Blockchains and Smart Contracts for the Internet of Things
TL;DR: The conclusion is that the blockchain-IoT combination is powerful and can cause significant transformations across several industries, paving the way for new business models and novel, distributed applications.
Abstract: Motivated by the recent explosion of interest around blockchains, we examine whether they make a good fit for the Internet of Things (IoT) sector. Blockchains allow us to have a distributed peer-to-peer network where non-trusting members can interact with each other without a trusted intermediary, in a verifiable manner. We review how this mechanism works and also look into smart contracts—scripts that reside on the blockchain that allow for the automation of multi-step processes. We then move into the IoT domain, and describe how a blockchain-IoT combination: 1) facilitates the sharing of services and resources leading to the creation of a marketplace of services between devices and 2) allows us to automate in a cryptographically verifiable manner several existing, time-consuming workflows. We also point out certain issues that should be considered before the deployment of a blockchain network in an IoT setting: from transactional privacy to the expected value of the digitized assets traded on the network. Wherever applicable, we identify solutions and workarounds. Our conclusion is that the blockchain-IoT combination is powerful and can cause significant transformations across several industries, paving the way for new business models and novel, distributed applications.
Citations
More filters
01 Nov 2017
TL;DR: This position paper provides an overview of common security issues of SDN when linked to IoT clouds, describes the design principals of the recently introduced Blockchain paradigm and advocates the reasons that render Blockchain as a significant security factor for solutions where SDN and IoT are involved.
Abstract: The majority of business activity of our integrated and connected world takes place in networks based on cloud computing infrastructure that cross national, geographic and jurisdictional boundaries. Such an efficient entity interconnection is made possible through an emerging networking paradigm, Software Defined Networking (SDN) that intends to vastly simplify policy enforcement and network reconfiguration in a dynamic manner. However, despite the obvious advantages this novel networking paradigm introduces, its increased attack surface compared to traditional networking deployments proved to be a thorny issue that creates skepticism when safety-critical applications are considered. Especially when SDN is used to support Internet-of-Things (IoT)-related networking elements, additional security concerns rise, due to the elevated vulnerability of such deployments to specific types of attacks and the necessity of inter-cloud communication any IoT application would require. The overall number of connected nodes makes the efficient monitoring of all entities a real challenge, that must be tackled to prevent system degradation and service outage. This position paper provides an overview of common security issues of SDN when linked to IoT clouds, describes the design principals of the recently introduced Blockchain paradigm and advocates the reasons that render Blockchain as a significant security factor for solutions where SDN and IoT are involved.
82 citations
Cites background or methods from "Blockchains and Smart Contracts for..."
...This method forms a link between blocks that connects them to a form of chain, the blockchain [19] as shown in Figure 3....
[...]
...since blockchain enables trustless networks, as defined in [19]....
[...]
...This provides an accurate impression of the whole network on any given time [19]....
[...]
Posted Content•
TL;DR: This survey aims to identify the key vulnerabilities in smart contracts on Ethereum in the perspectives of their internal mechanisms and software security vulnerabilities by correlating 16 Ethereum vulnerabilities and 19 software security issues.
Abstract: Smart contracts are software programs featuring both traditional applications and distributed data storage on blockchains. Ethereum is a prominent blockchain platform with the support of smart contracts. The smart contracts act as autonomous agents in critical decentralized applications and hold a significant amount of cryptocurrency to perform trusted transactions and agreements. Millions of dollars as part of the assets held by the smart contracts were stolen or frozen through the notorious attacks just between 2016 and 2018, such as the DAO attack, Parity Multi-Sig Wallet attack, and the integer underflow/overflow attacks. These attacks were caused by a combination of technical flaws in designing and implementing software codes. However, many more vulnerabilities of less severity are to be discovered because of the scripting natures of the Solidity language and the non-updateable feature of blockchains. Hence, we surveyed 16 security vulnerabilities in smart contract programs, and some vulnerabilities do not have a proper solution. This survey aims to identify the key vulnerabilities in smart contracts on Ethereum in the perspectives of their internal mechanisms and software security vulnerabilities. By correlating 16 Ethereum vulnerabilities and 19 software security issues, we predict that many attacks are yet to be exploited. And we have explored many software tools to detect the security vulnerabilities of smart contracts in terms of static analysis, dynamic analysis, and formal verification. This survey presents the security problems in smart contracts together with the available analysis tools and the detection methods. We also investigated the limitations of the tools or analysis methods with respect to the identified security vulnerabilities of the smart contracts.
