A journal of IEEE and CAA , publishes high-quality papers in English on original theoretical/experimental research and development in all areas of automation
Volume 10 Issue 8
Aug.  2023

IEEE/CAA Journal of Automatica Sinica

  • JCR Impact Factor: 11.8, Top 4% (SCI Q1)
    CiteScore: 23.5, Top 2% (Q1)
    Google Scholar h5-index: 77, TOP 5
Turn off MathJax
Article Contents
L. Duan, Y. Y. Sun, W. Ni, W. P. Ding, J. Q. Liu, and  W. Wang,  “Attacks against cross-chain systems and defense approaches: A contemporary survey,” IEEE/CAA J. Autom. Sinica, vol. 10, no. 8, pp. 1647–1667, Aug. 2023. doi: 10.1109/JAS.2023.123642
Citation: L. Duan, Y. Y. Sun, W. Ni, W. P. Ding, J. Q. Liu, and  W. Wang,  “Attacks against cross-chain systems and defense approaches: A contemporary survey,” IEEE/CAA J. Autom. Sinica, vol. 10, no. 8, pp. 1647–1667, Aug. 2023. doi: 10.1109/JAS.2023.123642

Attacks Against Cross-Chain Systems and Defense Approaches: A Contemporary Survey

doi: 10.1109/JAS.2023.123642
Funds:  This work was supported by the Beijing Natural Science Foundation (4212008), the National Natural Science Foundation of China (62272031), the Open Foundation of Information Security Evaluation Center of Civil Aviation, Civil Aviation University of China (ISECCA-202101), Guangxi Key Laboratory of Cryptography and Information Security (GCIS201915), and was supported in part by the National Natural Science Foundation of China (U21A20463, U22B2027)
More Information
  • The blockchain cross-chain is a significant technology for inter-chain interconnection and value transfer among different blockchain networks. Cross-chain overcomes the “information island” problem of the closed blockchain network and is increasingly applied to multiple critical areas such as finance and the internet of things (IoT). Blockchain can be divided into three main categories of blockchain networks: public blockchains, private blockchains, and consortium blockchains. However, there are differences in block structures, consensus mechanisms, and complex working mechanisms among heterogeneous blockchains. The fragility of the cross-chain system itself makes the cross-chain system face some potential security and privacy threats. This paper discusses security defects on the cross-chain implementation mechanism, and discusses the impact of the structural features of blockchain networks on cross-chain security. In terms of cross-chain intercommunication, a cross-chain attack can be divided into a multi-chain combination attack, native chain attack, and inter-chain attack diffusion. Then various security threats and attack paths faced by the cross-chain system are analyzed. At last, the corresponding security defense methods of cross-chain security threats and future research directions for cross-chain applications are put forward.

     

  • loading
  • [1]
    Y. Yuan and F.-Y. Wang, “Blockchain and cryptocurrencies: Model, techniques, and applications,” IEEE Trans. Syst. Man Cybern. Syst., vol. 48, no. 9, pp. 1421–1428, Sept. 2018. doi: 10.1109/TSMC.2018.2854904
    [2]
    S. S. Shao, F. Chen, X. Y. Xiao, W. H. Gu, Y. C. Lu, S. Wang, W. Tang, S. D. Liu, F. Wu, J. He, Y. M. Ji, K. X. Zhang, and F. Mei, “IBE-BCIOT: An IBE based cross-chain communication mechanism of blockchain in IoT,” World Wide Web, vol. 24, no. 5, pp. 1665–1690, Sept. 2021. doi: 10.1007/s11280-021-00864-9
    [3]
    K. Y. Cao, Y. F. Liu, G. J. Meng, and Q. M. Sun, “An overview on edge computing research,” IEEE Access, vol. 8, pp. 85714–85728, Jan. 2020. doi: 10.1109/ACCESS.2020.2991734
    [4]
    Z. S. Li, W. H. Zhang, H. Y. Qin, and H. Zhou, “Charitable donation system based on blockchain technology,” in Proc. 1st Int. Conf. Control and Intelligent Robotics, Guangzhou, China, 2021, pp. 92–96.
    [5]
    “Bitcoin,” 2023. [Online]. Available: http://bitcoin.org.
    [6]
    “Ethereum,” 2023. [Online]. Available: http://ethereum.org.
    [7]
    J. P. Morgan, “Quorum whitepaper,” New York: JP Morgan Chase, 2016. [Online]. Available: https://github.com/jpmorganchase/quorum/blob/master/docs/QuorumWhitepaperv0.2.pdf.
    [8]
    “JPMorgan chase,” 2023. [Online]. Available: https://www.>jpmorgan.com/global.
