBE, the Office of Chinese Security Commercial Code Administration issued the standard of SM9 algorithm which is one kind of identity-based encryption, and SM9 has entered the phase of promotion. For the security of IBE algorithm, paper [13] provides a rigorous demonstration.
OPNET Modeling and Simulation Due to the low orbit of the satellites, handover is frequent in LEO satellite networks. Therefore, in order to ensure the communication persistence, the authentication protocol designed should be well adapted to this feature. In OPNET, we construct a LEO satellite network scenario [14] consisting of satellite nodes supporting applications attribute and analogous constellation of Iridium without backup satellites for simulation. The configurations of the satellite network include altitude: 780 km, inclination: 86.4°, period: 6027.14 s, and 6 orbits with 11 satellites per orbit. node as user node. Considering We use the relative motion between user and satellite, it is reasonable to set the user node to be immobile during simulation, and the satellites move in their own orbits. The process of this protocol is defined by . There are mainly two phases: one is access authentication phase which is defined as and also fast-access authentication phase which is defined in object; the other one is the handover phase, as which is defined as . The size and initialization time of message used during the simulation is based on the size of each field defined in each message and the performance of IBE together with the symmetric encryption (using the AES-192-ECB mode). For example, random number r used in the
Blockchain Technologies and Crypto-Currencies
152
protocol is 4 bytes, identity string is no more than 30 bytes, timestamp is 15 bytes, and separator between different fields is 2 bytes. Of course, it is just a basic simulated setting which can be adjusted according to actual business needs. The bit error rate (BER) of the intersatellite link is 10-4, and the BER of mobile link between mobile user and satellite is 10-5. In addition, to build the entire LEO satellite network, it is also necessary to set IP addresses, routing protocols, signal-to-noise ratio of user, satellite nodes, and so on.
Interpretation of Result In satellite constellation scenario, we simulate the performance of the protocol in a LEO satellite network by setting custom traffic between user and satellite nodes (based on
, and
object). We first simulated a complete flow of the protocol, the whole simulation lasts for 500 s, the access authentication occurs at 150 s, the handover authentication occurs at 300 s, and the fast-access authentication occurs at 400 s. The results of simulation are shown in Table 3. Table 3: Response time and delay in each phase of the protocol Phase Access Access Fast-access Handover Handover
Src User User User User User
Dest S1 S1 S2 S1 S2
Response time 0.17771 s 0.32246 s 0.18039 s 0.17816 s 0.20689 s
Delay 0.06737 s 0.07591 s 0.05363 s 0.05322 s 0.05083 s
From Table 3, we can see that the response time of each phase in this protocol is less than 500 ms which is far superior to the cost of authentication in paper [15] (10 s-level) and little superior to the cost of authentication in papers [5, 16] (500 ms-level). This protocol does not affect the quality of service (QoS) of satellites with such efficient performance. At the same time, the packet delay is basically between 50 ms and 70 ms. Compared to this, the average encryption and decryption time and other processing time can be ignored, this is also the feature that a practical authentication protocol should have. Moreover, it is easy to see that the handover authentication phase saves about 100 ms to 150 ms comparing with access authentication phase, and this proves the advantages of fast handover. In addition, we can
BAVP: Blockchain-Based Access Verification Protocol in LEO ....
153
see that the response time of fast-access authentication phase is shorter than other phases which benefits from the traceability and correctness of data in blockchain, and this is far superior to the performance of authentication protocol in paper [5, 16]. Next, we adjust the simulation to make it last for two hours. During this simulation, the average interval time of handover is about 10 min which is consistent with Iridium system. The results of simulation are shown in Figures 11 and 12.
Figure 11: Response time.
Figure 12: Packet delay.
Blockchain Technologies and Crypto-Currencies
154
From both figures, we can see that the response time of handover authentication is about 360 ms, which is 28 percent superior to the performance of authentication protocol in paper [5, 13], and the delay is about 53 ms, which is in accordance with the result of Table 3. This also demonstrates that our proposed protocol with IBE is stable, effective, and more suitable for LEO satellite network which has the characteristic of frequent link switching. Next, we set an additional three application scenarios and ran them for 24 hours. The configurations are listed in Table 4. Table 4: Configuration of scenarios setting Application 1 2 3
Access (A) 10 100 1000
Fast-access (FA) 10 100 1000
Order 10 users/1 h (concurrent) 100 users/1 h (concurrent) 1000 users/1 h (concurrent)
In these three application scenarios where the arrival of users conforms to the Poisson distribution, we test the efficiency and stability of this protocol with increased user-scale (10, 100, and 1000 per hour) while access and fast-access authentication phases are concurrently executed on different satellites. From Table 5, we can find that the number of users who access the same satellite does not affect the performance of this protocol which proves this protocol stable performance. This is mainly due to the fact that there is no dependency or interference among different authentication methods. Meanwhile, the average time of these three application scenarios is about 400 ms for access authentication and 150 ms for fast-access authentication, which proves this protocol efficient performance. This is due to the low delay of LEO satellite networks compared to traditional satellite networks and the high efficiency of IBE together with the correctness and traceability of data in blockchain. The simulation results are a little superior to the performance in Table 3and Figures 11 and 12 which are mentioned above. This is due to the different positions of users within the satellite coverage region during authentication, which emerges when the scale of users increases. The diagram of satellite coverage region is shown in Figure 13.
BAVP: Blockchain-Based Access Verification Protocol in LEO ....
155
Table 5: Simulation results of applications 1–3 Application
Scale
1 2 3
10 users/1 h 100 users/1 h 1000 users/1 h
Average response time (access) 0.388472 s 0.382054 s 0.414062 s
Average response time (fast-access) 0.122618 s 0.174229 s 0.140895 s
Figure 13: Diagram of multibeam satellite.
Obviously, authentication response time of the user at the edge of satellite cover region would be longer than that of the user right underneath the satellite. Also, the ratio of the shortest time divided by longest time during identical authentication should be theoretically. And this explains the range of fluctuations about simulation results. As for storage overhead, the cost consists of two parts: the first is used to store the public key of KGC and related system parameters; the second is for session key. Taking the number of users in Iridium system (which was 150,000 at its peak), as an example, the storage used for storing session keys is about 24 MB when 150,000 users are all online at the same time. Therefore, the cost of key storage is much lower than this for each satellite, which is acceptable. Furthermore, the logging function of this protocol also brings cost of storage, and its size is mainly determined by the threshold for storing blocks. When the number of blocks reaches the maximum, the satellite will delete all related blocks according to the certain rule. In this
156
Blockchain Technologies and Crypto-Currencies
respect, the threshold specified is the cost of storage for each satellite (e.g., threshold can be set to 100 MB, but with the increasing number of users, it needs to be increased). Assume that the arrival of user conforms to the Poisson distribution and the service time obeys negative exponent distribution. The computational overhead of access, fast-access, and handover authentication is Ra, Rf, and Rh, the average number of users per hour is , the average
service time is , and the average interval time of handover is t. Thus, for each satellite, the computational overhead brought by this protocol per hour is
(5) And x1 represents the number of users who get authenticated by access authentication while x2 is the number of users who get authenticated by fastaccess authentication.
CONCLUSION AND FUTURE WORK Considering the dynamic topology and frequent link switching found in LEO satellite networks, this paper proposes a new decentralized access verification protocol: BAVP with IBE for authentication and blockchain for distributed computing and storage. For evaluation, we simulate this protocol in OPNET. The theoretical analysis and simulation result show that this protocol is secure, light-weighted, and efficient in LEO satellite network. Additionally, we also propose and analyze a distributed PKI scheme: DPKI which solves the problem of KGC single point-of-failure problem. The proposed architecture and protocols will be further developed and optimized in several ways. Blockchain can ensure the stored data is accurate and tamper-resistant, but it cannot ensure data correctness and originality. That is why a third credible party is necessary. DPKI can avoid the defect of IBE where no user private key is owned by the KGC or such other centers, no matter whether these centers are reliable or not. However, the time for querying user/satellite public keys is limited by network latency which is usually high in satellite network and much longer than encryption/decryption time. Additionally, in actual deployment of blockchain on a satellite network, there are some future works like reforming blockchain technology according
BAVP: Blockchain-Based Access Verification Protocol in LEO ....
157
to particular satellite network routing algorithm and constellation needed to do. Besides, based on DPKI, many centralized application scenarios such as social applications and third-party payment can be innovated and reformed, which is also in our future research plan.
ACKNOWLEDGMENTS This material is based upon work supported by the China NSF Grant no. 61472189, the CASC Innovation Fund no. F2016020013, the State Key Laboratory of Air Traffic Management System and Technology no. SKLATM201703, and the Postgraduate Research & Practice Innovation Program of Jiangsu Province no. KYCX17_0369.
Blockchain Technologies and Crypto-Currencies
158
REFERENCES 1.
2.
3.
4.
5.
6.
7.
8.
9.
S. Li, M. Liu, and S. Wei, “A distributed authentication protocol using identity-based encryption and blockchain for LEO network,” in Proceedings of the International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage, pp. 446–460, Springer, Cham, Switzerland, 2017. H. S. Cruickshank, “Security system for satellite networks,” in Proceedings of the 5th International Conference on Satellite Systems for Mobile Communications and Navigation, pp. 187–190, IET, London, UK, May 1996. M. S. Hwang, C. C. Yang, and C. Y. Shiu, “An authentication scheme for mobile satellite communication systems,” ACM SIGOPS Operating Systems Review, vol. 37, no. 4, pp. 42–47, 2003. Y. F. Chang and C. C. Chang, “An efficient authentication protocol for mobile satellite communication systems,” ACM SIGOPS Operating Systems Review, vol. 39, no. 1, pp. 70–84, 2005. G. Zheng, H. T. Ma, C. Cheng, and Y. C. Tu, “Design and logical analysis on the access authentication scheme for satellite mobile communication networks,” IET Information Security, vol. 6, no. 1, pp. 6–13, 2012. L. Qi and L. Zhi, “Authentication and access control in satellite network,” in Proceedings of the 2010 Third International Symposium on Electronic Commerce and Security (ISECS), pp. 17–20, IEEE, Guangzhou, China, 2010. E.-J. Yoon, K.-Y. Yoo, J.-W. Hong, S.-Y. Yoon, D.-I. Park, and M.J. Choi, “An efficient and secure anonymous authentication scheme for mobile satellite communication systems,” EURASIP Journal on Wireless Communications and Networking, vol. 1, no. 86, 2011. X. Wu, A. Zhang, J. Li, W. Zhao, and Y. Liu, “A lightweight authentication and key agreement scheme for mobile satellite communication systems,” in Proceedings of the International Conference on Information Security and Cryptology, pp. 187–204, Springer, Cham, Switzerland, 2016. Y. Zhang, J. Chen, and B. Huang, “An improved authentication scheme for mobile satellite communication systems,” International Journal of Satellite Communications and Networking, vol. 33, no. 2, pp. 135– 146, 2015.
BAVP: Blockchain-Based Access Verification Protocol in LEO ....
159
10. J. Wu, Y. Long, Q. Huang, and W. Wang, “Design and application of IBE email encryption based on Pseudo RSA certificate,” in Proceedings of the 2016 12th International Conference on Computational Intelligence and Security (CIS), pp. 282–286, IEEE, Wuxi, China, 2016. 11. D. Patel, J. Bothra, and V. Patel, “Blockchain exhumed,” in Proceedings of the Asia Security and Privacy (ISEASP), pp. 1–12, IEEE, Surat, India, 2017. 12. R. Gangishetti, M. C. Gorantla, M. L. Das, and A. Saxena, “Threshold key issuing in identity-based cryptosystems,” Computer Standards & Interfaces, vol. 29, no. 2, pp. 260–264, 2007. 13. L. Chen and Z. Cheng, “Security proof of Sakai-Kasaharas identitybased encryption scheme,” in Proceedings of the IMA International Conference on Cryptography and Coding, pp. 442–459, Springer, Berlin, Germany, 2005. 14. H. Long, OPNET Modeler and Computer Network Simulation, Xi’an University of Electronic Science and Technology Press, Xi’an, China, 2006. 15. Z. B. Xu and H. T. Ma, “Design and simulation of security authentication protocol for satellite network,” Computer Engineering and Applications, vol. 42, pp. 130–132, 2007. 16. X. Zhang, H. Liu, Y. Lu, and F. Sun, “A novel end-to-end authentication protocol for satellite mobile communication networks,” in Foundations and Applications of Intelligent Systems, pp. 755–766, Springer, Berlin, Germany, 2014.
Blockchain: The Next Breakthrough in the Rapid Progress of AI
7
Spyros Makridakis, Antonis Polemitis, George Giaglis and Soula Louca Faculty University of Nicosia, Members of the Blockchain/AI Team, Institute For the Future (IFF), Nicosia
ABSTRACT Blockchain technologies, once used exclusively for buying and selling bitcoins, have entered the mainstream of computer applications, fundamentally changing the way Internet transactions can be implemented by ascertaining trust between unknown parties. In addition, they ensure immutability (once information is entered it cannot be modified) and enable disintermediation (as trust is assured, no third party is required to
Citation: Spyros Makridakis, Antonis Polemitis, George Giaglis and Soula Louca (June 27th, 2018). Blockchain: The Next Breakthrough in the Rapid Progress of AI, Artificial Intelligence - Emerging Trends and Applications, Marco Antonio Aceves-Fernandez, IntechOpen, DOI: 10.5772/intechopen.75668. Available from: https://www.intechopen. com/books/artificial-intelligence-emerging-trends-and-applications/blockchain-the-nextbreakthrough-in-the-rapid-progress-of-ai. Copyright: © 2018 by authors and Intech. This paper is an open access article distributed under a Creative Commons Attribution 3.0 License
162
Blockchain Technologies and Crypto-Currencies
verify transactions). These advantages can produce disruptive changes when properly exploited, inspiring a large number of applications. These applications are forming the backbone of what can be called the Internet of Value, bound to bring as significant changes as those brought over the last 20 years by the traditional Internet. This chapter investigates blockchain and the technologies behind it and explains their technological might and outstanding potential, not only for transactions but also as distributed databases. It also discusses its future prospects and the disruptive changes it promises to bring, while also considering the challenges that would need to be overcome for its widespread adoption. Finally, the chapter considers combining blockchain with Artificial Intelligence (AI) and discusses the revolutionary changes that would result by rapidly advancing the AI field. Keywords: blockchain applications, AI applications, combining blockchain and AI, disruptive technologies, smart contracts, DAO, decentralized storage, IoT, internet of value, decentralized cloud storage, supply chain operations, blockchain/AI startups
INTRODUCTION In a large IBM survey recently conducted by top executives on blockchain [1] it was found that one-third of the almost 3000 who participated responded that they are using, or considering adopting blockchain in their business. According to the survey, 8 in 10 of those exploring blockchain are investing either in response to financial shifts in their industry, or for the opportunity to develop entirely new business models. The results of the survey echo a recent article in Forbes [2] entitled “Blockchain As Blockbuster: Still Too Soon To Tell, But Get Ready”. The proponents of blockchain talk about its great potential capable of creating the same type of fundamental changes as those brought over the last two decades by the traditional Internet. Yet for the majority of people, including the two-thirds of executives in IBM’s survey, blockchain remains an elusive concept, with its advantages not well understood by business people, government officials and the general public (the same thing was true with the Internet in the early 1990s). It is important, therefore, to explain blockchain and its unique advantages as well as its possible drawbacks and in particular the revolutionary changes that would result by integrating it with AI. The purpose of this chapter is to investigate blockchain and the technologies behind it and explain its might and outstanding potential. It
Blockchain: The Next Breakthrough in the Rapid Progress of AI
163
consists of three parts. The first part describes blockchain’s achievements and expands on its ability to transform peer-to-peer collaboration by, among its other benefits, removing the need for trusted intermediaries. The second part looks at its future prospects, including its utilization as a distributed ledger and the disruptive changes it will bring while also considering the challenges that would need to be overcome, including the fear of hacking and the possible fraud associated with the utilization of the technology. The final part considers combining blockchain and AI and the breakthrough applications that could result from such a marriage. There is also a concluding section summarizing the chapter and suggesting some directions for future work.
THE UNIQUENESS OF BLOCKCHAIN: DECENTRALIZED, AUTHENTICATED AND IMMUTABLE INFORMATION AT LOWER COSTS Blockchain is simply a decentralized, or distributed ledger (versus the centralized ones kept by, say, banks to record transactions and keep customer balances) of trustworthy digital records shared by a network of participants. As such, it expands the traditional Internet of information and communications (emails, sending/receiving/searching for information, exchanging files, participating in social media, etc.) to a new category that can be called the “Internet of Value”. Such Internet includes sending/receiving money between two parties without the need for financial intermediaries, buying and selling stocks, keeping/issuing certificates, including real estate titles, creating/executing smart contacts, improving supply chains, etc. Blockchain’s uniqueness comes from the following capabilities: •
•
Trust: new information can be added only when the majority of computers in the network give their approval after satisfactory proof is provided that the information, which is transmitted cryptographically, is truthful. The authentication of information is done in short intervals of time and the updated information is stored (appended) to all participating network computers. Immutability and transparency: information can be appended only to previous data and, once entered, cannot be changed, modified or lost, providing a permanent, incorruptible historical record that stays in the system permanently. Moreover, changes to public blockchains can be seen by all parties in the network
Blockchain Technologies and Crypto-Currencies
164
•
•
thus ensuring transparency. Disintermediation: the ledger (database) is not maintained by any single person, company or government but by all participating computers located around the world. This means that two parties are able to generate an exchange without the need for a trusted intermediary to authenticate the transactions or verify the records. Lower costs and greater speeds: lower transaction costs and greater speed are also characteristics of blockchain in a good number of applications by removing the monopolistic power of powerful intermediaries (e.g. banks) or large, centralized industry leaders (e.g. Airbnb).
WHY BLOCKCHAIN IS A DISRUPTIVE TECHNOLOGY Blockchain provides a fundamental shift from the Internet of information/ communications to the Internet of Value. The difference between the two is fundamental. The first disrupted business models in the 2000s and created the likes of Amazon, Google, Facebook, Alibaba as well as Uber and Airbnb. Its disadvantage is that the information transmitted can be copied, thus making it impossible to guarantee its trustworthiness without the approval of an intermediary, for example, a bank verifying that the money being transmitted is available. The biggest advantage of the Internet of Value is the establishment of trust, through the application of blockchain technology, between strangers who can now trust each other. This means assets can be exchanged in an instant and efficient manner without intermediaries who are no longer needed as trust is built into the system. Such an advantage of the Internet of Value is bound to cause even more profound changes than those brought by the Internet of information. Trusted peer-to-peer transactions will encourage the formation of decentralized structures, diminishing the monopolistic power of intermediaries such as banks or firms like Uber and Airbnb [3]. This will be done through the creation of new players that would exploit the blockchain-based platforms of decentralized networks with the potential to dramatically narrow the monopolistic power of today’s dominant actors, democratizing the global economy and creating a more efficient and sustainable economic system [3]. Blockchain applications started slowly introducing bitcoins after Nakamoto’s 2008 paper and were restricted to cryptocurrencies until July 2015 when the Ethereum platform was released, allowing the issuing of
Blockchain: The Next Breakthrough in the Rapid Progress of AI
165
smart contracts. At around the same time Estonia started implementing blockchain technologies in its governmental operations, including an ehealth record system that covered any one of its citizens who had ever visited a doctor. Further applications were introduced in 2016 with smart contracts and decentralized autonomous organizations (DAOs) with huge potential thus fundamentally affecting the legal profession and the management of organizations (see below). However, the most significant applications are taking place since 2016 with a large number of startups working on innovative solutions that are going to change the economic landscape [4] and turn blockchain into a momentous technological force.
Achievements Apple, Google, Amazon, Facebook, Tencent, Alibaba, Samsung, Netflix, Baidu and Uber (with a combined market surpassing $4.3 trillion at the beginning of 2018) were created by exploiting the advantages provided by the evolving Internet of the late 1990s and the 2000s until now. These eight firms disrupted the economy and business sector by revolutionizing shopping and viewing habits, the search for information and advertising spending, among others, in ways no one could have predicted in the early 1990s when the Internet was introduced. As blockchain holds the potential for equal or even greater disruptions, particularly when combined with AI (see Section 3), revolutionary changes of considerable magnitude covering a wide range of industries and products/services will emerge over the next 20 years and new firms, corresponding to the eight ones mentioned will probably emerge. The great challenge for entrepreneurs is to direct their startups to exploit the emerging blockchain technologies and develop new applications and innovative products/services at affordable prices to better satisfy existing and emerging needs. Below is a presentation of what we believe are the 10 most important existing, or soon to be introduced blockchain applications, highlighting their usage and advantages and mentioning the startups that have been formed to develop and implement them. These applications have been classified in terms of the industries that are being affected and the various applications being pursued. There is no doubt that many more applications will be introduced in the future, some of them becoming successful breakthroughs, in particular when combined with AI algorithms.
Blockchain Technologies and Crypto-Currencies
166
INDUSTRIES Banking Blockchain banking applications can reduce costs by as much as $20 billion by eliminating intermediaries and increasing the safety and efficiency of banking transactions [5]. A leading startup in the field is ThoughtMachine that has developed Vault OS, which is run in the cloud, providing a secure, fast and reliable end to end banking system capable of managing users, accounts, savings, loans, mortgages and more sophisticated financial products (see https://www.thoughtmachine.net/). An alternative blockchain banking application is Corda, a distributed ledger platform that is the outcome of over 2 years of intense research and development by the R3 startup and 80 of the world’s largest financial institutions. It meets the highest standards of the banking industry, yet it is applicable to any commercial scenario. Using Corda, participants can transact without the need for central authorities creating a world of frictionless commerce (see https://www. corda.net/). According to Business Insider [6], practically all major global banks are experimenting with blockchain technology trying to reduce cost and improve safety and operational efficiencies while, at the same time, making sure that they will not be left behind startups utilizing blockchain technologies to dominate the market.
Payments and Money Transfers By avoiding a central authority to verify payments and money transfers, costs can be substantially reduced. At present, there are a good number of services using the technology aimed primarily at those without bank accounts or those looking for important cost savings. Below is a brief description of six blockchain services located in various parts of the world •
•
• •
Abra (USA) is a mobile application allowing person-to-person money transfers. The app can be downloaded from Apple or Google stores. Align Commerce (USA) is a payment service provider (PSP) allowing businesses to send and receive payments in local currencies. Bitspark (Hong Kong) is an end to end remittance platform to any of their 100,000 plus locations worldwide. Rebit (Philippines) is a money transfer service offering
Blockchain: The Next Breakthrough in the Rapid Progress of AI
• •
167
significantly lower rates to the many Philippine immigrants working abroad. CoinRip (Singapore) is a service offering safe and quick money transfer charging a flat rate of 2%. BitPesa (Africa) is a cheap and safe money transferring service operating in Africa.
Securities Trading Blockchain technologies aim to reduce costs and speed up trading while also simplifying the settlement process. For these reasons, many stock exchanges are considering introducing blockchain to their operation. The London Stock Exchange, the Australian Securities Exchange and the Tokyo Stock Exchange are already experimenting with blockchain technologies which are expected to be operational in the near future. Banks and financial companies are also exploring blockchain applications for security trading. T-zero (see https://tzero.com/), a US startup, claims on its website to be the first blockchain-based trading platform that integrate cryptographically secure distributed ledgers with existing market processes to reduce settlement time and costs, increase transparency, efficiency and auditability.
Health Care Health care costs are skyrocketing, estimated to be around 10% of GDP in developed countries and exceeding 17% (close to $3 trillion) in the USA. This means that any effort to improve health care services can result in substantial savings and blockchain technologies are prime candidates to achieve such savings while improving efficiency and probably saving lives at the same time. There are short-term blockchain applications ready to apply and ambitious, long-term ones aimed at revolutionizing the health industry. •
•
Security and trust: collect complete health data (medical reports for each patient, history of illnesses, lab results and X-rays) in a secure manner, using a unique identifier for every person and only allow the sharing of such data with the express permission of the individual involved. Blockchain technology will eliminate the more than 450 health data breaches, affecting over 27 million patients, reported in 2016. Exchangeability of information: health information between the various actors is not communicated freely creating silos that
168
Blockchain Technologies and Crypto-Currencies
hinder its effective utilization to improve health care. Blockchain technology can improve both the exchangeability of information and its quality leading to significant benefits. • Claim settlement and bill management: facilitate claim settlement by reducing bureaucracy and introduce bill management to reduce fraud and speed up payment. This can be achieved more efficiently by creating consortia of health providers and insurers. • Authentication of medical drugs: ensure the integrity of medical drugs based on current industry estimates pharmaceutical companies incur an estimated annual loss of $200 billion due to counterfeit drugs globally while about 30% of drugs sold in developing countries are considered imitations. • Clinical trials and medical research: it is estimated that as much as 50% of clinical trials go unreported, and that investigators often fail to share their study results. Blockchain technologies can address the issues through the time-stamped, immutable records of clinical trials. Most importantly, the technology could facilitate collaboration between participants and researchers and could contribute in improving the quality of medical research. Estonia has implemented a blockchain application, eHealth, covering all its citizens. In addition, there are a number of startups like GEM claiming to have developed the first application for health claims based on blockchain technology. This is done by introducing real time transparency and substantially reducing the time for bills to be paid by the sharing of the same platform among those involved. There are several other startups, some of which are already operating, and some on the way to becoming functional, like Guardtime, operating in Estonia and being used by patients, providers, private and public health companies and the government to store and access information from their eHealth system in a safe and efficient way. Similar functions are provided by Brontech, an Australian startup, offering reliable health data to improve the diagnostic process among others; Health Co aims at revolutionizing the relationship between medical researchers and users; Factom, Stratumn and Tierion are mostly concerned with improving the quality of health data while the purpose of Blockpharma is to fight drug counterfeiting.
Retail The multinational eBay is the leader for online commerce between
Blockchain: The Next Breakthrough in the Rapid Progress of AI
169
consumer-to-consumer sales. OpenBazaar, is a new startup challenging eBay by utilizing blockchain technology to decentralize online person-to-person trade. By running a program on their computer, users can connect to other users in the OpenBazaar network and trade directly with them. This network is not controlled or run by an owning organization but is decentralized and free. This means there are no mandatory fees to pay, and that trades are not monitored by a central organization (see https://www.cbinsights.com/ company/openbazaar).
APPLICATIONS Smart Contracts Smart contracts are probably the blockchain technology with the highest potential to affect, or even revolutionize all sorts of transactions from the execution of wills to the Internet of Things (IoT). The major innovation of smart contracts is the elimination of trusted intermediaries. Consider, for example, the executor of a will who approves the directives of the deceased of how the money will be spent/allocated. Instead of an executor, a programmable, legally binding smart contract can achieve the same purpose, using blockchain technology, avoiding the trusted intermediary, while reducing costs and improving efficiency. An additional, application of smart contracts is with IoT, facilitating the sharing of services and resources leading to the creation of a marketplace of services between devices that would allow to automate in a cryptographically verifiable manner several existing, time-consuming work flows [7]. Most importantly, such technology is the central principle behind Ethereum (see below), a new extension of blockchain technologies focusing on running the programming code of decentralized smart contract applications.
Supply Chain Supply chain operations are dominated by paper-based methods requiring letters of credit (costing 1–3%) and factoring (costing 5–10%), increasing costs by an estimated trillion dollars and also slowing down transactions. Such costs could be reduced substantially, using blockchain technology that will eliminate intermediaries by establishing trust between buyers and sellers. There are several startups, among them, Skuchain, aiming its blockchain technology at the intersection of payments (letter of credit or wire transfer), finance (operating and short-term trade loans) and Provenance focusing on
170
Blockchain Technologies and Crypto-Currencies
tracking the authenticity and social and environmental credentials of goods from the source all the way to the final consumer. In addition to startups, big companies like Walmart, are also aiming at exploiting the advantages of blockchain technology to improve efficiency and reduce supply chain costs [8].
IoT Blockchain could revolutionize the IoT if applied securely to the estimated 8.5–20 billion of connected IoT devices that existed in 2017 and are expected to grow to 1 trillion by 2020. Exploiting the information generated by IoT devices intelligently can transform our homes and cities and have a profound effect on the quality of our lives while saving energy. According to Compton [9], “Because blockchain is built for decentralized control, a security scheme based on it should be more scalable than a traditional one. And blockchain’s strong protections against data tampering would help prevent a rogue device from disrupting a home, factory or transportation system by relaying misleading information”. Eciotify, a startup, specializing in applying blockchain to the IoT, plans to roll out applications utilizing blockchain technology for IoT devices.
Decentralized Cloud Storage Computer storage was decentralized in individual computers until about a decade ago when Dropbox was founded providing the first, modern, centralized cloud storage unit. Since then cloud computing was introduced revolutionizing applications by encouraging firms to outsource their storage needs to the likes of Amazon, Google or Microsoft Web Services. The advantage of such services was lower costs and greater reliability. Blockchain technology aims to re-decentralize computer storage to individual computers all over the world. According to experts [10], there are three major reasons for such a switch. First, the cost of most cloud services is around $25 per terabyte per month while the corresponding one of blockchain storage is 12.5 times cheaper at $2 per terabyte/month. Second, there is greater security as blockchain data is encrypted, meaning that only users holding the appropriate keys can view it (data stored in commercial cloud services could be viewed by third parties). Finally, blockchain cloud storage is immutable while providing a record of all historical changes done on the data.
Blockchain: The Next Breakthrough in the Rapid Progress of AI
171
Certification One of the great promises of blockchain technology is that it can serve as a decentralized, permanently unalterable storage alternative for all types of information, or assets, not just as a currency or payment system. This makes the technology a prime tool for certifying all sorts of information, transactions, documents and records. What has attracted the greatest interest, however, is the certification of data (with the startup Stampery being the leader) and of identities (with the startup ShoCard being the leader). There are many, additional areas where certification using blockchain technology can be applied including the issuing of IDs and even voting.
OTHER BLOCKCHAIN APPLICATIONS There are many additional applications exploiting blockchain technologies. These include true decentralized ride-sharing services (Uber and Lyft are actually centralized taxi services) like those offered by La’Zooz and Arcade City. Stratumn, a platform aiming to automate auditing, Synereo whose purpose is to aid users to create content, publish and distribute it online, Docusign offering the eSigniture solution and Steem, a social media platform where anyone can earn rewards, with some of these startups already operational while others are still being developed.
SPECIALIZED BLOCKCHAIN VC FIRMS AND GEOGRAPHICAL DISTRIBUTION OF FUNDING According to FinTech News, in Switzerland eight major Venture Capital Firms have invested more than $1.55 billion in bitcoin and blockchain startups since 2012. Country wise the USA dominates the race with 55% of the total, followed by UK with 6%, Singapore with 3% and Japan, South Korea and China with 2% each. As interest in blockchain technologies increases, it is expected that VC investments will increase too accelerating the number of available applications.
ETHEREUM Ethereum, like bitcoin, is a distributed public blockchain network (developed by the non-profit Swiss foundation of the same name) upholding its unique capabilities (Trust, immutability/transparency, disintermediation, low costs) but with the additional three:
Blockchain Technologies and Crypto-Currencies
172
•
•
•
Running applications exactly as programmed without any possibility of downtime, censorship, fraud or third-party interference. Enabling developers to build and deploy decentralized applications, serving specific purposes that become part of the blockchain network and as such not controlled by any individual or central entity which is the case of Internet applications. Exploiting the ethereum virtual machine (EVM) to run any desired program, written in any programming language, by using the EVM developers, without the need to create blockchain applications from scratch but can utilize the thousands of existing ones already available (one type of such applications can be smart contracts).
Blockchain Technologies: Future Prospects and Major Challenges Blockchain is becoming one of the most remarkable technologies since the appearance of the Internet [11]. The large number of innovative applications based on this technology and the great interest shown from business firms, government organizations and individuals is mainly due to its ability to assure trust between parties that do not know each other, guarantee the safety of transactions and attest to the trustworthiness of the information, in addition to its other advantages. The interest in the technology can be seen from the Consensus Blockchain Conference, held in May 2017, which attracted more than 2000 participants and was just one of the more than 200 conferences held during 2017, as well as the more than 110 startups established in recent years and the exponentially increasing number of students attending blockchain programs. For instance, in the University of Nicosia’s online blockchain course, there were 164 registrations from all over the world in 2017, versus 23 when this program was offered for the first time in 2013. In addition, there are 5495 registrations, from all five continents, who follow its MOOC class this year, versus 642 when it was first offered in the Spring of 2014. These numbers show the growing interest from the part of students while the university’s blockchain placement office receives numerous requests each week from companies asking for graduates from its blockchain programs that could work for them. The previous section of this chapter covered the blockchain technology and the various applications already, or in the process of, being implemented.
Blockchain: The Next Breakthrough in the Rapid Progress of AI
173
This section discusses its future prospects and the challenges until its widespread adoption by business firms, governmental organizations and individuals. Faster and cheaper computers, lower storage costs and a host of specialized applications (some of them already discussed in the previous section) will accelerate its widespread adoption and will produce disruptive changes that will become revolutionary when blockchain is combined with AI algorithms, exploiting the advantages of both technologies. There are always the doubters saying that blockchain is overhyped [12, 13] but the same was true when the Internet was in its infancy back in 1995. In a Newsweek article in February of that year, Clifford Stoll, a computer expert, wrote “Baloney. Do our computer pundits lack all common sense? The truth is no online database will replace your daily newspaper, no CDROM can take the place of a competent teacher and no computer network will change the way government works” [14].
FUTURE PROSPECTS Recently, Christine Lagarde, IMF’s Managing Director, gave a talk at the Bank of England entitled “Central Banking and FinTech, A Brave New World?” [15] providing her views of banking and policy making in the year 2040. Her talk concentrated on three themes (virtual/digital currencies, new models of financial intermediation and AI, all three major concerns of this paper too) and how they will affect the future as well as what should be done to deal effectively with the challenges they will pose. Her advice was “we− as individuals and communities−have the capacity to shape a technological and economic future that works for all”, adding that we have a responsibility to make it work, assuring that humans will be needed for all important decisions, even though machines will certainly play a greater role as time passes.
Governments Adopt Blockchain for their Entire Operations Some countries are experimenting with blockchain while a few are ahead in adopting the technology in some functions of their operations. Estonia is a pioneer having already applied blockchain-based services in eHealth, eSecurity and eSafety, eGovernment Services and eGovernance (including iVoting), estimating that such services save 100 years of working time for its 1.3 million citizens. Countries like Sweden follow Estonia’s example while Dubai plans to implement blockchain to its entire government by 2020, reducing CO2 emission by 114 million tons a year from fewer trips
174
Blockchain Technologies and Crypto-Currencies
and saving 25.1 million hours and $1.5 billion annually from productivity increases in document processing alone [16]. According to an IBM sponsored survey [16], 9 in 10 government executives plan to make blockchain investments in financial transactions, asset and contract management and regulatory compliance by 2018. Figure 1 shows the expectation of these executives to implement blockchain. According to the Economist’s article [17], governments may become big backers of blockchain technology as they come to understand its benefits that according to Brian Forde, of the Massachusetts Institute of Technology, is the driving force behind its widespread adoption. According to Figure 1 and Forde, the future will probably witness a considerable number of blockchain applications in all areas of governmental operations.
Figure 1: First to finish: Respondents’ expectations of when they will have blockchains in productions and at scale.
Certificates and IDs are issued exclusively on blockchain: toward the end of 2017, the Dubai Land Department became the world’s first government entity to conduct all its transactions through Blockchain technology [18]. Along the same direction, the Swedish National Land Survey and FinTech startup ChromaWay will test launch an initiative to put all land title records on Blockchain, and thereby safeguard the rights and interests of genuine property owners, eliminating or seriously reducing the chance of fraud [19]. Land records is just the tip of the iceberg, with all government (IDs, Passports, Driver Licenses, Birth Certificates, etc.) and educational certificates (Graduation Diplomas, Records of Programs/ Courses taken, etc.) of potential candidates to be issued using blockchain technology. It is highly likely, therefore, to see a surge for this to happen with considerable cost savings, reduced bureaucracy and improved level of services.
Blockchain: The Next Breakthrough in the Rapid Progress of AI
175
Virtual (Digital or Crypto) Currencies are Adopted While governments are buoyant about adopting blockchain for their operations, they are not so sure about virtual currencies, such as bitcoins, afraid of being used for tax evasion and possible criminal activities associated with the dark web. At present, the legal status of virtual currencies varies considerably from one country to another, with no indications of what countries plan to do in the future. China’s recent decision to ban Initial Coin Offerings (ICO), calling them ‘illegal fundraising’ [20] as well as that of Russia to block cryptocurrency exchanges, are an indication of how virtual currencies are being treated by governments. At the same time, some countries (Switzerland, Singapore, South Korea, Japan, Dubai and Bahrain) are more open to adopt virtual currencies alongside their legal money, while others are openly hostile to its adoption. At the same time, international bodies like IFM encourage such an adoption, initially at least from countries with weak institutions and unstable national currencies. As time passes and the problems of volatility and hacking are addressed, virtual currencies are likely to play a complemental role, supplementing national ones, in trade and financial transactions, among others. However, at present, their future prospect is uncertain.
eHealth RECORDS For health records to be useful they must be shared among doctors, laboratories, hospitals, pharmacies, government health agencies, insurance companies and researchers while, at the same time, protecting patients’ privacy against unauthorized usage and breached health records. Although the challenge for doing so is tremendous, the Estonian eHealth Foundation is operating with considerable benefits, as a secure health record system that can become an example for other countries to follow, although it may be more difficult given the complexities of implementing the system in larger nations. In the USA, there are serious efforts to implement a blockchain health system that among other achievements can reduce fraudulent claims that are estimated at around 5–10% of health care costs at present. The challenge is how to digitize and standardize all health records, some of which are hand written. One system being developed to do so is MedRec [21] that according to its developers “doesn’t store health records or require a change in practice. It stores a signature of the record on a blockchain and notifies the patient, who is ultimately in control of where that record can travel. The signature assures that an unaltered copy of the record is
176
Blockchain Technologies and Crypto-Currencies
obtained. It also shifts the locus of control from the institution to the patient, and in return both burdens and enables the patient to take charge of management” [22]. According to Das [23], blockchain will probably play a significant role in the healthcare industry as it has started “to inspire both relatively easily achievable and more speculative potential applications”. Healthcare authorities, governments and providers are excited about the available possibilities and are investing to achieve them, although these achievements maybe more evolutionary than abrupt.
Business Firms Adopting Blockchain for their Internal Operations and External Transactions Blockchain, as discussed, is a distributed ledger of trustworthy digital records whose safety is assured and its history can be traced as new data is added and chained, at the end of old ones while no information can be erased. Businesses that can leverage these unique advantages can harness significant gains in efficiency, including lower costs, more effective auditing (the data is immutable) and eliminating, or making fraud practically impossible.
The Banking and Financial Sector and FinTech Firms Blockchain technology can be used for secure and direct alternatives to the complex and expensive banking processes used today, reducing transaction costs from $25 to less than a single dollar and avoiding costly intermediaries [3]. Such a huge saving has obliged practically all major banks to test the technology and many of them have joined R3, a startup developing Corda, a blockchain-based platform geared toward the banking industry. Corda and similar platforms will transform the sector by simplifying operations, eliminating intermediaries, reducing operating costs and offering a wide variety of new, innovative products and services, in addition to opening up banking to billions of people who are excluded at present. Financial firms face similar challenges as banks. In remarks at a FinTech-focused conference at the end of September 2017, Yasuhiro Sato, the president and CEO of the Mizuho Financial Group, said “the technology could ‘change the strategies of international financial institutions,’ adding ‘we should have the courage’ to make the shift to blockchain now”. The Japanese Bankers Association (JBA) announced earlier in September 2017 that it will partner with IT provider Fujitsu to test the viability of using a blockchain across financial services. Blockchain will transform the banking/financial sectors, as FinTech startups
Blockchain: The Next Breakthrough in the Rapid Progress of AI
177
are disrupting incumbents by developing innovative blockchain platforms and offering new products/services at lower prices.
SUPPLY CHAIN OPERATIONS As mentioned, supply chain transactions are dominated by paper-based, timeconsuming and bureaucratic procedures, involving banks, financial firms and custom agencies among others. In the future blockchain can eliminate the paper trail and introduce trust among the various players while also assuring firms receiving materials/parts and consumers on the authenticity of goods (from the raw materials to the final product). This can be done, for instance, by installing RFID tugs that can immutably record every movement of material/product, guaranteeing its provenance and testifying its physical presence, thus, eliminating the need for letter of credits, factoring and detailed inspections. Moreover, the optimization of supply chain can be achieved at present using AI for its logistics part (scheduling and planning) while it can be extended in the future to automate the majority of supply chain transactions (in conjunction with smart contracts) that could include the majority of AI transactions.
VA (Autonomous Vehicles) and IoT (Internet of Things) The safety provided by blockchain technology is indispensable for the smooth running of self-driving vehicles and the untroubled functioning of IoT devices. By 2020, it is estimated that a sizable number of AVs will be on the road while there will be more than 1 trillion IoT gadgets, providing a unique challenge for blockchain technology to provide interconnectivity for all AVs and the smooth integration of the trillion of IoT devices. The implications are immense. If AVs are interconnected, they could communicate traffic jams, facilitate car sharing, receive and make payments and select the best insurance option among other tasks that can be performed using blockchain. Interconnected IoTs can optimize the functioning of all its devices, say at home, setting optimal temperatures, reducing energy consumption, ordering food and checking and paying utility bills.
SMART BLOCKCHAIN CONTRACTS INSTEAD OF LAWYERS Despite being in their infancy, smart contracts hold the potential to become a groundbreaking legal innovation, becoming a cornerstone of future
Blockchain Technologies and Crypto-Currencies
178
commerce. At present, there are several problems limiting its applicability as a legal document [24]. Once these problems can be resolved, they can safely move assets around, interact with IoT devices and automate many businessrelated processes that demand human resources. How smart contracts will affect lawyers and law practices is debatable, with some predicting a serious decline in the need for lawyers [25] or at least providing an alternative to expensive legal practices.
DECENTRALIZED AUTONOMOUS ORGANIZATIONS (DAOS) DAO is another major innovation of blockchain technology. A DAO is a company without a CEO, managers, employees or office buildings. It is created and run based on the computer code included in a smart contract. Although, the first DAO firm was hacked and its assets were stolen [26], the potential for DAOs are significant once the technical security problems are resolved. For instance, there is no reason for portfolio funds solely investing in market indexes to pay expensive executives, employ personnel and occupy offices when they can be run more effectively as a DAO, open 24/7. There are immense possibilities to be exploited, leading to great cost reductions and more efficient operations as DAOs, once perfected, are not prone to human errors.
OTHER APPLICATIONS There are numerous, additional applications of the blockchain technology pointing to substantial improvements. Some of them are listed below while there is practically no limit to future ones being developed and implemented •
Blockchain-enabled energy trading saving millions of dollars per year. • Maritime insurance, reducing costs, decreasing fraud and speeding up the settlement of claims [27]. • Identifying epidemics faster while avoiding to cause panic [28]. • Educational material can be exchanged safely among academic institutions while safeguarding the intellectual rights of the writers [29]. As the adoption of new technologies has accelerated over time [30], the same phenomenon would probably occur with blockchain, resulting
Blockchain: The Next Breakthrough in the Rapid Progress of AI
179
in more applications and faster penetration rates allowing us to exploit its considerable benefits in record time and witnessing quickening progress in the field.
CHALLENGES The blockchain challenges can be classified as general, referring to the technology itself and specific ones concerning virtual currencies. General: adapting the blockchain technology and integrating it with existing IT systems may require significant changes, or even complete replacement of such systems, considerable initial investments and difficulties in hiring personnel to implement the technology. Although these problems are important, ready-made solutions and open systems may alleviate them, which are no different to when the Internet or other new technologies were first introduced. Another concern is the high electricity consumption required to run all of the computers in the network that some estimate to be equal to that of Ireland [31]. To avoid this problem alternative technologies to pure blockchain have been developed and utilized. DeepMind, for instance, uses a method called Merkle trees to track data changes without requiring verification from all networked machines. Such trees allow the efficient and secure verification of the contents of large data structures when the major objective is the safety and immutability of the data rather than ensuring trust between the parties involved. Similarly, the “algorand” algorithm [32] substantially reduces the amount of computations required and possesses additional desirable properties. In the future, transaction speeds, verification times and data limits will further improve through innovations in order to deal with the exponentially growing number of transactions. Specific: virtual currencies are currently too volatile and therefore too risky to be acquired by the public while the fear of hacking and fraud is present. In addition, dealing with technical problems such as programming bugs in the code of smart contracts must be dealt with, as their consequences when the contracts are executed are critical. Finally, the problem of scalability of the blockchain technology must be addressed as some platforms are reaching their capacity and storage limits. The hope is that as prices rise so will the need for innovative solutions that will eventually solve practically all problems.