82 citations
Cites background from "Blockchains and Smart Contracts for..."
...Smart contracts based blockchain technology is being embedded into a wide variety of industry applications, such as finance [7], [3], [17], [18], supply chain management, [19], [20], [21], health care [22], [23], [24], [25], energy [26], [27], [28], [29], IoT [30], [31], [32], [33] and government services [7], [34], [35]....
[...]
TL;DR: An online learning-based intelligent task offloading algorithm named QUeuing-delay aware, handOver-cost aware, and Trustfulness Aware Upper Confidence Bound (QUOTA-UCB) is proposed, which can learn the long-term optimal strategy and achieve a well-balanced tradeoff amongtask offloading delay, queuing delay, and handover cost.
Abstract: Vehicular fog computing has emerged as a complementary framework for edge computing by leveraging the under-utilized computational resources of vehicles. However, how to reduce task offloading delay, queuing delay, and handover cost with incomplete information while simultaneously ensuring privacy, fairness, and security remains an open issue. In this paper, we develop a secure and intelligent task offloading framework to address these challenges. We exploit blockchain and smart contract to facilitate fair task offloading and mitigate various security attacks. Then, we design a subjective logic-based trustfulness metric to quantify the possibility of task offloading success, and develop a trustfulness assessment mechanism. An online learning-based intelligent task offloading algorithm named QUeuing-delay aware, handOver-cost aware, and Trustfulness Aware Upper Confidence Bound (QUOTA-UCB) is proposed, which can learn the long-term optimal strategy and achieve a well-balanced tradeoff among task offloading delay, queuing delay, and handover cost. Finally, extensive theoretical analysis and simulations are carried out to demonstrate the reliability, feasibility, and efficiency of the proposed secure and intelligent task offloading scheme.
81 citations
TL;DR: An in-depth survey of BCoT applications in different use-case domains such as smart healthcare, smart city, smart transportation and smart industry is provided and some important research challenges and future directions are highlighted to spur further research in this promising area.
Abstract: The blockchain technology is taking the world by storm. Blockchain with its decentralized, transparent and secure nature has emerged as a disruptive technology for the next generation of numerous industrial applications. One of them is Cloud of Things enabled by the combination of cloud computing and Internet of Things. In this context, blockchain provides innovative solutions to address challenges in Cloud of Things in terms of decentralization, data privacy and network security, while Cloud of Things offer elasticity and scalability functionalities to improve the efficiency of blockchain operations. Therefore, a novel paradigm of blockchain and Cloud of Things integration, called BCoT, has been widely regarded as a promising enabler for a wide range of application scenarios. In this article, we present a state-of-the-art review on the BCoT integration to provide general readers with an overview of the BCoT in various aspects, including background knowledge, motivation, and integrated architecture. Particularly, we also provide an in-depth survey of BCoT applications in different use-case domains such as smart healthcare, smart city, smart transportation and smart industry. Then, we review the recent BCoT developments with the emerging blockchain and cloud platforms, services, and research projects. Finally, some important research challenges and future directions are highlighted to spur further research in this promising area.
81 citations
Cites background from "Blockchains and Smart Contracts for..."
...such as Proof-of-stake (PoS), Byzantine Faulty Tolerant (BFT). Details of conceptual features and related technical issues of such consensus algorithms can be referenced to previous excellent surveys [41], [42]. - Smart contracts: A smart contract is a programmable application that runs on a blockchain network. Since the first smart contract platform known as Ethereum [43] was released in 2015, smart c...
[...]
TL;DR: A novel Blockchain-driven design to reshape the business logic of SCF to develop an efficient and reliable financing platform for small and medium enterprises (SMEs) in the auto retail industry to decrease the cost of financing and speed up the cash flows is proposed.
