Blockchain Security Attacks Challenges and Solutio

This article has been accepted for publication in a future issue of this journal, but has not been
fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3051602, IEEE
Access
Date of publication xxxx 00, 0000, date of current version xxxx 00, 0000. Digital Object Identifier 10.1109/ACCESS.2017.Doi Number
Blockchain Security Attacks, Challenges,

and Solutions for the Future Distributed
IoT Network
SAURABH SINGH1, A.S.M. SANWAR HOSEN2, and BYUNGUN YOON 1 *, Senior member,
IEEE
1Department of Industrial & Systems Engineering, Dongguk University, Seoul, South Korea
2Division of Computer Science, Chonbuk National University, South Korea
Corresponding author: postman3@dongguk.edu

Acknowledgment: This research was funded by National Research Foundation of Korea: 2019R1A2C1085388 and was
supported by the Dongguk University Research Fund of 2020 (S-2020-G0001-00050)
ABSTRACT Blockchain technology is becoming increasingly attractive to the next generation, as it is uniquely suited to
the information era. Blockchain technology can also be applied to the Internet of Things (IoT). The advancement of IoT
technology in various domains has led to substantial progress in distributed systems. Blockchain concept requires a
decentralized data management system for storing and sharing the data and transactions in the network. This paper discusses
the blockchain concept and relevant factors that provide a detailed analysis of potential security attacks and presents existing
solutions that can be deployed as countermeasures to such attacks. This paper also includes blockchain security enhancement
solutions by summarizing key points that can be exploited to develop various blockchain systems and security tools that
counter security vulnerabilities. Finally, the paper discusses open issues relating to and future research directions of
blockchain-IoT systems.
INDEX TERMS Blockchain, Internet of Things, Threats and Attacks, Security
I. INTRODUCTION technology is at the center of many current developments in

Blockchain technology, a distributed digital ledger the IoT industry. One reason for this is that many IoT
technology that can be used to maintain continuously services are vulnerable to attacks and challenges. Using
growing lists of data records and transactions securely, has blockchain technology can solve many of the issues with
recently taken the world by storm. The three main criteria cyber-physical systems in the IoT sector. As the IoT industry
related to blockchain identity and accessibility are public or is moving toward a network sensor model, sustainable smart
less authorized, private or authorized, and consortium. The cities, and the many components involved must be framed in
most important and unique factor of the blockchain concept consideration of certain benefits [8-12].
is that the stored information is secured entirely within the Moreover, blockchain enables different privacy-preserving
blocks of the blockchain’s transactions. Its decentralized models for IoT applications, such as data privacy, user
consensus model has the three main features of consistency, privacy, location privacy, privacy-preserving aggregation,
aliveness, and fault tolerance [1-3]. and many others. Ferrag et al. [13] suggested many privacy-
Blockchain technology has been successfully applied in a preserving schemes and presented a side-by-side comparison
wide variety of areas. When blockchain technology is of different security and privacy approaches for Fog-based
implemented in the Internet of Things (IoT) domain to IoT applications. Dwivedi et al. [14] proposed a scheme of
exchange and share network data, records, validation, and modified blockchain models in the medical sector that
security service, there are a few relevant issues that are still involves additional protection and privacy parameters based
being researched, with a particular focus on the security of on advanced cryptographic primitives. This scheme uses
cyber-physical systems in the IoT sector. Many authorized lightweight digital signatures to guarantee that the
organizations are currently working to ensure proper information cannot be improperly modified, and a tamper-
interoperability, integrity, and privacy of the IoT network. proof seal protects it. Privacy-preserving methods for IoT
These organizations are all working together using data in smart cities have been discussed by Shen et al. [15].
blockchain technology and cloud computing. The Support vector machine training is used with blockchain
technology brings transparency, reliability, and proper technology to enable it to handle smart city data. The
governance to the IoT information system [4-7]. blockchain techniques allow for secure and reliable IoT data
Blockchain technology is redefining data modeling, and between data providers, where each provider can encrypt the
governments have implemented blockchain in many IoT data instance locally using its private key.
applications. It is mainly attractive for such applications due In the move toward numerous beneficial features such as
to its unprecedented ability to adapt as well as the segment, decentralization, persistence, anonymity, and auditability,
protect, and share IoT data and services. Blockchain security is a major concern. This paper provides an inclusive
VOLUME XX, 2017 1
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3051602, IEEE
Access
overview of blockchain parameters and security attacks in systematically presents and discusses the security
cyber-physical systems. It also presents some existing limitations, vulnerabilities, challenges, and issues
solutions and blockchain applications for various factors that associated with blockchain technology, as well as
can affect the blockchain system. Blockchain technology has security issues in blockchain enterprises.
attracted substantial industrial and academic attention due to  This paper discusses the widespread security attacks
its decentralization, persistence, anonymity, and auditing on blockchain technologies and their vulnerabilities
attributes. In this survey, we consider the implementation of based on the results of many existing studies.
blockchain technology in a wide range of applications and Moreover, various applications and opportunities
discuss a number of the challenges involved. involved in blockchain technology are also discussed.
 This survey presents existing security solutions for
A. CONTRIBUTION blockchain technology in different environments.
 To the best of our knowledge, this is the first study of Finally, this paper discusses some security tools that
its kind to survey blockchain attacks in IoT networks can address these security vulnerabilities. It also
and provide solutions for such attacks. outlines some open questions and research challenges,
 This review presents the essential background and open requirements that could improve
knowledge needed for blockchain and its elements, blockchain-IoT capability.
participants, and components along with their
functionalities. The goal is to familiarize readers with
the blockchain system. Moreover, this paper
FIGURE 1. Roadmap of different literature on security issues, attacks, and solutions in blockchain technology between 2016 and 2020.
research on security attacks, although a solution has been

B. ROADMAP AND COMPARISON WITH RELATED proposed by Reyna et al. [S3]. Salman et al. [S4] illustrated
SURVEY ARTICLE blockchain-based approaches for several security services,
Fig. 1 shows a roadmap of the various kinds of surveys including resource provenance, confidentiality,
related to blockchain technology presented from 2016 to authentication, integrity assurance, and privacy.
2020. Dorri et al. considered IoT security and privacy issues They also discussed some of the challenges and issues
and vulnerabilities [S1]. The authors also provided a associated with blockchain-based security services, and
blockchain-based solution. Lin and Liao [S2] surveyed the provided insight into security services in current applications
blockchain security issues and challenges as well as the and techniques. Taylor et al. [S5] provided a systematic
different kinds of attacks. They also briefly discussed other literature survey on blockchain cybersecurity, including
blockchain applications such as Bitcoin, Ethereum, and research-type applications, and reported key
hyper ledger. Reyna et al. surveyed blockchain technology qualitative/quantitative data. They also discussed future
with a focus on feature analysis and challenges, as well as research directions in blockchain for IoT security, artificial
the integration of blockchain and IoT through different intelligence (AI) data security, and the release of open-
identification and analysis methods. Applications based on source software and datasets. Hassan et al. [S6] discussed
blockchain-IoT are also discussed. However, there is limited privacy-preserving features in blockchain-based IoT systems.
VOLUME XX, 2017 1
Access
The authors focused on presenting the practical issues remote care environments. Saad et al. [S9] systematically
caused by privacy leakages in IoT operating systems, explored the attack surface in terms of blockchain
analyzing the implementation of privacy protection, and cryptographic construct, distributed architecture, and
outlining the various issues associated with the privacy blockchain application context, while providing detailed
protection of blockchain-based IoT systems. Ferrag et al. solutions and opportunities.
[S7] discussed different application domains of blockchain–
IoT, such as IoV, IoE, IoC, edge computing, and others. This paper is organized as follows: Section II explains
They reviewed the anonymity and privacy of the bitcoin blockchain technology and its related factors. Section III
system and provided a taxonomy with a side-by-side provides details about blockchain security attacks, and
comparison of state-of-the-art privacy-preserving blockchain section IV discusses the blockchain security issues. Section V
technology. Aguiar et al. [S8] surveyed blockchain-based discusses blockchain challenges, and Section VI surveys the
strategies for healthcare applications. They analyzed the different blockchain technology solutions for the challenges
tools employed by industries in that area to construct in various sectors. Section VII discusses open issues and
blockchain networks. The paper also discussed privacy potential future research directions. Finally, Section VIII
techniques and access control employed in healthcare concludes the paper.
records using case scenarios for monitoring patients in
TABLE I
COMPARISON OF RELATED SURVEYS
Article Year Focused on Security Classification Opportunities Applications Solutions Security
Attacks tools
[S1] 2016 Proposing a secure, private, and lightweight Yes No No No Yes No
architecture for IoT based on blockchain
technology
[S2] 2017 Introducing preliminaries of blockchain and No No No Yes No No
security issues in blockchain
[S3] 2018 Investigating the challenges in IoT Yes No Yes Yes No No
applications integrated with blockchain.
[S4] 2019 Blockchain-based solutions for security No No No No Yes No
issues.
[S5] 2019 Blockchain applications in cybersecurity No No No Yes No No
[S6] 2019 Privacy issues caused by the integration of Yes Yes No No No No
IoT with blockchain
[S7] 2019 Surveying existing blockchain protocols Yes Yes No Yes Yes No
used with IoT
[S8] 2020 Applications of blockchain in the healthcare No No No No Yes No
domain
[S9] 2020 Exploring the attack surface of the public No Yes No Yes Yes No
blockchain
This 2020 All of the above Yes Yes Yes Yes Yes Yes
Survey
[19] examined decentralized personal data management in
II. BLOCKCHAIN FACTORS and ISSUES the context of personal data privacy concerns.
This section discusses the key factors and issues related to 2) Consensus Model: Consensus refers to agreement
blockchain implementation in smart networks, including among entities [20], and consensus models help
existing solutions and recommendations. decentralized networks make unanimous decisions. This
allows for all records to be tracked from a single authority.
A. ELEMENTS IN BLOCKCHAIN AND RELATED Blockchain technology requires consensus algorithms to
CONCERNS ensure that each next block is the only true version; that is,
1) Decentralization: In blockchain technology, the algorithms ensure that all nodes agree that each new
decentralization entails dispersing functions throughout a block added to the blockchain carries the same message.
system rather than having all units connected with and Consensus models guarantee against “fork attacks” and can
controlled by a central authority; in other words, there is no even protect against malicious attacks [21]. The three main
central point of control, and this absence of centralized features of consensus models are as follows:
authority in a blockchain is what makes it more secure than  Consistency- this protocol is safe and consistent when
other technologies. Each blockchain user, called a miner, is all nodes produce the same output.
assigned a unique transaction account, and blocks are added  Aliveness- the consensus protocol guarantees aliveness
once the miners are validated. The decentralized nature of if all participating nodes have produced a result.
the data records used in blockchain technology exemplifies  Fault tolerance- the mechanism delivers fault tolerance
its revolutionary quality; blockchain networks use consensus for recovery from failure nodes.
protocols to secure nodes. In this way, transactions are
validated and data cannot be destroyed. While the 3) Transparency and Privacy: The most appealing aspect
decentralized nature of networks allows for peer-to-peer of blockchain technology is the degree of privacy it offers,
operations [16], it also poses major challenges to personal but this can create some confusion regarding transparency.
data privacy [17]. Gai et al. [18] surveyed some of these Blockchain networks periodically (i.e., every 10 minutes)
security and privacy issues, which include threats, malicious self-audit the digital value ecosystems that coordinate
adversaries, and attacks in financial industries. Zyskind et al. transactions; one set of these transactions is called a block,
VOLUME XX, 2017 1
Access
and this process results in two properties: transparency and Open-source applications help users adopt new
impossibility of corruption. In a blockchain, the identity of technologies. One of the main features of such applications,
the user is hidden behind a strong cipher, making it as emphasized by Buterin [23], is an open-source license
particularly difficult to link public addresses to individual model and government mechanism that enables changes in
users. The question thus arises of how blockchain can be public ledger currency platforms or blockchain applications.
regarded as truly transparent [22]. Tech giant IBM has helped evolve open-source technologies
Blockchain is already regarded as a powerful technology by promoting projects such as Linux Foundation’s
[23]. It organizes interactions in such a way that greatly Hyperledger Composer; regarding enterprise ecosystems,
improves reliability while also eliminating the business and MentaGo provides a blockchain solution for financial
political risks associated with managing processes through systems and SXSW uses Hyperledger fabric and IBM
central entities, thus reducing the need for trust. Blockchain [27][28].
networks create platforms that can simultaneously run 6) Anonymization: Anonymity is one of the most
different applications from different companies, enabling important elements (shown in Fig. 2) in blockchain
seamless and efficient dialogue and the creation of audit technology for maintaining the privacy of transactions in
trails through which everyone can verify that everything is networks, but ensuring anonymity is difficult because the
being processed correctly. blockchain ledger is public. Each user generates an address,
4) Identity and Access: Blockchain is a secure distributed and there is no mechanism for keeping user information
ledger technology (DLT) that has taken on a new role in private. This is why Bitcoin is considered pseudo-
recent years. Jacobovitz et al. [24] discussed the state of the anonymous: users can be linked with their public addresses,
art in blockchain technology, applications, and solutions but it is not possible to learn their actual names or addresses
regarding identity management. Taking identity and access [29]. Möser [30] presented an article on the anonymity of
control to the next level and investigating whether the use of Bitcoin transactions in which a special Bitcoin mixing
blockchain technology improves the management of device service was proposed that could complicate or confuse
ID comprises one of the priority security projects of Sentara originating Bitcoin transaction addresses and thereby
Healthcare, and Virginia and North Carolina are connected increase anonymity. The main security concern with
via an integrated distribution system [25]. According to blockchain is that public keys and transactions must not
industry expert Jeremy Kirk, there are currently six ongoing reveal real identities.
projects addressing how blockchain could make it easier to
manage identity: Hyperledger Independent, Civic, Sovran, B. BLOCKCHAIN PARTICIPANTS AND RELATED
Evernym, Alastria, and uPort. CONCERN
The three main criteria related to blockchain identity and Blockchain networks allow participants to reach consensus,
accessibility are public or less authorized, private or and they also store data that can be accessed by all
authorized, and consortium. Pilkington [26] presented the participants. Here, we discuss the different roles of
main distinction between public and private blockchain blockchain network participants.
technologies and discussed the foundations and disruptive 1) Blockchain Users: Users operate in blockchain
nature of blockchain technology. Public blockchains are networks, and their numbers have increased exponentially
completely open and allow anyone to join the network; they since 2011, according to Blockchain.info. This statistical
are designed to reduce intermediaries so that more portal also reported that the number of blockchain users was
participants can join. By contrast, private blockchains expected to reach 50 million by the end of 2020 [31]. There
restrict network privileges; participants need permission to is a privacy issue facing blockchain users in the network.
join and the access control mechanism can change.
5) Open Source: With distributed and closed-source Decentralized
applications, users must trust the applications, and they
cannot access any data from central sources. It is possible to
launch decentralized closed-source applications and achieve Autonomy and Consensus
desired results, but doing so would have catastrophic anonimity model
consequences. This is a major reason that participants prefer
decentralized open-source applications, with relevant
platforms including Ethereum, Bitcoin cash, Litecoin, and Blockchain
Dash. Sidechain-capable blockchain platforms provide Elements
powerful benefits developed by community members such
as Transparency
Identity and
 flexible configurations: no risk in multi-block access
reorganization and enables rapid transactions,
 confidential transactions: leveraging stability,
 federated two-way peg: issuing multi-transferrable
Open source
assets on single blockchains, and
 multiple assets issuance: secured by a federation of
parties with aligned incentives.
FIGURE 2. Blockchain Elements.
VOLUME XX, 2017 1
Access
2) Blockchain Regulator: Achieving overall authority in Events: Generates notifications about important actions in
business networks may require broad access to ledger the blockchain (such as new blocks) as well as notifications
contents. Kakavand et al. [32] presented an in-depth analysis related to smart contracts with no event distribution.
of the current regulatory landscape of distribution System management: Provides the ability to create, change,
technology, and Yeoh [33] discussed the regulatory issues and monitor blockchain components.
involved with blockchain technology. He addressed the key Wallet: Securely manages security credentials.
regulatory challenges associated with innovative distributed System Integration: Is responsible for integrating
blockchain technology across Europe and the United States. blockchains in a bidirectional manner with external systems.
3) Blockchain Developer: Developers design both the
applications and the smart contracts used by blockchain Summary and insights
users. There are significant market opportunities for Section II has discussed the security concerns and benefits
developers to cryptographically ensure the accuracies of the of blockchain elements, such as decentralization, which pose
ledgers at the hearts of cryptocurrencies. Nordrum [34] major challenges for data privacy and transparency and lead
presented a time frame for blockchain developers and to confusion in the network. In addition, the open-source and
described that developers have limited software tools with anonymous nature provide flexible configuration,
which to build secure blockchain ledgers. confidentiality, and privacy in transactions. We have also
4) Certificate Authority: This manages the heterogeneous discussed the security concerns of blockchain participants
certificates needed to run a permissioned blockchain using a and components.
trusted third party; Bitcoin and Ethereum are examples of
permissioned blockchains. The authority authorizes the III. ATTACKS
limited set of legitimate readers or writers [35]. The main
issue in blockchain networks is trust. To address the issue of In this section, we present different blockchain network
trust, blockchains distribute ledgers among many servers applications and attacks as well as future opportunities in
under different control authorities, but there is still a various sectors. For this subsection, we surveyed real
bootstrap problem associated with finding initial ledgers blockchain attacks that commonly occur. We also referred to
[36]. Li et al. [37], who discussed blockchain attacks and security
risks. Here, we discuss some of these attacks in further detail.
C. BLOCKCHAIN COMPONENTS
Fig. 3 shows many of the essential components of a 1) Liveness Attack: Kiayias and Panagiotakos [38] stated
blockchain. Detailed descriptions of each component are as that these attacks can delay the acknowledgment times of
follows: target transactions, and presented two examples of such
Ledger: Contains the current world state of the blockchain attacks against Bitcoin and Ethereum. The liveness attack
transactions. proceeds in three stages: preparation, transaction denial, and
Smart Contract: Encapsulates the business network blockchain delay [39]. This attack delays the transaction
transactions into code. A transaction call causes the ledger confirmation time. In the preparation phase, the attacker tries
state to be retrieved and set. to gain a potential advantage against honest players to build
their private chain. Next is the transaction denial phase, in
System Blockchain which the attacker attempts to delay the genuine block that
management users contains the transaction, and when the attacker decides the
delay is unconvincing, they proceed to the blockchain render
Blockchain phase, where they try to decrease the rate at which the chain
Wallet regulator transaction grows.
2) Double Spending Attacks: This problem is generated