    [9]
    “Corda,” 2023. [Online]. Available: https://github.com/corda/corda.
    [10]
    “Hyperledger fabric,” 2023. [Online]. Available: https://www.hyperledger.org/use/fabric.
    [11]
    B. C. Ghosh, T. Bhartia, S. K. Addya, and S. Chakraborty, “Leveraging public-private blockchain interoperability for closed consortium interfacing,” in Proc. IEEE Conf. Computer Communications, Vancouver, Canada, 2021, pp. 1–10.
    [12]
    B. Relay, “Frequently asked questions—BTC relay 1.0 documentation,” 2016. [Online]. Available: https://buildmedia.readthedocs.org/media/pdf/btc-relay/latest/btc-relay.pdf.
    [13]
    S. Häfner, “Research update: The case for candle auctions,” 2021. [Online]. Available: https://polkadot.network/blog/research-update-the-case-for-candle-auctions/.
    [14]
    A. Chang, N. El-Rayes, and J. Shi, “Blockchain technology for supply chain management: A comprehensive review,” FinTech, vol. 1, no. 2, pp. 191–205, Jun. 2022. doi: 10.3390/fintech1020015
    [15]
    V. Buterin, “Chain interoperability,” 2016. [Online]. Available: https://allquantor.at/blockchainbib/pdf/buterin2016chain.pdf.
    [16]
    H. Y. He, Z. Luo, Q. Wang, M. X. Chen, H. Q. He, L. J. Gao, and H. X. Zhang, “Joint operation mechanism of distributed photovoltaic power generation market and carbon market based on cross-chain trading technology,” IEEE Access, vol. 8, pp. 66116–66130, Apr. 2020. doi: 10.1109/ACCESS.2020.2985577
    [17]
    K. E. Wegrzyn and E. Wang, “Types of blockchain: Public, private, or something in between,” Foley & Lardner, 2021.
    [18]
    R. Belchior, A. Vasconcelos, M. Correia, and T. Hardjono, “HERMES: Fault-tolerant middleware for blockchain interoperability,” Future Gener. Comput. Syst., vol. 129, pp. 236–251, Apr. 2022. doi: 10.1016/j.future.2021.11.004
    [19]
    H. K. Wang, D. He, X. Y. Wang, C. C. Xu, W. W. Qiu, Y. Y. Yao, and Q. Wang, “An electricity cross-chain platform based on sidechain relay,” J. Phys. Conf. Ser., vol. 1631, p. 012189, Jul. 2020. doi: 10.1088/1742-6596/1631/1/012189
    [20]
    Z. Lv, D. Wu, W. Yang, and L. Duan, “Attack and protection schemes on fabric isomorphic crosschain systems,” Int. J. Distrib. Sens. Netw., vol. 18, no. 1, p. 15501477211059945, Jan. 2022.
    [21]
    H. Halpin, “Holistic privacy and usability of a cryptocurrency wallet,” arXiv preprint arXiv: 2105.02793, 2021.
    [22]
    TokenPost, “Stablecoin $TSD comes under attack with 11.8B coins minted and sold by hacker,” 2021. [Online]. Available: https://tokenpost.com/Stablecoin-TSD-Comes-Under-Attack-With-118B-Coins-Minted-And-Sold-By-Hacker-7404.
    [23]
    J. Redman, “Hacker siphons $80 million from Qubit cross-chain bridge, largest Defi exploit of 2022 to date,” 2022. [Online]. Available: https://news.bitcoin.com/hacker-siphons-80-million-from-qubit-cross-chain-bridge-largest-defi-exploit-of-2022-to-date/.
    [24]
    F. Carapella, E. Dumas, J. Gerszten, N. Swem, and L. Wall, “Decentralized finance (DeFi): Transformative potential & associated risks,” Board of Governors of the Federal Reserve System, Washington, USA, 2022.
    [25]
    O. Alam, “Understanding the economies of blockchain games: An empirical analysis of Axie infinity,” 2022. [Online]. Available: https://pub.tik.ee.ethz.ch/students/2022-FS/BA-2022-08.pdf.
    [26]
    V. Kustov, G. Aleksey, B. Nikolay, S. Ekaterina, and R. V. Ravi, “Three sources of blockchain technology vulnerabilities-how to deal with them?” in Proc. 2nd Int. Conf. Computer Science, Engineering and Applications, Gunupur, India, 2022, pp. 1–8.
    [27]
    J. Scharfman, “Decentralized finance (DeFi) fraud and hacks: Part 2,” in The Cryptocurrency and Digital Asset Fraud Casebook, J. Scharfman, Ed. Cham, Germany: Palgrave Macmillan, 2023, pp. 97–110.
