Blockchain for Distributed Systems Security

Foreword xiii Preface xv List of Contributors xix Part I Introduction to Blockchain 1 1 Introduction 3 Sachin S. Shetty, Laurent Njilla, and Charles A. Kamhoua 1.1 Blockchain Overview 3 1.1.1 Blockchain Building Blocks 5 1.1.2 Blockchain Commercial Use Cases 6 1.1.3 Blockchain Military Cyber Operations Use Cases 11 1.1.4 Blockchain Challenges 13 1.2 Overview of the Book 16 1.2.1 Chapter 2: Distributed Consensus Protocols and Algorithms 16 1.2.2 Chapter 3: Overview of Attack Surfaces in Blockchain 17 1.2.3 Chapter 4: Data Provenance in Cloud Storage with Blockchain 17 1.2.4 Chapter 5: Blockchain-based Solution to Automotive Security and Privacy 18 1.2.5 Chapter 6: Blockchain-based Dynamic Key Management for IoT-Transportation Security Protection 19 1.2.6 Chapter 7: Blockchain-enabled Information Sharing Framework for Cybersecurity 19 1.2.7 Chapter 8: Blockcloud Security Analysis 20 1.2.8 Chapter 9: Security and Privacy of Permissioned and Permissionless Blockchain 20 1.2.9 Chapter 10: Shocking Public Blockchains’ Memory with Unconfirmed Transactions—New DDoS Attacks and Countermeasures 21 1.2.10 Chapter 11: Preventing Digital Currency Miners From Launching Attacks Against Mining Pools by a Reputation-Based Paradigm 21 1.2.11 Chapter 12: Private Blockchain Configurations for Improved IoT Security 22 1.2.12 Chapter 13: Blockchain Evaluation Platform 22 References 23 2 Distributed Consensus Protocols and Algorithms 25 Yang Xiao, Ning Zhang, Jin Li, Wenjing Lou, and Y. Thomas Hou 2.1 Introduction 25 2.2 Fault-tolerant Consensus in a Distributed System 26 2.2.1 The System Model 26 2.2.2 BFT Consensus 28 2.2.3 The OM Algorithm 29 2.2.4 Practical Consensus Protocols in Distributed Computing 30 2.3 The Nakamoto Consensus 37 2.3.1 The Consensus Problem 38 2.3.2 Network Model 38 2.3.3 The Consensus Protocol 39 2.4 Emerging Blockchain Consensus Algorithms 40 2.4.1 Proof of Stake 41 2.4.2 BFT-based Consensus 42 2.4.3 Proof of Elapsed Time (PoET) 44 2.4.4 Ripple 45 2.5 Evaluation and Comparison 47 2.6 Summary 47 Acknowledgment 49 References 49 3 Overview of Attack Surfaces in Blockchain 51 Muhammad Saad, Jeffrey Spaulding, Laurent Njilla, Charles A. Kamhoua, DaeHun Nyang, and Aziz Mohaisen 3.1 Introduction 51 3.2 Overview of Blockchain and its Operations 53 3.3 Blockchain Attacks 54 3.3.1 Blockchain Fork 54 3.3.2 Stale Blocks and Orphaned Blocks 54 3.3.3 Countering Blockchain Structure Attacks 55 3.4 Blockchain’s Peer-to-Peer System 55 3.4.1 Selfish Mining 56 3.4.2 The 51% Attack 57 3.4.3 DNS Attacks 57 3.4.4 DDoS Attacks 58 3.4.5 Consensus Delay 59 3.4.6 Countering Peer-to-Peer Attacks 59 3.5 Application Oriented Attacks 60 3.5.1 Blockchain Ingestion 60 3.5.2 Double Spending 60 3.5.3 Wallet Theft 61 3.5.4 Countering Application Oriented Attacks 61 3.6 Related Work 61 3.7 Conclusion and Future Work 62 References 62 Part II Blockchain Solutions for Distributed System Security 67 4 ProvChain: Blockchain-based Cloud Data Provenance 69 Xueping Liang, Sachin S. Shetty, Deepak Tosh, Laurent Njilla, Charles A. Kamhoua, and Kevin Kwiat 4.1 Introduction 69 4.2 Background and Related Work 70 4.2.1 Data Provenance 70 4.2.2 Data Provenance in the Cloud 71 4.2.3 Blockchain 73 4.2.4 Blockchain and Data Provenance 74 4.3 ProvChain Architecture 75 4.3.1 Architecture Overview 76 4.3.2 Preliminaries and Concepts 