Periodic Reporting for period 1 - BAnDIT (Blockchain Attack and Defense Techniques)
Reporting period: 2019-03-01 to 2021-02-28
Aim 1: Develop an advanced platform to test real persistent threats to BCT and assess the weaknesses of blockchain applications/systems. BAnDiT will contribute to a novel paradigm for integrating novel security protocols and mathematical cryptographic primitives based on real world applications so as to detect possible threats and misbehaviours with the goal of preventing potential cybercrimes. Whereas current state of the art consists in multiple isolated proposals responding to individual concerns, we aim at j oining industrial and academic strengths in an open effort towards improving our security ecosystem. Furthermore, making use of multidisciplinary strengths of all partners, BAnDiT will analyze the i mpact of economic models on blockchain attacks.
Aim 2: Foster partnership between Industry and Academia i n a powerful e merging technology of g reat impact in our society. As technological devices are everyday more present in our daily lives, it increases the need to use strong protection mechanisms to secure them against misuses. However, the need for stronger security and privacy meets with an increasing public discomfort in trusted entities. BAnDiT will connect the real world needs of the industry with the academic work in the emerging area of blockchain technologies, which addresses these issues by creating trust in a transparent way. The project will offer joint doctorate positions within mixed industrial and academic r esearch projects, in order to provide excellent and truly relevant, practically oriented training for ESRs
A total of 16 deliverables have been submitted during the first half of BAnDIT. Some of them were submitted with minor delays as the project had to adapt to the late recruiting of ESR3 and (especially) the Covid outbreak during 2020, but communication with the Project Officer was established in advance, to inform of the delays and ask for extensions.
Five milestones had been planned to be achieved during the first 24 months of the project:
MS1 was achieved on M12 when the last of the 4 ESRs was formally hired. The process was rather long. Even though there were a lot of interest and we received several applications for each one of the positions, the specificity of each one of the profiles made the whole process longer. However, finally 4 promising researchers with skills that perfectly fit the positions were found.
MS2 was achieved on M17. The growth of blockchains has been exponential in the last years. Unfortunately, also the number of attacks in them (including several new ones). A concise report on the state-of-the-art was crucial to understand and face the real needs in this topic that had to be addressed. The taxonomy helped to focus real needs and therefore directing the research to be carried on.o
MS3 has been achieved, as all ESRs are working satisfactorily towards the completion of their respective career development plans. Because of the COVID-19 outbreak, different measures and postponement have been considered, as informed to the Project Manager, to face with the pandemic limitations.
MS6 was also achieved in M12 once ESR3 (the latest to join the project) was enrolled in UPF’s doctorate programme. Furthermore, all of them have successfully defended their Thesis Proposal during his first year of PhD, as it is mandatory in the PhD Programme of our Department.
MS7 was achieved in M21 as the Project Check between REA and the consortium did not take place until November 2021. Because of the COVID-19 outbreak, the initial planned face-to-face meeting was initially postponed a few months waiting for the pandemic to improve. After a few months, and with a more realistic view of the situation, it was decided to arrange an online meeting, where all players participating in the project attended.
If the results of these tools are as good as they seem, and improve the existing results in the market (they do not use TDA techniques) the exploitation could be of great interest. These tools for the assessment of blockchain-based applications as well as design an auditing system, capable of verifying the presence of security flaws with respect to the blockchain. This project will assist system’s administrators, or security technicians or plain users in detecting security flaws faster. This will reduce the time to detect an attack, and therefore the economic costs derived.
2. New cryptocurrencies. As explained in detail in Section 1.1 first steps towards better consensus protocols have been performed during the project. The current legitimacy of cryptocurrencies depends on a delicately balanced Prisoner’s Dilemma where any one individual manager of the ledger could benefit by deviating if all other players do not. It is unlikely that retail investors are aware of this, and personally, this reality is quite disturbing. Consequently, it is imperative that we address this fundamentally flawed assumption and anticipate that players will always try and maximise their on-chain tokens. In our consensus algorithms are strong enough, exploration of the exploitation in the form of a new more fair and sustainable cryptocurrency could be an option. Of course, this is something to explore at medium-long term, but could be definitely of great interest if possible.