Tokenization of Sukuk: Ethereum Case Study

in Global Finance Journal (2020)

Sukuk is a financial instrument that provides returns similar to conventional bonds. It has served to cater to the capital requirements of big corporations and governments, while circumventing interest to ... [more ▼]

Sukuk is a financial instrument that provides returns similar to conventional bonds. It has served to cater to the capital requirements of big corporations and governments, while circumventing interest to adhere to the Shariah law. Sukuk can be touted as Shariah-compliant bonds that rank amongst the most successful and the fastest growing financial instrument in the Islamic economy. The sukuk research area is marked by a dearth of quantitative literature, compared to qualitative academic work. This paper seeks to fill this existing gap, and introduces a novel, exploratory analysis of sukuk tokenization based on a case study. The funding needs of small and medium enterprises remains largely unmet through sukuk on account of the high costs involved, among other reasons. As we show in this paper, blockchains can aid to lower the cost incurred through the tokenization of sukuk. We highlight some of the key challenges involved in the issuance of sukuk and discuss their resolution using blockchain. We also provide a taxonomy of blockchain applications in finance, with a particular focus on Islamic finance. Our paper reviews different blockchain architectures to assess their viability for tokenization. We conduct a novel case study on sukuk tokenization by implementing a basic smart contract for Sukuk al-Murabaha on Ethereum. The paper concludes by a conceptual analysis of feasibility concerns, based on a comparison of the conducted cost-benefit analysis of conventional sukuk issuance with tokenization. [less ▲]

Mobile App to SGX Enclave Secure Channel

in 2019 IEEE International Symposium on Software Reliability Engineering Workshops (2020, February 13)

The current challenge for several applications is to guarantee the user’s privacy when using personal data. The broader problem is to transfer and process the data without exposing the sensitive content ... [more ▼]

The current challenge for several applications is to guarantee the user’s privacy when using personal data. The broader problem is to transfer and process the data without exposing the sensitive content to anyone, including the service provider(s). In this paper, we address this challenge by proposing a protocol to combine secure frameworks in order to exchange and process sensitive data, i.e. respecting user’s privacy. Our contribution is a protocol to perform a secure exchange of data between a mobile application and a trusted execution environment. In our experiments we show independent implementations of our protocol using three different encryption modes (i.e., CBC, ECB, GCM encryption). Our results support the feasibility and importance of an end-to-end secure channel protocol. [less ▲]

BlockPGP: A Blockchain-based Framework for PGP Key Servers

in International Journal of Networking and Computing (2020), 10(1), 1-24

Pretty Good Privacy (PGP) is one of the most prominent cryptographic standards offering end-to-end encryption for email messages and other sensitive information exchange. PGP allows to verify the identity ... [more ▼]

Pretty Good Privacy (PGP) is one of the most prominent cryptographic standards offering end-to-end encryption for email messages and other sensitive information exchange. PGP allows to verify the identity of the correspondent in information exchange as well as the information integrity. PGP implements asymmetric encryption with certificates shared through a network of PGP key servers. In this paper, we propose a new PGP management framework with the key servers infrastructure implemented using blockchain technology. Our approach offers fast propagation of certificate revocation among PGP key servers and elimination of man-in-the-middle risks. It also grants users the required access control to update their own PGP certificates, which is not the case with the current PGP key servers. A prototype has been implemented using Ethereum blockchain and an open source key server, named Hockeypuck. Finally, we evaluated the prototype with extensive experiments. Our results show that our solution is practical and it could be integrated with the existing public PGP key servers infrastructure. [less ▲]

Intrusion detection on robot cameras using spatio-temporal autoencoders: A self-driving car application

in 91st IEEE Vehicular Technology Conference, VTC Spring 2020, Antwerp, Belgium, May 25-28, 2020 (2020)

Robot Operating System (ROS) is becoming more and more important and is used widely by developers and researchers in various domains. One of the most important fields where it is being used is the self ... [more ▼]