    [28]
    M. Borkowski, D. McDonald, C. Ritzer, and S. Schulte, “Towards atomic cross-chain token transfers: State of the art and open questions within TAST,” Distributed Systems Group TU Wien (Technische Universit at Wien), 2018.
    [29]
    I. A. Qasse, M. Abu Talib, and Q. Nasir, “Inter blockchain communication: A survey,” in Proc. 6th Annu. Int. Conf. Research Track, Rabat, Morocco, 2019, pp. 2.
    [30]
    V. A. Siris, P. Nikander, S. Voulgaris, N. Fotiou, D. Lagutin, and G. C. Polyzos, “Interledger approaches,” IEEE Access, vol. 7, pp. 89948–89966, Jul. 2019. doi: 10.1109/ACCESS.2019.2926880
    [31]
    A. T. Lu, K. Zhao, J. Y. Yang, and F. Wang, “Research on cross-chain technology of Blockchain,” Netinfo Secur., vol. 19, no. 8, pp. 83–90, Aug. 2019.
    [32]
    F. Li, Z.-R. Li, and H. Zhao, “Research on the progress in cross-chain technology of blockchains,” J. Software, vol. 30, no. 6, pp. 1649–1660, Jun. 2019.
    [33]
    G. Z. Sun, J. T. Wang, and Y. Gu, “Security threat analysis of blockchain technology,” J. Nanjing Univ. Posts Telecommun. (Nat. Sci. Ed.), vol. 39, no. 5, pp. 48–62, Oct. 2019.
    [34]
    S. He, X. N. Huang, and X. L. Chen, “The research summary of the development and application of blockchain cross-chain technology,” J. Xihua Univ. (Nat. Sci. Ed.), vol. 40, no. 3, pp. 1–14, May 2021.
    [35]
    S. F. Lin, Y. H. Kong, and S. T. Nie, “Overview of block chain cross chain technology,” in Proc. 13th Int. Conf. Measuring Technology and Mechatronics Automation, Beihai, China, 2021, pp. 357–360.
    [36]
    Z. Y. Xu, and X. Zhou, “Survey on crosschain technology,” Appl. Res. Comput., vol. 38, no. 2, pp. 341–346, Feb. 2021.
    [37]
    Z. Guo, S. Y. Guo, S. L. Zhang, L. Y. Song, and H. Wang, “Analysis of cross-chain technology of blockchain,” Chin. J. Internet Things, vol. 4, no. 2, pp. 35–48, Jun. 2020.
    [38]
    B. Meng, Y. B. Wang, C. Zhao, D. J. Wang, and B. H. Ma, “Survey on cross-chain protocols of blockchain,” J. Front. Comput. Sci. Technol., vol. 16, no. 10, pp. 2177–2192, Oct. 2022.
    [39]
    H. Y. Mao, T. Z. Nie, H. Sun, D. R. Shen, and G. Yu, “A survey on cross-chain technology: Challenges, development, and prospect,” IEEE Access, vol. 11, pp. 45527–45546, Dec. 2023. doi: 10.1109/ACCESS.2022.3228535
    [40]
    J. H. Wang, J. R. Cheng, Y. M. Yuan, H. Li, and V. S. Sheng, “A survey on privacy protection of cross-chain,” in Proc. 8th Int. Conf. Artificial Intelligence and Security, Qinghai, China, 2022, pp. 283–296.
    [41]
    W. Ou, S. Y. Huang, J. J. Zheng, Q. L. Zhang, G. Zeng, and W. B. Han, “An overview on cross-chain: Mechanism, platforms, challenges and advances,” Comput. Netw., vol. 218, p. 109378, Dec. 2022. doi: 10.1016/j.comnet.2022.109378
    [42]
    C. Zhong, Z. H. Liang, Y. X. Huang, F. Xiong, M. M. Qin, and Z. C. Guo, “Research on cross-chain technology of blockchain: Challenges and prospects,” in Proc. 2nd Int. Conf. Power, Electronics and Computer Applications, Shenyang, China, 2022, pp. 422–428.
    [43]
    H. Sun, H.-Y. Mao, Y.-F. Zhang, G. Yu, S.-C. Xu, and G.-Y. He, “Development and application of blockchain cross-chain technology,” Comput. Sci., vol. 49, no. 5, pp. 287–295, May 2022.
    [44]
    W. Wang, J. J. Song, G. Q. Xu, Y. D. Li, H. Wang, and C. H. Su, “ContractWard: Automated vulnerability detection models for Ethereum smart contracts,” IEEE Trans. Netw. Sci. Eng., vol. 8, no. 2, pp. 1133–1144, Apr.–Jun. 2021. doi: 10.1109/TNSE.2020.2968505
    [45]
    S. Gupta and S. Ghanavati, “Privacy in the internet of things: Where do we stand? A systematic literature review,” TechRxiv, 2022.