77 4.3.3 Threat Model 78 4.3.4 Key Establishment 78 4.4 ProvChain Implementation 79 4.4.1 Provenance Data Collection and Storage 80 4.4.2 Provenance Data Validation 83 4.5 Evaluation 85 4.5.1 Summary of ProvChain’s Capabilities 85 4.5.2 Performance and Overhead 86 4.6 Conclusions and Future Work 90 Acknowledgment 91 References 92 5 A Blockchain-based Solution to Automotive Security and Privacy 95 Ali Dorri, Marco Steger, Salil S. Kanhere, and Raja Jurdak 5.1 Introduction 95 5.2 An Introduction to Blockchain 98 5.3 The Proposed Framework 101 5.4 Applications 103 5.4.1 Remote Software Updates 103 5.4.2 Insurance 105 5.4.3 Electric Vehicles and Smart Charging Services 105 5.4.4 Car-sharing Services 106 5.4.5 Supply Chain 106 5.4.6 Liability 107 5.5 Evaluation and Discussion 108 5.5.1 Security and Privacy Analysis 108 5.5.2 Performance Evaluation 109 5.6 Related Works 112 5.7 Conclusion 113 References 114 6 Blockchain-based Dynamic Key Management for IoT-Transportation Security Protection 117 Ao Lei, Yue Cao, Shihan Bao, Philip Asuquom, Haitham Cruickshank, and Zhili Sun 6.1 Introduction 117 6.2 Use Case 119 6.2.1 Message Handover in VCS 120 6.3 Blockchain-based Dynamic Key Management Scheme 124 6.4 Dynamic Transaction Collection Algorithm 125 6.4.1 Transaction Format 125 6.4.2 Block Format 127 6.5 Time Composition 128 6.5.1 Dynamic Transaction Collection Algorithm 129 6.6 Performance Evaluation 130 6.6.1 Experimental Assumptions and Setup 130 6.6.2 Processing Time of Cryptographic Schemes 132 6.6.3 Handover Time 133 6.6.4 Performance of the Dynamic Transaction Collection Algorithm 135 6.7 Conclusion and Future Work 138 References 140 7 Blockchain-enabled Information Sharing Framework for Cybersecurity 143 Abdulhamid Adebayo, Danda B. Rawat, Laurent Njilla, and Charles A. Kamhoua 7.1 Introduction 143 7.2 The BIS Framework 145 7.3 Transactions on BIS 146 7.4 Cyberattack Detection and Information Sharing 147 7.5 Cross-group Attack Game in Blockchain-based BIS Framework: One-way Attack 149 7.6 Cross-group Attack Game in Blockchain-based BIS Framework: Two-way Attack 151 7.7 Stackelberg Game for Cyberattack and Defense Analysis 152 7.8 Conclusion 156 References 157 Part III Blockchain Security 159 8 Blockcloud Security Analysis 161 Deepak Tosh, Sachin S. Shetty, Xueping Liang, Laurent Njilla, Charles A. Kamhoua, and Kevin Kwiat 8.1 Introduction 161 8.2 Blockchain Consensus Mechanisms 163 8.2.1 Proof-of-Work (PoW) Consensus 164 8.2.2 Proof-of-Stake (PoS) Consensus 165 8.2.3 Proof-of-Activity (PoA) Consensus 167 8.2.4 Practical Byzantine Fault Tolerance (PBFT) Consensus 168 8.2.5 Proof-of-Elapsed-Time (PoET) Consensus 169 8.2.6 Proof-of-Luck (PoL) Consensus 170 8.2.7 Proof-of-Space (PoSpace) Consensus 170 8.3 Blockchain Cloud and Associated Vulnerabilities 171 8.3.1 Blockchain and Cloud Security 171 8.3.2 Blockchain Cloud Vulnerabilities 174 8.4 System Model 179 8.5 Augmenting with Extra Hash Power 180 8.6 Disruptive Attack Strategy Analysis 181 8.6.1 Proportional Reward 181 8.6.2 Pay-per-last N-shares (PPLNS) Reward 184 8.7 Simulation Results and Discussion 187 8.8 Conclusions and Future Directions 188 Acknowledgment 190 References 190 9 Permissioned and Permissionless Blockchains 193 Andrew Miller 9.1 Introduction 193 9.2 On Choosing Your Peers Wisely 194 9.3 Committee Election Mechanisms 196 9.4 Privacy in Permissioned and