180
Blockchain Technologies and Crypto-Currencies
Combining Blockchain and AI As we have shown in this chapter, blockchain is a groundbreaking technology permitting the safe and reliable storage and transmission of data, among its other advantages. AI, on the other hand, is a revolutionary technology that can learn on its own by analyzing and discovering patterns in massive amounts of (big) data. There is, therefore, a natural complementarity between the two, as blockchain safely stores/transmits trustworthy data while AI requires huge amounts of reliable data to discover patterns and learn. In this section, we discuss the complementarity between the two technologies and consider the breakthrough innovations that could result by marrying them. The potential benefits are expected to be in the areas of medicine, autonomous vehicles (AV), smart contracts, Internet of Things (IoT), decentralized autonomous organizations (DAOs) and many additional areas of applications, not yet conceived at present. In many cases, AI could not be used without the assurance of the safety and reliability of the data provided by blockchain and vice versa the value of many blockchain applications will be limited without AI. Two examples can illustrate the complementarity and mutual benefits of joining blockchain and AI. Consider AVs in the simple case, as more carmakers adopt “over the air (OTA)” software updates for their increasingly connected and autonomous cars the risk of a hacker hijacking and stealing the car will also increase. In a worse-case scenario, a car can be forced to cause accidents or create traffic jams while the worst possibility would be to hijack and program the car to accomplish simultaneous terrorist attacks in many cities. Similarly, if IoT devices can be hacked, a home’s security will be compromised, or its equipment can malfunction. Therefore, the safety provided by blockchain is indispensable for the smooth utilization of AVs and IoTs. On the other hand, consider a smart contract application that depends on some environmental assumptions for its correct execution. Such a contract would be outdated once some of these assumptions do not hold, making AI monitoring imperative in order to allow learning and determining on its own when the environment has changed. Although at present the blockchain and AI technologies may not be at the point of being successfully combined, the prospects for doing so in the near future are encouraging, motivated by the substantial expected benefits. The remainder of this section describes such advantages, clearly recognized in China where the first alliance for integrating artificial intelligence and blockchain is being established to harness these benefits [33].
Blockchain: The Next Breakthrough in the Rapid Progress of AI
181
GOVERNMENT OPERATIONS Governments, apart from some pioneering ones already mentioned, are slow in adopting new technologies and blockchain and AI are no exceptions, particularly when AI as a technology is still in a developmental stage, apart from some applications in games and those involving language and image recognition [34]. This does not mean that there will not be significant progress in the future, as the steepest progress in AI only occurred a few years ago. At present, however, the majority of AI applications are centered on digital assistants, answering questions in natural language and in image, including face recognition techniques [35]. The future prospects however are huge, with estimated benefits running into the billions. AI applications could range from fighting tax evasion to establishing monetary and fiscal policies. The catchword of “cognitive AI”, if it becomes a reality, can have profound implications in not only saving billions but also providing higher quality services to the public and increasing the level of democratization. Some governments such as those of Dubai are planning to introduce Blockchain into their entire operations reducing bureaucracy, improving their efficiency, reducing waste and pollution and saving billions in the process.
DIGITAL CURRENCIES It is not obvious how AI can be combined with the blockchain technology used in bitcoins and other cryptocurrencies, although this could be achieved in the future when DAOs and robots will be introduced, owning property and holding assets. In such a case, they will have to use AI to make the necessary M2M transactions or using bitcoins for making and receiving payments.
eHealth While blockchain can assure safety and reliability, adding AI capabilities can greatly benefit the health sector. At present AI is mainly used for detecting abnormalities in X-rays and CT scans, a task performed at least as accurately as humans can, and for assuring a greater level of personalized medicine. According to experts, the future holds significant inventions given the momentous benefits that can be achieved by reducing medical costs and improving the quality of medical care. For this reason, all big players (Google, Microsoft, Apple and Amazon), as well as a host of startups are actively exploring AI for medical applications, aimed at improving the more effective utilization of patients’ data, the accuracy of diagnosis, providing better recommendations, based on evidence-based research findings, and
182
Blockchain Technologies and Crypto-Currencies
several other possibilities. These applications are on top of improvements in robotic surgery and digital advice provided though smartphone applications. According to Accenture [36], key clinical health AI applications can potentially create $150 billion in annual savings for the United States healthcare economy by 2026.
THE BANKING AND FINANCIAL SECTOR The benefits of AI for the back office of banks and financial firms are widespread, as large histories of data are available. For a long time before AI was introduced, risk and fraud detection was predictive with great success using statistical decision rules. AI has improved such rules to a new level by allowing learning through the analysis of a huge amount (big) of data to identify patterns and improve decision-making. Klarna, a Swedish e-commerce company, provides instant evaluation of customers’ credit worthiness for buying goods without a credit card. The same task is done by the Chinese Yongqianbao and several other firms. In addition, “AI technology is being used to find the speediest way to execute trades, to make bets on market momentum, and to scan press releases and financial reports for keywords that could signal that a stock will rise or fall” [37]. However, this is not the same with more accurate forecasting. Unfortunately, stocks and commodities behave like random walks and cannot be predicted any better than using the most recent price for future ones, according to efficient market theory [38]. For instance, in a recent study conducted by one of the authors of this paper [39], comparing statistical and AI (ML or NN) forecasting methods, it was found that the former were more accurate than the AI ones, half of which were less accurate than a random walk benchmark. Clearly, present AI applications in banking and finance are just the tip of the iceberg and soon the power of AI to deliver better experiences, lower costs, reduce risks and increase revenues will become a reality and they may even progress to more accurate forecasting. A prime example of successful AI applications is Numerai [40], a San Francisco hedge fund that makes trades using machine-learning models built by thousands of anonymous data scientists paid in bitcoin. Another is Polychain, a fund that buys bitcoin and other digital currencies and invests in a radically new breed of businesses owned, funded, and operated entirely by decentralized networks of anonymous online investors.
Blockchain: The Next Breakthrough in the Rapid Progress of AI
183
SUPPLY CHAIN OPERATIONS Blockchain technology is already utilized in supply chains while its integrations with AI is still in its infancy apart from its logistic part (what used to be the old scheduling/planning tasks) which is used extensively by some firms [41]. The challenge is in the future to extend AI to the remaining parts of the supply chain. Amazon, a pioneer in AI, has moved beyond just responding to customer demands by developing a whole profile for each customer and using such data in its AI applications. Manish Chandra and Anand Darvbhe of Accenture [42] point out, “The use of AI in supply chains will ultimately result in spawning an ecosystem where supply chains link themselves with each other, enabling seamless flow of products and information from one end to the other”,completely automating the process and achieving significant benefits in the process.
AV AND IoT Employing AI to AVs can go beyond just following a set course for taking its passengers from point A to B by continuously analyzing traffic information from connected AVs and learning to determine the route depending on the time, the day, the weather conditions and a host of other factors. Moreover, it can even modify the course of a journey, if necessary, when the AI determines that traffic patterns are changing. Similarly, IoTs devices can go beyond setting temperatures and ordering food by using AI to predict what the owners want and modify the settings to satisfy their evolving desires.
Cognitive Blockchain Smart Contracts (IBM) and DAO IBM is experimenting with turning smart contracts into “cognitive contracts” that can learn and adapt using AI [43]. This can be done by identifying pattern changes in the data, recognizing interesting interactions, detecting suspect activities, etc., in order to make recommendations for updating the smart contracts and taking specific actions based on insights gained from AI. Clearly, such cognitive contracts can be applied to DAOs to improve their effectiveness and value.
Matrix Chain: Merging Blockchain and AI Lately, efforts are being made to integrate AI and blockchain technologies into a single application. At the technical level this has been attempted by a new type of blockchain called the “MATRIX Chain” [44] whose aim is to
Blockchain Technologies and Crypto-Currencies
184
merge blockchain and AI and set the path toward blockchain 3.0. The benefits that such technology will bring to distributed ledger technology comes down to making blockchain smarter and adding its ability to evolve through selflearning without the need to introduce AI as a separate technology. A summary of the major applications integrating blockchain and AI is presented in Table 1, also showing an estimate of the extent of usage of each of the two technologies and the direction of what would need to be done to improve their future integration. Table 1: Major applications, their current utilization of BC/AI and their future requirement Major applications
Application uses mostly
Government operations Digital currencies
Future requirements More AI More BC Neither BC/AI* Yes Yes BC Yes
eHealth Banking
BC BC
FinTech
AI
Supply chain Autonomous vehicles (AV)
Little BC All AI
Yes
Internet of Things (IoT)
All BC
Yes
Smart contracts
All BC
Yes
DAOs
BC
Yes
Yes Yes
Yes Yes Yes Yes
Apart from exceptions as Estonia and a few other countries.
*
CONCLUSIONS Blockchain technology, according to Muneeb Ali, Blockstack CoFounder, “can help us advance from a ‛don’t be evil’ world to a ‛can’t be evil’ world”. Blockchain transactions assure trust and reliability, improve security and remove intermediaries from value chains. In a chapter, Tasca and Ulieru [3] state that, in a not-so-distant future, our economic structure will be organized around person-to-person decentralized platforms that could enable real sharing of marketplaces without intermediaries and central hubs, where all transactions between consumers and service providers will be done through decentralized, person-to-person networks. They discuss Uber
Blockchain: The Next Breakthrough in the Rapid Progress of AI
185
and Airbnb as examples. Both companies create extra value exploiting their monopolistic advantage, derived from their centralized, proprietary software platforms, which allow them to dictate their conditions to drivers/owners and customers. LaZooz, using blockchain technology, on the other hand, has developed a decentralized transportation platform owned by the community, utilizing vehicles’ unused space to create a variety of smart transportation solutions. LaZooz works with a “Fair Share” rewarding mechanism sharing value creation among developers, users and backers. Similarly, Slock (an Italian startup), uses open source blockchain technology, to develop the Universal Sharing Network (USN) to eliminate Airbnb’s monopolistic advantages. In addition to startups, established companies also seek to exploit the advantages of blockchain technology and diminish the monopolistic advantages of Internet giants. The CEO of TUI, the largest tourist firm in the world, believes that blockchain technology will break the almost “monopolistic” hold that Priceline, Expedia, Booking.com and Airbnb have today in the lodging and distribution ecosystem [45]. He believes that these firms create superior margins because they take advantage of their monopolistic power and that blockchain will destroy that. TUI, he explained, has already moved all of its contracts into its private blockchain. “We are using it today predominantly to have mechanisms to swap bedstock between different PMSs [Property Management Systems],” he said. “The next step is that the whole inventory will be on the blockchain.” Then using smart contracts, which are simply code snippets that execute automatically on the blockchain, Joussen argues it can easily manage and automate a large part of bedstock and hotel capacity between all the markets TUI operates. Clearly, TUI is not the only company developing blockchain applications. So, the critical question is how all these applications will affect the competitive landscape and how innovative startups will utilize blockchain technologies to disrupt established players and create the corresponding success stories of Amazon, Google and Facebook, among others, in the emerging Internet of value. In answering this question, we should have in mind Amara’s law that states, “We tend to overestimate the effect of a technology in the short run and underestimate the effect in the long run”. We strongly believe that in the long term, the Internet of Value will bring changes of equal or greater magnitude to those of the existing Internet of communications. The critical question is how to recognize such changes as soon as possible and how to profit by implementing them to gain competitive advantages. There is little doubt in our minds that in the next
186
Blockchain Technologies and Crypto-Currencies
couple of decades, innovative, entrepreneurial startups marrying blockchain and AI technologies will disrupt established industry leaders such as Google, Amazon, Facebook, Uber and Airbnb, although they may not reach their size because of the limitations being imposed by the decentralized attributes of the blockchain technology. For us, the most interesting question is “who and in what areas are going to emerge the new Googles, Baidus, Facebooks, Amazons and Alibabas and how will they successfully exploit blockchain and AI, although such a marriage may still be several years away?”
Blockchain: The Next Breakthrough in the Rapid Progress of AI
187
REFERENCES 1.
IBM. IBM Study: C-suite executives exploring Blockchain aim to disrupt, Not Defend; 2017 2. McKendrick J. Blockchain as Blockbuster: Still Too Soon to Tell, But Get Ready. Forbes; 2017 3. Prisco G. Move Over Uber: Blockchain Technology Can Enable Real, Sustainable Sharing Economy; 2016. Available: https:// bitcoinmagazine.com/articles/move-over-uber-blockchaintechnologycan-enable-real-sustainable-sharing-economy-1480629178/. Last accessed 30 October, 2017 4. CBInsights.Com. Banking Is Only The Beginning: 36 Big Industries Blockchain Could Transform. 2018. Available: https://www. cbinsights.com/research/industries-disruptedblockchain/?utm_sourc e=CB+Insights+Newsletter&utm_campaign=fa48df10a8-ThursNL_ 02_01_2018&utm_medium=email&utm_term=0_9dc0513989fa48df10a8-90141994 5. Tasca P, Aste T, Pelizzon L, Perony N, editors. Banking. Beyond Banks and Money: Springer International Publishing; 2017 6. Kocianski S. The blockchain in banking report: The future of blockchain solutions and technologies. 2017 Available: http://www. businessinsider.com/blockchain-in-banking-2017-3. Last Accessed 30 October, 2017 7. Christidis K, Devetsikiotis M. Blockchains and smart contracts for the internet of things. In: IEEE Access. 2016. DOI: 0.1109/ ACCESS.2016.2566339 8. Lohade N. Dubai Aims to Be a City Built on Blockchain, WSJ. 2017 9. Compton J. How Blockchain Could Revolutionize The Internet Of Things. 2017. Available: https://www.forbes.com/sites/ delltechnologies/2017/06/27/how-blockchain-could-revolutionizethe-internet-of-things/#7617423b6eab. Last Accessed 30 October, 2017 10. Maor R. Cloud Computing: The Future Belongs to Blockchain. . 2017 Available: http:// www.forbes.co.il/news/new. aspx?Pn6VQ=L&0r9VQ=EIMKF. Last Accessed 30 October, 2017 11. Marvin R. Blockchain: The Invisible Technology That’s Changing the World. 2017. Available: https://www.pcmag.com/article/351486/ blockchain-the-invisible-technologythats-changing-the-wor. Last
188
12.
13.
14.
15.
16. 17. 18.
19.
20.
21.
22.
Blockchain Technologies and Crypto-Currencies
Accessed 30 October, 2017 Bloomberg J. Eight Reasons To Be Skeptical About Blockchain. 2017. Available: https:// www.forbes.com/sites/jasonbloomberg/2017/05/31/ eight-reasons-to-be-skeptical-aboutblockchain/1. Last Accessed 30 October, 2017 Flieswasser K. Will blockchain disrupt or go bust?. 2017 Available: https://www.topbots.com/6-challenges-preventing-widespreadblockchain-technology-adoption/. Last Accessed 30 October, 2017 Stoll C. Why the web won’t be nirvana. 1995. Available: http://www. newsweek.com/ clifford-stoll-why-web-wont-be-nirvana-185306. Last Accessed 30 October, 2017 Lagarde C. Central Banking and Fintech—A Brave New World?. 2017 Available: https:// www.imf.org/en/News/Articles/2017/09/28/ sp092917-central-banking-and-fintech-abrave-new-world. Last Accessed 30 October, 2017 Smart Dubai. Dubai blockchain strategy. 2016. Available: http://www. smartdubai.ae/ dubai_blockchain.php. Last Accessed 30 October, 2017 Economist (The). Intelligence Unit Artificial Intelligence in the Real World: The business case takes shape, London. 2016 Gulf News. Dubai has world’s first government entity to conduct transactions through Blockchain network. 2017. Available: http://gulfnews.com/business/property/dubaihas-world-s-firstgovernment-entity-to-conduct-transactions-through-blockchainnetwork-1.2101819. Last Accessed 30 October, 2017 Rajashekara M. 3 Ways In Which Fintech Is Riding The Blockchain Wave. 2017. Available: http://www.huffingtonpost.in/rajashekarav-maiya/3-ways-in-which-fintech-is-ridingthe-blockchainwave_a_21876915/. Last Accessed 30 October, 2017 BBC. China bans initial coin offerings calling them ‘illegal fundraising’. 2017 Available: http://www.bbc.com/news/business-41157249. Last Accessed 30 October, 2017 Ekblaw A et al. A case study for Blockchain in healthcare: “MedRec” prototype for electronic health records and medical research data. IEEE Conference August. 2017;2016:22-24 Halamka D, Lippman A, Ekblaw A. The Potential for Blockchain to Transform Electronic Health Records. 2017. Available: https://hbr. org/2017/03/the-potential-for-blockchain-totransform-electronic-
Blockchain: The Next Breakthrough in the Rapid Progress of AI
23.
24.
25.
26.
27.
28.
29.
30. 31. 32. 33.
189
health-records. Last Accessed 30 October, 2017 Das R. Does Blockchain Have A Place In Healthcare?. 2017 Available: https://www. forbes.com/sites/reenitadas/2017/05/08/doesblockchain-have-a-place-in-healthcare/. Last Accessed 30 October, 2017 Agrello. How to Make Smart Contracts Worthy of Their Name Using Artificial Intelligence. 2017. Available: https://blog.agrello.org/ how-to-make-smart-contracts-worthy-of-their-name-using-artificialintelligence-3a90e4dd3c47. Last Accessed 30 October, 2017 Artificiallawyer.com. OpenLaw Brings Legal Norms to Blockchain Token Transactions 2017. Available: https://blog.agrello.org/howto-make-smart-contracts-worthy-of-theirname-using-artificialintelligence-3a90e4dd3c47. Last Accessed 30 October, 2017 Levine M. Blockchain Company’s Smart Contracts Were Dumb. 2016. Available: https:// www.bloomberg.com/view/articles/2016-06-17/ blockchain-company-s-smart-contractswere-dumb. Last Accessed 30 October, 2017 EY.com. EY, Guardtime and industry participants launch the world’s first marine insurance blockchain platform 2017. Available: http:// www.ey.com/gl/en/newsroom/ news-releases/news-ey-guardtimeand-industry-participants-launch-the-worlds-firstmarine-insuranceblockchain-platform. Last Accessed 30 October, 2017 Jones B. The CDC Wants to Use Blockchain as a Weapon Against Deadly Epidemics. 2017. Available: https://futurism.com/the-cdcwants-to-use-blockchain-as-a-weapon-againstdeadly-epidemics/. Last Accessed 30 October, 2017 Acheson N. Blockchain and Education: A Big Idea in Need of Bigger Thinking. 2017. Available: https://www.coinndesk.com/blockchaineducation-big-idea-need-biggerthinking/. Last Accessed 30 October, 2017 McGrath RM. The Pace of Technology Adoption Is Speeding up, Harvard Business Review. 2013 O’Dwyer KJ, Malone D. Bitcoin Mining and Its Energy Footprint, ISSC 2014/CIICT 2014, Limerick. 2014 Chen J, Micali S. Algorand. Technical report, 2017. URL http://arxiv. org/abs/1607.01341 AIES. First Alliance for the Development of Artificial Intelligence
190
34.
35.
36.
37.
38. 39.
40.
41.
42.
Blockchain Technologies and Crypto-Currencies
and Block Chain Technologies will be Established in China for the Development of Integration of the two Technologies. 2017 Available: http://aies.in/first-alliance-development-artificial-intelligence-blockchain-technologies-will-established-china-development-integrationtwotechnologies/ Last Accessed 30 October, 2017 Pontin J. Greedy, Brittle, Opaque, and Shallow: The Downsides to Deep Learning, Wired.Com. 2018 Available: https://www.wired.com/story/ greedy-brittle-opaque-andshallow-the-downsides-to-deep-learning/ Deloitte. AI-augmented government: Using cognitive technologies to redesign public sector work, The Deloitte Center for Government Insights 2017 Accenture. Why the artificial intelligence is the future of growth. 2017. Available: https:// www.accenture.com/us-en/insight-artificialintelligence-future-growth. Last Accessed 30 October, 2017 Satariano A, Kumar N. The Massive Hedge Fund Betting on AI. 2017 Available: https:// www.bloomberg.com/news/features/2017-09-27/ the-massive-hedge-fund-betting-on-ai. Last Accessed 30 October, 2017 Malkiel BG. A Random Walk Down Wall Street: The Time-Tested Strategy for Successful Investing. New York: W.W. Norton; 2017 Makridakis S, Spiliotis E, Assimakopoulos V. The accuracy of machine learning (ML) forecasting methods versus statistical ones: Extending the results of the M3-competition. 2017. In: UNIC Working Paper. 2017 Craib R. A New Cryptocurrency For Coordinating Artificial Intelligence on Numerai. 2017. Available: https://medium.com/numerai/a-newcryptocurrency-for-coordinatingartificial-intelligence-on-numerai9251a131419a. Last Accessed 30 October, 2017 CB Insights. Amazon Strategy Teardown: Building New Business Pillars In AI, NextGen Logistics, And Enterprise Cloud Apps. 2017. Available: https://www.cbinsights. com/research/report/amazonstrategy-teardown/. Last Accessed 30 October, 2017 Chandra M, Darbhe A. Artificial Intelligence: The next big thing in Supply Chain Management. 2016. Available: http://www. financialexpress.com/industry/artificialintelligence-the-next-bigthing-in-supply-chain-management/329033/. Last Accessed 30 October, 2017
Blockchain: The Next Breakthrough in the Rapid Progress of AI
191
43. IBM, Building Trust in Government: Exploring the Potential of Blockchain, IBM Institute of Business Value and the Economist Intelligence Unit, London. 2017 Available: https:// www-03.ibm.com/ press/us/en/pressrelease/52418.wss. Last Accessed 30 October, 2017 44. Hebblethwaite C. Merging blockchain and AI with MATRIX Chain. 2017. Available: https://www.blockchaintechnology-news. com/2017/08/08/merging-blockchain-aimatrix-chain/. Last Accessed 30 October, 2017 45. Montali D. Blockchain Will Disrupt Expedia and Airbnb, TUI CEO Says. 2017. Available: https://skift.com/2017/07/11/blockchain-willdisrupt-expedia-and-airbnb-tui-ceo-says/. Last Accessed 30 October, 2017
SECTION III: INTERNET-OF-THINGS (IOT) APPLICATIONS OF BLOCKCHAIN
Blockchain Platform for Industrial Internet of Things
8
Arshdeep Bahga, Vijay K. Madisetti Georgia Institute of Technology, Atlanta, GA, USA
ABSTRACT Internet of Things (IoT) are being adopted for industrial and manufacturing applications such as manufacturing automation, remote machine diagnostics, prognostic health management of industrial machines and supply chain management. Cloud- Based Manufacturing is a recent on-demand model of manufacturing that is leveraging IoT technologies. While Cloud-Based Manufacturing enables on-demand access to manufacturing resources, a trusted intermediary is required for transactions between the users who
Citation: Bahga, A. and Madisetti, V. (2016) Blockchain Platform for Industrial Internet of Things. Journal of Software Engineering and Applications, 9, 533-546. doi: 10.4236/ jsea.2016.910036. Copyright: © 2016 by authors and Scientific Research Publishing Inc. This work is licensed under the Creative Commons Attribution International License (CC BY). http:// creativecommons.org/licenses/by/4.0
196
Blockchain Technologies and Crypto-Currencies
wish to avail manufacturing services. We present a decentralized, peer-topeer platform called BPIIoT for Industrial Internet of Things based on the Block chain technology. With the use of Blockchain technology, the BPIIoT platform enables peers in a decentralized, trustless, peer-to-peer network to interact with each other without the need for a trusted intermediary. Keywords: Internet of Things, Blockchain, Smart Contracts, Cloud-Based Manufacturing
INTRODUCTION Internet of Things (IoT) comprises “Things” (or IoT devices) which have remote sensing and/or actuating capabilities, and can exchange data with other connected devices and applications (directly or indirectly). IoT devices can collect data and process the data either locally or send the data to centralized servers or cloud-based application back-ends for processing [1] . IoT technologies are promising for industrial and manufacturing systems. Experts have forecast a trillion dollar impact of IoT on the industrial and manufacturing sectors. A recent on-demand model of manufacturing that is leveraging IoT technologies is called Cloud-Based Manufacturing (CBM) [2] . CBM enables ubiquitous, convenient, on-demand network access to a shared pool of configurable manufacturing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction [3] [4] . In this paper, we propose a decentralized, peer-to-peer platform called BPIIoT for Industrial Internet of Things based on Blockchain, the technology that powers the crypto-currency Bitcoin. The BPIIoT platform will act as a key-enabler for cloud-based manufacturing, enhancing the functionality of existing CBM platforms, especially towards integrating legacy shop floor equipment into the cloud environment. While Cloud-Based Manufacturing enables on-demand access to manufacturing resources, a trusted intermediary is required for transactions between the users who wish to avail manufacturing services. With the use of Block chain technology, the BPIIoT platform enables peers in a decentralized, trustless, peer-to-peer network to interact with each other without the need for a trusted intermediary.
RELATED WORK The Blockchain technology was introduced along with Bitcoin by Satoshi
Blockchain Platform for Industrial Internet of Things
197
Nakamoto [5] . The Bitcoin transactions are recorded in a public ledger called the Blockchain. IBM and Samsung have announced a collaboration to build decentralized IoT solutions by leveraging the Blockchain technology [6] . Slock it has developed a smart lock technology called Slocks which enables real-world physical objects to be controlled by the Blockchain [7] . The owners of a Slock who wants to rent their real-world physical objects (such as houses, cars or bikes) set a deposit amount and a price for using the objects. Users can find the Slocks using the mobile app and then make a payment in Ethers to rent the objects. After the transactions are validated on the Ethereum Blockchain network, the users get permission to open or close the Slocks with their smartphone. A smart contract is automatically enforced between the owner and the user. After the object is returned, the deposit minus the cost of the rental is returned to the user. Trans Active Grid has developed a combination of software and hardware technologies that enable users to buy and sell solar energy from each other securely and automatically, using smart contracts and the Blockchain [8] . Filament has built an open technology stack based on Blockchain technology, to enable devices to discover, communicate, and interact with each other in a fully autonomous and distributed manner [9] . A review of Blockchain and smart contracts and applications of Blockchain for IoT are described in [10] .
KEY CONTRIBUTIONS OF PROPOSED WORK We propose a Blockchain Platform for Industrial Internet of Things (BPIIoT), which enables development of different distributed apps (Dapps) for manufacturing. Figure 1 shows the difference between an existing solution (Slock.it) and the proposed BPIIoT platform. While existing solutions like Slock.it can be considered as Dapps specialized to perform a specific task (such as unlocking a lock), BPIIoT has a much broader scope as it enables development of different decentralized and peer-to-peer manufacturing applications as described in Section-6. These manufacturing Dapps build upon the
Blockchain Technologies and Crypto-Currencies
198
Figure 1: Slock.it vs BPIIoT: (a) Slock.it Dapp is based on a smart contract between a user and the owner of a real-world physical object, to unlock the lock when the user pays a rent and deposit to the smart contract to unlock the lock (b) BPIIoT platform has a much broader scope than Slock.it as it enables development of different decentralized and peer-to-peer manufacturing applications.
BPIIoT platform comprising a single-board computer (with cloud and Blockchain bridges, sensors and actuator connectivity drivers, Blockchain wallet, controller service, I/O and device management components) and an interface board. BPIIoT also enhances existing CBM platforms by: 1) enabling consumer-to-machine and machine-to-machine transactions without a trusted intermediary; 2) integrating legacy shop floor equipment into the cloud environment; 3) automating machine main- tenance and diagnostics tasks; 4) providing a distributed, secure and shared ledger of all transactions, assets and inventory records.
BLOCKCHAIN CONCEPTS In this section, we describe the key concepts related to Blockchain in general and the Ethereumblock chain network which we have used for our proposed BPIIoT platform. •
Blockchain: Blockchain is a distributed data structure comprising a chain of blocks. Blockchain acts as a distributed database or a global ledger which maintains records of all transactions
Blockchain Platform for Industrial Internet of Things
199
on a Blockchain network. The transactions are time stamped and bundled into blocks where each block is identified by its cryptographic hash. The blocks form a linear sequence where each block references the hash of the previous block, forming a chain of blocks called the Blockchain. A Blockchain is maintained by a network of nodes and every node executes and records the same transactions. The Blockchain is replicated among the nodes in the Blockchain network. Any node in the network can read the transactions. Figure 2(a) shows the structure of a Blockchain.
Figure 2. (a) Blockchain structure; (b) Smart contract structure.
•
Smart Contracts: A smart contract is a piece of code that resides on a Blockchain and is identified by a unique address. A smart contract includes a set of executable functions and state variables. The functions are executed when transactions are made to these functions. The transactions include input parameters which are required by the functions in the contract. Upon the execution of a function, the state variables in the contract change depending on the logic implemented in the function. Contracts can be written in various high-level languages (such as Solidity or Python) [11] . Language-specific compilers for smart contracts (such as Solidity or Serpent) are used to compile the contracts into byte code. Once compiled the contracts are uploaded to the Blockchain network which assigns unique addresses to the contracts. Any user on the Blockchain network can trigger the functions in the contract
Blockchain Technologies and Crypto-Currencies
200
•
•
•
•
•
by sending transactions to the contract. The contract code is executed on each node participating in the network as part of the verification of new blocks. Figure 2(b) shows the structure of a smart contract. Ethereum: Ethereum is an open and programmable Blockchain platform [12] . Anyone can sign up for the platform and create an Ethereum account. Users can create and deploy smart contracts to the Ethereum platform and build decentralized applications. The platform is not owned or controlled by a single entity and is powered by the peers who run the Ethereum nodes. Ethereum Virtual Machine (EVM): Ethereum Virtual Machine (EVM) is the runtime environment for smart contracts in Ethereum. The nodes in the Ethereum network run the EVM. The EVM runs as a sandbox and provides an isolated execution environment. All the nodes in the Blockchain network perform the same computations thus providing redundancy in the execution of smart contracts. While this massive amount of redundancy is not an efficient approach for execution, but it is required to maintain consensus in the network where there is no centralized authority or a trusted third-party. Ethereum Accounts: Ethereum has two types of accounts― Externally Owned Accounts (EOAs) and Contract Accounts. EOAs are the accounts which are owned and controlled by the users. Each EOA has an Ether balance associated with it. These accounts can send transactions to other EOAs or contract accounts. The contract accounts are controlled by the associated contract code which is stored with the account. The contract code execution is triggered by transactions sent by EOAs or messages sent by other contracts. Public-Private Keys: Each Externally Owned Account (EOA) has a public-private key pair associated with it. The account address is derived from the public key. When a new EOA is created, a JSON key file is created which has the public and private keys associated with the account. The private key is encrypted with the password which is provided while creating the account. For sending transactions to other accounts, the private key and the account password are required. Dapp: A Decentralized Application (or Dapp) is an application
Blockchain Platform for Industrial Internet of Things
•
•
•
•
201
that uses smart contracts. Dapps provide a user-friendly interface to smart contracts. A crypto currency application is an example of a Dapp that runs on a Blockchain network. Blocks: The transactions in a Blockchain network are bundled into blocks and executed on all the participating nodes. A block contains a transaction list, the most recent state, a block number and a difficulty value. If there are conflicting transactions on the network (for example, transactions that do double spending), only one of them is selected to become a part of the block. The blocks are added to the Blockchain at regular intervals. Transactions: Transactions are the messages which are sent by Externally Owned Accounts (EOAs) to other EOAs or contract accounts. Each transaction includes the address of the recipient, transaction data payload and a transaction value. When a transaction is sent to an EOA, the transaction value is transferred to the recipient. When a transaction is sent to a contract account, the transaction data payload is used to provide input to the contract function to be executed. Transactions are signed by the sender’s private key. Transactions are selected and included in the blocks in the mining process. The state of the network is changed only by the transactions which are selected for inclusion in the blocks. The transactions on a Blockchain network can be read by all the participant nodes in the network. Messages: Contracts deployed on a Blockchain network can send messages to other contracts. A message contains the address of the sender, address of the recipient, value to transfer and a data field which contains the input data to the recipient contract. The difference between a transaction and a message is that a message is produced by a contract while a transaction is produced by an EOA. Mining: The transactions on a Blockchain network are verified in a process called mining. The participating nodes in the network are given incentives in the form of Ethers for performing the mining operations. Miners compete to do a complex mathematical computation and the node that wins, earns a reward in Ethers. Miners produce blocks which are verified by other miners for validity. A valid block is one which contains proof of work (PoW) of a given difficulty. In Ethereum, a proof-of- work algorithm
Blockchain Technologies and Crypto-Currencies
202
•
•
called Ethash is used. The PoW algorithm finds an nounce input to the algorithm so that the result is below a certain difficulty threshold. The time for finding a new block can be controlled by manipulating the difficulty. A successful PoW miner is one whose block is selected to be next on the Blockchain. Once a winning block is selected all other nodes update to that new block. Ether: Ether is the currency which is used in the Ethereum Blockchain network. The miners in the Ethereum network receive mining rewards in the form of Ethers. The base unit of Ether is called Wei (where 1 Ether = 1018 Wei). Gas: Gas is the name of the crypto fuel which is consumed for performing the operations on a Blockchain network. All the transactions on the network are charged a certain amount of gas. While sending a transaction, the sender sets a gas price which represents the fee the sender is willing to pay for gas. The senders of the transactions are charged a gas fee, which is paid to the miners and the balance is refunded to the sender. The gas fee paid is proportional to the amount of work that is needed to execute the transaction, in terms of the number of atomic instructions.
BLOCKCHAIN PLATFORM FOR INDUSTRIAL INTERNET OF THINGS We propose a Blockchain Platform for Industrial Internet of Things (BPIIoT). Figure 3 shows how BPIIoT platform can enhance the functionality of Cloud-based Manufacturing (CBM) platforms, by providing a decentralized, trustless, peer-to-peer network for manufacturing applications. CBM is a service-oriented manufacturing model in which service consumers are able to configure, select, and utilize configurable manufacturing resources.
Blockchain Platform for Industrial Internet of Things
203
Figure 3: (a) Cloud-based manufacturing (CBM) model; (b) Blockchain for Industrial Internet of Things.
CBM leverages the four key cloud computing service models: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), Hardwareas-a-Service (HaaS), and Software-as-a-Service (SaaS) [13] . BPIIoT is based on a Blockchain network on which smart contracts are deployed. The smart contracts act as agreements between the service consumers and the manufacturing resources to provide on-demand manufacturing services. BPIIoT enables integrating legacy shop floor equipment into the cloud environment and allows developing decentralized and peer-to-peer manufacturing applications. The key enabler component for the industrial machines in the proposed BPIIoT platform is the IoT device. Figure 4 shows the architecture of the IoT device. The IoT device enables existing machines to communicate with the cloud as well as the Blockchainnet work. The IoT device is a “plug and play” solution that allows machines to exchange data on their operations to the cloud, send transactions to the associated smart contracts and receive transactions from the peers on the Blockchain network.
204
Blockchain Technologies and Crypto-Currencies
Figure 4: Blockchain platform for industrial internet of things (BPIIoT).
The IoT device includes an interface board (based on Arduino) and a single-board computer (based on Beaglebone Black or Raspberry Pi). The interface board has digital input/output and analog input capability. Sensors and actuators interface with the digital or analog pins on the interface board. The interface board has a serial interface to the single-board computer (SBC). The sensor bridge between the interface board and the SBC enables the SBC to capture sensor data from the interface board and also send control signals to the actuators. The sensor and actuator connectivity drivers are installed on the SBC. The device manager on the SBC allows the users to configure the SBC using a web interface and also view the device status and statistics. The I/O block on the SBC enables connectivity to external systems over digital, analog, serial and USB connections. The Blockchain service on the SBC communicates with the Blockchain network and sends/receives transactions to/from the network. Each IoT device has its own account on the Blockchain network and maintains a Blockchain wallet on the SBC. The controller service performs various actions which can be configured through
Blockchain Platform for Industrial Internet of Things
205
the device management interface. For example, an action can be to capture the data from the sensor bridge and publish it to the cloud through the cloud bridge. Another action can be to monitor the machine status and operating environment, and send transactions to the associated smart contracts on the Blockchain network (such as a transaction to order replacement of a part).
APPLICATIONS OF BPIIOT PLATFORM In this section we describe some decentralized industrial and manufacturing applications that can leverage the proposed BPIIoT Platform. •
•
•
On-Demand Manufacturing: The BPIIoT platform will enable a marketplace of manufacturing services where the machines will have their own Blockchain accounts and the users will be able to provision and transact with the machines directly to avail manufacturing services in a CBM-like on-demand model. BPIIoT can enable peer-to-peer networked manufacturing applications where the peers will be able to avail manufacturing services (such as CNC machining or 3D printing) by sending transactions to the machines. Smart Diagnostics & Machine Maintenance: BPIIoT platform can be used for developing smart diagnostics and self-service applications for machines where the machines will be able to monitor their state, diagnose problems, and autonomously place service, consumables replenishment, or part replacement requests to the machine maintenance vendors. Smart contracts between manufacturers and vendors for procurement of supplies and service of machines can help in automating the machine maintenance tasks. We describe the implementation of a smart diagnostics and machine maintenance application using the proposed platform in Section-7. Traceability: BPIIoT platform can be used for developing traceability applications for manufactured products. Smart contracts between the consumers and manufacturers can keep production records, for example, which factory and which machines within the factory were used for manufacturing a particular product. In case of product recalls (either due to manufacturing defects or faulty parts) after the products are delivered, traceability applications can help in identifying the affected products.
Blockchain Technologies and Crypto-Currencies
206
•
•
•
•
•
Supply Chain Tracking: BPIIoT platform can be used for developing supply chain tracking applications. The Blockchain and Smart Contracts can keep a formal registry of products and track their possession through different points in a supply chain. Such applications can also enable automated financial settlements on delivery confirmations. Product Certification: BPIIoT platform can be used for developing product certification applications. The manufacturing information for a product (such as the ma- nufacturing facility details, machine details, manufacturing date and parts information) can be recorded on the Blockchain. This information can help in proving the authenticity of the products eliminating the need for physical certificates which can be prone to tampering and forging. Consumer-to-Machine & Machine-to-Machine Transactions: BPIIoT can enable machine-to-machine transactions for manufacturing services. For example, a consumer can send a request for manufacturing a product by sending a transaction to a manufacturer’s smart contract along with the payment made in a crypto currency (such as Ethers). The manufacturer’s smart contract can then send transactions to smart contracts associated with individual machines (consumer-to-machine transactions). If services of different machines are required for manufacturing a product, the machines can send micro-transactions to other machines (machine-to-machine transactions). Tracking Supplier Identity & Reputation: BPIIoT platform can be used for developing supplier identity and reputation management applications which track various performance parameters (such as delivery times, customer reviews and seller ratings) for sellers. Such applications can be used by consumers to find the sellers that can meet their manufacturing requirements and by manufacturers for finding suppliers for consumables. Smart contracts can also help in automatically negotiating best prices for consumables and supplies in real-time based on the seller reputations. Registry of Assets & Inventory: BPIIoT platform can be used for developing applications for maintaining records of manufacturing assets and inventory. These applications can keep records of the asset identification information and the transfer of assets through the supply chain eliminating the need for manual paper records.
Blockchain Platform for Industrial Internet of Things
207
IMPLEMENTATION CASE STUDY In this section, we describe an implementation case study of the proposed BPIIoT platform based on Beaglebone Black single-board computer and an interface-board based on Arduino Uno. To demonstrate the proposed platform we describe a machine maintenance and smart diagnostics application. For the case study we used an interface board equipped with sensors to monitor the temperature and vibration levels of different parts of a machine. The interface board makes use of digital, analog, serial and USB interfaces to capture data from a variety of sensors and systems. While modern industrial machines can directly communicate with the interface board (over digital, analog, serial or USB interfaces), many legacy machines make use of controllers that are impractical to access or digital communication is nonexistent. Therefore, the interface board makes use of sensors which are external to the legacy machines’ control box.
208
Blockchain Technologies and Crypto-Currencies
Figure 5: Python implementation of a controller service running on the IoT device.
We setup smart contracts for machine service and part replacements. These smart contracts act an agreement between the machine and the service/ supplies vendors to either schedule a service request for the machine or place a part replacement order. Figure 5 shows the Python implementation of a controller service runs on the IoT device (Beaglebone SBC). The controller service constantly monitors the temperature and vibration levels of different parts of the machine (as sensed by the sensors on the interface board which is connected to SBC over serial port).
Blockchain Platform for Industrial Internet of Things
209
Within the controller service, different rules are defined to determine if machine service request or part replacement order needs to be placed. For example, if the vibration levels of the machine go beyond a pre-defined threshold for a certain number of times, the controller service sends a machine service request. For sending the service request, a transaction is sent to the request Service function of the Machine Service smart contract between the machine and the service vendor. Similarly, if the temperature levels of a particular part of the machine go beyond a pre-defined threshold for a certain number of times, a part replacement order is placed. For placing an order, the machine sends a transaction to the order Part function of the Part Replacement smart contract between the machine and the part supplier by paying the part cost in crypto currency (Ethers). For deploying the smart contracts (named Machine Service and Part Replacement), we used the Ethereum Go Client (geth) [14] . When a contract is deployed on the Ethereum Blockchain network, an address is assigned to the contract. For the case study we setup a private Ethereum Blockchain network. Any user on the Blockchain network who knows the contract address and the contract interface definition (ABI definition) can send a transaction to the contract. When the transaction is sent on the Blockchain network, it is combined with other pending transactions into a block. The miners on the Blockchain network validate the transaction and reach a consensus on the block that should be added next to the Blockchain (called the winning block). The new block is then broadcast to the entire network. The smart contract is executed when the transaction is mined.
CONCLUSION & FUTURE WORK We presented a Blockchain Platform for Industrial Internet of Things (BPIIoT). The BPIIoT platform enables a marketplace of manufacturing services where the machines have their own Blockchain accounts and the users are able to provision and transact with the machines directly to avail manufacturing services. The benefits of using Blockchain which make it suitable for Industrial Internet of Things are as follows: •
Decentralized & Trustless: Blockchain is a public ledger of all transactions on the network which is maintained by different decentralized nodes. Blockchain technology enables a decentralized and trustless peer-to-peer network where the peers do not have to need a trusted intermediary for interacting
Blockchain Technologies and Crypto-Currencies
210
with each other. Since a Blockchain network is not controlled by a central authority and all the transactions are verified and validated by a consensus among the peers, the peers do not need to trust each other. • Resilient: Blockchain network is resilient to failures, as it is a decentralized peer-to- peer network with no single point of failure. The Blockchain itself is an immutable and durable ledger and the transactions once recorded on the Blockchain after a consensus among the peers cannot be altered or deleted. • Scalable: Blockchain network is highly scalable in nature as it is maintained by a network of peers. The computing capability of the network scales up as more and more peers (or miners) join the network. • Secure & Auditable: All the transactions in a Blockchain network are secured by strong cryptography. Furthermore, the transparent nature of the public ledger maintained by a Blockchain network makes it secure and auditable as everyone on the network knows about all the transactions and the transactions cannot be disputed. • Autonomous: Blockchain can enable IoT devices to communicate with each other and do transactions autonomously as each device has its own Blockchain account and there is no need for a trusted third-party. While the Blockchain technology looks promising for Industrial Internet of Things, there are various challenges that need to be addressed to ensure its widespread adoption. The key challenges are as follows: •
CAP & Blockchain: For distributed data systems, a trade-off exists between consistency and availability. These trade-offs are explained with the CAP Theorem, which states that under partitioning, a distributed data system can either be consistent or available but not both at the same time. Blockchain gives up on consistency to be available and partition tolerant. Blockchain is a distributed ledger which is eventually consistent, i.e. all nodes eventually see the same ledger. In Ethereum, the block-time (time after which a new block is mined) is roughly 17 seconds, which is much faster than Bitcoin which has a block-time of 10 minutes. A consequence of fast block-time is reduced security, therefore, many Blockchain applications require multiple confirmations
Blockchain Platform for Industrial Internet of Things
•
•
•
•
•
211
for newly mined blocks to secure the transactions from doublespending. Faster block-time also leads to high number of stale blocks to be produced. Stale blocks are competing blocks produced by miners which do not contribute to the main chain. High stale rate reduces the security of the main chain [15] . To counter this problem, the “Greedy Heaviest Observed Subtree” (GHOST) protocol has been proposed [16] . Smart Contract Vulnerabilities: Smart contracts can have software vulnerabilities which can be exploited by hackers. In June 2016, an attacker managed to drain more than 3.6 million Ether from the Slock.it backed Decentralized Autonomous Organization (DAO) into a “child DAO”. The attacker managed this by exploiting a “recursive call bug” vulnerability in the DAO smart contract. Since smart contracts are meant to be agreements between transacting parties on a Blockchain and not legally enforceable outside the network, such attacks can put the organizations, miners and even the Blockchain network at risk [17] . Awareness: Blockchain is a nascent technology and is mostly adopted in the financial sector (Bitcoin being the most popular application). Lack of awareness about the Blockchain technology in other sectors is affecting its widespread adoption. Regulation: Since Blockchain does away with the need for a centralized authority or a trusted intermediary for validating the transactions, there remain regulatory hurdles in the widespread adoption of the technology. New government and industry regulations are required for decentralized systems such as Blockchain. Furthermore, there is a need to ensure legal enforceability of smart contracts to avoid disputes among the transacting parties. Privacy: Since Blockchain is a public ledger and anyone can view all the transactions on a Blockchain network, there remain privacy concerns for the transacting parties. Efficiency: Since all the nodes in a Blockchain network perform the same computations in an attempt to mine the next block for the Blockchain, this is not an efficient approach. Due to this redundancy in execution, the contribution of an individual node to the overall network is very small even though the node may be performing very hard computations.
