References of "State, Radu 50003137"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailBlockchain Governance: An Overview and Prediction of Optimal Strategies Using Nash Equilibrium
Khan, Nida UL; Ahmad, Tabrez; Patel, Anass et al

in 3rd AUE International Research Conference (in press)

Blockchain governance is a subject of ongoing research and an interdisciplinary view of blockchain governance is vital to aid in further research for establishing a formal governance framework for this ... [more ▼]

Blockchain governance is a subject of ongoing research and an interdisciplinary view of blockchain governance is vital to aid in further research for establishing a formal governance framework for this nascent technology. In this paper, the position of blockchain governance within the hierarchy of Institutional governance is discussed. Blockchain governance is analyzed from the perspective of IT governance using Nash equilibrium to predict the outcome of different governance decisions. A payoff matrix for blockchain governance is created and simulation of different strategy profiles is accomplished for computation of all Nash equilibria. We also create payoff matrices for different kinds of blockchain governance, which were used to propose novel mathematical formulae usable to predict the best governance strategy that minimizes the occurrence of a hard fork as well as predicts the behavior of the majority during protocol updates. [less ▲]

Detailed reference viewed: 300 (25 UL)
Full Text
Peer Reviewed
See detailXRP-NDN overlay: Improving the Communication Efficiency of Consensus-Validation based Blockchains with an NDN Overlay
Trestioreanu, Lucian Andrei UL; Shbair, Wazen UL; Scheidt de Cristo, Flaviene UL et al

Scientific Conference (2023)

With growing adoption of Distributed Ledger Technologies, their networks must scale while maintaining efficient communication for the underlying consensus and replication mechanisms. New content ... [more ▼]

With growing adoption of Distributed Ledger Technologies, their networks must scale while maintaining efficient communication for the underlying consensus and replication mechanisms. New content distribution concepts like Named Data Networking create opportunities to achieve this goal. We present and evaluate XRP-NDN overlay, a solution to increase communication efficiency for consensus-validation blockchains like XRP Ledger. We send consensus messages over different communication models and show that the chosen model lowers the number of messages at node level to minimum, while maintaining or improving performance by leveraging overlay advantages. [less ▲]

Full Text
Peer Reviewed
See detailTopology Analysis of the XRP Ledger
Tumas, Vytautas UL; Rivera, Sean UL; Magoni, Damien et al

Scientific Conference (2022, October 12)

XRP Ledger is one of the oldest, well-established blockchains. Despite the popularity of the XRP Ledger, little is known about its underlying peer-to-peer network. The structural properties of a network ... [more ▼]

XRP Ledger is one of the oldest, well-established blockchains. Despite the popularity of the XRP Ledger, little is known about its underlying peer-to-peer network. The structural properties of a network impact its efficiency, security and robustness. We aim to close the knowledge gap by providing a detailed analysis of the XRP overlay network. In this paper we examine the graph-theoretic properties of the XRP Ledger peer-to-peer network and its temporal characteristics. We crawl the XRP Ledger over two months and collect 1,290 unique network snapshots. We uncover a small group of nodes that act as a networking backbone. In addition, we observe a high network churn, with a third of the nodes changing every five days. Our findings have strong implications for the resilience and safety of the XRP Ledger. [less ▲]

Detailed reference viewed: 60 (14 UL)
Full Text
Peer Reviewed
See detailElysium: Context-Aware Bytecode-Level Patching to Automatically Heal Vulnerable Smart Contracts
Ferreira Torres, Christof UL; Jonker, Hugo; State, Radu UL

in International Symposium on Research in Attacks, Intrusions and Defenses, Limassol, Cyprus 26-28 October 2022 (2022)

Fixing bugs is easiest by patching source code. However, source code is not always available: only 0.3% of the ∼49M smart contracts that are currently deployed on Ethereum have their source code publicly ... [more ▼]