Abstract: In this paper, a Blockchain-driven platform for supply chain finance, BCautoSCF (Zhi-lian-che-rong in Chinese), is introduced. It is successfully established as a reliable and efficient financing platform for the auto retail industry. Due to the Blockchain built-in trust mechanism, participants in the supply chain (SC) networks work extensively and transparently to run a reliable, convenient, and traceable business. Likewise, the traditional supply chain finance (SCF), partial automation of SCF workflows with fewer human errors and disruptions was achieved through smart contract in BCautoSCF. Such open and secure features suggest the feasibility of BCautoSCF in SCF. As the first Blockchain-driven SCF application for the auto retail industry in China, our contribution lies in studying these pain points existing in traditional SCF and proposing a novel Blockchain-driven design to reshape the business logic of SCF to develop an efficient and reliable financing platform for small and medium enterprises (SMEs) in the auto retail industry to decrease the cost of financing and speed up the cash flows. Currently, there are over 600 active enterprise users that adopt BCautoSCF to run their financing business. Up to October 2019, the BCautoSCF provides services to 449 online/offline auto retailors, three B2B asset exchange platforms, nine fund providers, and 78 logistic services across 21 provinces in China. There are 3296 financing transactions successfully completed in BCautoSCF, and the amount of financing is ¥566,784,802.18. In the future, we will work towards supporting a full automation of SCF workflow by smart contracts, so that the efficiency of transaction will be further improved.
80 citations
Cites background from "Blockchains and Smart Contracts for..."
...) had limited peer-to-peer communication with regards to their own concerns in traditional setting [10]....
[...]
References
More filters
TL;DR: The Albanian Generals Problem as mentioned in this paper is a generalization of Dijkstra's dining philosophers problem, where two generals have to come to a common agreement on whether to attack or retreat, but can communicate only by sending messengers who might never arrive.
Abstract: I have long felt that, because it was posed as a cute problem about philosophers seated around a table, Dijkstra’s dining philosopher’s problem received much more attention than it deserves. (For example, it has probably received more attention in the theory community than the readers/writers problem, which illustrates the same principles and has much more practical importance.) I believed that the problem introduced in [41] was very important and deserved the attention of computer scientists. The popularity of the dining philosophers problem taught me that the best way to attract attention to a problem is to present it in terms of a story. There is a problem in distributed computing that is sometimes called the Chinese Generals Problem, in which two generals have to come to a common agreement on whether to attack or retreat, but can communicate only by sending messengers who might never arrive. I stole the idea of the generals and posed the problem in terms of a group of generals, some of whom may be traitors, who have to reach a common decision. I wanted to assign the generals a nationality that would not offend any readers. At the time, Albania was a completely closed society, and I felt it unlikely that there would be any Albanians around to object, so the original title of this paper was The Albanian Generals Problem. Jack Goldberg was smart enough to realize that there were Albanians in the world outside Albania, and Albania might not always be a black hole, so he suggested that I find another name. The obviously more appropriate Byzantine generals then occurred to me. The main reason for writing this paper was to assign the new name to the problem. But a new paper needed new results as well. I came up with a simpler way to describe the general 3n+1-processor algorithm. (Shostak’s 4-processor algorithm was subtle but easy to understand; Pease’s generalization was a remarkable tour de force.) We also added a generalization to networks that were not completely connected. (I don’t remember whose work that was.) I also added some discussion of practical implementation details.
5,208 citations
TL;DR: In this article, a group of generals of the Byzantine army camped with their troops around an enemy city are shown to agree upon a common battle plan using only oral messages, if and only if more than two-thirds of the generals are loyal; so a single traitor can confound two loyal generals.
Abstract: Reliable computer systems must handle malfunctioning components that give conflicting information to different parts of the system. This situation can be expressed abstractly in terms of a group of generals of the Byzantine army camped with their troops around an enemy city. Communicating only by messenger, the generals must agree upon a common battle plan. However, one or more of them may be traitors who will try to confuse the others. The problem is to find an algorithm to ensure that the loyal generals will reach agreement. It is shown that, using only oral messages, this problem is solvable if and only if more than two-thirds of the generals are loyal; so a single traitor can confound two loyal generals. With unforgeable written messages, the problem is solvable for any number of generals and possible traitors. Applications of the solutions to reliable computer systems are then discussed.
4,901 citations
[...]
TL;DR: It is shown that, without a logically centralized authority, Sybil attacks are always possible except under extreme and unrealistic assumptions of resource parity and coordination among entities.
Abstract: Large-scale peer-to-peer systems face security threats from faulty or hostile remote computing elements. To resist these threats, many such systems employ redundancy. However, if a single faulty entity can present multiple identities, it can control a substantial fraction of the system, thereby undermining this redundancy. One approach to preventing these "Sybil attacks" is to have a trusted agency certify identities. This paper shows that, without a logically centralized authority, Sybil attacks are always possible except under extreme and unrealistic assumptions of resource parity and coordination among entities.
4,816 citations
"Blockchains and Smart Contracts for..." refers background in this paper
...Because of the Sybil attack [15], consensus in public networks is costly...
[...]
...anyone can join though, this would be catastrophic because of the Sybil attack [15]: a single entity could join with multiple identities, get multiple votes, and thus influence the network to favor this entity’s interests....
[...]
22 Feb 1999
TL;DR: A new replication algorithm that is able to tolerate Byzantine faults that works in asynchronous environments like the Internet and incorporates several important optimizations that improve the response time of previous algorithms by more than an order of magnitude.
Abstract: This paper describes a new replication algorithm that is able to tolerate Byzantine faults. We believe that Byzantinefault-tolerant algorithms will be increasingly important in the future because malicious attacks and software errors are increasingly common and can cause faulty nodes to exhibit arbitrary behavior. Whereas previous algorithms assumed a synchronous system or were too slow to be used in practice, the algorithm described in this paper is practical: it works in asynchronous environments like the Internet and incorporates several important optimizations that improve the response time of previous algorithms by more than an order of magnitude. We implemented a Byzantine-fault-tolerant NFS service using our algorithm and measured its performance. The results show that our service is only 3% slower than a standard unreplicated NFS.
3,562 citations
"Blockchains and Smart Contracts for..." refers background or methods in this paper
...5If more than 3f + 1 nodes are used, then the quorum thresholds listed in [26] may lead to forks....
[...]
...Tendermint vs PBFT—Tendermint....
[...]
...Sieve [38], a mechanism used in the HyperLedger Fabric project, augments the PBFT algorithm [26] by adding speculative execution and verification phases, inspired by the execute-verify architecture presented in [39]....
[...]
...Tendermint [32] provides BFT tolerance and is similar to the PBFT algorithm; however it provides a tighter guarantee with regards to the results returned to the client when more than one third of the nodes are faulty, and allows for a dynamically changing set of set of validators, and leaders that can be rotated in a round-robin manner, among other optimizations [33]....
[...]
...PBFT works on the assumption that less than one third of the nodes are faulty (f ), which is why say that it requires at least5 3f + 1 nodes....
[...]
Proceedings Article•
19 Jun 2014TL;DR: Raft is a consensus algorithm for managing a replicated log that separates the key elements of consensus, such as leader election, log replication, and safety, and it enforces a stronger degree of coherency to reduce the number of states that must be considered.
Abstract: Raft is a consensus algorithm for managing a replicated log. It produces a result equivalent to (multi-)Paxos, and it is as efficient as Paxos, but its structure is different from Paxos; this makes Raft more understandable than Paxos and also provides a better foundation for building practical systems. In order to enhance understandability, Raft separates the key elements of consensus, such as leader election, log replication, and safety, and it enforces a stronger degree of coherency to reduce the number of states that must be considered. Results from a user study demonstrate that Raft is easier for students to learn than Paxos. Raft also includes a new mechanism for changing the cluster membership, which uses overlapping majorities to guarantee safety.
1,811 citations
"Blockchains and Smart Contracts for..." refers methods in this paper
...popular Raft algorithm [30], is used as a consensus mechanism in Juno [31]....
[...]