A Formal Verification Framework for Security Issues of Blockchain Smart Contracts

Blockchain technology has attracted more and more attention from academia and industry recently. Ethereum, which uses blockchain technology, is a distributed computing platform and operating system. Smart contracts are small programs deployed to the Ethereum blockchain for execution. Errors in smart contracts will lead to huge losses. Formal verification can provide a reliable guarantee for the security of blockchain smart contracts. In this paper, the formal method is applied to inspect the security issues of smart contracts. We summarize five kinds of security issues in smart contracts and present formal verification methods for these issues, thus establishing a formal verification framework that can effectively verify the security vulnerabilities of smart contracts. Furthermore, we present a complete formal verification of the Binance Coin (BNB) contract. It shows how to formally verify the above security issues based on the formal verification framework in a specific smart contract. All the proofs are checked formally using the Coq proof assistant in which contract model and specification are formalized. The formal work of this paper has a variety of essential applications, such as the verification of blockchain smart contracts, program verification, and the formal establishment of mathematical and computer theoretical foundations.

Download Full-text

Blockchain Technology - Based Solutions for IOT Security

Iraqi Journal for Computer Science and Mathematics ◽

10.52866/ijcsm.2022.01.01.006 ◽

2022 ◽

pp. 53-63

Author(s):

Israa Al_Barazanchi ◽

Aparna Murthy ◽

Ahmad AbdulQadir Al Rababah ◽

Ghadeer Khader ◽

Haider Rasheed Abdulshaheed ◽

...

Keyword(s):

Data Privacy ◽

Smart Contracts ◽

Iot Security ◽

Security Issues ◽

Iot Applications ◽

Blockchain Technology ◽

Private Data ◽

Long Time ◽

It Applications

Blockchain innovation has picked up expanding consideration from investigating and industry over the later a long time. It permits actualizing in its environment the smart-contracts innovation which is utilized to robotize and execute deals between clients. Blockchain is proposed nowadays as the unused specialized foundation for a few sorts of IT applications. Blockchain would aid avoid the duplication of information because it right now does with Bitcoin and other cryptocurrencies. Since of the numerous hundreds of thousands of servers putting away the Bitcoin record, it’s impossible to assault and alter. An aggressor would need to change the record of 51 percent of all the servers, at the precise same time. The budgetary fetched of such an assault would distantly exceed the potential picks up. The same cannot be said for our private data that lives on single servers possessed by Google and Amazon. In this paper, we outline major Blockchain technology that based as solutions for IOT security. We survey and categorize prevalent security issues with respect to IoT data privacy, in expansion to conventions utilized for organizing, communication, and administration. We diagram security necessities for IoT together with the existing scenarios for using blockchain in IoT applications.

Download Full-text

CRYPTO-SPATIAL: AN OPEN STANDARDS SMART CONTRACTS LIBRARY FOR BUILDING GEOSPATIALLY ENABLED DECENTRALIZED APPLICATIONS ON THE ETHEREUM BLOCKCHAIN

ISPRS - International Archives of the Photogrammetry, Remote Sensing and Spatial Information Sciences ◽

10.5194/isprs-archives-xliii-b4-2020-421-2020 ◽

2020 ◽

Vol XLIII-B4-2020 ◽

pp. 421-426

Author(s):

A. Benahmed Daho

Keyword(s):

