No Arabic abstract
Monero is a privacy-centric cryptocurrency that allows users to obscure their transactions by including chaff coins, called mixins, along with the actual coins they spend. In this paper, we empirically evaluate two weaknesses in Moneros mixin sampling strategy. First, about 62% of transaction inputs with one or more mixins are vulnerable to chain-reaction analysis -- that is, the real input can be deduced by elimination. Second, Monero mixins are sampled in such a way that they can be easily distinguished from the real coins by their age distribution; in short, the real input is usually the newest input. We estimate that this heuristic can be used to guess the real input with 80% accuracy over all transactions with 1 or more mixins. Next, we turn to the Monero ecosystem and study the importance of mining pools and the former anonymous marketplace AlphaBay on the transaction volume. We find that after removing mining pool activity, there remains a large amount of potentially privacy-sensitive transactions that are affected by these weaknesses. We propose and evaluate two countermeasures that can improve the privacy of future transactions.
Monero is a privacy-centric cryptocurrency that makes payments untraceable by adding decoys to every real input spent in a transaction. Two studies from 2017 found methods to distinguish decoys from real inputs, which enabled traceability for a majority of transactions. Since then, a number protocol changes have been introduced, but their effectiveness has not yet been reassessed. Furthermore, little is known about traceability of Monero transactions across hard fork chains. We formalize a new method for tracing Monero transactions, which is based on analyzing currency hard forks. We use that method to perform a (passive) traceability analysis on data from the Monero, MoneroV and Monero Original blockchains and find that only a small amount of inputs are traceable. We then use the results to estimate the effectiveness of known heuristics for recent transactions and find that they do not significantly outperform random guessing. Our findings suggest that Monero is currently mostly immune to known passive attack vectors and resistant to tracking and tracing methods applied to other cryptocurrencies.
A variety of innovative software solutions, addressing product anti-counterfeiting and record provenance of the wider supply chain industry, have been implemented. However, these solutions have been developed with centralized system architecture which could be susceptible to malicious modifications on states of product records and various potential security attacks leading to system failure and downtime. Blockchain technology has been enabling decentralized trust with a network of distributed peer nodes to maintain consistent shared states via a decentralized consensus reached, with which an idea of developing decentralized and reliable solutions has been basing on. A Decentralized NFC-Enabled Anti-Counterfeiting System (dNAS) was therefore proposed and developed, decentralizing a legacy anti-counterfeiting system of supply chain industry utilizing enterprise blockchain protocols and enterprise consortium, to facilitate trustworthy data provenance retrieval, verification and management, as well as strengthening capability of product anti-counterfeiting and traceability in supply chain industry. The adoption of enterprise blockchain protocols and implementations has been surging in supply chain industry given its advantages in scalability, governance and compatibility with existing supply chain systems and networks, but development and adoption of decentralized solutions could also impose additional implications to supply chain integrity, in terms of security, privacy and confidentiality. In this research, an empirical analysis performed against decentralized solutions, including dNAS, summarizes the effectiveness, limitations and future opportunities of developing decentralized solutions built around existing enterprise blockchain protocols and implementations for supply chain anti-counterfeiting and traceability.
As distributed ledgers, blockchains run consensus protocols which trade capacity for consistency, especially in non-ideal networks with incomplete connectivity and erroneous links. Existing studies on the tradeoff between capacity and consistency are only qualitative or rely on specific assumptions. This paper presents discrete-time Markov chain models to quantify the capacity of Proof-of-Work based public blockchains in non-ideal networks. The comprehensive model is collapsed to be ergodic under the eventual consistency of blockchains, achieving tractability and efficient evaluations of blockchain capacity. A closed-form expression for the capacity is derived in the case of two miners. Another important aspect is that we extend the ergodic model to analyze the capacity under strong consistency, evaluating the robustness of blockchains against double-spending attacks. Validated by simulations, the proposed models are accurate and reveal the effect of link quality and the distribution of mining rates on blockchain capacity and the ratio of stale blocks.
Third-party security apps are an integral part of the Android app ecosystem. Many users install them as an extra layer of protection for their devices. There are hundreds of such security apps, both free and paid in Google Play Store and some of them are downloaded millions of times. By installing security apps, the smartphone users place a significant amount of trust towards the security companies who developed these apps, because a fully functional mobile security app requires access to many smartphone resources such as the storage, text messages and email, browser history, and information about other installed applications. Often these resources contain highly sensitive personal information. As such, it is essential to understand the mobile security apps ecosystem to assess whether is it indeed beneficial to install them. To this end, in this paper, we present the first empirical study of Android security apps. We analyse 100 Android security apps from multiple aspects such as metadata, static analysis, and dynamic analysis and presents insights to their operations and behaviours. Our results show that 20% of the security apps we studied potentially resell the data they collect from smartphones to third parties; in some cases, even without the user consent. Also, our experiments show that around 50% of the security apps fail to identify malware installed on a smartphone.
Blockchain is a continuously developing technology that has made digital transactions and related computing operations more transparent and secure through globally distributed and decentralized management of states, as well as the strong immutability of blocks mined and transactions validated in a network enabled by the blockchain technology. This manuscript is aimed at elaborating the concept of blockchain technology alongside its coordination and implementation with other emerging technologies, such as smart contract, which works with different blockchain frameworks, as well as enabling anonymous transactions and decentralized consensus amongst different untrusting parties. The discussion of blockchain forks is also covered in this manuscript, depicting fork events created in the blockchain process, their brief history, types, and impacts upon the blockchain development and operation.