With the widespread of E-commerce, the need of a trusted system to ensure the delivery of traded items is crucial. Current proof of delivery (PoD) systems lacks transparency, traceability, and ...credibility. These systems are mostly centralized and rely on trusted third parties (TTPs) to complete the delivery between sellers and buyers. TTPs can be costly, a single point of failure, and subject to hacking, privacy evasion, and compromise. The blockchain is an immutable, trusted, and decentralized ledger with logs and events that can be used for transparency, traceability, and tracking. In this paper, we present a solution and a general framework using the popular permissionless Ethereum blockchain to create a trusted, decentralized PoD system that ensures accountability, auditability, and integrity. The solution uses Ethereum smart contracts to prove the delivery of a shipped item between a seller and a buyer irrespective of the number of intermediate transporters needed. In our proposed solution, all participating entities are incentivized to act honestly by using a double deposit collateral. Automated payment in ether is an integral part of a solution to ensure that every entity gets its intended share of ether upon successful delivery. An arbitration mechanism is also incorporated if a dispute arises during the shipping process. In this paper, we show how we implemented, verified, and tested the proper functionality of our PoD solution. We also provide security analysis and give estimates of the cost consumption in ether gas. We made the full code of the Ethereum smart contracts publicly available at Github.
Having reliable information regarding the status of nuclear waste along its lifecycle has been identified as a major booster of public confidence in nuclear programs. The technical solutions proposed ...in the literature to address this issue remain confined to proof-of-concept implementations within the boundaries of individual nuclear plants. In this work, we aim at answering the following question: How can we design a system to monitor the radioactive waste information along its complete lifecycle across different stakeholders, while making such information also safely available to the public when necessary? The proposed system combines IoT and blockchain technology. IoT sensors placed on nuclear waste drums allow to generate information regarding their status in real time. Blockchain provides an immutable repository for the drum monitoring information decentralized across a set of stakeholders, like nuclear waste originators, waste packaging and transportation companies, storage sites, and regulatory bodies. Following the principles of design science research, we describe a prototype implementation of the proposed system based on a private instance of Ethereum and its application in a pseudo-real use case in Korea. The proposed system is the first of its kind evaluated by practitioners and aims to set a reference for future implementations in this field.
Blockchain technology can address data falsification, single point of failure (SPOF), and DDoS attacks on centralized services. By utilizing IoT devices as blockchain nodes, it is possible to solve ...the problem that it is difficult to ensure the integrity of data generated by using current IoT devices. However, as the amount of data generated by IoT devices increases, scalability issues are inevitable. As a result, large amounts of data are managed on external cloud storage or distributed file storage. However, this has the disadvantage of being outside the blockchain network. This makes it difficult to ensure reliability and causes high latency during data download and upload. To address these limitations, we propose a method for managing large amounts of data in the local storage node of a blockchain network with improved latency and reliability. Each blockchain network node stores data, which is synchronized and recovered based on reaching a consensus between smart contracts in a cluster network. The cluster network consists of a service leader node that serves as a gateway for services and a cluster node that stores service data in storage. The blockchain network stores synchronization and recovery metadata created in the cluster network. In addition, we showed that the performance of smart contract execution, network transmission, and metadata generation, which are elements of the proposed consensus process, is not significantly affected. In addition, we built a service leader node and a cluster node by implementing the proposed structure. We compared the performance (latency) of IoT devices when they utilized the proposed architecture and existing external distributed storage. Our results show improvements up to 4 and 10 times reduction in data upload (store) and download latency, respectively.
In this paper, a data resource protection solution is proposed to eliminate the potential risk of data owners reselling others' data resources. By utilizing the key functions of Ethereum blockchain ...and smart contract, a data-for-sale mechanism is built. By this mechanism, data-for-sale information is received and processed, the information is broadcast to the nodes in the blockchain, and the feedback of the nodes to the information is handled. By introducing large-margin multi-task metric learning, a dispute resolution mechanism is constructed to solve data-for-sale disputes. By designing “data-for-sale”, “access to market”, “dispute resolution” algorithms, data resource protection is realized. By proposing sequence diagrams and algorithms, smart contract is finished. Finally, according to the solution, the test and validation of the smart contract is completed. The code for the smart contract and ABI interface is available on GitHub.
Deductive verification of smart contracts with Dafny Cassez, Franck; Fuller, Joanne; Antón Quiles, Horacio Mijail
International journal on software tools for technology transfer,
04/2024, Letnik:
26, Številka:
2
Journal Article
Recenzirano
We present a methodology to develop verified smart contracts. We write smart contracts, their specifications and implementations in the verification-friendly language
Dafny
. In our methodology the ...ability to write specifications, implementations and to reason about correctness is a primary concern. We propose a simple, concise, yet powerful solution for reasoning about contracts that have external calls. This includes arbitrary re-entrancy, which is a major source of bugs and attacks in smart contracts. Although we do not yet have a compiler from
Dafny
to Ethereum Virtual Machine bytecode, the results we obtain from the
Dafny
code can reasonably be assumed to translate to contracts written in languages like Solidity. As a result our approach can readily be used to develop and deploy safer contracts.
