G-HIN2Vec: Distributed Heterogeneous Graph Representations for Cardholder Transactions

Scientific Conference (2023, March 27)

Graph related tasks, such as graph classification and clustering, have been substantially improved with the advent of graph neural networks (GNNs). However, existing graph embedding models focus on ... [more ▼]

Graph related tasks, such as graph classification and clustering, have been substantially improved with the advent of graph neural networks (GNNs). However, existing graph embedding models focus on homogeneous graphs that ignore the heterogeneity of the graphs. Therefore, using homogeneous graph embedding models on heterogeneous graphs discards the rich semantics of graphs and achieves average performance, especially by utilizing unlabeled information. However, limited work has been done on whole heterogeneous graph embedding as a supervised task. In light of this, we investigate unsupervised distributed representations learning on heterogeneous graphs and propose a novel model named G-HIN2Vec, Graph-Level Heterogeneous Information Network to Vector. Inspired by recent advances of unsupervised learning in natural language processing, G-HIN2Vec utilizes negative sampling technique as an unlabeled approach and learns graph embedding matrix from different predefined meta-paths. We conduct a variety of experiments on three main graph downstream applications on different socio-demographic cardholder features, graph regression, graph clustering, and graph classification, such as gender classification, age, and income prediction, which shows superior performance of our proposed GNN model on real-world financial credit card data. [less ▲]

Blockly2Hooks: Smart Contracts for Everyone with the XRP Ledger and Google Blockly

Scientific Conference (2023)

Recent technologies such as inter-ledger payments, non-fungible tokens, and smart contracts are all fruited from the ongoing development of Distributed Ledger Technologies. The foreseen trend is that they ... [more ▼]

Recent technologies such as inter-ledger payments, non-fungible tokens, and smart contracts are all fruited from the ongoing development of Distributed Ledger Technologies. The foreseen trend is that they will play an increasingly visible role in daily life, which will have to be backed by appropriate operational resources. For example, due to increasing demand, smart contracts could soon face a shortage of knowledgeable users and tools to handle them in practice. Widespread smart contract adoption is currently limited by security, usability and costs aspects. Because of a steep learning curve, the handling of smart contracts is currently performed by specialised developers mainly, and most of the research effort is focusing on smart contract security, while other aspects like usability being somewhat neglected. Specific tools would lower the entry barrier, enabling interested non-experts to create smart contracts. In this paper we designed and developed Blockly2Hooks, a solution towards filling this gap even in challenging scenarios such as when the smart contracts are written in an advanced language like C. With the XRP Ledger as a concrete working case, Blockly2Hooks helps interested non-experts from the community to learn smart contracts easily and adopt the technology, through leveraging well-proven teaching methodologies like Visual Programming Languages, and more specifically, the Blockly Visual Programming library from Google. The platform was developed and tested and the results are promising to make learning smart contract development smoother. [less ▲]

A Flash(bot) in the Pan: Measuring Maximal Extractable Value in Private Pools

in ACM Internet Measurement Conference, Nice, France 25-27 October 2022 (2022)

The rise of Ethereum has lead to a flourishing decentralized marketplace that has, unfortunately, fallen victim to frontrunning and Maximal Extractable Value (MEV) activities, where savvy participants ... [more ▼]

The rise of Ethereum has lead to a flourishing decentralized marketplace that has, unfortunately, fallen victim to frontrunning and Maximal Extractable Value (MEV) activities, where savvy participants game transaction orderings within a block for profit. One popular solution to address such behavior is Flashbots, a private pool with infrastructure and design goals aimed at eliminating the negative externalities associated with MEV. While Flashbots has established laudable goals to address MEV behavior, no evidence has been provided to show that these goals are achieved in practice. In this paper, we measure the popularity of Flashbots and evaluate if it is meeting its chartered goals. We find that (1) Flashbots miners account for over 99.9% of the hashing power in the Ethereum network, (2) powerful miners are making more than 2x what they were making prior to using Flashbots, while non-miners' slice of the pie has shrunk commensurately, (3) mining is just as centralized as it was prior to Flashbots with more than 90% of Flashbots blocks coming from just two miners, and (4) while more than 80% of MEV extraction in Ethereum is happening through Flashbots, 13.2% is coming from other private pools. [less ▲]

Event-Driven Interest Detection for Task-Oriented Mobile Apps

in Ota, Fernando Kaway Carvalho; Damoun, Farouk (Eds.) Mobile and Ubiquitous Systems: Computing, Networking and Services (2022)

Mobile applications became the main interaction channel in several domains, such as banking. Consequently, understanding user behaviour on those apps has drawn attention in order to extract business ... [more ▼]

Mobile applications became the main interaction channel in several domains, such as banking. Consequently, understanding user behaviour on those apps has drawn attention in order to extract business-oriented outcomes. By combining Markov Chain and graph theory techniques, we successfully developed a process to model the app, to extract the click high utility events, to score the interest on those events and cluster the groups of interest. We tested our approach on an European bank dataset with over 3.5 millions of user's session. By implementing our approach, analysts can gain knowledge of user behaviour in terms of events that are important to the domain. [less ▲]

SPON: Enabling Resilient Inter-Ledgers Payments with an Intrusion-Tolerant Overlay

Scientific Conference (2021, October 04)

Payment systems are a critical component of everyday life in our society. While in many situations payments are still slow, opaque, siloed, expensive or even fail, users expect them to be fast ... [more ▼]

Payment systems are a critical component of everyday life in our society. While in many situations payments are still slow, opaque, siloed, expensive or even fail, users expect them to be fast, transparent, cheap, reliable and global. Recent technologies such as distributed ledgers create opportunities for near-real-time, cheaper and more transparent payments. However, in order to achieve a global payment system, payments should be possible not only within one ledger, but also across different ledgers and geographies.In this paper we propose Secure Payments with Overlay Networks (SPON), a service that enables global payments across multiple ledgers by combining the transaction exchange provided by the Interledger protocol with an intrusion-tolerant overlay of relay nodes to achieve (1) improved payment latency, (2) fault-tolerance to benign failures such as node failures and network partitions, and (3) resilience to BGP hijacking attacks. We discuss the design goals and present an implementation based on the Interledger protocol and Spines overlay network. We analyze the resilience of SPON and demonstrate through experimental evaluation that it is able to improve payment latency, recover from path outages, withstand network partition attacks, and disseminate payments fairly across multiple ledgers. We also show how SPON can be deployed to make the communication between different ledgers resilient to BGP hijacking attacks. [less ▲]

HSM-based Key Management Solution for Ethereum Blockchain

in IEEE International Conference on Blockchain and Cryptocurrency, 3-6 May 2021 (2021, May 03)

The security of distributed applications backed by blockchain technology relies mainly on keeping the associated cryptographic keys (i.e. private keys) in well-protected storage. Since they are the unique ... [more ▼]

The security of distributed applications backed by blockchain technology relies mainly on keeping the associated cryptographic keys (i.e. private keys) in well-protected storage. Since they are the unique proof of ownership of the underlying digital assets. If the keys are stolen or lost, there is no way to recover the assets. The cold wallet is a good candidate for basic use cases, but it has a substantial challenge for more complex applications as it does not scale. Warm and hot wallets are more convenient options for blockchain-based solutions that aim to transact in a cloud environment. In this work, we focus on Hardware Security Module (HSM) based wallet. The HSM is the de-facto standard device designed to manage high-value cryptographic keys and to protect them against hacks. In this demonstration, we present an HSM-based working prototype that secures the entire life cycle of Ethereum public and private keys. [less ▲]

Frontrunner Jones and the Raiders of the Dark Forest: An Empirical Study of Frontrunning on the Ethereum Blockchain

in USENIX Security Symposium, Virtual 11-13 August 2021 (2021)