Fixing bugs is easiest by patching source code. However, source code is not always available: only 0.3% of the ∼49M smart contracts that are currently deployed on Ethereum have their source code publicly available. Moreover, since contracts may call functions from other contracts, security flaws in closed-source contracts may affect open-source contracts as well. However, current state-of-the-art approaches that operate on closed-source contracts (i.e., EVM bytecode), such as EVMPatch and SmartShield, make use of purely hard-coded templates that leverage fix patching patterns. As a result, they cannot dynamically adapt to the bytecode that is being patched, which severely limits their flexibility and scalability. For instance, when patching integer overflows using hard-coded templates, a particular patch template needs to be employed as the bounds to be checked are different for each integer size (i.e., one template for uint256, another template for uint64, etc.). In this paper, we propose Elysium, a scalable approach towards automatic smart contract repair at the bytecode level. Elysium combines template-based and semantic-based patching by inferring context information from bytecode. Elysium is currently able to patch 7 different types of vulnerabilities in smart contracts automatically and can easily be extended with new templates and new bug-finding tools. We evaluate its effectiveness and correctness using 3 different datasets by replaying more than 500K transactions on patched contracts. We find that Elysium outperforms existing tools by patching at least 30% more contracts correctly. Finally, we also compare the overhead of Elysium in terms of deployment and transaction cost. In comparison to other tools, we find that generally Elysium minimizes the runtime cost (i.e., transaction cost) up to a factor of 1.7, for only a marginally higher deployment cost, where deployment cost is a one-time cost as compared to the runtime cost. [less ▲]

Detailed reference viewed: 97 (0 UL)
Full Text
Peer Reviewed
See detailA Flash(bot) in the Pan: Measuring Maximal Extractable Value in Private Pools
Weintraub, Ben; Ferreira Torres, Christof UL; Nita-Rotaru, Cristina et al

in ACM Internet Measurement Conference, Nice, France 25-27 October 2022 (2022)

The rise of Ethereum has lead to a flourishing decentralized marketplace that has, unfortunately, fallen victim to frontrunning and Maximal Extractable Value (MEV) activities, where savvy participants ... [more ▼]

The rise of Ethereum has lead to a flourishing decentralized marketplace that has, unfortunately, fallen victim to frontrunning and Maximal Extractable Value (MEV) activities, where savvy participants game transaction orderings within a block for profit. One popular solution to address such behavior is Flashbots, a private pool with infrastructure and design goals aimed at eliminating the negative externalities associated with MEV. While Flashbots has established laudable goals to address MEV behavior, no evidence has been provided to show that these goals are achieved in practice. In this paper, we measure the popularity of Flashbots and evaluate if it is meeting its chartered goals. We find that (1) Flashbots miners account for over 99.9% of the hashing power in the Ethereum network, (2) powerful miners are making more than 2x what they were making prior to using Flashbots, while non-miners' slice of the pie has shrunk commensurately, (3) mining is just as centralized as it was prior to Flashbots with more than 90% of Flashbots blocks coming from just two miners, and (4) while more than 80% of MEV extraction in Ethereum is happening through Flashbots, 13.2% is coming from other private pools. [less ▲]

Detailed reference viewed: 30 (0 UL)
Full Text
Peer Reviewed
See detailSelf-Sovereign Identity for the Financial Sector: A Case Study of PayString Service
Scheidt de Cristo, Flaviene UL; Shbair, Wazen UL; Trestioreanu, Lucian Andrei UL et al

Scientific Conference (2021, December 06)

PayString is an initiative to make payment identifiers global and human-readable, facilitating the exchange of payment information. However, the reference implementation lacks privacy and security ... [more ▼]

PayString is an initiative to make payment identifiers global and human-readable, facilitating the exchange of payment information. However, the reference implementation lacks privacy and security features, making it possible for anyone to access the payment information as long as the PayString identifier is known. Also this paper presents the first performance evaluation of PayString. Via a large-scale testbed our experimental results show an overhead which, given the privacy and security advantages offered, is acceptable in practice, thus making the proposed solution feasible. [less ▲]

