nach oben

Peer-to-Peer Networking and Applications

Erschienen in:

05.09.2020

Penetration testing framework for smart contract Blockchain

verfasst von: Akashdeep Bhardwaj, Syed Bilal Hussian Shah, Achyut Shankar, Mamoun Alazab, Manoj Kumar, Thippa Reddy Gadekallu

Erschienen in: Peer-to-Peer Networking and Applications | Ausgabe 5/2021

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Smart contracts powered by blockchain ensure transaction processes are effective, secure and efficient as compared to conventional contacts. Smart contracts facilitate trustless process, time efficiency, cost effectiveness and transparency without any intervention by third party intermediaries like lawyers. While blockchain can counter traditional cybersecurity attacks on smart contract applications, cyberattacks keep evolving in the form of new threats and attack vectors that influence blockchain similar to other web and application based systems. Effective blockchain testing help organizations to build and utilize the technology securely withe connected infrastructure. However, during the course of our research, the authors detected that Blockchain technology comes with security considerations like irreversible transactions, insufficient access, and non-competent strategies. Attack vectors, like these are not found on web portals and other applications. This research presents a new Penetration Testing framework for smart contracts and decentralized apps. The authors compared results from the proposed penetration-testing framework with automated penetration test Scanners. The results detected missing vulnerability that were not reported during regular pen test process.

Vorheriger Artikel Analysis and mathematical modeling of big data processing

Nächster Artikel An efficient secure data compression technique based on chaos and adaptive Huffman coding

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Greenspan G (2018) Why Many Smart Contract Use Cases Are Simply Impossible. Retrieved March 10, 2020, from https://www.coindesk.com/three-smart-contract-misconceptions

Tsankov P (2018) Security practical security analysis of smart contracts. ArXiv preprint, arXiv: 1806.01143v2

Wang F, Yuan Y, Rong C, Zhang J (2018) Parallel Blockchain: an architecture for CPSS-based smart societies. IEEE transactions of. Comput Soc 5(2):303–310

Zhang Y (2018) Smart contract-based access control for internet of things (IoT). ArXiv Preprint arXiv 1802(04410):2018

Xu L, Mcardle G (2018) Internet of too many things in smart transport: the problem, the side effects and the solution. IEEE Access 6:62840–62848. https://doi.org/10.1109/ACCESS.2018.2877175CrossRef

Li Y, Cheng X, Cao Y, Wang D, Yang Y (2018) Smart choice for the smart grid: narrowband internet of things (NB-IoT). IEEE Internet Things J 5(3):1505–1515. https://doi.org/10.1109/JIOT.2017.2781251CrossRef

Amani S, Bégel M, Bortin M, Staples M (2018) Towards verifying Ethereum smart contract Bytecode in Isabelle/HOL. Proceedings of 7th ACM SIGPLAN international conference for certified program proofs (CPP), Los Angeles, 66–77

Wang S (2018) A preliminary research of prediction markets based on Blockchain powered smart contracts. Proceedings of IEEE international conference of Blockchain, 1287–1293

Chang T, Svetinovic D (2019) Improving Bitcoin ownership identification using transaction patterns analysis. IEEE Trans Syst Man Cyber Syst Pub 50:9–20. https://doi.org/10.1109/TSMC.2018.2867497CrossRef

10.

Australian Securities Exchange (2018) CHESS Replacement. Retrieved February 15, 2020 from https://www.asx.com.au/services/chess-replacement.htm

11.

US Securities and Exchange Commission (2018). Investor Bulletin: Initial Coin Offerings. Retrieved February 5, 2020, from https://www.sec.gov/oiea/investor-alerts-and-bulletins/ib_coinofferings

12.

Zhang J (2018) Cyber-physical social systems: the state of the art and perspectives. IEEE Trans Comput Soc 5(3):829–840CrossRef

13.

What is a DAO? (2018) Retrieved February 17, 2020, from https://blockchainhub.net/dao-decentralized-autonomous-organization

14.

Wan J, Li J, Imran M, Li M, Fazal A (2019) Blockchain-based solution for enhancing security and privacy in smart factory. IEEE transactions on industrial informatics (early access), IEEE systems, man, and cybernetics society. https://doi.org/10.1109/TII.2019.2894573

15.