    [46]
    T. A. Syed, A. Alzahrani, S. Jan, M. S. Siddiqui, A. Nadeem, and T. Alghamdi, “A comparative analysis of blockchain architecture and its applications: Problems and recommendations,” IEEE Access, vol. 7, pp. 176838–176869, Dec. 2019. doi: 10.1109/ACCESS.2019.2957660
    [47]
    R. Beck, “Beyond bitcoin: The rise of blockchain world,” Computer, vol. 51, no. 2, pp. 54–58, Feb. 2018. doi: 10.1109/MC.2018.1451660
    [48]
    P. Sharma, M. D. Borah, and S. Namasudra, “Improving security of medical big data by using blockchain technology,” Comput. Electr. Eng., vol. 96, p. 107529, Dec. 2021. doi: 10.1016/j.compeleceng.2021.107529
    [49]
    L. Duan, Y. Y. Sun, K. J. Zhang, and Y. Ding, “Multiple-Layer security threats on the Ethereum blockchain and their countermeasures,” Secur. Commun. Netw., vol. 2022, p. 5307697, Feb. 2022.
    [50]
    S. Shamsi, M. M. Haque, S. Kumar, J. Ahmed, and M. S. Badar, “Blockchain: Concept and emergence,” in Blockchain Applications for Secure IoT Frameworks: Technologies Shaping the Future, S. K. Sharma, B. Bhushan, P. N. Astya, and N. C. Debnath, Eds. Bentham Science, 2021, pp. 85–107.
    [51]
    S. Sayeed and H. Marco-Gisbert, “Assessing blockchain consensus and security mechanisms against the 51% attack,” Appl. Sci., vol. 9, no. 9, p. 1788, Apr. 2019. doi: 10.3390/app9091788
    [52]
    G. Yang, K. Lee, K. Lee, Y. Yoo, H. Lee, and C. Yoo, “Resource analysis of blockchain consensus algorithms in hyperledger fabric,” IEEE Access, vol. 10, pp. 74902–74920, Jul. 2022. doi: 10.1109/ACCESS.2022.3190979
    [53]
    T. D. Nguyen, L. H. Pham, and J. Sun, “SGUARD: Towards fixing vulnerable smart contracts automatically,” in Proc. IEEE Symp. Security and Privacy, San Francisco, USA, 2021, pp. 1215–1229.
    [54]
    L. Ismail and H. Materwala, “A review of blockchain architecture and consensus protocols: Use cases, challenges, and solutions,” Symmetry, vol. 11, no. 10, p. 1198, Sept. 2019. doi: 10.3390/sym11101198
    [55]
    N. Kannengießer, M. Pfister, M. Greulich, S. Lins, and A. Sunyaev, “Bridges between islands: Cross-chain technology for distributed ledger technology,” in Proc. 53rd Hawaii Int. Conf. System Sciences, Maui, USA, 2020, pp. 1–10.
    [56]
    “Wanchain,” 2023. [Online]. Available: https://www.wanchain.org/.
    [57]
    B. R. Dai, S. M. Jiang, M. L. Zhu, M. Lu, D. W. Li, and C. Li, “Research and implementation of cross-chain transaction model based on improved hash-locking,” in Proc. 2nd Int. Conf. Blockchain and Trustworthy Systems, Dali, China, 2020, pp. 218–230.
    [58]
    J. Davies, “Web-Based XCAT tool for easy ZEC/BTC atomic trading,” 2017. [Online]. Available: https://github.com/ZcashFoundation/GrantProposals-2017Q4/files/1363993/29.pdf.
    [59]
    J. Burdges, A. Cevallos, P. Czaban, R. Habermeier, S. Hosseini, F. Lama, H. K. Alper, X. M. Luo, F. Shirazi, A. Stewart, and G. Wood, “Overview of Polkadot and its design considerations,” arXiv preprint arXiv: 2005.13456, 2020.
    [60]
    J. Kwon and E. Buchman, “Cosmos whitepaper,” 2021. [Online]. Available: https://cosmos.network/resources/whitepaper.
    [61]
    S. J. Ye, X. Y. Wang, C. C. Xu, and J. L. Sun, “BitXHub: Side-relay Chain based heterogeneous blockchain interoperable platform,” Comput. Sci., vol. 47, no. 6, pp. 294–302, Jun. 2020.
    [62]
    “BTC-Relay,” 2023. [Online]. Available: http://btcrelay.org/.