Robot Operating System (ROS) is becoming more and more important and is used widely by developers and researchers in various domains. One of the most important fields where it is being used is the self-driving cars industry. However, this framework is far from being totally secure, and the existing security breaches do not have robust solutions. In this paper we focus on the camera vulnerabilities, as it is often the most important source for the environment discovery and the decision-making process. We propose an unsupervised anomaly detection tool for detecting suspicious frames incoming from camera flows. Our solution is based on spatio-temporal autoencoders used to truthfully reconstruct the camera frames and detect abnormal ones by measuring the difference with the input. We test our approach on a real-word dataset, i.e. flows coming from embedded cameras of self-driving cars. Our solution outperforms the existing works on different scenarios. [less ▲]

Federated Learning For Cyber Security: SOC Collaboration For Malicious URL Detection

in IEEE International Conference on Distributed Computing Systems (ICDCS) (2020)

Managed security service providers increasingly rely on machine-learning methods to exceed traditional, signature- based threat detection and classification methods. As machine- learning often improves ... [more ▼]

Managed security service providers increasingly rely on machine-learning methods to exceed traditional, signature- based threat detection and classification methods. As machine- learning often improves with more data available, smaller orga- nizations and clients find themselves at a disadvantage: Without the ability to share their data and others willing to collaborate, their machine-learned threat detection will perform worse than the same model in a larger organization. We show that Feder- ated Learning, i.e. collaborative learning without data sharing, successfully helps to overcome this problem. Our experiments focus on a common task in cyber security, the detection of unwanted URLs in network traffic seen by security-as-a-service providers. Our experiments show that i) Smaller participants benefit from larger participants ii) Participants seeing different types of malicious traffic can generalize better to unseen types of attacks, increasing performance by 8% to 15% on average, and up to 27% in the extreme case. iii) Participating in Federated training never harms the performance of the locally trained model. In our experiment modeling a security-as-a service setting, Federated Learning increased detection up to 30% for some participants in the scheme. This clearly shows that Federated Learning is a viable approach to address issues of data sharing in common cyber security settings. [less ▲]

Auto-encoding Robot State against Sensor Spoofing Attacks

in International Symposium on Software Reliability Engineering (2019, October)

In robotic systems, the physical world is highly coupled with cyberspace. New threats affect cyber-physical systems as they rely on several sensors to perform critical operations. The most sensitive ... [more ▼]

In robotic systems, the physical world is highly coupled with cyberspace. New threats affect cyber-physical systems as they rely on several sensors to perform critical operations. The most sensitive targets are their location systems, where spoofing attacks can force robots to behave incorrectly. In this paper, we propose a novel anomaly detection approach for sensor spoofing attacks, based on an auto-encoder architecture. After initial training, the detection algorithm works directly on the compressed data by computing the reconstruction errors. We focus on spoofing attacks on Light Detection and Ranging (LiDAR) systems. We tested our anomaly detection approach against several types of spoofing attacks comparing four different compression rates for the auto-encoder. Our approach has a 99% True Positive rate and a 10% False Negative rate for the 83% compression rate. However, a compression rate of 41% could handle almost all of the same attacks while using half the data. [less ▲]

MQLV: Optimal Policy of Money Management in Retail Banking with Q-Learning

in Proceedings of the Fourth Workshop on MIning DAta for financial applicationS (MIDAS 2019) co-located with the 2019 European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases (ECML-PKDD 2019) (2019, September)

Reinforcement learning has become one of the best approach to train a computer game emulator capable of human level performance. In a reinforcement learning approach, an optimal value function is learned ... [more ▼]