Detailed reference viewed: 64 (5 UL)
Full Text
Peer Reviewed
See detailSPON: Enabling Resilient Inter-Ledgers Payments with an Intrusion-Tolerant Overlay
Trestioreanu, Lucian Andrei UL; Nita-Rotaru, Cristina; Malhotra, Aanchal et al

Scientific Conference (2021, October 04)

Payment systems are a critical component of everyday life in our society. While in many situations payments are still slow, opaque, siloed, expensive or even fail, users expect them to be fast ... [more ▼]

Payment systems are a critical component of everyday life in our society. While in many situations payments are still slow, opaque, siloed, expensive or even fail, users expect them to be fast, transparent, cheap, reliable and global. Recent technologies such as distributed ledgers create opportunities for near-real-time, cheaper and more transparent payments. However, in order to achieve a global payment system, payments should be possible not only within one ledger, but also across different ledgers and geographies.In this paper we propose Secure Payments with Overlay Networks (SPON), a service that enables global payments across multiple ledgers by combining the transaction exchange provided by the Interledger protocol with an intrusion-tolerant overlay of relay nodes to achieve (1) improved payment latency, (2) fault-tolerance to benign failures such as node failures and network partitions, and (3) resilience to BGP hijacking attacks. We discuss the design goals and present an implementation based on the Interledger protocol and Spines overlay network. We analyze the resilience of SPON and demonstrate through experimental evaluation that it is able to improve payment latency, recover from path outages, withstand network partition attacks, and disseminate payments fairly across multiple ledgers. We also show how SPON can be deployed to make the communication between different ledgers resilient to BGP hijacking attacks. [less ▲]

Detailed reference viewed: 59 (4 UL)
Full Text
Peer Reviewed
See detailConFuzzius: A Data Dependency-Aware Hybrid Fuzzer for Smart Contracts
Ferreira Torres, Christof UL; Iannillo, Antonio Ken UL; Gervais, Arthur et al

in European Symposium on Security and Privacy, Vienna 7-11 September 2021 (2021, September)

Smart contracts are Turing-complete programs that are executed across a blockchain. Unlike traditional programs, once deployed, they cannot be modified. As smart contracts carry more value, they become ... [more ▼]

Smart contracts are Turing-complete programs that are executed across a blockchain. Unlike traditional programs, once deployed, they cannot be modified. As smart contracts carry more value, they become more of an exciting target for attackers. Over the last years, they suffered from exploits costing millions of dollars due to simple programming mistakes. As a result, a variety of tools for detecting bugs have been proposed. Most of these tools rely on symbolic execution, which may yield false positives due to over-approximation. Recently, many fuzzers have been proposed to detect bugs in smart contracts. However, these tend to be more effective in finding shallow bugs and less effective in finding bugs that lie deep in the execution, therefore achieving low code coverage and many false negatives. An alternative that has proven to achieve good results in traditional programs is hybrid fuzzing, a combination of symbolic execution and fuzzing. In this work, we study hybrid fuzzing on smart contracts and present ConFuzzius, the first hybrid fuzzer for smart contracts. ConFuzzius uses evolutionary fuzzing to exercise shallow parts of a smart contract and constraint solving to generate inputs that satisfy complex conditions that prevent evolutionary fuzzing from exploring deeper parts. Moreover, ConFuzzius leverages dynamic data dependency analysis to efficiently generate sequences of transactions that are more likely to result in contract states in which bugs may be hidden. We evaluate the effectiveness of ConFuzzius by comparing it with state-of-the-art symbolic execution tools and fuzzers for smart contracts. Our evaluation on a curated dataset of 128 contracts and a dataset of 21K real-world contracts shows that our hybrid approach detects more bugs than state-of-the-art tools (up to 23%) and that it outperforms existing tools in terms of code coverage (up to 69%). We also demonstrate that data dependency analysis can boost bug detection up to 18%. [less ▲]