    [63]
    O. Farràs, C. Padró, C. P. Xing, and A. Yang, “Natural generalizations of threshold secret sharing,” IEEE Trans. Inf. Theory, vol. 60, no. 3, pp. 1652–1664, Mar. 2014. doi: 10.1109/TIT.2014.2300113
    [64]
    L. P. Deng, H. Chen, J. Zeng, and L.-J. Zhang, “Research on cross-chain technology based on sidechain and hash-locking,” in Proc. 2nd Int. Conf. Edge Computing, Seattle, USA, 2018, pp. 144–151.
    [65]
    D. W. Li, J. W. Liu, Z. X. Tang, Q. H. Wu, and Z. Y. Guan, “AgentChain: A decentralized cross-chain exchange system,” in Proc. 18th IEEE Int. Conf. Trust, Security and Privacy in Computing and Communications/13th IEEE Int. Conf. Big Data Science and Engineering, Rotorua, New Zealand, 2019, pp. 491–498.
    [66]
    S. Thomas and E. Schwartz, “A protocol for interledger payments,” 2015. [Online]. Available: https://interledger.org/interledger.pdf.
    [67]
    J. Poon and T. Dryja, “The Bitcoin lightning network: Scalable off-chain instant payments,” 2016. [Online]. Available: https://lightning.network/lightning-network-paper.pdf.
    [68]
    G. Wood, “Polkadot: Vision for a heterogeneous multi-Chain framework,” 2017. [Online]. Available: https://assets.polkadot.network/Polkadot-whitepaper.pdf.
    [69]
    J. Kwon and E. Buchman, “Cosmos: A network of distributed ledgers,” 2016. [Online]. Available: https://cosmos.network/whitepaper.
    [70]
    Jimmyshi and Shareong, “WeCross: A collaboration platform of crosschain,” 2023. [Online]. Available: https://github.com/WeBankBlockchain/WeCross.
    [71]
    T. Blummer, S. Bohan, M. Bowman, C. Cachin, N. Gaski, N. George, G. Graham, D. Hardman, R. Jagadeesan, T. Keith, R. Khasanshyn, M. Krishna, T. Kuhrt, A. Le Hors, J. Levi, S. Liberman, E. Mendez, D. Middleton, H. Montgomery, D. O’Prey, D. Reed, S. Teis, D. Voell, G. Wallace, and B. H. Yang, “An introduction to hyperledger,” Hyperledger Organization, San Francisco, USA, 2018.
    [72]
    J. Robert, S. Kubler, and S. Ghatpande, “Enhanced Lightning network (off-chain)-based micropayment in IoT ecosystems,” Future Gener. Comput. Syst., vol. 112, pp. 283–296, Nov. 2020. doi: 10.1016/j.future.2020.05.033
    [73]
    M. Nissl, E. Sallinger, S. Schulte, and M. Borkowski, “Towards cross-blockchain smart contracts,” in Proc. IEEE Int. Conf. Decentralized Applications and Infrastructures, UK, 2021, pp. 85–94.
    [74]
    WeCross, “WeCross whitepaper,” 2019. [Online]. Available: https://wecross.readthedocs.io/zh_CN/latest/.
    [75]
    C. C. Xu, X. Y. Wang, L. W. Xia, Y. X. Tao, and Y. Yan, “BitXHub whitepaper,” 2019. [Online]. Available: https://upload.hyperchain.cn/BitXHub%20Whitepaper.pdf.
    [76]
    B. Wang, X. H. Yuan, L. Duan, H. L. Ma, C. H. Su, and W. Wang, “DeFiScanner: Spotting DeFi attacks exploiting logic vulnerabilities on blockchain,” IEEE Trans. Comput. Soc. Syst., 2022. DOI: 10.1109/TCSS.2022.3228122
    [77]
    P. S. Yu, R. X. Gong, and M. Sampat, “Blockchain technology in China’s digital economy: Balancing regulation and innovation,” in Regulatory Aspects of Artificial Intelligence on Blockchain, P. M. Tehrani, Ed. IGI Global, 2022, pp. 132–157.
    [78]
    G. Malavolta, P. Moreno-Sanchez, C. Schneidewind, A. Kate, and M. Maffei, “Anonymous multi-hop locks for blockchain scalability and interoperability,” Cryptology ePrint Archive,San Diego,USA,Rep., vol. 2018/472, 2019.
    [79]
    M. A. A. Careem and A. Dutta, “Reputation based routing in MANET using blockchain,” in Proc. Int. Conf. Communication Systems & NETworkS, Bengaluru, India, 2020, pp. 1–6.
    [80]
    J. H. Mosakheil, “Security threats classification in blockchains,” 2018. [Online]. Available: https://repository.stcloudstate.edu/cgi/viewcontent.cgi?article=1093&context=msia_etds.
