Blockchain-based Multi-Party Authorization for Accessing IPFS Encrypted Data

Multi-party authorization (MPA) typically involves multiple parties to control and grant access to shared data. MPA is used to solve the insider’s attack problem by ensuring that a single authority or party is not acting alone. Currently, almost all existing implementations of MPA are centralized and fall short in providing logs and events related to provenance of granting permissions in a trusted, secure, immutable, auditable, and decentralized manner. Moreover, for sharing data, proxy re-encryption algorithms are often used to give secure access to encrypted shared data. These schemes and algorithms are also centralized and cannot be trusted. In this paper, we propose a fully decentralized blockchain-based solution in which MPA is implemented using Ethereum smart contracts, and proxy re-encryption algorithms (which are computationally expensive) are implemented using multiple oracles to give access to encrypted shared data stored on a public and decentralized storage platform, such as the Interplanetary File Systems (IPFS). The smart contracts help to validate results based on the majority of encrypted results determined by the oracles. For this, we incorporate reputation mechanisms in the proposed smart contracts to rate the oracles based on their malicious and non-malicious behaviors. We present algorithms along with their full implementation, testing, and validation details. We evaluate the proposed system in terms of security, cost, and generalization to show its reliability and practicality. We make the smart contract source code publicly available on Github.

Download Full-text

Blockchain-based Solution for COVID-19 Digital Medical Passports and Immunity Certificates

10.36227/techrxiv.12800360.v2 ◽

2021 ◽

Author(s):

Haya R. Hasan ◽

Khaled Salah ◽

Raja Jayaraman ◽

Junaid Arshad ◽

Ibrar Yaqoob ◽

...

Keyword(s):

Security Analysis ◽

File Systems ◽

Smart Contracts ◽

Design Development ◽

False Information ◽

Effective Response ◽

Smart Contract ◽

Medical Facilities ◽

The World ◽

The Cost

COVID-19 has emerged as a highly contagious disease which has caused a devastating impact across the world with a very large number of infections and deaths. Timely and accurate testing is paramount to an effective response to this pandemic as it helps identify infections and therefore mitigate (isolate/cure) them. In this paper, we investigate this challenge and contribute by presenting a blockchain-based solution that incorporates self-sovereign identity, re-encryption proxies, and decentralized storage, such as the interplanetary file systems (IPFS). Our solution implements digital medical passports (DMP) and immunity certificates for COVID-19 test-takers. We present smart contracts based on the Ethereum blockchain written and tested successfully to maintain a digital medical identity for test-takers that help in a prompt trusted response directly by the relevant medical authorities. We reduce the response time of the medical facilities, alleviate the spread of false information by using immutable trusted blockchain, and curb the spread of the disease through DMP. We present a detailed description of the system design, development, and evaluation (cost and security analysis) for the proposed solution. Since our code leverages the use of the on-chain events, the cost of our design is almost negligible. We have made our smart contract codes publicly available on Github.

Download Full-text

Blockchain-based Solution for COVID-19 Digital Medical Passports and Immunity Certificates

10.36227/techrxiv.12800360 ◽

2020 ◽

Author(s):

Haya R. Hasan ◽

Khaled Salah ◽

Raja Jayaraman ◽

Junaid Arshad ◽

Ibrar Yaqoob ◽

...

Keyword(s):

