Periodic Reporting for period 2 - BAnDIT (Blockchain Attack and Defense Techniques)
Período documentado: 2021-03-01 hasta 2023-02-28
BAnDiT gave early-stage researchers (ESRs) the opportunity to become key future contributors to the creation of top class security applications, based on the latest blockchain technology features and satisfying real societal needs. More in detail, following the training programme offered by BAnDiT the ESRs were able to test blockchain-based applications against advanced persistent threats and to detect on-the-fly malicious behaviors that may threaten the confidentiality, integrity and availability of exchanged data. The project was structured around two main aims: 1. Develop an advanced platform to test real persistent threats to BCT and assess the weaknesses of blockchain applications/systems; 2.Foster partnership between Industry and Academia in a powerful emerging technology of great impact in our society.
In addition, the PI of the project and ESR4 supervisor at the Universitat Pompeu Fabra obtained a grant under the Universitat Pompeu Fabra's Planetary Wellbeing program to use Blockchain as a Governance Platform for Renewable Energy Communities. ESR4 participated intensively in the proposal preparation. Finally ESR1 will be hired to execute the project for 4 months. It is also expected that this will foster collaboration between the different ESRs and result in some international publication.
The industrial aspect of all of them has crystallized not only in funding collaborations with companies in their fourth year of PhD, but also in the fact that the ESR1 has embarked on exploring the possibility of valorizing its results in the form of a spin-off under the guidance of the PI of the project. Jointly they have been granted with a competitive grant (INNOVALORA) of 50k from Pompeu Fabra University to start shaping the spin-off.
1. Blockchain analysis tools. Topological Data Analysis (TDA) is a recent field in mathematics whose aim is to uncover, understand and exploit the topological and geometric structure underlying complex and possibly high dimensional data. It proposes new well-founded mathematical theories and computational tools that can be used independently or in combination with other data analysis and statistical learning techniques.
2. New Decentralized Exchange (DEX) protocols. ESR1 developed a series of DDEX protocols which promise to reduce some of the negative externalities caused by the temporary monopolisation of power by block producers. These theoretical results are presented in a way which makes their exploitation straightforward.
3. Potential Vulnerability in IoT Blockchain. ESR2 has developed a simulation using the IOTA blockchain's offline Tangle functionality demonstrating a potential vulnerability in the use of offline Tangle synchronization process. Using a prototype simulation, we investigated the effects of the tip selection algorithm on offline transactions, the solidification effect, and partial synchrony considering a subset of nodes are disconnected from the IOTA main net.
4. Economic analysis of Cyber Vulnerabilities: ESR4 Research activity has so far explored several technical and economic aspects of the sustainability of cryptocurrencies, by surveying the most recent literature in the domain and performing event studies on real-world cryptocurrency datasets highlighting the behavior of systems under attack.
5. Legal Analysis of Blockchain Cyber Regulation in the EU: ESR4 explored then legal aspects of blockchain and crypto asset cyber security, thus highlighting the relationships between observed and anticipated threats in BCT systems and (arguably) the last line of defense for resolving the emerging controversies that is provided by the judicial system. The research provided an overview the newest EU proposals for regulations concerning blockchains and crypto-asset and underline EU’s goal to foster further innovation and development in this field. The Research also proposed ways to mitigate cyber-related risks.
6. Policy aspect of MEV: ESR4 research also dealt with issues related to decentralized governance design in relation to MEV under the PBS framework. The research provided a tech-policy perspective which also underlined security and economic concerns which should be addressed by policy.
7. Machine learning and Rug pulls: ESR4 anlyzed scams in Decentralized exchanges, using a method of performing scams known as rug pull. The authors collected all the transactions related to the Uniswap V2 exchange and proposed a machine learning algorithm to label tokens as scams. After manually analyzing the data, a theoretical classification of different malicious maneuvers in the Uniswap protocol was devised. Then, various machine-learning-based algorithms were proposed, with new features related to the token propagation and smart contract heuristics to detect potential rug pulls before they occur. The results suggested that new more involved tools could use scam non-sophisticated users.