    [81]
    X. Y. Wang, Y. L. Yin, and H. B. Yu, “Finding collisions in the full SHA-1,” in Proc. 25th Annu. Int. Cryptology Conf. Advances in Cryptology, Santa Barbara, USA, 2005, pp. 17–36.
    [82]
    S. Hashemi and M. Zarei, “Internet of things backdoors: Resource management issues, security challenges, and detection methods,” Trans. Emerg. Telecommun. Technol., vol. 32, no. 2, p. e4142, Feb. 2021.
    [83]
    Pangu Laboratory, “Top-tier backdoor of US NSA equation group,” 2017. [Online]. Available: https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf.
    [84]
    B. Rodenburg and S. P. Pappas, “Blockchain and quantum computing,” The MITRE Corporation, Princeton, USA, Rep. 25SPI050-12, 2017.
    [85]
    D. P. Nadlinger, P. Drmota, B. C. Nichol, G. Araneda, D. Main, R. Srinivas, D. M. Lucas, C. J. Ballance, K. Ivanov, E. Y.-Z. Tan, P. Sekatski, R. L. Urbanke, R. Renner, N. Sangouard, and J.-D. Bancal, “Experimental quantum key distribution certified by Bell’s theorem,” Nature, vol. 607, no. 7920, pp. 682–686, Jul. 2022. doi: 10.1038/s41586-022-04941-5
    [86]
    A. Ghosh, S. Gupta, A. Dua, and N. Kumar, “Security of Cryptocurrencies in blockchain technology: State-of-art, challenges and future prospects,” J. Netw. Comput. Appl., vol. 163, p. 102635, Aug. 2020. doi: 10.1016/j.jnca.2020.102635
    [87]
    H. Y. Wang, X. P. Wang, and Y. Guo, “Characterizing the global mobile app developers: A large-scale empirical study,” in Proc. 6th Int. Conf. Mobile Software Engineering and Systems, Montreal, Canada, 2019, pp. 150–161.
    [88]
    J. Moubarak, E. Filiol, and M. Chamoun, “On blockchain security and relevant attacks,” in Proc. IEEE Middle East and North Africa Communications Conf., Jounieh, Lebanon, 2018, pp. 1–6.
    [89]
    Y. Marcus, E. Heilman, and S. Goldberg, “Low-resource eclipse attacks on Ethereum's peer-to-peer network,” IACR Cryptology, 2018.
    [90]
    M. Saad, J. Spaulding, L. Njilla, C. Kamhoua, S. Shetty, D. Nyang, and D. Mohaisen, “Exploring the attack surface of blockchain: A comprehensive survey,” IEEE Commun. Surv. Tutorials, vol. 22, no. 3, pp. 1977–2008, Jul.-Aug.-Sep. 2020. doi: 10.1109/COMST.2020.2975999
    [91]
    S. M. Chu and S. Wang, “The curses of blockchain decentralization,” arXiv preprint arXiv: 1810.02937, 2018.
    [92]
    J. R. Douceur, “The Sybil attack,” in Proc. 1st Int. Workshop on Peer-to-Peer Systems, Cambridge, USA, 2002, pp. 251–260.
    [93]
    M. Garriga, M. Arias, and A. De Renzis, “Blockchain and cryptocurrency: A comparative framework of the main architectural drivers,” arXiv preprint arXiv: 1812.08806, 2018.
    [94]
    E. M. Lai and W. J. Luo, “Static analysis of integer overflow of smart contracts in Ethereum,” in Proc. 4th Int. Conf. Cryptography, Security and Privacy, Nanjing, China, 2020, pp. 110–115.
    [95]
    Apache Httpd Team, “Vulnerability details: CVE-2021-44790,” 2021. [Online]. Available: https://www.cvedetails.com/cve/CVE-2021-44790/.
    [96]
    Y. Chinen, N. Yanai, J. P. Cruz, and S. Okamura, “RA: Hunting for re-entrancy attacks in Ethereum smart contracts via static analysis,” in Proc. IEEE Int. Conf. Blockchain, Rhodes, Greece, 2020, pp. 327–336.
    [97]
    X. Q. Li, P. Jiang, T. Chen, X. P. Luo, and Q. Y. Wen, “A survey on the security of blockchain systems,” Future Gener. Comput. Syst., vol. 107, pp. 841–853, Jun. 2020. doi: 10.1016/j.future.2017.08.020
    [98]
    W. L. Chen, X. F. Guo, Z. G. Chen, Z. B. Zheng, Y. T. Lu, and Y. Li, “Honeypot contract risk warning on Ethereum smart contracts,” in Proc. IEEE Int. Conf. Joint Cloud Computing, Oxford, UK, 2020, pp. 1–8.
    [99]
    M. Vladimirov and D. Khovratovich, “ERC20 API: An attack vector on the Approve/TransferFrom methods,” 2018. [Online]. Available: https://docs.google.com/document/d/1YLPtQxZu1UAvO9cZ1O2RPXBbT0mooh4DYKjA_jp-RLM/edit#heading=h.m9fhqynw2xvt.
    [100]
    “Doingblock/smart-contract-security,” 2019. [Online]. Available: https://github.com/doingblock/smart-contract-security.
    [101]
    S. W. Wu, L. Wu, Y. J. Zhou, R. H. Li, Z. Wang, X. P. Luo, C. Wang, and K. Ren, “Time-travel investigation: Toward building a scalable attack detection framework on Ethereum,” ACM Trans. Software Eng. Methodol., vol. 31, no. 3, p. 54, Jul. 2022.
    [102]
    S. F. Zhou, Z. M. Yang, J. Xiang, Y. Z. Cao, M. Yang, and Y. Zhang, “An ever-evolving game: Evaluation of real-world attacks and defenses in Ethereum ecosystem,” in Proc. 29th USENIX Conf. Security Symp., 2020, pp. 157.
    [103]
    F. Fleischer, M. Busch, and P. Kuhrt, “Memory corruption attacks within android TEEs: A case study based on OP-TEE,” in Proc. 15th Int. Conf. Availability, Reliability and Security, Ireland, 2020, pp. 53.
    [104]
    K. Reynolds and D. Pan, “Cover protocol attack perpetrated by `White Hat, ' funds returned, hacker claims,” 2020. [Online]. Available: https://www.coindesk.com/markets/2020/12/28/cover-protocol-attack-perpetrated-by-white-hat-funds-returned-hacker-claims/.
    [105]
    [106]
    J. S. Zhang, J. B. Gao, Y. Li, Z. M. Chen, Z. Guan, and Z. Chen, “Xscope: Hunting for cross-chain bridge attacks,” in Proc. 37th IEEE/ACM Int. Conf. Automated Software Engineering, Rochester, USA, 2022, pp. 171.
    [107]
    P. C. Zhang, F. Xiao, and X. P. Luo, “A framework and dataset for bugs in Ethereum smart contracts,” in Proc. IEEE Int. Conf. Software Maintenance and Evolution, Adelaide, Australia, 2020, pp. 139–150.
    [108]
    G. Kaur and C. Gandhi, “Scalability in blockchain: Challenges and solutions,” in Handbook of Research on Blockchain Technology, S. Krishnan, V. E. Balas, E. G. Julie, Y. H. Robinson, S. Balaji, and R. Kumar, Eds. Orlando, USA: Academic Press, 2020, pp. 373–406.
    [109]
    S. Suhail, R. Hussain, R. Jurdak, A. Oracevic, K. Salah, C. S. Hong, and R. Matulevičius, “Blockchain-based digital twins: Research trends, issues, and future challenges,” ACM Comput. Surv., vol. 54, no. 11s, p. 240, Jan. 2022.
    [110]
    C. K. Wee, X. J. Zhou, R. Gururajan, X. H. Tao, and N. Wee, “Adaptive fault resolution for database replication systems,” in Proc. 17th Int. Conf. Advanced Data Mining and Applications, Sydney, Australia, 2022, pp. 368–381.
    [111]
    G. Yu, T. Z. Nie, X. H. Li, Y. F. Zhang, D. R. Shen, and Y. B. Bao, “The challenge and prospect of distributed data management techniques in blockchain systems,” Chin. J. Comput., vol. 44, no. 1, pp. 28–53, Jan. 2021.
    [112]
    M. T. Wu and Y. B. Moon, “Intrusion detection of cyber-physical attacks in manufacturing systems: A review,” in Proc. ASME Int. Mechanical Engineering Congr. and Expo., Salt Lake City, USA, 2019.
    [113]
    K. Wei, S. D. Qing, Q. Zhang, B. X. Yang, Y. H. Zhang, S. Yan, J. Bai, X. Yang, Y. Guo, S. J. Jiang, S. Bao, and K. Wang, “Blockchain security white paper,” 2018. [Online]. Available: http://www.caict.ac.cn/kxyj/qwfb/bps/201901/P020190111354077196849.pdf.
    [114]
    J. H. Xu and N. Vadgama, “From banks to DeFi: The evolution of the lending market,” in Enabling the Internet of Value: How Blockchain Connects Global Businesses, N. Vadgama, J. H. Xu, and P. Tasca, Eds. Cham, Germany: Springer, 2022, pp. 53–66.