Blockchain
when one successful transaction is duplicated with the same
Components
System Membership funds; it represents a potential flaw in digital cash, as the
integration
same digital token can be spent two times when such an
attack occurs. It is impossible to avoid double-spending,
even though the blockchain consensus mechanism validates
Smart Events all transactions [40]. The authors of a research study by the
contract Bank of Canada said that “if a miner controls more than half
Ledger of computational capacity amongst all miners, in theory,
loses their power to control double spending incentives. A
FIGURE 3. Blockchain Components. malicious miner can do this or dishonest who creates a larger
arrival rate than the sum of all other legitimate or honest
Consensus network: A set of data and processing peers that miners” [41] [42]. Attacks related to double spending
continually maintain the replicated ledger. include race, Finney, 51%, and Vector 76 attacks.
Membership: Manages identity and transactional certificates
and other aspects of access rights. 3) 51% Vulnerability Attack: Blockchains rely on
distributed consensus mechanisms to establish mutual trust.
VOLUME XX, 2017 1
Access
However, there is a 51% vulnerability in the consensus computing power or obtain unearned rewards. Such
mechanism that an attacker can exploit to control the entire attackers attempt to fork the private chain by making the
blockchain. Specifically, in a PoW-based blockchain, if a discovered block private [53], then self-employed miners try
single minor hash function occupies more than 50% of the to maintain a longer private branch than the public branch to
entire blockchain's total hash function, a 51% attack may be dig through this private chain and personally hold more
initiated. Thus, if the mining power is concentrated in newly found blocks; during this time, honest miners
several mining pools, unexpected situations can arise, such continue to dig in the public chain [54]. As the public
as a case in which a single pool controls more than half of domain approaches the length of the private branch, the new
all computing power. For example, in one real case, the block mined by the attacker is revealed, thus wasting honest
mining pool “ghash.io” accounted for more than 42% of the miners’ computing power and keeping them from earning
total bitcoin mining power. The fact that a single mining what they should earn. As a result, the selfish miners gain a
pool represented such a high proportion was a serious competitive advantage over real miners [55]. By further
concern, and many miners dropped out of the pool [43]. By strengthening attackers’ mining rights, these attacks
starting a 51% attack, an attacker can arbitrarily manipulate undermine the intended decentralized nature of blockchain
and change blockchain information and perform the technology.
following actions [44], [45]:
 reverse the transaction and initiate a double- 7) DAO Attack: Decentralized autonomous organizations
spending attack (DAOs) have been used as venture capital funds for crypto
 exclude and specify transaction orders and distributed spaces because the lack of centralized
 obstruct the general mining operations of other authority minimizes costs and provides investors with more
miners control and access. The cost savings coding framework in
 impede the verification of normal transactions the absence of central power was developed by the German
startup Slock.it as an open-source platform for building
4) Private Key Security Attack: A private key allows smart locks, but it was fully deployed underneath and
individuals to access funds and verify transactions; it is only distributed to "The DAO,” a member of the Ethereum
created once and cannot be recovered if lost. Malicious community [56] [57].
actors perform a variety of actions to steal cryptocurrency by Ethereum deployed DAO as a smart contract in 2016 on
targeting key custodial services because cryptographic keys a crowdfunding platform. The DAO contract was assaulted
are particularly attractive targets. An attacker who has after being deployed for 20 days. It had raised approximately
discovered vulnerability in an elliptic curve digital signature US$120 million before the attack, and the attacker stole
algorithm can recover a user's private key, and if a private around $60 million, making it the largest attack on the
key is stolen, it is difficult to track any related criminal Ethereum consensus model. In this case, the attacker
activity and recover the relevant blockchain information [46- exploited reentrant vulnerability. First, the attacker exposed
49]. FireEye Threat Intelligence has detected several a malicious smart contract with a callback function,
prominent crimeware families with this functionality: Dridex, including the DAO’s withdrawal function call. Withdraw ()
Terdot, IceID, SmokeLoader, BlackRubyRansomware, and sent Ether to the called party, and this also occurred in the
Corebot. form of a call. Therefore, the malicious smart contract's
callback function was called again. In this way, an attacker
5) Transaction Privacy Leakage: Because user behavior was able to steal all the Ether from DAO. Smart contract
in blockchains is traceable, a blockchain system must take vulnerabilities have been exploited in other cases as well
some measures to protect users’ transaction privacy. [58].
However, some leakage of confidential information such as
cryptographic keys can still occur, leading to the potential 8) BGP Hijacking Attack: The Border Gateway Protocol
for people to commit real-world crimes. For instance, (BGP) is used to share routing information networks on the
Bitcoin and Zcash use a one-time account to store received internet, which specify how IP packets are forwarded to their
cryptograms, and users must also assign a secret key to each destinations. An attacker can intercept the blockchain
transaction. In this way, an attacker cannot infer whether the network by manipulating the BGP, after which data can be
same transaction has involved a password violation by routed and the traffic can be modified to the attacker’s favor
another person. Moreover, an attacker cannot infer the actual [56].
coin's linkage consumed by the transaction because the user Apostolakiet al. [59] considered small- and large-level
can include several chaffcoins (called “mixins”) when attacks targeting individual nodes or the whole network and
starting the transaction [50]. their impacts on Bitcoin. Due to the increased concentrations
Wallet privacy leakage can also occur, where common of some of Bitcoin’s mining pools, BGP hijacking represents
bitcoin wallet operations leak some user information [51]; a major vulnerability; an attacker can effectively divide the
this leakage has been exploited in the past. Paul Fremantle et Bitcoin network and slow the block propagation speed. As
al. [52] proposed an architecture for IoT security and privacy stated by Dell SecureWorks in 2014, BGP hijacking
that resolves the leakage issue. intercepts connections to the Bitcoin mine's mine pool server
[60].
6) Selfish Mining Attack: Selfish mining attacks are
committed by some miners to waste legitimate miners’
VOLUME XX, 2017 1
Access
9) Balance Attack: For a balance attack, an attacker challenges, such as data privacy and tracking concerns for
simply introduces a delay between valid subgroups with the phones and cars. In addition, voice recognition is being
same mining power, then executes the transaction in one of integrated to allow devices to listen to conversations to
these subgroups. Next, the attacker mines enough blocks in actively transmit data to cloud storage for processing [68-70].
other subgroups to ensure that the subtree of the other 4) Redundancy: Expensive duplication for the purpose of
subgroup is more important than the transaction subgroup. eliminating the arbitration that allows each node of the
Even if a transaction is not committed, an attacker can create network to have a copy of every transaction. However, it is
a block with such a transaction that has a high probability of both financially and legally illogical to have redundant
exceeding the subtree that contains this transaction. brokering; banks are not willing to perform every transaction
with every bank or complete other banks' transactions. Such
10) Sybil Attack: This attack destroys the reputation duplication only increases costs while providing no
system in a computer security system by forging an identity conceivable benefits [71].
in the peer-to-peer network. If nodes are required to prove 5) Regulatory Compliance: Blockchains exist regardless of
their identities before joining the network, as is the case in the law, and government authorities do not necessarily
permissioned or private blockchains, they will not be able to change how they do their jobs in response to the existence of
forge identities. Soska and Christin (2015) proposed the blockchains. Applying blockchain technology in the legal
“Beaver” system, which protects users’ privacy while and financial sectors in non-Bitcoin currencies creates
resisting Sybil attacks by charging fees [61]. regulatory challenges, but infrastructure regulation is very
similar to blockchain regulation [71]. Yeoh [72] discussed
Summary and insights the key regulatory issues affecting the blockchain and
This section discusses different attacks on the blockchain innovation distributed technology that has been adopted
network. We address the liveness attack, which delays the across Europe and the United States.
transaction confirmation time; double-spending attacks, 6) Criminal Activity: Bitcoin-enabled third-party trading
which duplicate the transaction funds; 51% vulnerability platforms allow users to purchase or sell a wide variety of
attacks, where adversaries can exploit more than 50% in the products. These processes are anonymous, making it
consensus mechanism; and private Key security attacks, in difficult to track user behavior and impose legitimate
which an attacker discovers a vulnerability in the elliptic sanctions. Criminal activity involving Bitcoin frequently
curve digital signature used in encryption methods, privacy involves ransomware, underground markets, and money
leakage, and self-mining. Other attacks are also explained in laundering [73]. Some underground markets that operate
detail. online trade as Tor hidden services use Bitcoin exchange
currency, thus making blockchain availability uncertain
IV. BLOCKCHAIN SECURITY ISSUES because of criminal activity. Table II lists the top 10 item
1) Transaction Malleability: During contracted transactions, available categories [74].
the agreement does not immediately cover all the 7) Vulnerabilities in Smart Contracts: When a program is
information in the hashed transaction; therefore, it is rare but executed in a blockchain, a smart contract can have security
possible for a node to change a transaction in the network in vulnerabilities caused by a flaw in that program. For
such a way that the hash is not validated. Christian Decker instance, the authors of one study found that “8,833 out of
and Roger Wattenhofer defined transaction malleability as 19,366 Ethereum smart contracts are vulnerable” to bugs
when transactions are intercepted, modified, and rebroadcast, such as “(i) transaction-ordering dependence, (ii) timestamp
thus leading the transaction legal entity to believe that the dependence, (iii) mishandled exceptions, and (iv) reentrancy
original transaction was not confirmed [62] [63]. vulnerability” [73]. Table III presents the different
2) Network Security: An eclipse attack occurs when an vulnerabilities present in smart contracts as well as detailed
opponent controls pieces of network communication and causes of these vulnerabilities. Atzei et al. proposed a
logically divides the network to increase synchronization taxonomy of vulnerability and categorized the different
delay [61]; an example is a simple denial of service attack to types of vulnerabilities into levels that represent the
improve selfish mining and double-spending [65] [66]. In vulnerabilities: solidity, Ethereum Virtual Machine (EVM),
eclipse attacks, an attacker selects and hides information and blockchain [87]. The vulnerability causes contract issues
from one or more participants, potentially by delaying the with codifying, security, privacy, and system performance,
delivery of blocks to a node. including blockchain scalability.
3) Privacy: Privacy and confidentiality are still major
concerns with blockchain transactions because each node Summary and insights
can access data from another node, and anyone viewing the This section discusses the security issues associated with
blockchain can see all transactions [67]. Studies have blockchain in terms of transaction malleability. This
suggested various ways to overcome this problem, but these malleability is caused because information is not
methods are only practical for specific applications, and they immediately covered in the hash transaction. This section
do not cover all issues. Due to the enormous number of data also discusses the issues with network security where DoS
transmissions, communications involving important data in attacks are possible, privacy and confidential effects due to
the network might be attacked by some adversaries through MitM attacks, criminal activities involving unauthorized
attacks such as the man-in-the-middle (MitM) attack and the third parties, and smart contract vulnerabilities, as listed in
DoS/DDoS attack. IoT poses many unique privacy Table III, caused by flaws in programming codes.
VOLUME XX, 2017 1
Access
TABLE II
ITEMS AVAILABLE THROUGH CRIMINAL ENTERPRISES
Category Number of Percentage Related Information and Title Money Reference
Items (%) Seized
Weed 3338 13.7 “From Seeds to Weed, Bitcoin Finds Home Where Commerce Goes $141.8 [75] [76]
Gray” (https://www.coindesk.com/bitcoin-atms-gray-areas) Billion
Drugs 2194 9.0 “Blockchain in Action: Derailing Drug Abuse & Prescription Drug $72 [77] [78]
Fraud” (https://blockchain.wtf/2018/06/series/blockchain-in- Billion
action/derailing-drug-abuse/)
“Tracing Illegal Activity Through the Bitcoin Blockchain To
Combat Cryptocurrency”
(https://www.forbes.com/sites/rachelwolfson/2018/11/26/tracing-
illegal-activity-through-the-bitcoin-blockchain-to-combat-
cryptocurrency-related-crimes/#18aa339b33a9)
Prescriptions 1784 7.3 “Bitcoin: Economics, Technology, and Governance” [77] [79]
(https://pubs.aeaweb.org/doi/pdfplus/10.1257/jep.29.2.213) [80] [81]
“Blockchain Aims to Curb Prescription Drug Abuse”
(https://hackernoon.com/blockchain-aims-to-curb-prescription-drug-
abuse-47fc9cc66379)
Benzodiazepi 1193 4.9 A class of psychoactive drugs $3.6 [80]
nes Million
Cannabis 877 3.6 “Blockchain for Crime Prevention in the Legal Cannabis Space” [82] [83]
(https://investingnews.com/innspired/blockchain-crime-prevention-
legal-cannabis-space/)
Hash 820 3.4 “The Future of Blockchain technology and cryptocurrencies” [73] [84]
(https://skemman.is/bitstream/1946/30832/1/The%20future%20of%
20blockchain%20technology%20and%20cryptocurrencies.pdf)
“The Dark Side of Bitcoin” (https://blog.blockonomics.co/the-dark-
side-of-bitcoin-illegal-activities-fraud-and-bitcoin-360e83408a32)
Cocaine 630 2.6 “How the Feds Took Down the Silk Road Drug Wonderland” [85]
(https://www.wired.com/2013/11/silk-road/)
“Heroin, Cocaine and LSD Sales Transactions Were Stopped Using
Digital Currency BitCoin”
Pills 473 1.9 “Drug Dealers Are Using BitCoins to Fund the Flooding-Fatal $10 [81] [86]
Fentanyl Waves in Foreign Countries” million
“From the Dark Side of Bitcoin: Misusing Cryptography”
(https://99bitcoins.com/the-dark-side-of-bitcoin-misusing-
cryptography/)
TABLE III
SMART CONTRACT VULNERABILITIES
Vulnerability Cause Smart Contract Level Reference
Call to the unknown Call to the unknown Ethereum Solidity [87]
Gasless send The recipient contract’s fallback function Ethereum Solidity [88]
send is invoked
Field disclosure Selfish miners published their private Bitcoin Solidity [89]
chain completely.
Exception disorder Inconsistent in terms of exception Solidity [90]