Detailed reference viewed: 207 (20 UL)
Full Text
Peer Reviewed
See detailHSM-based Key Management Solution for Ethereum Blockchain
Shbair, Wazen UL; Gavrilov, Eugene; State, Radu UL

in IEEE International Conference on Blockchain and Cryptocurrency, 3-6 May 2021 (2021, May 03)

The security of distributed applications backed by blockchain technology relies mainly on keeping the associated cryptographic keys (i.e. private keys) in well-protected storage. Since they are the unique ... [more ▼]

The security of distributed applications backed by blockchain technology relies mainly on keeping the associated cryptographic keys (i.e. private keys) in well-protected storage. Since they are the unique proof of ownership of the underlying digital assets. If the keys are stolen or lost, there is no way to recover the assets. The cold wallet is a good candidate for basic use cases, but it has a substantial challenge for more complex applications as it does not scale. Warm and hot wallets are more convenient options for blockchain-based solutions that aim to transact in a cloud environment. In this work, we focus on Hardware Security Module (HSM) based wallet. The HSM is the de-facto standard device designed to manage high-value cryptographic keys and to protect them against hacks. In this demonstration, we present an HSM-based working prototype that secures the entire life cycle of Ethereum public and private keys. [less ▲]

Detailed reference viewed: 192 (7 UL)
Full Text
Peer Reviewed
See detailPrivacy-Preserving PayString Service
Scheidt de Cristo, Flaviene UL; Shbair, Wazen UL; Trestioreanu, Lucian Andrei UL et al

Poster (2021, May)

PayString is an initiative to make payment identifiers global and human-readable, facilitating the exchange of payment information. However, the reference implementation lacks privacy and security ... [more ▼]

PayString is an initiative to make payment identifiers global and human-readable, facilitating the exchange of payment information. However, the reference implementation lacks privacy and security features, making it possible for anyone to access the payment information as long as the PayString identifier is known. Also, this paper presents the first performance evaluation of PayString. Via a large-scale testbed, our experimental results show an overhead which, given the privacy and security advantages offered, is acceptable in practice, thus making the proposed solution feasible. [less ▲]

Detailed reference viewed: 180 (14 UL)
Full Text
Peer Reviewed
See detailThe Eye of Horus: Spotting and Analyzing Attacks on Ethereum Smart Contracts
Ferreira Torres, Christof UL; Iannillo, Antonio Ken UL; Gervais, Arthur et al

in International Conference on Financial Cryptography and Data Security, Grenada 1-5 March 2021 (2021)

Detailed reference viewed: 108 (13 UL)
Full Text
Peer Reviewed
See detailFrontrunner Jones and the Raiders of the Dark Forest: An Empirical Study of Frontrunning on the Ethereum Blockchain
Ferreira Torres, Christof UL; Camino, Ramiro; State, Radu UL

in USENIX Security Symposium, Virtual 11-13 August 2021 (2021)

Ethereum prospered the inception of a plethora of smart contract applications, ranging from gambling games to decentralized finance. However, Ethereum is also considered a highly adversarial environment ... [more ▼]

Ethereum prospered the inception of a plethora of smart contract applications, ranging from gambling games to decentralized finance. However, Ethereum is also considered a highly adversarial environment, where vulnerable smart contracts will eventually be exploited. Recently, Ethereum's pool of pending transaction has become a far more aggressive environment. In the hope of making some profit, attackers continuously monitor the transaction pool and try to frontrun their victims' transactions by either displacing or suppressing them, or strategically inserting their transactions. This paper aims to shed some light into what is known as a dark forest and uncover these predators' actions. We present a methodology to efficiently measure the three types of frontrunning: displacement, insertion, and suppression. We perform a large-scale analysis on more than 11M blocks and identify almost 200K attacks with an accumulated profit of 18.41M USD for the attackers, providing evidence that frontrunning is both, lucrative and a prevalent issue. [less ▲]