Distributed key generation (DKG) is widely used in multi-party computation and decentralized applications. DKG has two phases, namely sharing and reconstruction. Most of the prior DKG protocols need ...at least 2 rounds for the sharing phase, in case some party raises a dispute. The existing 1-round DKG protocol Fouque et al. , PKC'01, built based on a publicly verifiable secret sharing (PVSS) scheme, assumes a static adversary model and its reconstruction phase requires <inline-formula> <tex-math notation="LaTeX">O(n^{2}) </tex-math></inline-formula> communication complexity. Motivated by the observation that a ciphertext-policy attribute-based encryption (CP-ABE) scheme hides secret sharing (SS) in ciphertext, we utilize decentralized CP-ABE to achieve the first adaptively secure 1-round DKG protocol. Firstly, a CP-ABE scheme enables the ciphertexts in DKG to be externally decrypted, making our protocol superior to the PVSS-based DKG protocol in reconstruction. The communication and computation complexities are both lowered to <inline-formula> <tex-math notation="LaTeX">O(n) </tex-math></inline-formula> thanks to the constant-sized decryption key and the proposed batch decryption. The use of CP-ABE also makes our DKG protocol storage-friendly, i.e., the parties store no ciphertext after the sharing phase. Secondly, we add non-interactive zero-knowledge (NIZK) proofs to make the CP-ABE ciphertext publicly verifiable by leveraging the sigma protocol and the Fiat-Shamir heuristic. Thirdly, we demonstrate our protocol's feasibility by presenting a proof-of-concept implementation over Ethereum, which is used as a public channel and a trustworthy computation platform. The implementation is a non-trivial task due to Ethereum's incompatibility with the bilinear mapping group.
In the era of the fourth industrial revolution, all aspects of the industrial domain are being affected by emerging technologies. Digitalization of every process is taking place or under process. One ...of the most important components common to every domain is the supply chain process. Organizations employ a digital supply chain to track the delivery of their products or materials. The digital supply chain is still suffering from a few issues such as no provenance, less transparency, and a trust issue. Blockchain technology, one of the emerging technologies, can be integrated with the supply chain to deal with the existing issues and to improve its performance. In this paper, a model is proposed to integrate blockchain technology with the supply chain to improve performance. The proposed model uses the combination of the Ethereum blockchain and the interplanetary file system to maintain the traceability, transparency, and trustworthiness of the supply chain.
Context
Smart contracts are programs that are automatically executed on the blockchain. Code weaknesses in their implementation have led to severe loss of cryptocurrency. It is essential to ...understand the nature of code weaknesses in Ethereum smart contracts to prevent them in the future. Existing classifications are limited in several ways, e.g., in the breadth of data sources, and the generality of proposed categories.
Objective
We aim to characterize code weaknesses in Ethereum smart contracts written in Solidity, and provide an overview of existing classification schemes in relation to this characterization.
Method
We extracted code weaknesses in Ethereum smart contracts from two public coding platforms and two vulnerability databases and categorized them using an open card sorting approach. We devised a classification scheme of smart contract code weaknesses according to their error source and impact. Afterwards, we mapped existing classification schemes to our classification.
Results
The resulting classification consists of 11 categories describing the error source of code weaknesses and 13 categories describing potential impacts. Our findings show that the language specific coding and the structural data flow categories are the dominant categories, but that the frequency of occurrence differs substantially between the data sources.
Conclusions
Our findings enable researchers to better understand smart contract code weaknesses by defining various dimensions of the problem and supporting our classification with mappings with literature-based classifications and frequency distributions of the defined categories.
The Internet has become one of the most importanttechnologies in the world, and hackers use various methods tolaunch cyber attacks to profit from it. Phishing is one of famoussocial engineering ...attacks, it is often used to steal user data,including login credentials and credit card numbers. Althoughthe Transport Layer Security certificate is used to verify the trustof websites, there are still a series of vulnerabilities. The demandfor trusted IP addresses has led a lot of research, including IPwhitelisting, DNS filtering and so on. However, these technologiesstill have many shortcomings. In view of this, we proposeda novel mechanism for verifying websites using blockchaintechnology. The URL and IP address of a permissioned websiteare recorded in blockchain through a specific smart contract.
A DNS query is executed through a smart contract designedto avoid URL redirection attacks. With the help of immutablenature of blockchian, phishing websites can be detected. Themechanism will not add any load to users and provides tamperprooffunctions based on the characteristics of blockchain. Thecomparison of related works shows that the proposed mechanismis more secure. We also provided a reference implementationof the proposed mechanism on Ethereum Quorum simulationplatform, which proves the effectiveness and practicability of themechanism. KCI Citation Count: 0
With the advancements in technology, blockchain systems have seen widespread use and rapid growth in the field of data security and verification. Blockchain is used in a variety of applications, ...including financial transactions, healthcare, insurance, Internet of Things, education, and many more, with the promise of increased skills and resilience. This smart distributed peer-to-peer design drew interest from a variety of businesses and communities outside the financial sphere. The major focus of the proposed work is on security challenges and limitations of Ethereum-based smart contracts. Ethereum smart contract is vulnerable to reentrancy security attack. The proposed work analyze reentrancy attacks and assess countermeasures to dissuade vulnerabilities on the network.