Periodic Reporting for period 1 - BAnDIT (Blockchain Attack and Defense Techniques)
Berichtszeitraum: 2019-03-01 bis 2021-02-28
BAnDiT will give early-stage researchers (ESRs) the opportunity to become key future contributors to the creation of top class security applications, based on the latest blockchain technology features and satisfying real societal needs. More in detail, following the training programme offered by BAnDiT the ESRs will be able to test blockchain-based applications against advanced persistent threats and to detect on-the-fly malicious behaviors that may threaten the confidentiality, integrity and availability of exchanged data. The project is structured around these two main aims:
Aim 1: Develop an advanced platform to test real persistent threats to BCT and assess the weaknesses of blockchain applications/systems. BAnDiT will contribute to a novel paradigm for integrating novel security protocols and mathematical cryptographic primitives based on real world applications so as to detect possible threats and misbehaviours with the goal of preventing potential cybercrimes. Whereas current state of the art consists in multiple isolated proposals responding to individual concerns, we aim at j oining industrial and academic strengths in an open effort towards improving our security ecosystem. Furthermore, making use of multidisciplinary strengths of all partners, BAnDiT will analyze the i mpact of economic models on blockchain attacks.
Aim 2: Foster partnership between Industry and Academia i n a powerful e merging technology of g reat impact in our society. As technological devices are everyday more present in our daily lives, it increases the need to use strong protection mechanisms to secure them against misuses. However, the need for stronger security and privacy meets with an increasing public discomfort in trusted entities. BAnDiT will connect the real world needs of the industry with the academic work in the emerging area of blockchain technologies, which addresses these issues by creating trust in a transparent way. The project will offer joint doctorate positions within mixed industrial and academic r esearch projects, in order to provide excellent and truly relevant, practically oriented training for ESRs
Aim 1: Develop an advanced platform to test real persistent threats to BCT and assess the weaknesses of blockchain applications/systems. BAnDiT will contribute to a novel paradigm for integrating novel security protocols and mathematical cryptographic primitives based on real world applications so as to detect possible threats and misbehaviours with the goal of preventing potential cybercrimes. Whereas current state of the art consists in multiple isolated proposals responding to individual concerns, we aim at j oining industrial and academic strengths in an open effort towards improving our security ecosystem. Furthermore, making use of multidisciplinary strengths of all partners, BAnDiT will analyze the i mpact of economic models on blockchain attacks.
Aim 2: Foster partnership between Industry and Academia i n a powerful e merging technology of g reat impact in our society. As technological devices are everyday more present in our daily lives, it increases the need to use strong protection mechanisms to secure them against misuses. However, the need for stronger security and privacy meets with an increasing public discomfort in trusted entities. BAnDiT will connect the real world needs of the industry with the academic work in the emerging area of blockchain technologies, which addresses these issues by creating trust in a transparent way. The project will offer joint doctorate positions within mixed industrial and academic r esearch projects, in order to provide excellent and truly relevant, practically oriented training for ESRs
Deliverables:
A total of 16 deliverables have been submitted during the first half of BAnDIT. Some of them were submitted with minor delays as the project had to adapt to the late recruiting of ESR3 and (especially) the Covid outbreak during 2020, but communication with the Project Officer was established in advance, to inform of the delays and ask for extensions.
Milestones:
Five milestones had been planned to be achieved during the first 24 months of the project:
MS1 was achieved on M12 when the last of the 4 ESRs was formally hired. The process was rather long. Even though there were a lot of interest and we received several applications for each one of the positions, the specificity of each one of the profiles made the whole process longer. However, finally 4 promising researchers with skills that perfectly fit the positions were found.
MS2 was achieved on M17. The growth of blockchains has been exponential in the last years. Unfortunately, also the number of attacks in them (including several new ones). A concise report on the state-of-the-art was crucial to understand and face the real needs in this topic that had to be addressed. The taxonomy helped to focus real needs and therefore directing the research to be carried on.o
MS3 has been achieved, as all ESRs are working satisfactorily towards the completion of their respective career development plans. Because of the COVID-19 outbreak, different measures and postponement have been considered, as informed to the Project Manager, to face with the pandemic limitations.
MS6 was also achieved in M12 once ESR3 (the latest to join the project) was enrolled in UPF’s doctorate programme. Furthermore, all of them have successfully defended their Thesis Proposal during his first year of PhD, as it is mandatory in the PhD Programme of our Department.
MS7 was achieved in M21 as the Project Check between REA and the consortium did not take place until November 2021. Because of the COVID-19 outbreak, the initial planned face-to-face meeting was initially postponed a few months waiting for the pandemic to improve. After a few months, and with a more realistic view of the situation, it was decided to arrange an online meeting, where all players participating in the project attended.