Reinforcement learning has become one of the best approach to train a computer game emulator capable of human level performance. In a reinforcement learning approach, an optimal value function is learned across a set of actions, or decisions, that leads to a set of states giving different rewards, with the objective to maximize the overall reward. A policy assigns to each state-action pairs an expected return. We call an optimal policy a policy for which the value function is optimal. QLBS, Q-Learner in the Black-Scholes(-Merton) Worlds, applies the reinforcement learning concepts, and noticeably, the popular Q-learning algorithm, to the financial stochastic model of Black, Scholes and Merton. It is, however, specifically optimized for the geometric Brownian motion and the vanilla options. Its range of application is, therefore, limited to vanilla option pricing within the financial markets. We propose MQLV, Modified Q-Learner for the Vasicek model, a new reinforcement learning approach that determines the optimal policy of money management based on the aggregated financial transactions of the clients. It unlocks new frontiers to establish personalized credit card limits or bank loan applications, targeting the retail banking industry. MQLV extends the simulation to mean reverting stochastic diffusion processes and it uses a digital function, a Heaviside step function expressed in its discrete form, to estimate the probability of a future event such as a payment default. In our experiments, we first show the similarities between a set of historical financial transactions and Vasicek generated transactions and, then, we underline the potential of MQLV on generated Monte Carlo simulations. Finally, MQLV is the first Q-learning Vasicek-based methodology addressing transparent decision making processes in retail banking. [less ▲]

Deep dive into Interledger: Understanding the Interledger ecosystem - Part 2

Learning material (2019)

At the technical level, the goal of Interledger is to provide an architecture and a minimal set of protocols to enable interoperability for any value transfer system. The Interledger protocol is literally ... [more ▼]

At the technical level, the goal of Interledger is to provide an architecture and a minimal set of protocols to enable interoperability for any value transfer system. The Interledger protocol is literally a protocol for interledger payments. To understand how is it possible to achieve this goal, several aspects of the technology require a deeper analysis. For this reason, in our journey to become knowledgeable and active contributor we decided to create our own test-bed on our premises. By doing so, we noticed that some aspects are well documented but we found that others might need more attention and clarification. Despite a large community effort, the task to keep information on a fast evolving software ecosystem is tedious and not always the priority for such a project. Therefore, the purpose of this document is to guide, through several hands-on activities, community members who want to engage at different levels. The document consolidates all the relevant information from generating a simple payment to ultimately create a test-bed with the Interledger protocol suite between Ripple and other distributed ledger technology. [less ▲]

Standardising smart contracts: Automatically inferring ERC standards

in Proceedings of 2019 IEEE International Conference on Blockchain and Cryptocurrency (2019)

Ethereum smart contracts have become common enough to warrant the need for standards to ensure ease of use. The most well known standard was created for the emerging token ecosystem and the exchanges ... [more ▼]

Ethereum smart contracts have become common enough to warrant the need for standards to ensure ease of use. The most well known standard was created for the emerging token ecosystem and the exchanges serving it: the ERC20 standard. In this work we use the function selectors present in Ethereum smart contract bytecode to define contract purpose. Contracts are clustered according to the selectors they have. A Reverse look-up from selectors to function names is used to label clusters. We use the function names in clusters to suggest candidates for ERC standardisation. [less ▲]

Deep dive into Interledger: Understanding the Interledger ecosystem

Learning material (2019)

At the technical level, the goal of Interledger is to provide an architecture and a minimal set of protocols to enable interoperability for any value transfer system. The Interledger protocol is literally ... [more ▼]

At the technical level, the goal of Interledger is to provide an architecture and a minimal set of protocols to enable interoperability for any value transfer system. The Interledger protocol is literally a protocol for interledger payments. To understand how is it possible to achieve this goal, several aspects of the technology require a deeper analysis. For this reason, in our journey to become knowledgeable and active contributor we decided to create our own test-bed on our premises. By doing so, we noticed that some aspects are well documented but we found that others might need more attention and clarification. Despite a large community effort, the task to keep information on a fast evolving software ecosystem is tedious and not always the priority for such a project. Therefore, the purpose of this document is to guide, through several hands-on activities, community members who want to engage at different levels. The document consolidates all the relevant information from generating a simple payment to ultimately create a test-bed with the Interledger protocol suite between Ripple and other distributed ledger technology. [less ▲]