Design Patterns ◽

Object Oriented Programming ◽

Smart Contracts ◽

Proof Of Concept ◽

Transportation Energy ◽

Grid Systems ◽

Security Issues ◽

Blockchain Technology ◽

Spatial Features ◽

Generic Architecture

Abstract. Blockchain is an emerging immature technology that disrupt many well established industries nowadays, like finance, supply chain, transportation, energy, official registries (identity, vehicles, …). In this contribution we present a smart contracts library, named Crypto-Spatial, written for the Ethereum Blockchain and designed to serve as a framework for geospatially enabled decentralized applications (dApps) development. The main goal of this work is to investigate the suitability of Blockchain technology for the storage, retrieval and processing of vector geospatial data. The design and the proof-of-concept implementation presented are both based on the Open Geospatial Consortium standards: Simple Feature Access, Discrete Global Grid Systems (DGGS) and Well Known Binary (WKB). Also, the FOAM protocol concept of Crypto-Spatial Coordinate (CSC) was used to uniquely identify spatial features on the Blockchain immutable ledger. The design of the Crypto-Spatial framework was implemented as a set of smart contracts using the Solidity object oriented programming language. The implemented library was assessed toward Etheruem’s best practices design patterns and known security issues (common attacks). Also, a generic architecture for geospatially enabled decentralized applications, combining blockchain and IPFS technologies, was proposed. Finally, a proof-of-concept was developed using the proposed approach which main purpose is to port the UN/FAO-SOLA to Blockchain techspace allowing more transparency and simplifying access to users communities. The smart contracts of this prototype are live on the Rinkeby testnet and the frontend is hosted on Github pages. The source code of the work presented here is available on Github under Apache 2.0 license.

Download Full-text

Verification of HotStuff BFT Consensus Protocol With TLA+/TLC in an Industrial Setting

SHS Web of Conferences ◽

10.1051/shsconf/20219301006 ◽

2021 ◽

Vol 93 ◽

pp. 01006

Author(s):

Vladimir Kukharenko ◽

Kirill Ziborov ◽

Rafael Sadykov ◽

Ruslan Rezin

Keyword(s):

Formal Verification ◽

Formal Specification ◽

Fault Tolerant ◽

Software Implementation ◽

Actual Behavior ◽

Smart Contracts ◽

Consensus Protocol ◽

Verification Methods ◽

Formal Specification And Verification ◽

Specification And Verification

The extent of formal verification methods applied in industrial projects has always been limited. The proliferation of distributed ledger systems (DLS), also known as blockchain, is rapidly changing the situation. Since the main area of DLSs’ application is the automation of financial transactions, the properties of predictability and reliability are critical for implementing such systems. The actual behavior of the DLS is largely determined by the chosen consensus protocol, which properties require strict specification and formal verification. Formal specification and verification of the consensus protocol is necessary but not sufficient. It is also required to ensure that the software implementation of the DLS nodes complies with this protocol. Finally, the verified software implementation of the protocol must run on a fairly reliable operating system. The financial focus of DLS application has also led to the emergence of the so-called smart contracts, which are an important part of the applied implementations of specific business processes based on DLSs. Therefore, the verifiability of smart contracts is also a critical requirement for industrial DLSs. In this paper, we describe an ongoing industrial project between a large Russian airline and three universities – Innopolis University (IU), Moscow Institute of Physics and Technology (MIPT) and Lomonosov Moscow State University (MSU). The main expected project result is a DLS for more flexible refueling of aircrafts, verified at least at the four technological levels described above. After brief project overview, we focus on our experience with the formal specification and verification of HotStuff, a leader-based fault-tolerant protocol that ensures reaching distributed consensus in the presence of Byzantine processes. The formal specification of the protocol is performed in the TLA+ language and then verified with a specialized TLC tool to verify models based on TLA+ specifications.

Download Full-text

Survey of Formal Verification Methods for Smart Contracts on Blockchain

2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS) ◽

10.1109/ntms.2019.8763832 ◽

2019 ◽

Author(s):

Yvonne Murray ◽

David A. Anisi

Keyword(s):

Formal Verification ◽

Smart Contracts ◽

Verification Methods

Download Full-text

Concept of Blockchain Technology and Its Emergence

Blockchain Applications in IoT Security - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-2414-5.ch001 ◽

2021 ◽

pp. 1-20

Author(s):

Padmavathi U. ◽

Narendran Rajagopalan

Keyword(s):

Internet Of Things ◽

Educational Institutions ◽

The Internet ◽

Disruptive Technology ◽

Smart Contracts ◽

Security Issues ◽

Blockchain Technology ◽

Distributed Ledger ◽

Authentication And Authorization ◽

The Internet Of Things

Blockchain refers to a distributed ledger technology that helps people to regulate and manage their information without any intermediaries. This technology emerges as a promising panacea for authentication and authorization with potential for use in every possible domain including financial, manufacturing, educational institutions, etc. Blockchain has its birth through the concept of Bitcoin, a digital cryptocurrency by Satoshi Nakamoto, called as Blockchain 1.0. Blockchain 2.0 came into existence in 2014 with Ethereum and smart contracts. The challenges such as scalability, interoperability, sustainability, and governance led to the next generation of Blockchain also called as IOTA, a blockchainless cryptocurrency for the internet of things runs on the top of their own ledger called Tangle, which is immune towards quantum computers. This disruptive technology evolved to provide cross chain support and more security through Blockchain 4.0. Finally, the chapter concludes by discussing the various applications of this technology and its advantages and security issues.