212
Blockchain Technologies and Crypto-Currencies
We described an implementation case study of the proposed BPIIoT platform based on Beaglebone Black single-board computer, interface-board based on Arduino Uno and the Ethereum Blockchain network. Future work will focus on implementation and demonstration of the BPIIoT platform for more realistic solutions such as on-demand manufacturing and device selfservice.
Blockchain Platform for Industrial Internet of Things
213
REFERENCES 1. 2.
3.
4.
5. 6.
7. 8. 9.
10.
11. 12. 13.
14. 15.
Bahga, A. and Madisetti, V. (2014) Internet of Things: A Hands-On Approach. VPT/Create Space Inc., Atlanta. Wu, D., Rosen, D.W., Wang, L. and Schaefer, D. (2015) Cloud-Based Design and Manufacturing: A New Paradigm in Digital Manufacturing and Design Innovation. Computer-Aided Design, 59, 1-14. Xu, X. (2012) From Cloud Computing to Cloud Manufacturing. Robotics and Computer-Integrated Manufacturing, 28, 75-86. http:// dx.doi.org/10.1016/j.rcim.2011.07.002 Colombo, A., Bangemann, Th., Karnouskos, S., Delsing, J., Stluka, P., Harrison, R., Jammes, F. and Lastra, J.L. (2014) Industrial CloudBased Cyber-Physical Systems. The IMC-AESOP Approach, Springer, Switzerland. http://dx.doi.org/10.1007/978-3-319-05624-1 Nakamoto, S. (2008) Bitcoin: A Peer-to-Peer Electronic Cash System. https://bitcoin.org/bitcoin.pdf Brody P. and Pureswaran, V. (2014) Device Democracy: Saving the Future of the Internet of Things, IBM. https://public.dhe.ibm.com/ common/ssi/ecm/gb/en/gbe03620usen/GBE03620USEN.PDF Slock.it. https://slock.it TransactiveGrid. http://transactivegrid.net Filament (2016) Foundations for the Next Economic Revolution Distributed Exchange and the Internet of Things. https://filament.com/ assets/downloads/Filament%20Foundations.pdf Christidis, K. and Devetsiokiotis, M. (2016) Blockchains and Smart Contracts for the Internet of Things. IEEE Access, 4, 2292-2303. http:// dx.doi.org/10.1109/ACCESS.2016.2566339 Solidity Documentation. https://solidity.readthedocs.io Ethereum Homestead Documentation. http://www.ethdocs.org/en/ latest/ Wu, D., Thames, J.L., Rosen, D.W. and Schaefer, D. (2013) Enhancing the Product Realization Process with Cloud-Based Design and Manufacturing Systems. Journal of Computing and Information Science in Engineering, 13, 1-14. http://dx.doi.org/10.1115/1.4025257 Ethereum Go Client. https://github.com/ethereum/go-ethereum A Next-Generation Smart Contract and Decentralized Application Platform (2016) https://github.com/ethereum/wiki/wiki/White-Paper
214
Blockchain Technologies and Crypto-Currencies
16. Sompolinsky, Y. and Zohar, A. (2013) Accelerating Bitcoin’s Transaction Processing Fast Money Grows on Trees, Not Chains. http:// www.cs.huji.ac.il/~avivz/pubs/13/btc_scalability_full.pdf 17. Siegel, D. (2016) Understanding the DAO Hack for Journalists. https:// medium.com/@pullnews/understanding-the-dao-hack-for-journalists2312dd43e993
Blockchain Based Credibility Verification Method for IoT Entities
9
Chao Qu, Ming Tao, Jie Zhang, Xiaoyu Hong, and Ruifen Yuan School of Computer Science and Network Security, Dongguan University of Technology, Dongguan 523808, China
ABSTRACT With the fast development of mobile Internet, Internet of Things (IoT) has been found in many important applications recently. However, it still faces many challenges in security and privacy. Blockchain (BC) technology, which underpins the cryptocurrency Bitcoin, has played an important role in the development of decentralized and data intensive applications running on millions of devices. In this paper, to establish the relationship between IoT and BC for device credibility verification, we propose a framework
Citation: Chao Qu, Ming Tao, Jie Zhang, Xiaoyu Hong, and Ruifen Yuan, “Blockchain Based Credibility Verification Method for IoT Entities,” Security and Communication Networks, vol. 2018, Article ID 7817614. Copyright: © 2018 Chao Qu et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
216
Blockchain Technologies and Crypto-Currencies
with layers, intersect, and self-organization Blockchain Structures (BCS). In this new framework, each BCS is organized by Blockchain technology. We describe the credibility verification method and show how it provide the verification. The efficiency and security analysis are also given in this paper, including its response time, storage efficiency, and verification. The conducted experiments have been shown to demonstrate the validity of the proposed method in satisfying the credible requirement achieved by Blockchain technology and certain advantages in storage space and response time.
INTRODUCTION The Internet of things (IoT) is a worldwide network of interconnected objects and humans, which through unique address schemes are able to interact with each other and cooperate with their neighbours to reach common goals [1]. The primary purpose of the IoT is to share information gained by objects, which reflects the manufacture, transportation, consumption, and other details of people’s lives [2, 3]. The development of the IoT makes a large number of devices, such as sensors, interconnection, and interoperability for data collection and exchange. Using information gained from the IoT could make the environment around us be better cognized [4]. On the other hand, the IoT consists of devices that generate, process, and exchange vast amounts of critical security and safety data as well as privacy-sensitive information and hence are appealing targets for cyberattacks [5–8]. The task of affordably supporting security and privacy is quite challenging because many new networkable devices, which constitute the IoT, require less energy, are lightweight and have less memory [9]. These devices must devote most of their available energy and computation to executing core application functions [10]. A lot of researchers have worked on them. The security research includes transmission field [11, 12], cloud storage field [13, 14], digital signature field [15, 16], and permission identification [17, 18]. The Blockchain (BC) technology allows all members to keep a ledger containing all transaction data and to update their ledgers to maintain integrity when there is a new transaction. Since the advancement of the Internet and encryption technology has made it possible for all members to verify the reliability of a transaction, the single point of failure arising from the dependency on an authorized third party has been solved. The Blockchain has broker-free (P2P-based) characteristics, thereby doing
Blockchain Based Credibility Verification Method for IoT Entities
217
away with unnecessary fees through p2p transactions without authorization by a third party. Since ownership of the transaction information by many people makes hacking difficult, security expense is saved, transactions are automatically approved and recorded by mass participation, and promptness is assured. Moreover, the system can be easily implemented, connected and expanded using an open source and transaction records can be openly accessed to make the transactions public and reduce regulatory costs. Since the hash values stored in each peer in the block are affected by the values of the previous blocks, it is very difficult to falsify and alter the registered data. Although data alteration is possible if 51% of peers are hacked at the same time, the attack scenario is realistically very difficult [19].
RELATED WORKS The Blockchain technology first came to prominence in early 2009, through the cryptocurrency Bitcoin (BTC). Bitcoin users that are known by a changeable Public Key (PK) generate and broadcast transactions to the network to transfer money. These transactions are pushed into a block by users. Once a block is full, the block is appended to the Blockchain by performing a mining process. To mine a block, some specific nodes known as miners try to solve a resource consuming cryptographic puzzle named Proof of Work (POW) [20], and the node which solves the puzzle first mines the new block for the Blockchain. Since BTC has flourished, Blockchain, the technology that underpins BTC, could, according to Swan, have far-ranging consequences for all aspects of modern society. Based on the characteristics of Blockchain, many researchers have carried out research on its application in the IoT environment [21], such as applying BC to the smart home system to ensure the security and privacy of information [22], applying smart contract in IoT [23], using the BC platform to manage IoT devices [24], and made security transmission for IoT [25]. The reason for this explosion of interest is that, with the Blockchain technology in place, applications that could previously run only through a trusted intermediary can now operate in a decentralized fashion. The essence of Blockchain technology is a decentralized database for peer-to-peer networks, providing an effective trust mechanism. In the IoT environment, devices form a kind of peer-topeer network, which is a decentralized application scenario. Therefore, the working conditions required by the Blockchain technology are meted. On the other hand, IoT requires an effective solution for security problems, but the number of devices and their growth rate also make centralized authentication
218
Blockchain Technologies and Crypto-Currencies
difficult to achieve. For these reasons the Blockchain technology should work well for an IoT environment. In our previous work [26, 27], we proposed a model of transactions on the Semantic Web of Things (SWoT) to satisfy the needs of intelligent IoT. We described the framework and working mechanism of the model. The framework uses the ontology as the logical reasoning basis and is divided into several parts: the entity link layer, the semantic annotation layer, the service registry center, the transaction construction layer, and the transaction execution control layer. Semantic technology is used to describe the IoT entity as a dynamic Web service. In the model, the technologies of service discovery and service composition are used to build IoT transactions that meet users’ requirements and control the transaction processes. Also, it acted as a manager during the execution of a transaction and made effective management and control to the entities. And a use case of traffic accident rescue has been described in the previous paper. The proposed model extends the IoT from sensor networks to real interconnections and provides the underlying structural support for the interaction of entities in IoT. As our research has developed, we have found that although the proposed model satisfies the intelligent construction and execution of IoT transactions, it still has security risks and needs a method to protect the usability and credibility of the devices. Blockchain technology happens to be able to meet our needs and provide IoT devices with privacy and protection through a distributed, decentralized verification approach.
PROBLEM STATEMENT The credibility verification of an IoT device refers to verifying that the target device has the attributes, such as location and function [26], that are known in the service-center and that the data the device transmits and receives has not been tampered with by a network attacker. For example, the monitoring device should verify that the data actually came from the sensor at the specified location rather than being tampered with an attacker [28]. The traditional security and privacy policies based on asymmetric encryption are difficult to implement in an IoT environment, mainly due to the follow reasons:(i)Asymmetric encryption needs a centralized key management system, which cannot meet the needs of a rapidly growing IoT system. Furthermore, if the key management system is attacked, a large number of IoT devices are likely to be affected.(ii)Traditional security methods tend to be expensive for the IoT in terms of energy consumption and processing
Blockchain Based Credibility Verification Method for IoT Entities
219
overhead because sensors are lightweight, of slow processing, and of less memory. Although Blockchain technology can solve these problems, it still faces the following critical challenges for application in an IoT environment. •
POW calculation is particularly computationally intensive and time-consuming, but the majority of IoT devices are resource restricted and most IoT applications need low latency. • IoT networks are expected to contain a large number of nodes and have a rapidly increasing rate, so that the Blockchain scales poorly as the number of nodes in the network increases. • The underlying Blockchain protocols create significant network traffic flow, which is a disaster for the communication of IoT devices. The main contribution of this paper is to propose a novel credibility verification method based on Blockchain technology for IoT entities. We establish a credibility verification framework for IoT devices, and, based on this, we illustrate the process and solve the challenges of applying BC to IoT. The performance of the method is analyzed experimentally.
CREDIBILITY VERIFICATION METHOD The existing IoT device access and management modes have many problems of credibility verification to be resolved. Therefore, based on our previous work [29], a new framework needs to be established for the IoT network. First, we define the framework of credibility verification structure. The structure is made of several blockchains with different layer, the Blockchain node in upper layer manage a Blockchain of lower level. Second, we design the data flow under the framework. The register data in the bottom layer is transmitted to the upper Blockchain node sequentially and recorded in each Blockchain in the path. Last, we describe the verify process. The credibility verification process is a verify chain along the source device to the destination device.
Credibility Verification Network Framework In the IoT scenarios, every application, such as a smart home, smart healthcare, and shared cycling [30], requires a server that manages the underlying devices, such as a smart home gateway, medical portal server, or shared platform. These servers have better computational ability than
Blockchain Technologies and Crypto-Currencies
220
bottom IoT devices with limited resources and bandwidth. In addition, these devices often work on cloud computing and cloud storage platforms and thus have good storage capabilities and network communication capabilities. We have divided IoT entities into Devices and Manager Servers to construct a credibility verification network. The overview of the framework is shown in Figure 1. Prior to discussing the details of the proposed framework, we Security and Communication Networks briefly introduce the network framework tiers.
3
Higher BC structure Manage Server Level2 (MS) Cloud Storages Local Storages
BC structure Level2 (BCS3)
Manage Server Level1 Manage Server Level1 (MS)
BC structure Level1 (BCS1)
Devices
BC structure Level1
Devices
Devices
Devices
Devices
Figure 1: Overview of the credibility verification framework.
Figure 1: Overview of the credibility verification framework. needs to be established for the IoT network. First, we define (1) The bottom MS is directly connected with the device. The smart devices the IoT. were to provide a Private Key and the framework ofDevices: credibility verification structure. Theand struc-sensors Theirinresponsibilities ture is made of several blockchains with different layer, the generate the Public Key for the device, store the device Manage Server (MS): Devices for managing and providing calculation and Blockchain node in upper layer manage a Blockchain of lower information, and published it to the Blockchain network storage. is invoked depending what verification. posilevel. Second, we designMS the data flow underinthedifferent framework.BC structures responsible for the devices’ on credibility Some of The registertion data they in theare bottom in. layer is transmitted to the the bottom MS constituted a Blockchain network and acted upper Blockchain node sequentially and recorded in each as miners. The technology in [31] can be used. The MStheisverify directly connected device. respon- for managing Blockchain in the(1) path. Last,bottom we describe process. (2) with MSs inthe other positionsTheir were responsible The credibility verification processwere is a verify chain alonga the a number of lower-level were responsible for prosibilities to provide Private Key and generateMSs theand Public Key source device to the destination device. viding key pairs to the accessed lower-level MSs, storing their for the device, store the device information, and published it to the information. The MSs were also responsible for publishing Blockchain network responsible forinformation the devices’ credibility verificathe to the Blockchain network where they were 4.1. Credibility Verification Network Framework. In the IoT located andaverifying the credibility of the scenarios, every application, such asof a smart home, smart tion. Some the bottom MS constituted Blockchain network andlower-level MS that it managed. On the other hand, the MSs managed by healthcare, and shared cycling [30], requires a server that acted as miners. technology in same [31]MS canalsobeformed used.a Blockchain network and each MS the manages the underlying devices, such asThe a smart home served as a Blockchain network node and acted as a miner. gateway, medical portal server, or shared platform. These MSs published the “add” or “delete” information of entities servers have better computational ability than bottom IoT as records (similar to the transaction records in the BTC) to devices with limited resources and bandwidth. In addition, the Blockchain network where they formed. The information these devices often work on cloud computing and cloud constructed Blockchain-blocks. storage platforms and thus have good storage capabilities BC Structure (BCS): Different from the fact that all the and network communication capabilities. We have divided nodes in the BTC network existed in the same Blockchain IoT entities into Devices and Manager Servers to construct network and all had peer-to-peer characteristics, the creda credibility verification network. The overview of the frame-
Blockchain Based Credibility Verification Method for IoT Entities
221
(2) MSs in other positions were responsible for managing a number of lower-level MSs and were responsible for providing key pairs to the accessed lower-level MSs, storing their information. The MSs were also responsible for publishing the information to the Blockchain network where they were located and verifying the credibility of the lower-level MS that it managed. On the other hand, the MSs managed by the same MS also formed a Blockchain network and each MS served as a Blockchain network node and acted as a miner. MSs published the “add” or “delete” information of entities as records (similar to the transaction records in the BTC) to the Blockchain network where they formed. The information constructed Blockchainblocks. BC Structure (BCS): Different from the fact that all the nodes in the BTC network existed in the same Blockchain network and all had peerto-peer characteristics, the credibility verification network had a plurality of Blockchain networks composed of MSs. Each Blockchain network was managed by one MS. Different Blockchain networks could constitute a hierarchical relationship. Storage: The information BC-blocks in the credibility verification network can be stored in local storage or cloud storage [32]. The access method can be used as in [33, 34].
Credibility Verification Data Model In order to achieve verification, a corresponding data model needed to be established based on the original IoT data communication. Therefore, we designed a data model and applied it to credibility verification, as shown in Figure 2.
222
Blockchain Technologies and Crypto-Currencies
Figure 2: Data model for verification.
For Devices, the added data includes an ID and a Private Key, where the ID was used as a unique identifier of Device to distinguish each other; the Private Key used for asymmetric encryption was used as the verification flag of device credibility. The Private Key is generated and issued by the MS which was responsible for managing the device. The additional data in the MS included the ID, Private Key, and BCblocks. Among them, the ID was the unique identifier of the MS. It should be noted that the MS is also a kind of IoT device (except for computing ability and storage capacity, it is the same as the other devices) and should therefore have the same attribute ID as those Devices; that is, the MS and the IDs of the devices should have the same definition. For each BC-block, block head, cryptographic hash, and block records were included according to Blockchain technology. Block head is used to store information such as the BC-block number, archive time, and the hash of the previous block. Cryptographic hash is considered as the POW for each BC-block. As with BC-blocks in Blockchain technology, there were several records in each BC-block. Each record was used to record the “adding” or “deleting” of information of the entities managed by the MS. Of course, additional items may be added according to further requirements. The structure of the BC-block-record included: Device or MS ID, flag of adding or deleting, timestamp, description, and entity functions. The Public Key in one BCblock-record should be generated from the Private Key of the right entity.
Blockchain Based Credibility Verification Method for IoT Entities
223
Description and entity functions used to record device information and its ability, of course, may also need to add other attributes. The transaction data were recorded in the BCT network. However, in the BCS which we are proposing in this paper, the action information, such as addition or deletion of a device, was recorded. The purpose is to verify the credibility of the entity. Data storage occurred only in the corresponding BCS and did not require synchronization of all network nodes, but synchronization was required in each BCS on the BCS chain.
Credibility Verification Process The proposed credibility verification model and its associated data model are primarily used as the basis for the verification process. The primary goal of the credibility verification of a device is to prove that a device is the one that joins the network as originally declared, not the device which tampered with the attacker. Therefore, the verification of credibility has three aspects. One is that the device needs to establish its own certificate when it joins the network. Second, when the device is accessed, it needs to be verified as the original one. Last, the data sent by the device must be proven that it was generated by the original device. The concrete realization method includes the following three parts. •
Recording the Addition or Deletion of Entities. In the IoT environment, access to the device needs to be controlled by the MS. When the device accesses the IoT environment, the device sends its description, function, and other attributes to the MS that is responsible for managing it. The MS needs to assign an ID, generate a specific Private Key, and send both to the devices. At the same time, the MS needs to generate the corresponding Public Key according to the Private Key. When the operation is completed, the MS adds a record to the BC-block and broadcasts it to the BCS it joined. When receiving the broadcast, other MSs also add the record to their BC-block. If the BC-block is full, according to BC technical specifications, the MSs calculate the cryptographic hash as the POW and seal the current BC-block. In the MS, the Device ID in the record is replaced with its own MS ID and the record is sent to the upper-level MS, the manager. The upper-level MS receives the record and uses the same policy to process the record. The process is repeated until the record reaches the top MS. This is similar to accessing a new
Blockchain Technologies and Crypto-Currencies
224
MS under a MS. The communication process packet aggregated authentication can be protected with cryptography techniques such as [35]. When a device is removed from the network, the responsible MS generates a record for device removal, adds it to the BC-block, and passes the record up as described above. • Credibility Verification Process of the Accessing Entity. According to the IoT model designed in the previous work [26], the credibility of the selected device must be verified when establishing a transaction. The credibility verification of the accessed device is achieved by building a verification chain through the BCSs on the path. Suppose that when a network node N1 issues an application for the use of a specific function device, the application information will be propagated upwardly along the upper-level MS of N1. The device records in the BC-blocks in each MS on the path are queried until it is found that the function described in the device record in one MS fulfills the function required by N1. Assuming that there is an MS0 that meets the record and D1 is the device capable of providing the function, each MS passing from MS0 to D1 is named as MS1 to MSn in turn. MSn is the management node of D1. The subsequent verification process is as follows.(I)The MS1’s ID and its Public Key are obtained from MS0’s BC-block-record.(II)A request is sent to MS1 to ask for the encrypted data by using the Private Key, and the identity is verified with the Public Key of MS1.(III)When MS1 is identified, we can get MS2’s ID and the Public Key from its BC-block-record, using the same method to verify the credibility of MS2.(IV)Steps 2–3 are repeated until the Public Key of D1 is obtained. Then a request is sent to D1 to ask for encrypted data and the resulting Public Key is used for verification. •
Credibility Verification of Data Is Achieved. After verifying the device’s credibility and obtaining its Public Key, the Private Key of the device can be used to encrypt the data sent by the device as a digital signature. The receiver can use its Public Key for verification to obtain the trusted data. The whole process is just like a routing [36]. The credibility verification process is shown in Figure 3.
Blockchain Based Credibility Verification Method for IoT Entities
225
Figure 3: The process of verifying the device credible.
ANALYSIS AND DISCUSSION Validity of Verification The method presented in this paper is based on several intersecting Blockchain networks, and credibility is transmitted through Blockchain networks. Therefore, this method is reliable only if each Blockchain network can be proven trustworthy. The security of Blockchain technology lies in the sharing mechanism of its distributed data. The “mining” mechanism is defined so that when a node wants to tamper with certain records, it must recalculate the encryption hash of the entire Blockchain thereafter. The computational workload is so great that cheating nodes can never keep up with the whole network Blockchain generation rate (unless their processing power overtakes 51% of the whole network processing power, which is almost impossible). Therefore, if the entire IoT is regarded as a Blockchain network, its credibility is guaranteed (also impossible). The proposed method of verifying credibility differs from taking the entire IoT as a Blockchain network in that the IoT is divided into several BCs intersecting with each
Blockchain Technologies and Crypto-Currencies
226
other. Therefore, each Blockchain network is relatively small in size with respect to the entire IoT. As a result, transactions (addition or deletion of entities) are generated too slowly to meet the security requirements at all, resulting in excessive idle time and allowing the cheating node to have enough time to recalculate the entire Blockchain. In this regard, we propose three solutions.(a)Select the right size of each BCS and let the transaction record generation speed meet “mining” requirements so that the counterfeit records’ costs are unacceptable.(b)Devices should send empty transaction records with a random probability, making the transaction records’ generation speed (real or empty) meet the “mining” requirement in each BCS.(c)When verifying the credibility of a particular MS, several nodes are randomly selected from the BCSs in which it is located, and the records in the selected MSs are compared to the records in the MS (cryptographic hash can be used as well) to determine the credibility of the MS. Given a threshold, if the rate of unequal nodes in the selected nodes is over the threshold we can take the node as a forged one. Although these three solutions can improve the validity of the verification, there are still some problems. For solution (a), it is difficult to determine the size of each BCS, and the higher the level is, the more the transaction records BCS receives. If there is no proper size control it can lead to inefficient record insertion. For solution (b), the same problem as in (a) exists and storage space can be wasted. For solution (c), credibility can be affected, but the probability of reducing noncredibility can be further improved. In addition, the 51% calculation problem exists in all three methods and this problem is inevitable for the Blockchain network.
Efficiency Analysis •
Response Efficiency. In the current IoT environment, credibility verification depends on the management center. Device information is obtained by querying the center. In this case, it is only necessary to get the certification of the management center, which can be considered as time complexity of O(1), which means a higher response rate. If the entire IoT environment is using Blockchain technology to achieve the credibility verification, the processing of synchronizing requires a large network overhead and response time. Because it needs to synchronize all the nodes in the network, the time complexity means O(n).
Blockchain Based Credibility Verification Method for IoT Entities
227
The proposed method is relatively complex with respect to the management center model (current IoT structure) and relatively simple with the whole network model (the whole IoT environment organized by a big Blockchain). Suppose the number of nodes in each BCS is K, then, for an IoT environment with n nodes, the depth of the complete K-tree is formed by these nodes, that is, the longest length of certification chain is logkn, it can be proven that the verification time complexity is O(logkn). •
Storage Efficiency. The IoT device management adopts a central management-based approach for now, and each device keeps a record in the management center. Therefore, the data storage in the entire network is directly proportional to the total amount of devices. If the entire IoT network implements Blockchain technology completely, records should be recorded on each node, and the total storage capacity is proportional to the square of the network size [37]. In the approach adopted in this paper, the IoT environment for n nodes constitutes a complete K-tree structure, and the information of the device only needs to be stored on the intermediate node from the device to the topmost BCS. Therefore, the total storage capacity is proportional to the sum of the length of each node to the root [38]. Suppose the total path length of each node to the root is S; then we have the following formula. (1)
where h ~logkn is the height of the K-tree and . The overall storage capacity is K*S. •
Credibility Analysis. For different methods of credibility verification, the management center model has the best response time and the storage capacity, but the credibility is the worst. Once the management center is attacked, all nodes in the entire network are invalid. For the whole network model, the response time and the storage capacity are unacceptable and cannot be achieved, but its credibility is the best. In the method proposed in this paper, if using scheme (a) and scheme (b) in Section 5.1, the response time is the same as that of the whole network model and can significantly reduce the storage capacity. If using scheme
228
Blockchain Technologies and Crypto-Currencies
(c), the storage capacity can be further reduced, but the security depends on the size of each BCS and the verification sampling rate [39]. The greater the number of BCS nodes and the larger the sampling rate, the greater the credibility. In summary, the use of a management center for credibility verification used the least amount of storage space, but the center received a large range of attacks. Although credibility verification with the whole network model has the best reliability, its storage capacity, computational ability, and response time of each node are unacceptable. The proposed credibility verification method has a smaller storage requirement without computational ability and storage capacity requirement for the terminal node and also has better advantages in response time.
EXPERIMENTS AND EVOLUTION As discussed in Section 5, response efficiency can be proven directly. In this section our experiments demonstrate the storage and credibility efficiencies. The measurements include the amount of the data to storage, the effect of the tree’s degree “K” and nodes forged rate. It is also including the sampling rate and the value of threshold when we verify the data in the selection node.
Storage Evaluation For our proposed method, the overall storage capacity is K*S, for different values of K and n, the storage capacity regular pattern is shown in Figure 4. As can be seen from Figure 4, for the same number of nodes, the greater the value of K, the greater the storage space required. The comparison of the storage efficiency of the three methods is shown in Figure 5.
Figure 4: Storage capacity measurement with different K (node count in BCS) and n (node count in IoT).
Blockchain Based Credibility Verification Method for IoT Entities
229
Figure 5: Comparison of storage efficiency.
In Figure 5, the curves prove our analysis of storage efficiency and our method is much better than the full BC model.
Performance Evaluation For the proposed method, there has been a lot of research to prove the performance of solution like (a) and (b) in Section 5.1. Thus, we focus on solution (c). There are many factors that affect the performance evaluation, and the most important include the following:(i)The degree of the tree (K) (ii)The number or probability of forged nodes (FP)(iii)The count of samples for solution (c) in Section 5.1 (SR)(iv)The threshold to determine whether the node is forged (T) The degree of the tree determined the average path length of the node pair. The probability of forged nodes determined the probability of forged node appearing on the path. Hence, these two facts decide the probability of counterfeiting [40]. We simulate the environment with ten million IoT entity nodes and select one million times node pair randomly for each parameter combination. The statistical results are shown in Figure 6.
Blockchain Technologies and Crypto-Currencies
230
Figure 6: Paths with forged node.
In Figure 6, we can see that, with the increase of forge probability, paths with forged node increased, but for different K with the same FP the difference is not obvious. We examine the relationship of SR and T. There are two indicators to be measured: (i) (ii)
The rate of forged node to be detected (DR) The rate of nonforged nodes being detected as forged nodes (NFR); it is a negative measurement. When we simulate a use case, if the different rates of selected nodes are more than the given threshold T, and the observed node is a forged one, we mark it as a detected one. Otherwise, if the different rates of selected nodes are more than the given threshold T but the observed node is not a forged one, we mark it as an error. With the given K=300 and FP=1/1000, the detected rate and the error rate are shown in Figure 7. From Figure 7(a), we can see that the higher the threshold, the lower the detected rate. That means the higher the requirement of proving a given node is a forged node, the lower its chance of being detected. We can also draw a conclusion that the better threshold is less than 75%.
Blockchain Based Credibility Verification Method for IoT Entities
231
Figure 7: The experimental results of detected rete and error rate.
From Figure 7(b), we can see that the sample count determines the error count and the error convergence speed. The bigger the count of samples is, the more the error occurs, but the faster the convergence rate increases with the increase of the threshold. Also, we can see that, if the threshold is over 65%, there are almost no errors. Hence, we suggest the threshold of different rate is 65%-75%. However, we want to know whether it is suitable for other parameter combinations. We selected K as 200, 400, 500, and 1000 and then repeated the experiments. The results are shown in Figure 8. It shows that, with different K, the threshold of 65%-75% still worked well and the suggestion is effective.
232
Blockchain Technologies and Crypto-Currencies
Figure 8: Detected rate and count of errors with different K: (a) and (b) K=200; (c) and (d) K=400; (e) and (f) K=500; (g) and (h) K=1000.
CONCLUSION With the continuous development of IoT technology, the problems of security, privacy, and credibility are attracting increasing attention [41]. In this paper, we have presented an IoT device credibility verification method based on Blockchain technology and discussed it in detail. The validity of the proposed model and method can reach the credible requirement by Blockchain technology and also has certain advantages in regard to storage space and response time. Although the proposed method has some advantages, there are still some problems to be resolved. For example, an attack on the MS cannot verify the credibility of all the nodes under it, which does not achieve complete decentralization. The 51% of the computation problem is still not effectively addressed and still threatens the entire network under such an attack. In addition, for a large scale IoT environment, determining how to choose the number of BCS nodes and how to control the height of the tree is still a problem requiring further study.
Blockchain Based Credibility Verification Method for IoT Entities
233
ACKNOWLEDGMENTS This work was supported in part by the National Key R&D Program of China (Grant no. 2016YFD0400206); the Guangdong University Scientific Innovation Project (Grant no. 2017KTSCX); the Outstanding Young Teacher Training Program of the Education Department of Guangdong Province (Grant no. YQ2015158); Guangdong Provincial Science and Technology Plan Projects (Grant no. 2016A010101035); the National Natural Science Fund, China (Grant no. 61300198).
234
Blockchain Technologies and Crypto-Currencies
REFERENCES 1.
L. Atzori, A. Iera, and G. Morabito, “The internet of things: a survey,” Computer Networks, vol. 54, no. 15, pp. 2787–2805, 2010. 2. M. Tao, J. Zuo, Z. Liu, A. Castiglione, and F. Palmieri, “Multilayer cloud architectural model and ontology-based security service framework for IoT-based smart homes,” Future Generation Computer Systems, vol. 78, pp. 1040–1051, 2018. 3. H. Li, Y. Tian, Y. Liu, T. Li, and W. Mao, “UAI-IOT framework: A method of uniform interfaces to acquire information from heterogeneous enterprise information systems,” in Proceedings of the 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing, GreenCom-iThings-CPSCom 2013, pp. 724–730, chn, August 2013. 4. Y. Zhang and J. Wen, “The IoT electric business model: Using blockchain technology for the internet of things,” Peer-to-Peer Networking and Applications, vol. 10, no. 4, pp. 983–994, 2017. 5. S. Sicari, A. Rizzardi, L. A. Grieco, and A. Coen-Porisini, “Security, privacy and trust in Internet of Things: the road ahead,” Computer Networks, vol. 76, pp. 146–164, 2015. 6. C. Gao, Q. Cheng, P. He, W. Susilo, and J. Li, “Privacy-preserving Naive Bayes classifiers secure against the substitution-then-comparison attack,” Information Sciences, vol. 444, pp. 72–88, 2018. 7. Z. Huang, S. Liu, X. Mao, K. Chen, and J. Li, “Insight of the protection for data security under selective opening attacks,” Information Sciences, vol. 412-413, pp. 223–241, 2017. 8. M. Tao, K. Ota, and M. Dong, “Locating Compromised Data Sources in IoT-Enabled Smart Cities: A Great-Alternative-Region-Based Approach,” IEEE Transactions on Industrial Informatics, vol. 14, no. 6, pp. 2579–2587, 2018. 9. R. Xie, C. He, D. Xie, C. Gao, and X. Zhang, “A Secure Ciphertext Retrieval Scheme against Insider KGAs for Mobile Devices in Cloud Storage,” Security and Communication Networks, vol. 2018, pp. 1–7, 2018. 10. A. Dorri, S. S. Kanhere, R. Jurdak, and P. Gauravaram, “Blockchain for IoT security and privacy: The case study of a smart home,” in Proceedings of the 2017 IEEE International Conference on Pervasive
Blockchain Based Credibility Verification Method for IoT Entities
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
235
Computing and Communications Workshops, PerCom Workshops 2017, pp. 618–623, IEEE, Kona, HI, USA, March 2017. L. Fan, X. Lei, N. Yang, T. Q. Duong, and G. K. Karagiannidis, “Secure Multiple Amplify-and-Forward Relaying with Cochannel Interference,” IEEE Journal of Selected Topics in Signal Processing, vol. 10, no. 8, pp. 1494–1505, 2016. L. Fan, X. Lei, N. Yang, T. Q. Duong, and G. K. Karagiannidis, “Secrecy Cooperative Networks with Outdated Relay Selection over Correlated Fading Channels,” IEEE Transactions on Vehicular Technology, vol. 66, no. 8, pp. 7599–7603, 2017. J. Shen, Z. Gui, S. Ji, J. Shen, H. Tan, and Y. Tang, “Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks,” Journal of Network and Computer Applications, vol. 106, pp. 117–123, 2018. Z. Wu, L. Tian, P. Li, T. Wu, M. Jiang, and C. Wu, “Generating stable biometric keys for flexible cloud computing authentication using finger vein,” Information Sciences, vol. 433-434, pp. 431–447, 2018. Q. Lin, J. Li, Z. Huang, W. Chen, and J. Shen, “A short linearly homomorphism proxy signature scheme,” IEEE Access, vol. 6, pp. 12966–12972, 2018. M. Tao, K. Ota, M. Dong, and Z. Qian, “AccessAuth: Capacityaware security access authentication in federated-IoT-enabled V2G networks,” Journal of Parallel and Distributed Computing, 2017. J. Li, L. Sun, Q. Yan, Z. Li, W. Srisa-an, and H. Ye, “Significant Permission Identification for Machine Learning Based Android Malware Detection,” IEEE Transactions on Industrial Informatics, vol. PP, no. 99, pp. 1–1, 2018. J. Chen, K. He, Q. Yuan, G. Xue, R. Du, and L. Wang, “Batch Identification Game Model for Invalid Signatures in Wireless Mobile Networks,” IEEE Transactions on Mobile Computing, vol. 16, no. 6, pp. 1530–1543, 2017. J. Park and J. Park, “Blockchain Security in Cloud Computing: Use Cases, Challenges, and Solutions,” Symmetry, vol. 9, no. 8, p. 164, 2017. A. Gervais, G. O. Karame, K. Wüst, V. Glykantzis, H. Ritzdorf, and S. Čapkun, “On the security and performance of Proof of Work blockchains,” in Proceedings of the 23rd ACM Conference on
236
21.
22.
23. 24.
25.
26.
27.
28.
29.
30.
31.
Blockchain Technologies and Crypto-Currencies
Computer and Communications Security, CCS 2016, pp. 3–16, aut, October 2016. A. Ouaddah, A. Abou Elkalam, and A. Ait Ouahman, “FairAccess: a new Blockchain-based access control framework for the Internet of Things,” Security and Communication Networks, vol. 9, no. 18, pp. 5943–5964, 2017. J. Shen, C. Wang, T. Li, X. Chen, X. Huang, and Z.-H. Zhan, “Secure data uploading scheme for a smart home system,” Information Sciences, vol. 453, pp. 186–197, 2018. K. Christidis and M. Devetsikiotis, “Blockchains and Smart Contracts for the Internet of Things,” IEEE Access, vol. 4, pp. 2292–2303, 2016. S. Huh, S. Cho, and S. Kim, “Managing IoT devices using blockchain platform,” in Proceedings of the 19th International Conference on Advanced Communications Technology, ICACT 2017, pp. 464–467, kor, February 2017. C. Wang, J. Shen, Q. Liu, Y. Ren, and T. Li, “A Novel Security Scheme Based on Instant Encrypted Transmission for Internet of Things,” Security and Communication Networks, vol. 2018, pp. 1–7, 2018. C. Qu, F. Liu, and M. Tao, “Ontologies for the transactions on IoT,” International Journal of Distributed Sensor Networks, vol. 2015, Article ID 934541, 12 pages, 2015. M. Tao, K. Ota, and M. Dong, “Ontology-based data semantic management and application in IoT- and cloud-enabled smart homes,” Future Generation Computer Systems, vol. 76, pp. 528–539, 2017. P. Li, T. Li, H. Ye, J. Li, X. Chen, and Y. Xiang, “Privacy-preserving machine learning with multiple data providers,” Future Generation Computer Systems, 2018. C. Qu, F. Liu, M. Tao, and D. Deng, “An OWL-S based specification model of dynamic entity services for Internet of Things,” Journal of Ambient Intelligence and Humanized Computing, vol. 7, no. 1, pp. 73–82, 2016. M. A. Razzaque and S. Clarke, “Smart management of next generation bike sharing systems using Internet of Things,” in Proceedings of the 1st IEEE International Smart Cities Conference, ISC2 2015, mex, October 2015. Q. Lin, H. Yan, Z. Huang, W. Chen, J. Shen, and Y. Tang, “An IDbased linearly homomorphic signature scheme and its application in
Blockchain Based Credibility Verification Method for IoT Entities
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
237
blockchain,” IEEE Access, vol. PP, no. 99, pp. 1–1, 2018. Q. Liu, Y. Guo, J. Wu, and G. Wang, “Effective query grouping strategy in clouds,” Journal of Computer Science and Technology, vol. 32, no. 6, pp. 1231–1249, 2017. J. Li, X. Chen, S. S. Chow, Q. Huang, D. S. Wong, and Z. Liu, “Multiauthority fine-grained access control with accountability and its application in cloud,” Journal of Network and Computer Applications, vol. 112, pp. 89–96, 2018. S. Peng, A. Yang, L. Cao, S. Yu, and D. Xie, “Social influence modeling using information theory in mobile social networks,” Information Sciences, vol. 379, pp. 146–159, 2017. W. Chen, H. Lei, and K. Qi, “Lattice-based linearly homomorphic signatures in the standard model,” Theoretical Computer Science, vol. 634, pp. 47–54, 2016. J. Chen, K. He, R. Du, M. Zheng, Y. Xiang, and Q. Yuan, “Dominating set and network coding-based routing in wireless mesh networks,” IEEE Transactions on Parallel and Distributed Systems, vol. 26, no. 2, pp. 423–433, 2015. R. H. Jhaveri, N. M. Patel, Y. Zhong, and A. K. Sangaiah, “Sensitivity Analysis of an Attack-Pattern Discovery Based Trusted Routing Scheme for Mobile Ad-Hoc Networks in Industrial IoT,” IEEE Access, vol. 6, pp. 20085–20103, 2018. K. He, J. Chen, R. Du, Q. Wu, G. Xue, and X. Zhang, “DeyPoS: deduplicatable dynamic proof of storage for multi-user environments,” Institute of Electrical and Electronics Engineers. Transactions on Computers, vol. 65, no. 12, pp. 3631–3645, 2016. T. Li, J. Li, Z. Liu, P. Li, and C. Jia, “Differentially private Naive Bayes learning over multiple data sources,” Information Sciences, vol. 444, pp. 89–104, 2018. Y. Li, G. Wang, L. Nie, Q. Wang, and W. Tan, “Distance metric optimization driven convolutional neural network for age invariant face recognition,” Pattern Recognition, vol. 75, pp. 51–62, 2018. W. Meng, E. W. Tischhauser, Q. Wang, Y. Wang, and J. Han, “When Intrusion Detection Meets Blockchain Technology: A Review,” IEEE Access, vol. 6, pp. 10179–10188, 2018.
A Blockchain-Based Contractual Routing Protocol for the Internet of Things Using Smart Contracts
10
Gholamreza Ramezan and Cyril Leung Department of Electrical and Computer Engineering, The University of British Columbia, Vancouver, Canada
ABSTRACT In this paper, we propose a novel blockchain-based contractual routing (BCR) protocol for a network of untrusted IoT devices. In contrast to conventional secure routing protocols in which a central authority (CA) is required to facilitate the identification and authentication of each device, the BCR protocol operates in a distributed manner with no CA. The BCR protocol utilizes smart contracts to discover a route to a destination or data gateway within heterogeneous IoT networks. Any intermediary device can
Citation: Gholamreza Ramezan and Cyril Leung, “A Blockchain-Based Contractual Routing Protocol for the Internet of Things Using Smart Contracts,” Wireless Communications and Mobile Computing, vol. 2018, Article ID 4029591. Copyright: © 2018 Gholamreza Ramezan and Cyril Leung. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
240
Blockchain Technologies and Crypto-Currencies
guarantee a route from a source IoT device to a destination device or gateway. We compare the performance of BCR with that of the Ad-hoc On-Demand Distance Vector (AODV) routing protocol in a network of 14 devices. The results show that the routing overhead of the BCR protocol is 5 times lower compared to AODV at the cost of a slightly lower packet delivery ratio. BCR is fairly resistant to both Blackhole and Greyhole attacks. The results show that the BCR protocol enables distributed routing in heterogeneous IoT networks.
INTRODUCTION Recent progress in wireless communications and mobile computing has enabled a large variety of devices to connect to the Internet, forming the Internet of Things (IoT) [1, 2]. The IoT is a heterogeneous network of various types of devices from different vendors which collect, transfer, process, and analyze data and take appropriate actions [3, 4]. The IoT faces numerous challenges due to the need to integrate a large number of dissimilar objects. Routing, which establishes a communication path from a source IoT device to a destination node, for example, a gateway, is one such challenge. A variety of routing protocols for IoT networks have been studied [5–9]. In [5], a routing protocol for low-power and lossy networks (RPL) was proposed. The RPL protocol is a promising routing protocol that is used in the large-scale BC Hydro smart meter project in British Columbia, Canada [10]. Providing secure communication and preventing attackers from interfering with the routing process are major concerns in this network. The utilization of cryptographic algorithms is the first approach in securing routing protocols. However, in the design of most existing routing protocols, such as Secure Ad-hoc On-Demand Distance Vector (SAODV) [11], Ariadne [12], Optimized Link State Routing (OLSR), and optimal and secure routing (OSR) [13], the availability of a central authority (CA) to distribute the secret keys between network nodes is assumed [14–16]. The major problem is that the large number of IoT vendors cannot simply agree on a centralized management system. This is due to the trust issue between IoT vendors and the high cost of implementing trust management infrastructures such as the Public Key Infrastructure (PKI). The second approach is the reputation-based method that measures the degree to which a network node contributes to the routing process [17, 18]. In [17], a reward mechanism is proposed to incentivize nodes to participate in the routing process. Each network node is selected based on its reputation
A Blockchain-Based Contractual Routing Protocol for the Internet of....
241
in the routing process. The reputation information is derived either from observing the behaviour of its neighbors or from trusted external advisors in the network. In both cases, the accuracy of the reputation system can be affected either because of the limited network view of a network node based solely on viewing its neighbors, or from its attackers’ falsification of reputation information coming from external trusted systems [19]. The lack of trust in a central management system and the need for a publicly verifiable reputation system lead us to leverage public ledger techniques, such as blockchain, to design routing protocols for the IoT. In this paper, we introduce a decentralized blockchain-based contractual routing (BCR) protocol. The BCR protocol enables IoT devices from diverse vendors to trust one another and cooperate during data communication. Using this approach, the devices in a delay-tolerant IoT network can find routes to a gateway or destination device in a decentralized manner. The main contributions of the paper are as follows:(i)We propose contractual routing as a blockchain-based routing protocol for the IoT. A public ledger system is used to decentralize the BCR protocol.(ii)We provide a proof of concept of the BCR protocol using the Ethereum blockchain and consider the following four performance metrics: Packet Delivery Ratio (PDR), Throughput (TP), Routing Overhead (RO), and Route Acquisition Latency (RAL).(iii)We compare the performance of BCR with that of Ad-hoc OnDemand Distance Vector (AODV) which is a commonly used routing protocol [20]. Our results show that the BCR has a slightly lower PDR but a much lower routing overhead.(iv)We study the performance of BCR under Blackhole and Greyhole attacks by malicious devices which do not necessarily follow the smart contract rules. The remainder of this paper is structured as follows. In Section 2, we review related works. Section 3 presents the system model. In Section 4, we discuss the attack model. In Section 5, we describe the proposed routing protocol. In Section 6, we compare the performances of the BCR and AODV protocols. Finally, the main conclusions are discussed in Section 7.