Pouttu A, Liinamaa O, Destino G (2018) 5G test network (5GTN) — environment for demonstrating 5G and IoT convergence during 2018 Korean Olympics between Finland and Korea," IEEE INFOCOM 2018 - IEEE conference on computer communications workshops (INFOCOM WKSHPS), Honolulu, HI, 2018, pp. 1–2, https://doi.org/10.1109/INFCOMW.2018.8406996

16.

Choo K, Gritzalis S, Park J (2018) Cryptographic solutions for industrial internet-of-things: research challenges and opportunities. IEEE Trans Industrial Info 14(8):3567–3569. https://doi.org/10.1109/TII.2018.2841049CrossRef

17.

Tonelli R, Lunesu M, Pinna A, Taibi D, Marchesi M (2019) Implementing a microservices system with Blockchain smart contracts. IEEE international workshop on Blockchain oriented software engineering (IWBOSE), Hangzhou. https://doi.org/10.1109/IWBOSE.2019.8666520CrossRef

18.

Amoordon A, Rocha H (2019) Presenting Tendermint: Idiosyncrasies, Weaknesses, and Good Practices. IEEE international workshop on Blockchain oriented software engineering (IWBOSE), Hangzhou. https://doi.org/10.1109/IWBOSE.2019.8666541CrossRef

19.

Yamashita K, Nomura Y, Zhou F, Pi B, Jun S (2019) Potential risks of hyper ledger fabric smart contracts. IEEE international workshop on Blockchain oriented software engineering (IWBOSE), Hangzhou. https://doi.org/10.1109/IWBOSE.2019.8666486CrossRef

20.

Al-Jaroodi J, Mohamed N (2019) Industrial applications of Blockchain. IEEE 9th annual computing and communication workshop and conference (CCWC), Las Vegas. https://doi.org/10.1109/CCWC.2019.8666530CrossRef

21.

The Energy Web Foundation (2018) Promising Blockchain Applications for Energy: Separating the Signal from the Noise. Retrieved April 2, 2020, from http://www.coinsay.com/wp-content/uploads/2018/07/Energy-Futures-Initiative-Promising-Blockchain-Applications-for-Energy.pdf

22.

Mohamed N, Al-Jaroodi J (2019) Applying Blockchain in industry 4.0 applications. IEEE 9th annual computing and communication workshop and conference (CCWC), Las Vegas. https://doi.org/10.1109/CCWC.2019.8666558

23.

Draper A, Familrouhani A, Cao D, Heng T, Han W (2019) Security applications and challenges in Blockchain. IEEE international conference on consumer electronics (ICCE), Las Vegas, NV https://doi.org/10.1109/ICCE.2019.8661914

24.

Mahmood S, Hasan R, Ullah A, Sarker U (2019) SMART security alert system for monitoring and controlling container transportation. 4th MEC international conference on big data and Smart City (ICBDSC), Muscat. https://doi.org/10.1109/ICBDSC.2019.8645574

25.

Tateishi T, Yoshihama S, Sato N, Saito S (2019) Automatic smart contract generation using controlled natural language and template. IBM J Res Dev (Early Access), IBM. https://doi.org/10.1147/JRD.2019.2900643

26.

Wang S, Ouyang L, Yuan Y, Ni X, Han X, Wang F (2019) Blockchain-enabled smart contracts: architecture, applications, and future trends. IEEE transactions on systems, man, and cybernetics: systems (early access), IEEE systems, man, and cybernetics society. https://doi.org/10.1109/TSMC.2019.2895123

27.

Hildenbrandt E (2018) KEVM: A complete formal semantics of the Ethereum virtual machine. IEEE 31^st computer Security Foundation symposium (CSF), 204–217

28.

Ozyilmaz R, Yurdakul A (2019) Designing a Blockchain-based IoT with Ethereum, swarm, and LoRa: the software solution to create high availability with minimal security risks. IEEE consumer electronics magazine, volume: 8, issue 2, 28–34. IEEE Consum Electron Soc 8:28–34. https://doi.org/10.1109/MCE.2018.2880806

29.

Knirsch F, Unterweger A, Engel D (2018) Privacy-preserving Blockchain-based electric vehicle charging with dynamic tariff decisions. Compute. Sci. Res. Develop. 33(1–2):71–79CrossRef

30.

Suliman A, Husain Z, Abououf M, Alblooshi M, Salah K (2019) Monetization of IoT data using smart contracts. IET Networks 8(1):32–37. https://doi.org/10.1049/iet-net.2018.5026CrossRef

31.