Download Full-text

Edge Computing to Secure IoT Data Ownership and Trade with the Ethereum Blockchain

Sensors ◽

10.3390/s20143965 ◽

2020 ◽

Vol 20 (14) ◽

pp. 3965 ◽

Cited By ~ 1

Author(s):

Anum Nawaz ◽

Jorge Peña Queralta ◽

Jixin Guan ◽

Muhammad Awais ◽

Tuan Nguyen Gia ◽

...

Keyword(s):

Personal Data ◽

End Users ◽

Third Parties ◽

Smart Devices ◽

Smart Contracts ◽

Security Vulnerabilities ◽

Blockchain Technology ◽

Data Ownership ◽

Small Footprint ◽

The Internet Of Things

With an increasing penetration of ubiquitous connectivity, the amount of data describing the actions of end-users has been increasing dramatically, both within the domain of the Internet of Things (IoT) and other smart devices. This has led to more awareness of users in terms of protecting personal data. Within the IoT, there is a growing number of peer-to-peer (P2P) transactions, increasing the exposure to security vulnerabilities, and the risk of cyberattacks. Blockchain technology has been explored as middleware in P2P transactions, but existing solutions have mainly focused on providing a safe environment for data trade without considering potential changes in interaction topologies. we present EdgeBoT, a proof-of-concept smart contracts based platform for the IoT built on top of the ethereum blockchain. With the Blockchain of Things (BoT) at the edge of the network, EdgeBoT enables a wider variety of interaction topologies between nodes in the network and external services while guaranteeing ownership of data and end users’ privacy. in EdgeBoT, edge devices trade their data directly with third parties and without the need of intermediaries. This opens the door to new interaction modalities, in which data producers at the edge grant access to batches of their data to different third parties. Leveraging the immutability properties of blockchains, together with the distributed nature of smart contracts, data owners can audit and are aware of all transactions that have occurred with their data. we report initial results demonstrating the potential of EdgeBoT within the IoT. we show that integrating our solutions on top of existing IoT systems has a relatively small footprint in terms of computational resource usage, but a significant impact on the protection of data ownership and management of data trade.

Download Full-text

Formal Verification on the Safety of Internet of Vehicles Based on TPN and Z

Mathematical Problems in Engineering ◽

10.1155/2020/6618168 ◽

2020 ◽

Vol 2020 ◽

pp. 1-11

Author(s):

Yang Liu ◽

Liyuan Huang ◽

Jingwei Chen

Keyword(s):

Formal Verification ◽

Petri Net ◽

Formal Method ◽

Transportation Systems ◽

Frame Structure ◽

The Internet ◽

Internet Of Vehicles ◽

Accurate Localization ◽

Verification Methods

Nowadays, the Internet of Vehicles has become the focus of global technological innovation and transformation in the automotive industry. Its flow modelling appears to play a very important role for designing and controlling the transportation systems, since it is not only necessary for improving safety and transportation efficiency but also can yield a series of society, economy, and ecosystem environment problems. Considering the characteristics of the frame structure includes states and actions and discrete and continuous aspects of traffic flow dynamics, both petri net and Z have proved to be useful tools for modelling the Internet of Vehicles. It can formally describe the vehicle behavior accurately with petri net and more details with Z frame structure. A new integration formal method of time petri net and Z is presented in this paper for modelling the vehicle behaviors and traffic rules through taking into account state dependencies on external rules. Moreover, a case study in the Internet of Vehicles is proposed to deal with the accurate localization of events. It shows that this formal verification methods significantly improves the safety and intelligence of the Internet of Vehicles.