Security Analysis ◽

File Systems ◽

Smart Contracts ◽

Design Development ◽

False Information ◽

Effective Response ◽

Smart Contract ◽

Medical Facilities ◽

The World ◽

The Cost

COVID-19 has emerged as a highly contagious disease which has caused a devastating impact across the world with a very large number of infections and deaths. Timely and accurate testing is paramount to an effective response to this pandemic as it helps identify infections and therefore mitigate (isolate/cure) them. In this paper, we investigate this challenge and contribute by presenting a blockchain-based solution that incorporates self-sovereign identity, re-encryption proxies, and decentralized storage, such as the interplanetary file systems (IPFS). Our solution implements digital medical passports (DMP) and immunity certificates for COVID-19 test-takers. We present smart contracts based on the Ethereum blockchain written and tested successfully to maintain a digital medical identity for test-takers that help in a prompt trusted response directly by the relevant medical authorities. We reduce the response time of the medical facilities, alleviate the spread of false information by using immutable trusted blockchain, and curb the spread of the disease through DMP. We present a detailed description of the system design, development, and evaluation (cost and security analysis) for the proposed solution. Since our code leverages the use of the on-chain events, the cost of our design is almost negligible. We have made our smart contract codes publicly available on Github.

Download Full-text

An Organized Repository of Ethereum Smart Contracts’ Source Codes and Metrics

Future Internet ◽

10.3390/fi12110197 ◽

2020 ◽

Vol 12 (11) ◽

pp. 197

Author(s):

Giuseppe Antonio Pierro ◽

Roberto Tonelli ◽

Michele Marchesi

Keyword(s):

Software Engineering ◽

Software Metrics ◽

Source Code ◽

Empirical Software Engineering ◽

Specific Information ◽

Smart Contracts ◽

Data Set ◽

Source Codes ◽

Engineering Studies ◽

Smart Contract

Many empirical software engineering studies show that there is a need for repositories where source codes are acquired, filtered and classified. During the last few years, Ethereum block explorer services have emerged as a popular project to explore and search for Ethereum blockchain data such as transactions, addresses, tokens, smart contracts’ source codes, prices and other activities taking place on the Ethereum blockchain. Despite the availability of this kind of service, retrieving specific information useful to empirical software engineering studies, such as the study of smart contracts’ software metrics, might require many subtasks, such as searching for specific transactions in a block, parsing files in HTML format, and filtering the smart contracts to remove duplicated code or unused smart contracts. In this paper, we afford this problem by creating Smart Corpus, a corpus of smart contracts in an organized, reasoned and up-to-date repository where Solidity source code and other metadata about Ethereum smart contracts can easily and systematically be retrieved. We present Smart Corpus’s design and its initial implementation, and we show how the data set of smart contracts’ source codes in a variety of programming languages can be queried and processed to get useful information on smart contracts and their software metrics. Smart Corpus aims to create a smart-contract repository where smart-contract data (source code, application binary interface (ABI) and byte code) are freely and immediately available and are classified based on the main software metrics identified in the scientific literature. Smart contracts’ source codes have been validated by EtherScan, and each contract comes with its own associated software metrics as computed by the freely available software PASO. Moreover, Smart Corpus can be easily extended as the number of new smart contracts increases day by day.

Download Full-text

SESCon: Secure Ethereum Smart Contracts by Vulnerable Patterns’ Detection

Security and Communication Networks ◽

10.1155/2021/2897565 ◽

2021 ◽

Vol 2021 ◽

pp. 1-14

Author(s):

Amir Ali ◽

Zain Ul Abideen ◽

Kalim Ullah

Keyword(s):

Static Analysis ◽

Source Code ◽

Analysis Tool ◽

Smart Contracts ◽

Vulnerability Detection ◽

Taint Analysis ◽

Analysis Techniques ◽

Blockchain Technology ◽

Smart Contract ◽

Static Analysis Tool

Ethereum smart contracts have been gaining popularity toward the automation of so many domains, i.e., FinTech, IoT, and supply chain, which are based on blockchain technology. The most critical domain, e.g., FinTech, has been targeted by so many successful attacks due to its financial worth of billions of dollars. In all attacks, the vulnerability in the source code of smart contracts is being exploited and causes the steal of millions of dollars. To find the vulnerability in the source code of smart contracts written in Solidity language, a state-of-the-art work provides a lot of solutions based on dynamic or static analysis. However, these tools have shown a lot of false positives/negatives against the smart contracts having complex logic. Furthermore, the output of these tools is not reported in a standard way with their actual vulnerability names as per standards defined by the Ethereum community. To solve these problems, we have introduced a static analysis tool, SESCon (secure Ethereum smart contract), applying the taint analysis techniques with XPath queries. Our tool outperforms other analyzers and detected up to 90% of the known vulnerability patterns. SESCon also reports the detected vulnerabilities with their titles, descriptions, and remediations as per defined standards by the Ethereum community. SESCon will serve as a foundation for the standardization of vulnerability detection.