Permissionless Blockchains 199 9.5 Conclusion 201 References 202 10 Shocking Blockchain’s Memory with Unconfirmed Transactions: New DDoS Attacks and Countermeasures 205 Muhammad Saad, Laurent Njilla, Charles A. Kamhoua, Kevin Kwiat, and Aziz Mohaisen 10.1 Introduction 205 10.2 Related Work 207 10.3 An Overview of Blockchain and Lifecycle 208 10.3.1 DDoS Attack on Mempools 210 10.3.2 Data Collection for Evaluation 210 10.4 Threat Model 211 10.5 Attack Procedure 212 10.5.1 The Distribution Phase 214 10.5.2 The Attack Phase 214 10.5.3 Attack Cost 214 10.6 Countering the Mempool Attack 215 10.6.1 Fee-based Mempool Design 216 10.6.2 Age-based Countermeasures 221 10.7 Experiment and Results 224 10.8 Conclusion 227 References 227 11 Preventing Digital Currency Miners from Launching Attacks Against Mining Pools Using a Reputation-based Paradigm 233 Mehrdad Nojoumian, Arash Golchubian, Laurent Njilla, Kevin Kwiat, and Charles A. Kamhoua 11.1 Introduction 233 11.2 Preliminaries 234 11.2.1 Digital Currencies: Terminologies and Mechanics 234 11.2.2 Game Theory: Basic Notions and Definitions 235 11.3 Literature Review 236 11.4 Reputation-based Mining Model and Setting 238 11.5 Mining in a Reputation-based Model 240 11.5.1 Prevention of the Re-entry Attack 240 11.5.2 Technical Discussion on Detection Mechanisms 241 11.5.3 Colluding Miner’s Dilemma 243 11.5.4 Repeated Mining Game 244 11.5.5 Colluding Miners’ Preferences 245 11.5.6 Colluding Miners’ Utilities 245 11.6 Evaluation of Our Model Using Game-theoretical Analyses 246 11.7 Concluding Remarks 248 Acknowledgment 249 References 249 Part IV Blockchain Implementation 253 12 Private Blockchain Configurations for Improved IoT Security 255 Adriaan Larmuseau and Devu Manikantan Shila 12.1 Introduction 255 12.2 Blockchain-enabled Gateway 257 12.2.1 Advantages 257 12.2.2 Limitations 258 12.2.3 Private Ethereum Gateways for Access Control 259 12.2.4 Evaluation 262 12.3 Blockchain-enabled Smart End Devices 263 12.3.1 Advantages 263 12.3.2 Limitations 264 12.3.3 Private Hyperledger Blockchain-enabled Smart Sensor Devices 264 12.3.4 Evaluation 269 12.4 Related Work 270 12.5 Conclusion 271 References 271 13 Blockchain Evaluation Platform 275 Peter Foytik and Sachin S. Shetty 13.1 Introduction 275 13.1.1 Architecture 276 13.1.2 Distributed Ledger 276 13.1.3 Participating Nodes 277 13.1.4 Communication 277 13.1.5 Consensus 278 13.2 Hyperledger Fabric 279 13.2.1 Node Types 279 13.2.2 Docker 280 13.2.3 Hyperledger Fabric Example Exercise 281 13.2.4 Running the First Network 281 13.2.5 Running the Kafka Network 286 13.3 Measures of Performance 291 13.3.1 Performance Metrics With the Proof-of-Stake Simulation 293 13.3.2 Performance Measures With the Hyperledger Fabric Example 296 13.4 Simple Blockchain Simulation 300 13.5 Blockchain Simulation Introduction 303 13.5.1 Methodology 304 13.5.2 Simulation Integration With Live Blockchain 304 13.5.3 Simulation Integration With Simulated Blockchain 306 13.5.4 Verification and Validation 306 13.5.5 Example 307 13.6 Conclusion and Future Work 309 References 310 14 Summary and Future Work 311 Sachin S. Shetty, Laurent Njilla, and Charles A. Kamhoua 14.1 Introduction 311 14.2 Blockchain and Cloud Security 312 14.3 Blockchain and IoT Security 312 14.4 Blockchain Security and Privacy 314 14.5 Experimental Testbed and Performance Evaluation 316 14.6 The Future 316 Index 319