Download Full-text

Formal Verification of Control System Software

10.23943/princeton/9780691181301.001.0001 ◽

2019 ◽

Author(s):

Pierre-Loïc Garoche

Keyword(s):

Control System ◽

Formal Verification ◽

Formal Analysis ◽

Critical Systems ◽

System Software ◽

Unified Approach ◽

Verification Methods ◽

Autonomous Cars ◽

Computer Scientists ◽

Verification Techniques

The verification of control system software is critical to a host of technologies and industries, from aeronautics and medical technology to the cars we drive. The failure of controller software can cost people their lives. This book provides control engineers and computer scientists with an introduction to the formal techniques for analyzing and verifying this important class of software. Too often, control engineers are unaware of the issues surrounding the verification of software, while computer scientists tend to be unfamiliar with the specificities of controller software. The book provides a unified approach that is geared to graduate students in both fields, covering formal verification methods as well as the design and verification of controllers. It presents a wealth of new verification techniques for performing exhaustive analysis of controller software. These include new means to compute nonlinear invariants, the use of convex optimization tools, and methods for dealing with numerical imprecisions such as floating point computations occurring in the analyzed software. As the autonomy of critical systems continues to increase—as evidenced by autonomous cars, drones, and satellites and landers—the numerical functions in these systems are growing ever more advanced. The techniques presented here are essential to support the formal analysis of the controller software being used in these new and emerging technologies.

Download Full-text

Third Party Certification of Agri-Food Supply Chain Using Smart Contracts and Blockchain Tokens

Sensors ◽

10.3390/s21165307 ◽

2021 ◽

Vol 21 (16) ◽

pp. 5307

Author(s):

Ricardo Borges dos Santos ◽

Nunzio Marco Torrisi ◽

Rodrigo Palucci Pantoni

Keyword(s):

Supply Chain ◽

Mobile Application ◽

Consumer Behaviour ◽

Economic Incentives ◽

Third Party ◽

Smart Contracts ◽

Proof Of Concept ◽

Socially Responsible ◽

The Public ◽

Blockchain Technology

Every consumer’s buying decision at the supermarket influences food brands to make first party claims of sustainability and socially responsible farming methods on their agro-product labels. Fine wines are often subject to counterfeit along the supply chain to the consumer. This paper presents a method for efficient unrestricted publicity to third party certification (TPC) of plant agricultural products, starting at harvest, using smart contracts and blockchain tokens. The method is capable of providing economic incentives to the actors along the supply chain. A proof-of-concept using a modified Ethereum IGR token set of smart contracts using the ERC-1155 standard NFTs was deployed on the Rinkeby test net and evaluated. The main findings include (a) allowing immediate access to TPC by the public for any desired authority by using token smart contracts. (b) Food safety can be enhanced through TPC visible to consumers through mobile application and blockchain technology, thus reducing counterfeiting and green washing. (c) The framework is structured and maintained because participants obtain economical incentives thus leveraging it´s practical usage. In summary, this implementation of TPC broadcasting through tokens can improve transparency and sustainable conscientious consumer behaviour, thus enabling a more trustworthy supply chain transparency.

Download Full-text

A Robot Operating System Framework for Secure UAV Communications

Sensors ◽

10.3390/s21041369 ◽

2021 ◽

Vol 21 (4) ◽

pp. 1369

Author(s):

Hyojun Lee ◽

Jiyoung Yoon ◽

Min-Seong Jang ◽

Kyung-Joon Park

Keyword(s):

Operating System ◽

Unmanned Aerial Vehicles ◽

Ground Control ◽

Unmanned Aerial System ◽

Security Framework ◽

Security Vulnerabilities ◽

Robot Operating System ◽

Security Issues ◽

Aerial Vehicles ◽

Ground Control Station

To perform advanced operations with unmanned aerial vehicles (UAVs), it is crucial that components other than the existing ones such as flight controller, network devices, and ground control station (GCS) are also used. The inevitable addition of hardware and software to accomplish UAV operations may lead to security vulnerabilities through various vectors. Hence, we propose a security framework in this study to improve the security of an unmanned aerial system (UAS). The proposed framework operates in the robot operating system (ROS) and is designed to focus on several perspectives, such as overhead arising from additional security elements and security issues essential for flight missions. The UAS is operated in a nonnative and native ROS environment. The performance of the proposed framework in both environments is verified through experiments.

Download Full-text