handling while the call contract will not
recognize errors that occur during
execution.
Reentrancy A call that invokes back to itself through a Ethereum Solidity [90]
chain of calls.
Dangerous Delegate DELEGATECALL opcode is identical to Wallet contract, Solidity [90] [91]
Call the standard message call Ethereum
Time stamp dependency Vulnerability favoring a malicious miner Blockchain [92]

by changing timestamp of StartTime,
EndTime
Block number block.blockhash function associated with [90]
dependency block.number as parameters for random
number is being manipulated
Freezing ether Freezing ether contract i.e., no Wallet contracts [90]
transfer/send/call/suicide code within the
current contract itself to transfer ether to
other address
Immutable bug Altered contract that cannot be patched. EVM [93]
Ether lost in transfer Ether sent to an orphan address that did Cryptocurrency, Ethereum EVM [93]
not belong to any particular contract or
user
Unpredictable state User cannot predict the state of contract if Blockchain [87]
he or she invokes the particular
transaction
VOLUME XX, 2017 1
Access
Randomness bug Biasness behavior of malicious miner by Blockchain [93]

arranging their blocks to influence the
outcome
V. OTHER CHALLENGES  decision-making processes.

1) Unclear Terminology: The limited talent pool available 4) Lack of Technical Clarity: Given the ledger's
for blockchain technology has increased the needs (both real decentralized nature and its function as a constant record,
and perceived) for regulatory agencies to ask industry establishing clear governance rules is important for both
experts to explain the technology and any related concerns. authorized and unauthorized ledgers [104-109]. Part of the
These needs, along with all the potential consequences of likely challenge with this governance is the result of
false risk analysis and its tendency to underregulate, greatly selecting a ledger outside the contract that defines the
increase the risk of capture by regulators [94] [95]. In fact, participants’ use conditions and responsibilities. Further, as
even just the terms “DTL” and “blockchain” are confusing. part of off-ledger contracts and depending on the user’s
In short, there is a general lack of technical understanding status, certain rights may not be automatically granted to the
among consumers, business firms, and authorities [96-98], ledger user. This involves establishing procedures for
including in areas such as specific aspects of governance, such as user identity
verification, as well as establishing processes for disputing
 the blockchain job market, arbitration and applicable laws. It is also necessary to select
 DTL, a method of error correction for when incorrect data need to
 smart contracts that require that the business logic be added to the ledger or a transaction needs to be canceled.
nature in ledgers be automatically executed, Specifically, with anonymous users, all approaches should
focus on regulatory compliance as it relates to customer
 knowing where to look to find the necessary talent,
knowledge and anti-money laundering processes.
and
5) Regulation Uncertainty: Understanding how
 investing in blockchain jobs regardless of the
blockchain affects specific regulations in a wide range of
demand for new talent.
regulatory environments is an important element of the
development and deployment of any DLT solutions. In 2016,
2) Risk of Adoption: Even if there are expected economic
the company Deloitte and the Smart Contracts Alliance
benefits, the adoption and implementation costs of
highlighted regulatory standpoints, approval, functions, and
DLT/blockchain for existing projects can quickly become
impacts regarding blockchain technology [102] [110]. New
substantial. This is particularly true for existing customers
technology standards can be decisive, particularly with
with IT systems or processes that have been written to
respect to the tightly regulated financial sector. According to
comply with current standards, which may require costly
Lamarque et al. [111], approximately 80% of blockchain
redesigns [99]. The operational costs associated with
technology focuses on business processes, while the
adopting DLT/blockchain remain unclear. Still, in the short
remaining 20% focuses on technology. This imbalanced
term, certain back-office processes cannot be easily removed
focus on the finance sector poses significant challenges for
or replaced with DLT/blockchain solutions [100] [101]. For
regulators attempting to decide when to intervene [112].
the development of blockchain in the capital market,
industry participants must consider four immediate actions:
 Regulatory bodies need to develop better
 evaluating the business impact and planning for the
understandings of ledger activity.
long term,
 Regulatory uncertainty generates platform, price,
 participating in the relevant consortium and
and novelty risks.
working with regulators,
 Regulators must ensure that innovation is not
 identifying and capturing internal ledger
suppressed while simultaneously protecting the
opportunities, and
end-user privileges.
 implementing post-trade and manual processes 6) Interoperable Implementations: To realize all the
(required). benefits of DLT/blockchain, ledgers must be able to
3) Economic Impact: in many cases, it is unclear whether exchange information with other ledgers and existing IT
blockchain will be an improvement over centralized systems systems, and it is unclear whether large companies are
in terms of performance, throughput, scalability, security, prepared to reorganize their existing operating procedures in
and privacy [102]. In addition, DTL faces challenges both the short and medium terms [104-106] [113-116]. One
involving economic scaling, high transaction costs, and long author emphasized the potential risk of inconsistent
verification times. Besides, until a proof of concept is tried developments in technology, which can lead to fragmented
and tested, there may be uncertainty about which use cases markets [100]. Some authors have promoted enabling
are viable and realistic. If DTL/blockchain is not widely seamless interactions between blockchain technology and
adopted, it will not be easy to clearly assess its broader legacy systems. Meijer and Carlo [116] highlighted some
economic impacts over the medium to long term [103]. implementation standards:
Three areas in particular require further investigation:
 intensified conversation
 organizational incentives and costs,
 concern about interoperability and competition in
 market environment (how cryptocurrencies are fragmented blockchains
affected by demand and competitors), and
VOLUME XX, 2017 1
Access
 common interoperability standards for different Summary and insights