A total of 16 deliverables have been submitted during the first half of BAnDIT. Some of them were submitted with minor delays as the project had to adapt to the late recruiting of ESR3 and (especially) the Covid outbreak during 2020, but communication with the Project Officer was established in advance, to inform of the delays and ask for extensions.
Milestones:
Five milestones had been planned to be achieved during the first 24 months of the project:
MS1 was achieved on M12 when the last of the 4 ESRs was formally hired. The process was rather long. Even though there were a lot of interest and we received several applications for each one of the positions, the specificity of each one of the profiles made the whole process longer. However, finally 4 promising researchers with skills that perfectly fit the positions were found.
MS2 was achieved on M17. The growth of blockchains has been exponential in the last years. Unfortunately, also the number of attacks in them (including several new ones). A concise report on the state-of-the-art was crucial to understand and face the real needs in this topic that had to be addressed. The taxonomy helped to focus real needs and therefore directing the research to be carried on.o
MS3 has been achieved, as all ESRs are working satisfactorily towards the completion of their respective career development plans. Because of the COVID-19 outbreak, different measures and postponement have been considered, as informed to the Project Manager, to face with the pandemic limitations.
MS6 was also achieved in M12 once ESR3 (the latest to join the project) was enrolled in UPF’s doctorate programme. Furthermore, all of them have successfully defended their Thesis Proposal during his first year of PhD, as it is mandatory in the PhD Programme of our Department.
MS7 was achieved in M21 as the Project Check between REA and the consortium did not take place until November 2021. Because of the COVID-19 outbreak, the initial planned face-to-face meeting was initially postponed a few months waiting for the pandemic to improve. After a few months, and with a more realistic view of the situation, it was decided to arrange an online meeting, where all players participating in the project attended.
1. Blockchain analysis tools. Topological Data Analysis (TDA) is a recent field in mathematics whose aim is to uncover, understand and exploit the topological and geometric structure underlying complex and possibly high dimensional data. It proposes new well-founded mathematical theories and computational tools that can be used independently or in combination with other data analysis and statistical learning techniques. Interestingly, TDA’s set of tools for dimensionality reduction and visualization of high dimensional data have shown big potential to unlock relationships that would be considered as noise by traditional statistical approaches, as traditional clustering. Furthermore, TDA has been applied to a large wild range of fields such as data skeletonization, shape study, complex network, image analysis, nance market, viral evolution, graph reconstruction. In particular, in Blockchain technology, TDA has been used to improve price forecasting models and for detecting ransomware addresses. First promising steps have been taken to explore the power of topological data analysis on on-chain analysis. By using deep learning algorithms, we will study the potential of employing on-chain data and TDA to develop a methodology and algorithms that find the malicious addresses, detect anomalies in the state of the Blockchain, critical transitions of cryptocurrency market prices, and vulnerable smart contracts.
If the results of these tools are as good as they seem, and improve the existing results in the market (they do not use TDA techniques) the exploitation could be of great interest. These tools for the assessment of blockchain-based applications as well as design an auditing system, capable of verifying the presence of security flaws with respect to the blockchain. This project will assist system’s administrators, or security technicians or plain users in detecting security flaws faster. This will reduce the time to detect an attack, and therefore the economic costs derived.
2. New cryptocurrencies. As explained in detail in Section 1.1 first steps towards better consensus protocols have been performed during the project. The current legitimacy of cryptocurrencies depends on a delicately balanced Prisoner’s Dilemma where any one individual manager of the ledger could benefit by deviating if all other players do not. It is unlikely that retail investors are aware of this, and personally, this reality is quite disturbing. Consequently, it is imperative that we address this fundamentally flawed assumption and anticipate that players will always try and maximise their on-chain tokens. In our consensus algorithms are strong enough, exploration of the exploitation in the form of a new more fair and sustainable cryptocurrency could be an option. Of course, this is something to explore at medium-long term, but could be definitely of great interest if possible.
If the results of these tools are as good as they seem, and improve the existing results in the market (they do not use TDA techniques) the exploitation could be of great interest. These tools for the assessment of blockchain-based applications as well as design an auditing system, capable of verifying the presence of security flaws with respect to the blockchain. This project will assist system’s administrators, or security technicians or plain users in detecting security flaws faster. This will reduce the time to detect an attack, and therefore the economic costs derived.
2. New cryptocurrencies. As explained in detail in Section 1.1 first steps towards better consensus protocols have been performed during the project. The current legitimacy of cryptocurrencies depends on a delicately balanced Prisoner’s Dilemma where any one individual manager of the ledger could benefit by deviating if all other players do not. It is unlikely that retail investors are aware of this, and personally, this reality is quite disturbing. Consequently, it is imperative that we address this fundamentally flawed assumption and anticipate that players will always try and maximise their on-chain tokens. In our consensus algorithms are strong enough, exploration of the exploitation in the form of a new more fair and sustainable cryptocurrency could be an option. Of course, this is something to explore at medium-long term, but could be definitely of great interest if possible.