Ethereum prospered the inception of a plethora of smart contract applications, ranging from gambling games to decentralized finance. However, Ethereum is also considered a highly adversarial environment ... [more ▼]

Ethereum prospered the inception of a plethora of smart contract applications, ranging from gambling games to decentralized finance. However, Ethereum is also considered a highly adversarial environment, where vulnerable smart contracts will eventually be exploited. Recently, Ethereum's pool of pending transaction has become a far more aggressive environment. In the hope of making some profit, attackers continuously monitor the transaction pool and try to frontrun their victims' transactions by either displacing or suppressing them, or strategically inserting their transactions. This paper aims to shed some light into what is known as a dark forest and uncover these predators' actions. We present a methodology to efficiently measure the three types of frontrunning: displacement, insertion, and suppression. We perform a large-scale analysis on more than 11M blocks and identify almost 200K attacks with an accumulated profit of 18.41M USD for the attackers, providing evidence that frontrunning is both, lucrative and a prevalent issue. [less ▲]

Towards Privacy Preserving Data Centric Super App

in Carvalho Ota, Fernando Kaway; Meira, Jorge Augusto; Frank, Raphaël (Eds.) et al 2020 Mediterranean Communication and Computer Networking Conference, Arona 17-19 June 2020 (2020, September 10)

The number of smartphone users recently surpassed the numbers of desktop users on Internet, and opened up countless development challenges and business opportunities. Not only the fact that the majority ... [more ▼]

The number of smartphone users recently surpassed the numbers of desktop users on Internet, and opened up countless development challenges and business opportunities. Not only the fact that the majority of users are connected using their smartphones, but the number of Internet users in general has popularized the massive use of data-driven applications. In this context, the concept of super apps seems to be the next game-changer for the mobile apps industry, and the challenges related to security and privacy are key aspects for keeping user data safe. Thus, by combining different components for provisioning, authentication, membership and others, we propose a novel framework that enables the creation of a super app using privacy by design principles. [less ▲]

Leveraging eBPF to preserve user privacy for DNS, DoT, and DoH queries

in Proceedings of the 15th International Conference on Availability, Reliability and Security (2020, August)

The Domain Name System (DNS), a fundamental protocol that controls how users interact with the Internet, inadequately provides protection for user privacy. Recently, there have been advancements in the ... [more ▼]

The Domain Name System (DNS), a fundamental protocol that controls how users interact with the Internet, inadequately provides protection for user privacy. Recently, there have been advancements in the field of DNS privacy and security in the form of the DNS over TLS (DoT) and DNS over HTTPS (DoH) protocols. The advent of these protocols and recent advancements in large-scale data processing have drastically altered the threat model for DNS privacy. Users can no longer rely on traditional methods, and must instead take active steps to ensure their privacy. In this paper, we demonstrate how the extended Berkeley Packet Filter (eBPF) can assist users in maintaining their privacy by leveraging eBPF to provide privacy across standard DNS, DoH, and DoT communications. Further, we develop a method that allows users to enforce application-specific DNS servers. Our method provides users with control over their DNS network traffic and privacy without requiring changes to their applications while adding low overhead. [less ▲]

The rise of eBPF for non-intrusive performance monitoring

in IEEE Xplore (2020, June 08)

In this paper, we explain that container engines are strengthening their isolation mechanisms. Therefore, nonintrusive monitoring becomes a must-have for the performance analysis of containerized user ... [more ▼]

In this paper, we explain that container engines are strengthening their isolation mechanisms. Therefore, nonintrusive monitoring becomes a must-have for the performance analysis of containerized user-space application in production environments. After a literature review and background of Linux subsystems and container isolation concepts, we present our lessons learned of using the extended Berkeley packet filter to monitor and profile performance. We carry out the profiling and tracing of several Interledger connectors using two full-fledged implementations of the Interledger protocol specifications. [less ▲]