protocols, applications, and systems in areas such This section has discussed some more fundamental
as cryptographic standards, interoperability challenges that may be encountered when dealing with
standards, scalability parameters, and regulatory blockchain technology, such as the unclear terminology that
standards is still prevalent in some regulatory agencies. Some
7) Maintaining Data Privacy: Organizations should be technical understandings are clear, such as risk adoption in
cautious about the integrity and security of the data stored in the capital market industry and the economic impact in
ledgers, including both transaction data and data on the many cases, yet blockchain remains unclear in terms of
ledger’s own activity [104] [106] [119] [118]. Organizations performance, scalability throughput, and security. In
need to ensure that only people with the appropriate addition, there is a lack of technical clarity with clear rules
permissions can access the data and that any access complies from the government, and the common interoperability
with general data protection laws [117] [118]. Lamarque implementation standard and maintaining data privacy are
[112] argued that regulatory and legal intervention may be also big challenges.
necessary to ensure that DLT/blockchain implementations
can have meaningful and specific impacts. VI. EXISTING BLOCKCHAIN TECHNOLOGY SOLUTIONS
8) Ensuring Encryption: While blockchains can provide
encryption opportunities, such as having multiple copies of a This chapter discusses some existing blockchain solutions
book in the event of a cyberattack or computer failure, the that have been proposed in different sectors. This survey
development of access and management rights to multiple focuses on the basic theory, key attributes, features, and
nodes represents a potential security risk, as there must be limitations of existing studies on blockchain solutions.
“backdoors” through which the system can be attacked [101].
Confidence in systems, verifying other users' integrity in the A. HEALTH CARE
distributed general ledger, and consistent transaction Linn and Koo [124] identified simple yet robust uses of
security are some of the key challenges in increasing blockchain for storing patients’ health data; these systems
DLT/blockchain adoption [119] [120]. Some authors have allow each patient’s entire health history to be stored on an
suggested that nodes in distributed ledgers need to be able to individual blockchain. The data are primarily stored in data
view transaction data, even though IDT can be effectively lakes that allow for simple querying, advanced analytics, and
encrypted in DLT/blockchain to validate the data. This machine learning [125-133]. Data lakes are simple tools for
presents a potential data privacy protection issue in certain warehousing many types of data; each user’s blockchain
cases of permission-less ledgers. serves as an index catalog that contains a unique user
9) Energy-Intensive: DLT/blockchain has attracted identification number and an encrypted link along with
substantial interest from technology firms, financial timestamps to indicate the latest data modifications.
institutions, and other user communities. One issue with Alhadhrami et al. [134] also discussed how blockchains
such technologies is that the ledgers are significantly more could be used in the health care sector to maintain, validate,
energy-intensive than centralized legacy systems [101] [104] and store data, primarily data involving consortium
[121]; Bitcoin blockchains, for instance, are highly energy- blockchains. These are permissible blockchains in which
intensive [122]. Bitcoin uses PoW, or the number of CPU both the node owner and the miners have access control.
cycles a system has devoted to mining, and this is likely to Consortium blockchains work on the theory of consensus for
represent a significant problem for future scaling that can be an optimum number of validations to ensure data accuracy.
planned for and managed. Lamarque [111] explained that Patel [135] discussed the development of a cross-domain
blockchain systems require considerably more energy to run image-sharing blockchain network that allows for the
than centralized ledger systems for a number of reasons: sharing of patients’ medical and radiological images based
 more network nodes requiring unpredictable energy on a consensus blockchain. The author’s system sought
needs consensus among very few trusted institutions to maintain a
 many stakeholders with different approaches to more meticulous consensus in which less effort is needed to
blockchain technologies manage the complex security and privacy module.
 server-side management demand There has always been a trade-off associated with using
 the need for effective cost-estimation mechanisms the ISN (image sharing network) developed by the
10) Ambiguous Smart Contract Execution through Radiological Society of South America and using the
Blockchain: There is a lack of clarity regarding whether proposed image sharing blockchain where the ISN uses a
smart contracts have been fulfilled and whether their terms central authority or clearinghouse to maintain many types of
can be expressed, which can limit the terms to the binary incoming and outgoing access. It is also a strict network for
determination of whether or not the contract has been following the average concurrency and security protocol.
fulfilled [123]. Charles Brennan and William Lunn However, this image-sharing blockchain is an open network
described how the Ethereum hack was implemented in that can be much more vulnerable to forced attacks; the only
DLT/blockchain and revealed certain flaws in smart way to secure each node's URL endpoint is to guarantee the
contracts [120]. Many of the challenges associated with secrecy of the private keys used to access the blockchain.
smart contracts stem from the lack of clarity and diverse Therefore, we concluded from that study that there can be
definitions in the contracts themselves, rather than the use of several proper use cases for sharing highly sensitive data in
DLT or blockchain technology. decentralized environments. However, the security model
VOLUME XX, 2017 1
Access
that relies on the nodes still appears to be quite complex, proposed an access control policy algorithm for improving
based on the Federal Policies and motions of the GDPR medical data accessibility between healthcare providers.
policies. Tripathi et al. [139] proposed a new approach for a smart
Mettler [136] reported that there are three basic sectors of healthcare system named S2HS to provide intrinsic security
blockchain health care technology: smart health care and integrity of the system. In this paper, two-level
management, user-oriented medical research, and the blockchain mechanisms are used for internal and external
prevention of drug counterfeiting. In the industry of smart entities of the healthcare system. This mechanism provides
health care management, the author discussed the Gem isolation among different entities with consistency and
Health Network, which gives providers detailed views of transparent flow in a secured and privacy-preserved manner.
their patients’ current medical statuses. Medical record Kumar et al. [140] performed the simulation and
analysis of this type leads to the creation of an ecosystem implementation of a novel healthcare design using the
that can elucidate even the past records of a patient by healthcare 4.0 process. This work has explored an
transparently reducing all merit costs. Moreover, medical optimization algorithm that improves the performance of the
experts can keep track of stakeholders' activities, such as healthcare system. The proposed method integrated the
visits to physicians and health centers, to follow their simulation-optimization process with the proposed approach
treatment tracks. Such systems can contribute to insurance and improved the performance of industry 4.0 networks and
claims being settled faster, and the same would happen if the overall system.
patients were to grant insurance companies access to their
relevant records. B. TRANSACTION SECTORS
Liang et al. [137] discussed the growing demand for
health care devices and wearable technology along with the Oh and Shong [141] provided a survey report on how
challenges associated with storing and maintaining patients’ blockchain technology can be used in the financial sector
records; blockchain is a far more secure and optimized way and how it is gaining popularity. They also defined many
of maintaining these records. The wearable devices are use cases. Blockchain in the financial industry is not
linked to a cloud database or network wherein all the user’s substantially more technically significant than the predefined
data are stored. Because vast amounts of data are stored in databases, but the blockchain is far superior in terms of data
this way, they are stored in batches in a Merkle tree, thus storage reliability. In the present structure with central
allowing for efficient data processing. Table IV summarizes authorization, if at any point a database fails, then the entire
the existing research solutions that have been proposed for system fails, and the data can be improperly accessed and
smart health care environments using blockchain technology. modified. However, in blockchain, such scenarios are rare
Tanwar et al. [138] have suggested how blockchain because transaction data are always safe: there is no single
technology led to improve transactions involving medical point of failure in blockchain. The authors also provided a
records in healthcare 4.0 applications. The significant comparative analysis of public, private, and consortium
advantage of using blockchain in healthcare is that it can blockchains.
reform the interoperability of healthcare databases,
accessibility to patient medical records, prescription
databases, and device tracking. Moreover, the authors have
TABLE IV
HEALTHCARE SOLUTIONS FOR BLOCKCHAIN SYSTEMS
Reference Proposed Scheme Basic Theory Attributes Other Features Limitations
Linn and Koo, Secure way of storing Secure storage of many Efficiency, Provides latest accurate Storage and data
2017 [124] and exchanging health types of medical data authenticity, data for many types of throughput, interoperability,
care data using helpful for in-depth availability health care research lack of data privacy
blockchain research
Alhadhrami et Different kinds of Pros and cons of different Availability, Provides optimum Lack of technical details,
al., 2017 [134] blockchains for blockchains for health efficiency, validity, number of validations for ambiguous proposed
validating and storing care data privacy maintaining accuracy scheme
health care data
Patel, 2018 Cross-domain image- Using the consensus of Authority, privacy Designed for extreme Lack of relevant merits for
[135] sharing blockchain trusted organization by level of privacy and large-scale implementation.
system considering GDPR security of medical No experimental results.
policies images
Mettler, 2016 Addresses the basic Usage of Blockchain Effectiveness, Looking for past details to Unclear methodology
[136] sectors of blockchain sectors and its cost-saving solve the problem in the
technology effectiveness easiest way
Liang et al. 2017 Maintaining electronic User-centric system Privacy, More responsibility for Limited health data sharing.
[137] health records using where user has all rights robustness, the user Scalability issue.
blockchain for sharing information integrity
Tanwar et al. Blockchain-based EHR Utilizing the blockchain Latency, Improving current Required Testbed
2020, [138] system for health concept and implementing Throughput, round limitations of healthcare environment, limited rounds
application 4.0 version permission-based HER trip time system such as efficiency
system with the use of and security
chaincode concept.
VOLUME XX, 2017 1
Access
Tripathi et al. Proposes a blockchain- Applying two-level Privacy-preserved Enable patient-centric No experimental
2020, [139] based SHS framework blockchain mechanism, healthcare system system, promotes patient performance
to provide intrinsic i.e., private blockchain for mediated communication
security and integrity internal entities and
public blockchain for
internal use in health care
ecosystem
Kumar et al. Smart healthcare Explore optimization Performance Easy data maintenance Implementation on different
2020, [140] design, simulation, and algorithm and improve improvement, data blockchain networks with
implementation using the performance of redundancy, different tools and
healthcare 4.0 process blockchain-based techniques
decentralization system
regulated. Previously, decentralized blockchain technology
Turner et al. [142] discussed how Bitcoin is being was only used in certain areas, but its use has since
leveraged for malicious activities and crimes online. The expanded exponentially in the financial industry; areas such
biggest advantage of Bitcoin is the anonymity of as smart contracts, settlement, remittances, and securities
transactions; all personally identifiable information is hidden have all come to use blockchain on some level. The R3CEV
in the transactions. Bitcoin users have previously been Consortium of Korea, which comprises 16 different banks,
tracked through careful analysis of transaction patterns (for has laid the foundation of certificate authority to authenticate
instance, where stolen public keys are being used). However, transactions. Moreover, transfers of funds that were
the issue that persists here is the usage of dark wallets or previously conducted across banks through gradual gold
Bitcoin Fog, wherein a huge set of transactions involving a transfers have now been reduced and partially replaced by
single piggy bank is released to a destination address at once. cryptocurrency transfers across institutions. Private
Piggy banking blockchain transactions are often maximally distributed ledgers track many types of transactions between
anonymous because it is impossible to track the recipient of trusted authorities. The author also clearly described how the
the transaction. Moreover, if piggy banking is used with the Korean banking sector could incorporate blockchain
Tor browsers, then the entire transaction is completely technology to increase the security and privacy of customer
anonymous, and tracking is impossible. transactions. Table V summarizes the existing blockchain
research solutions in the transaction sector.
Yoo [143] described the use of blockchain in financial
systems where most transactions were previously centrally
TABLE V
BLOCKCHAIN SOLUTIONS IN TRANSACTION SECTOR
Oh and Shong, Evaluation of the suitability Performance-based Robustness, Feasibility study for Not applied to all
2018 [141] of different blockchains for study by using efficiency different financial financial
finance sectors using case comparative institutions institutions
study analysis
Turner et al., 2018 Use of blockchain for illicit Good technology Robustness, Pattern-based behavior Bitcoin address and
[142] activity and how to identify can be used in bad effectiveness during transactions IP address limited
it ways
Yoo, 2017 [143] Development of Evaluate the Privacy, Good recommendations Limited to Korean
decentralized financial effectiveness of security, for finance sectors financial sector
system based on blockchain blockchain efficiency
authority can cause massive damage involving data leakage

C. BLOCKCHAIN FOR PRIVACY AND SECURITY to unauthorized entities. By contrast, in blockchains, data are
Joshi et al. [144] discussed the huge expansion of stored in peer-to-peer networks, and users have complete
blockchain technology with an emphasis on the privacy and discretion over their data, thus guaranteeing complete data
the security of the vast amounts of data involved. security and privacy.
Blockchain transactions in the financial sector tend to be Singh et al. considered the fundamental issues with smart
highly secure and authorized by either the central home applications and presented a secure and efficient smart
commission (in private blockchains) or the consortium of home architecture with which to overcome these challenges
regulating stakeholders (in consensus blockchains). In the [146]. The proposed system also fulfills the security goals of
health care field, patients’ medical data stored in central protecting communication, scalability, ensuring the system's
databases can be vulnerable to leaks, whereas blockchain efficiency, and protecting against a variety of attacks. The
architectures provide patients with full discretion over their proposed architecture incorporates blockchain and cloud
data. computing technology in a holistic solution. Our proposed
Kshetri et al. [145] compared how a cloud service and a model uses the Multivariate Correlation Analysis (MCA)
blockchain operate in terms of data security and privacy. In technique to analyze the network traffic and identify the
cloud storage, it is very clear that data are not being correlation between traffic features to ensure the security of
permissioned, causing vulnerability; data are also managed smart home local networks. The anomaly detection
and accessed by central authorities, and a rogue regulating
VOLUME XX, 2017 1
Access
algorithm is presented for the detection and mitigation of Table VI summarizes the existing blockchain research
DoS/DDoS attacks. solutions for privacy and security.
TABLE VI
BLOCKCHAIN SOLUTIONS FOR PRIVACY AND SECURITY
Joshi et al., 2018 Summarizes the issues Case studies for Privacy, security, Optimum traceability Lack of blockchain
[144] related to privacy and validation and effectiveness, tools distribution
security of blockchain recommendation efficiency and permissions
Kshetri et al., Comparison between Identify the pros and Integrity, efficiency, Less storage required
2017 [145] cloud and blockchain cons of cloud versus privacy, security for blockchain than
for privacy and security blockchain cloud -------------
ingh et al., 2019 Secure and efficient Transaction handling Privacy, security, Anomaly packet Handling limited
[146] smart home architecture and security analysis confidentiality, detection, high security attacks and
based on blockchain in smart home integrity, scalability throughput, low latency high execution time
and cloud computing network
Gai et al. [149] discussed the privacy concern caused by

D. BLOCKCHAIN-IoT PRIVACY PRESERVING attackers, which use data mining algorithms to violate a
APPROACH user’s privacy when the user group is located nearby
geographically. The authors proposed a module for
Yang et al. identified the three ways through which the constructing a smart contract called the black-box module.
location of blockchain addresses could be disclosed that This module allows for the regular operation of energy
raise the potential risk of privacy infringement. Therefore, trading transactions per demand for privacy preservation in
the authors have proposed a novel blockchain solution to design objectives.
preserve the worker’s position and increase the success rate Qui et al. overviewed the shortcomings of two existing
of assigned work [147]. privacy-preserving schemes and proposed a location privacy
Kuo et al. [148] focused on developing a hierarchical protection method using blockchain technology. The
approach to inherit the privacy-preserving benefits and proposed method does not require a third-party anonymizing
retain blockchain adoption services concerning research server, instead satisfying the principle of k-anonymity
networks-of-networks. Therefore, the authors have proposed privacy protection [150].
a framework to combine model learning with blockchain- Table VII summarizes the existing blockchain research
based model dissemination and with a hierarchical solutions for privacy-preserving
consensus algorithm to develop an example implementation
of a hierarchical chain that improves predictive correctness
for small training datasets.
TABLE VII
BLOCKCHAIN FOR PRIVACY PRESERVING SCHEME
Yang et al [147] Blockchain-based Preserve the worker’s Prevent re-identification, Efficiency, security Uploaded data can be re-
location, privacy- location and increase the location privacy used by malicious worker,
preserving crowdsensing success rate of assigned quality evaluation
system work problem
Kuo et al. [148] Privacy-preserving model Implementation of Improve predictive Learning iteration, reduce Topology, evaluation of a
learning on the hierarchical privacy- correctness of datasets, execution time, large number of data,
blockchain on a networks- preserving model on improve decision support advance privacy concern
of-networks blockchain and evaluate it system
on three
healthcare/genomic
datasets
Gai et al [149] Energy trading with Differential privacy, Efficiency, user’s privacy ----------------------- -------------------
user’s privacy using neighboring energy
blockchain in smart grid trading, privacy-
preserving
Qui et al. [150] Location privacy Location-based service, Efficiency, privacy, Good response time and This method is more
approach based on K-anonymity security scalability performance suitable for snapshot
blockchain increased theory
E. SECURITY VULNERABILITY AND TOOLS Blockchain smart contracts offer security and privacy, but
their vulnerabilities must be further understood. Here, we
VOLUME XX, 2017 1
Access
discuss some security tools to provide the body of presents a matrix of security tools covering the most serious
knowledge necessary for creating secure blockchain vulnerabilities; as shown in the table, most of these tools
software. The decentralized nature of blockchain technology address more than vulnerability. The visibility check is
carries historic immutability recognized by industries aiming omitted because it is only covered by smart checks [154].
to apply it in their business processes, particularly in IoT.
IoT's major security issue is knowing and controlling who is Summary and insights
connecting in huge networks without breaching privacy Many existing solutions in different sectors have been
regulations [151]. discussed in this section. In the healthcare sector, various
Blockchain technology is recognized as safe in its proposed schemes based on storing healthcare data improve
design, but built-in applications may be vulnerable in real efficiency, availability, integrity, effectiveness, and other
circumstances. For example, smart contracts have been features, while each scheme has certain limitations.
affected financially by various unfortunate incidents and Moreover, this section has also discussed the existing
attacks. In one case, in June 2016, a reentrancy problem in scheme in the transaction sector to evaluate the finance
split DAO caused a loss of approximately $40 million [152], sector by using blockchain to identify illicit activity and
and $32 million was taken by attackers in 2017 [153]. These develop a financial system. A blockchain scheme based on
high-profile cases show that even experienced developers privacy and security is also discussed, which provides
can leave a system seriously vulnerable to attackers aiming optimal traceability and anomaly packet detection.
to exploit security bugs in smart contracts. Table VIII
TABLE VIII
TOOLS AND VULNERABILITY
Security tool Interface ReEntrancy Timestamp Mishandled Immutable Gas costly Blockhash
dependency exceptions Bugs patterns usage
Oyente Command line     …… ……