Download Full-text

SEMANTIC APPROACH TO SMART CONTRACT VERIFICATION

Facta Universitatis Series Automatic Control and Robotics ◽

10.22190/fuacr2001021p ◽

2020 ◽

Vol 19 (1) ◽

pp. 021

Author(s):

Nenad Petrović ◽

Milorad Tošić

Keyword(s):

Domain Knowledge ◽

Expert Knowledge ◽

Semantic Representation ◽

Formal Semantics ◽

Source Code ◽

Limiting Factors ◽

Smart Contracts ◽

Semantic Approach ◽

Blockchain Technology ◽

Smart Contract

Vulnerabilities of smart contract are certainly one of the limiting factors for wider adoption of blockchain technology. Smart contracts written in Solidity language are considered due to common adoption of the Ethereum blockchain platform. Despite its popularity, the semantics of the language is not completely documented and relies on implicit mechanisms not publicly available and as such vulnerable to possible attacks. In addition, creating formal semantics for the higher-level language provides support to veriﬁcation mechanisms. In this paper, a novel approach to smart contact verification is presented that uses ontologies in order to leverage semantic annotations of the smart contract source code combined with semantic representation of domain-specific aspects. The following aspects of smart contracts, apart from source code are taken into consideration for verification: business logic, domain knowledge, run-time state changes and expert knowledge about vulnerabilities. Main advantages of the proposed verification approach are platform independence and extendability.

Download Full-text

Smart Contract Vulnerability Detection: From Pure Neural Network to Interpretable Graph Feature and Expert Pattern Fusion

Proceedings of the Thirtieth International Joint Conference on Artificial Intelligence ◽

10.24963/ijcai.2021/379 ◽

2021 ◽

Author(s):

Zhenguang Liu ◽

Peng Qian ◽

Xiang Wang ◽

Lei Zhu ◽

Qinming He ◽

...

Keyword(s):

Deep Learning ◽

Expert Knowledge ◽

Source Code ◽

Smart Contracts ◽

Learning Approaches ◽

Vulnerability Detection ◽

Security Issues ◽

The Past ◽

Smart Contract ◽

Local Expert

Smart contracts hold digital coins worth billions of dollars, their security issues have drawn extensive attention in the past years. Towards smart contract vulnerability detection, conventional methods heavily rely on fixed expert rules, leading to low accuracy and poor scalability. Recent deep learning approaches alleviate this issue but fail to encode useful expert knowledge. In this paper, we explore combining deep learning with expert patterns in an explainable fashion. Specifically, we develop automatic tools to extract expert patterns from the source code. We then cast the code into a semantic graph to extract deep graph features. Thereafter, the global graph feature and local expert patterns are fused to cooperate and approach the final prediction, while yielding their interpretable weights. Experiments are conducted on all available smart contracts with source code in two platforms, Ethereum and VNT Chain. Empirically, our system significantly outperforms state-of-the-art methods. Our code is released.

Download Full-text

Blockchain for Giving Patients Control over their Medical Records

10.36227/techrxiv.12906518.v1 ◽

2020 ◽

Author(s):

Mohammad Madine ◽

Ammar Battah ◽

Ibrar Yaqoob ◽

Khaled Salah ◽

Raja Jayaraman ◽

...