RELATED WORKS Financial incentive models have been introduced in various works [17, 18, 21–24]. For example, Ad-hoc VCG [17] provides a game-theoretical setting for routing within mobile ad-hoc networks in which a node accepts a payment for forwarding data packets from other agents provided the payment
242
Blockchain Technologies and Crypto-Currencies
exceeds its cost. The system provides the incentive for users to cooperate. In [18], Sprite is proposed as a model to reward each participant node when routing data packets. However, the approach still requires that nodes access a central system, such as a bank, to send a proof message which shows a data packet is delivered. The proof message includes digital signatures and node identities, so as to receive rewards from the bank. This method is vulnerable, as attackers can forge a proof message to be sent to a central management system to generate rewards. The Onion Router proposed in [23] is based on [24], a blockchain-based reward mechanism for anonymous routing. This routing needs a centralized network since it requires that nodes be assigned to their specific relay nodes, after which only these nodes will receive the data. The authors of [22] introduce the idea of monetizing routing protocols based on public ledger techniques, whereby reputation is traded as an asset. In contrast, we propose a communications network model and describe an implementation of our proposed decentralized BCR protocol. Furthermore, we analyze the performance of the proposed protocol.
SYSTEM MODEL In this section, we describe a model to implement the proposed BCR which protocol. The system consists of a multihop IoT network cooperates with blockchain network
, as shown in Figure 1.
A Blockchain-Based Contractual Routing Protocol for the Internet of....
243
Figure 1: Setup for a decentralized communications network for IoT devices.
Multihop IoT Network The IoT network intermediary devices
consists of a set of Source devices , a set of , and a set of Destination devices and Data gateways
. There is no central management for registration, authentication, or device authorization. The source device aims to send data to a destination device or a data gateway. •
Source devices : A Source device originates a request access to send data to a destination, or a data gateway. The gateway allows the source device access to the Internet to periodically update firmware or upload data to its vendors’ cloud.
•
: The devices with no direct connection Intermediary devices to a destination or data gateway use other devices to relay their traffic. An IoT device that relays source device data traffic to a gateway or destination is referred to as an intermediary device.
•
Destination devices or Data gateways : Data gateways provide source devices access to larger networks, or the Internet. Data gateways can be access points within Wi-Fi networks, base
Blockchain Technologies and Crypto-Currencies
244
stations in Multihop Cellular Networks (MCN) [25], or sink nodes in Wireless Sensor Networks (WSN) [6].
Blockchain Network The system includes a blockchain network denoted by following parameters, components, and capabilities:
with the
(1)
Parameters: The blockchain has the following parameters [26]:
(i)
with the parameter Common Prefix property the honest blockchain nodes, and chains
would be a prefix of a prefix of
its last (ii)
node and
is Chain
the depth parameter.
with parameters
and
is the ratio of the greatest chain that can be
Chain Growth property
is called the chain quality coefficient. with parameters
and
, where, for any honest blockchain nodes, Chain
minus
is the length of the blockchain owned by an honest
created by an adversary. (iii)
,where
blocks. We would call
Chain Quality property , where
: Suppose , maintain
for any
block times at least
.
with
blocks will be
is called the speed coefficient. added to the blockchain. The above parameters imply that the public ledger has the following two properties [27]: (i)
(ii)
Liveness: A submitted transaction from a network node to the blockchain block producers will appear in a block after a sufficient period of time. In other words, all transactions originating from the network nodes will eventually end up at a block within the blockchain. Persistence: Persistence means that once a transaction goes into the blockchain of one honest block producer, it will be included with very high probability in every honest block producer’s blockchain and be consequently assigned a permanent position in the blockchain.
A Blockchain-Based Contractual Routing Protocol for the Internet of....
245
(2) Components: Our proposed blockchain network contains block producers
and blockchain gateways
as components:
(i)
Blockchain gateways : The blockchain gateways enable communication between IoT devices and the blockchain network. These gateways may be cellular base stations, Wi-Fi access points, or satellites.
(ii)
: Each block producer receives transactions Block Producers from the IoT network and assembles them into a block. It then attempts to add the newly generated block into the blockchain. Block producers may belong to IoT device vendors but none of them are trusted by other block producers. They must come to a consensus through blockchain consensus mechanisms about the transactions. Depending on the applied consensus algorithm, different security assumptions should be considered to preserve the properties of liveness and persistence. For example, the honest block producers should control at least 75% of the processing power in the block producers network if the Proof-of-Work (PoW) consensus mechanism is used [28]. Capabilities: To apply blockchain technology to our system
(3)
model, the blockchain network should be capable of running programs. Several works have developed programming frameworks that take in high-level programs as specifications and generate cryptographic implementations [29–31]. The idea of programmablesmart contracts dates back nearly twenty years [32]. Ethereum [29] is the first Turing-complete decentralized smart contract system. A contract can be run by calling on one of its functions, where each function is defined by a sequence of instructions. The smart contract maintains an internal state and can receive/transfer blockchain tokens from/to users or other smart contracts. Users send transactions to the Ethereum block producers network to invoke functions. Each transaction may contain input parameters for the contract and an associated token amount which is transferred from the user to the smart contract. The authors of [30] propose Hawk as a framework for building privacy preserving smart contracts. The Hawk compiler is in charge of compiling the program to a cryptographic protocol between the blockchain and its users. Hyperledger [31] is another blockchain development platform which supports smart
Blockchain Technologies and Crypto-Currencies
246
contracts. Smart contracts on the Hyperledger platform are called chaincodes. All the IoT devices, block producers, and gateways agree on the monetary value of a token. One of the ways for an IoT device to acquire tokens is by direct deposit from its owner into its blockchain address. The tokens can also be acquired from smart contracts. When an IoT device provides services, such as routing services for other IoT devices, the tokens assigned to a smart contract can be transferred from the smart contract address to the IoT device address on the blockchain.
ATTACK MODEL In this section, we define the attackers’ capabilities when they attack the BCR protocol. Attackers can be classified into two main categories: selfish and malicious nodes. A selfish node does not intentionally disrupt routing, but it drops other nodes’ routing messages while using their resources to route its own messages. Detecting and mitigating a selfish node is difficult, since the node does not actively violate the routing protocol rules. Malicious nodes purposefully disrupt routing messages [22]. An attacker is a dishonest IoT device which holds a sufficient number of tokens to allow it to join a network and then attempts to interfere with the network’s routing process by preventing honest IoT devices from accessing the data gateways. (1)
(2)
(3)
Anonymity: The network does not use any centralized authority to authenticate IoT devices. Any IoT device can generate its own private/public key pair. Based on the generated public key, the IoT device derives its own blockchain address. This provides anonymity for the network nodes because no one knows the identity of the owner of a new blockchain address. Token-based Authorization: Every IoT device which possesses a sufficient number of blockchain tokens is authorized to generate a smart contract and request a route to a gateway. Attacker’s Violation Scope: An attacker can manipulate the routing protocol in its own IoT device. Therefore, it can violate the routing protocol procedures and rules. It is assumed that honest IoT devices have not been compromised; that is, the attackers are unable to access the private keys within honest IoT devices. An honest IoT device can process and properly follow the contractual routing protocol. For example, if an honest IoT device receives a smart contract with a zero-token bond, it will
A Blockchain-Based Contractual Routing Protocol for the Internet of....
247
treat this as an invalid request. (4) Attacker Exhaustion Defense Strategy: The defense strategy in the BCR protocol does not instantly halt an attack but, instead, it deters the attacker by gradually exhausting the attacker’s tokens. Each honest IoT device has an internal mechanism which blacklists malicious IoT devices that interfere in the routing of previous data packets by preventing the packets from reaching a gateway. When an IoT device B is blacklisted by another IoT device A, A will prevent B from participating in the next smart contracts for a specified period. (5) Sequential Punishment: If an attacker drops a data packet, every other intermediary IoT device on that route will be penalized by having to pay tokens to its previous intermediary IoT device. Each intermediary device will be paid in turn by the next intermediary device on the same route. This sequential punishment mechanism allows the routing protocol to punish the attacker which drops data packets. (6) Transparency: All network nodes and attackers have access to the blockchain gateways and can acquire a copy of the blockchain data to learn about the smart contracts. (7) Block producers: The blockchain is not compromised since it is assumed that the blockchain consensus algorithm works correctly. Thus, attackers cannot place a false transaction within a block in the blockchain through the block producers network. The aim of the BCR protocol is to discourage attackers from interfering with packet routing, as such interference requires the expenditure of tokens. This mechanism permits different vendors’ IoT devices to build trust in one another based on their past behaviors as they seek a route to a gateway, without the need for centralized certificated authority.
THE BLOCKCHAIN-BASED CONTRACTUAL ROUTING (BCR) PROTOCOL We first provide an overview of a general approach towards designing routing protocols. Existing routing protocols typically consist of two major phases. Phase 1 is for route establishment, while Phase 2 is for route maintenance. In Phase 1, a source IoT device sends a Route Request (RREQ) control message to find a route to a destination device. Each intermediary or destination
Blockchain Technologies and Crypto-Currencies
248
device which receives the RREQ packet can respond by sending a Route Reply (RREP) message to the source IoT device. A Route Error (RERR) message is used to notify other devices that a certain device is no longer reachable, and they have to remove that route from their routing table. In the proposed BCR protocol, each source IoT device creates a smart contract to request a route to a destination or data gateway for a specific period instead of creating RREQ control messages. Each smart contract created by an IoT device has a separate address within the blockchain that is generated by a block producer when placing a smart contract in a block. The IoT device can broadcast this address to its neighbors to inform them about a new routing request. The BCR protocol is implemented using smart contracts within the blockchain. The IoT devices request that the functions within the smart contract follow the BCR protocol. Thus, transmission of control messages in existing routing protocols is replaced by smart contract function calls in the BCR protocol. The BCR protocol is next explained in detail.
BCR Protocol States Figure 2 shows the state machine diagram of the BCR protocol smart contract. The smart contract states are described below: (i)
(ii)
Route Requested: When a source IoT device needs to reach a gateway, it creates a smart contract within the blockchain and sends the smart contract address to its neighbors. It also sets the state field within the smart contract to Route Requested. IoT devices do not necessarily need to know the data gateway address but can instead use an IPv6 address scheme, such as FF01::2, which allows devices to address any gateways or routers in the network [33]. The source IoT device transfers some of its own blockchain tokens as a bond to a smart contract address to create a smart contract. The possibility of earning tokens encourages intermediary IoT devices to respond to the route request ( ). The source IoT device also specifies the period for which the state of the route request within a smart contract is valid ( ). This smart contract is termed the original contract. Route Offered: Each neighboring IoT device, which has a valid route entry to a gateway and would like to participate in relaying
A Blockchain-Based Contractual Routing Protocol for the Internet of....
249
data packets ( ), can respond to an original smart contract. The intermediary IoT device offers its services to the source device by calling on a function within the original contract and transferring some of its own tokens to the smart
(iii)
(iv)
(v)
(vi)
). The function call goes contract address ( to the block producers’ network which changes the state of the received smart contract to Route Offered. A maximum of 3 route offers from different intermediary IoT devices can be stored in each contract. If the neighboring intermediary IoT device is unaware of a route to the data gateway or destination, it can still participate in relaying data packets by creating a new smart contract, namely, the intermediary contract. The intermediary contract stores the address of the originally issued smart contract or another intermediary contract in the parameter. Route Accepted: The source IoT device determines whether to accept an offered route to send its data packets. It selects the next neighbor to reach a gateway based on its own internal policies. It can choose a low-cost route offered by one of its neighbors or multiple neighbors to act as a relay(s) in order to increase the security and throughput of data packets. Route Passed: When data is received by the data gateway, the smart contract state is changed to Data Passed by the gateway. If an IoT intermediary device B offers a route, but is unable to successfully relay the source IoT device’s data packets within the specific time mentioned in the smart contract, the source IoT device will place the B’s address to its internal blacklist for a limited period ( ). The source IoT device will add its current blacklist addresses to any newly created smart contract’s blacklist ( ). Aborted: At any time, each device in the IoT network can abort the routing process by calling on the Abort function inside the smart contract. However, the smart contract Abort function acts accordingly based on its caller IoT device type and the current state of the smart contract. Expired: As the BCR protocol has various timers, an IoT device can request that the Expire function inside a smart contract to review the timers and take action accordingly.
Blockchain Technologies and Crypto-Currencies
250
Figure 2: The protocol state machine of BCR protocol has 6 states. Transition between states occurs when IoT devices call functions inside smart contracts.
BCR Protocol Transitions A protocol transition specifies the required conditions that triggers a state change. IoT devices perform the trigger when calling up a function inside the BCR protocol smart contract. We next review the parameters used by the functions inside the BCR protocol smart contract. Then, we explain the functions of the smart contract. The IoT devices call on these functions to run the BCR protocol. (1)
(i)
BCR protocol parameters: BCR protocol parameters within a smart contract are used by smart contract functions and can be seen publicly. The BCR protocol parameters within an IoT device are set by the IoT device based on its own internal policy. Each IoT device can have its own values for these internal parameters. The required parameters for a BCR protocol as listed in Table 1: Contract_Address stores the smart contract address. A smart
A Blockchain-Based Contractual Routing Protocol for the Internet of....
251
contract can be dynamically created inside a blockchain by a source IoT device, or previously created by the IoT device owner. In the latter case, the IoT device owner, after creating a smart contract inside a blockchain, writes the address inside the IoT device. (ii) State indicates the current state of a smart contract. Possible states are Route Requested, Route Offered,Route Accepted, Data Passed, Expired, and Aborted as explained in the previous section. (iii) Source, Intermediary, and Destination store the addresses of the source, intermediary, and destination IoT devices. The source IoT device has requested access to a data gateway. The intermediary devices are ready to relay the data packets from the source IoT device to a destination or data gateway. This field in each smart contract stores up to three intermediary IoT device addresses. Destination IoT device is the destination node to be reached. In the Performance Evaluation section, we attempt to reach a data gateway network address as the destination, for example, FF01::2, that refers to any routers in an IPv6 network. (iv) Route_Request_Expiry (RRE) is the expiry time until which the route request is valid. (v) Route_Request_Bond (RRB) is set by the source IoT device and shows the number of tokens that the source IoT device will pay to the intermediary IoT device if the route to the destination works properly and the destination receives the data packets. (vi) Route_Offer_Validity (ROV) shows the period for which the route offered by an intermediary IoT device to a source IoT device is valid. In other words, the intermediary IoT device relays the data packets to a gateway for the source IoT device only for a period which is specified by the ROV parameter. (vii) Route_Offer_Bond (ROB) is the number of tokens an intermediary IoT device puts as a bond to guarantee that the intermediary IoT device can successfully pass the data packets to the gateway. (viii) Blacklisted_Addresses stores a list of device addresses which are not allowed to participate in the smart contract for a certain period of time ( ). This parameter is set by the source IoT device every time one of its neighbors fails in relaying data to a data gateway. Therefore, the intermediary addresses are restricted from putting forward any smart contract offer.
Blockchain Technologies and Crypto-Currencies
252
(ix)
Selected_Route stores the intermediary address which is selected by the source IoT device for data packet forwarding. This address parameter. is selected from one of addresses in (x) Timestamp logs the time at which the smart contract is created in the blockchain. This field is set by block producers. (xi) Parent_Contract stores the address of the previously issued smart contract. If the smart contract is an original one not preceded by a previously issued smart contract, the Parent_Contract parameter is empty. After receiving a smart contract, the IoT device checks this parameter to ensure that the previous smart contract was not self-issued. Using this mechanism, the routing protocol avoids a loop from occurring in the routing protocol. (xii) Hop stores the number of hops from the source IoT device to the current intermediary IoT device. The intermediary device, after receiving a smart contract, checks its own routing table. If no route to a data gateway is found, it creates a new smart contract and sets this field in the newly created smart contract by increasing the Contract_Hop parameter value in the previous contract. Intermediary nodes use this parameter to prevent the creation of a routing loop if the parameter exceeds a Max_Hop or maximum value. (xiii) Gas is a term used in the Ethereum blockchain to define the cost of calling on a function inside a smart contract via a source or intermediary IoT device. Gas shows the number of tokens that an IoT device should pay to the block producers when a smart contract’s internal functions are run by the block producer. Table 1: BCR protocol parameters
A Blockchain-Based Contractual Routing Protocol for the Internet of....
253
Location shows whether the parameter is used within a smart contract or an IoT device. ∗
(2)
BCR protocol functions: The transition between smart contract states is performed by calling on the smart contract functions. Every time an IoT node calls on a function, some tokens as specified in the Gas of the function will be moved from the IoT device blockchain account to that of the block producer.(i) Route Request(): Each IoT device, whenever it needs to reach a destination or data gateway, can request that the blockchain producers create a smart contract on the blockchain. The source IoT device digitally signs a transaction for this purpose and sets the smart contract’s parameters. This function is shown in Algorithm 1.(ii)Route Offer(): This takes place when an intermediary IoT device establishes a route to the destination or data gateway in its internal routing table and is ready to relay data packets to it for a source IoT device. Each contract accepts up to three route offers from intermediary devices. This function is shown in Algorithm 2.(iii)Route Accept(): Whenever a source IoT device decides to accept an offered route, it calls on the Route Accept function within the blockchain. The Block Producer runs this function if the function caller IoT device’s address is identical to that of the source IoT device within the smart contract. This function is shown in Algorithm 3.(iv)Data Pass(): Whenever a destination IoT device receives data packets, it can call on the Data Pass function within the blockchain. The block producer runs the function if the function caller address is the same as the destination address within the smart contract. This function is shown in Algorithm 4.(v)Expire(): Whenever a destination IoT device receives the data packets, it can call on the Data Pass function inside the blockchain. The Block Producer runs the function if the function caller’s IoT device’s address is identical to that of the destination IoT device’s address within the smart contract. This function is shown in Algorithm 5.(vi) Abort(): Whenever an IoT device wishes to leave the contract, it can call on the Abort function. Depending on the state of the contract, the Abort function returns the tokens to the IoT devices. This function is shown in Algorithm 6.
254
Blockchain Technologies and Crypto-Currencies
Algorithm 1: Route Request function.
Algorithm 2: Route Offer function.
Algorithm 3: Route Accept function.
Algorithm 4: Data Pass function.
A Blockchain-Based Contractual Routing Protocol for the Internet of....
255
Algorithm 5: Expire function.
Algorithm 6: Abort function.
PERFORMANCE EVALUATION We now study the performance of the BCR protocol in a network with no CA or node authentication support. We compare the performance of the BCR with that of the AODV routing protocol. We also assess the impact of Blackhole and Greyhole attacks on the BCR protocol.
256
Blockchain Technologies and Crypto-Currencies
Simulation Setup We investigate the BCR protocol by developing a simulator using the Ethereum blockchain and Solidity language [29] to provide a proof of concept of the protocol. The average time between two consecutive blocks in a blockchain is called block time. Since the Ethereum block time is 14 seconds, it may not be suitable for real time telecommunication applications as it is too long for interactive applications. In the EOS blockchain, the block time is much shorter, 0.5 sec, that makes it suitable for real implementation of the BCR protocol. We study different scenarios for Greyhole and Blackhole attacks [34]. The source IoT device generates one Route Request smart contract for each 1000-byte data packet. The simulation parameters are summarized in Table 2. Table 2: Simulation parameter values
The performance of the BCR protocol is evaluated based on the following metrics: (i)Packet Delivery Ratio (PDR) is given by (1) where Drcv is the number of data packets successfully received by the gateway and Dtotal is the total number of data packets sent by the source IoT device. (ii)Throughput (TP) is the average number of data packets successfully received per second by the gateway and is given by
A Blockchain-Based Contractual Routing Protocol for the Internet of....
257
(2)
where Tsim is the simulation duration. (iii)Routing Overhead (RO) is given by
(3) where Dnet is the total number of passed data packets. We considered 1000 data packets for each smart contract. Dctrl is the total number of control messages; that is, the number of function calls in smart contracts. Each function call in a smart contract is assumed to need a 100-byte control packet. (iv)Route Acquisition Latency (RAL) is the average time between the generation of a smart contract and the reception of the first valid route offer from an intermediary device. This is calculated only for the contracts of data packets successfully received by the gateway: (4) where S is the set of successful smart contracts, Ti, req is the time at which a contract is generated to request a route for data packet i, Ti, req is the time at which the first valid route offer for data packet i is received by the source IoT device, and |S| is the size of set S.
Figure 3: The route establishment process in BCR. The source and destination nodes are labeled S and D, respectively.
Blockchain Technologies and Crypto-Currencies
258
We conduct the simulations/numerical experiments for a network topology with 14 devices, as shown in Figure 3. The source device has three possible paths to reach the data gateway (destination device). The devices 8, 3, and 4 are the first, second, and third malicious devices, respectively. The departure of data packets at the source device follows a Poisson process with an average packet interarrival time of 5 seconds.
SIMULATION RESULTS In this section, we compare the performance of the BCR protocol with that of the AODV routing protocol. We also assess the performance degradation of the BCR protocol in the presence of Blackhole and Greyhole attacks. In a Blackhole attack, the malicious device replies to the route request smart contracts by offering wrong routes in order to disturb the network. In Greyhole attacks, the malicious device passes or drops each data packet with probability 0.5. The malicious device aims to confuse its neighbors as to whether it is malicious or not. (1)
Comparison of BCR and AODV routing protocols: We evaluate the performance of AODV using ns-3 simulator. The ns-3 is an open source software providing a discrete-event network simulator for Internet research and educational use [35]. The ns-3 complies to the technical norms of standard organizations for emerging networks like 3GPP, IEEE, and Wi-Fi Alliance. This is the main reason we choose ns-3 as a prototyping tool for the performance analysis presented in this paper. We obtain the simulation results using the same data traffic and network topology as for BCR. Figure 4 shows a comparison of the BCR and AODV routing protocols. The BCR protocol has a lower PDR (93%) than AODV (99%). The TP of the BCR protocol is 1.27 kbps which is 9% less than the AODV TP of 1.43 kbps. However, AODV incurs much higher RO ratio (7.12) than that of the proposed routing protocol (1.2). This is because, unlike AODV, our proposed routing protocol does not require IoT devices to start route establishment processes for sending each packet.
A Blockchain-Based Contractual Routing Protocol for the Internet of....
259
Figure 4: A comparison of the BCR and AODV routing protocols based on PDR, TP, and RO performance.
(2)
Blackhole and Greyhole attacks: Figures 5–8 show the PDR, TP, RO, and RAL for BCR as a function of the number, N, of malicious nodes in the absence of attacks (i.e., N=0) and in the presence of Blackhole and Greyhole attacks (i.e.,
).
Figure 5: PDR of the BCR protocol in the absence of any attacks (N=0) and in the presence of Blackhole and Greyhole attacks (
).
260
Blockchain Technologies and Crypto-Currencies
Figure 6: TP of the BCR protocol in the absence of any attacks (N=0) and in the presence of Blackhole and Greyhole attacks (
).
Figure 7: RO of the BCR protocol in the absence of any attacks (N=0) and in the presence of Blackhole and Greyhole attacks (
).
A Blockchain-Based Contractual Routing Protocol for the Internet of....
261
Figure 8: RAL of the BCR protocol in the absence of any attacks (N=0) and in the presence of Blackhole and Greyhole attacks (
).
Figure 5 shows the PDR of BCR for Blackhole and Greyhole attacks. It can be seen that the BCR protocol is less vulnerable to Blackhole attacks than to Greyhole attacks. This is due to the unpredictable behaviour of the Greyhole. Figure 6 shows that the TP of BCR for different number of malicious nodes N. When N=3, the TP decreases to almost one third of its value at N=0. This is due to the presence of the malicious devices on two of the three possible paths from the source to the destination. This shows that BCR can complete the route establishment phase successfully without a CA. Figure 7 shows the RO of BCR. The RO increases from 32% when there is no attack (i.e., N=0) to 69% for Greyhole attacks with N=3. Figure 8 shows the RAL (in Block times) of BCR protocol. It can be seen that a route to the gateway is found in 5.5 Block times where there is no malicious device (i.e., N=0). The RAL increases to 6.9 Block times when the network is under Greyhole attack by N=3 malicious nodes. The actual latency (in seconds) can be reduced by shortening the Block time using other blockchain technologies such as EOS blockchain. With the Ethereum Block
262
Blockchain Technologies and Crypto-Currencies
time of 14 seconds, the BCR protocol can be used only for delay-tolerant applications. The EOS blockchain is a smart contract platform which is an alternative to the Ethereum blockchain. EOS uses a delegated proof of stake (DPoS) consensus algorithm in contrast to the energy-consuming PoW consensus mechanism used in Ethereum. Moreover, EOS can process 1,000-6,000 transactions per second while Ethereum can process only 15 transactions per second [29, 36]. These features make EOS more suitable for future development of the BCR protocol.
CONCLUSION We have proposed a novel blockchain-based routing protocol for IoT networks, referred to as BCR, which can be enabled within a network of untrusted IoT devices. IoT devices can relay one another’s data packets to gateways in a decentralized manner. The proposed BCR protocol does not require a central authority to authorize, add, or remove IoT devices, or a secret key sharing mechanism as required by traditional centralized routing protocols. We evaluated the performance of our proposed protocol compared to the AODV using extensive experiments. Our results show that the BCR reduces the routing overhead by a factor of 5 compared to the AODV. It is also resistant to Greyhole and Blackhole attacks. The proposed routing protocol can also be applied to ad-hoc networks.
ACKNOWLEDGMENTS This work was supported in part by the Natural Sciences and Engineering Research Council (NSERC) of Canada under Grant RGPIN 1731-2013 and by the UBC PMC-Sierra Professorship in Networking and Communications.
A Blockchain-Based Contractual Routing Protocol for the Internet of....
263
REFERENCES 1.
G. Glissa, A. Rachedi, and A. Meddeb, “A secure routing protocol based on RPL for internet of things,” in Proceedings of the 59th IEEE Global Communications Conference, GLOBECOM 2016, pp. 1–7, USA, December 2016. 2. M. Bouaziz and A. Rachedi, “A survey on mobility management protocols in Wireless Sensor Networks based on 6LoWPAN technology,” Computer Communications, vol. 74, pp. 3–15, 2016. 3. “IOTA Whitepaper,” 2018, http://iotatoken.com/IOTA_Whitepaper. pdf=0pt. 4. D. Airehrour, J. Gutierrez, and S. K. Ray, “Secure routing for internet of things: A survey,” Journal of Network and Computer Applications, vol. 66, pp. 198–213, 2016. 5. J. W. Hui, “RFC 6553 - The Routing Protocol for Low-Power and Lossy Networks (RPL) Option for Carrying RPL Information in DataPlane Datagrams,” https://tools.ietf.org/html/rfc6553=0pt. 6. C. Deepa and B. Latha, “HHSRP: A cluster based hybrid hierarchical secure routing protocol for wireless sensor networks,” Cluster Computing, pp. 1–17, 2017. 7. P. L. R. Chze and K. S. Leong, “A secure multi-hop routing for IoT communication,” in Proceedings of the 2014 IEEE World Forum on Internet of Things, WF-IoT 2014, pp. 428–432, Republic of Korea, March 2014. 8. J. Duan, D. Yang, H. Zhu, S. Zhang, and J. Zhao, “TSRF: A Trust-aware Secure Routing Framework in Wireless Sensor Networks,” International Journal of Distributed Sensor Networks, vol. 10, no. 1, pp. 1–14, 2014. 9. X. Anita, J. Martin Leo Manickam, and M. A. Bhagyaveni, “Twoway acknowledgment-based trust framework for wireless sensor networks,” International Journal of Distributed Sensor Networks, vol. 9, no. 5, Article ID 952905, pp. 1–14, 2013. 10. “A Foundation for Improved Protection and Automation,” 2018, https:// www.cisco.com/c/dam/en_us/solutions/industries/energy/downloads/ bc-hydro-cisco.pdf. 11. N. R. Yerneni and A. K. Sarje, “Secure AODV protocol to mitigate Black hole attack in Mobile Ad hoc,” in Proceedings of the 2012 3rd International Conference on Computing, Communication and Networking Technologies, ICCCNT 2012, pp. 1–5, India, July 2012.
264
Blockchain Technologies and Crypto-Currencies
12. Y.-C. Hu, A. Perrig, and D. B. Johnson, “Ariadne: A secure on-demand routing protocol for ad hoc networks,” Wireless Networks, vol. 11, no. 1-2, pp. 21–38, 2005. 13. J. Zhou and J. Cao, “OSR: Optimal and secure routing protocol in multihop wireless networks,” in Proceedings of the 32nd IEEE International Conference on Distributed Computing Systems Workshops, ICDCSW 2012, pp. 187–193, China, June 2012. 14. A. Jain and B. Buksh, “Solutions for secure routing in mobile ad hoc network (MANET): A survey,” Imperial Journal of Interdisciplinary Research, vol. 2, no. 4, pp. 5–8, 2016. 15. M. Kassim, R. A. Rahman, and R. Mustapha, “Mobile ad hoc network (MANET) routing protocols comparison for wireless sensor network,” in Proceedings of the 2011 IEEE International Conference on System Engineering and Technology, ICSET 2011, pp. 148–152, Malaysia, June 2011. 16. S. Boora, Y. Kumar, and B. Kochar, “A survey on security issues in mobile ad-hoc networks,” IJCSMS International Journal of Computer Science and Management Studies, pp. 129–137, 2011. 17. L. Anderegg and S. Eidenbenz, “Ad hoc-VCG: a truthful and costefficient routing protocol for mobile ad hoc networks with selfish agents,” in Proceedings of the 9th Annual International Conference on Mobile Computing and Networking (MobiCom ‘03), pp. 245–259, ACM Press, New York, NY, USA, September 2003. 18. S. Zhong, J. Chen, and Y. R. Yang, “Sprite: A simple, cheat-proof, credit-based system for mobile ad-hoc networks,” in Proceedings of the Twenty-Second Annual Joint Conference of the IEEE Computer and Communications Society (INFOCOM 2003), vol. 3, pp. 1987– 1997, San Francisco, CA, USA, 2003. 19. Y.-C. Hu and A. Perrig, “A survey of secure wireless ad hoc routing,” IEEE Security & Privacy, vol. 2, no. 3, pp. 28–39, 2004. 20. C. Perkins, E. Belding-Royer, S. Das et al., “RFC 3561- Ad hoc Ondemand Distance Vector (AODV) Routing,” Internet RFCs, pp. 1–38, 2003. 21. Q. He, D. Wu, and P. Khosla, “SORI: A secure and objective reputationbased incentive scheme for ad-hoc networks,” in Proceedings of the 2004 IEEE Wireless Communications and Networking Conference, WCNC 2004, pp. 825–830, USA, March 2004.
A Blockchain-Based Contractual Routing Protocol for the Internet of....
265
22. B. David, R. Dowsley, and M. Larangeira, “MARS: Monetized Adhoc Routing System (A Position Paper),” in Proceedings of the 1st Workshop on Cryptocurrencies and Blockchains for Distributed Systems, pp. 82–86, Munich, Germany, June 2018. 23. H.-Y. Huang and M. Bashir, “The onion router: Understanding a privacy enhancing technology community,” in Proceedings of the 79th ASIS&T Annual Meeting: Creating Knowledge, Enhancing Lives through Information & Technology, p. 34, 2016. 24. A. Biryukov and I. Pustogarov, “Proof-of-work as anonymous micropayment: Rewarding a Tor relay,” in Proceedings of the International Conference on Financial Cryptography and Data Security, vol. 8975 of Lecture Notes in Computer Science, pp. 445– 455, Springer, Heidelberg, 2015. 25. R. Ananthapadmanabha, B. S. Manoj, and C. Siva Ram Murthy, “Multi-hop cellular networks: The architecture and routing protocols,” in Proceedings of the 12th International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC 2001), vol. 2, USA, 2001. 26. A. Kiayias, A. Russell, B. David, and R. Oliynykov, “Ouroboros: A provably secure proof-of-stake blockchain protocol,” in Proceedings of the Annual International Cryptology Conference (CRYPTO’17), vol. 10401 of Lecture Notes in Computer Science, pp. 357–388, Springer, Cham, 2017. 27. J. Garay, A. Kiayias, and N. Leonardos, “The bitcoin backbone protocol: analysis and applications,” in Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 281–310, 2015. 28. I. Eyal and E. G. Sirer, “Majority is not enough: Bitcoin mining is vulnerable,” in Proceedings of the International Conference on Financial Cryptography and Data Security, vol. 8437 of Lecture Notes in Computer Science, pp. 436–454, Springer Berlin Heidelberg, 2014. 29. V. Buterin, Ethereum: A Next-generation Smart Contract and Decentralized Application Platform, 2014, https://github.com/ ethereum/wiki/wiki/%5BEnglish%5D-White-Paper. 30. A. Kosba, A. Miller, E. Shi, Z. Wen, and C. Papamanthou, “Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts,” in Proceedings of the 2016 IEEE Symposium on Security and Privacy, SP 2016, pp. 839–858, USA, May 2016.
266
Blockchain Technologies and Crypto-Currencies
31. E. Androulaki, A. Barger, V. Bortnikov et al., “Hyperledger fabric: A distributed operating system for permissioned blockchains,” in Proceedings of the the Thirteenth EuroSys Conference (EuroSys ’18), pp. 1–15, Porto, Portugal, April 2018. 32. N. Szabo, “Formalizing and securing relationships on public networks,” First Monday, vol. 2, no. 9, 1997, http://ojphi.org/ojs/index. php/fm/article/view/548=0pt. 33. R. Hinden and S. Deering, “RFC 4291 - IP Version 6 Addressing Architecture,” pp. 13–15, 2006, https://tools.ietf.org/html/rfc4291=0pt. 34. R. Kaur and P. Singh, “Black hole and greyhole attack in wireless mesh network,” American Journal of Engineering Research (AJER), vol. 3, no. 10, pp. 41–47, 2014. 35. NS-3 Project, “NS-3 - Network Simulator - Tutorial - Release 3.29,” https://www.nsnam.org/docs/release/3.29/tutorial/ns-3-tutorial. pdf. 36. “EOS.IO Technical White Paper v2,” 2018, https://github.com/EOSIO/ Documentation/blob/master/TechnicalWhitePaper.md.
A Survey of How to Use Blockchain to Secure Internet of Things and the Stalker Attack
11
Emanuel Ferreira Jesus, Vanessa R. L. Chicarino, Célio V. N. de Albuquerque, and Antônio A. de A. Rocha Institute of Computing (IC), Fluminense Federal University (UFF), Niterói, RJ, Brazil
ABSTRACT The Internet of Things (IoT) is increasingly a reality today. Nevertheless, some key challenges still need to be given particular attention so that IoT solutions further support the growing demand for connected devices and the services offered. Due to the potential relevance and sensitivity of services, IoT solutions should address the security and privacy concerns surrounding these devices and the data they collect, generate, and process. Recently,
Citation: Emanuel Ferreira Jesus, Vanessa R. L. Chicarino, Célio V. N. de Albuquerque, and Antônio A. de A. Rocha, “A Survey of How to Use Blockchain to Secure Internet of Things and the Stalker Attack,” Security and Communication Networks, vol. 2018, Article ID 9675050. Copyright: © 2018 Emanuel Ferreira Jesus et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
268
Blockchain Technologies and Crypto-Currencies
the Blockchain technology has gained much attention in IoT solutions. Its primary usage scenarios are in the financial domain, where Blockchain creates a promising applications world and can be leveraged to solve security and privacy issues. However, this emerging technology has a great potential in the most diverse technological areas and can significantly help achieve the Internet of Things view in different aspects, increasing the capacity of decentralization, facilitating interactions, enabling new transaction models, and allowing autonomous coordination of the devices. The paper goal is to provide the concepts about the structure and operation of Blockchain and, mainly, analyze how the use of this technology can be used to provide security and privacy in IoT. Finally, we present the stalker, which is a selfish miner variant that has the objective of preventing a node to publish its blocks on the main chain.
INTRODUCTION Internet of Things (IoT) and Blockchain are considered emerging concepts and technologies. At the same time they transform concepts and create new possibilities, each in their respective scenarios, and there is an opportunity to create applications that can share the intrinsic characteristics of both, exploring how the IoT can benefit from the decentralized nature of the Blockchain. The IoT is a comprehensive term referring to ongoing efforts to connect a wide variety of physical things to communication networks. Currently, the Internet has not only conventional computers connected but also a significant heterogeneity of equipment such as TVs, laptops, fridges, stoves, electrical appliances, cars, and smartphones. In this new scenario, projections indicate that the Internet will have over 50 billion devices connected until 2020 [1]. Within the IoT domain, there are several types of applications, such as smart cities, smart healthcare, and smart home. At the same time that the IoT can provide us with valuable benefits, it also increases the risk of exposure to various security and privacy threats; some of these threats are new. Before the advent of the IoT, information leakage and denial of service were the most security threats reported. With the IoT, security threats go far beyond the theft of information or denial of service. These threats can now be potentially related to the real lives, including physical security. Other concerns are related to privacy. IoT brought with it an increase in the amount of personal information delivered
A Survey of How to Use Blockchain to Secure Internet of Things and....
269
and shared between connected devices. Although it is not a new demand or unique in this new scenario, privacy is an important element. Security solutions and privacy should be implemented according to characteristics of heterogeneous IoT devices. There is a demand for security solutions that are capable of providing equivalent levels of security for various types of devices and demands mechanisms capable of audit and access control in these environments. In this context that Blockchain also falls, because this technology can be used to authenticate, authorize, and audit data generated by devices. Also, because of its decentralized nature, it eliminates the need to trust in the third party and does not have a single point of failure. Blockchain (also known as “the protocol of trust”) is a concept that aims to decentralization as a security measure, has a function to create a global index for all transactions that occur in a given network, and makes them immutable. It works as a public, shared, and universal ledger. It creates consensus and confidence in direct communication between two parties, without any third party. We also can use Blockchain in supply chain, smart contracts, and digital identity management and in some other applications [3]. This paper aims to familiarize newly interested, as well as updating the readers who have some prior knowledge of Blockchain, and this includes the recent applications in security and privacy, and how their use can leverage the IoT. The approach offered will be a survey of the state-of-theart articles in which the Blockchain is used to provide some level of privacy and security to IoT and will present a variant of a selfish mining attack [4], which we call stalker. The stalker is a malicious mining that aims to block a specific miner to publish its blocks. We structured this paper into five sections. Section 2 will present the theoretical foundations for the understanding of the proposed solution. Section 3 shall submit all the working mechanisms of Blockchain. Section 4 describes some cases of use for Blockchain to provide security and privacy at IoT. Section 5 presents the stalker. Finally, Section 6 presents the final considerations and open questions.
THEORETICAL FOUNDATION This section presents an IoT overview, approaching the classifications and taxonomies proposed for your infrastructure and applications followed by
270
Blockchain Technologies and Crypto-Currencies
some common definitions in the security and privacy area and the main concepts needed to understand Blockchain vision.
Internet of Things The IoT covers the processing of data and the communication between devices of different platforms and capacities of autonomic, without human intervention. In recent decades, this term emerged as an evolution of the Internet and presented itself as a new technological and social paradigm. The IoT is considered an extension of the current Internet, and it provides computing and communication to connect objects to the Internet. The connection to the worldwide computer network will enable the remote control of objects and allow the objects to be accessed as services providers, making them smart objects. The first device connected to the Internet was presented in 1990 at INTEROP ’89 Conference by John Romkey. He created a toaster that could be turned on and off by the Internet, connecting the toaster to a computer with network TCP/IP. In September 1999, Ashton, founder and executive director of the Auto-ID Center, delivered a lecture to the Procter and Gamble, presenting the idea of using electronic tags in the company’s products, to facilitate the logistics of the production chain, through identification of radio frequency (RFID). To draw the executives attention, he placed in the title of the presentation the expression “Internet of Things.” For this reason, he is considered the term’s creator, to describe that objects can connect to the Internet, creating a more intelligent world. Ten years later, Ashton published an article where he introduced himself as the creator of the term [5]. From 2005, the discussion on the IoT became widespread, began to gain the attention of governments, and appear related to privacy and data security issues. In this year, the IoT became the agenda of the International Telecommunication Union (ITU), the United Nations agency for information and communication technologies, which publishes an annual report on emerging technologies. The term IoT gained popularity quickly, between the years of 2008 and 2010, due to maturity of Wireless Sensor Networks (WSN) [6] and advances in home and industrial automation. In this period, techniques to explore the various limitations of the devices emerged such as memory, power, scalability, and robustness of the network. On October 28 of 2008, Rob Van Kranenburg published the book “The Internet of Things,” which addresses this term under a new paradigm in which the objects produce
A Survey of How to Use Blockchain to Secure Internet of Things and....
271
information that should be stored and protected. This book is one of the major theoretical references about the IoT [7]. In 2011, Gartner Inc. included the term “Internet of Things” like an emerging technology in his Gartner Hype Cycle [8] that provides a graphic representation of the maturity and adoption of technologies and applications, and how they are potentially relevant to solving real business problems and exploiting new opportunities. Currently, there is not a single definition of IoT. However, several authors and institutions have contributed to the construction of his vision. Atzori et al. [9] described IoT as a variety of things or objects, such as tags for the radio frequency (RFID) identification, sensors, actuators, and cell phones. These devices interact with each other cooperating with its neighbors to achieving common goals. The author divides this visions into Internet-oriented (middleware), object-oriented (sensors and actuators), and semantics-oriented (the representation and information storage). Some relevant institutions have emphasized the concept that the IoT should focus mainly on “things,” and the way to its full implementation should begin with the increase in the things intelligence. Some definitions in the literature derived from this vision, one of them, a proposal by the research group in the IoT (European Research Cluster on the Internet of Things (IERC)). The IERC presents IoT as “a global network infrastructure and dynamic with capacities of autoconfiguration, based on communication protocols standardized and interoperable, where physical ‘things’ and virtual machines have identities, physical and virtual personalities and use intelligent interfaces, being integrated perfectly into the network” [10]. The ITU-T (Telecommunication Standardization Sector) proposed a model composed of four layers [11]:(i)Application layer: responsible for providing services to customers, for example, health monitoring and smart home.(ii)Application support layer: responsible for specific support, which meets the requirements of a particular application and generic, which are common and applicable to many applications, such as processing or storage. (iii)Network layer: responsible for relevant functions to control network connectivity, such as mobility management, authentication, authorization, and accounting, as well as transport management information related to IoT. (iv)Devices layer: represented by the devices and gateways contemplating its elements as processors, memories, firmware, sensors, and actuators and their features. Device features include the ability of devices to interact directly with the communication network; they are able to collect and send information directly, without using gateway capabilities, for network
272
Blockchain Technologies and Crypto-Currencies
communication. Gateway features include support for multiple interfaces, allowing communication of IoT devices, even though different types of wired or wireless technologies, such as ZigBee, Bluetooth, or Wi-Fi. This model includes management features and security features associated with the four layers. They are also categorized into generic and specific capabilities. Generic management features in IoT include device management, such as remote device activation and deactivation, diagnostics, firmware or software upgrades, device status management, network topology management, and traffic and congestion management. Generic security features include authorization, authentication, confidentiality, and application data integrity protection and signage and privacy protection. There are numerous and diverse applications for IoT. These applications permeate people daily life, businesses, and society as a whole, transforming the world into a smart world, which allows the computation to become “invisible” for the user, through the relationship between man and machine, making the world more efficient and effective [12]. Figure 1 shows an overview of the work of IoT:(i)Intelligent products: goods purchased by consumers, such as smartphones, smart house, smart car, smart TV, and wearables.(ii)Smart health: fitness and health care, for example, monitoring and controlling heart rate during exercise and monitoring the conditions of patients in the hospitals or their homes. The prevention of health problems becomes more effective with a real-time collection of information from our body and diagnoses become more accurate, with a patient profile that has long-term records.(iii)Intelligent transport: notification of traffic conditions, intelligent control of routes, remote monitoring of the vehicle, coordination of highways, and intelligent integration of platforms.(iv)Intelligent power distribution (smart grid): monitoring of energy installations, smart substations, power distribution, and remote measurements of residential power meters.(v)Logistics smart e-commerce: traceability, distribution, and inventory management.(vi)Smart industry: energy savings, pollution control, manufacturing safety, monitoring products life-cycle, tracking goods in the supply chain, monitoring of environmental conditions, and production control processes.(vii)Precision agriculture: quality management, environmental monitoring for production and cultivation, and production process management.(viii)Smart cities: structural monitoring, monitoring of vibrations and conditions of materials in buildings, bridges, and historical monuments. Electrical energy: street smart lighting. Security: monitoring, fire control, and alarm systems. Transport: smart roads with warnings, messages, and deviations in accordance with the climatic conditions and unexpected
A Survey of How to Use Blockchain to Secure Internet of Things and....
273
events such as accidents or traffic jams. Parking: real-time monitoring of the parking spaces availability. Waste management: optimizing the route of garbage collection with trash levels detection in containers.
Figure 1: Applications of IoT.