Remix Command line    ……  
Gasper …… …… …… ……  ……
Securify User interface  ……  …… ------ ……
S. Analysis …… ……  …… ------ ……
Smartcheck User interface      ……
Mythril Command line  ……   ------ ……
VOLUME XX, 2017 1
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3051602, IEEE Access
authors have proposed a scheme by conducting experiments

F. ATTACK SOLUTIONS using the Contiki tool, a low-power-designed tool for
resource-constrained devices [164].
1) Liveness Attack: To combat the active liveness attack, 8) BGP Hijacking Attack: Xang et al. [165] proposed a
Conflux’s consensus protocol essentially encodes two BGPCoin scheme, which is a trustworthy blockchain-based
different block generation strategies proposed by Li et al. internet resource solution. The scheme develops the smart
[155]. One is the optimal strategy that allows quick contract to perform and supervise resource assignment on
confirmation and the other is the conservative strategy that temper resistant Etherium blockchain. BGPCoin scheme
guarantees the progress of consensus. Conflux is a scalable poses a credible BGP security solution on the Etherium
and decentralized system with high throughput and fast blockchain and smart contract programming.
confirmation in the blockchain system. It uses a novel 9) Sybil Attack: To prevent Sybil attacks in blockchain
adaptive weight mechanism to combine these two strategies networks, Swathi et al. [166] have proposed a scheme to
to an integrated consensus protocol. restrict the Sybil attack by monitoring other nodes' behavior
2) Double Spending Attacks: To address the double- and checking for the nodes which are forwarding the blocks
spending attack, Nicolas and Wang [156] have proposed the of only a particular user.
MSP (Multistage Secure Pool) framework which allows the
pool to authenticate the transactions. The proposed G. COUNTERMEASURE
framework includes four stages to overcome this attack are Although blockchain systems can be used very reliably,
1) detection stage, 2) confirmation stage, 3) Forwarding security mechanisms must be implemented at every point in
stage, and 4) broadcast stage. In addition, Begum et al. [157] the network. The blockchain user's private key address
provide a set of solutions against double-spending attacks needs to be highly coded to make the information more
after showing the limitation of this attack. secure. Blockchain network designers need to be aware of
3) 51% Vulnerability Attack: To combat the 51% attack, potential network attacks before implementation. Attack
Sayeed and Macro-Gisbert [158] have focused on crypto- self-detection software must be built into the system.
coin with low hashing power to analyze 51% attack, This section describes existing countermeasures and
revealing the weakness in the consensus protocol which detection algorithms available for technologies within the
makes this attack happen. The authors define the hash rate blockchain that can be used to ensure privacy and security.
problem and provide five security mechanisms against 51% For a comprehensive overview of this topic, this paper
attack. A recent work that has been done to address the extracted some existing research papers and internet
51% attack includes defensive mining, implementing a resources from scientific databases. Here is a summary of
“Permapoint” finality arbitration system to limit chain re- state-of-the-art solutions applied to blockchain
organization [159]. environments that address security threats and provide
4) Private Key Security Attack: Pal et al. [160] have strong privacy.
proposed public key infrastructure used in the blockchain
technology to authenticate the entities to counter a key 1) Quantitative framework
security attack. This technique ensures the integrity of the Application: The quantitative framework is made up of
blockchain network. A group key management is discussed two sections. While one is a blockchain simulator, another
to secure group communication to achieve confidentiality in segment has a security model plan [167]. The stimulator
the network. takes after the activity of blockchain frameworks. The
5) Transaction Privacy Leakage: The work proposed by consensus protocol and the network are the input
Bhushan and Sharma [161] presented the overall view of parameters.
security loopholes, carrying out of transactions and Impact: The quantitative system yields a high basic
suggested secure transaction methodology scheme. The procedure to check the assaults. By doing so, the
scheme uses a homomorphic cryptosystem, ring signature, framework helps build the security of the blockchain
and many other security measures to decrease the overall system.
impact of threats to improve the reliability in the 2) Oyente
transactional process in the network. Application: Oyente is built in a way that can detect bugs
6) Selfish Mining Attack: Saad et al. [162] have discussed in Ethereum based contracts. This technology is designed to
the vulnerability of self-mining and proposed a solution to evaluate the bytecode of blockchain smart contracts on
counter this attack. To counter the attack, the authors Ethereum [168]. The Ethereum blockchain system stores
leverage an honest mining practice to devise the notation of the EVM bytecode of smart contracts.
truth state for blocks during self-mining fork and also Impact: Oyente is very convenient to deploy on a system. It
allocate self-confirmation height to each transaction. detects bugs that may be present in a system.
Nicolas et al [163] have done a comprehensive overview of 3) Hawk
self-mining attack and their countermeasure schemes. Application: The framework is used to develop the privacy
7) DAO Attack: Ghaleb et al. addressed the DAO insider of smart contracts. The Hawk framework can allow
attack in RPL IoT network. To mitigate this attack, the developers to write codeless private smart contracts to
enhance the security system.
VOLUME XX, 2017 9
Impact: Since using hawk, the developer divides a system However, some cryptographic works have been done to
into two main parts, financial transactions are not explicitly improve the blockchain network. For example, Wang et al.
stored in the blockchain network system [167]. The private [174] have proposed a secure and efficient protocol using
part stores non-public data. Financial transaction Elliptic Curve Cryptography (ECC) to solve the identity
information is stored in the private part. Code and authentication issue in the smart grid. Moreover, Song et al.
information that does not require privacy can be found in [175] have worked on security and privacy concerns for smart
the public section [169]. Hawk protects the personal agriculture systems by proposing a data aggregation scheme
information records on a blockchain system because it uses with a flexible property that utilizes ElGamal cryptosystem.
the private smart contract that automatically generates an Zhang et al. [176] have suggested a distributed Covert
effective cryptographic model. Channel of the packet ordering enhancement model based on
4) Town crier data compression to enhance the unknowability of the data.
Application: Town crier works by recovering data demands Some more work has studied the applications of providing
from clients and gather information from HTTP websites security techniques to enhance the blockchain network
[170]. A carefully marked blockchain message got back to system [177-182].
the client contract by the Town crier.
Impact: Town crier provides security when requesting VII. OPEN ISSUES AND RESEARCH DIRECTION
information from clients. Strong security which is a robust To complete our overview, we outline some open questions
model for the blockchain smart contract is provided by a and research challenges, along with available requirements to
local announcer/town crier. improve blockchain-IoT capability. Table IX summarizes
5) Lightning network some key blockchain characteristics that solve the security
Application The Lightning network generates double- issues.
signed transaction receipts. The transaction is said to be 1) Vulnerability: Despite offering a robust approach for
valid after the parties involved in the transaction have IoT security, blockchain systems are also vulnerable. The
signed it to accept the new check [170]. consensus mechanism based on the miner's hash power has
Impact: This Lightning network helps two individuals to disappeared, thus allowing attackers to host the blockchain.
conduct transactions between themselves without Likewise, it is possible for attackers to compromise
interference from a third-party miner. Double signing blockchain accounts by exploiting private keys with limited
ensures transaction security for the parties involved. randomness. Users need to define effective mechanisms to
6) Segwit ensure transactions' privacy and avoid competitive attacks,
Application: Segwit is one of the sidechain features that leading to double spending during transactions.
runs in parallel with the main Blockchain network [171]. 2) Resiliency against combined attack: Many security
Signature data moves from the main Blockchain system to solutions and applications have been discussed and proposed
the extended sidechain. for blockchain-IoT, and each of them has been designed to
Impact: By using the sidechain, more blockchain space is handle certain security issues and threats. The main question
freed and more transactions are executed [172]. The involves developing a framework that can be resilient against
signature data is placed in the parallel side chain in the form many combined attacks with consideration of the
of a Merkle tree. With this placement, the overall block size implementation feasibility of the proposed solutions.
limit has increased without interfering with the block size. 3) Policies for zero-day attacks: A zero-day attack is a
Data diversification improves network security. software module technique that occurs when there is a lack of
7) Integration of blockchain with artificial intelligence countermeasures against such vulnerability. It is difficult to
(AI) identify the possibility of such attacks, and any device can be
Application: Artificial intelligence is building a machine in compromised by one. Most of the related suspicious activities
a way that can perform tasks that require intelligence. are recognized during the development stage, but some of
Impact: Machine learning can be used by security them are recognized during testing operations. When a
personnel to detect anomalous behavior in the network and vulnerability is exploited, the liabilities should be addressed
prevent attacks on the system [170]. by a security patch from the software distributers. A non-
8) Tendermint homogeneous Markov model is defined using an attack graph
Tendermint proposed the concept of blocking, in which that incorporates time-dependent covariates to predict zero-
security is provided by a modified reconciliation protocol day attacks.
based on share confirmation. Each block must be 4) Blockchain specific infrastructure: Storing the data on
cryptographically signed by certifiers in the Tendermint the blockchain database means storing information on the IoT
consensus protocol, where certifiers are simply users who nodes in the network that cannot be deleted. This means
confirm their interest in the security of the system by information is imposed on the miner nodes, which imposes
closing their funds with the help of a bonding transaction huge costs on a decentralized network. Specifically, we can
[173]. understand that storage-limited IoT devices may not store
large blockchains that grow as blocks are added to the
blockchain. It is also known that IoT devices store data on
VOLUME XX, 2017 9
blockchains that are not useful for their transactions. resources well for each function in a blockchain
Therefore, fining equipment that supports the distributed transaction system. Some other facilities like fog
storage of large-scale blockchain-specific blockchains computing, edge-crowd modeling, osmotic computing,
becomes a difficult problem. In addition, address and other distributed concepts can improve resource
management and basic communication protocols play utilization and security facilities.
important roles in the blockchain infrastructure. In particular,  Performance trade-off: Apart from the cryptographic
the reliability between devices with abundant computing
requirement for providing security and efficiency, one
resources must be established in the blockchain infrastructure.
should not ignore or compromise the system's
Further, the application programming interface should be as
user-friendly as possible. performance and handle the implementation overhead
during parallel operation.
5) Security requirements: Considering blockchain-IoT, it  Insider threat management: It prevents threat,
is of the utmost importance for the specific condition which combating, detecting, and monitoring of employees.
aims to facilitate security parameters, attack countermeasures, Non-compromising models are required to detect and
privacy, and trust. Blockchain-IoT must satisfy certain prevent false alarms in the aspects of the blockchain
security requirements, illustrated as follows: system.
 Secure key exchange: It is considered as an important 6) Open Questions:
role in a cryptographic mechanism to secure end-to-  How many blockchains can secure the IoT
end communications. It is a pillar of attack prevention environment?
in the network. It should be guaranteed that a key must  What are the smart contract vulnerabilities, and
be securely shared over the network. how do smart contracts respond in the face of
 Resource-exhausted attack resilient: Resource changing IoT environmental conditions?
exhaustion attacks are security exploitations of the  In what cases can blockchain be used in IoT
targeted system or network that should be prevented. networks?
The attack can be exploited through the excessive key  How safe will blockchain technology remain in
operation, or when many transactions occur in the the future age of quantum computing?
network and there is abundant validation from the  How can the issue of latency in block creation in
miners. Such attacks may cause a shutdown of the blockchain and cryptographic processes be
entire network. addressed without compromising privacy?
 Resource utilization: The utilization of memory and
power can save the operation up to a longer duration.
The novel network architecture can utilize the
TABLE IX
SOLVING SECIRITY ISSUES THROUGH BLOCKCHAIN CHARACTERISTICS
Characteristics
Smart Transparent Decentra- Digital
Anonymity Efficiency Persistency Resiliency
contract And verifiable lization ledger
Issues
Data privacy Yes No No Yes No No No No
Access control Yes Yes Yes No Yes No No No
Single point failure No No Yes No Yes No Yes No
Third-party No No Yes No Yes No Yes No
Integrity of data Yes No Yes No No Yes No No
Availability No No Yes No Yes No No No
Immutability Yes No No No No Yes No Yes
Eavesdropping No No No Yes No No No No
Trust No Yes Yes No No Yes No No
Botnet attacks No No Yes No No Yes Yes
blockchain with some real-world examples. Moreover, this

VIII. CONCLUSION paper discussed the various security issues, challenges,
The blockchain paradigm is changing the IT industry. vulnerabilities, and attacks that impede the increased
Blockchain can bring together companies, governments, adoption of blockchain technology while exploring these
and even countries. Blockchain technology is widely challenges in a variety of aspects. We also explained other
recognized and highly valued due to its decentralized nature blockchain applications and benefits, and we discussed
and peer-to-peer characteristics. The main takeaway of this many related opportunities at the business level. Finally, we
review paper is that the authors have thoroughly analyzed summarized existing security solutions for different
several attacks on blockchain and the security issues of environments and open research issues.
VOLUME XX, 2017 9
[20] C. Cachin, “Architecture of the hyperledger Blockchain fabric,”