Detailed reference viewed: 340 (15 UL)
Full Text
Peer Reviewed
See detailTowards Privacy Preserving Data Centric Super App
Carvalho Ota, Fernando Kaway UL; Meira, Jorge Augusto UL; Frank, Raphaël UL et al

in Carvalho Ota, Fernando Kaway; Meira, Jorge Augusto; Frank, Raphaël (Eds.) et al 2020 Mediterranean Communication and Computer Networking Conference, Arona 17-19 June 2020 (2020, September 10)

The number of smartphone users recently surpassed the numbers of desktop users on Internet, and opened up countless development challenges and business opportunities. Not only the fact that the majority ... [more ▼]

The number of smartphone users recently surpassed the numbers of desktop users on Internet, and opened up countless development challenges and business opportunities. Not only the fact that the majority of users are connected using their smartphones, but the number of Internet users in general has popularized the massive use of data-driven applications. In this context, the concept of super apps seems to be the next game-changer for the mobile apps industry, and the challenges related to security and privacy are key aspects for keeping user data safe. Thus, by combining different components for provisioning, authentication, membership and others, we propose a novel framework that enables the creation of a super app using privacy by design principles. [less ▲]

Detailed reference viewed: 147 (8 UL)
Full Text
Peer Reviewed
See detailA Data Science Approach for Honeypot Detection in Ethereum
Camino, Ramiro Daniel UL; Ferreira Torres, Christof UL; Baden, Mathis UL et al

in 2020 IEEE International Conference on Blockchain and Cryptocurrency (ICBC) (2020, August 17)

Detailed reference viewed: 92 (7 UL)
Full Text
Peer Reviewed
See detailLeveraging eBPF to preserve user privacy for DNS, DoT, and DoH queries
Rivera, Sean UL; Gurbani, Vijay; Lagraa, Sofiane UL et al

in Proceedings of the 15th International Conference on Availability, Reliability and Security (2020, August)

The Domain Name System (DNS), a fundamental protocol that controls how users interact with the Internet, inadequately provides protection for user privacy. Recently, there have been advancements in the ... [more ▼]

The Domain Name System (DNS), a fundamental protocol that controls how users interact with the Internet, inadequately provides protection for user privacy. Recently, there have been advancements in the field of DNS privacy and security in the form of the DNS over TLS (DoT) and DNS over HTTPS (DoH) protocols. The advent of these protocols and recent advancements in large-scale data processing have drastically altered the threat model for DNS privacy. Users can no longer rely on traditional methods, and must instead take active steps to ensure their privacy. In this paper, we demonstrate how the extended Berkeley Packet Filter (eBPF) can assist users in maintaining their privacy by leveraging eBPF to provide privacy across standard DNS, DoH, and DoT communications. Further, we develop a method that allows users to enforce application-specific DNS servers. Our method provides users with control over their DNS network traffic and privacy without requiring changes to their applications while adding low overhead. [less ▲]

Detailed reference viewed: 100 (5 UL)
Full Text
Peer Reviewed
See detailWorking with Deep Generative Models and Tabular Data Imputation
Camino, Ramiro Daniel UL; Hammerschmidt, Christian UL; State, Radu UL

Scientific Conference (2020, July 17)

Datasets with missing values are very common in industry applications. Missing data typically have a negative impact on machine learning models. With the rise of generative models in deep learning, recent ... [more ▼]

Datasets with missing values are very common in industry applications. Missing data typically have a negative impact on machine learning models. With the rise of generative models in deep learning, recent studies proposed solutions to the problem of imputing missing values based various deep generative models. Previous experiments with Generative Adversarial Networks (GANs) and Variational Autoencoders (VAEs) showed promising results in this domain. Initially, these results focused on imputation in image data, e.g. filling missing patches in images. Recent proposals addressed missing values in tabular data. For these data, the case for deep generative models seems to be less clear. In the process of providing a fair comparison of proposed methods, we uncover several issues when assessing the status quo: the use of under-specified and ambiguous dataset names, the large range of parameters and hyper-parameters to tune for each method, and the use of different metrics and evaluation methods. [less ▲]