Fundamental Safety Principles Security and privacy are fundamental principles of any information system. We refer to safety as the combination of integrity, availability, and confidentiality. Typically it is possible to obtain security using a combination of authentication, authorization, and identification. These concepts are defined below [13]:(i)Integrity: it is the certainty that the information has not been altered, except by those who have the right to make these changes. In the Blockchain context, integrity provides the guarantee that transactions are immutable. Commonly, cryptographic mechanisms are used to check integrity.(ii)Availability: it ensures that users of a given system will be able to use it whenever necessary. In other words, the service is always active when requested by a legitimate user, and this requires the communication infrastructure and the database. The Blockchain achieves this objective by allowing users to establish connections with multiple users and to maintain the blocks in a decentralized way with various chain copies on the network. (iii)Confidentiality: it is the guarantee that the unauthorized persons will not obtain information. That is, only those with the rights and privileges will be able to access the information, whether it is in processing or transit.
274
Blockchain Technologies and Crypto-Currencies
To ensure this principle, the Blockchain uses mechanism for pseudoanonymization, like the use of hash functions to blind users identities. (iv)Authentication, authorization, and auditing: this seeks to verify the identity of who performs a specific function in a system, check what rights that user owns, and store usage information for that user. The structure of the Blockchain ensures these three functions, since only users who have the private keys can perform transactions, and all transactions are public and auditable.(v)Nonrepudiation: it guarantees that a person cannot deny an action in a system. The nonrepudiation provides evidence that a user performed a specific action such as transferring money, authorizing a purchase, or sending a message. As all transactions are signed, a user cannot deny that he has done it. The privacy can be defined as the right that an individual has to share their information. Users of Blockchain use a pseudonym (address) to perform their transactions. Usually, each user has hundreds of addresses. A transaction can be seen as a chain of signatures that prove the possession and transfer of values, so auditable way. One of the main concerns is that these transactions may disclose information from a user, such as buying habits and frequented locations or data usage. The concept of privacy in Blockchain consists in keeping the anonymity and the untying of transactions. The anonymity of transactions requires that it is not possible to link a particular transaction to a user; for this reason, the user uses a different address for each new transaction. Untying assumes that both Blockchain addresses and transactions are not bound to the actual identities of the users; once the data of these transactions are routed to a random set of points in the network.
Hash Functions and Encryption All the possession of resources and transactions on the network is made using the concept of keys and digital signatures. The keys used are generated by applying the concept of public key cryptography. A pair of keys is generated: a public key that can be shared and a secret that only the owner has access. The entire transaction requires a signature to be considered valid and to prove the ownership of the resources expended.
Hash Functions Hash functions are mathematical functions that generate a summary, a data fingerprint. When applied to a given dataset, it generates an output, which is
A Survey of How to Use Blockchain to Secure Internet of Things and....
275
unique (there may be two data sets with the same hash, but the likelihood of occurrence is extremely low). One of the most frequent uses for the hash is verifying data integrity. The hash output size depends on the algorithm used, but what is important is that it is always the same size, regardless of input size. Examples of hash algorithms are the SHA-256 and the RIPEMD160 [14]. The hash algorithms must have specific characteristics:(i)One way: it must be computationally very difficult to find the input from hash values. (ii)Compression: it is desirable that the hash size represents a small fraction of data.(iii)Ease calculation: the hash algorithm must not be costly to calculate the hash value.(iv)Diffusion: to hinder the reverse engineering of the algorithm, when one bit of input is changed, the hash result should be changed from a number of bits next to 50%.(v)Collision: it should be computationally difficult to find two inputs that generate the same hash.
Encryption Encryption is the set of techniques that transform intelligible information into something that an outside agent is unable to understand. Encryption systems work as follows: given a message and a key, the system generates a new ciphered message to be transmitted over unprotected channels, without running the risk of being understood by others who do not possess the decryption key. The system will only be complete if the encrypted message can be de-encrypted, usually through the same (symmetric) or another (public/private) key. It uses key pairs, one public and one private. The first to encrypt and the second to de-encrypt and vice versa; this is possible due to the use of some mathematical functions that have the property of being irreversible. The most mathematical functions used are prime numbers factorization (IFP, Integer Factorization Problem); elliptical curves (ECDLP, Elliptic Curve Discrete Logarithm Problem); and discrete logarithms (DLP, Discrete Logarithm Problem). The efficiency of an encryption scheme can be measured by considering the following:(i)Computational load: it measures the efficiency with which the algorithms can implement the changes with the keys.(ii)Key size: the NIST indicates the use of key pairs (public, private) with sizes, in bits, for each type of implementation: RSA (1088, 2048), DSA (1026, 160), and ECC (161,160). The ECC has a significant advantage in this aspect.(iii)Size of band: it matches the number of bits required to transmit a message, after encoding or signing. The paper [15] compared the ECC with the RSA and concluded that for the same security level ECC has a lower computational load, lower key size, and smaller size of the band. For
276
Blockchain Technologies and Crypto-Currencies
these reasons, Bitcoin has adopted the elliptic curves system as defined in a standard called secp256k1, established by the National Institute of Standards and Technology (NIST). For more information about elliptic curves, we recommend [16].
Digital Signature, Address, and Wallet A digital signature can be defined as an encryption of a document hash, using a private key to sign, and public key to prove who signed that document. The Bitcoin adopts the Elliptic Curve Digital Signature Algorithm (ECDSA) to perform signatures. It is a version based on elliptic curves. The difficulty of the logarithm does not allow third parties to sign a document without having the person private key. Thinking conversely, if it is impossible to forge the signature, then a valid signature cannot be refuted by the key owner. Usually, the process of signing a document is performed on its resume. An advantage of using these functions is that they always generate as output a few bits of the same size. The signature must be able to provide integrity, nonrepudiation, and authenticity. In the Bitcoin, the private key is obtained by generating a random number with 256 bits length, a public key by performing the multiplication of the private key by one point in the curve known as “generator point.” It is always the same for all users of Bitcoin and is defined in the specification secp256k1. The result of the multiplication of the private key by point generator is another point on the curve; this point is the public key. The nodes store only their private keys because they can generate the corresponding public key at any time. From this point, the node already has a pair of keys that can generate the address. The address, not to be confused with IP address, is a number obtained using the public key. It is used to tell the system which is the owner of that transaction because only those who possess the private key that generated that address can unlock the transaction value. The node must perform a double hash to generate the address, first using SHA-256 after RIPEMD160. Users of Bitcoin have keys that allow proving possession of transactions. These keys need to be stored, usually, in a digital wallet. The wallet has the function of generating the keys and stores them. There are two types of wallets: the deterministic and random. The deterministic wallets use one initial key, called a seed, to create the others through a hash function, and store only the first key, because all the others may be recalculated. The
A Survey of How to Use Blockchain to Secure Internet of Things and....
277
random must use an algorithm to generate random numbers with 256 bits. These numbers are the keys. This type of wallet needs to store all created keys.
Peer-to-Peer Network (P2P) The Blockchain network was developed to be a decentralized consensus network. A crucial point of Blockchain’s mentality is the decentralization. So a P2P network best fits its mentality, where all the network participants are equal, there is not a central node, and all are burdened to keep the network running. All nodes interconnect in an overlay network. A node can perform four functions: routing, database, mining, and wallet. A full node has all four functions, but all nodes have at least the routing function. A typical user, for example, that seeks only a payment way has only the wallet and routing. In this way, he can connect to a network and do transactions using a smartphone, without the need to store the entire chain of blocks. To enter in the network is necessary to know at least one node. Each node can start until 8 (Outbounds)connections and accept up to 117 (Inbounds) connections. The core of Bitcoin has recorded a list of some nodes, known as Seeders, which has the objective of delivering a list of other active nodes in the network, so that the new node can establish initial connections. All connections are TCP. The node performs a HandShaketo establish the initial connection. Once the node establishes one connection he sends a GETADDR message requesting a list of known neighbors IP addresses. Using this list, the node starts this process again to new neighbors, to become well connected. After the first time that the node is connected, it saves a list of all nodes that he has established connection recently on disk. So the node does not need the aid of Seeders on the next time he connects to the network. To store the addresses the nodes use two tables: a table of successful connections, where the information of all connections made, inbound and outbound, is stored; and a table of addresses provided by others nodes, requested or not. The former is called Tried Table and the latter New Table. (i)
Tried Table: it is formed by 64 containers that can store 64 addresses each. The containers are selected as follows: when the node is started, it chooses a random value SK and calculates (1)
278
Blockchain Technologies and Crypto-Currencies
where the group is the /16 prefix of the IP address. When a node establishes a connection, it maps the IP address of the new neighbor to a container. If the container is filled, the node then invokes a function to remove addresses from the container. We randomly chose four addresses and move the oldest to New Table. (ii) New Table: it is formed by 256 containers and each one holds up to 64 addresses. It is populated by addresses removed from the Tried Table, addresses provided by DNS Seeders, or ADDR messages, which are messages to inform new addresses to neighbors. Similar to the Tried Table, there is a function to map containers and a function to remove old addresses from containers. When a node needs to establish a new connection, he will choose an address from one of the two tables: Tried or New. For this, it uses the following formula, which gives the probability of choosing the Tried: (2) where is the ratio between the number of addresses stored is the number of initiated connections. in Tried on New and Besides ADDR messages the protocol specifies messages to exchange data, which are used for transactions and blocks dissemination. Some network nodes are simplified nodes, which have only routing and wallet functions. These nodes do not have a complete view of the network and need help from other nodes to do routine checks: for example, to receive a payment a node needs to know if the value received is valid. So, the protocol specifies that the full nodes can perform these checks and respond to simplified nodes. To do this, they provide an RPC (Remote Procedure Call) to help simplified nodes.
BLOCKCHAIN Blockchain’s concept begins to make clear that it goes far beyond technological innovation. It is having a significant impact, primarily by shifting the business way centrally to a decentralized form, conferring trustworthiness on unreliable agents transactions, without the need for an intermediate entity trusted by both. Besides, it can change the way of realizing all transactions types and enable a wide range of possibilities in other areas, such as Multi-Party Computation (MPC) [17], use in Decentralized Autonomous Organizations (DAC) [18], and government applications [19].
A Survey of How to Use Blockchain to Secure Internet of Things and....
279
It can divide its evolution into three stages [20]: Blockchain 1.0, 2.0, and 3.0. Blockchain 1.0 is the commercial use with money transfer, remittance, and digital payment systems, widely diffused by the use of Bitcoin and derivatives. Blockchain 2.0 is its use with contracts, the entire list of economic issues, market, and financial applications that use it in a more extensive way than simple cash transactions such as stocks, bonds, loans, mortgages, and smart contracts. Blockchain 3.0 refers to its use in applications beyond currency, finance, and markets, particularly in the areas of government, health, and science.
Blockchain Definition Nakamoto [21] (original Bitcoin developers nickname) introduced Blockchain as a mechanism to ensure auditability, immutability, and nonrepudiation to provide security to electronic transactions, serving as a giant distributed ledger. This mechanism is the main innovation introduced by Bitcoin. It represents a way to reach consensus among unreliable participants. Usually, institutions like banks or notary offices are responsible for the guardianship and security of the transaction record; they are called trusted third parties. The system proposed by Nakamoto eliminates the necessity of these entities, since all the registries are, besides public, maintained in a decentralized way by several participants of the network. Figure 2 is a network simplified view, where can observe the main functions that each node can use. It is an overlay network. An overlay network is a network that is built on top of another network, creating layers of network abstraction providing new applications or security benefits.
Figure 2: Bitcoin network overview.
280
Blockchain Technologies and Crypto-Currencies
In a simplified way, Blockchain is a data structure that stores transactions in an ordered way and linked to the previous block, serving as a distributed system of records. This structure is divided into two parts, header and transactions, and stores detailed information about the transactions it contains. So it can associate a transaction with its source and destination address. Each block has a unique ID generated from a cryptographic digest as explained in the previous section. The header has a field that stores the hash of the immediately preceding block so that we can establish a connection, a “link,” between the blocks. For this reason, this structure was called Blockchain (see Figure 3). Another feature of this connection is that this hash is a partial collision, which will be explained in more detail below; this process requires a tremendous computational power to find the correct hash. As each block references its predecessor, if we change one bit of the previous block, its hash will change, and consequently, it will be necessary to recalculate the hash of all descending blocks. For this reason, it is assumed that the existence of a long chain of descendants makes the block immutable, ensuring the security of the stored transactions.
Figure 3: Simplified block structure.
Block’s Structure The main parts of a block are the header and the transactions. Transactions are the data stored in the block. In turn, the header has several fields, of which the most important for its operation are hash of the previous block, difficulty, nonce, and the Merkle tree root. Besides these, it is also necessary to understand two metadata: block height and header hash, which are stored
A Survey of How to Use Blockchain to Secure Internet of Things and....
281
to identify the block and its position in the chain. These fields will be detailed below for Blockchain’s correct understanding.
Block Header (i)
(ii)
(iii)
(iv)
(v)
Height: the blocks are linearly included in the chain in chronological order, each new block receives an order number, the difference between the number of the last block and the first one is called height. This field is not always used to identify a block, as there may be momentarily two or more blocks with the same height. In this case, a fork occurs in the chain. Header hash: it is the principal block identifier. It is a cryptographic digest operation using the block header as input. It is not part of the block’s data structure and is also not sent over the network. Each complete node computes it upon receipt of a new block. After that, they store it in a separate database as part of the block metadata. Unlike the height, the header hash can be used to identify a block unambiguously. Hash of the previous block: this field is included in the header to allow the block connection with previous one. As we saw in Figure 3, block 236 has, in its header, the hash of block 235. The complete nodes store the block’s metadata. Thus, all nodes have the hash of block 235, as soon as block 236 is received by a complete node, it will check this field and determine that block 236 is the child of 235. Nonce: this is a number used as a variable to modify the header hash output. In conjunction with the difficulty field is used to prove that a miner has performed a work. If the difficulty imposes that the header hash starts with a sequence of three zeros, the miner will iterate the nonce until the header hash meets that requirement. Upon receipt of the new block, the complete nodes will calculate the header hash only once, to see if the nonce is valid. Difficulty: the difficulty is nothing more than a partial hash collision: that is, as previously described, a hash algorithm always generates the same digest for a given input. If a bit is changed from this input, the resulting hash will be completely different. So it depends on the computational power of the mining node to find a hash that satisfies this partial collision. The mechanism
282
Blockchain Technologies and Crypto-Currencies
used to generate the collision is the nonce. As it is a header field, the miner will change it until reaching the partial collision. When the difficulty is set to 1 bit (zero), it is sufficient to find a hash that starts with a zero and any value for the other 255 bits, that is, 2255 possibilities, will be considered valid. If set to 2 bits, the possibilities will be reduced to 254 bits or 2254, where 10 bits will be 2246 possibilities and so on. It is possible to observe that reducing the possible space of values that satisfy the collision implies a higher difficulty in finding a hash that satisfies the difficulty. Therefore, more computation is required, or more time of mining, and higher expense with energy. The method of adding new blocks to the chain is called mining, and the nodes that do the job of generating a new block are called a miner. The rate at which new blocks are included in the chain is defined by the developers of each Blockchain project. In the Bitcoin network a target of 10 minutes was established: that is, the difficulty is adjusted by all the complete nodes and miners so that, on average, every 10 minutes a new block is included in the chain. New miners are expected to join the network, and new, more powerful equipment is launched, so on average, the inclusion time of new blocks tends to decrease. To prevent new blocks from being included at intervals shorter than 10 min, the difficulty is adjusted by increasing the number of bits for the collision. Thus, as it will be harder to find the new hash, the inclusion time of new blocks will adjust until it is close to the 10-minute target. Each mining node independently recalculates the new difficulty every 2016 new blocks by performing the following mathematical calculation: (3) where NewDiff is the new difficulty calculated and OldDiff is the old difficulty in the Bitcoin network. (vi) Transactions: in Bitcoin, a transaction is a transfer of values. In a simplified way, it is a set of inputs (addresses from where the values will be taken) and outputs (addresses where the values will be sent). A node after creating a transaction sends it to all its neighbors. The nodes that received the transaction relay it to their neighbors and so on and so forth, so that the transaction reaches all the nodes of the network. When a miner receives the transaction, he will save it so that it is included in a next block that will be mined. When this block is included in the chain, the transaction becomes
A Survey of How to Use Blockchain to Secure Internet of Things and....
283
public and immutable. Transactions are signed with a public key system. To send a value to someone it needs to have the private key to sign the transaction, proving ownership of the value. It is also necessary to know the public key of the user that will receive the value, to encrypt the transaction so that only the holder of the private key, which matches the target public, will be able to decipher it. In this way, it is possible that the system is public and yet only whoever owns the transaction can use it. There are two other types of transactions in the Bitcoin network, the smart contracts, which will be explained better throughout the section, and the data storage called OP_RETURN. The OP_RETURN is a custom transaction used to store 40 bytes. This is enough for a SHA-256 checksum (32 bytes) with 8 bytes of prefix or for a shortened URL. It is addressed in the same way as a financial transaction. Multiple use cases exist, like proving existence of some file; transferring other types of assets than monetary value; and colored coins, other coins on top of Bitcoin. (vii) Merkle trees: a Merkle tree [22], or binary hash tree, is defined as a complete binary tree with a k-bit value associated with each tree node. The value of inner node is a one-way function of the values of its children. They are designed so that a leaf value can be checked against a publicly known root value by supplying the values of the corresponding pairs in the leaf path to the root. In Blockchain, it is used to efficiently summarize transactions. Using it, is necessary to produce 2*log2N, where N is the number of transactions. Therefore, it provides a very efficient process for checking whether a transaction is in a block. To build this tree, you must start with the leaves, which contain the transactions hash. As it is a full binary tree, in which all internal nodes have two children and all leaves are at same level, if there is an odd number of transactions to summarize, the last transaction hash will be duplicated to create an even number of leaf nodes. Then the leaves are grouped by two and their hash produces a parent node. The parent nodes are then grouped into pairs and experience the same process so that this process continues until there are no more pairs, thus generating a root node called the Merkle root, according to Figure 4. To prove that a transaction is included in a block, we just provide the path that the transaction will go through in the tree. This path consists of the complementary nodes with
Blockchain Technologies and Crypto-Currencies
284
the same height in the tree. This hash enables us to perform this scan quickly in the middle of thousands of transactions. This is particularly useful because to verify if a transaction is in a particular block, it is not necessary to request the entire block from the network, just the block header and the path to the transaction. As we saw earlier, a simplified node does not have the stored Blockchain. If this node needs to confirm a transaction, it needs the complete node help. For example, in Figure 4, each leaf corresponds to a transaction hash. The gray values correspond to the path to prove that this transaction is on the block. To prove that transaction 3 is on the block the complete node will send the block header and the hash(4), hash(12), and hash(5678) to simplified node. With this data, it is possible to calculate the Merkle tree root and compare it with the Merkle root value on the block header. The simplified node will calculate the hash(3), which together with the hash(4) will calculate the hash(34). Take the value of the hash(12) and get the hash(1234) and finally use the hash(5678) to calculate the root whose value is hash(12345678).
Figure 4: Merkle tree.
Mining Mining is the process responsible for updating Blockchain, whereby some particular nodes, called miners, include transactions in a block and generate a valid header for those transactions. The miners spend much energy to perform the proof of work, which is why they need to be rewarded. The
A Survey of How to Use Blockchain to Secure Internet of Things and....
285
first transaction of the block is always a special transaction called Coinbase. It has two purposes, to include new coins in the system and reward the miner. In the Bitcoin network, mining has two purposes. First, include new currencies into the system and secondly protect the transactions made. To generate this heading, the miners must calculate the Merkle tree of the transactions, check the difficulty established, including the timestamp, and perform a series of calculations in order to find a nonce that satisfies the difficulty in force. This process will describe the importance of the difficulty and how it adjusts automatically, as well as showing a step-by-step process of the mining process. Mining consists in generating a new block. For this, the miner first creates a “draft” of a block. It is in this draft that it will work until it gets a viable block to be sent to all nodes in the network. The draft is the data structure that will hold the header data and the transactions. After creating this blank structure, the miner fills in some header fields: hash from the previous block, timestamp, version, and difficulty. The miner then also calculates the root of the Merkle tree and the nonce and groups the transactions. Transactions, when generated by a given node, flood the network, sending via broadcast to all neighboring nodes and these nodes forward to their neighbors, and so on and so forth. When miners receive a message with a transaction, they store these transactions in a database of transactions that have not yet been mined. Transactions remain temporarily in a sort of priority queue, based on fee taxes and arrival time, until they are removed to be included in a new block. Each miner has a different queue of transactions and can select which transactions it will include in that new block. After selecting which transactions to include, it will generate a Merkle tree and include the value of its root in the header. Now it is missing the value of the nonce that will be part of the new block; this is the time-consuming stage of the process, requiring a tremendous computational power from the miners and consequently a considerable energy expenditure, as explained in the previous section. Currently, devices that specialize in calculating hash are marketed; these devices reach the 9TH/s mark: that is, they can calculate nine trillion hashes per second. To have an idea of the time to find a valid hash, with this equipment and the current Bitcoin network difficulty, it would take 13 years to find a valid hash. For instance, to find the nonce that produces a valid hash for “Security and Communication” with the target difficulty of “000,” the hash has to start with 12 bits zero in sequence. To make this possible, a nonce is concatenated
286
Blockchain Technologies and Crypto-Currencies
with the message “Security and Communication,” and a hash function is applied to it (e.g., sha256 “Security and Communication Network + nonce”). The nonce is incremented after each failure until a valid hash is found. An example result is as follows: (i)Nonce: 1969 (ii)Hash: 000575dece1b23c16ebac44a9ed2a73eaded96980c0d9d1292c4e0636776f917 In this example, the hash function applied of the message concatenated with the nonce 1969 generates a hash value that meets the target difficulty. It is important to note that there are other nonce values that generate valid results, such as 8715. From this point on, anyone with the same hash implementation can compute the hash of “Security and Communication Network +1969” and compare it with the provided hash, thus demonstrating that the result is valid. The draft is complete when the nonce is found and therefore a new block is ready to be sent to all other nodes. They receive, validate, and then propagate the new block. Upon receiving a new block, all nodes initiate a series of checks to validate the block and to reach a consensus in the case of bifurcations (“forks”). As soon as the block is disseminated in the network, each mining node adds it to its own chain, extending it to a new height. As the mining nodes receive and validate the block, they stop their efforts to find a block of the same height and immediately begin computing the next block. We will see in Section 3.4 that the mining process is crucial to the consensus mechanism. Full nodes only accept new valid blocks, and the miners remove the validated transactions from temporary queue. In this way, a distributed mechanism for synchronizing the nodes is implemented.
Consensus and Proof of Work The Blockchain does not have a central authority. Blocks are created independently by network miners. The nodes using information transmitted through insecure connections can reach the same conclusion and fabricate the same public record as all other nodes, achieving a global consensus. The complete nodes store the entire chain with the blocks that have been validated by it. When several nodes have the same blocks in their main chain, they are considered to have reached consensus. This subsection describes the validation rules of each block and how consensus is reached and maintained. We also explain some other consensus mechanisms that
A Survey of How to Use Blockchain to Secure Internet of Things and....
287
are currently used. The consensus mechanism consists of two steps: block validation and the most extensive chain selection. These two steps are performed independently by each node. The blocks are broadcast on the network, and each node receiving a new block retransmits it to its neighbors. But, before this retransmission, the node performs a block validation to ensure that only valid blocks are propagated. There is an extensive checklist to follow including the following: • Block structure • Verifying if the header hash meets the established difficulty • Block size within projected limits • Verification of all transactions • Checking the timestamp By definition of Blockchain, each block has only one parent, but there may be a situation where one or more miners generate new blocks almost at the same time, causing one or more children to have one parent. In this case, it is understood that a fork, a bifurcation, occurred in the chain. The last consensus mechanism step is to select which of these blocks will be part of the main chain and which will be discarded. This is possible because of the proof of work, which will be discussed in this section, fundamental to the consensus mechanism adopted because, as we saw earlier, to generate the block, miners spend much energy in search of a valid block. Since it is possible for bifurcations to occur, the nodes store the blocks without a parent (orphan) (Rare and temporary situation) and maintain two chains, one main and one secondary. Orphan blocks occur when two blocks are generated in short time frames and arrive in reverse order: that is, a block has been received and does not refer to a block in the chain. It is stored for a period; if the node receives a block that is the parent of the orphan, it will be included in the chain in its correct order. Note that in this case there was no bifurcation; the blocks were only received out of order. As there are several miners generating blocks in a decentralized way, the new blocks sent by them can reach different nodes at different times, which can result in different views. When two miners generate blocks with reference to the same parent the fork occurs, and the other miners must choose which block they will adopt as a reference. If one part of the miners adopts one block and another part adopts the other, these two chains will coexist until one becomes larger than the other. To resolve this situation, nodes that behave honestly, according to the consensus mechanism, will
288
Blockchain Technologies and Crypto-Currencies
always adopt the largest chain and the fork will be solved. The mainstream is the most extensive chain, the one where there is the highest amount of work accumulated. In Figure 5, the gray blocks branched out of the main chain; as they reached a higher height, they became the main chain. White blocks 127, 128, and 129 are discarded, and their transactions are considered unconfirmed and should be included in other blocks in the future.
Figure 5: Fork.
One of the most common concerns for digital coin systems is the possibility of double spending when one malicious user spends the same value on two different transactions in the chain. Note that a bifurcation is necessary to cause a double expense attempt because if the expense occurs in the same chain when the new block is created, it will not pass in the initial checks of consistency and will be discarded. With the fork, the malicious user makes an expense and sends it to the network, spends the same amount again elsewhere, and starts mining on that expense. In this way, there is the possibility that he can mine a block and perform the fork. From this moment, the network will be divided, and as previously mentioned, there will be a race that will be won by the biggest chain. One of the transactions will be discarded, and the double spend will be rejected. As one of the strings will be accepted by the network and the other discarded, eventually the double expense will be detected. It is usually accepted in the Bitcoin network that a transaction is considered confirmed when there are six new blocks with a higher height than yours because it will take much effort to change it. An attack scenario against the consensus mechanism is called the “51% attack.” In this scenario, a group of miners, controlling a majority (51%) of the total hash power of the network, conspire to attack Bitcoin. With the ability to mine most blocks, attacking miners can spawn deliberate bifurcations in Blockchain, generate double-spend transactions, or perform denial of service attacks (DoS) against specific addresses or transactions. A bifurcation attack or double-spend attack is an attack where the attacker causes already confirmed blocks to be invalidated by bifurcating a level below them, with a later reconvergence in an alternate chain. With enough power, an attacker can invalidate six or more blocks in a sequence, invalidating transactions that were previously considered immutable (with six acknowledgments).
A Survey of How to Use Blockchain to Secure Internet of Things and....
289
Note that double spending can only be done on the attacker’s transactions, for which the attacker can produce a valid signature. Making a double spend of the transaction itself is profitable when, by invalidating a transaction, the attacker can receive an irreversible payment or product without having to pay for it. Achieving consensus in a distributed system is a challenge. Consensus algorithms must be resilient to node failures, network partitioning, message delays, and messages that arrive out of order and corrupted. They also have to deal with selfishly and deliberately malicious nodes. Several algorithms have been proposed to solve this, each realizing the set of necessary assumptions regarding synchrony, message transmissions, failures, malicious nodes, performance, and security of the exchanged messages. For a Blockchain network, achieving consensus ensures that all nodes in the network agree on a consistent global state of the Blockchain. According to [23, 24], a consensus protocol has three fundamental properties by which its applicability and effectiveness can be determined:(i) Security: a consensus protocol is determined to be secure if all nodes produce the same result (agreement) and the results produced by the nodes are valid according to the protocol rules (validity); this is also referred to as shared state consistency.(ii)Liveliness: a consensus protocol guarantees the liveliness if all the nodes that follow the protocol, eventually, produce a value (termination); that is, if a node generates a transaction and sends it to all nodes of the network at some point a miner will include it in one block. (iii)Fault tolerance: ability to continue to operate and reach consensus, correctly, even after the failure of some network nodes. The impossibility result of Fischer Lynch Paterson (FLP) states that a deterministic asynchronous consensus system can have at most two of these three properties. This is a proven result. Any consensus system distributed on the Internet should sacrifice one of these properties [25]. Most of the existing Blockchain platforms, more than 90% of the total market capitalization of digital currencies, use the consensus mechanism, in its original and computationally expensive form, which is proof of work. However, there are a number of other mechanisms that offer certain desired advantages over the original model: for example, the proof of stake (PoS) [26], practical Byzantine fault tolerance (PBFT) [27], and the proof of elapsed time (PoeT) [28] appear as other and will be briefly explained below: (i)
Proof of work: the main idea of proof of work is to try to avoid cyberattacks. A system is used where the user must prove that
Blockchain Technologies and Crypto-Currencies
290
(ii)
he has spent some time to find some answer that satisfies some requirement that the verifier asks for, to achieve that goal. The task of finding such an answer is based on two principles. Firstly, PoW has to be difficult and laborious, but not impossible; and secondly, the verification of that evidence should be much faster and easier to perform. This concept was first proposed by Back [29] and is used by several test systems and also by Bitcoin. In Bitcoin, when a transaction is initiated, the transaction data is fitted into a block with a maximum capacity of 1 megabyte and then duplicated across multiple nodes called miners on the network. The miners verify the legitimacy of the transactions in each block. To carry out this verification, the miners need to solve a computational puzzle, known as the proof of work problem. The first miner to decrypt each block transaction problem gets rewarded with coin. Once a block of transactions has been verified, it is added to the Blockchain. The PoW is generated as follows: the sender adds an arbitrary number to the message (called a nonce) and applies a mathematical hash function to the message. The SHA-256 [30] is used by Bitcoin. The goal is to find an answer with a number of advanced zeros that meets the network’s current difficulty target (cf. Section 3.2.1, difficulty bullet point, and Section 3.3). He repeats the procedure by varying the nonce until he finds this answer. As it is relatively difficult to find such an answer, upon receiving the message, every user will be able to verify that there has been a great effort by the sender to generate it. When deciphering the problem, the miner generates a new block. The difficulty of the proof of work is adjusted every 2016 blocks, to generate on average one block every ten minutes. PoW’s security is based on the principle that no entity should collect more than 50% of the network’s processing power because that entity can effectively control the system by manipulating the longer chain. Proof of stake (PoS): PoS is a category of consensus algorithms for public Blockchains that depend on a validator’s economic stake in the network. Its concept states that a node can mine or validate block transactions according to how many coins it holds; this means that the more currency owned by a miner, the more mining power it has. PoS is a proposed alternative to replace the PoW that requires a great deal of computing power to run different cryptographic calculations to unlock its computational
A Survey of How to Use Blockchain to Secure Internet of Things and....
291
challenges. The PoS solve this issue by attributing mining power to the proportion of coins held by a miner. Thus, instead of utilizing energy to answer PoW puzzles, a PoS miner is limited to mining a percentage of transactions that is reflective of his or her ownership stake. The creator of the next block is chosen in a probabilistic way, and the chance of a node being chosen depends on its “wealth” (i.e., possession). In PoS encryption, blocks are usually validated rather than mined, and it works in this way: the Blockchain keeps track of a set of validators, and anyone who holds cryptocurrency can become a validator by sending a special type of transaction that locks up their cryptocurrency into a deposit. The process of creating and agreeing to new blocks is then done through a consensus algorithm that all current validators can participate in. There are many kinds of consensus algorithms implementation and one of this is the chain-based proof of stake. In chain-based proof of stake, the algorithm pseudo-randomly selects a validator during each time slot (e.g., every period of 10 seconds) and assigns that validator the right to create a single block, and this block must point to some previous block (normally the block at the end of the previously longest chain), and so over time most blocks converge into a single constantly growing chain. Several different selection methods were planned. Nxt [31] and BlackCoin [32] use randomization to predict the next block generator, using a formula that looks for the lowest hash value in combination with the size of participation. Since bets are public, each node can predict, with reasonable accuracy, which account will gain the right to validate a block. (iii) Practical byzantine fault tolerance (PBFT): the function of a consensus protocol is to maintain the order of transactions in a network of block strings, despite the threats to that order. One of these threats is the simultaneous arbitrary failure, one of Byzantine fault types, of multiple network nodes. Using PBFT, a network of Blockchain nodes can tolerate faulty nodes up to f, where f is a known arbitrary fraction of the total number of nodes, with a state machine replicated on different nodes (a replica being defined as primary). The PBFT algorithm works as follows: a. A client sends a service request to the primary machine. b. The primary replicates the request for the backups. c. Replicas execute the request and send responses.
Blockchain Technologies and Crypto-Currencies
292
d. The client waits for f+1 identical responses from different replicas to consider a correct result. As the total number of nodes needs to be known, the PBFT is not suitable for public systems and is only used in private systems. A PBFT network ensures data consistency and integrity when Byzantine failures occur in up to 1/3 of network nodes. For example, using PBFT, a Blockchain’s network of nodes N can support f number of Byzantine nodes, where f=(N-1)/3. In other words, PBFT ensures that a minimum of 2*f+1 nodes reach consensus on the order of transactions before attaching them to the shared ledger. The rule 2*f+1 has the following implications: We need a minimum of 2*f+1 nodes to reach a consensus before proceeding to the next block. The ledger on any additional node (beyond 2*f+1) will be temporarily delayed. This delay in synchronization of the general ledger shared across all nodes is an unavoidable limitation on any PFBT network. (vi)
Proof of elapsed time (PoET): a consensus algorithm, designed by Intel. PoET uses a random election model of a leader, who will validate or mine the blocks. It essentially works as follows: there is a specialized hardware for generating a random time value. Each validator or miner requests a timeout for this hardware. The validator with the shortest waiting time for a given block is elected the leader and waits this given time to validate the block. After this, the block will be included in the chain and the process repeats itself. This model is proposed for use in private Blockchains since in theory, the validators are honest. PoET uses these features to ensure the security and randomness of the leader election process, without requiring an expensive investment in energy; it occurs in PoW. The PoET leader election algorithm meets the criteria for a good lottery algorithm and the probability of election is proportional to the resources contributed (for example, processing power). Randomness in generating waiting times ensures that the leader function is evenly distributed among all validators. The low cost of participation makes it feasible the participation of large numbers of validators, increasing the robustness of the consensus algorithm. A disadvantage of this algorithm is the specific hardware dependency.
A Survey of How to Use Blockchain to Secure Internet of Things and....
293
Blockchain Categories Based on Data Access Blockchain can be classified based on data access and participation of the consensus mechanism on any proposed changes in its ledger as follows:(i) Permissionless Blockchain (public): the consensus mechanism is open to all. The purpose of a chain without permission is to allow anyone to contribute data. This creates the so-called censorship resistance, which means that no actor can prevent a transaction from being added to the chain. Participants maintain chain integrity by reaching consensus on their status. Anyone can join the network and participate in the block verification process to build consensus and also create smart contracts. Having a system without permission implies that there may be no trust between nodes, so a strongly distributed consensus mechanism must be enforced. In such a system, there is the possibility of a Sybil attack [33], where a network node tries to appear as several distinct nodes creating a large number of pseudo-identities. A disproportionately large influence by a single node is a threat, so the introduction of PoW in transaction validation is logically justified and necessary.(ii)Permissioned Blockchain (private): participants in the consensus process are preselected. When a new record is added, the integrity of the ledger is verified by a consensus process conducted by a limited number of trusted actors; this makes keeping a shared record much simpler than the consensus process without permission. Allowed Blockchain provides highly verifiable data sets because the consensus process creates a digital signature, which can be seen by all parties. The features that derive from reliable systems may open the possibility of avoiding a computationally demanding consensus protocol such as PoW. Many projects were started to do Blockchain more popular and viable for different business models and applications, leveraging existing categories. Table 1 summarizes the key features of some Blockchain-based applications. Bitcoin and Ethereum [34] are examples of Blockchain permissionless and Hyperledger [35] and Ripple [36] are examples of permissioned Blockchain. It is possible to check a critical difference between these two categories which is the underlying mining model. Blockchains permissionless use the PoW where the power of hashing is offered to create trust. Permissioned Blockchains do not need to use computational energy-based mining to reach consensus. Since all actors are known, they end up using consensus algorithms like PBFT that can be used to achieve consensus without PoW mining, leading to a block processing time much lower compared to Blockchain’s time permissionless, being practically considered realized in real-time.
294
Blockchain Technologies and Crypto-Currencies
Table 1: Comparison between Blockchain systems
CASES OF USE FOR PROVIDING SECURITY AND PRIVACY AT IOT USING BLOCKCHAIN The devices in the IoT collect, generate, and process data and send this information via the Internet, producing a considerable mass of information to be used by various services. Despite the benefits, critical issues related to privacy may emerge. The Blockchain can play a crucial role in the development of decentralized applications that will run into billions of devices. Understand how and when this technology can be used to provide security and privacy is a challenge, and several authors point out these problems [37–39]. The authors have been discussing the applicability of connecting Blockchain and IoT, specifically regarding the following issues:(i)Typical IoT devices have limited capabilities.(ii)Transaction costs might inhibit interactions.(iii)IoT endpoints are often sleepy.(iv)IoT generated information might need to be kept private. Therefore, there is need for investigating when both technologies can be applied appropriately. In that sense, the literature [9, 37, 39–43] has been addressing the following:(i)A cost-effective Blockchain that fits lowcapability devices(ii)Micropayments between sensors for paying for data(iii) Computation and knowledge extraction from sensitive data(iv)Integration on smart homes, smart cities, or enabling shared economy All of the above discussion is about applicability and solutions for connecting Blockchain and IoT. In this way, it becomes necessary to know the main weaknesses to which Blockchain is exposed and to keep it in mind when developing new applications. In this section, we will explore how Blockchain can be used to benefit security applications for the IoT. Such as decentralized applications which enable the smart objects to interact with security, establish payments mechanisms [44], create public key infrastructure (PKI) services [45, 46], perform Multiple Secure Computation (MPC) [17], support Smart Ambient
A Survey of How to Use Blockchain to Secure Internet of Things and....
295
[43], and provide privacy in storage systems [47]. Also, we will describe how the block propagation latency and the block rate [48] may influence the safety of the consensus mechanism and present the most common attacks discussed in the literature, such as selfish miner [49, 50]; double-spend [48]; and Eclipse [51]. Finally, we will introduce the stalker attacks.
Use of Blockchain to Provide Anonymity and Access Control to IoT Providing privacy remains a challenge for IoT, since “things” spread sensitive personal data and reveal the behavior and preferences of their owners. Developing IoT applications that use an existing and stable Blockchain is one of the proposals [37, 52], in which PoW and a large number of honest miners would guarantee integrity and privacy. Firstly, it is worth mentioning that the anonymity provided by the use of Blockchain is not absolute, so it is commonly called pseudo-anonymity. It is possible, in certain circumstances, to deanonymize the transaction owner or its IP address. To deanonymize transactions there are some specific techniques, according to [37]which can be divided into four types:(i) Multiple entries: in some cases to realize a certain transaction is necessary to gather balance from various accounts. In other cases, it is needed to save the total wallet balance in a single account. It is possible to carry out the transfer of lowers balance to a single account; this procedure is called multiple entries transaction; to accomplish this transaction, it is necessary to have the private keys of each input. So, we can assume that all accounts belong to the same user. From this moment we can associate the addresses to a user. This approach was used in [53–55].(ii)Change address: by protocol definition, it is mandatory to spend all balance associated with a given key. If the value of the transaction is less than the balance assigned to the key, this transaction will generate change. The change value has to return to the owner. This is done by indicating the change as an output to himself. If a node always uses the same address to receive the change, we can associate this address with input addresses and describe exactly all user’s expenditures. Also, it is possible to correlate with secondary sources of information such as social networking sites. These are the approach used in [53–55], to deanonymize transaction and users.(iii)IP association: the Bitcoin is an overlay network on the Internet. Most network’s messages are transmitted in BROADCAST to direct neighbors of each node. Many neighbors allow a node to extract some network’s knowledge, as its topology, which are the nodes miners,
296
Blockchain Technologies and Crypto-Currencies
node’s location, and their IP address. In [56], the author listens to network traffic and uses a clustering algorithm and was capable of associating the IP address with the user.(iv)Use of centralized services: users, for various reasons, do not save and manage their private keys, delegating this function to outsourced services. Some authors [54, 57] think this is a privacy risk. These outsourced services can leak identities or resources. Even more, they can use the resources of all user’s balances. According to [37], extra care is needed to mitigate these problems. The IoT devices must always be configured to use a different address to receive change, always generate a new address for each receiving resources, and do not use outsourced services. These measures are not sufficient to provide total anonymity but will give a degree of security to preserve identities. We can also use the Blockchain in data storage and to provide access control. Suppose that a presence sensor wants to save daily history in the Blockchain. It will generate a transaction with the data to be stored and will sign this transaction, so everyone will know which sensor produced this data. The sensor will indicate as transaction output the public keys with the right to data read. It sends this transaction to network miners, which authenticate and include it in the next block. As the Blockchain is public, all users have access to transactions and know that a particular user has the right to read the history produced by the presence sensor. However, only those who have the private keys will be able to read the daily history which was released by the sensor. Ouaddah et al. [52] proposed the FairAccess, a framework, which uses the Blockchain to enable users to control their data. He reuses the code of Bitcoin and introduces some new types of transaction used to provide data access control, such as “grant” and “revoke” access. The model has some actors: the shared resource; the resource owner; and the users. The transactions are used to provide access control, and the Blockchain uses it for storing and reading the permissions. The authors did a proof of concept with a Raspberry Pi and a camera (“the resource”). The owner controls resource access through transactions. So, to grant access to a user, it makes agrant access transaction specifying a user who has the right to access the camera, as if he were selling a product using Bitcoin. One miner will include this transaction in the Blockchain. From this point, the user will directly access the resource, so it will verify in the Blockchain if there is a transaction that ensures his access, in which case the user will be able to use the camera. One of the main criticisms to storage in the Blockchain is the use of data
A Survey of How to Use Blockchain to Secure Internet of Things and....
297
structures that were not designed to store large amounts of information. Thus, if we use the block for this purpose, we will get several copies of the same file in the network. To use the security provided by Blockchain, Zyskind et al. [47] combined the use of data storage outside of the chain with the access control in the chain of blocks. The storage uses a DHT (distributed hash table), where there are a set of nodes, selected beforehand, responsible for maintaining it. The data is replicated efficiently to ensure high availability. No node has the entire file. The Blockchain is then used to manage where these data is, and who has access to them. For this reason, two new types of transaction are generated, one to provide access control and another to control the data distribution in the DHT. As the Blockchain has no central point of failure and is not governed by a single entity, it enables a new class of applications and decentralized services, for example, a DNS root server or an enterprise root certification authority. These benefits have motivated Ali et al. [46] to use the Blockchain to build a new decentralized PKI and an identity system, called Blockstack ID. The Blockstack decouples the name record and property from the availability of associated data, separating the control and data. The control plane defines a protocol for name registration, creating links (name, hash). The control plane consists of a block and a layer logically separated from the control plane, being responsible for the storage. All data stored shall be signed by the name owner key.
Use of Blockchain on Economic Scenarios to Ensure Electronic Transactions in IoT The IoT future is to become a network of autonomous devices that can interact with each other and with their environment, making intelligent decisions without human interaction. In this place, the Blockchain can help leverage the IoT and form a foundation that will support the shared economy, based on machine-to-machine (M2M) communications. There is a vast set of proposals, prototypes, and proofs of concept which pointed out how IoT can take advantage of the Blockchain qualities and use it to trade goods and data [2, 41, 42, 58–61]. Blockchain technology can provide a way to track the unique history of each device, recording data exchange. It can also allow intelligent devices to become independent agents that autonomously conduct a variety of transactions. Applications for IoT can use Blockchain benefits: reliable, fast, and without intermediaries transactions; absence of single point of failure; trust in the predefined
298
Blockchain Technologies and Crypto-Currencies
rules execution; and transparency and immutability. Sun et al. [58] say that Blockchain will support all transactions processing and coordination between devices. Each device will manage its roles and behaviors, resulting in the Internet of Decentralized, Autonomous Things. In [42], the authors described a prototypical implementation of data exchange by electronic money, between a sensor and a client, using the Bitcoin network. The system is composed of three parts:(i)IoT device: it needs to fulfill the following tasks: write a data request when receiving payment, it can create and publish a transaction containing the requested data.(ii)Client: it needs to be able to send payment to the sensor and must monitor changes in the Blockchain to detect the transaction with the data sent by the device IoT.(iii)IoT device repository: it is a local where sensors are registered and may be found by clients. An entry in the sensors repository must contain at least the sensor address, what data he offers, the price, and additional metadata like the location. In [2], the authors propose an architecture for electronic commerce explicitly designed for IoT devices, based on the Bitcoin protocol. Distributed Autonomous Corporations (DAC) was used as a transaction entity to deal with data from IoT devices. In this model, the users can negotiate with DACs, using cryptocurrencies. As shown in Figure 6, there are four proposed layers for the IoT e-commerce model, which are basic technical layer, infrastructure layer, content layer, and exchange layer. The basic technical layer includes the module of the goods classification mechanism, the credit algorithm module to manage the portfolios, and the Blockchain Bitcoin module, which was the cryptocurrency adopted by the project. The infrastructure layer contains the IoT information service platform and the smart contracts platform. The content layer includes two parts: participant entities and IoT commodities. Entities consist of DACs and human beings. DACs run automatically without human interference, and each DAC can buy products from other DACs as customers; meanwhile, everyone can issue their own IoT commodities. Commodities are smart properties and data collected from sensors. The smart properties can be works of art, durable goods such as cars, homes, and energy as electricity, water, gas, and oil that can be controlled and quantified by digital devices via electronic keys or access control systems. The exchange layer includes the P2P transaction system that is at the core of IoT’s business model along with the chosen cryptocurrency that is Bitcoin.