Workshop on Distributed Cryptocurrencies and Consensus Ledgers,
REFERENCE vol. 31, pp. 1–4, 2016.
[1] Z. Zheng, S. Xie, H. N. Dai, X. C., and H. Wang. "Blockchain [21] L. S. Sankar, M. Sindhu, and M. Sethumadhavan, “Survey of
challenges and opportunities: a survey." International Journal of consensus protocols on Blockchain applications,” Proc. of the
Web and Grid Services 14, no. 4 (2018): 352-375. International Conference on Advanced Computing and
[2] S. Singh, I. H. Ra, W. Meng, M. Kaur and G. H. Cho, “SH-BlockCC: Communication Systems, pp. 1–5, 2017.
A secure and efficient Internet of things smart home architecture [22] P. D. Filippi, “The interplay between decentralization and privacy:
based on cloud computing and blockchain technology,” International the case of Blockchain technologies,” Journal of Peer Production, no.
Journal of Distributed Sensor Networks, Vol. 15, no. 4, pp.1-17, 7, pp. 1-19, 2016.
2019. [23] J. L. D. L. Rosa, V. Torres-Padrosa, A. el-Fakdi, D. Gibovic, O.
[3] X. Jiang, M. Liu, C. Yang, Y. Liu and R. Wang: A Blockchain- Hornyák, L. Maicher, and F. Miralles, “A survey of Blockchain
Based Authentication Protocol for WLAN Mesh Security Access, technologies for open innovation,” Proc. of the 4th Annual World
Computers, Materials & Continua, Vol. 58, No. 1, pp. 45-59, 2019. Open Innovation Conference, pp. 14–15, 2017.
[4] Z. Deng, Y. Ren, Y. Liu, X. Yin, Z. Shen and H. Kim: Blockchain- [24] O. Jacobovitz, “Blockchain for identity management,” A Technical
Based Trusted Electronic Records Preservation in Cloud Storage, Report, no. 16-02, pp. 1-19, 2016.
Computers, Materials & Continua, Vol. 58, No. 1, pp. 135-151, [25] “ID and access management: the next steps,”
2019. https://www.bankinfosecurity.com/interviews/id-access-
[5] R. Song, Y. Song, Z. Liu, M. Tang and K. Zhou: GaiaWorld: A management-next-steps-i-3904,2018.
Novel Blockchain System Based on Competitive PoS Consensus [26] M. Pilkington, “Blockchain technology: principles and
Mechanism, Computers, Materials & Continua, Vol. 60, No. 3, applications,” Research handbook on digital transformations,
pp.973-987, 2019. Chapter 11, pp. 225–253, 2016.
[6] G. Sun, S. Bin, M. Jiang, N. Cao, Z. Zheng, H. Zhao, D. Wang and [27] “Blockchain developers,”
L. Xu: Research on Public Opinion Propagation Model in Social https://www.ibm.com/blogs/Blockchain/category/Blockchain-
Network Based on Blockchain, Computers, Materials & Continua, developers/Blockchain-open-source/, IBM.
Vol. 60, No. 3, pp.1015-1027, 2019. [28] S. Underwood, “Blockchain beyond bitcoin,” Communications of
[7] C. Li, G. Xu, Y. Chen, H. Ahmad and J. Li: A New Anti-Quantum the ACM, vol. 59, no. 11. Pp. 15–17, 2016.
Proxy Blind Signature for Blockchain-Enabled Internet of Things, [29] I. Miers, C. Garman, M. Green, and A. D. Rubin, “Zerocoin:
Computers, Materials & Continua, Vol. 61, No. 2, pp.711-726, 2019. anonymous distributed e-cash from bitcoin,” Proc. of the IEEE
[8] W. Wang, and C. Su. "CCBRSN: A system with high embedding Symposium Security and Privacy, pp. 397–411, 2013.
capacity for covert communication in Bitcoin." In IFIP International [30] M. Möser, “Anonymity of bitcoin transactions,” Munster Bitcoin
Conference on ICT Systems Security and Privacy Protection, pp. Conference (MBC), Germany, 2013, pp.1-10
324-337. Springer, Cham, 2020. [31] https://www.statista.com/statistics/647374/worldwide-Blockchain-
[9] L. Zhang, Z. Zhang, W. Wang, R. Waqas, C. Zhao, S. Kim, and H. wallet-users/, pp. 1-10, 2013.
Chen, 2020. A Covert Communication Method Using Special [32] H. Kakavand, N. K. D. Sevres, and B. Chilton, “The Blockchain
Bitcoin Addresses Generated by Vanitygen. CMC-COMPUTERS revolution: an analysis of regulation and technology related to
MATERIALS & CONTINUA, 65(1), pp.597-616. distributed ledger technologies,”
[10] S. Li, F. Liu, J. Liang, Z. Cai and Z. Liang: Optimization of Face https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2849251, pp. 1-
Recognition System Based on Azure IoT Edge, Computers, 27, 2017.
Materials & Continua, Vol. 61, No. 3, pp.1377-1389, 2019. [33] Y. Peter, “Regulatory issues in Blockchain technology,” Journal of
[11] D. Kim, S. Min and S. Kim: A DPN (Delegated Proof of Node) Financial Regulation and Compliance, vol. 25, no. 2, pp. 96–208,
Mechanism for Secure Data Transmission in IoT Services, 2017
Computers, Materials & Continua, Vol. 60, No. 1, pp.1-14, 2019. [34] A. Nordrum, “Is it time to become a Blockchain developer?” IEEE
[12] L. Xu, C. Xu, Z. Liu, Y. Wang and J. Wang: Enabling Comparable Spectrum, vol. 54, no. 9, pp. 21–21, 2017.
Search Over Encrypted Data for IoT with Privacy-Preserving, [35] K. Wüst and A. Gervais, “Do you need a Blockchain?” IACR
Computers, Materials & Continua, Vol. 60, No. 2, pp.675-690, 2019. Cryptology ePrint Archive, pp. 1–10, 2017.
[13] M. Ferrag, L. Maglaras, A. Derhab, M. Mukherjee, and H. Janicke. [36] C. Sullivan and E. Burger, “E-residency and Blockchain,” Computer
"Privacy-preserving Schemes for Fog-based IoT Applications: Law & Security Review, vol. 33, no. 4 pp. 470–481, 2017.
Threat models, Solutions, and Challenges." In 2018 International [37] X. Li, P. Jiang, T. Chen, X. Luo, and Q. Wen, “A survey on the
Conference on Smart Communications in Network Technologies security of Blockchain systems” Future Generation Computer
(SaCoNeT), pp. 37-42. IEEE, 2018. Systems, vol. 9604, pp. 106–125, 2016
[14] A. Dwivedi, G. Srivastava, S. Dhar, and R. Singh. "A decentralized [38] A. Kiayias, and G. Panagiotakos, “On trees, chains and fast
privacy-preserving healthcare blockchain for IoT." Sensors 19, no. 2 transactions in the Blockchain,” IACR Cryptology ePrint Archive,
(2019): 326. pp. 1–25, 2016.
[15] M. Shen, X. Tang, L. Zhu, X. Du, and M. Guizani. "Privacy- [39] S. W. Kim, “Safety and liveness — Blockchain in the point of view
preserving support vector machine training over blockchain-based of FLP impossibility,” 2018.
encrypted IoT data in smart cities." IEEE Internet of Things [40] G. O. Karame, E. Androulaki, M. Roeschlin, A. Gervais, and S.
Journal 6, no. 5 (2019): 7702-7712. Čapkun, “Misbehavior in bitcoin: a study of double-spending and
[16] “What is block decentralization?” accountability,” ACM Transactions on Information and System
https://lisk.io/academy/Blockchain-basics/benefits-of- Security, vol. 18, no. 1, pp. 1–32, 2015.
Blockchain/what-is- decentralization, 2019. [41] G. O. Karame, E. Androulaki, and S. Capkun, “Two Bitcoins at the
[17] “Obama announces legislation protecting personal data, student price of one? double-spending attacks on fast payments in Bitcoin,”
digital privacy,” https://www.rt.com/usa/221919-obama-privacy- Proc. of Conference on Computer and Communication Security, pp.
student-consumer/, 2015. 1–17, 2012.
[18] K. Gai, M. Qiu, X. Sun, and H. Zhao, “Security and privacy issues: [42] M. Rosenfeld, “Analysis of hashrate-based double spending,” arXiv
a survey on FinTech,” Proc. of the International Conference on preprint arXiv:1402.2009, pp. 1–14, 2014.
Smart Computing and Communication, pp. 236–247, 2016. [43] N. Hajdarbegovic, “Bitcoin miners ditch ghash.io pool over fears of
[19] G. Zyskind, O. Nathan, and A. S. Pentland, “Decentralizing privacy: 51% attack,” CoinDesk, 2014.
using Blockchain to protect personal data,” IEEE Security and [44] J. L. Zhao, S. Fan, and J. Yan, “Overview of business innovations
Privacy Workshops, pp. 180–184, 2015. and research opportunities in Blockchain and introduction to the
special issue,” Financial Innovation, pp. 1–7, 2016.
[45] J. Frankenfield, “51% attack,” Investopedia, 2019.
VOLUME XX, 2017 9
[46] H. Mayer, “ECDSA security in bitcoin and ethereum: a research Homomorphic Computation. Intelligent Automation and Soft
survey,” CoinFaabrik, pp. 1–10, 2016. Computing, Vol. 25, No. 1, pp. 171-181.
[47] A. Bryk, “Blockchain attack vectors: vulnerabilities of the most [69] I. You, C. Choi; V. Sharma; I. Woungang; B. Bhargava. (2019):
secure technology,” apriority, 2018. Guest Editorial: Advances In Security and Privacy Technologies for
[48] B. Borja; A. Ramon; M. Diego; S. Alvaro. (2019): Trust Provision Forthcoming Smart Systems, Services, Computing, and Networks.
in the Internet of Things Using Transversal Blockchain Networks. Intelligent Automation and Soft Computing, Vol. 25, No. 1, pp. 117-
Intelligent Automation and Soft Computing, Vol. 25, No. 1, pp. 155- 119.
170. [70] W. Shi, J. Wang, J. Zhu, Y.Wang, D. Choi. (2019): A Novel
[49] A. Badshah, A. Ghani, M. Qureshi and S. Shamshirband: Smart Privacy-Preserving Multi-Attribute Reverse Auction Scheme with
Security Framework for Educational Institutions Using Internet of Bidder Anonymity Using Multi-Server Homomorphic Computation.
Things (IoT) , Computers, Materials & Continua, Vol. 61, No. 1, Intelligent Automation and Soft Computing, Vol. 25, No. 1, pp. 171-
pp.81-101, 2019. 181.
[50] ASM S., Hosen, S. Singh, V.Mariappan, M. Kaur, and G. Cho. "A [71] C. Mann and D. Loebenberger, “Two-factor authentication for the
Secure and Privacy Preserving Partial Deterministic RWP Model to Bitcoin protocol,” International Journal of Information Security, vol.
Reduce Overlapping in IoT Sensing Environment." IEEE Access 7 16, no. 2, pp. 213–226, 2017.
(2019): 39702-39716. [72] P. Yeoh, “Regulatory issues in Blockchain technology,” Journal of
[51] J. Barcelo, “User privacy in the public bitcoin Blockchain,” Journal Financial Regulation and Compliance, vol. 25, no. 2, pp. 196–208,
of Latex Class Files, vol. 6, no. 1, pp. 1–4, 2007. 2017.
[52] P. Fremantle, B. Aziz, and T. Kirkham, “Enhancing IoT security and [73] J. McKendrick, “9 reasons to be cautious with Blockchain,”
privacy with distributed ledgers-a position paper,” Proc. of the https://www.zdnet.com/article/9-reasons-to-be-cautious-with-
International Conference on Internet of Things, Big Data and Blockchain/, 2017.
Security, pp. 1–7, 2017. [74] N. Christin, “Traveling the Silk Road: a measurement analysis of a
[53] T. Yuzhe, Q. Zou, J. Chen, K. Li, C. A. Kamhoua, K. Kwiat, and L. large anonymous online marketplace,” Proc. of the 22nd
Njilla, “ChainFS: Blockchain-secured cloud storage,” Proc. of the international conference on World Wide Web, pp. 213–224. 2013.
11th IEEE International Conference on Cloud Computing, pp. 987– [75] S. Mire, “Blockchain for Cannabis: 6 possible use cases,
990, 2018. https://www.disruptordaily.com/Blockchain-use-cases-cannabis/,
[54] S. Solat and M. Potop-Butucaru, “Zeroblock: preventing selfish 2018
mining in Bitcoin,” Technical Report, Sorbonne Universities, [76] B. Reutzel, “From seeds to weed, Bitcoin finds home where
UPMC Universities, Paris, pp. 1–17, 2016. commerce goes gray,” https://www.coindesk.com/bitcoin-atms-
[55] “What is selfish mining?” Tokens 24, 2018. ?, gray-areas, 2016.
https://www.tokens24.com/cryptopedia/mining/what-is-selfish- [77] J. Martin, “Blockchain in action: derailing drug abuse & prescription
mining Accessed on 2018 drug fraud,” https://Blockchain.wtf/2018/06/series/Blockchain-in-
[56] “Understanding the DAO attack,” CoinDesk, 2016. action/derailing-drug-abuse/, 2018.
https://www.coindesk.com/understanding-dao-hack-journalists/ [78] R. Wolfson, “Tracing illegal activity through the Bitcoin Blockchain
[57] P. Daian, “Analysis of the DAO exploit,” Hacking, Distributed, to combat cryptocurrency,”
2016. https://www.forbes.com/sites/rachelwolfson/2018/11/26/tracing-
[58] Phil Daian, Analysis of the DAO exploit, illegal-activity-through-the-bitcoin-Blockchain-to-combat-
http://hackingdistributed.com/2016/06/18/analysis-of-the- dao- cryptocurrency-related-crimes/#3beb9fa333a9, 2018.
exploit/ [79] R. Böhme, N. Christin, B. Edelman, and T. Moore, “Bitcoin:
[59] M. Apostolaki, A. Zohar, and L. Vanbever, “Hijacking bitcoin: Economics, technology, and governance,” Journal of Economic
Routing attacks on cryptocurrencies,” IEEE Symposium on Security Perspectives, vol. 29, no. 2, pp. 213-38, 2015.
and Privacy, pp. 375–392, 2017. [80] Coin wire, “Blockchain technology can prevent prescription drug
[60] J. Stewart, “BGP hijacking for cryptocurrency profit,” Secure works, abuse,” https://www.coinwire.com/Blockchain-technology-can-
2014. prevent-prescription-drug-abuse, 2018.
[61] K. Soska, K. A. Kwon, N. Christin, and S. Devadas. “Beaver: a [81] R. Jackson, “Blockchain aims to curb prescription drug abuse,”
decentralized anonymous marketplace with secure reputation,” https://hackernoon.com/Blockchain-aims-to-curb-prescription-drug-
IACR Cryptology ePrint Archive, pp. 1–15, 2016. abuse-47fc9cc66379.
[62] D. Christian and D. Wattenhofer, “Bitcoin transaction malleability [82] “Blockchain for crime prevention in the legal cannabis space,”
and MtGox,” European Symposium on Research in Computer https://investingnews.com/innspired/Blockchain-crime-prevention-
Security, pp. 313–326. 2014. legal-cannabis-space/, 2018.
[63] U. Rajput, F. Abbas, R. Hussain, H. Eun, and H. Oh, “A simple yet [83] P. Godsiff, Philip, “Bitcoin: bubble or Blockchain,” Agent and
efficient approach to combat transaction malleability in bitcoin,” Multi-Agent Systems: Technologies and Applications, pp. 191-203.
International Workshop on Information Security Applications, pp. 2015.
27–37, 2014. [84] E. Hreinsson, and S. Blöndal, “The future of Blockchain technology
[64] K. Wust, “Security of Blockchain technologies,” Master Thesis, pp. and cryptocurrencies,” PhD dissertation, 2018 [not found].
1–59, 2016. [85] K. Zetter, “How the federal government defeated the Silk Road drug
[65] C. DeCusatis, M. Zimmermann, and A. Sager, “Identity-based wonderland,” https://www.wired.com/2013/11/silk-road/, 2018.
network security for commercial Blockchain services,” Proc. of the [86] M. A. Niloy, “From the dark side of Bitcoin: misusing cryptography,
IEEE 8th Annual Workshop and Conference on Computing and https://99bitcoins.com/the-dark-side-of-bitcoin-misusing-
Communication pp. 474–477, 2018. cryptography/, 2018.
[66] P. K. Sharma, S. Y. Moon, and J. H. Park, “Block-VN: a distributed [87] A. Nicola, M. Bartoletti, and T. Cimoli, “A survey of attacks on
Blockchain based vehicular network architecture in smart city,” ethereum smart contracts (sok),” Principles of Security and Trust, pp.
Journal of Information Processing Systems, vol. 13, no. 1, pp. 184– 164–186. 2017.
195, 2017. [88] M. Alharby and A. V. Moorsel, “Blockchain-based smart contracts:
[67] A. Back, M. Corallo, L. Dashjr, M. Friedenbach, G. Maxwell, A. a systematic mapping study,” arXiv preprint arXiv:1710.06372, pp.
Miller, A. Poelstra, J. Timón, and P. Wuille, “Enabling Blockchain 1–16, 2017.
innovations with pegged sidechains,” URL: http://www. [89] https://repository.stcloudstate.edu/cgi/viewcontent.cgi?referer=https:
opensciencereview.com/papers/123/enablingBlockchain- //www.google.com/&httpsredir=1&article=1093&context=msia_etd
innovations-with-pegged-sidechains, 2014. s, accessed on, 2020.
[68] Shi Wenbo; Wang Jiaqi; Zhu Jinxiu; Wang YuPeng; Choi, Dongmin. [90] B. Jiang, Y. Liu, and W. K. Chan, “Contractfuzzer: fuzzing smart
(2019): A Novel Privacy-Preserving Multi-Attribute Reverse contracts for vulnerability detection,” Proc. of the 33rd ACM/IEEE
Auction Scheme with Bidder Anonymity Using Multi-Server
VOLUME XX, 2017 9
International Conference on Automated Software Engineering, pp. Computer Systems Science and Engineering, Vol. 34, No. 5, pp.
259–269. 2018. 259-281.
[91] “Introduction to smart contracts,” [115] A. Morrison, “Blockchain and smart contract automation:
http://solidity.readthedocs.io/en/v0.4.21/introduction-tosmart- introduction and forecast,” PWC, 2016.
contracts.html, 2018. [116] D Meijer and R. W. Carlo, “Blockchain and standards: first things
[92] A. Dika, “Ethereum smart contracts: security vulnerabilities and first,” FinExtra, 2016.
security tools,” Masters Thesis, NTNU, pp. 1–97, 2017. [117] “Cryptotechnologies, a major IT innovation and catalyst for change:
[93] J. H. Mosakheil, “Security threats classification in Blockchains,” pp. 4 categories, 4 applications and 4 scenarios: An exploration for
1–142, 2018. transaction banking and payments professionals,” EBAWGEAP
[94] “The lack of Blockchain talent is becoming an industry concern,” (Euro Banking Association Working Group on Electronic
https://www.coindesk.com/Blockchain-hiring-difficulties-becoming- Alternative Payments), 2015.
industry-concern, accessed on 2020. [118] M. Mainelli and A. Milne, “The impact and potential of Blockchain
[95] A. Walch, “The path of the Blockchain lexicon (and the law),” on the securities transaction lifecycle,” SWIFT Institute Working
Review of Banking & Financial Law, vol. 36, pp. 1–54, accessed on Paper, no. 2015-007, 2015.
2020. [119] K. Christidis and M. Devetsikiotis, “Blockchains and smart
[96] “SWIFT on distributed ledger technologies,” contracts for the internet of things,” IEEE Access, vol. 4, pp. 2292–
http://www.ameda.org.eg/files/SWIFT_DLTs_position_paper_FINA 2303, 2016.
L1804.pdf, 2020. [120] C. Brennan and W. Lunn, “Blockchain: the trust disrupter,” London:
[97] Shen Li, Fang Liu, Jiayue Liang, Zhenhua Cai and Zhiyao Liang: Credit Suisse,” pp. 1–135, 2016.
Optimization of Face Recognition System Based on Azure IoT Edge, [121] “How Blockchains could change the world,” McKinsey & Company,
Computers, Materials & Continua, Vol. 61, No. 3, pp.1377-1389, pp.1-10,2016.
2019. [122] S. Deetman, “Bitcoin could consume as much electricity as
[98] “ISITC Europe and Oasis to define technical standards for Denmark by 2020,” Motherboard, pp.1-9 2016.
Blockchain,” https://www.bankingtech.com/2016/10/isitc-europe- [123] M. Mainelli and B. Manson, “Chain reaction: how Blockchain
and-oasis-to-define-technical-standards-for-Blockchain/, accessed technology might transform wholesale insurance,” Long Finance
on 2020. Report, London: Z/Yen Group, pp. 1–60, 2016.
[99] M. Crosby, P. Pattanayak, Nachiappan, S. Verma, and V. [124] L. A. Linn and M. B. Koo, “Blockchain for health data and its
