Security in the online world has become fundamental to consumer confidence and the online economy and blockchain technologies (BCT, for short) have emerged as a powerful digital abstraction of trust and stand out as a promising alternative to deal with it in the online world, providing the foundations of a transparent and connected system where corruption is easily detectable. Their potential ranges from cryptocurrencies and smart contracts to real distributed applications and complex networks such as the IoT, creating a new paradigm of digital communications in a move towards more secure and reliable systems.
The simplicity of the blockchain design and the availability of open-source implementations allowed companies to easily create new solutions. Furthermore, as BCT leverage peer-to-peer networks and span computation among peers, they are very convenient in terms of cost. For these reasons, BCT have grown and spread rapidly. On the other hand, research on BCT did not develop as quickly, due to their recent introduction and to a lack of interaction between the industrial and scientific worlds, thus leading to a gap that needs to be bridged. In particular, a lot more research needs to be conducted on the integration of BCT into the IoT ecosystem, and its security-related implications.
To improve this situation and to provide better instruments for the design of enhanced BCT that can serve as top class security solutions, BAnDIT is committed to a joint approach that combines engineering know-how and technical skills as well as scientific and mathematical knowledge is necessary. To achieve this, close interaction and cooperation of Industry and Academia are of paramount importance: not only to improve the underlying blockchain technology but also to verify that it meets Industry requirements and that it is deployable and compliant with Industry standards and regulations.
The Individual Research Projects (IRPs) in which the project pivots are the following:
Formal analysis of the blockchain technology
The word blockchain is often used more as a buzzword than a specific description of a technology. This usually leads to incorrect applications of BCT to projects usually disconnected from the real BC capabilities. A formal and scientific understanding of BCT represents the primal step to correctly apply BCT on real-use cases. In this track, we methodically discuss the most relevant BCT from an academic perspective, highlighting how they should be applied in several industrial scenarios.
Furthermore, we investigate new blockchain protocols in order to tackle some of the most important open problems in the area: speed of transactions, security of transactions and privacy of the protocol. This will provide a better understanding of the current limitations of BCT, and possible techniques to overcome them.
Advanced attacks and defense techniques for blockchain-based applications
As opposed to the Internet and the protocols used for it, the security of blockchain protocols and architectures has not been formally analyzed. Currently, the only known research on the security of a blockchain network evaluated the use of the Bitcoin blockchain as a Command & Control communication vector between infected nodes in a botnet. However, the Bitcoin blockchain data structure as well as the data structures and protocols being used in other blockchain implementations have not been investigated yet as attack vectors. This IPR will then analyze the blockchain technology main pillars to design new attacks as well as to implement new tools for the assessment of blockchain-based applications, and finally design an auditing framework, capable of verifying the presence of security flaws with respect to the blockchain.
Auditing systems for blockchain-based applications
The excitement around blockchain and smart contracts arise from the unique capabilities of having functions being written, verified and executed in an automated and distributed environment. However, this puts a lot of responsibility on the developers that are going to either write the contracts or to design the whole blockchain-based application running on top of them. Needless to say, this might then lead to an unpleasant situation in which malicious users deliberately write malicious code to make blockchain-based applications in unintended ways.
Economic and legal foundations
Given the immutable nature of smart contracts, non-trivial defects and security holes may be difficult to find and to fix. The work on this ESR is then to design an auditing platform that can be deployed within real-world infrastructures and assess the trustworthiness level of the running blockchain before major issues arise.
The double-spending prevention mechanism firstly designed in Bitcoin provides a probabilistic guarantee that transactions will not be reversed or redirected but it requires the assumption that it is improbable for an attacker to obtain a majority of mining power in the network. However, this has been shown to be a strong assumption in the past and new attack techniques such as the whale attack showed that a minority attacker can increase her chances of double-spending by incentivizing miners to subvert the consensus protocol and to collude via whales transactions. It is then important to analyze blockchain attacks not only from a technical perspective but also from an economical one. This IRP aims at providing an analysis of the impact of economic models on blockchain attacks. To design new proof of work mining algorithm based on new/enhanced economic models which could also improve the cryptocurrency sustainability.