A Survey of How to Use Blockchain to Secure Internet of Things and....
299
Figure 6: Business model for IoT using Blockchain. Adapted from [2].
Some proposals addressed the use of Blockchain for the functionality of economic transactions for IoT, including the following:(i)ADEPT [59]: automated decentralized P2P telemetry is a decentralized IoT system created by a partnership between IBM and Samsung that uses elements from Bitcoin to build a network of distributed devices, allowing billions of devices to transmit transactions to each other and perform self-maintenance, providing secure identification and authentication. The ADEPT uses the Blockchain to provide the system backbone, using a mix of proof of work and proof of stake for secure transactions. This platform was tested in several scenarios, including one that involves a smart washing machine that can automatically buy and pay for detergent with Bitcoin or Ether and can negotiate the best price of cleaning products based on the owner preferences. This washing machine uses smart contracts to issue commands to a detergent reseller when it needs supplies. These contracts provide the device the ability to pay for their own order and receiving a message from the dealer that the soap was paid and sent; then the washer owner’s smartphone receives this information.(ii)Filament [41]: it is a system designed to allow devices have unique identities and can discover, communicate, and interact autonomously with each other. Also, the devices involved can directly exchange value. For example, they could sell data about environmental conditions for a forecasting agency. The goal is to create a directory of
300
Blockchain Technologies and Crypto-Currencies
smart devices that allow the IoT Filament devices to communicate securely, send microtransactions, and execute smart contracts. The Filament uses five technologies: blockname; TeleHash; smart contracts; Pennybank; and BitTorrent. Devices can create a unique identifier that is stored in a built-in chip and recorded in the block. The TeleHash, in turn, provides encrypted communications from end-to-end devices, and BitTorrent allows the file share. The smart contracts are responsible for dealing with the payments for the devices use. The Filament uses a protocol based on the Bitcoin for microtransactions, called Pennybank. Due to specific restrictions of IoT devices, the Pennybank creates a warranty service between two devices IoT, allowing them to settle transactions when they are online.(iii)Watson IoT platform [60]: this platform from IBM allows IoT devices to push data into a private Blockchain. All business partners, who have this Blockchain, can access and provide the device’s data without a central management. Each transaction can be checked, avoiding disputes and ensuring that each partner is responsible for their roles in the global transaction. They provide a Blockchain network infrastructure that replicates the data to the device and validates the transaction through smart contract insurance. The Watson platform offers APIs that translates the device’s data into the contract format. (iv)IOTA [61]: it is a cryptocurrency explicitly developed for the selling of data from devices IoT. Instead of using a global Blockchain, the IOTA uses a DAG (Directed Acyclic Graph), the edges are the transactions, and the weights the number of times were confirmed. The main idea is that a node must first execute a series of transaction checks to approve them and only then carry out a transaction. There is no differentiation between nodes. All of them are responsible for approving the transactions. According to the author, this ensures a higher scalability: the higher the number of transactions, the more efficient it becomes. In the IoT platforms that use Blockchain, there are some different proposals regarding their design. ADEPT [59] is an open-source framework and utilizes proven technologies, like BitTorrent, TeleHash, and Ethereum, which facilitates market adoption. But, it is still a proof of concept with several challenges to overcome, including scalability and the nature of cryptocurrency development. Filament [41] focuses on the industrial infrastructure, to make it smart and connected. Its main feature is the adoption of a secure element on each device, with a host set of keys that get burned into a write-once or one-time-programmable (OTP) memory. Thus, the Filament IoT device is naturally more expensive due to its secure tamper-proof capabilities. Watson [60] is a “Blockhain as a service”
A Survey of How to Use Blockchain to Secure Internet of Things and....
301
product. It has an API to provide its services for to IoT devices, but it works within a cloud infrastructure. The main advantage is the ability to provide the use of Blockchain for heterogeneous devices. Iota [61] has a huge disadvantage since it does not support smart contracts. Since there is no nodes differentiation, all of them have the burden of transaction validation. In this system, in order to perform a transaction, a node has to validate at least two other transactions and with the network growth, the system is expected to provide good scalability. There are some other use cases involving data monetization with Blockchain and IoT devices. Nasdaq and Chain of Things lead the research on applications that can help make renewable sources of energy available to the general public, where the energy produced by solar IoT panels generates cryptocurrency registered in the Blockchain. So, anyone who joins the network can make investments in renewable energy technology.
Use of Blockchain in Secure Multiparty Computation Consider the following problem: two millionaires interested in knowing which of them has the largest fortune without revealing their own to another or to third parties. This is the famous millionaire’s problem proposed by Yao [62], which uses a protocol for secure two-party computation to solve it. The MPC is the generalization of this solution for multiple participants. We can define it as the problem of N participants to calculate a function with private entries in a safe manner, where security means ensuring the correctness and privacy of entries, even with the presence of some malicious participants. In the end, each participant will get only the result function and will not be able to know the entries of other participants. It opens the way for a variety of applications like Internet vote, data mining, and data sharing. Starting from the principle that with additive and multiplicative circuits we can perform any function, we merely need building these MPC blocks and then use these blocks for any other arithmetic functions. Thus, the proposed protocols for MPC seek to accomplish these two main functions, usually using Yao’s circuits [62] or Shamir secret sharing [63] or its variants. The participants exchange messages to perform these functions on the additives circuits. The number of this message grows linearly with the number of participants, but on the multiplicative circuits, O(n2) communications are needed. This fact makes the MPC implementation restricted to few participants and specific scenarios. Over the years there have been proposals to optimize the solutions and increase the number of participants [17, 64, 65].
302
Blockchain Technologies and Crypto-Currencies
In the problems formulation, two types of protocols are commonly adopted: the semi-honest and malicious models.(i)Semi-honest model: parties follow the protocol correctly but record all intermediate computations steps for later analysis, to achieve and infer other party secret information.(ii)Malicious model: in this model, the malicious participant does not need to follow the protocol and may act arbitrarily; it may execute or abort the execution at any moment, using false information and storing the intermediate steps for further analysis. Enigma [17] is a platform for MPC with privacy guarantee. It uses the Blockchain as a network controller, managing access control, and serving as log event to secret sharing. It can compute functions in both models and is scalable. Each node receives and records his inputs using Blockchain. There exist groups for each task, so each parcel performs a job, and at the end joining it. This partitioning allows a greater data replication control, improving the system scalability and allowing a more substantial number of participants. Other work [66] uses the Blockchain to perform access control and storage of patient data. The author believes that the use of the data of patients without their consent is a privacy problem but also describes the importance of the use of these data for medical research. He sorts the data into two types: public and private. Any researcher or governmental entity may use the public data. To use the private data they have to do it via MPC. Thus, the use of MCP makes it possible to know, for example, the number of patients who have AIDS and belong to risk group. This makes it possible to extract data knowledge without revealing the patient privacy. Chakravorty et al. [67] drew the attention to provide assistive services to older adults through data analytic technologies. However, the received data from smart homes represent personal and sensitive information and can often disclose the complete living behavior. Ideally, analysis of encrypted data would be a perfect solution for preserving privacy. However homomorphic encryption [68] scheme has computation and storage overhead and has to be carefully evaluated. It becomes necessary to devise a system that would allow execution of analytic data algorithms while preserving the privacy of monitored individuals. One of its possible solutions for using IoT devices that deal with sensitive data is the scheme like Enigma [47]. It uses the Blockchain to perform computation and extract knowledge from sensitive data generated without revealing it.
A Survey of How to Use Blockchain to Secure Internet of Things and....
303
Use of Blockchain to Ensure Safety in Smart Home Approaches based on Blockchain offer decentralized security and privacy but involve excessive consumption of energy and delays, which are not suitable for most IoT devices with limited resources. Dorri et al. [38, 43] offer a lightweight Blockchain solution IoT. This work proposes a method to adopt Blockchain in the context of IoT, eliminating the proof of work and the currencies mentality. The author uses it to exemplify a smart home implementation, consisting of three main structures: cloud storage, an overlay layer, and smart home. Each smart home is equipped with higher power computer that is always online. This device is a type of “Miner” and is responsible for dealing with all communications inside and outside the house. This computer maintains a private Blockchain, which is used to control and audit the communications and provide access control between devices. All the IoT devices are in the smart home layer, which are managed by a miner. In this scenario, the PoW becomes unnecessary, because only one device will have the job of keeping the Blockchain. The others house devices receive a key pair so that they can perform transactions. As an example, if a presence sensor wants to turn the lamp on it will send a transaction to the lamp, which will check into Blockchain if that sensor is allowed to light it. The overlay network consists of the smart home layer along with Service Providers (SP), cloud storages, and smartphones. The overlay network is grouped into clusters to minimize latency and each cluster elects its cluster head (CH). The miners maintain all the transactions in an immutable ledger which is the private Blockchain for each smart home network. There are different kinds of transactions like store, access, monitor, genesis, and remove which handle different operations and data sharing in the network. This work mostly focuses on data store and access use cases, by IoT devices. The transactions in the Blockchain are data storage and access transactions. The public keys are fixed with the cluster heads and are immutable. In their security analysis, they analyze their model for DDOS attack and linking attack. They also measure the overhead for using their model over traditional message exchange. A smart home is an excellent example of how to combine IoT and Blockchain. Blockchain-based sharing services can evolve and contribute to smart cities and shared economies. Shared economy is an economic-social model in which diverse population sectors can share underutilized assets [58]. Citizens, objects, and assets would connect transparently to exchange
304
Blockchain Technologies and Crypto-Currencies
assets and status share. In this paradigm, people seek trust, access rather than ownership, the reliability of shared services, security, and privacy.
Attacks on Blockchain Beyond the natural protection of stored data and typical attacks on distributed systems, Blockchain needs specific security mechanisms. Blockchain, by itself, can be considered secure and guarantees the block integrity and availability. But, the rest of the process before transaction validation or even a block (if there are attacks that fork the chain) is not safe in a natural way. Blockchain is not itself capable of detecting fraudulent activity. Any system or network can suffer an attack; Blockchain-based systems are no different. The types of attacks that makes Blockchain vulnerable are a bit different: in most cases, we can perform attacks on the consensus mechanism to change the chain’s history, prevent blocks or transactions from including the chain, or obtain greater revenue. The most common attacks on the consensus mechanism are the 51% attack and selfish mining attacks. In this way, it becomes necessary to know the main weaknesses to which Blockchain is exposed. As we argue in Sections 4.1, 4.2, 4.3, and 4.4, there are much research of how to use Blockchain in conjunction with IoT. This fact arouses the interest in attacks on both technologies. By this way, it is important to know which IoT solutions will be affected, so we can exhaustively test the applications with a safe development process to mitigate potential vulnerabilities. In the Bitcoin world, transactions are considered valid when they are in a block and confirmed when there are some blocks with higher height in the chain. The accumulated PoW in the chain does not permit us to change that transaction without a substantial computational power. However, bifurcations may arise. We choose the most extended chain to revolve the bifurcations. The majority bifurcations occur naturally, with no evil intention, causing delay to validating discarded transactions. This approach works well, under the crucial premise that no attacker must be able to gather as much computational power that can forge and publish a “chain” which has higher accumulated difficulty. In this case, the consensus rules do adopt the alternative chain instead of the main, from the point of bifurcation. This is theoretically possible and is called 51% attack [69]. As widely discussed, up to now the security of the Bitcoin depends on the consensus reached by distributed proof of work. We assumed that there is no single miner, nor a coordinated group of miners, nor a collusion of miners that has more than
A Survey of How to Use Blockchain to Secure Internet of Things and....
305
50% of network computing power. However, this assumption is questionable. First, the miners began to be organized in groups, called mining pool. They join forces and share the rewards. Secondly, there is no regulatory entity, and neither miner is required to follow the protocol. A mining pool with a majority computational power can change the consensus. By doing this, the miners who do not participate in the cooperative will probably be forced to join it when their revenues start to fall. For example, a cooperative with more than 50% of computational power could choose to accept blocks of other miners in a ratio of 2 : 1; from every two blocks sent by honest nodes only one will be accepted, and this is possible because the mining pool shall have the power to manipulate the consensus. The honest miners will have their blocks ignored and, therefore, lose the payments. The mining pool behavior can perform a denial of service to any miner or any transaction. Because they have the power not to include these transactions in any blocks, and if other miners do, they can generate forks, thus rejecting a transaction. The malicious miners can divert their behavior not to disclose immediately newly mined blocks. This attack is called “selfish mining” [4, 50]. First, it is needed to understand how the blocks propagation latency and the time target for the inclusion of new blocks affect the consensus mechanism.(i) Analysis of the latency of block diffusion: upon receiving a new block, a node, transmits it to its neighbors. Before starting the transmission, he makes extensive checks to ensure the propagation has only valid blocks. Each node that receives a new block makes these verifications. After that, the node sends an inventory (INV) message to informing their neighbors who have a new block and its height. In case the neighbors do not have this block, they will respond with a request message (GET_DATA). Only then the transmission of new block will start (Figure 7). The sum of all checking and spreading times, during the spread of a block, is the latency. Decker and Wattenhofer [70] made a time analysis of 10,000 blocks with different sizes. The author found that the median latency time was 6.5 seconds and the average was 12.6 seconds. Another interesting observation is that after 40 seconds, 5% of nodes still had not received the new block.(ii)Analysis of time for new blocks inclusion: the interval for the inclusion of new blocks is crucial for the number of forks observed in the network. The smaller this interval, the greater the number of blocks generated and consequently the greater the probability of forks occurrence and orphans blocks. Decker and Wattenhofer [70] observed an occurrence of 169 forks at 10,000 blocks in the Bitcoin chain, that is, 1.69% of discarded blocks. Gervais et al. [48] examined the time reduction impact; they varied the time for new blocks
Blockchain Technologies and Crypto-Currencies
306
inclusion from 0.5 seconds to 25 minutes, observing 10,000 blocks in NS-3 simulations, as shown in Table 2. Table 2: Impact of block interval on fork rate Blocks interval 0,5 s 1s 2s 5s 10 s 20 s 30 s 1m 2,5 m 10 m 25 m
Fork rate (%) 38,15 26,74 16,65 8,64 4,77 3,2 2,54 2,15 1,82 1,51 1,72
Median propagation time 0,82 0,82 0,84 0,89 1 1,21 1,43 2,08 4,18 14,7 35,73
Figure 7: The latency of block spread.
If an attacker decides to deviate from standard behavior and keep mining in a secret chain, he needs to adopt a heuristic for choosing the best moment to unveil these blocks. At the moment, everyone, including the attacker, is mining on the block n. When performing this action, if the attacker is able to produce the next block, he has an advantage, even without having power majority, because he can start next mining process (block n+1) before everyone. As he began before, there is a high probability of releasing the block n+1 before the other miner, generating a fork with higher height than the main chain. As the remaining nodes behave honestly, they will also adopt this chain and the attacker will reach his goal. Otherwise, if he receives a block, he may decide to adopt this block and throw away his work or ignore the received block and continued mining in the private chain. Figure 8 shows a simple fork scheme, where after releasing the blocks n and n+1 by the attacker the honest nodes have embraced this chain and produced the block n+2. This attack is known as selfish mining [4], and the attacker
A Survey of How to Use Blockchain to Secure Internet of Things and....
307
is called “selfish miner.” Being more specific, the attacker has four stats. Suppose the attacker’s portion of the network hash power is
,
are the
honest nodes mining on top of the public chain, and is the portion of the network that picks up on the attacker’s chain.(i)State 0: if the attacker’s private chain and the public chain have the same height, the attacker mine on the private chain. With probability , the attacker finds a new block and go to state 1 (private chain one block ahead). With probability 1- , the public network discovers a block, and the attacker resets his private chain to the public chain.(ii)State 1: if the attacker’s private chain is one block longer than the public chain, mine on the private chain. With probability , the attacker advances to state 2 (private chain two blocks ahead). With probability 1- , the public network discovers a block, setting the system to state 0′.(iii)State 0′: the attacker unveils his chain. There are now two competing chains, both one block long. With probability , the attacker will discover another block, converging the network to private chain. The attacker gains a revenue of 2, and the system resets to state 0. With probability (1- )( ), the network finds a block on top of the attacker’s block. The attacker and the network gain a revenue of 1, and the system resets to state 0. With probability (1- )( ), the honest finds a block on top of public chain, the network gains a revenue of 2, and the system resets to state 0.(iv)State 2: with probability , the attacker advances to state 3 and earns a revenue of 1. With probability 1- , the network finds a block, so the attacker publishes his 2-block private chain, which is still one block longer than the public chain so that the network will switch to the attacker’s chain. The attacker earns a revenue of 2.(v)State n (n > 2): with probability , the attacker advances to state n+1 and earns a revenue of 1. With probability 1, the attacker falls back to state n-1.
Figure 8: Fork.
A large part of latency time is due to the block checking obligation by every node. If an attacker controls some nodes, he can amplify the selfish
308
Blockchain Technologies and Crypto-Currencies
miner attack. The slave nodes can be configured not to undertake blocks verification mined by the attacker and retransmit them as soon as they arrive. So the attacker’s blocks latency will be shorter than honest nodes ones; this can be an advantage. The attacker could make the honest nodes work for him by unveiling his blocks as soon as he receives a new block. By this way part of honest nodes, who have received the attacker’s block, will work on it, augmenting the attacker’s power. Another observation about this attack is that the total blocks added to the chain are the produced blocks sum by the honest and the attacker. However, the occurrence of forks generates dropped blocks, stale blocks. Thus, the number of blocks included is smaller than the total produced blocks, this is important because, ignoring new miners entrance, when nodes recalculate the new difficulty, this will be smaller than the previous difficulty. In [4], Eyal and Sirer make a mathematical analysis and propose a model state transition with the aim of figuring out the best moment of release attacker’s blocks. They analyze the occurrence probability of each state and conclude that, for the attacker to achieve success, that is, publish more blocks than the honest ones, attacker’s mining power must satisfy the following:
(4) where is the attacker’s mining power and is the ratio of honest nodes mining in the attacker’s chain. This is an attacker advantage because he will need less power to be able to supplant the honest nodes. So, from this, the is obtained and in the worst case when no honest node lowest value of adopts its chain, it is necessary that the attacker has one-third of the network mining power. Nayak et al. [50] expand the Eyal research and verify that the proposed attack earlier is not optimal. He proposes new strategies to increase the attacker’s revenue, taking in account, not only the size of the chains, but also its computational power. For example, even if the attacker is losing the race if he possesses a significant mining power, it is better to continue mining in a private chain, because it will have a great chance to reach and exceed the honest chain. Another work contribution shows that if the selfish mining is combined with theEclipse [51], when the attacker controls all connections to a given node, the attacker will increase your winnings and surprisingly, with certain parameters, the eclipsed node will also be able to publish more
A Survey of How to Use Blockchain to Secure Internet of Things and....
309
blocks, in relation to honest nodes. The author uses a Markov Decision Process which uses the state transitions information to discover the best moment to unveil his blocks. When an honest node mines a new block, it publishes it immediately, while the attacker maintains the blocks hidden. Then, the attacker identifies how many blocks are in each chain, which chain is leading, and how many honest nodes are mining on the honest or malicious chain. Their strategies, called Stubborn Mining, are as follows:(i)Lead stubborn: as seen before, is an important factor, because of the more honest mining in the malicious is necessary. We have also seen that the latency strongly chain; less influences which block each node receives first. Thus, one of the strategies adopted by the author defines that if the attacker is leading to one block, as soon as the honest nodes release a block, the attacker also sends one. The goal is that the attacker block reaches a portion of honest nodes that will adopt the block as a reference for mining, increasing and the likelihood of the attacker winning the race. If the attacker is winning by two or more, it keeps the chain hidden, only revealing the blocks when the difference reaches one.(ii)Trail stubborn: when the attacker private chain is behind the public chain. The attacker continues mining in private, instead of leaving it, in the hope of reaching and exceeding the public chain. This strategy shows promise if the attacker possesses a certain amount of computational power. (iii)Equal fork stubborn: the attacker uses this strategy when the honest nodes equalize the race, and the attacker continues mining in its chain until it is one block ahead when he releases his chain. The Eclipse Attack [51] is an attack on the network level which occurs when an attacker monopolizes all connections of a given node, isolating the victim and filtering all messages sent and received. As a result, the victim has a different chain view. The victim can have blocks prevented from being included in the chain and can be forced to work in the attacker chain. In the Bitcoin, the nodes maintain up to 125 connections with its neighbors, being 8 outbound connections, and 117 inbound connections. Outbound connections are those initiated by the node itself, and the inbound connections are solicited by other nodes, as we have seen in Section 2.4 that deals with the P2P network. The attack consists of filling up the Tried Table with addresses controlled by the attacker and fills the New Tablewith invalid addresses. In this way whenever the victim is seeking a new connection it connects to an address controlled by the attacker. The nodes only accept valid IP to connect;
310
Blockchain Technologies and Crypto-Currencies
then New Table is populated with invalid addresses so that the attacker saves IPs. So, it simply performs two routines repeatedly to populate the victim’s tables. First, to establish connections, the attacker requests a connection and then disconnects and solicits for a new connection with other addresses; this is enough to fill the Tried Table. To fill the New Table, it is necessary to send many ADDR messages with bogus IP addresses to the victim. Each ADDR can contain up to 1000 addresses. They use Class C addresses or reserved IP, as the multicast needed at least 16384 addresses to populate the New Table. In their experiments, with a botnet of only 400 machines, he was capable of fully populating the New Table and 60% of Tried Table, achieving success in controlling all connections of the victim at 80% tries. The balance attack [71] occurs when an attacker disrupts communications between subgroups on a network. During the time that the network is partitioned, he releases transactions in one subgroup and mines blocks in another one. With high probability, the chain of the block subgroup outweighs the chain of the transaction subgroup. This strategy allows the attacker to mine a branch possibly in isolation of the rest of the network before merging its branch to one of the competing Blockchains to influence the branch selection process. The author shows that the GHOST consensus algorithm is prone to this attack. To improve the throughput (transactions per second), the Ethereum uses the GHOST (Greedy Heaviest Observed Subtree) consensus algorithm. The Bitcoin generates one block every 10 minutes, while Ethereum generates one block every 12–15 seconds. Besides this improvement, the Ethereum generates much more forks. To avoid wasting large mining efforts while resolving forks the GHOST protocol iteratively selects, as the successor block, the root of the subtree that contains the largest number of nodes. Kiayias and Panagiotakos [72] propose the liveness attack, which delays, as much as possible, the transaction confirmation. They also present two instantiations of such attack on Bitcoin and Ethereum. Liveness attack consists of three phases, namely, attack preparation phase, transaction denial phase, and Blockchain retarder phase:(i)Attack preparation phase: just like selfish mining attack, an attacker builds a private chain, which is longer than the public chain.(ii)Transaction denial phase: the attacker privately holds the block that contains transaction, in order to prevent transaction from being written into the public chain.(iii)Retarder phase: the transaction will no longer be able to be privately held. In this case, the attacker will publish the block that contains it. In some Blockchain
A Survey of How to Use Blockchain to Secure Internet of Things and....
311
systems, like in Ethereum, when the depth of the block that contains the transaction is greater than a constant, the transaction will be regarded valid. The attacker will continue building private chain to build an advantage over the public chain. After that, he will publish the blocks into public chain to slow down the growth rate of public chain. The liveness attack will end when transaction is verified as valid in the public chain. The Sybil attack was first described by a Microsoft researcher Douceur [33]. Sybil’s attack implies a situation where one node in the network acquires several identities. It is based on the fact that peer-to-peer networks cannot reliably distinguish between members in some Internet services that provide one IP address for all their users. In Blockchain networks [73], an attacker may try to fill the network with nodes controlled by him. This allows him to launch the following rogue schemes:(i)Refusing to transmit and receive blocks(ii)51% attack and double spending In centralized networks, Sibyl attacks are usually avoided using a set of heuristic rules. For example, the system may require that only a limited number of accounts can be created from the same IP address within the allotted time interval. In Bitcoin Blockchain, Sybil attacks are eliminated by special requirements that rule the generation of new blocks. Because an attacker can only create a limited number of blocks, this provides reliable cryptographic protection against Sybil attacks. It turns out that the fraudster needs to have the actual computing power, which cannot be faked. Quantum algorithms, like Shor’s algorithm [74, 75], in theory, will be able to break the elliptic curve signature scheme and, consequently, digital signatures used in Blockchain networks. Aggarwal et al. [76] find that the proof of work used by Bitcoin may still be resistant to quantum computers in the next 10 years. Then, the development of quantum computers poses a serious threat to almost all of the cryptography and, therefore, to Blockchain. This algorithm can be used in two ways to attack the Blockchain. The first is that it can be used to search for hash collisions which can be used to carry out a 51% attack, replacing blocks without disturbing the chain integrity. The second is that it can speed up the nonce generation, consequently, recreating a new chain. To best exemplify the selfish mining attack, we performed simulations using the NS-3 module developed by [48]. The module was developed with the objective of analyzing the impact on the stale block rate, network throughput, the block propagation time, and double spent gain. The nodes
312
Blockchain Technologies and Crypto-Currencies
connections use point-to-point protocol, abstracting intermediary devices. To configure the channel characteristics (latency and bandwidth), statistical data from various sources were used, such as Verizon and https://testmy. net. To model the proof of work, values of mining power are assigned to nodes and statistically distribute the blocks generation. The data inputs are the block rate, block size, and the spent double value. Analyzing the major Bitcoin mining pools, we conclude that the 15 largest mining pools have 96.3% of mining power. For this reason, 16 nodes have been simulated, representing the 15 mining pools and the other miners grouped as one. The honest nodes adopt the standard protocol, while the attacker follows the heuristic proposed by the author:(i)Adopt: the attacker adopts the honest chain; this corresponds to restarting the attack. The attacker infers that the honest nodes have a higher probability of winning the race.(ii)Overlay: it occurs when the attacker has one block more than the honest chain. It is a good strategy when there is a portion of honest nodes mining on the attacker chain.(iii)Match: the attacker publishes as many blocks as those published by honest. This action aims to make some honest nodes mining on the attacker chain. Following, the attacker can use the Overlay action.(iv)Wait: the attacker is mining constantly in a private chain, without revealing it.(v) Publish: it corresponds to unveiling its chain. First 30 simulation rounds were done, generating 10,000 blocks in each. The simulations were run with 16 miners, and all of them followed the standard protocol, without attacker. This results in 0.13% of forks in the chain. In the second simulations round, one node was chosen as attacker. Initially, he has 20% of mining power, which was increased by steps of 5% until 50%.
THE STALKER MINER At the network layer, each node does TCP to its neighbors. All transactions have a special address, and only the node with the right key can unlock it. For this reason, we can say that Blockchain provides a certain degree of privacy. Discovering which nodes are doing specific transactions is very difficult, but not impossible. It is possible to infer the IP address and nodes identity through various techniques [53–57, 77]. It is difficult to imagine motivations for an attacker to spend a tremendous power to make a specific user to not publish his blocks. First, the main marketing in this system is confidence. If the miners are spending resources and do not receive their reward fatally, they will leave work, and
A Survey of How to Use Blockchain to Secure Internet of Things and....
313
the confidence will be broken. Second, in large networks, like Bitcoin and Ethereum, the attacker has to spend much money to buy specific hardware. In systems that use proof of work, the attacker must possess enormous computational power and certainly will spend a lot of money to become a selfish attacker. But the future rewards may be greater. Imagine that two companies decide to acquire a large asset from a third party, and there is a smart contract with a priority clause for one of the companies. This clause says that the second company can acquire the asset only if the first one does not make the payment in a specific date. The second company can then carry out the attack in order to prevent this transaction being confirmed by the network. Ali et al. [46] announced the first known attack of selfish miner to a production network, proving that the attack is doable, despite the motivations or being very costly. The data collected show signs of attacker behavior: for example, miners were not accepting transactions; a long delay in blocks was noticed followed by blocks in rapid succession; and there were a lot of rejected blocks. The stalker, detailed in Algorithm 1, is a variant of selfish mining. In this attack, the malicious node has the aim of not permitting that a specific miner publishes his blocks. The difference between the stalker and the selfish mining is the ultimate goal, while selfish mining seeks to increase the relative revenue, and the stalker seeks to deny a specific target, not worrying about gain. This attack only uses Adopt, Wait, and Publish heuristics (see Algorithm 1), because Overlay and Match have the objective of making honest nodes work to increase the relative revenue. All honest mining follows the protocol; then they reveal a block immediately after mining it. They accept the most extended chain and mine on top of it. Algorithm 1: Stalker attack.
314
Blockchain Technologies and Crypto-Currencies
The stalker mining strategy consists of the following deviations from honest mining; see Figure 9:(i)When there is not a fork and the victim mines the next block, accept the honest chain.(ii)When leading and receiving a victim’s block, unveil private chain and restart an attack.(iii)When leading 2 and honest mining the next block, continue mining in a private chain and wait for a victim block.(iv)When leading and the attacker mines the next block, continue mining in a private chain and wait for a victim block.
Figure 9: Stalker miner strategy. A is attacker, H is the honest nodes, and V is the victim.
Two decisions define attacker mining strategy:(i)The best moment to unveil the private chain(ii)When to accept the public’s chain The attacker follows the following proposed heuristic:(i)Adopt: the attacker adopts the honest chain. This corresponds to restarting the attack. The attacker infers that the honest will lose many blocks, which is not the objective.(ii)Wait: the attacker mines constantly in a private chain, without revealing it.(iii)Publish: this happens when the length of attacker chain (la) is greater than the honest one (lh), and the victim publishes the next block. This corresponds to unveiling the attacker’s chain and publishing it. The single-
A Survey of How to Use Blockchain to Secure Internet of Things and....
315
player decision problem cannot be modeled directly as an MDP because the attacker function is nonlinear. To use MDPs, we apply the Gervais technique [30], applying an MDP solver for finite state space MDPs, and use a cutoff value of 20 blocks. We use a decision matrix, Table 3, which gives two actions: adopt the honest chain or wait and continue mining. The attacker only unveils his chain when receiving a victim’s block. However, the attack has the side effect of “waste” mining power of honest nodes. Sometimes the stalker only receives the victim block when the private chain is 3 or more blocks ahead, resulting in discarding honest blocks. Table 3: Decision matrix lh la
1
2
3
4
5
6
7
8
9
10
11
1
“w”, “w”
“*”, “a”
-
-
-
-
-
-
-
-
-
2
“w”, “w”
“w”, “w”
“*”, “a”
-
-
-
-
-
-
-
-
3
“w”, “w”
“w”, “w”
“w”, “w”
“*”, “a”
-
-
-
-
-
-
-
4
“w”, “w”
“w”, “w”
“w”, “w”
“w”, “w”
“*”, “a”
-
-
-
-
-
-
5
“w”, “w”
“w”, “w”
“w”, “w”
“w”, “w”
“w”, “w”
“*”, “a”
-
-
-
-
-
6
“w”, “w”
“w”, “w”
“w”, “w”
“w”, “w”
“w”, “w”
“w”, “w”
“*”, “a”
-
-
-
-
7
“w”, “w”
“w”, “w”
“w”, “w”
“w”, “w”
“w”, “w”
“w”, “w”
“w”, “w”
“*”, “a”
-
-
-
8
“w”, “w”
“w”, “w”
“w”, “w”
“w”, “w”
“w”, “w”
“w”, “w”
“w”, “w”
“w”, “w”
“*”, “a”
-
-
9
“w”, “w”
“w”, “w”
“w”, “w”
“w”, “w”
“w”, “w”
“w”, “w”
“w”, “w”
“w”, “w”
“w”, “a”
“*”, “a”
-
10
“a”, “w”
“a”, “w”
“a”, “w”
“a”, “w”
“a”, “w”
“a”, “w”
“a”, “w”
“a”, “w”
“a”, “w”
“w”, “w”
“*”, “a”
11
-
-
-
-
-
-
-
-
-
“a”, “a”
“w”, “w”
The rows correspond to the length, la, of the adversary’s chain and the columns correspond to the length, lh, of the honest network’s chain. The two values in each table entry correspond to the forks, first the attacker and second the honest one. w and a denote the wait and adopt actions, respectively. To evaluate the attack performance, we use the NS-3 module constructed by Gervais. We need to rely on simulations as the only workable alternative to realistically capture the Blockchain performance under this attack, since neither formal modeling nor the deployment of thousands of peers (e.g.,
316
Blockchain Technologies and Crypto-Currencies
currently there are 6000 reachable full nodes in Bitcoin) would be practical. The NS-3 module evaluates different Blockchain parameters, such as the block interval, the block size, the propagation mechanisms by measuring the resulting stale block rate throughput, and block propagation times. We use the following parameters in our simulations:(i)Total nodes: 16(ii)Block interval distribution: 10 minutes(iii)Block size distribution: variable(iv) Nodes distribution: worldwide(v)Connections per node: 15(vi)Block request system: INV message Each miner is set up with a mining power (PoW). Based on the block interval distribution, a new block is attributed to a miner. A miner mines on the first block he receives and uses the longest chain rule. The blocks in the fork are discarded. We do not consider difficult changes among different blocks; the longest chain is that with more blocks on it. Pointto-point channels establish the nodes connections, which abstracts away any intermediate devices like routers and switches. These channels have only two characteristics: latency and bandwidth. The block size implicitly simulates the transaction. In the simulator, we only use a miner node type. We use the mining pool distribution from https://Blockchain.info, but the hash power is the main parameters that we modify in simulations. Figure 10 exemplifies how the stalker acts. The gray blocks are from honest nodes, the blue corresponds to target, and the red ones to the attacker. At the instant T1, an honest node publishes the block 1, and the attacker then secretly starts mining its blocks chain waiting for a target block. At time T4, the attacker has a chain greater than the honest ones, and the target publishes a block when the stalker decides to publish his chain. As the attacker’s chain is greater than the honest chain, all nodes will adopt it as the main chain, and the attacker achieves his goal, which is to prevent the blue blocks in the main chain. But, as we can observe, this attack had the side effect of discarding blocks 2 and 3 of honest knots. If the attacker’s chain grows without the victim publishing a block, the attacker discards his chain and restarts a new one with the main chain top block as the reference.
A Survey of How to Use Blockchain to Secure Internet of Things and....
317
Figure 10: Stalker attack example.
Figure 11 shows the attacker influence on the target. The “X” axis represents the attacker’s computational power over the rest of the network. The “Y” axis displays the target stale block. The attacker’s computational power starts with 20% and is increased by 5% until it reaches a maximum of 40%. For each striker’s power range is also varied, the target’s computational power reaches up to 30%.
Figure 11: Target’s stale blocks.
318
Blockchain Technologies and Crypto-Currencies
The first conclusion obtained is that the higher the target power the lesser the influence of the attacker on it. This fact can be explained by the fact that the target will publish more blocks and the attacker cannot generate as many forks as they need. The second conclusion is that the higher the attacker’s strength the greater the discarded block. The best result achieved by the attacker occurs when he has 40% of the hash power and the target has 5%, when 39% of the target blocks are discarded. There is also a collateral damage of discarding some blocks from other nodes, this can be observed in Figure 12, and the computational power of these nodes is 50%. This effect can be explained by the fact that the attacker generates the forks before receiving a target block; in this way several other nodes blocks are lost as a consequence. These nodes even lose up to 16% of their blocks, which is above the observed natural forks rate of 1.69%.
Figure 12: Honest stale blocks.
In Figure 13, we can see that the attacker discarded blocks dim with increasing target strength; this is because the target publishes more blocks and the stalker only reveals its chain when there are target blocks. So, he will also publish more blocks, and with this, there is a decrease of its stale blocks. In Table 4, we compare stale block rate between the target and honest nodes.
A Survey of How to Use Blockchain to Secure Internet of Things and....
Table 4: Comparative of stale blocks Target Hash power 5% 10% 15% 20% 25% 30%
Target Hash power 5% 10% 15% 20% 25% 30%
(a) Attacker hash power 20% Target Honest Mined Stale % Mined Stale % 92 8 8,30% 1452 9 0,62% 193 15 7,50% 1333 16 1,20% 300 21 6,96% 1268 17 1,34% 383 23 6,06% 1160 19 1,64% 488 32 6,62% 1056 20 1,89% 585 31 5,34% 984 23 2,34% (b) Attacker hash power 40% Target Honest Mined Stale % Mined Stale % 96 38 39,63% 1083 152 14,04% 195 69 35,54% 996 143 14,36% 287 95 33,14% 878 151 17,20% 394 121 30,61% 782 131 16,75% 482 136 28,20% 675 115 17,04% 572 152 26,58% 570 95 16,67%
Figure 13: Attacker stale blocks.
319
320
Blockchain Technologies and Crypto-Currencies
FINAL CONSIDERATIONS, FUTURE PROSPECTS, AND OPEN ISSUES IoT processes and exchanges large amounts of data without human intervention, and this data often has information that can be critical to security and privacy. Therefore, they are attractive targets for attackers. Typically, these devices are low-power and low-computing, and they should devote their few resources to their core activities, making the task of supporting security and privacy quite challenging. Traditional security methods tend to be expensive in computational and energetic terms. Also, many of the security frameworks are highly centralized and therefore not necessarily suitable for the IoT scenario because of the difficulty of scalability and the fact that it becomes a single point of failure. Consequently, IoT requires privacy and security protection that is light, scalable, and distributed. Blockchain technology, which supports Bitcoin, has the potential to overcome these challenges as a result of its distributed, secure, and private nature. However, it is not light, requiring adaptations and optimizations. The combination of Blockchain and IoT can be quite powerful, as Blockchain can provide resilience to attacks and the ability to interact with peers in a reliable and auditable way. Blockchain’s continued integration into the IoT domain will cause significant transformations across multiple industries, bringing new business models and making us reconsider how existing systems and processes are implemented. The “Blockchain” not only enables the movement of money but can also be used to transfer information and allocate resources between devices, enabling the use of Blockchain as a service [78]. The connected world can usefully include Blockchain technology as a layer for which more and more devices (wearables, sensors, IoTs, smartphones, tablets, laptops, homes, cars, and smart cities) can benefit from their characteristics. Blockchain, therefore, presents many promising opportunities for the future of IoT. Challenges, however, remain, as consensus models and computational costs of transaction verification. However, it is still in the early stages of developing block chains, and these obstacles will eventually be overcome, opening the way to many possibilities.
ACKNOWLEDGMENTS The authors would like to thank Brazilian Internet Steering Committee (CGI) and São Paulo Research Foundation (FAPESP) for the funding provided
A Survey of How to Use Blockchain to Secure Internet of Things and....
321
to the research (Grant no. 2015/24358-7) that has played a seminal role in providing scientific funding, leading to the preparation of this paper.
Blockchain Technologies and Crypto-Currencies
322
REFERENCES 1. 2.
3.
4.
5. 6. 7. 8. 9. 10. 11. 12.
13. 14.
D. Evans, “A internet das coisas: como a próxima evolução da internet está mudando tudo,” CISCO IBSG, 2011. Y. Zhang and J. Wen, “An IoT electric business model based on the protocol of bitcoin,” in Proceedings of the 2015 18th International Conference on Intelligence in Next Generation Networks, ICIN 2015, pp. 184–191, IEEE, France, February 2015. M. Pilkington, Blockchain technology: principles and applications. research handbook on digital transformations, F. X. Olleros and M. Zhegu, Eds., 2016. I. Eyal and E. G. Sirer, “Majority Is Not Enough: Bitcoin Mining Is Vulnerable,” in Financial Cryptography and Data Security, vol. 8437 of Lecture Notes in Computer Science, pp. 436–454, Springer Berlin Heidelberg, Berlin, Heidelberg, 2014. K. Ashton, “That ‘internet of things’ thing,” RFID Journal, vol. 22, no. 7, pp. 97–114, 2009. F. L. Lewis and et al., “Wireless sensor networks,” Smart environments: technologies, protocols, and applications, pp. 11–46, 2004. X. Cui, “The internet of things,” in In Ethical Ripples of Creativity and Innovation, pp. 61–68, Springer, 2016. J. Fenn and H. LeHong, Hype Cycle for Emerging Technologies, Gartner, July 2011. L. Atzori, A. Iera, and G. Morabito, “The internet of things: a survey,” Computer Networks, vol. 54, no. 15, pp. 2787–2805, 2010. P. Guillemin, P. Friess, and et al., “Internet of things strategic research roadmap,” The Cluster of European Research Projects, 2009. Y. Recommendation, “2060 «overview of internet of things»,” ITU-T, Geneva, 2012. J. Gubbi, R. Buyya, S. Marusic, and M. Palaniswami, “Internet of Things (IoT): a vision, architectural elements, and future directions,” Future Generation Computer Systems, vol. 29, no. 7, pp. 1645–1660, 2013. W. Stallings, Network and Internetwork Security: Principles and Practice, vol. 1, Prentice Hall Englewood Cliffs, 1995. H. Dobbertin, A. Bosselaers, and B. Preneel, “RIPEMD-160: A strengthened version of RIPEMD fast software encryption,” Lecture Notes in Computer Science, vol. 1039, pp. 71–82, 1996.
A Survey of How to Use Blockchain to Secure Internet of Things and....
323
15. N. Jansma and B. Arrendondo, “Performance comparison of elliptic curve and rsa digital signatures,” Efficiency Comparison of Elliptic Curve and RSA Signatures, 2004. 16. D. Hankerson, A. J. Menezes, and S. Vanstone, Guide to Elliptic Curve Cryptography, Springer Science and Business Media, New York, NY, USA, 2006. 17. G. Zyskind, O. Nathan, and A. Pentland, “Enigma: Decentralized Computation Platform with Guaranteed Privacy, 2015,” https://arxiv. org/abs/1506.03471. 18. M. Swan, “Blockchain thinking: The brain as a dac (decentralized autonomous organization),” in Proceedings of the Texas Bitcoin Conferenc, pp. 27–29, 2015. 19. A. Andrea, Mastering BitCoin, 2014. 20. M. Swan, Blockchain: Blueprint for a New Economy, O’Reilly Media, Inc., 2015. 21. S. Nakamoto, Bitcoin, A peer-to-peer electronic cash system, 2008, https://bitcoin.org/bitcoin.pdf. 22. R. C. Merkle, “A digital signature based on a conventional encryption function,” in Proceedings of the Conference on the Theory and Application of Cryptographic Techniques. 23. J. Kim, “Safety, liveness and fault tolerance,” The Consensus Choices Stellar, 2014. 24. C. Natoli and V. Gramoli, “The Blockchain Anomaly,” in Proceedings of the 15th IEEE International Symposium on Network Computing and Applications, NCA 2016, pp. 310–317, IEEE, November 2016. 25. M. J. Fischer, N. A. Lynch, and M. . Paterson, “Impossibility of distributed consensus with one faulty process,” Journal of the ACM, vol. 32, no. 2, pp. 374–382, 1985. 26. S. King and S. Nadal, “Peer-to-peer crypto-currency with proof-ofstake,” Self-Published Paper, 2012. 27. M. Castro and B. Liskov, “Practical Byzantine Fault Tolerance and Proactive Recovery,” ACM Transactions on Computer Systems, vol. 20, no. 4, pp. 398–461, 2002. 28. Intel., “Proof of elapsed time (poet),” http://intelledger.github.io/. 29. A. Back, Hashcash-a denial of service counter-measure, 2002. 30. H. Gilbert and H. Handschuh, “Security analysis of SHA-256 and
324
31.
32. 33.
34. 35.
36. 37.
38. 39.
40.
41.