Kalyanaraman, “Blockchain technology: beyond Bitcoin,” Applied potential use in health it and health care related research,”
Innovation Review, no. 2, pp. 1–16, 2016. ONC/NIST Use of Blockchain for Healthcare and Research
[100] H. Kakavand, N. K. D. Sevres, and B. Chilton, “The Blockchain Workshop, pp. 1–10, 2016.
revolution: an analysis of regulation and technology related to [125] Y. Sun, Y. Yuan, Q. Wang, L. Wang, E. Li and L. Qiao, “Research
distributed ledger technologies,” SSRN, pp. 1–27, 2017. on the Signal Reconstruction of the Phased Array Structural Health
[101] McKinsey & Company, “Beyond the hype: Blockchains in capital Monitoring Based Using the Basis Pursuit Algorithm”, Computers,
markets,” McKinsey Working Papers on Corporate & Investment Materials & Continua, Vol. 58, No. 2, pp. 409-420, 2019.
Banking, no. 12, pp. 1–32, 2015. [126] K. Kaur and K. Kaur: Failure Prediction, Lead Time Estimation and
[102] V. Grewal-Car and S. Marshall, “Blockchain: Enigma. Paradox. Health Degree Assessment for Hard Disk Drives Using Voting
Opportunity,” Deloitte LLP, pp. 1–27, 2016. Based Decision Trees, Computers, Materials & Continua, Vol. 60,
[103] “Understanding Blockchain risks, controls and validation,” PWC, No. 3, pp.913-946, 2019.
http://usblogs.pwc.com/emerging-technology/Blockchain- [127] M. Luo, K. Wang, Z. Cai, A. Liu, Y. Li and C. Cheang: Using
validation-infographic/, 2018. Imbalanced Triangle Synthetic Data for Machine Learning Anomaly
[104] “Report: the distributed ledger technology applied to securities Detection, Computers, Materials & Continua, Vol. 58, No. 1, pp. 15-
markets,” ESMA (European securities and markets authority), pp. 26, 2019.
1–37, 2017. [128] J. Qiu, Y. Liu, Y. Chai, Y. Si, S. Su, L. Wang and Y. Wu:
[105] M. Michael and S. Mills, “The missing links in the Chains? Mutual Dependency-Based Local Attention Approach to Neural Machine
distributed ledger (aka Blockchain) standards,” Long Finance, pp. Translation, Computers, Materials & Continua, Vol. 59, No. 2,
1–75, 2016. pp.547-562, 2019.
[106] SWIFT (Society for Worldwide Interbank Financial [129] K. Hamdia, H. Ghasemi, X. Zhuang, N. Alajlan and T. Rabczuk:
Telecommunications) Institute, “Distributed ledgers, smart contracts, Computational Machine Learning Representation for the
business standards and ISO 20022,” SWIFT, 2016. Flexoelectricity Effect in Truncated Pyramid Structures, Computers,
[107] S. Bogart and K. Riche, “Blockchain report: welcome to the Internet Materials & Continua, Vol. 59, No. 1, pp. 79-87, 2019.
of value,” New York: Needham & Company LLC, pp. 1–57, 2015. [130] F. Xu, X. Zhang, Z. Xin and A. Yang: Investigation on the Chinese
[108] W. He, S. Guo, Y. Liang, R. Ma, X. Qiu and L. Shi: QoS-Aware and Text Sentiment Analysis Based on Convolutional Neural Networks
Resource-Efficient Dynamic Slicing Mechanism for Internet of in Deep Learning, Computers, Materials & Continua, Vol. 58, No. 3,
Things, Computers, Materials & Continua, Vol. 61, No. 3, pp.1345- pp. 697-709, 2019.
1364, 2019. [131] A. Maamar and K. Benahmed: A Hybrid Model for Anomalies
[109] “Blockchain healthcare 2016 report: promise & pitfalls,” Tierion, pp. Detection in AMI System Combining K-means Clustering and Deep
1–8, 2016. Neural Network, Computers, Materials & Continua, Vol. 60, No. 1,
[110] “Blockchain technology: how banks are building a real-time global pp.15-39, 2019.
payment network,” Accenture Digital, pp. 1–12, 2016. [132] Z. Xu, Q. Zhou, Z. Yan. (2019): Special Section on Recent
[111] M. Lamarque, “The Blockchain revolution: new opportunities in Advances in Artificial Intelligence for Smart Manufacturing - Part II
equity markets, Doctoral dissertation, Massachusetts Institute of Intelligent Automation & Soft Computing. Intelligent Automation
Technology, pp. 1–88, 2016. and Soft Computing, Vol. 25, No. 4, pp. 787-788.
[112] D. Broby and T. Karkkainen, ‘FINTECH in Scotland: building a [133] X. Wu, C. Luo, Q. Zhang, J.Zhou, H. Yang and Y. Li: Text
digital future for the financial sector,” Center for Financial Detection and Recognition for Natural Scene Images Using Deep
Regulation and Innovation, pp. 1–31, 2016. ConVolutional Neural Networks, Computers, Materials & Continua,
[113] D. Mills, K. Wang, B. Malone, A. Ravi, J. Marquardt, C. Chen, A. Vol. 61, No. 1, pp.289-300, 2019.
Badev, T. Brezinski, L. Fahy, K. Liao, V. Kargenian, M. Ellithorpe, [134] Z. Alhadhrami, S. Alghfeli, M. Alghfeli, J. A. Abedlla, and K.
W. Ng, and M. Baird, “Distributed ledger technology in payments, Shuaib, “Introducing Blockchains for healthcare,” Proc. of the
clearing, and settlement,” FEDS Working Paper, 2016. International Conference on Electrical and Computing Technologies
[114] A. A. M. Jamel and B. Akay, (2019): A Survey and systematic and Applications, pp. 1–4, 2017.
categorization of parallel K-means and Fuzzy-c-Means algorithms.
VOLUME XX, 2017 9
[135] V. Patel, “A framework for secure and decentralized sharing of [156] K. Nicolas, and W. Yi. "A novel double spending attack
medical imaging data via Blockchain consensus,” Health countermeasure in blockchain." In 2019 IEEE 10th Annual
Informatics Journal, pp. 1–14, 2018. Ubiquitous Computing, Electronics & Mobile Communication
[136] M. Mettler, “Blockchain technology in healthcare: the revolution Conference (UEMCON), pp. 0383-0388. IEEE, 2019.
starts here,” Proc. of the IEEE 18th International Conference on e- [157] A. Begum, A. H. Tareq, M. Sultana, M. K. Sohel, T. Rahman, and A.
Health Networking, Applications and Services, pp. 1–3, 2016. H. Sarwar. "Blockchain Attacks, Analysis and a Model to Solve
[137] X. Liang, J. Zhao, S. Shetty, J. Liu, and D. Li, “Integrating Double Spending Attack." International Journal of Machine
Blockchain for data sharing and collaboration in mobile healthcare Learning and Computing 10, no. 2 (2020).
applications,” Proc. of the IEEE 28th Annual International [158] S. Sayeed, and M. Hector. "Assessing blockchain consensus and
Symposium on In Personal, Indoor, and Mobile Radio security mechanisms against the 51% attack." Applied Sciences 9,
Communications, pp. 1–5, 2017. no. 9 (2019): 1788.
[138] S. Tanwar, Parekh, K., & Evans, R. Blockchain-based electronic [159] L. Odera, 2020, https://bitcoinexchangeguide.com/ethereum-classic-
healthcare record system for healthcare 4.0 applications. Journal of iohk-team-up-to-find-solutions-to-prevent-51-attacks-on-the-
Information Security and Applications, 50, 102407. 2020 blockchain/, accessed on 20 December 2020
[139] G. Tripathi, M. A. Ahad & S. Paiva. (2020, March). S2HS-A [160] O. Pal, B. Alam, V. Thakur, and S. Singh, 2019. Key management
blockchain based approach for smart healthcare system. for blockchain technology. ICT Express.
In Healthcare (Vol. 8, No. 1, p. 100391). Elsevier. [161] B. Bhushan and N. Sharma, 2020, July. Transaction Privacy
[140] A. Kumar, R. Krishnamurthi, A. Nayyar, K. Sharma, V. Grover, and Preservations for Blockchain Technology. In International
Eklas Hossain. "A Novel Smart Healthcare Design, Simulation, and Conference on Innovative Computing and Communications (pp.
Implementation Using Healthcare 4.0 Processes." IEEE Access 8 377-393). Springer, Singapore.
(2020): 118433-118471. [162] M. Saad, L. Njilla, C. Kamhoua, and A. Mohaisen, 2019, February.
[141] J. Oh and I. Shong, “A case study on business model innovations Countering selfish mining in blockchains. In 2019 International
using Blockchain: focusing on financial institutions,” Asia Pacific Conference on Computing, Networking and Communications
Journal of Innovation and Entrepreneurship, vol. 11, no. 3 pp. 335– (ICNC) (pp. 360-364). IEEE.
344, 2017. [163] K. Nicolas, Y. Wang, and G.C. Giakos, 2019, September.
[142] A. Turner and A. S. M. Irwin, “Bitcoin transactions: a digital Comprehensive Overview of Selfish Mining and Double Spending
discovery of illicit activity on the Blockchain,” Journal of Financial Attack Countermeasures. In 2019 IEEE 40th Sarnoff
Crime, vol. 25, no. 1, pp. 109–130, 2018. Symposium (pp. 1-6). IEEE.
[143] S. Yoo, “Blockchain based financial case analysis and its [164] B. Ghaleb, A. Al-Dubai, E. Ekonomou, M. Qasem, I. Romdhani,
implications,” Asia Pacific Journal of Innovation and and L. Mackenzie, 2018. Addressing the DAO insider attack in
Entrepreneurship, vol. 11, no. 3, pp. 312–321, 2017. RPL’s Internet of Things networks. IEEE Communications
[144] A. P. Joshi, M. Han, and Y. Wang, “A survey on security and Letters, 23(1), pp.68-71.
privacy issues of Blockchain technology,” Mathematical [165] Q. Xing, B. Wang, and X. Wang, 2017, October. POSTER:
Foundations of Computing, vol. 1, no. 2, pp. 121–147, 2018. BGPCoin: A trustworthy blockchain-based resource management
[145] N. Kshetri, “Blockchain’s roles in strengthening cybersecurity and solution for BGP security. In Proceedings of the 2017 ACM
protecting privacy,” Telecommunications Policy, vol. 41, no. 10 pp. SIGSAC Conference on Computer and Communications
1027–1038, 2017. Security (pp. 2591-2593).
[146] S. Singh, I.H. Ra, W. Meng, M. Kaur, and G.H. Cho, “SH-BlockCC: [166] P. Swathi, C. Modi, and D. Patel, 2019, July. Preventing Sybil
A secure and efficient Internet of things smart home architecture Attack in Blockchain using Distributed Behavior Monitoring of
based on cloud computing and blockchain technology”, International Miners. In 2019 10th International Conference on Computing,
Journal of Distributed Sensor Networks, 15(4), pp. 1-18, 2019. Communication and Networking Technologies (ICCCNT) (pp. 1-6).
[147] M. Yang, T. Zhu, K. Liang, W. Zhou, and R.H. Deng, 2019. A IEEE.
blockchain-based location privacy-preserving crowdsensing system. [167] L. Er-Rajy, A. El Kiram My, M. El Ghazouani, and O. Achbarou,
Future Generation Computer Systems, 94, pp.408-418. 2017. Blockchain: Bitcoin wallet cryptography security, challenges
[148] T.T. Kuo, J. Kim, and R.A. Gabriel. Privacy-preserving model and countermeasures. Journal of Internet Banking and
learning on a blockchain network-of-networks. Journal of the Commerce, 22(3), pp.1-29.
American Medical Informatics Association, 27(3), pp.343-354. 2020. [168] Karame, G. and E. Androulaki. Bitcoin and blockchain security.
[149] K. Gai, Y. Wu, L. Zhu, M.Qiu, and M. Shen. "Privacy-preserving Artech House, 2016.
energy trading using consortium blockchain in smart grid." IEEE [169] N.Z. Aitzhan, and D. Svetinovic, 2016. Security and privacy in
Transactions on Industrial Informatics 15, no. 6 (2019): 3548-3558. decentralized energy trading through multi-signatures, blockchain
[150] Q.Ying, Y. Liu, X. Li, and J. Chen. "A Novel Location Privacy- and anonymous messaging streams. IEEE Transactions on
Preserving Approach Based on Blockchain." Sensors 20, no. 12 Dependable and Secure Computing, 15(5), pp.840-852.
(2020): 3519. [170] F. Idelberger, G. Governatori, R. Riveret, and G. Sartor, 2016, July.
[151] R. M. Parizi, A. Dehghantanha, K. R. Choo, and A. Singh, Evaluation of logic-based smart contracts for blockchain systems.
“Empirical vulnerability analysis of automated smart contracts In International symposium on rules and rule markup languages for
security testing on Blockchains,” Proc. of the 28th Annual the semantic web (pp. 167-183). Springer, Cham.
International Conference on Computer Science and Software [171] A. Kiayias, and G. Panagiotakos, 2015. Speed-Security Tradeoffs in
Engineering, pp. 103–113, 2018. Blockchain Protocols. IACR Cryptol. ePrint Arch., 2015, p.1019.
[152] N. Atzei, M. Bartoletti, and T. Cimoli, “A survey of attacks on [172] C. Cachin, 2017, September. Blockchains and consensus protocols:
ethereum smart contracts (sok),” Principles of Security and Trust, pp. Snake oil warning. In 2017 13th European Dependable Computing
164–186, 2017. Conference (EDCC) (pp. 1-2). IEEE.
[153] G. Destefanis, M. Marchesi, M. Ortu, R. Tonelli, A. Bracciali, and R. [173] K. Jae Tendermint: Consensus without Mining. URL.
Hierons, “Smart contracts vulnerabilities: a call for Blockchain https://tendermint.com/static/docs/tendermint.pdf retrieved on
software engineering?” International Workshop on Blockchain 08/07/2018, accessed on 2020.
Oriented Software Engineering, pp. 19–25, 2018. [174] W. Wang, H. Huang, L. Zhang, and C. Su. "Secure and efficient
[154] A. Dika, “Ethereum Smart Contracts: Security Vulnerabilities and mutual authentication protocol for smart grid under
Security Tools,” Master's Thesis, NTNU, pp.1–97, 201 blockchain." Peer-to-Peer Networking and Applications (2020): 1-
[155] L. Chenxin, L. Peilun, Z. Dong, Y. Zhe, W. Ming, Y. Guang, X. 13.
Wei, L. Fan and C. Y. Andrew. "A decentralized blockchain with [175] J. Song, Q. Zhong, W. Wang, C. Su, Z. Tan, and Y. Liu. "FPDP:
high throughput and fast confirmation." In 2020 {USENIX} Annual Flexible Privacy-preserving Data Publishing Scheme for Smart
Technical Conference ({USENIX}{ATC} 20), pp. 515-528. 2020. Agriculture." IEEE Sensors Journal (2020).
VOLUME XX, 2017 9
[176] L. Zhang, T. Huang, X. Hu, Z. Zhang, W. Wang, D. Guan, C. Zhao, Authors Biography
and S. Kim, 2020. A Distributed Covert Channel of the Packet
Ordering Enhancement Model Based on Data Compression. CMC- Saurabh Singh currently joined Assistant
COMPUTERS MATERIALS & CONTINUA, 64(3), pp.2013-2030. Professor at Dongguk University, Seoul, South
[177] L. Zhang, M. Peng, W. Wang, S. Cui and S. Kim, "Secure and Korea. Previously, he was a postdoc from Kunsan
efficient data storage and sharing scheme based on double National University in South Korea. He received a
blockchain," Computers, Materials & Continua, vol. 66, no.1, pp. Ph.D. degree from Chonbuk National University,
499–515, 2021. Jeonju, S.korea, carrying out his research in the
[178] S. More, J. Singla, S. Verma, Kavita, U. Ghosh, J. J. P. C. field of ubiquitous security. His research interests
Rodrigues, A. S. M. Sanwar Hosen, and I. H. Ra, “Security assured include blockchain technology, cloud computing
CNN-Based Model for Reconstruction of Medical Images on the and security, IoT, deep learning and cryptography.
Internet of Healthcare Things,” IEEE Access, vol. 8, pp. 126333- He has published many SCI/SCIE journals and
126346, 2020. conference papers and received the best paper award in KIPS and CUTE
[179] A. S. M. Sanwar Hosen, S. Singh, P. K. Sharma, U. Ghosh, J. Wang, conference 2016.
I. H. Ra, and G. H. Cho*, “Blockchain-based Transaction Validation
Protocol for a Secure Distributed IoT Network,” IEEE Access, vol.
8, pp. 117266-117277, 2020.
[180] A. S. M. Sanwar Hosen, S. Singh, M. S. Rahman, I. H. Ra, G. H. A. S. M. Sanwar Hosen received a Ph.D. degree
Cho and D. Puthal, “A QoS-aware data collection protocol for LLNs in Computer Science and Engineering from
in Fog-enabled IoT,” IEEE Transactions of Network and Service Jeonbuk National University (JBNU), Jeonju,
Management, 2019. South Korea. He worked as a postdoctoral
[181] A. S. M. Sanwar Hosen, S. Singh, V. Mariappan, M. Kaur, and G. researcher with the School of Computer,
H. Cho, “A secure and privacy preserving partial deterministic RWP Information and Communication Engineering at
model to reduce overlapping in IoT sensing environment,” IEEE Kunsan National University. He is currently
Access, vol. 7, pp. 39702-39716, 2019. working as a research assistant professor with the
[182] I. Batra, S. Verma, A. Malik, Kavita, U. Ghosh, J. J. P. C. Rodrigues, division at JBNU. He has published several
G. N. Nguyen, A. S. M. Sanwar Hosen*, and V. Mariappan*, articles in journals and international conferences,
“Hybrid Logical Security Framework for Privacy Preservation in the and serves as a reviewer of several reputed
Green Internet of Things,” Sustainability, Vol. 12, no. 14, pp. 1-15, journals. His research interests are in wireless sensor networks, internet of
2020. things, network security, data distribution services, fog-cloud computing,
artificial intelligence, blockchain, and green IT.
OVERVIEW REFERENCES
Byungun Yoon is a professor in Department of
[S1] A. Dorri, S. S. Kanhere, and R. Jurdak. "Blockchain in internet of Industrial & Systems Engineering of the
things: challenges and solutions." arXiv preprint Dongguk University and a senior member of
arXiv:1608.05187 (2016). IEEE society. His theme of study has involved
[S2] I. Lin, and T. Liao. "A survey of blockchain security issues and blockchain technology, patent analysis, new
challenges." IJ Network Security 19, no. 5 (2017): 653-659. technology development methodology, and
[S3] A. Reyna, C. Martín, J. Chen, E. Soler, and M. Díaz. "On blockchain visualization algorithms. His current interest is
and its integration with IoT. Challenges and opportunities." Future in enhancing technology road mapping, R&D
generation computer systems 88 (2018): 173-190. quality, and product designing with data mining
[S4] T. Salman, M. Zolanvari, A. Erbad, R. Jain, and M. Samaka. techniques.
"Security services using blockchains: A state of the art survey." IEEE
Communications Surveys & Tutorials 21, no. 1 (2018): 858-880.
[S5] P. Taylor, T. Dargahi, A. Dehghantanha, R. Parizi, and K. Choo. "A
systematic literature review of blockchain cyber security." Digital
Communications and Networks (2019).
[S6] M. Hassan, M. Rehmani, and J. Chen. "Privacy preservation in
blockchain based IoT systems: Integration issues, prospects,
challenges, and future research directions." Future Generation
Computer Systems 97 (2019): 512-529.
[S7] M. Ferrag, M. Derdour, M. Mukherjee, A. Derhab, L.Maglaras, and H.
Janicke. "Blockchain technologies for the internet of things: Research
issues and challenges." IEEE Internet of Things Journal 6, no. 2
(2019): 2188-2204.
[S8] E. De Aguiar, B. Faiçal, B. Krishnamachari, and J. Ueyama. "A
Survey of Blockchain-Based Strategies for Healthcare." ACM
Computing Surveys (CSUR) 53, no. 2 (2020): 1-27.
[S9] M. Saad, J. Spaulding, L. Njilla, C. Kamhoua, S.Shetty, D. Nyang,
and D. Mohaisen. "Exploring the Attack Surface of Blockchain: A
Comprehensive Survey." IEEE Communications Surveys &
Tutorials (2020).
VOLUME XX, 2017 9

