政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/131486
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 113318/144297 (79%)
Visitors : 51070400      Online Users : 928
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    政大典藏 > College of Commerce > Department of MIS > Theses >  Item 140.119/131486
    Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/131486


    Title: 動態監控區塊鏈系統
    Runtime Hook on Blockchain Systems
    Authors: 林韋廷
    Lin, Wei-Ting
    Contributors: 郁方
    蕭舜文

    Yu, Fang
    Hsiao, Shun-Wen

    林韋廷
    Lin, Wei-Ting
    Keywords: 區塊鏈
    智能合約
    以太坊
    動態監控
    Blockchain
    Ethereum
    Smart contract
    Runtime hook
    Date: 2020
    Issue Date: 2020-09-02 11:44:45 (UTC+8)
    Abstract: 在區塊鏈上使用硬叉機制來恢復攻擊造成的損失與區塊鏈系統的不變性相矛盾。為了防止惡意交易提前進入區塊鏈,我們提出了一種Runtime Hook技術,以同步和分析暴露在以太坊交易池中的正在進行的交易。全面了解過去和正在進行的交易,我們可以識別並強制中止惡意交易,並防止由於執行和記錄在區塊鏈中的攻擊而造成的損失。具體來說,我們修改以太坊源代碼以檢測節點的入口點,以同步從以太坊P2P網絡接收的數據,並系統地掃描交易中的可疑模式以識別潛在的攻擊。作為概念驗證,我們演示瞭如何在私有區塊鏈系統上部署建議的Runtime Hook系統,以便我們可以檢測和防止智能合約的51%攻擊中的雙花交易和重入攻擊。
    Using hard-fork mechanism on the blockchain to recover the losses caused by attacks contradicts the immutable characteristic of a blockchain system. To prevent malicious transactions from getting into blockchains in advance, we propose a runtime hook technique to synchronize and analyze the ongoing transactions exposed to the Ethereum transaction pool. Having a complete view of the past and the ongoing transactions, we can identify and enforce abortion of malicious transactions and prevent losses due to attacks being executed and recorded in the blockchain. Specifically, we modify the Ethereum source code to instrument the entry point of a node to synchronize data received from the Ethereum P2P network and systematically scan suspicious patterns in transactions to identify potential attacks. As a proof-of-the-concept, we show how to deploy the proposed runtime hook system on a private blockchain system, such that we can detect and prevent transactions of double spending on the 51% attack and reentrancy attack of smart contracts.
    Reference: [1] S. Nakamoto et al., “Bitcoin: A peer-to-peer electronic cash system,” 2008.
    [2] M. Swan, Blockchain : blueprint for a new economy. Sebastopol, Calif.: O’Reilly Media, 2015.
    [3] “Fidelity investments - retirement plans, investing, brokerage, wealth management, finacial planning and advice, online trading..” https://www.fidelity.com/.
    [4] “Nyse: The new york stock exchange.” https://www.nyse.com/index.
    [5] “Intercontinental exchange.” https://www.intercontinentalexchange.com/index.
    [6] R. Zhang, R. Xue, and L. Liu, “Security and privacy on blockchain,” arXiv preprint arXiv:1903.07602, 2019.
    [7] “Zcash counterfeiting vulnerability successfully remediated.” https://z.cash/
    blog/zcash-counterfeiting-vulnerability-successfully-remediated/.
    [8] “Deep chain reorganization detected on ethereum classic (etc).” https://blog.
    coinbase.com/ethereum-classic-etc-is-currently-being-51-attacked-33be13ce32de.
    [9] “Pow 51% attack cost.” https://www.crypto51.app/.
    [10] “Fundamentals of proof of work.” https://blog.sia.tech/
    fundamentals-of-proof-of-work-beaa68093d2b.
    [11] “web3.js - ethereum javascript api.” https://web3js.readthedocs.io/en/1.0/.
    [12] “Json rpc.” https://github.com/ethereum/wiki/wiki/JSON-RPC.
    [13] A. Baliga, “Understanding blockchain consensus models,” in Persistent, 2017.
    [14] S. King and S. Nadal, “Ppcoin: Peer-to-peer crypto-currency with proof-of-stake,”
    [15] P. Vasin, “Blackcoins proof-of-stake protocol v2,”
    [16] “Introducing casper the friendly ghost.” https://blog.ethereum.org/2015/08/
    01/introducing-casper-friendly-ghost/, 2015.
    [17] G. Wood et al., “Ethereum: A secure decentralised generalised transaction ledger,”
    Ethereum project yellow paper, vol. 151, pp. 1–32, 2014.
    [18] “Dpos.” https://en.bitcoinwiki.org/wiki/DPoS.
    [19] “Bitshares.org - home for the bitshares blockchain.” https://bitshares.org/.
    [20] “Introduction sawtooth latest documentation - hyperledger sawtooth.”
    https://sawtooth.hyperledger.org/docs/core/nightly/0-8/introduction.html#proof-of-elapsed-time-poet.
    [21] M. Castro, B. Liskov, et al., “Practical byzantine fault tolerance,” in OSDI, vol. 99, pp. 173–186, 1999.
    [22] “Hyperledger open source blockchain technologies.” https://www.hyperledger.org/.