Blockchain Technologies and Crypto-Currencies
sisters,” in Selected Areas in Cryptography, M. Matsui and R. J. Zuccherato, Eds., vol. 3006 of Lecture Notes in Computer Science, pp. 175–193, Springer, Berlin, Germany, 2003. T. H. Kim, “A Study of Digital Currency Cryptography for Bbusiness Marketing and Finance Security,” Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology, vol. 6, no. 1, pp. 365–376, 2016. P. Vasin, Blackcoin’s proof-of-stake protocol v2, 2014. J. R. Douceur, “The sybil attack,” in Peer-to-Peer Systems, vol. 2429 of Lecture Notes in Computer Science, pp. 251–260, Springer, Berlin, Germany, 2002. G. Wood, “Ethereum, A secure decentralised generalised transaction ledger,” Ethereum Project Yellow Paper, vol. 151, 2014. C. Cachin, “Architecture of the hyperledger blockchain fabric,” in In Workshop on Distributed Cryptocurrencies and Consensus Ledgers, 2016. M. Pilkington, “Blockchain technology: Principles and applications,” Browser Download This Paper, 2015. M. Conoscenti, A. Vetro, and J. C. De Martin, “Blockchain for the Internet of Things: A systematic literature review,” in Proceedings of the 13th IEEE/ACS International Conference of Computer Systems and Applications, AICCSA 2016, IEEE, Agadir, Morocco, December 2016. A. Dorri, S. S. Kanhere, and R. Jurdak, “Blockchain in internet of things: Challenges and Solutions, 2016,” https://arxiv.org/abs/1608.05187. A. Dorri, S. S. Kanhere, and R. Jurdak, “Towards an optimized blockchain for IoT,” in Proceedings of the 2nd IEEE/ACM International Conference on Internet-of-Things Design and Implementation, IoTDI 2017, pp. 173–178, ACM, Pittsburgh, PA, USA, April 2017. M. Conoscenti, A. Vetro, and J. C. De Martin, “Peer to peer for privacy and decentralization in the internet of things,” in Proceedings of the 39th IEEE/ACM International Conference on Software Engineering Companion, ICSE-C 2017, pp. 288–290, IEEE, Buenos Aires, Argentina, May 2017. M. Crosby, P. Pattanayak, S. Verma, and V. Kalyanaraman, “Blockchain technology: Beyond bitcoin,” Applied Innovation, vol. 2, pp. 6–10, 2016.
A Survey of How to Use Blockchain to Secure Internet of Things and....
325
42. D. Wörner and T. Von Bomhard, “When your sensor earns money: Exchanging data for cash with Bitcoin,” in Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing, UbiComp 2014, pp. 295–298, ACM, September 2014. 43. A. Dorri, S. S. Kanhere, R. Jurdak, and P. Gauravaram, “Blockchain for IoT security and privacy: The case study of a smart home,” in Proceedings of the 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), pp. 618–623, Kona, Big Island, HI, USA, March 2017. 44. D. Wörner and T. Von Bomhard, “When your sensor earns money: Exchanging data for cash with Bitcoin,” in Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing, UbiComp 2014, pp. 295–298, September 2014. 45. K. T. Nguyen, M. Laurent, and N. Oualha, “Survey on secure communication protocols for the Internet of Things,” Ad Hoc Networks, vol. 32, article no. 1181, pp. 17–31, 2015. 46. M. Ali, J. C. Nelson, R. Shea, and M. J. Freedman, “Blockstack: A global naming and storage system secured by blockchains,” in Proceedings of the USENIX Annual Technical Conference, pp. 181–194, 2016. 47. G. Zyskind, O. Nathan, and A. S. Pentland, “Decentralizing privacy: Using blockchain to protect personal data,” in Proceedings of the IEEE Security and Privacy Workshops, SPW 2015, pp. 180–184, IEEE, May 2015. 48. A. Gervais, G. O. Karame, K. Wüst, V. Glykantzis, H. Ritzdorf, and S. Čapkun, “On the security and performance of Proof of Work blockchains,” in Proceedings of the 23rd ACM Conference on Computer and Communications Security, CCS 2016, pp. 3–16, Austria, October 2016. 49. I. Eyal, “The miner’s dilemma,” in Proceedings of the 36th IEEE Symposium on Security and Privacy, SP 2015, pp. 89–103, IEEE, San Jose, CA, USA, May 2015. 50. K. Nayak, S. Kumar, A. Miller, and E. Shi, “Stubborn mining: generalizing selfish mining and combining with an eclipse attack,” in Proceedings of the 1st IEEE European Symposium on Security and Privacy, pp. 305–320, IEEE, 2016. 51. E. Heilman, A. Kendler, A. Zohar, and S. Goldberg, “Eclipse attacks on bitcoins peer-to-peer network,” In USENIX Security, pp. 129–144,
326
52.
53.
54.
55.
56.
57.
58.
59. 60. 61. 62.
63. 64.
Blockchain Technologies and Crypto-Currencies
2015. A. Ouaddah, A. Abou Elkalam, and A. Ait Ouahman, “FairAccess: a new Blockchain-based access control framework for the Internet of Things,” Security and Communication Networks, vol. 9, no. 18, pp. 5943–5964, 2017. M. Spagnuolo, F. Maggi, and S. Zanero, “Bitiodine: Extracting intelligence from the bitcoin network,” in Proceedings of the nternational Conference on Financial Cryptography and Data Security, pp. 457–468, Springer, 2014. M. Moser, R. Bohme, and D. Breuker, “An inquiry into money laundering tools in the Bitcoin ecosystem,” in Proceedings of the 2013 APWG eCrime Researchers Summit, eCRS 2013, IEEE, USA, September 2013. J. Herrera-Joancomartí, “Research and Challenges on Bitcoin Anonymity,” in Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance, vol. 8872, pp. 3–16, Springer, 2015. P. Koshy, D. Koshy, and P. McDaniel, “An analysis of anonymity in bitcoin using P2P network traffic,” in Proceedings of the International Conference on Financial Cryptography and Data Security, pp. 469– 485, Springer, 2014. L. Valenta and B. Rowan, “Blindcoin: blinded, accountable mixes for Bitcoin,” in Proceedings of the International Conference on Financial Cryptography and Data Security, pp. 112–126, Springer. Y. Sun, H. Song, A. J. Jara, and R. Bie, “Internet of things and big data analytics for smart and connected communities,” IEEE Access, vol. 4, pp. 766–773, 2016. S. Panikkar, S. Nair, P. Brody, and V. Pureswaran, “Adept: An iot practitioner perspective,” IBM Institute for Business Value, 2014. N. Kshetri, “Can Blockchain Strengthen the Internet of Things?” IT Professional, vol. 19, no. 4, Article ID 8012302, pp. 68–72, 2017. S. Popov, “The tangle, 2016,” https://iota.org/IOTA_Whitepaper.pdf. A. C. Yao, “Protocols for secure computations,” in Proceedings of the Foundations of Computer Science, 1982. SFCS’08. 23rd Annual Symposium, pp. 160–164, IEEE, 1982. A. Shamir, “How to share a secret,” Communications of the ACM, vol. 22, no. 11, pp. 612-613, 1979. R. Cramer, I. Damgård, S. Dziembowski, M. Hirt, and T. Rabin,
A Survey of How to Use Blockchain to Secure Internet of Things and....
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
327
“Efficient multiparty computations secure against an adaptive adversary,” Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics): Preface, vol. 1592, pp. 311–326, 1999. R. Gennaro, M. O. Rabin, and T. Rabin, “Simplified VSS and fast-track multiparty computations with applications to threshold cryptography,” in Proceedings of the 1998 17th Annual ACM Symposium on Principles of Distributed Computing, pp. 101–111, ACM, July 1998. X. Yue, H. Wang, D. Jin, M. Li, and W. Jiang, “Healthcare Data Gateways: Found Healthcare Intelligence on Blockchain with Novel Privacy Risk Control,” Journal of Medical Systems, vol. 40, no. 10, article no. 218, 2016. A. Chakravorty, T. Wlodarczyk, and C. Rong, “Privacy preserving data analytics for smart homes,” in Proceedings of the 2nd IEEE Security and Privacy Workshops, SPW 2013, pp. 23–27, USA, May 2013. R. L. Rivest, L. Adleman, and M. L. Dertouzos, “On data banks and privacy homomorphisms,” Foundations of secure computation, vol. 4, no. 11, pp. 169–180, 1978. J. A. Kroll, I. C. Davey, and E. W. Felten, “The economics of bitcoin mining, or bitcoin in the presence of adversaries,” in In Proceedings of WEIS, vol. 2013, 2013. C. Decker and R. Wattenhofer, “Information propagation in the Bitcoin network,” in Proceedings of the 13th IEEE International Conference on Peer-to-Peer Computing, IEEE P2P 2013, IEEE, Trento, Italy, September 2013. C. Natoli and V. Gramoli, “The Balance Attack or Why Forkable Blockchains are Ill-Suited for Consortium,” in Proceedings of the 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017, pp. 579–590, IEEE, June 2017. A. Kiayias and G. Panagiotakos, “On trees, chains and fast transactions in the blockchain,” IACR Cryptology ePrint Archive, vol. 2016, p. 545, 2016. G. Bissias, A. P. Ozisik, B. N. Levine, and M. Liberatore, “Sybilresistant mixing for bitcoin,” in Proceedings of the 13th Workshop on Privacy in the Electronic Society, pp. 149–158, ACM, Scottsdale, Arizona, USA, 2014. P. W. Shor, “Algorithms for quantum computation: discrete logarithms
328
75.
76.
77. 78.
Blockchain Technologies and Crypto-Currencies
and factoring,” in 35th Annual Symposium on Foundations of Computer SCIence (SANta FE, {NM}, 1994), pp. 124–134, IEEE Comput. Soc. Press, Los Alamitos, CA, 1994. P. W. Shor, “Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer,” SIAM Review, vol. 41, no. 2, pp. 303–332, 1999. D. Aggarwal, G. K. Brennen, T. Lee, M. Santha, and M. Tomamichel, “Quantum attacks on bitcoin, and how to protect against them, 2017,” https://arxiv.org/abs/1710.10377. A. Miller, J. Litton, A. Pachulski et al., Discovering bitcoin’s public topology and influential nodes, et al., 2015. T. Swanson, “Consensus-as-a-service: a brief report on the emergence of permissioned, distributed ledger systems,” Report, available online, 2015.
SECTION IV: SMART SIGNATURES AND DATA PRIVACY
Research on a New Signature Scheme on Blockchain
12
Chao Yuan, Mi-xue Xu, and Xue-ming Si State Key Laboratory of Mathematical Engineering and Advanced Computing, Information Engineering University, Zhengzhou 450001, China
ABSTRACT With the rise of Bitcoin, blockchain which is the core technology of Bitcoin has received increasing attention. Privacy preserving and performance on blockchain are two research points in academia and business, but there are still some unresolved issues in both respects. An aggregate signature scheme is a digital signature that supports making signatures on many different messages generated by many different users. Using aggregate signature, the size of the signature could be shortened by compressing multiple signatures into a single signature. In this paper, a new signature scheme for transactions
Citation: Chao Yuan, Mi-xue Xu, and Xue-ming Si, “Research on a New Signature Scheme on Blockchain,” Security and Communication Networks, vol. 2017, Article ID 4746586. Copyright: © 2017 Chao Yuan et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Blockchain Technologies and Crypto-Currencies
332
on blockchain based on the aggregate signature was proposed. It was worth noting that elliptic curve discrete logarithm problem and bilinear maps played major roles in our signature scheme. And the security properties of our signature scheme were proved. In our signature scheme, the amount will be hidden especially in the transactions which contain multiple inputs and outputs. Additionally, the size of the signature on transaction is constant regardless of the number of inputs and outputs that the transaction contains, which can improve the performance of signature. Finally, we gave an application scenario for our signature scheme which aims to achieve the transactions of big data on blockchain.
INTRODUCTION Since the emergence of Bitcoin [1], blockchain as the core technology of Bitcoin has attracted more and more attention. As a combination of a variety of technologies such as distributed data storage, peer-to-peer network, consensus mechanism, and cryptographic algorithm, blockchain has broad prospects of application. There are still some flaws on blockchain where privacy preserving and performance are two important aspects. When achieving the characteristics of blockchain, preserving the privacy is the focus of academic research. In this field, Monero and Zcach are representative projects where ring signature, zero-knowledge proof, and other cryptographic technologies play important roles. In addition, achieving rapid trading to meet realistic demands is another challenge that blockchain faces. In this field, lightning network is widely recognized, but there are also some flaws in its theories and implement. Meanwhile, we know big data has been used in many fields. However, there are still many flaws in the storage, transmission, transaction, and privacy preserving of big data. And blockchain was considered to be an ideal technology for solving these flaws. Thus, we applied our new signature scheme to the transactions of big data on blockchain. Our Contributions. In this work, we make three contributions in view of the privacy preserving and performance on blockchain. (1)
We introduce some existing contributions to the privacy preserving on blockchain, including CoinJoin in Dash, ring signature in Monero, and zero-knowledge proof in Zcash.
Research on a New Signature Scheme on Blockchain
333
(2)
We introduce some cryptographic technologies which are favorable for privacy preserving and performance on blockchain, including elliptic curve cryptography (ECC), bilinear maps, and aggregation signature. And then we propose a new signature scheme for the transaction on blockchain in which the amount will be hidden especially in the transactions which include multiple inputs and outputs. Additionally, the size of the signature on transaction is constant regardless of the number of inputs and outputs that the transaction contains, which can improve the performance of the signature. And we give the security analysis of our new signature scheme. (3) We propose an application scenario for our signature scheme which aims to achieve the transaction of big data on blockchain. Paper Organization. The rest of the paper is organized as follows. Section 2 introduces some projects which aimed at the privacy preserving on blockchain. And the basic building blocks that will be used in our signature scheme are also introduced. In Section 3, the core of our new signature scheme which aimed at hiding the amount of transactions is introduced. The main contribution of this paper is the new signature scheme on blockchain based on aggregate signature that will be described in Section 4, and a formal security analysis for our proposed scheme will also be presented. In Section 5, a simple application of our signature scheme is introduced with respect to transactions of big data. Finally, Section 6 concludes the paper.
PRELIMINARIES Privacy Preserving on Blockchain Dash. Dash uses a technique known as CoinJoin. In a nutshell, the CoinJoin mixes multiple transactions of multiple users to a single transaction through some master nodes. In Dash, each user picks an address and then sends it to the master node to mix with other addresses. Transactions can only be made with amount of 0.1, 1, 10, and 100 which increases the difficulty for the attackers to guess the relevance of transactions from the amount of transactions. At the same time, the master nodes are required to ensure outof-order output. As shown in Figure 1, different lines represent different users and every amount is 10 DASH. DASH is the currency unit in this system. By mixing, the user who is represented by the vertical line makes a transaction of 10 DASH to the user who is represented by the line from top
334
Blockchain Technologies and Crypto-Currencies
left to bottom right, while it is hard for others to find this transaction from the confused transactions.
Figure 1: CoinJoin technique.
Monero. In Dash, there is still the risk that the master nodes are controlled by malicious attackers, which may lead to the disclosure privacy of the users. In order to solve this problem, a hybrid cryptographic scheme that does not depend on the central nodes was proposed in Monero. There are two technologies in Monroe: one is called stealth address and the other is called ring signature [2, 3]. Stealth address is to solve the problem of relevance of input addresses and output addresses. Each time the sender makes a transaction, a one-time public key using the elliptic curve via the receiver’s address will be computed. The sender then sends out this public key along with an additional message on blockchain. And the receivers can detect each transaction based on its own private key to determine whether the sender has already sent out the transaction. When the receiver wants to use the transaction, it can calculate a private key of signature based on their own private key and transaction information. Then the transaction is signed by the private key of signature. In addition, Monroe proposed a ring signature scheme. Whenever the sender wants to make a transaction, the transaction will be signed by the sender’s private key and the public keys of other users randomly selected. When verifying a signature, the public keys of the other users and the parameters in the signature are needed. Zcash. A new scheme with zero-knowledge proof was proposed in Zcash, which allows users to hide transaction information only by interacting with the cryptographic algorithm itself, so that all transactions are created equally [4].
Research on a New Signature Scheme on Blockchain
335
In Zcash, a noninteractive zero-knowledge proof [5, 6] was used, which is called zk-SNARK. Here we do not go into the details of zk-SNARK but generally describe how to use this technology in Zcash. Let us discuss the simplest case, assuming that the amount in Zcash is fixed, such as 1BTC. Then the process of coinage is equivalent to the fact that the user pours 1BTC into an escrow pool and then writes a commitment which can be calculated by the serial number and user’s private key to a list. When the user wants to spend the money, two steps need to be done:(1)Give the serial number.(2)Use zk-SNARK to prove that it holds the user’s private key to generate this commitment.
Bilinear Pairings There, and are two multiplicative cyclic groups of prime order 𝑝, . 𝜓 is a computable 𝑔1 is a generator of , and 𝑔2 is a generator of isomorphism from to , with 𝜓(𝑔2) = 𝑔1. A bilinear pairing is defined to
be G = (n,
,
,
, 𝑒, 𝑔1, 𝑔2), where
multiplicative groups of order 𝑛. Let : following properties [7, 8]: •
• •
Bilinear: ∀𝑢 ∈
,V∈
×
= ⟨𝑔1⟩,
→
= ⟨𝑔2⟩, and
are
be a map with the
and 𝑎, 𝑏 ∈ Z𝑛 : 𝑒(𝑢𝑎 , V𝑏 ) = 𝑒(𝑢, V) 𝑎𝑏.
Non-degenerate: there exists 𝑢 ∈
,V∈
such that 𝑒(𝑢, V)
, where O means the identity of Computability: there is an efficient algorithm to compute (𝑢, V) for all 𝑢 ∈ , V ∈ .
Aggregate Signature
There, U means a set of users, each user 𝑢 ∈ U has a signature key pair (PK𝑢, SK𝑢), and U1 ⊆ U means the users whose signatures will be aggregated. Each user 𝑢 ∈ U1 generates a signature 𝜎𝑢 for the message 𝑀𝑢 they select, and then these signatures are grouped into a single signature by an aggregate community, which cannot be in the set U or can be distrusted by the user in the collection U, who has access to the user’s public key, message, and their home signature but cannot access any private key. The result of the aggregate signature is 𝜎 whose length is the same as any single signature. Aggregate signatures have the property that a verifier can make sure that each user signs their own messages [7, 8] when 𝜎 and each message are obtained.
Blockchain Technologies and Crypto-Currencies
336
Elliptic Curve Assume that F𝑞 has characteristic greater than 3. An elliptic curve 𝐸 over is the set of all solutions (𝑥, 𝑦) ∈ × to an equation 𝑦2 = 𝑥3 +𝑎𝑥+𝑏, where
𝑎, 𝑏 ∈ , and 4𝑎2 +27𝑏2 0 , together with a special point ∞ called the point at infinity. It is well known that 𝐸 is an abelian group with the point ∞ serving as its identity element. The rules for group addition are summarized below [9]. (1) Let 𝑃 = (𝑥1, 𝑦1)∈𝐸; then −𝑃 = (𝑥1, −𝑦1). If 𝑄 = (𝑥2, 𝑦2) ∈ 𝐸, 𝑄 𝑃 + 𝑄 = (𝑥3, 𝑦3), where 𝑥3 = 𝜆2 − 𝑥1 − 𝑥2 and 𝑦3 = 𝜆(𝑥1 − 𝑥3)−𝑦1
− , then
(1) If is a field of characteristic 2, an elliptic curve 𝐸 of zero 𝑗-invariant over is the set of all solutions (𝑥, 𝑦) ∈ × to an equation 𝑦2 + 𝑐𝑦 = 𝑥3 + 𝑎𝑥
+ 𝑏, where 𝑎, 𝑏, 𝑐 ∈ , 𝑐 0, together with the point at infinity ∞. The rules for group addition are summarized below. (2) Let 𝑃 = (𝑥1, 𝑦1)∈𝐸; then −𝑃 = (𝑥1, 𝑦1 + 𝑐). If 𝑄 = (𝑥2, 𝑦2) ∈ 𝐸, 𝑄 then 𝑃 + 𝑄 = (𝑥3, 𝑦3), where
If
−,
(2) is a field of characteristic 2, an elliptic curve 𝐸 of nonzero j-invariant
to an equation 𝑦2 + 𝑥𝑦 = 𝑥3 over is the set of all solutions (𝑥, 𝑦) ∈ + 𝑎𝑥2 + 𝑏, where 𝑎, 𝑏 ∈ , 𝑏 = 0̸ , together with the point at infinity ∞. The rules for group addition are summarized below. (3)Let 𝑃 = (𝑥1, 𝑦1)∈𝐸; then −𝑃 = (𝑥1, 𝑦1 + 𝑥1). If 𝑄 = (𝑥2, 𝑦2) ∈ 𝐸, 𝑄 then 𝑃 + 𝑄 = (𝑥3, 𝑦3), where
−,
Research on a New Signature Scheme on Blockchain
337
(3)
CORE OF THE NEW SIGNATURE SCHEME When transactions are generated on blockchain, cryptographic signatures are used to judge the legality of the transactions and the identities of the senders [10]. Furthermore, the signature algorithms are aimed at privacy preserving of the transactions, including the addresses of both sides and transaction amount. For example, in Bitcoin, ECDSA [11, 12], RIPEMD [13, 14], and SHA256 [15, 16] are used to make signatures for the transactions. In Section 3.1, we will design a scheme which is the core of our new signature scheme. The amount of transactions which include multiple inputs and outputs can be hidden using this scheme.
Basic Scheme Without loss of generality, we deal with a single transaction, which is divided into inputs and outputs; the details are shown in Figure 2.
Figure 2: Model of single transaction.
338
Blockchain Technologies and Crypto-Currencies
As shown in Figure 2, the transaction contains 𝑛 inputs and 𝑚 outputs. Accessibly, we have
.
For each 𝑖 and 𝑗, 1 ≤ 𝑖 ≤ 𝑛, 1 ≤ 𝑗 ≤ 𝑚; in order to hide in𝑖 and out𝑗, this paper uses ECC to make an operation for them. We choose 𝐺 as the generator of
, and the transfer forms of in𝑖 and out𝑗 are 𝐼𝑗 = in𝑗 ⋅ 𝐺 and 𝑂𝑗 = out𝑗 ⋅ 𝐺. And according to the operation rules of the elliptic curve, the following equations are true [17]:
(4) . Because According to (4), we can verify the attackers cannot get in𝑖 and out𝑗 through 𝐼𝑖 and 𝑂𝑗, the amount of transaction can be hidden by this scheme. The following introduces the homomorphic proof and the drawback of this scheme [18]. Homomorphic Proof of the Signature Scheme. Homomorphic property is an important target to evaluate the security of an algorithm, especially considering that quantum computer gets rapid development. We can easily prove that our basic scheme satisfies additive homomorphism [19, 20]. Proof. For each 𝑖, 1 ≤ 𝑖 ≤ 𝑛, as defined in basic scheme, 𝐼𝑖 = in𝑖 ⋅ 𝐺. According to the operation rules of the elliptic curve, the following equations are true:
We can obtain that
(5)
(6) The left side of (6) means the addition followed by an encryption operation; correspondingly the right side means the encryption operation followed by addition. So we can obtain that our basic scheme is additive homomorphic.
Research on a New Signature Scheme on Blockchain
339
The Drawback of the Basic Scheme. Our basic scheme can hide the amount of the transactions which contain multiple inputs and outputs. But there are also opportunities for the attackers to acquire the amount. On Bitcoin system, there has been mature attack algorithms, such as selfish mining attack [21, 22], eclipse attack [23], and stubborn mining attack [24]. There are similar drawbacks in our basic scheme. A malicious attacker impedes u inputs and v outputs, which satisfy the fact . And in the normal network, the sum of all the inputs is that
The sum of all the outputs is
where the elements of sets .
(7)
(8)
are contained in sets
Because we know that , it can be obtained that 𝐼𝑠 = 𝑂𝑠. So we can also verify that 𝐼𝑠 ⋅ 𝐺 = 𝑂𝑠 ⋅ 𝐺. In order to modify our basic scheme, this paper combines aggregate signature with the basic scheme to obtain a modified scheme.
Modified Scheme Recall that elliptic curve on the finite group 𝐺, 𝑛⟩, 𝐺 = (𝑔𝑥, 𝑔𝑦) which is the generator of is performed as follows.
is specified by tuple ⟨𝑝, 𝑎, 𝑏,
,⋅𝐺= O. The modified scheme
(1)Compute 𝐼𝑖 = in𝑖 ⋅𝐺, 𝑖 = 1, 2, . . . , 𝑛, 𝑂𝑗 = out𝑗 ⋅𝐺, 𝑗 = 1, 2, . . . , 𝑚.
, and compute 𝑖𝑅𝑖 = 𝑑𝑖 ⋅ (2) For each 𝑖, 1 ≤ 𝑖 ≤ 𝑛, randomly select 𝑑𝑖 ∈ 𝐺, 𝑖ℎ𝑖 = 𝐻(𝑖𝑅𝑖 ‖ in𝑖), and 𝑖𝑠𝑖 = 𝑑𝑖 ⋅ 𝑖ℎ𝑖 + in𝑖. And randomly select 𝑡𝑗 ∈ Z𝑝, and compute 𝑜𝑅𝑗 = 𝑡𝑗 ⋅ 𝐺, 𝑜ℎ𝑗 = (𝑜𝑅𝑗 ‖ out𝑗), and 𝑜𝑠𝑗 = 𝑡𝑗 ⋅ 𝑜ℎ𝑗 + out𝑗; the transfer forms of inputs and outputs are . Feasibility of the Modified Scheme. Given (𝐼𝑖, 𝑂𝑗)1≤𝑖≤𝑛;1≤𝑗≤𝑚, {𝑖𝑅𝑖}1≤𝑖≤𝑛, {𝑖ℎ𝑖}1≤𝑖≤𝑛, {𝑜𝑅𝑗}1≤𝑗≤𝑚, and {𝑜ℎ𝑗}1≤𝑗≤𝑚 and the transfer form can obtain that
, we
Blockchain Technologies and Crypto-Currencies
340
(9) Proof of the feasibility of the modified scheme will be given in the Appendix. The modified scheme greatly avoids the drawback in the basic scheme. If a malicious attacker impedes u inputs and v inputs, which satisfy the fact that
, then G will change as
well. And we cannot get
(10) where {𝑖ℎ’ 𝑖}1≤𝑖≤𝑛−𝑢’ is the set which is obtained from the set {𝑖ℎ𝑖}1≤𝑖≤𝑛 removing the elements impeded. The relationship also applies to {𝑖𝑅’ 𝑖}1≤𝑖≤𝑛−𝑢’ and {𝑖𝑅𝑖}1≤𝑖≤𝑛, {𝑖𝑠’ 𝑖}1≤𝑖≤𝑛−𝑢’ and {𝑖𝑠𝑖}1≤𝑖≤𝑛, {𝑜ℎ’ 𝑗}1≤𝑗≤𝑚−V’ and {𝑜ℎ𝑗}1≤𝑗≤𝑚, {𝑜𝑅’ } and {𝑜𝑅𝑗}1≤𝑗≤𝑚, {𝑜𝑠’ 𝑗}1≤𝑗≤𝑚−V’ and {𝑜𝑠𝑗}1≤𝑗≤𝑚. So it will not pass veri𝑗 1≤𝑗≤𝑚−V’ fication; then the attack will not be successful.
NEW SIGNATURE SCHEME ON BLOCKCHAIN In Section 3, we proposed a new scheme which aimed at hiding the amount of the transactions on blockchain which contain multiple inputs and outputs. Based on this, we designed a new signature scheme that can protect the amount of transactions and keep the size of signatures constant regardless of the number of inputs and outputs. Recall that elliptic curve 𝐸 on the finite is specified by tuple ⟨𝑝, 𝑎, 𝑏, 𝐺, 𝑛⟩. The base groups are and group , their respective generators are 𝑔1 and 𝑔2, the computable isomorphism to , and the bilinear map is 𝑒 : × → with target 𝜓 is from
group
. Let
.
Basic Signature Scheme Key Generation. A particular user picks random
, 𝑎∈𝐸 and
Research on a New Signature Scheme on Blockchain
computes ,
341
. The user’s signature public key and signature
. The user’s payment public key private key are and payment private key are 𝐴∈𝐸 and 𝑎∈E.
Signing. We suppose that the sender wants to send a payment to a particular receiver whose payment public key is B. The sender generates a random 𝑟 ∈ [1, 𝑛 − 1] and computes a onetime public key and then computes 𝜎=𝑃𝑥. The signature is is also packed somewhere into the transaction. Verification. Given the sender’s payment public key V, and the signature s(𝑏 ⋅ 𝑅) ⋅ 𝐺 + 𝐴 and then accepts if 𝑒(𝜎, 𝑔2) 𝜎, the receiver computes 𝑃’ = = 𝑒(𝑃’ , V) holds.
We know that 𝑏⋅𝑅 = 𝑏⋅𝑟⋅𝐺 = 𝑟⋅𝐵; then 𝑃’ = 𝑃. And through the rules of the bilinear maps, we obtain that (𝜎, 𝑔2) = (𝑃𝑥, 𝑔2) = = (𝑃’ , V). Figure 3 gives the structure of our basic signature scheme.
Figure 3: Basic transaction structure.
As shown in Figure 3, we give the basic signature scheme [2, 25]. In order to achieve the purpose of improving the performance of the signature scheme, we combine the aggregate signature with our basic signature scheme and propose a modified signature scheme in Section 4.2.
Modified Signature Scheme Key Generation. For the aggregate subset of users U1 ⊆ U, assign to each user an index 𝑖, ranging from 1 to 𝑘 = |U1|. Each user 𝑢𝑖 ∈ U1 picks random , 𝑎𝑖 ∈ 𝐸 and computes
key and signature private key of
, 𝐴𝑖 = 𝑎𝑖 ⋅ 𝐺. The signature public . The
342
Blockchain Technologies and Crypto-Currencies
payment public key and payment private key of 𝑢𝑖 are 𝐴𝑖 ∈ 𝐸 and 𝑎𝑖 ∈ 𝐸.
Signing. For each 𝑖, 1 ≤ 𝑖 ≤ 𝑘, we suppose that 𝑢𝑖 wants to send a payment to 𝑎 particular receiver whose payment public key is 𝐵𝑖. And 𝑢𝑖 generates a random 𝑟𝑖 ∈ [1, 𝑛−1] and computes a one-time public key
. The signature is and then computes somewhere into the transaction.
is also packed
Aggregation. Compute ; the aggregate signature is . for an Aggregate Verification. We are given an aggregate signature aggregating subset U1 ⊆ U indexed as before and are given the original and public keys
To verify the aggregate signature 𝜎, compute
for all users 𝑢𝑖 ∈ U1.
for 1≤𝑖≤𝑘 and accept if holds. Using the properties of the bilinear map, the left side of the verification equation expands:
(11) Figure 4 gives the structure of our aggregate transaction structure.
Figure 4: Aggregate transaction structure.
Research on a New Signature Scheme on Blockchain
343
As shown in Figure 4, the signature is kept constant regardless of the number of inputs and outputs that the transaction contains. Then we combine the core of the new signature scheme proposed in Section 3.2 with the modified signature scheme to a new signature scheme which will be described in Section 4.3.
New Signature Scheme Key Generation. For the aggregate subset of users U1 ⊆ U, assign to each user an index 𝑖, ranging from 1 to 𝑘=|U1|. Each user 𝑢𝑖 ∈ U1, picks random , and computes
. The user’s signature
. The user’s public key and signature private key are payment public key and payment private key are 𝐴𝑖 ∈ 𝐸 and 𝑎𝑖 ∈ 𝐸.
Signing. For each 𝑖, 1 ≤ 𝑖 ≤ 𝑘, we suppose that 𝑢𝑖 wants to send a payment to a particular receiver whose payment public key is 𝐵𝑖. And 𝑢𝑖 generates a random 𝑟𝑖 ∈ [1, 𝑛−1] and computes a one-time public key
and then computes . The signature is is also packed somewhere into the transactions. And compute 𝐴𝐼𝑖 = 𝐼𝑎𝑖 ⋅ 𝐺, 𝐴𝑂𝑗 = 𝑂𝑎𝑗 ⋅ 𝐺. Aggregation. Compute
; the aggregate signature is
. For each 𝑖, 1 ≤ 𝑖 ≤ 𝑘, randomly select and compute , and 𝑖𝑠𝑖 = 𝑑𝑖 ⋅ 𝑖ℎ𝑖 + 𝐼𝑎𝑖; the transfer form of
input is
.
for Aggregate Verification. We are given an aggregate signature an aggregating subset U1 ⊆ U indexed as before and are given the original and public keys for all users 𝑢𝑖 ∈ U1. To verify the aggregate signature 𝜎, compute
for
1≤𝑖≤𝑘 and accept if (𝜎, 𝑔2) = holds. And randomly select , compute 𝑜𝑅𝑗 = 𝑡𝑗 ⋅ 𝐺, 𝑜ℎ𝑗 = 𝐻(𝑜𝑅𝑗 ‖ 𝑂𝑎𝑗), and 𝑜𝑠𝑗 = 𝑡𝑗 ⋅𝑜ℎ𝑗+𝑂𝑎𝑗; the
transfer form outputs are transaction structure.
. Figure 5 gives the structure of our new
Blockchain Technologies and Crypto-Currencies
344
Figure 5: New transaction structure.
Security of the New Signature Scheme It is easy to show that the security of our new signature scheme is equivalent to the traditional bilinear aggregate signature. As the aggregate chosekey security model which was proposed in [7], the security of aggregate signature schemes is equivalent to the nonexistence of an adversary capable of existentially forging an aggregate signature. Existential forgery here means that the adversary attempts to forge an aggregate signature on a subtransaction of his choice by other subtransactions in a particular is given a single public key. His goal is the transaction. The adversary existential forgery of an aggregate signature. We give the adversary power to choose all public keys except the challenge public key. The adversary is also given access to a signing oracle on the challenge key. His advantage game [7, 26].
is defined to be his probability of success in the following
Setup. The aggregate forger generated at random. Queries. Proceeding adaptively, subtransaction of his choice.
is provided with a public key PK1, requests signatures with PK1 on the
outputs 𝑘−1 additional public keys PK2, ..., PK𝑘. Response. Finally, ’s forged These keys, along with the initial key PK1, will be included in also outputs subtransaction 𝑇1,...,𝑇𝑘, finally, an aggregate aggregate. signature 𝜎 by the 𝑘 users, each on his corresponding subtransaction.
Research on a New Signature Scheme on Blockchain
345
The forger wins if the aggregate signature 𝜎 is a valid aggregate on subtransactions 𝑇1,..., under keys PK1,..., PK𝑘, and 𝜎 is nontrivial.
(𝑡, 𝑞𝐻, 𝑞𝑠, 𝑁, 𝜖)-breaks an 𝑁-user agDefinition 1. An aggregate forger gregate signature scheme in the aggregate chosenkey model if the following conditions are met: runs in time at most t. (1) (2)
makes at most 𝑞𝐻 queries to the hash function and at most 𝑞𝑆 queries to the signing oracle.
(3) AdvAggSig is at least 𝜖.. (4) Forged aggregate signature is by at most 𝑁 users. An aggregate signature scheme is (𝑡, 𝑞𝐻, 𝑞𝑠, 𝑁, 𝜖)-secure. It is against existential forgery in the aggregate chosen-key model if no forger(𝑡, 𝑞𝐻, 𝑞𝑠, 𝑁, 𝜖)-breaks it. The next theorem shows that this simple constraint is sufficient for proving security in the chosen-key model.
-bilinear group pair for co-DiffieTheorem 2. Let Hellman, with each group of order 𝑝, with respective generators 𝑔1 and , and with a bilinear 𝑔2, with an isomorphism computable from . Then the bilinear aggregate signature scheme map 𝑒 : on is (𝑡, 𝑞𝐻, 𝑞𝑠, 𝑁, 𝜖)-secure against existential forgery in the aggregate chosen-key model for all 𝑡 and 𝜖 satisfying 𝜖 ≥ (𝑞𝑠+𝑁)⋅𝜖’ and , where 𝑒 is the base of natural logarithms, and exponentiation and inversion on .
Besides, the security of the scheme which is used to hide the amount of the transactions has been analyzed in Section 3.2. So, we can get that our signature scheme satisfies unforgeability and other security properties.
APPLICATION OF SIGNATURES SCHEME Big data brings many benefits to our lives. At the same time, there are some drawbacks in big data. Firstly, the utilization of data is poor. Large amounts of data are in the idle state, occupying a lot of storage space. Secondly, there are a lot of drawbacks in the security and privacy of the data. The use of big data exposes personal privacy and other security problems, while big data may be used to do illegal activities by criminals. At the same time, there are some drawbacks in the transmission efficiency and transmission accuracy of data. Blockchain is considered to be an ideal solution to these problems.
346
Blockchain Technologies and Crypto-Currencies
Based on this, we try to apply our signature scheme to the transactions of big data [27].
Infrastructure of Transaction of Big Data on Blockchain Here, we consider the transactions of big data on blockchain. The infrastructure is based on the P2P network which is the network model of blockchain [28]. And we give the model of the infrastructure in Figure 6.
Figure 6: Infrastructure of transaction of data.
We consider the inputs and outputs of a particular transaction, which consists of data inputs, data outputs, and the corresponding amount of outputs and amount of inputs which are described in Figure 7. Setup. Recall that elliptic curve on the finite group tuple ⟨𝑝, 𝑎, 𝑏, 𝐺, 𝑛⟩.
is specified by
Key Generation. For the aggregate subset of users U1 ⊆ U, assign to each user an index 𝑖, ranging from 1 to 𝑛 = |U1|. Each user 𝑢𝑖 ∈ U1 picks random , 𝑎𝑖 ∈ 𝐸 and computes
. The signature
. The public key and signature private key of 𝑢𝑖 are payment public key and payment private key of 𝑢𝑖 are 𝐴𝑖 ∈ 𝐸 and 𝑎𝑖 ∈ 𝐸.
Research on a New Signature Scheme on Blockchain
347
Figure 7: Single transaction of data.
Signing. For each 𝑖, 1 ≤ 𝑖 ≤ 𝑘, we suppose that 𝑢𝑖 wants to send a payment to 𝑎 particular receiver whose payment public key is 𝐵𝑖. And 𝑢𝑖 generates a random 𝑟𝑖 ∈ [1, 𝑛 − 1] and computes a one-time public key
and then computes . The . 𝑅𝑖 = 𝑟𝑖 ⋅ 𝐺 is also packed somewhere into the transactions. signature is And compute 𝐴𝐼𝑖 = 𝐼𝑎𝑖 ⋅ 𝐺, 𝐴𝑂𝑗 = 𝑂𝑎𝑗 ⋅ 𝐺. Aggregation. Compute
For each 𝑖, 1 ≤ 𝑖 ≤ 𝑛, randomly select
; the aggregate signature is
.
and compute 𝑖𝑅𝑖 = 𝑑𝑖 ⋅ 𝐺, 𝑖ℎ𝑖
= (𝑖𝑅𝑖 ‖ 𝐼𝑎𝑖), and 𝑖𝑠𝑖 = 𝑑𝑖 ⋅ 𝑖ℎ𝑖 + 𝐼𝑎𝑖; the transfer form of input is
.
Aggregate Verification. We are given an aggregate signature for an aggregating subset U1 ⊆ U indexed as before and are given the original ⋅𝐺+𝐴𝑖 and public keys for all users 𝑢𝑖 ∈ U1. To
for verify the aggregate signature 𝜎, compute 1≤𝑖≤𝑛 and accept if (𝜎, 𝑔2)= holds. And randomly select , compute 𝑜𝑅𝑗 = 𝑡𝑗 ⋅ 𝐺, 𝑜ℎ𝑗 = 𝐻(𝑜𝑅𝑗 ‖ 𝑂𝑎𝑗), and 𝑜𝑠𝑗 = 𝑡𝑗 ⋅𝑜ℎ𝑗+𝑂𝑎𝑗; the transfer . form outputs are
Performance of Signature Scheme on Transaction of Big Data Aggregate Signing Time. In a single signature, one hash operation, one modular power multiplication, and one multiplication operation are
348
Blockchain Technologies and Crypto-Currencies
implemented. Let 𝜎 be an aggregate of the 𝑛 signatures 𝜎1,...,. The time to verify the aggregate signature 𝜎 is linear in 𝑛. And one multiplication with aggregation is implemented [29].
Aggregate Verification Time. In a single verification, 𝑘 times hash operations and 𝑛+1 bilinear maps operations are implemented. Let 𝜎 be an aggregate of the 𝑛 signatures 𝜎1,...,. The time to verify the aggregate signature 𝜎 is linear in 𝑛. Signature Space. Let 𝜎 be an aggregate of the 𝑛 signatures 𝜎1,...,.The space of the signature will be 1/𝑛 of the normal signature.
CONCLUDING In this paper, we have proposed a new signature scheme for the transactions on blockchain based on aggregate signature and ECC. Through our new signature scheme, the amount will be hidden when the transactions contain multiple inputs and outputs [30]. Besides, the size of the signature for the transactions will keep constant regardless of the number of inputs and outputs that the transaction contains. We have shown the validity of our new signature scheme. More importantly, the security of our new signature scheme is analyzed. Currently there is no scheme which achieves both hiding the amount of the transactions and constant-size signature when the transaction contains multiple inputs and outputs. Furthermore, we have given an application scenario for our signature scheme which aimed at achieving the transaction of big data on blockchain. And the performance of the signature scheme in the application scenarios was analyzed. There are still many interesting problems to be solved. For example, it would be valuable to explore the possibility of achieving a signature scheme which combines our scheme with ring signature. Using our scheme to construct a practical complete application is also another interesting problem [31, 32].
Research on a New Signature Scheme on Blockchain
349
APPENDIX Proof of the Feasibility of the Modified Scheme
(A.1) Because we know that
it can be obtained that .
350
Blockchain Technologies and Crypto-Currencies
ACKNOWLEDGMENTS This paper is supported by National Key Research and Development Program (nos. 2016YFB0800101 and 2016YFB0800100), State Key Laboratory of Mathematics and Advanced Computing Open Topic (no. 2015A14), and National Natural Science Foundation of China (no. 61602512).
Research on a New Signature Scheme on Blockchain
351
REFERENCES 1. 2. 3. 4.
5.
6.
7.
8. 9.
10.
11.
12. 13.
S. Nakamoto, “Bitcoin: a peer-to-peer electronic cash system,” 2009, https://bitcoin.org/bitcoin.pdf. N. Saberhagen, “Crypto Note v 2.0,” Cryp to Note, 2013. S. Noether, “Ring signature confidential transactions,” 2015, https:// eprint.iacr.org/2015/1098. E. Ben-Sasson, A. Chiesa, C. Garman et al., “Zerocash: decentralized anonymous payments from bitcoin,” in Proceedings of the 35th IEEE Symposium on Security and Privacy, (SP ‘14), pp. 459–474, May 2014. C. Rackoff and D. R. Simon, “Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack,” LNCS 576, pp. 433–444, 1992. M. Blum, P. Feldman, and S. Micali, “Non-interactive zero-knowledge and its applications,” in Proceedings of the 20th Annual ACM Symposium on Theory of Computing, STOC 1988, pp. 103–112, May 1988. D. Boneh, C. Gentry, B. Lynn, and H. Shacham, “Aggregate and verifiably encrypted signatures from bilinear maps,” in Lecture Notes in Computer Science, vol. 2656 of Lecture Notes in Comput. Sci., pp. 416–432, Springer, 2003. D. Boneh, C. Gentry, B. Lynn, and H. Shacham, “A survey of two signature aggregation techniques,” CryptoBytes, vol. 6, no. 2, 2003. N. Koblitz, A. Menezes, and S. Vanstone, “The state of elliptic curve cryptography,” Designs, Codes and Cryptography. An International Journal, vol. 19, no. 2-3, pp. 173–193, 2000. R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Communications of the Association for Computing Machinery, vol. 21, no. 2, pp. 120–126, 1978. D. Johnson, A. Menezes, and S. Vanstone, “The elliptic curve digital signature algorithm (ECDSA),” International Journal of Information Security, vol. 1, no. 1, pp. 36–63, 2001. ANSI X9.62, “The elliptic curve digital signature algorithm,” Public Key Cryptography for the Financial Services Industry, 1999. H. Dobbertin, A. Bosselaers, and B. Preneel, “RIPEMD-160: A strengthened version of RIPEMD,” Lecture Notes in Computer
352
14. 15.
16.
17. 18.
19.
20.
21. 22.
23.
24.
Blockchain Technologies and Crypto-Currencies
Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 1039, pp. 71–82, 1996. H. Dobbertin, “RIPEMD with two-round compress function is not collision-free,” Journal of Cryptology, vol. 10, no. 1, pp. 51–69, 1997. H. Shariffar, “SHA1 and SHA256 custom instruction design and characterization on Nios II processor,” Journal of the American Oil Chemists Society, vol. 81, no. 10, pp. 979–987, 2012. M. Juliato and C. Gebotys, “Tailoring a reconfigurable platform to SHA-256 and HMAC through custom instructions and peripherals,” in Proceedings of the 2009 International Conference on ReConFigurable Computing and FPGAs, ReConFig’09, pp. 195–200, December 2009. S. Goldwasser and S. Micali, “Probabilistic encryption,” Journal of Computer and System Sciences, vol. 28, no. 2, pp. 270–299, 1984. A. Joux and V. Vitse, “Elliptic curve discrete logarithm problem over small degree extension fields,” Journal of Cryptology. The Journal of the International Association for Cryptologic Research, vol. 26, no. 1, pp. 119–143, 2013. M. van Dijk, C. Gentry, S. Halevi, and V. Vaikuntanathan, “Fully homomorphic encryption over the integers,” in Proceedings of the International Conference on Theory and Applications of Cryptographic Techniques, vol. 2009, pp. 24–43, Springer, Berlin, Germany, 2010. C. Gentry, “Fully homomorphic encryption using ideal lattices,” in Proceedings of the 41st Annual ACM Symposium on Theory of Computing, (STOC ‘09), pp. 169–178, June 2009. I. Eyal, “The miner’s dilemma,” in Proceedings of the 36th IEEE Symposium on Security and Privacy, SP 2015, pp. 89–103, May 2015. A. Sapirshtein, Y. Sompolinsky, and A. Zohar, “Optimal selfish mining strategies in bitcoin,” in Financial Cryptography and Data Security, vol. 9603 of Lecture Notes in Computer Science, pp. 515–532, Springer, Berlin, Germany, 2017. E. Heilman, A. Kendler, and A. Zohar, “Eclipse attacks on bitcoins peer-to-peer network,” Usenix Conference on Security Symposium. USENIX Association, vol. 45, no. 3, pp. 129–144, 2015. K. Nayak, S. Kumar, A. Miller, and E. Shi, “Stubborn mining: generalizing selfish mining and combining with an eclipse attack,” in Proceedings of the 1st IEEE European Symposium on Security and Privacy, pp. 305–320, March 2016.
Research on a New Signature Scheme on Blockchain
353
25. B. Adida, S. Hohenberger, and R. L. Rivest, “Ad-hoc-group signatures from hi-jacked keypairs,” In Domacs workshop on Theft in E-Commerce, 2005. 26. S. Micali, K. Ohta, and L. Reyzin, “Accountable-subgroup multisignatures,” in Proceedings of the 8th ACM Conference on Computer and Communications Security (CCS ‘01), pp. 245–254, Philadelphia, Pa, USA, November 2001. 27. A. Singh, G. Rumantir, A. South, and B. Bethwaite, “Clustering experiments on big transaction data for market segmentation,” in Proceedings of the 3rd ASE International Conference on Big Data Science and Computing, BIGDATASCIENCE 2014, August 2014. 28. N. Asokan, V. Shoup, and M. Waidner, “Optimistic fair exchange of digital signatures,” IEEE Journal on Selected Areas in Communications, vol. 18, no. 4, pp. 593–610, 2000. 29. X. Du, M. Shayman, and M. Rozenblit, “Implementation and performance analysis of SNMP on a TLS/TCP base,” in Proceedings of the 7th IEEE/IFIP International Symposium on Integrated Network Management, IM 2001, pp. 453–466, Seattle, WA, USA, May 2001. 30. Y. Xiao, H.-H. Chen, X. Du, and M. Guizani, “Stream-based cipher feedback mode in wireless error channel,” IEEE Transactions on Wireless Communications, vol. 8, no. 2, pp. 622–626, 2009. 31. X. Du, Y. Xiao, M. Guizani, and H.-H. Chen, “An effective key management scheme for heterogeneous sensor networks,” Ad Hoc Networks, vol. 5, no. 1, pp. 24–34, 2007. 32. X. Yao, X. Han, X. Du, and X. Zhou, “A lightweight multicast authentication mechanism for small scale IoT applications,” IEEE Sensors Journal, vol. 13, no. 10, pp. 3693–3701, 2013.
IOV Privacy Protection System Based on Double-Layered Chains
13
Yin Ru Chen, Jin Rui Sha, and Zhi Hong Zhou Shanghai Key Laboratory of Integrate Administration Technologies for Information Security, School of Cyber Security, Shanghai Jiao Tong University, Shanghai 200240, China
ABSTRACT As the Internet of Vehicle (IOV) being widely applied throughout our daily life, how to secure data privacy of each vehicle is nowadays a hot topic. Taking an aim of solving this problem, a privacy protection system on double-layered chain basis is designed to eliminate the said security risk during vehicle data communication. At the same time, the nontampering nature of the block chain is used to realize reasonable arbitration in traffic accident disputes, vehicle insurance claims, and other states of affairs. Specifically, an IOV double-layered chain model is constructed to simulate a semicentralized system that is convenient for government to supervise; also, a RSA protocol based on zero-knowledge proof (ZKP) is designed to
Citation: Yin Ru Chen, Jin Rui Sha, and Zhi Hong Zhou, “IOV Privacy Protection System Based on Double-Layered Chains,” Wireless Communications and Mobile Computing, vol. 2019, Article ID 3013562. Copyright: © 2019 Yin Ru Chen et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
356
Blockchain Technologies and Crypto-Currencies
bring safety and zero-knowledge property to the system; finally, we give the application scenario of this IOV privacy protection system based on doublelayered chain that it can be widely used in vehicle-sharing industry. The communication costs, respectively, under double-layered chain and singlelayered chain frameworks, are compared to prove that the double-layered structure does save cost. Thus an IOV privacy scheme that is safer and more cost-efficient is given.
INTRODUCTION With the rapid development of science and technology, vehicles have been used at a large scale in the modern society. But meanwhile, the development is accompanied with frequent occurrence of traffic accidents. In recent years, Internet of Vehicles (IOV) has been proposed to better avoid potential traffic problems, realizing the mutual communication between car-and-car and car-and-infrastructure units [1, 2]. Nowadays, the Internet of Vehicles uses wireless communication, which may cause problems like data surveillance, while data uploaded by vehicles includes the positions of users and driving routes among other information. In modern society, we do not wish to let vicious parties obtain our private data through plain texts, but the information shall be regulated by traffic command center. Therefore how to design conditional privacy protection for data is our top priority currently. Traditional models for data protection and central supervision are mostly based on PKI system and cloud [3, 4]. However, the cloud assumed in the above model is credible, and this premise may not be true in real life. The cloud can conspire with a certain participant to tamper with the data, thus getting rid of accident liability or demanding more economic compensation in traffic accident disputes and other situations. In order to solve this problem, we consider making use of the nontampering nature of the block chain to ensure the authenticity of the data in traffic accident disputes, vehicle insurance claims, and other situations requiring arbitration. On the basis of the above goal, our paper has proposed IOV privacy protection system based on double-layered chains. Encrypting realtime road privacy data ensures the privacy and completeness of data; making use of the double-layered chain structure of Internet of Vehicles that is semicentralized will facilitate the regulation of the government or authoritative organizations while reducing the expenditure of channel
IOV Privacy Protection System Based on Double-Layered Chains
357
resources of the system. Meanwhile, we formulate the RSA digital signature agreement based on zero-knowledge proof. It prevents roadside unit from obtaining any information from signature and establishes the private data protection system for the automatic double-layered chain vehicle network. Moreover, it also increases the data credibility in traditional models, reduces the excessively channel resource consumption in vehicle network, and prohibits opponents from forging RSU to obtain information.
RELATED WORKS As for the issue of data privacy protection in Internet of Vehicles, a lot of academic research and studies have been conducted in recent years. When it comes to privacy protection of vehicle identities, anonymous authentication is a feasible approach. Brickell proposed the zero-knowledge proof method for verifying identities [5]. Breg and his team proved that it is likely to reduce the number of unique vehicle certificates by sharing certificates among adjacent vehicles [6]. But the above scenarios only provide identity authentication. They fail to reveal the identity of the anonymous to meet real-life private conditions. For example, to find out who is responsible for traffic accidents, the traffic control center has the right to reveal the true identities. Currently, in order to solve this issue, most solutions are conducted based on group signature and ring signature. Boneh conducted researches on effective group signature in the earlier years [7]. Lin proposed the vehicle communication protocol based on group signature [8]. Hu et al. introduces an efficient privacy-preserving protocol with confidentiality for vehicular ad hoc networks based on group signcryption [9]. Within the framework of group signature protocol, vehicles only need to retain secret keys and public group keys, thereby avoiding the leakage of identify information. However, when the number of nodes in the undo list increases linearly, the time also increases linearly with the number of nodes, which means the method of group signature consumes an excessive amount of time. For solving this problem, the academic community also came up with some solutions. However, the solutions were based upon the improvement of tamper-proofing hardware and devices, which means that if the enemies attacked the hardware [10, 11], system security would also be compromised. So the ring signature was proposed [12, 13]. Xiong and his team put forward the revocable ring signature technology and privacy protection protocol for Internet of Vehicles [14]. But this solution requires that the identification of
358
Blockchain Technologies and Crypto-Currencies
traffic management agencies should be truthful. As for this problem, Zeng put forward the conditional anonymous ring authentication solution (CARS) for Internet of Vehicles, which reduced the reliance on traffic management agencies [15]. But the protocol is rather complicated to be widely applied. On the basis of bilinear mapping design, Liu came up with session keys for authentication in complex communication. This authentication protocol aims to optimize traffic load and reduce interactive sections. Wu designed a solution self-healing secret key allocation solution. It adds information verification codes to broadcast message and ensure the security and broadcasting authentication of group keys. Hence, the sliding window mechanism retrieves the lost session keys and reduces communication overhead for subgroups and communication among groups in Internet of Vehicles. In recent years, Hu et al. give an efficient and multilevel conditional privacy preservation authentication protocol in vehicular ad hoc networks (VANETs) based on ring signature [16]. And he introduces an efficient and trustworthy conditional privacy-preserving communication protocol for VANETs based on proxy resignature [17]. He also proposes a remote authentication protocol featured with nonrepudiation, client anonymity, key escrow resistance, and revocability for extra-body communication in the WBANs [18]. However, most data of the above solutions are constructed based on cloud. Regardless of cloud servers for data storage by the authentication center (TA) or roadside unit (RSU), the cloud service providers are assumed to be reliable. But in real life, this assumption may not be valid because cloud servers and certain users may formulate conspiracy. For the above issues, Chen et al. introduce a light-weight and anonymous aggregation protocol based on fog computing-based V2I communication scenario [19]; this paper proposes the IOV privacy protection system based on blockchain design and solves the problem with its ability of anticollusion. With the help of double-layer technology in RScoin, we have designed a RSA digital signature scheme based on zero-knowledge proof. We simulate the doublelayer certification systems for the authentication center (TA), roadside unit (RSU), and on-board unit (OBU). Besides, trace ability and nonrepudiation of blockchain also make it possible for conditional privacy
MODEL AND PROTOCOL DESIGN In this chapter, firstly, we introduce the components of traditional car networking model, propose the double-chain model, and consensus protocol.
IOV Privacy Protection System Based on Double-Layered Chains
359
At the end of this chapter, we put forward the double-chain car networking model, and implement the RSA digital signature agreement based on zeroknowledge proof, thereby living up to the security and zero-knowledge of the system.
Internet of Vehicles Model Internet of Vehicles is mainly made up of the three parts of Trusted Authority (TA), roadside unit (RSU), and on-board unit (OBU). The model of the Internet is shown in Figure 1 [20].(i)Trusted Authority: TA is the center of trusted security of Internet of Vehicles. Also, it is the most authoritative organization. In real life, it can be traffic command center among other organizations.
Figure 1: Network model of IOV.
TA has many authorities, including registering or revocating OBU and RUS in Internet of Vehicles, generation of public and private key pairs of OBU and RUS, keeping the identity of OBU and RSU, corresponding relationship with public keys, and so on.(ii)Road side unit: RSU is an infrastructure deployed on the roadside, as the transfer of information dissemination, which is, however, easy to be attacked. Therefore, while transmitting information to RSU, we should try to reduce trust towards RSU as much as possible. In order to ensure safety, during each communication between RSU and TA, certificates should be issued and TA should conduct identity certification.
360
Blockchain Technologies and Crypto-Currencies
(iii)On-board unit: OBU is a piece of equipment installed on vehicles to prevent distortion and communicating with roadside and other vehicles in wireless form. OBU can store passwords and carry out encryption and decryption operations. In the driving process of vehicle, it can announce security information periodically, including position, time, speed, direction, traffic events, etc.
Double-Layered Chain Model The double-layered chain model originates from the RScoin model, which was proposed by Bank of England in 2015 [21]. RScoin is the model of crypto currency. This coin is supplied and controlled by the central bank, in order to avoid the issue of “double payment”. In essence, the double-layered chain model of RScoin is similar to blockchain, but it is also different from the traditional model of blockchain in some respects. In traditional blockchain, every node is coped after broadcasting. Byzantine Agreement is used to maintain consistency. But RScoin is a centralized chain system, which uses one central node for maintain all the data. The mintette node only maintains part of the data. Compared with traditional blockchain model, the double-layered chain model has the following advantages:(1)Favorable expand ability: with the number of agencies authorized by the central bank increasing, the whole system is able to handle more transactions.(2)Controllability of currency issuance: the system separates money supply from account books. The central bank regulates the currency issuance. Account books are maintained by mintette and central bank. Mintette maintains some subaccount books, and the central bank maintains the general account books.(3)Universality: different banks can utilize the RScoin platform to release digital coins.
Overall Framework of Double-Layered Chain In this section, we still take RScoin as the example for the overall framework of double-layered chain. RScoin participants include three parties: central bank, mintette, and users. Mintette represents commercial institutions authorized by the central bank to collect and verify user transactions. It adopts two stages of agreement to verify transaction information. The first stage is voting: mintette verifies transaction and sends the information back to users. The second stage is submitting: user transactions are handled by mintette. Transaction information is stored in low-level block. The lowlevel block only includes the original information, which does not form the
IOV Privacy Protection System Based on Double-Layered Chains
361
complete chain structures. Mintette conducts digital signature in every lowlevel block. After a period of time, contents of low-level blocks are sent to the central bank. After the central bank verifies the validity of low-level blocks, they are united to higher-level blocks. Moreover, higher-level blocks are integrated to the main chain, becoming a section in the block chain of central bank. The specific structures are shown in Figure 2
Figure 2: Two-layered chain architecture diagram.
According to the above sections, in the overall structures of doublelayered chain, higher-level blocks and low-level blocks have their own functions. Higher-level blocks are in control of block issuance, node authorization, examination, and stimulation, as well as maintenance of account books. Low-level blocks are maintained by nodes, in order to handle user transactions, verify validity, record transactions, and update scripts. In particular, in comparison with other digital currencies, the biggest difference is that different nodes do not require transaction synchronization. In other words, each node has its own chains. The chains also include information of other nodes for cross validation, thus reducing the communication load.
The Consensus Algorithm of Double-Layered Chain Two-step consensus protocol is adopted for the consensus algorithm of double-layered chain. We divide the consensus into two steps. Before that, we provide the symbol and definition of RScoin first, as shown in Table 1.
362
Blockchain Technologies and Crypto-Currencies
Table 1: RScoin symbols and definitions
The first step in consensus protocol is between users and nodes, users initiate a transaction and find out all the owner of the output address corresponding to UTXO in this transaction through allocation index (centralized service), different addresses correspond to different owners, allocation index is a centralized service, it helps users find out the owners corresponding to different addresses quickly, and owners examine the transactions delivered by users, including the legality of transactions, whether addresses are managed by them and whether the UTXO corresponding to the address have double connection. In the second step of consensus protocol, whether the address is managed by owners of collection address should be confirmed, and then whether all the output has been confirmed by the majority of owners and whether the signature is correct should be examined. If the examination is passed, the owners add them to their UUXO list (becoming new UTXO) and add the transaction to TXSET list. Owners then notify users to add transactions to advanced blocks (if they are not added, users will call owners to account, taking this as the evidence). After a while, all the owners send TXSET list to central bank for merging.
Double-Layered Chain Model for Internet of Vehicles Based on traditional model for Internet of Vehicles, we conduct design improvement on the basis of double-layered chain structure in RScoin and propose the double-layered chain model for Internet of Vehicles. Meanwhile, symmetrical encryption is adopted for data, and asymmetric encryption is
IOV Privacy Protection System Based on Double-Layered Chains
363
utilized for secret keys, thereby reducing the excessive communication loads of traditional Internet of Vehicles.
Overall Frame of Internet of Vehicles of Double-Layered Chains In the model of Internet of Vehicles of double-layered chains, the chain is still made up of three parts, including owner, mintette node, and central node, owner represents OBU in Internet of Vehicles, after vehicles have been issued root certificates by the central node of Trusted Authority, and real-time data on the road (position, time, speed, road information, etc.) will be symmetrically encrypted; while encrypting, OBU will make use of keys generated by random number generator and encrypt the symmetric key to public key publicized by Trusted Authority. Meanwhile, RSA digital signature plans on the basis of zero-knowledge proof will be made use of in encrypting, there will be signatures on encrypted data, and in the end, the encrypted data and signature will be sent to corresponding mintette nodes, or the RSU that is closest to the vehicle on the road.
Figure 3: Network model of double-layered chain IOV.
RSU certifies the signature sent by OBU. As the signed protocol is zero-knowledge proof, RSU can only be informed whether the signature is sent by OBU, but it cannot obtain any information, further ensuring that minimal trust can be obtained by RSU. If the certification is passed, then the encrypted data will be signed with private keys in the same way. Then
364
Blockchain Technologies and Crypto-Currencies
we will pack the encrypted real-time data of OBU and signature of OBU and RSU every once in a while and send them to TA. On the contrary, if the certification is not passed, the data will be thrown away. TA certifies the signature of OBU and RSU. If all of the certification is passed, hash the data, and merge them on advanced blocks. If not, drop the data. The specific network model is shown in Figure 3.
The Consensus Algorithm for Double-Layer Chain Networking In our model, our team ameliorated the two-step consensus algorithm based on the double-layered chain; thus we obtained the two-step consensus algorithm for the Internet of on-boards. For the traffic command center, we can consider it credible. All other nodes are authorized and known in the traffic command center. Under this assumption, the security requirements for the overall security of the system can be relatively reduced, and the design is more biased towards performance considerations. The concrete consensus algorithm is implemented in two steps. The first step is between the on-board unit (OBU) and the roadside unit (RSU). At the time of registration, the on-board unit (OBU) finds the corresponding TA node in the traffic command center through the address index, and the different addresses correspond to different TA nodes. Address index is a central service, which is convenient for on-board nodes to quickly find the corresponding central nodes. The center node will check the application submitted by the on-board node, including the legality of the application and whether the address is managed by the application. In the second step, the central node verifies that the on-board unit belongs to its management and then checks whether the authentication is correct by most nodes. If the check can be passed, the on-board unit is added to the corresponding list of the traffic command center, and the center node returns the certificate and private key of the on-board unit to its authenticated certificate. After that, the on-board unit can encrypt its message symmetrically and send it to the roadside node together with the symmetric encryption key and the signature and authentication certificate encrypted by TA public key. After a period of time, the roadside unit sends all the encrypted information to the traffic command center, which is processed by hash and merged into the advanced block.
IOV Privacy Protection System Based on Double-Layered Chains
365
RSA Digital Signature Scheme Based on Zero-Knowledge Proof (ZKP) As the prover, on-board unit (OBU) owns parameter n and public key e and private key d generated by test authority (TA), Remote Subscriber Unit (RSU), the verifer, owns parameter n, and public key e. OBU firstly gives digital signature on message m using the RSA signature algorithm, obtaining signature s; and then a zero-knowledge proof (ZKP) is given for the signature s, so that the RSU believes that the prover P has the signature s for the information m, but it cannot get any useful information about s from the protocol. Therefore, the protocol is with zero-knowledge. According to the following steps, we made Algorithms 1. Firstly, we define the following parameters:
(1) Algorithm 1: RSA digital signature scheme based on ZKP.
Step 1. Generate the signature of message m by using the RSA algorithm, where H(m) is the binary string at the length of l, obtained after hashing the message.
Blockchain Technologies and Crypto-Currencies
366
Step 2. OBU choose a random number
and secretly calculate
once , where is the the identity mark of OBU, and timestamp is the time stamp of conducting ZKP, and Nonce is the random number chosen for withstanding message replaying. Step 3. OBU sends ZKP message group RSU. Step
4.
RSU
verifies
if
the
equation can be established.
Step 5. If the equation was established, RSU accepts the proof of OBU; if not, RSU rejects.
SYSTEM DESIGN In this chapter, we will provide the specific realization of privacy protection of real-time data of vehicles in the system and analyze the corresponding security. The plan will be divided into four stages: system setting, identity registration, identity revocation, and information transmission.
System Setting TA publishes its own public key: on chains: the corresponding private will be stored in the system. The function of the private key is key to decode the encrypted data with private key when certification center wants to obtain the data of vehicles on a certain section. For example, in traffic accidents, there can be reasonable arbitration through transferring the data of the vehicle at the time when accidents happen. Meanwhile, TA will also store the ID and corresponding public key of each OBU that has been successfully registered and each RSU.
Identity Registration Before OBU and RSU join Internet of Vehicles, they need to register through TA; here, TAs function is similar to CA, and it is capable of issuing certificates to OBU and RSU. Therefore, the identity registration here includes the identity registration of OBU and RSU. About OBU registration, TA examines the identity information of users, when the information is examined and verified, certificates will be issued,
IOV Privacy Protection System Based on Double-Layered Chains
367
and registration will be permitted. TA binds vehicles and public keys through one-to-one mapping, upload information to database; meanwhile, write the certificates that have been issued the information of public keys in vehicles system of preventing distortion. According to the following principle, we made Algorithms 2. (i) (ii) (iii)
(iv)
Vehicle A submits identity authentication IDA to the Vehicle Network Certification Center or the test authority (TA). TA verifies the IDA submitted by vehicle A. If the verification failed, no more registration would be allowed or accepted. Public and private keys that are corresponding to the OBU are generated by RSA algorithm, and the public key is written on the certificate. After that, the certificate and the private key are saved to the Defacement System of OBU. The pairing map of the vehicle A and its public key, namely, , is saved in the database of TA.
Algorithm 2: OBU identity registration.
RSU registration is similar to OBU registration. According to the following principles, we made Algorithms 3: (i) (ii) (iii)
RSU B submits identification IDB to TA. TA verifies the IDB submitted by RSU B. If the verification failed, no more registration would be allowed or accepted. Public and private keys that are corresponding to the RSU are generated by RSA algorithm, and the public key is written on the certificate. After that, the certificate and the private key are saved to the Defacement System of RSU.
Blockchain Technologies and Crypto-Currencies
368
(iv)
The pairing map of the RSU B and its public key, namely, , is saved in the database of TA.
Algorithm 3: RSU identity registration.
Identity Revocation Users can apply to TA for the reimbursement and breakdown of vehicles and log off the OBU that has been registered; after TAs examination and verification, corresponding public keys can be put in RL. We made Algorithms 4 with the principles below. (i)
TA receives information verifies whether the signature is valid
(ii)
After the signature takes effect, find out the according to ID.
(iii)
Add
to Revocation List (RL).
Algorithm 4: Identity revocation.
and of private key
IOV Privacy Protection System Based on Double-Layered Chains
369
Similarly, RSU can also apply for revocation, Traffic Command Center will regularly send people to test, if there is damage in RSU, the corresponding identity identification will be recorded, and the corresponding public keys will be looked for and added to revocation list.
Information Dissemination In order to ensure the privacy of the information of each vehicle, the realtime data sent by OBU to RSU will be transmitted through encrypting. First and foremost OBU makes use of random number generator to generate symmetric encrypted keys. In this system, we encrypt with AES algorithm. Afterwards, TAs public keys will be used for encryption. Afterwards, the RSA digital signature plan is based on zero-knowledge proof to sign in encrypted information; finally, vehicles send their realtime road information, encrypted code, signature; and TAs certificate to the nearest RSU for examination. After RSU obtains the encrypted real-time road information, encrypted code, signature, and TAs certificate, it makes use of the public key in the certificate to examine the signature; if the examination is passed, RSU will carry out summary calculation on the real-time road information that has been encrypted and its own ID, make use of private key in signature, and send everything obtained from OBU and its own signature and certificates to TA. (In particular, RSU does not need zero-knowledge proof for TA; since TA is the highest authority, it can obtain all information; therefore, RSUs signature can be signed directly.) TA examines RSUs signature. If the certification is passed, TA will carry out hash processing on encrypted real-time information and store the information in the advanced blocks corresponding to TA. We completed Algorithms 5 with the principles below.
Blockchain Technologies and Crypto-Currencies
370
(i)
(ii) (iii)
VehicleAgenerates real-time road data MA, and the system generates a symmetric encryption key k. Then, the MA is symmetrically encrypted with the key k, generating . The key k is symmetrically encrypted using public key of TA, . generating Vehicle A uses the RSA digital signature protocol based on ZK to sign the encrypted data, resulting in , and then the message group the encrypted message , and the certificate issued by TA to the OBU are sent to the nearest RSU.
(iv) (v)
is valid. RSU verifies if the signature of A If it is valid, then RSU conducts summary calculation on encrypted message MA and generates signature key.
applying the private
to TA after a The RSU sends the certificate while. (vii) Then, TA uses the certificate to verify whether the signature is valid. of RSU (viii) If the signature was valid, TA adds time stamp on the encrypted message MA and hashes it, generating , and then merges it onto the high block.
(vi)
IOV Privacy Protection System Based on Double-Layered Chains
371
Algorithm 5: Information dissemination.
Arbitration Mechanism We completed the framework design of IOV privacy protection system based on double-layered chains before this section, but the system defaults vehicles are believable. Once the intentional transmission of invalid information by malicious vehicles has occurred, it will cause the storage resources on the chain to be consumed. To solve this problem, we add the vehicle detection function on the basis of this system. According to the following principles, we made Algorithms 6. (i)
(ii) (iii)
Vehicle A sends notification message NA about vehicle B and the system generates a symmetric encryption key k. Then, the NA is symmetrically encrypted with the key k, generating . The key k is symmetrically encrypted using public key of TA, generating . Vehicle A uses the RSA digital signature protocol based on ZK to sign the encrypted data, resulting in ( times , and then the message
Blockchain Technologies and Crypto-Currencies
372
group , , the encrypted message XA, and the certificate issued by TA to the OBU are sent to the nearest RSU. (iv) (v)
RSU verifies if the signature of A is valid. If it is valid, then RSU conducts summary calculation on encrypted message NA and generates signature private key.
(vi)
The RSU sends the certificate while.
(vii) Then, TA uses the certificate
applying
the
to TA after a to verify whether the signature
of RSU is valid. (viii) If the signature is valid, TA will obtain the notification message NA. By analyzing the data of vehicle B, the notification message NA can be arbitrated. (ix) If the arbitration result is true, vehicle A is rewarded and the identity of vehicle B is revoked. If the arbitration result is false, vehicle A will give TA some economic compensation. Algorithm 6: Information dissemination.
IOV Privacy Protection System Based on Double-Layered Chains
373
Safety Proof In this section, we will analyze the security and zero knowledge of the system. We will state the following four aspects for security:(1)Nonforgery: in this system, each vehicle is certified by the certification center TA, so the enemy cannot forge a new on-board node (OBU) into the system.(2)Data integrity: in this system, each roadside node (RSU) uses the hash function to package and upload the data to the authentication center (TA), so as to ensure the integrity of the data, in case the authentication center can collect evidence or find the data.(3)Data privacy: in this system, each on-board node (OBU) uses symmetric encryption to ensure the limited use of the resource with the data uploaded by vehicles, such as route sand locations. Then, it encrypts the symmetric key by using the public key of (TA) to transmit the ciphertext, which guaranteed the conditional privacy of data. (4)Nontampering: this system makes use of the nontampering property of block chain. Once the arbitration event occurs, the data can guarantee the truth. The system also satisfies three basic properties of zero-knowledge proof: completeness, validity, and zero-knowledge. (i)
(ii)
(iii)
Completeness: c is obtained from the hash function, which is unpredictable. Therefore, when the signature declared by OBU to RSU is true, V accepts the proof of P with a probability of close to 1. Validity: if OBU cheats RSU without a signature, the probability of success is 1/2l. When l is large enough, this is a small probability event, which can be ignored, so V rejects the proof of P with a probability of 1-1/2l. Zero knowledge: with the RSA algorithm, the protocol does not
374
Blockchain Technologies and Crypto-Currencies
leak any information about s, so the protocol is zero knowledge. To sum up, the advantage of using block chain technology lies in its ability of anticollusionin order to solve the problem that cloud may not be trusted in real life. At the same time, the trace ability and nonrepudiation of block chain are also conducive to the realization of application scenarios of conditional privacy. In this chapter, we have given the security description and zero-knowledge description of the authentication protocol for privacy protection of the system, so as to show that the privacy protection system of the Internet of Vehicles based on the double-layered chain is safe and will not disclose users’ privacy.
PERFORMANCE ANALYSIS In this section, we will analyze the system performance. In the previous article, we mentioned the advantages of using block chain technology, so in this section, we compare the single-layered chain system with the doublelayered chain system. In recent years, with the rapid development of the vehicle-sharing industry, many vehicles can be shared for people’s convenience to go out. The privacy protection system of Internet of Vehicles (IOV) based on double-layered chain designed in this paper can well realize the scenes of sharing cars. Users will first register their identity. After being approved by the certification authority (TA), they can rent the vehicles from vehiclesharing company. When a user rents a vehicle and drives, the vehicle’s privacy information will be sent to the roadside unit (RSU) by on-board unit (the OBU) in the encrypted form. Then the roadside unit (RSU) sent the overall information to the authentication center (TA) for storage after data compression. At the end of the trip, the user can submit an application to the authentication center (TA) and directly pay his/her fee on the chain. When the user wants to quit the car-sharing service, he/she can also submit an application to the authentication center (TA), which will confirm the identity and then revoke his/her identity. Here we take Shanghai’s scenes of sharing cars as an example. By the end of 2016, there are more than 3 million vehicles in Shanghai, with 16 districts. In this system, we take vehicle-mounted nodes as vehicles and trust center nodes as districts.
IOV Privacy Protection System Based on Double-Layered Chains
375
Communication Complexity In a single-layered chain system, there are about 3 million in-vehicle nodes that function as computing nodes. Therefore, for each block-making vote it requires 3 million information exchanges; in the double-layered chain structure of this IOV system designed herein, only TA will generate new blocks. So, it only takes 16 exchanges to complete each block-making. In other words, the double-layered chain structure reduces the number of computing nodes, and thereby greatly decreases communication complexity.
Communication Throughput Capacity Based on the above analysis on communication complexity, we may assume the information exchange between single-layered chain and double-layered chain, so as to calculate the communication throughput capacity. Private data contain content data and image data. Content data include speed and path ways, and image data include road conditions, or photo records of accident scenes, etc. To save more space, our image data can be compressed to bit strings through hash processing. So the private data are uploaded in bit strings with different lengths. We may also assume that private data of each vehicle is 3KB. In single-layered chain, vehicles upload private data and signature to the chains. Suppose building one block costs 1s, then throughput capacity of the single chain is . In double-layered chains, a block is formed every 10 min. Meanwhile, if one vehicle passes by every second, then 10*60=600 vehicles pass through the roadside unit within 10 min. The uploaded private data is . Hence, the throughput capacity of double-layered . It can be seen chain is that communication throughput capacity of double-layered chain is far less than the communication throughput capacity of single-layered chain. We made Figure 4 with the data above to represent the communication through capacity of single-layer chain and double-layer chain.
376
Blockchain Technologies and Crypto-Currencies
Figure 4: Communication throughput capacity.
Number of Signatures In a single-layered chain system, the number of information is equal to the number of in-vehicle nodes, namely, 3 million. And the corresponding number of signatures is 6 million. In the double-layered chain structure designed herein, each roadside node will sign k vehicles at the closest distance, where k is the expected number of privacy information accepted by each roadside node. Therefore, the number of signatures to be verified on the main chain is 600k, which means it reduces the number of signatures and further shortens the time spent on identity authentication during blockmaking. We made Figure 5 about number of signatures of single-layer chain and double-layer chain with data above.
Figure 5: Number of signatures.
IOV Privacy Protection System Based on Double-Layered Chains
377
Transaction per Second (TPS) The memory of a traditional block is sized at 3M. For a single-layered chain system, we can set each block to correspond to 1,000 transactions, and each transaction is about 3K in size; while in the double-layered chain system, the advanced block stores hash value, a 256-bit value, of each piece of information; that is to say, the size of each transaction is 32 bits. Therefore, TPS of double-layered chain system is about 100 times that of the singlelayered chain system.
Data Storage Capacity In a single-layered chain system, it stores about 103 transactions; in a double-layered chain system the transaction storage capacity is about 3M 32bit = 105. It is thus clear that in the double-layered chain IOV system each block can store 100 times more of transaction information. We made Table 2 with all the data in Section 5 to compare efficiency of single-layer chain and double-layer chain. In conclusion, compared with the traditional single-layered chain model, the double-layered chain model adopted by the IOV system herein can reduce the communication complexity, communication throughput capacity, and the time consumed by identity authentication, while improving the system’s TPS and transaction storage capacity, thus greatly improving the system performance. Table 2: Efficiency comparison of single-layer chain and double-layer chain
CONCLUSION In this paper, we have designed a double-layered chain IOV model by investigating the current privacy protection model of vehicle network, which aimed at the assumption that the cloud is not necessarily credible in real life.
378
Blockchain Technologies and Crypto-Currencies
On one hand, the data is guaranteed to be true by using the unauthorized modification of block chain; on the other hand, the double-layered chain architecture reduces the communication complexity and throughput of the system, which not only improves the TPS of the system, but also makes it easier for the government to supervise by using the unique semicentralized structure of the double-layered chain. At the end of this paper, we design a RSA digital signature scheme that based on zero-knowledge proof, which can realize the zero-knowledge between the vehicle-and-roadside unit and the vehicle-and-vehicle unit. We have completed the fully automatic double-layered chain privacy protection scheme for vehicle network, which is better applied in accident disputes, vehicle insurance claims, and other state of affairs.
ACKNOWLEDGMENTS This research is supported by the National Key Research and Development Program of China (no. 2017YFB0802500).
IOV Privacy Protection System Based on Double-Layered Chains
379
REFERENCES 1.
J. F. Paniati, “Vehicle infrastructure integration,” in VII Public Meeting, 2005. 2. R. Bishop, “A survey of intelligent vehicle applications worldwide,” in IEEE Intelligent Vehicles Symposium, 2002. 3. I. Furgel and K. Lemke, “A review of the digital tachograph system,” Embedded Security in Cars: Securing Current and Future Automotive IT Applications, pp. 69–94, 2006. 4. D. Llusia, R. Mrquez, J. F. Beltrn, C. Moreira, and J. P. D. Amaral, “Ieee 802.11p: towards an international standard for wireless access in vehicular environments,” in Proceedings of the Vehicular Technology Conference, pp. 2036–2040, May 2008. 5. E. Brickell, J. Camenisch, and L. Chen, “Direct anonymous attestation,” in Proceedings of 11th ACM conference on Computer and communications security, pp. 132–145, ACM, USA, October 2004. 6. E. Van Den Berg, T. Zhang, and S. Pietrowicz, “Blend-in: a privacy-enhancing certificate-selection method for vehicular communication,” IEEE Transactions on Vehicular Technology, vol. 58, no. 9, pp. 5190–5199, 2009. 7. D. Boneh, X. Boyen, and H. Shacham, “Short group signatures,” Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics): Preface, vol. 3152, pp. 41–55, 2004. 8. X. Lin, X. Sun, P.-H. Ho, and X. Shen, “GSIS: a secure and privacypreserving protocol for vehicular communications,” IEEE Transactions on Vehicular Technology, vol. 56, no. 6, pp. 3442–3456, 2007. 9. H. Xiong, G. Zhu, Z. Chen, and F. Li, “Efficient communication scheme with confidentiality and privacy for vehicular networks,” Computers and Electrical Engineering, vol. 39, no. 6, pp. 1717–1725, 2013. 10. J.-L. Huang, L.-Y. Yeh, and H.-Y. Chien, “ABAKA: an anonymous batch authenticated and key agreement scheme for value-added services in vehicular ad hoc networks,” IEEE Transactions on Vehicular Technology, vol. 60, no. 1, pp. 248–262, 2011. 11. M. Raya, P. Papadimitratos, I. Aad, D. Jungels, and J. P. Hubaux, “Eviction of misbehaving and faulty nodes in vehicular networks,” IEEE Journal on Selected Areas in Communications, vol. 25, no. 8, pp. 1557–1568, 2007.
380
Blockchain Technologies and Crypto-Currencies
12. R. L. Rivest, A. Shamir, and Y. Tauman, “How to leak a secret,” in Proceedings of the International Conference on the Theory Application of Cryptology Information Security, vol. 2248 of Lecture Notes in Comput. Sci., pp. 552–565, Springer, 2001. 13. R. L. Rivest, A. Shamir, and Y. Tauman, “How to leak a secret: theory and applications of ring signatures,” in Theoretical Computer Science, vol. 3895 of Lecture Notes in Comput. Sci., pp. 164–186, Springer, Berlin, 2006. 14. H. Xiong, K. Beznosov, Z. Qin, and M. Ripeanu, “Efficient and spontaneous privacy-preserving protocol for secure vehicular communication,” in Proceedings of the 2010 IEEE International Conference on Communications, (ICC ‘10), pp. 1–6, May 2010. 15. S. Zeng, Y. Huang, and X. Liu, “Privacy-preserving communication for VANETs with conditionally anonymous ring signature,” International Journal of Network Security, vol. 17, no. 2, pp. 135–141, 2015. 16. H. Xiong, Z. Chen, and F. Li, “Efficient and multi-level privacypreserving communication protocol for VANET,” Computers & Electrical Engineering, vol. 38, no. 3, pp. 573–581, 2012. 17. H. Xiong, Z. Chen, and F. Li, “Efficient privacy-preserving authentication protocol for vehicular communications with trustworthy,” Security and Communication Networks, vol. 5, no. 12, pp. 1441–1451, 2012. 18. H. Xiong and Z. Qin, “Revocable and scalable certificateless remote authentication protocol with anonymity for wireless body area networks,” IEEE Transactions on Information Forensics and Security, vol. 10, no. 7, pp. 1442–1455, 2015. 19. Y. Chen, Z. Lu, H. Xiong, and W. Xu, “Privacy-preserving data aggregation protocol for fog computing-assisted vehicle-toinfrastructure scenario,” Security and Communication Networks, vol. 2018, Article ID 1378583, 14 pages, 2018. 20. L. Delgrossi and Z. Tao, Vehicle Safety Communications: Protocols, Security, and Privacy, vol. 103 of Information and Communication Technology Series, John Wiley & Sons, 2012. 21. G. Danezis and S. Meiklejohn, “Centrally banked cryptocurrencies,” Cryptography and Security, 2015.
INDEX A Ad-hoc On-Demand Distance Vector (AODV) 240, 241 Aggregate signature scheme 331, 345 Arbitration Node (AN) 65 Artificial Intelligence (AI) 162 Asymmetric cryptography 32 Asymmetric encryption 218, 222 Authentication and key agreement (AKA) 132 Autonomous vehicles (AV) 180
B Bayesian Information Criterion (BIC) 98 Bernoulli process 6 Bit error rate (BER) 152 Blockchain-based Access Verification Protocol (BAVP) 131, 132 Blockchain-based contractual routing (BCR) 239, 241 Blockchain (BC) 215, 216 Blockchain mechanism 106
Blockchain Platform for Industrial Internet of Things (BPIIoT) 197, 202, 209 Blockchain protocols 219 Blockchain Structures (BCS) 216 Blockchain technology 31, 34, 53
C Central authority (CA) 239, 240 Certificate authority (CA) 130 Cloud-Based Manufacturing (CBM) 196 Cloud computing 220, 235 Cloud Service Provider (CSP) 65 Cluster head (CH) 303 Communication network 6 Computational power 33, 34, 35, 36 Conditional anonymous ring authentication solution (CARS) 358 Credibility verification process 219, 224 Cryptocurrency 110, 115 Cryptocurrency Bitcoin (BTC) 217 Cryptocurrency blockchain 32 Cryptocurrency market 112, 120 Cryptographic algorithm 332, 334
382
Blockchain Technologies and Crypto-Currencies
Cryptographic hash 222, 223, 226 Cryptographic protection 108 Cryptographic signatures 337 CSSP (cleanroom security service protocol) 63
D DAG (Directed Acyclic Graph) 300 Data Envelopment Analysis (DEA) 93 Decentralized applications (DApps) 47 Decentralized Autonomous Organization (DAO) 211 Denial of service attacks (DoS) 288 DHT (Distributed hash table) 297 Digital currency 105, 106, 107, 108, 113, 114, 119, 120, 122 Digital encryption 87 Directed acyclic graph (DAG) 134 Distributed Autonomous Corporations (DAC) 298 Distributed consistency 4 Distributed databases 4, 7 DLP, Discrete Logarithm Problem 275
E ECDLP, Elliptic Curve Discrete Logarithm Problem 275 Economic growth 84 Edge Service Provider (ESP) 65 Electronic Funds Transfer (EFT) 108 Elliptic curve cryptography (ECC) 333 Elliptic Curve Digital Signature Algorithm (ECDSA) 276 Elliptic curve discrete logarithm
problem 332 EMR (Electronic Medical Record) 30 Encrypting data structure 87 Entity functions 222, 223 Epidemiology terminology 16 Ethereum blockchain 32, 39, 47, 49, 50 Ethereum Virtual Machine (EVM) 200 EVM (Ethereum Virtual Machine) 135 Externally Owned Accounts (EOAs) 200, 201
F Federal Bureau of Investigation (FBI) 119 Financial system 85 Forged nodes (FP) 229 Formal security analysis 333
G GEO (Geosynchronous Earth Orbit) 131 GHOST (Greedy Heaviest Observed Subtree) 310 Graph diffusion 9 Graphical User Interface (GUI) 42 Graph topology 5 Greedy Heaviest Observed Subtree (GHOST) 211 Gross domestic product (GDP) 84
H Hardware-as-a-Service (HaaS) 203 Hierarchical Identity Based Encryption (HIBE) 62 Hierarchical relationship 221
Index
Homomorphic Proof 338 Homomorphic property 338
I Identity-based encryption (IBE) 131 IFP, Integer Factorization Problem 275 Information diffusion mechanisms 4 Information propagation 6 Infrastructure-as-a-Service (IaaS) 203 Initial Coin Offerings (ICO) 175 Innovation-driven development strategy 85 International Business Machines Corporation (IBM) 86 International Telecommunication Union (ITU) 270 Internet of Things (IoT) 58, 195, 196, 215 Internet of Vehicle (IOV) 355 Interoperability 216
J Japanese Bankers Association (JBA) 176
K Key Generation Center (KGC) 132 Key management system 218 Key privacy authority (KPA) 145
L Lightweight Client (LC) 65 Lightweight Node (LN) 66 Low-Earth-Orbit (LEO) 130
383
M Machine-to-machine (M2M) 297 Manage Server (MS) 220 MEO (Medium Earth Orbit) 131 Monte Carlo simulation 14, 23 Multihop Cellular Networks (MCN) 244 Multi-Party Computation (MPC) 278 Multiple Secure Computation (MPC) 294
N National Institute of Standards and Technology (NIST) 276 Natural Sciences and Engineering Research Council (NSERC) 262 Network control center (NCC) 131 Network performance 12, 13, 14, 17, 23 Novel credibility verification method 219
O On-board unit (OBU) 358, 359, 364, 365 One-time-programmable (OTP) 300 Optimal and secure routing (OSR) 240 Optimized Link State Routing (OLSR) 240 Organization for Economic Cooperation and Development (OECD) 85 Over the air (OTA) 180
384
Blockchain Technologies and Crypto-Currencies
P
S
Packet Delivery Ratio (PDR) 241, 256 Payment private key 341, 342, 343, 346 Payment service provider (PSP) 166 Peer-to-Peer (P2P) 7 Platform-as-a-Service (PaaS) 203 Practical byzantine fault tolerance (PBFT) 291 Private Key 220, 222, 223, 224 Probability distribution 6 Programmability 85 Proof of Authority (PoA) 62 Proof of elapsed time (PoeT) 289 Proof of Stake (PoS) 62 Proof-of-Work (POW) 4 Public Key Infrastructure (PKI) 240 Public Key (PK) 217
Secure Ad-hoc On-Demand Distance Vector (SAODV) 240 Security transmission 217 Semantic annotation layer 218 Semantic Web of Things (SWoT) 218 Service Providers (SP) 303 Signature scheme 331, 332, 333, 334, 337, 340, 341, 343, 344, 345, 346, 348 Single-board computer (SBC) 204 Social transformation 87 Software-as-a-Service (SaaS) 203 Synchronization 223
Q Quality of service (QoS) 152
R Radio frequency (RFID) 270, 271 Remote Subscriber Unit (RSU) 365 Research and development (R & D) 84 Revocation List (RL) 368 Ripple network 113 Roadside unit (RSU) 358, 359, 364, 374 Route Acquisition Latency (RAL) 241, 257 Route Error (RERR) 248 Route Reply (RREP) 248 Route Request (RREQ) 247 Routing Overhead (RO) 241, 257 RPC (Remote Procedure Call) 278
T Telecommunication 108, 110 Throughput (TP) 241, 256 Transactions per second (tps) 49, 50 Trusted Authority (TA) 359 Trusted platform module (TPM) 59 Trusted Third Party (TTP) 134 Trust mechanism 217
U UEFI (Unified Extensible Firmware Interface) 61 Universal Sharing Network (USN) 185
V Vehicular ad hoc (VANETs) 358
networks
W Wireless Body Area (WBAN) 34
Network
Index
Wireless Sensor Networks (WSN) 4, 244, 270
X XRP (Ripple Market) 113
385
Z Zero-knowledge proof (ZKP) 355, 365