Blockchain Security Attacks Challenges and Solutio

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Blockchain Security Attacks Challenges and Solutio

Uploaded by

Copyright:

Available Formats

This article has been accepted for publication in a future issue of this journal, but has not been

Blockchain Security Attacks, Challenges,

Corresponding author: postman3@dongguk.edu

INDEX TERMS Blockchain, Internet of Things, Threats and Attacks, Security

I. INTRODUCTION technology is at the center of many current developments in

VOLUME XX, 2017 1

research on security attacks, although a solution has been

VOLUME XX, 2017 1

VOLUME XX, 2017 1

VOLUME XX, 2017 1

2) Double Spending Attacks: This problem is generated

VOLUME XX, 2017 1

VOLUME XX, 2017 1

VOLUME XX, 2017 1

Call to the unknown Call to the unknown Ethereum Solidity [87]

Exception disorder Inconsistent in terms of exception Solidity [90]

Time stamp dependency Vulnerability favoring a malicious miner Blockchain [92]

VOLUME XX, 2017 1

Randomness bug Biasness behavior of malicious miner by Blockchain [93]

V. OTHER CHALLENGES  decision-making processes.

VOLUME XX, 2017 1

 common interoperability standards for different Summary and insights

VOLUME XX, 2017 1

VOLUME XX, 2017 1

authority can cause massive damage involving data leakage

VOLUME XX, 2017 1

Gai et al. [149] discussed the privacy concern caused by

VOLUME XX, 2017 1

Oyente Command line     …… ……

Mythril Command line  ……   ------ ……

VOLUME XX, 2017 1

authors have proposed a scheme by conducting experiments

VOLUME XX, 2017 9

VOLUME XX, 2017 9

blockchain with some real-world examples. Moreover, this

VOLUME XX, 2017 9

[20] C. Cachin, “Architecture of the hyperledger Blockchain fabric,”

VOLUME XX, 2017 9

VOLUME XX, 2017 9

VOLUME XX, 2017 9

VOLUME XX, 2017 9

VOLUME XX, 2017 9

You might also like