Detailed reference viewed: 129 (4 UL)
Full Text
Peer Reviewed
See detailThe rise of eBPF for non-intrusive performance monitoring
Cassagnes, Cyril UL; Trestioreanu, Lucian Andrei UL; Joly, Clement UL et al

in IEEE Xplore (2020, June 08)

In this paper, we explain that container engines are strengthening their isolation mechanisms. Therefore, nonintrusive monitoring becomes a must-have for the performance analysis of containerized user ... [more ▼]

In this paper, we explain that container engines are strengthening their isolation mechanisms. Therefore, nonintrusive monitoring becomes a must-have for the performance analysis of containerized user-space application in production environments. After a literature review and background of Linux subsystems and container isolation concepts, we present our lessons learned of using the extended Berkeley packet filter to monitor and profile performance. We carry out the profiling and tracing of several Interledger connectors using two full-fledged implementations of the Interledger protocol specifications. [less ▲]

Detailed reference viewed: 160 (15 UL)
Full Text
Peer Reviewed
See detailTokenization of Sukuk: Ethereum Case Study
Khan, Nida UL; Kchouri, Bilal UL; Yatoo, Nissar Ahmad et al

in Global Finance Journal (2020)

Sukuk is a financial instrument that provides returns similar to conventional bonds. It has served to cater to the capital requirements of big corporations and governments, while circumventing interest to ... [more ▼]

Sukuk is a financial instrument that provides returns similar to conventional bonds. It has served to cater to the capital requirements of big corporations and governments, while circumventing interest to adhere to the Shariah law. Sukuk can be touted as Shariah-compliant bonds that rank amongst the most successful and the fastest growing financial instrument in the Islamic economy. The sukuk research area is marked by a dearth of quantitative literature, compared to qualitative academic work. This paper seeks to fill this existing gap, and introduces a novel, exploratory analysis of sukuk tokenization based on a case study. The funding needs of small and medium enterprises remains largely unmet through sukuk on account of the high costs involved, among other reasons. As we show in this paper, blockchains can aid to lower the cost incurred through the tokenization of sukuk. We highlight some of the key challenges involved in the issuance of sukuk and discuss their resolution using blockchain. We also provide a taxonomy of blockchain applications in finance, with a particular focus on Islamic finance. Our paper reviews different blockchain architectures to assess their viability for tokenization. We conduct a novel case study on sukuk tokenization by implementing a basic smart contract for Sukuk al-Murabaha on Ethereum. The paper concludes by a conceptual analysis of feasibility concerns, based on a comparison of the conducted cost-benefit analysis of conventional sukuk issuance with tokenization. [less ▲]

Detailed reference viewed: 512 (35 UL)
Full Text
Peer Reviewed
See detailMobile App to SGX Enclave Secure Channel
Carvalho Ota, Fernando Kaway UL; Meira, Jorge Augusto UL; Cassagnes, Cyril UL et al

in 2019 IEEE International Symposium on Software Reliability Engineering Workshops (2020, February 13)

The current challenge for several applications is to guarantee the user’s privacy when using personal data. The broader problem is to transfer and process the data without exposing the sensitive content ... [more ▼]

The current challenge for several applications is to guarantee the user’s privacy when using personal data. The broader problem is to transfer and process the data without exposing the sensitive content to anyone, including the service provider(s). In this paper, we address this challenge by proposing a protocol to combine secure frameworks in order to exchange and process sensitive data, i.e. respecting user’s privacy. Our contribution is a protocol to perform a secure exchange of data between a mobile application and a trusted execution environment. In our experiments we show independent implementations of our protocol using three different encryption modes (i.e., CBC, ECB, GCM encryption). Our results support the feasibility and importance of an end-to-end secure channel protocol. [less ▲]

Detailed reference viewed: 102 (3 UL)