    [23] “Etherscan api.” https://etherscan.io/apis.
    [24] G. Ateniese, B. Magri, D. Venturi, and E. Andrade, “Redactable blockchain–or–
    rewriting history in bitcoin and friends,” in 2017 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 111–126, IEEE, 2017.
    [25] D. Deuber, B. Magri, and S. A. K. Thyagarajan, “Redactable blockchain in the
    permissionless setting,” arXiv preprint arXiv:1901.03206, 2019.
    [26] I. Puddu, A. Dmitrienko, and S. Capkun, “µchain: How to forget without hard forks.,”
    [27] S. Anderson and B. Q. Nguyen, “Filtering and redacting blockchain transactions,” 2018. US Patent App. 15/348,581.
    [28] M. Florian, S. Beaucamp, S. A. Henningsen, and B. Scheuermann, “Erasing data from blockchain nodes,” CoRR, vol. abs/1904.08901, 2019.
    [29] S. Zhou, Z. Yang, J. Xiang, Y. Cao, M. Yang, and Y. Zhang, “An ever-evolving game: Evaluation of real-world attacks and defenses in ethereum ecosystem,”
    [30] P. Zheng, Z. Zheng, X. Luo, X. Chen, and X. Liu, “A detailed and real-time performance monitoring framework for blockchain systems,” in 2018 IEEE/ACM 40th
    International Conference on Software Engineering: Software Engineering in Practice Track (ICSE-SEIP), pp. 134–143, May 2018.
    [31] B. Jiang, Y. Liu, and W. Chan, “Contractfuzzer: Fuzzing smart contracts for vulnerability detection,” in Proceedings of the 33rd ACM/IEEE International Conference
    on Automated Software Engineering, pp. 259–269, ACM, 2018.
    [32] “Contract abi specification.” https://solidity.readthedocs.io/en/develop/abi-spec.html.
    [33] I. Nikoli´c, A. Kolluri, I. Sergey, P. Saxena, and A. Hobor, “Finding the greedy, prodigal, and suicidal contracts at scale,” in Proceedings of the 34th Annual Computer Security Applications Conference, pp. 653–663, ACM, 2018.
    [34] P. Tsankov, A. Dan, D. Drachsler-Cohen, A. Gervais, F. Buenzli, and M. Vechev, “Securify: Practical security analysis of smart contracts,” in Proceedings of the 2018
    ACM SIGSAC Conference on Computer and Communications Security, pp. 67–82, ACM, 2018.
    [35] X. Li, P. Jiang, T. Chen, X. Luo, and Q. Wen, “A survey on the security of blockchain systems,” Future Generation Computer Systems, 2017.
    [36] I.-C. Lin and T.-C. Liao, “A survey of blockchain security issues and challenges.,” IJ Network Security, vol. 19, no. 5, pp. 653–659, 2017.
    [37] I. Eyal and E. G. Sirer, “Majority is not enough: Bitcoin mining is vulnerable,” Commun. ACM, vol. 61, pp. 95–102, June 2018.
    [38] G. O. Karame, “Two bitcoins at the price of one? double-spending attacks on fast payments in bitcoin,” in In Proc. of Conference on Computer and Communication Security, 2012.
    [39] G. O. Karame, E. Androulaki, M. Roeschlin, A. Gervais, and S. Capkun, “Misbehav- ior in bitcoin: A study of double-spending and accountability,” ACM Transactions on Information and System Security (TISSEC), vol. 18, no. 1, p. 2, 2015.
    [40] H. Mayer, “Ecdsa security in bitcoin and ethereum: a research survey,” CoinFaabrik, 2016.
    [41] “Wannacry ransomware attack.” https://en.wikipedia.org/wiki/WannaCry_ransomware_attack
    [42] N. Christin, “Traveling the silk road: A measurement analysis of a large anonymous online marketplace,” in Proceedings of the 22nd international conference on World
    Wide Web, pp. 213–224, ACM, 2013.
    [43] “Uk national risk assessment of money laundering and terrorist financing.”
    https://assets.publishing.service.gov.uk/government/uploads/system/
    uploads/attachment_data/file/468210/UK_NRA_October_2015_final_web.pdf.
    [44] N. Atzei, M. Bartoletti, and T. Cimoli, “A survey of attacks on ethereum smart contracts.,” IACR Cryptology ePrint Archive.
    [45] “The dao (organization).” https://en.wikipedia.org/wiki/The_DAO_(organization).
    [46] C. Pinz´on and C. Rocha, “Double-spend attack models with time advantange for bitcoin,” Electronic Notes in Theoretical Computer Science, vol. 329, pp. 79–103,
    2016.
    [47] V. Buterin et al., “Ethereum white paper,” GitHub repository, pp. 22–23, 2013.
    Description: 碩士
    國立政治大學
    資訊管理學系
    106356001
    Source URI: http://thesis.lib.nccu.edu.tw/record/#G0106356001
    Data Type: thesis
    DOI: 10.6814/NCCU202001239
    Appears in Collections:[Department of MIS] Theses

    Files in This Item:

    File Description SizeFormat
    600101.pdf1155KbAdobe PDF20View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback