International Journal of Computer Networks and Applications (IJCNA)

Published By EverScience Publications

ISSN : 2395-0455

MENU
International Journal of Computer Networks and Applications (IJCNA)

International Journal of Computer Networks and Applications (IJCNA)

Published By EverScience Publications

ISSN : 2395-0455

Mitigating Blockchain Endpoint Vulnerabilities: Conceptual Frameworks

Author NameAuthor Details

Mohd Azeem Faizi Noor, Khurram Mustafa

Mohd Azeem Faizi Noor[1]

Khurram Mustafa[2]

[1]Department of Computer Science, Jamia Millia Islamia, New Delhi, India.

[2]Department of Computer Science, Jamia Millia Islamia, New Delhi, India.

Cite this Article

DOI: 10.22247/ijcna/2024/56

Pages : 933-953

 Download PDF

126

Views

Abstract

Since the inception of Blockchain technology, attackers have consistently exploited vulnerabilities and enjoyed the money from attacks and heists. They have outpaced the users’ defence mechanisms and targeted every possible way and trick to make a profit. There were numerous threats, namely double spending, Sybil attacks, phishing, block-related attacks, smart contract attacks, mining-related attacks etc. One such prominent threat is endpoint security which is identified as broken authentication, cryptographic failures, security misconfiguration, web security vulnerability and human vulnerabilities. The attackers find a relatively easy job to target the identified endpoint of the users to take complete control over the system and steal the sensitive information, resource abuse and credit the cryptocoin. Despite its significance, identified endpoint security has received limited attention, and users still lack robust frameworks or solutions. In this paper, a novel approach has been developed to manage the identified endpoint violation in blockchain applications. Overall, three different conceptual frameworks and abstract ideas were presented that aimed at mitigating the identified endpoint vulnerabilities and hence enhancing endpoint security. These conceptual frameworks were validated through Proof-of-Concept and Defence-in-Depth mechanisms. To illustrate the conceptual framework, a use case was provided. The first framework integrates two recent technologies: Blockchain and Remote Browser Isolation (RBI) that offer a secure and isolated environment for user requests. This framework solves web security vulnerabilities completely and broken authentication, cryptographic failures, security misconfiguration, and human vulnerabilities partially. The subsequent framework incorporates a Trusted Execution Environment (TEE) into the in previous framework that provides secure environments for cryptographic operations. Therefore, it solves broken authentication, cryptographic failures, security misconfiguration and web security vulnerabilities completely while solving human vulnerabilities partially. Finally, the use of steganography was proposed within the above framework to enhance security. This framework, though discussed only briefly and its nature is very complex; hides sensitive data and hence makes it harder to attack and solves broken authentication, cryptographic failures, security misconfiguration and web security vulnerabilities completely while solving human vulnerabilities partially. Conclusively, this paper introduces solutions to mitigate various endpoint vulnerabilities in blockchain applications and enables users to leverage blockchain technology more frequently, more easily and more hassle-free.

Index Terms

Endpoint Vulnerability

Blockchain

Defense in Depth Principle

Remote Browser Isolation

Trusted Execution Environment

Steganography

Reference

  1. 1.
    Y. Abuidris, A. Hassan, A. Hadabi, and I. Elfadul, “Risks and opportunities of blockchain based on e-voting systems,” in 2019 16th International Computer Conference on Wavelet Active Media Technology and Information Processing, 2019, pp. 365–368. doi: 10.1109/ICCWAMTIP47768.2019.9067529.
  2. 2.
    J. H. Lee, “Systematic approach to analyzing security and vulnerabilities of blockchain systems,” Massachusetts Institute of Technology, 2019. doi: https://web.mit.edu/smadnick/www/wp/2019-05.pdf.
  3. 3.
    Z. Wenhua, F. Qamar, T.-A. N. Abdali, R. Hassan, S. T. A. Jafri, and Q. N. Nguyen, “Blockchain technology: security issues, healthcare applications, challenges and future trends,” Electronics (Basel), vol. 12, no. 3, p. 546, 2023, doi: 10.3390/electronics12030546.
  4. 4.
    Y. Erinle, Y. Kethepalli, Y. Feng, and J. Xu, “SoK: Design, Vulnerabilities and Defense of Cryptocurrency Wallets,” arXiv preprint arXiv:2307.12874, 2023, doi: 10.48550/arXiv.2307.12874.
  5. 5.
    B. Eliasi and A. Javdan, “Comparison of blockchain e-wallet implementations,” 2019, School of Electrical Engineering and Computer Science. Accessed: Oct. 25, 2023. [Online]. Available: https://www.diva-portal.org/smash/get/diva2:1350402/FULLTEXT01.pdf
  6. 6.
    S. Gomzin and K. Westin, Crypto Basics: A Nontechnical Introduction to Creating Your Own Money for Investors and Inventors, 1st ed. Apress Berkeley, CA, 2022. doi: 10.1007/978-1-4842-8321-9.
  7. 7.
    P. McCorry, M. Möser, and S. T. Ali, “Why preventing a cryptocurrency exchange heist isn’t good enough,” in Cambridge International Workshop on Security Protocols, Springer International Publishing, 2018, pp. 225–233. doi: 10.1007/978-3-030-03251-7_27.
  8. 8.
    S. Eskandari, D. Barrera, E. Stobert, and J. Clark, “A First Look at the Usability of Bitcoin Key Management,” in Proceedings 2015 Workshop on Usable Security, Internet Society, Feb. 2015. doi: 10.14722/usec.2015.23015.
  9. 9.
    L. Coppolino, S. D’Antonio, G. Mazzeo, L. Romano, and P. Campegiani, “Facing the blockchain endpoint vulnerability, an SGX-based solution for secure eHealth auditing,” 5th Italian Conference on Cybersecurity - CEUR Workshop Proceedings, vol. 2940, pp. 298–308, 2021, Accessed: Dec. 09, 2024. [Online]. Available: https://ceur-ws.org/Vol-2940/paper25.pdf.
  10. 10.
    H. Harrison, “Browser isolation as an enterprise security control,” Cyber Security: A Peer-Reviewed Journal, vol. 6, no. 2, pp. 141–147, 2022, doi: 10.69554/RNYH1344.
  11. 11.
    Cloudflare, “What is browser isolation?” Cloudflare. Accessed: Jul. 16, 2024. [Online]. Available: https://www.cloudflare.com/learning/access-management/what-is-browser-isolation/
  12. 12.
    M. Sabt, M. Achemlal, and A. Bouabdallah, “Trusted execution environment: What it is, and what it is not,” in 2015 IEEE Trustcom/BigDataSE/Ispa, Helsinki, Finland: IEEE, 2015, pp. 57–64. doi: 10.1109/Trustcom.2015.357.
  13. 13.
    Joel Timothy, “What is a Trusted Execution Environment (TEE)?,” Duality. Accessed: Jul. 16, 2024. [Online]. Available: https://dualitytech.com/blog/what-is-a-trusted-execution-environment-tee/
  14. 14.
    M. A. Majeed, R. Sulaiman, Z. Shukur, and M. K. Hasan, “A review on text steganography techniques,” Mathematics, vol. 9, no. 21, p. 2829, 2021, doi: 10.3390/math9212829.
  15. 15.
    M. Gimenez-Aguilar, J. M. De Fuentes, L. González-Manzano, and C. Camara, “Zephyrus: an information hiding mechanism leveraging Ethereum data fields,” IEEE Access, vol. 9, pp. 118553–118570, 2021, doi: 10.1109/ACCESS.2021.3106713.
  16. 16.
    M. Noor and K. Mustafa, “A systematic literature review on endpoint vulnerabilities of blockchain applications,” International Journal of Advanced Technology and Engineering Exploration, vol. 10, no. 109, pp. 1665–1695, Dec. 2023, doi: 0.19101/IJATEE.2023.10101498.
  17. 17.
    S. Nakamoto, “A peer-to-peer electronic cash system,” Bitcoin. –URL: https://bitcoin. org/bitcoin. pdf, vol. 4, 2008.
  18. 18.
    V. Buterin, “Ethereum white paper,” GitHub repository, vol. 1, pp. 22–23, 2013, Accessed: Dec. 09, 2024. [Online]. Available: https://static.peng37.com/ethereum_whitepaper_laptop_3.pdf
  19. 19.
    M. A. F. Noor, S. Khanum, T. Anwar, and M. Ansari, “A Holistic View on Blockchain and Its Issues,” in Blockchain Applications in IoT Security, IGI Global, 2021, pp. 21–44, doi: 10.4018/978-1-7998-2414-5.ch002.
  20. 20.
    G. Yang, C. Li, and K. E. Marstein, “A blockchain-based architecture for securing electronic health record systems,” Concurr Comput, vol. 33, no. 14, p. e5479, 2021, doi: 10.1002/cpe.5479.
  21. 21.
    S. Mollajafari and K. Bechkoum, “Blockchain technology and related security risks: towards a seven-layer perspective and taxonomy,” Sustainability MDPI, vol. 15, no. 18, p. 13401, 2023, doi: 10.3390/su151813401.
  22. 22.
    S. Sharma and R. Dwivedi, “A survey on blockchain deployment for biometric systems,” IET blockchain, vol. 4, no. 2, pp. 124–151, 2024, doi: 10.1049/blc2.12063.
  23. 23.
    M. Choobineh, A. Arabnya, B. Sohrabi, A. Khodaei, and A. Paaso, “Blockchain technology in energy systems: A state-of-the-art review,” IET Blockchain, vol. 3, no. 1, pp. 35–59, 2023, doi: 10.1049/blc2.12020.
  24. 24.
    H. Wu et al., “Blockchain for finance: A survey,” IET Blockchain Wiley, vol. 4, pp. 101–123, 2024, doi: 10.1049/blc2.12067.
  25. 25.
    A. Dixit, A. Trivedi, and W. W. Godfrey, “A survey of cyber attacks on blockchain based IoT systems for industry 4.0,” IET Blockchain, vol. 4, no. 4, pp. 287–301, 2022, doi: 10.1049/blc2.12017.
  26. 26.
    M. Conti, K. E. Sandeep, C. Lal, and S. Ruj, “A survey on security and privacy issues of bitcoin,” IEEE Communications Surveys and Tutorials, vol. 20, no. 4, pp. 3416–3452, 2018, doi: 10.1109/COMST.2018.2842460.
  27. 27.
    H. Hasanova, U. jun Baek, M. gon Shin, K. Cho, and M. S. Kim, “A survey on blockchain cybersecurity vulnerabilities and possible countermeasures,” International Journal of Network Management, vol. 29, no. 2, pp. 1–36, 2019, doi: 10.1002/nem.2060.
  28. 28.
    J. Velissarios, J. Herzig, and U. Didem, “Blockchain’s potential starts with security,” in Accenture, 2019. Accessed: Dec. 09, 2024. [Online]. Available: https://www.accenture.com/us-en/insights/blockchain/potential-starts-security.
  29. 29.
    M. A. Rasool and H. Muhammad Shafiq, “Blockchain Technology: a new domain for Cyber Forensics,” 2018, Diva, Halmstad University. Accessed: Dec. 09, 2024. [Online]. Available: https://www.diva-portal.org/smash/get/diva2:1259867/FULLTEXT01.pdf.
  30. 30.
    R. Matulevi?ius, M. Iqbal, E. Ammar Elhadjamor, S. A. Ghannouchi, M. Bakhtina, and S. Ghannouchi, “Ontological Representation of Healthcare Application Security Using Blockchain Technology,” Informatica (Netherlands), vol. 33, no. 2, pp. 365–397, 2022, doi: 10.15388/22-INFOR486.
  31. 31.
    M. A. F. Noor and K. Mustafa, “A taxonomy of endpoint vulnerabilities and affected blockchain architecture layers,” Concurr Comput, vol. 36, no. 19, p. e8158, 2024, doi: 10.1002/cpe.8158.
  32. 32.
    H. Guo and X. Yu, “A survey on blockchain technology and its security,” Blockchain: Research and Applications, vol. 3, no. 2, p. 100067, Jun. 2022, doi: 10.1016/j.bcra.2022.100067.
  33. 33.
    M. Iqbal and R. Matulevicius, “Exploring Sybil and Double-Spending Risks in Blockchain Systems,” IEEE Access, vol. 9, pp. 76153–76177, 2021, doi: 10.1109/ACCESS.2021.3081998.
  34. 34.
    J. Hu, H. Wang, and Y. Liu, “Strengthening Digital Marketing Security Website Threat Isolation and Protection Using Remote Browser Isolation Technology,” Computer-Aided Design, vol. 21, no. S4, pp. 56–74, 2024, doi: https://doi.org/10.14733/cadaps.2024.S4.56-74.
  35. 35.
    Karlos G. Ray, “A Quick Walkthrough on Remote Browser Isolation (RBI),” Medium. Accessed: Jul. 17, 2024. [Online]. Available: https://karliris62.medium.com/a-quick-walkthrough-on-remote-browser-isolation-rbi-a563094756f6.
  36. 36.
    Z. Bao, Q. Wang, W. Shi, L. Wang, H. Lei, and B. Chen, “When blockchain meets SGX: An overview, challenges, and open issues,” IEEE Access, vol. 8, pp. 170404–170420, Sep. 2020, doi: 10.1109/ACCESS.2020.3024254.
  37. 37.
    L. Farrelly, “What is a Trusted Execution Environment (TEE)?,” Evervault. Accessed: Jul. 16, 2024. [Online]. Available: https://evervault.com/blog/what-is-a-trusted-execution-environment-tee.
  38. 38.
    X. Li, P. Jiang, T. Chen, X. Luo, and Q. Wen, “A survey on the security of blockchain systems,” Future Generation Computer Systems, vol. 107, pp. 841–853, 2020, doi: 10.1016/j.future.2017.08.020.
  39. 39.
    A. M. Alqahtani and A. Algarni, “A Survey on Blockchain Technology Concepts, Applications and Security,” International Journal of Advanced Computer Science and Applications, vol. 14, no. 2, pp. 841–847, 2023, doi: 10.14569/IJACSA.2023.0140296.
  40. 40.
    A. N’dri, “The Applications of Blockchain To Cybersecurity,” Culminating Projects in Information Assurance, p. 141, Aug. 2023, Accessed: Dec. 09, 2024. [Online]. Available: https://repository.stcloudstate.edu/msia_etds/141/.
  41. 41.
    J. Holbrook, “Blockchain Security and Threat Landscape,” in Architecting Enterprise Blockchain Solutions, John Wiley & Sons, Ltd, 2020, ch. 11, pp. 323–347. Doi: 10.1002/9781119557722.ch11.
  42. 42.
    M. K. Shrivas, T. Y. Dean, and S. S. Brunda, “The Disruptive Blockchain Security Threats and Threat Categorization,” in 2020 First International Conference on Power, Control and Computing Technologies (ICPC2T), Raipur: IEEE, Apr. 2020, pp. 327–338. Doi: 10.1109/ICPC2T48082.2020.9071475.
  43. 43.
    P. A. D. S. N. Wijesekara and S. Gunawardena, “A Review of blockchain technology in knowledge-defined networking, its application, benefits, and challenges,” Network, vol. 3, no. 3, pp. 343–421, 2023, doi: 10.3390/network3030017.
  44. 44.
    J. Yli-Huumo, D. Ko, S. Choi, S. Park, and K. Smolander, “Where is current research on blockchain technology?—a systematic review,” PloS One, vol. 11, no. 10, p. e0163477, 2016, doi: 10.1371/journal.pone.0163477.
  45. 45.
    O. Pal, B. Alam, V. Thakur, and S. Singh, “Key management for blockchain technology,” ICT Express, vol. 7, no. 1, pp. 76–80, 2021, doi: 10.1016/j.icte.2019.08.002.
  46. 46.
    E. O. Kiktenko, M. A. Kudinov, and A. K. Fedorov, “Detecting Brute-Force Attacks on Cryptocurrency Wallets,” in Lecture Notes in Business Information Processing, Springer, 2019, pp. 232–242. Doi: 10.1007/978-3-030-36691-9_20.
  47. 47.
    Z. Wang, H. Yu, Z. Zhang, J. Piao, and J. Liu, “ECDSA weak randomness in Bitcoin,” Future Generation Computer Systems, vol. 102, pp. 507–513, 2020, doi: 10.1016/j.future.2019.08.034.
  48. 48.
    N. Wang, Y. Chen, Y. Yang, Z. Fang, and Y. Sun, “Blockchain private key storage algorithm based on image information hiding,” in International Conference on Artificial Intelligence and Security, Springer, Jul. 2019, pp. 542–552. Doi: https://doi.org/10.1007/978-3-030-24268-8_50.
  49. 49.
    M. Brengel and C. Rossow, “Identifying key leakage of bitcoin users,” in International Symposium on Research in Attacks, Intrusions, and Defenses, Springer International Publishing, 2018, pp. 623–643. Doi: 10.1007/978-3-030-00470-5.
  50. 50.
    J. Lind, O. Naor, I. Eyal, F. Kelbert, E. G. Sirer, and P. Pietzuch, “Teechain: a secure payment network with asynchronous blockchain access,” in Proceedings of the 27th ACM Symposium on Operating Systems Principles, in SOSP ’19. New York, NY, USA: Association for Computing Machinery, 2019, pp. 63–79. Doi: 10.1145/3341301.3359627.
  51. 51.
    F. Zhang, I. Eyal, R. Escriva, A. Juels, and R. Van Renesse, “{REM}:{Resource-Efficient} mining for blockchains,” in 26th USENIX Security Symposium (USENIX Security 17), Vancouver: USENIX Association, Aug. 2017, pp. 1427–1444. Accessed: Dec. 09, 2024. [Online]. Available: https://eprint.iacr.org/2017/179.pdf.
  52. 52.
    M. Milutinovic, W. He, H. Wu, and M. Kanwal, “Proof of Luck: an Efficient Blockchain Consensus Protocol,” in Proceedings of the 1st Workshop on System Software for Trusted Execution, in SysTEX ’16. Trento: Association for Computing Machinery, 2016, pp. 1–6. Doi: 10.1145/3007788.3007790.
  53. 53.
    R. Yuan, Y.-B. Xia, H.-B. Chen, B.-Y. Zang, and J. Xie, “Shadoweth: Private smart contract on public blockchain,” J Comput Sci Technol, vol. 33, pp. 542–556, 2018, doi: 10.1007/s11390-018-1839-y.
  54. 54.
    M. Al-Bassam, A. Sonnino, M. Król, and I. Psaras, “Airtnt: Fair exchange payment for outsourced secure enclave computations,” arXiv preprint arXiv:1805.06411, 2018, doi: 10.48550/arXiv.1805.06411.
  55. 55.
    M. A. F. Noor and K. Mustafa, “Protocols and Guidelines to Enhance the Endpoint Security of Blockchain at User’s End,” in ICIDSSD 2022: Proceedings of the 3rd International Conference on ICT for Digital, Smart, and Sustainable Development, ICIDSSD 2022, 24-25 March 2022, New Delhi, India, New Delhi: EAI Publishing, 2023, p. 231. Doi: 10.4108/eai.24-3-2022.2318925.
  56. 56.
    Y. Jabareen, “Building a conceptual framework: philosophy, definitions, and procedure,” Int J Qual Methods, vol. 8, no. 4, pp. 49–62, 2009, doi: 10.1177/160940690900800406.
  57. 57.
    Kaspersky, “What is browser isolation and how does it work?,” Kaspersky. Accessed: Jul. 16, 2024. [Online]. Available: https://www.kaspersky.com/resource-center/definitions/what-is-browser-isolation.
  58. 58.
    Netskope, “https://www.netskope.com/security-defined/what-is-remote-browser-isolation-rbi,” Netskope. Accessed: Jul. 17, 2024. [Online]. Available: https://www.netskope.com/security-defined/what-is-remote-browser-isolation-rbi.
  59. 59.
    A. Kamruzzaman, S. Ismat, J. C. Brickley, A. Liu, and K. Thakur, “A comprehensive review of endpoint security: Threats and defenses,” in 2022 International Conference on Cyber Warfare and Security (ICCWS), Islamabad: IEEE, 2022, pp. 1–7. Doi: 10.1109/ICCWS56285.2022.9998470.
  60. 60.
    R. Verma, N. Dhanda, and V. Nagar, “Application of truffle suite in a blockchain environment,” in Proceedings of Third International Conference on Computing, Communications, and Cyber-Security: IC4S 2021, Springer, 2022, pp. 693–702. Doi: 10.1007/978-981-19-1142-2_54.
  61. 61.
    G. McCubbin, “How To Build A Blockchain App with Ethereum, Web3.js & Solidity Smart Contracts,” Dapp University. Accessed: Jul. 18, 2024. [Online]. Available: https://www.dappuniversity.com/articles/how-to-build-a-blockchain-app.
  62. 62.
    W.-M. Lee, “Using the MetaMask Crypto-Wallet,” in Beginning Ethereum Smart Contracts Programming: With Examples in Python, Solidity, and JavaScript, Berkeley, CA: Apress, 2023, pp. 111–144. Doi: 10.1007/978-1-4842-9271-6_5.
SCOPUS
SCImago Journal & Country Rank

Announcements

Archives

Downloads

Contact Us

Dr.M. Milton Joe
EverScience Publications,
Nagercoil, Tamilnadu,India

Talk to Us

+91 9442777224

Email Us

editor@ijcna.org

info@ijcna.org

info@everscience.org

Quick Links

Follow Us

Copyright © 2023; EverScience Publications

Designed & Maintained By Shiro Software Solutions