Wood G (2016). Ethereum: A secure decentralized generalized transaction ledger. Retrieved March 15, 2020, from https://ethereum.github.io/yellowpaper/paper.pdf

32.

Alladi T, Chamola V, Parizi R Choo R (2019) Blockchain applications for industry 4.0 and industrial IoT: a review. IEEE access, special section on distributed computing infrastructure for cyber-physical systems, volume 2019 (7). https://doi.org/10.1109/ACCESS.2019.2956748

33.

Ch R, Gadekallu T, Abidi M, Al-Ahmari A (2020) Computational system to classify cyber crime offenses using machine learning. MDPI J Sustainability 12. https://doi.org/10.3390/su12104087

34.

Azab A, Alazab M, Aiash M (2016) Machine learning based botnet identification traffic. In 2016 IEEE Trustcom/BigDataSE/ISPA (pp 1788-1794). IEEE

35.

Reddy GT, Sudheer K, Rajesh K, Lakshmanna K (2014) Employing data mining on highly secured private clouds for implementing a security-asa-service framework. J Theor Appl Inf Technol 59(2):317–326

36.

Qin R, Yuan Y, Wang Y (2018) Research on the selection strategies of Blockchain mining pools. IEEE Trans Comput Soc 5(3):748–757CrossRef

37.

Gatteschi V, Lamberti F, Demartini C, Pranteda C, Santamaria V (2018) Blockchain and smart contracts for insurance: is the technology mature enough? IEEE Future Internet 10(2):20–26CrossRef

38.

Lin C, Wang Z, Deng J, Wang L, Ren J, Wu G (2018) mTS: temporal-and spatial-collaborative charging for wireless rechargeable sensor networks with multiple vehicles. IEEE INFOCOM 2018 - IEEE conference on computer communications. Honolulu, HI 2018:99–107. https://doi.org/10.1109/INFOCOM.2018.8486402CrossRef

39.

Struye J, Braem B, Latré S, Marquez-Barja J (2018) The CityLab testbed — large-scale multi-technology wireless experimentation in a city environment: neural network-based interference prediction in a smart city, vol 2018. IEEE INFOCOM 2018 - IEEE conference on computer communications workshops (INFOCOM WKSHPS), Honolulu, pp 529–534. https://doi.org/10.1109/INFCOMW.2018.8407018

40.

Shah B, Chen Z, Yin F, Khan I, Ahmad N (2018) Energy and interoperable aware routing for throughput optimization in clustered IoT-wireless sensor networks. Futur Gener Comput Syst 81:372–381CrossRef

41.

Shah B, Zhe C, Yin F, Khan I, Begum S, Faheem M, Khan F (2018) 3D weighted centroid algorithm & RSSI ranging model strategy for node localization in WSN based on smart devices. Sustain Cities Soc 39:298–308CrossRef

42.

Numan M, Subhan F, Khan WZ, Hakak S, Haider S, Reddy G, Alazab M (2020) A systematic review on clone node detection in static wireless sensor networks. IEEE Access 8:65450–65461CrossRef

43.

Bhattacharya S, Kaluri R, Singh S, Alazab M, Tariq U (2020) A novel PCA-firefly based XGBoost classification model for intrusion detection in networks using GPU. Electronics 9(2):219CrossRef

Titel: Penetration testing framework for smart contract Blockchain
verfasst von: Akashdeep Bhardwaj
Syed Bilal Hussian Shah
Achyut Shankar
Mamoun Alazab
Manoj Kumar
Thippa Reddy Gadekallu
Publikationsdatum: 05.09.2020
Verlag: Springer US
Erschienen in: Peer-to-Peer Networking and Applications / Ausgabe 5/2021
Print ISSN: 1936-6442
Elektronische ISSN: 1936-6450
DOI: https://doi.org/10.1007/s12083-020-00991-6

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 5/2021

A robust and lightweight secure access scheme for cloud based E-healthcare services

A double-layer collaborative apportionment method for personalized and balanced routing

Downlink aware data scheduling with delay guarantees in resource-limited leo satellite networks

Path loss modelling at 60 GHz mmWave based on cognitive 3D ray tracing algorithm in 5G

Blockchain smart contracts: Applications, challenges, and future trends

A decentralized vehicle anti-theft system using Blockchain and smart contracts

Premium Partner