Keyword(s):

Performance Metrics ◽

Single Point ◽

Security Analysis ◽

File Systems ◽

Medical Data ◽

Personal Health ◽

Smart Contracts ◽

Health Records ◽

Information Giving ◽

Smart Contract

Personal health records (PHRs) are valuable assets to individuals because they enable them to integrate and manage their medical data. A PHR is an electronic application through which patients can manage their health information. Giving patients control over their medical data offers an advantageous realignment of the doctor-patient dynamic. However, today's PHR management systems fall short of giving reliable, traceable, trustful, and secure patients control over their medical data, which poses serious threats to their authenticity and accuracy. Moreover, most of the current approaches and systems leveraged for managing PHR are centralized that not only make medical data sharing difficult but also poses a risk of single point of failure problem. In this paper, we propose Ethereum blockchain-based smart contracts to give patients control over their data in a manner that is decentralized, immutable, transparent, traceable, trustful, and secure. The proposed system employs decentralized storage of interplanetary file systems (IPFS), proxy re-encryption, and trusted reputation-based oracles to securely fetch, store, and share patients' medical data. We present algorithms along with their full implementation details. We evaluate the proposed smart contracts using two important performance metrics, such as cost and correctness. Furthermore, we provide security analysis and discuss the generalization aspects of our solution. We outline the limitations of the proposed approach. We make the smart contract source code publicly available on Github.

Download Full-text

Evolution Process and Supply Chain Adaptation of Smart Contracts in Blockchain

Journal of Mathematics ◽

10.1155/2022/2839566 ◽

2022 ◽

Vol 2022 ◽

pp. 1-13

Author(s):

Yue Wu ◽

Junxiang Li ◽

Jiru Zhou ◽

Shichang Luo ◽

Liwei Song

Keyword(s):

Supply Chain ◽

Business Process ◽

Source Code ◽

Evolution Process ◽

Future Research ◽

Chain Model ◽

Smart Contracts ◽

Application Field ◽

Smart Contract ◽

Block Chain

Because of its unique decentralization, encryption, reliability, and tamper-proof, the block chain system makes smart contracts break through the shackles of the lack of trusted environment, and its application field keeps expanding. We read the source code and official documents of Bitcoin, Ethereum, and Hyperledger to explore the operation principle and implementation mode of smart contract. By analyzing the evolution process of smart contracts in blockchain and the sequence of its function expansion, according to the multirole business process of supply chain, we design a semipublic smart contract chain model based on Ethereum and Hyperledger in order to provide useful inspiration and help for the future research of smart contracts in blockchain applied in supply chain.

Download Full-text

Blockchain-based Solution for COVID-19 Digital Medical Passports and Immunity Certificates

10.36227/techrxiv.12800360.v1 ◽

2020 ◽

Author(s):

Haya R. Hasan ◽

Khaled Salah ◽

Raja Jayaraman ◽

Junaid Arshad ◽

Ibrar Yaqoob ◽

...

Keyword(s):

Security Analysis ◽

File Systems ◽

Smart Contracts ◽

Design Development ◽

False Information ◽

Effective Response ◽

Smart Contract ◽

Medical Facilities ◽

The World ◽

The Cost

COVID-19 has emerged as a highly contagious disease which has caused a devastating impact across the world with a very large number of infections and deaths. Timely and accurate testing is paramount to an effective response to this pandemic as it helps identify infections and therefore mitigate (isolate/cure) them. In this paper, we investigate this challenge and contribute by presenting a blockchain-based solution that incorporates self-sovereign identity, re-encryption proxies, and decentralized storage, such as the interplanetary file systems (IPFS). Our solution implements digital medical passports (DMP) and immunity certificates for COVID-19 test-takers. We present smart contracts based on the Ethereum blockchain written and tested successfully to maintain a digital medical identity for test-takers that help in a prompt trusted response directly by the relevant medical authorities. We reduce the response time of the medical facilities, alleviate the spread of false information by using immutable trusted blockchain, and curb the spread of the disease through DMP. We present a detailed description of the system design, development, and evaluation (cost and security analysis) for the proposed solution. Since our code leverages the use of the on-chain events, the cost of our design is almost negligible. We have made our smart contract codes publicly available on Github.

Download Full-text