    [115]
    S. Rizvi, R. J. Orr, A. Cox, P. Ashokkumar, and M. R. Rizvi, “Identifying the attack surface for IoT network,” Internet Things, vol. 9, p. 100162, Mar. 2020. doi: 10.1016/j.iot.2020.100162
    [116]
    H. Qureshi, “A hacker stole $31m of ether -- how it happened, and what it means for Ethereum,” 2017. [Online]. Available: https://www.freecodecamp.org/news/a-hacker-stole-31m-of-ether-how-it-happened-and-what-it-means-for-ethereum-9e5dc29e33ce/.
    [117]
    W. Sun, L. Wang, P. Wang, and Y. Zhang, “Collaborative blockchain for space-air-ground integrated networks,” IEEE Wirel. Commun., vol. 27, no. 6, pp. 82–89, Dec. 2020. doi: 10.1109/MWC.001.2000134
    [118]
    H. Y. Tian, K. P. Xue, X. Y. Luo, S. H. Li, J. Xu, J. Q. Liu, J. Zhao, and D. S. L. Wei, “Enabling cross-chain transactions: A decentralized cryptocurrency exchange protocol,” IEEE Trans. Inf. Forens. Secur., vol. 16, pp. 3928–3941, Jul. 2021. doi: 10.1109/TIFS.2021.3096124
    [119]
    A. Chepurnoy and A. Saxena, “Multi-stage contracts in the UTXO model,” in Proc. Int. Workshops on Data Privacy Management, Cryptocurrencies and Blockchain Technology, Luxembourg, 2019, pp. 244–254.
    [120]
    S. Bhujel and Y. Rahulamathavan, “A survey: Security, transparency, and scalability issues of NFT’s and its marketplaces,” Sensors, vol. 22, no. 22, p. 8833, 2022. doi: 10.3390/s22228833
    [121]
    Y. J. Xue and M. Herlihy, “Hedging against sore loser attacks in cross-chain transactions,” in Proc. ACM Symp. Principles of Distributed Computing, Italy, 2021, pp. 155–164.
    [122]
    K. Kohler, “One, two, or two hundred Internets? The politics of future internet architectures,” CSS, Zürich, 2022.
    [123]
    A. Sonnino, S. Bano, M. Al-Bassam, and G. Danezis, “Replay attacks and defenses against cross-shard consensus in sharded distributed ledgers,” in Proc. IEEE European Symp. Security and Privacy, Genoa, Italy, 2020, pp. 294–308.
    [124]
    L. Kiffer, D. Levin, and A. Mislove, “Stick a fork in it: Analyzing the Ethereum network partition,” in Proc. 16th ACM Workshop on Hot Topics in Networks, Palo Alto, USA, 2017, pp. 94–100.
    [125]
    P. Y. Zhang and M. C. Zhou, “Security and trust in blockchains: Architecture, key technologies, and open issues,” IEEE Trans. Comput. Soc. Syst., vol. 7, no. 3, pp. 790–801, Jun. 2020. doi: 10.1109/TCSS.2020.2990103
    [126]
    J. W. Leng, M. Zhou, J. L. Zhao, Y. F. Huang, and Y. Y. Bian, “Blockchain security: A survey of techniques and research directions,” IEEE Trans. Serv. Comput., vol. 15, no. 4, pp. 2490–2510, Jul.–Aug. 2022. doi: 10.1109/TSC.2020.3038641
    [127]
    H. S. Chen, M. Pendleton, L. Njilla, and S. H. Xu, “A survey on Ethereum systems security: Vulnerabilities, attacks, and defenses,” ACM Comput. Surv., vol. 53, no. 3, p. 67, May 2021.
    [128]
    M. Wohrer and U. Zdun, “Smart contracts: Security patterns in the Ethereum ecosystem and solidity,” in Proc. Int. Workshop on Blockchain Oriented Software Engineering, Campobasso, Italy, 2018, pp. 2–8.
    [129]
    F. Q. Wang, Y. J. Chen, R. C. Wang, A. O. Francis, B. Emmanuel, W. Zheng, and J. J. Chen, “An experimental investigation into the hash functions used in blockchains,” IEEE Trans. Eng. Manage., vol. 67, no. 4, pp. 1404–1424, Nov. 2020.
    [130]
    A. V. Markelova, “Embedding asymmetric backdoors into the RSA key generator,” J. Comput. Virol. Hack. Tech., vol. 17, no. 1, pp. 37–46, Mar. 2021. doi: 10.1007/s11416-020-00363-x
    [131]
    R. M. Marzan and A. M. Sison, “An enhanced key security of playfair cipher algorithm,” in Proc. 8th Int. Conf. Software and Computer Applications, Penang, Malaysia, 2019, pp. 457–461.
    [132]
    A. Bhardwaj, V. Mangat, R. Vig, S. Halder, and M. Conti, “Distributed denial of service attacks in cloud: State-of-the-art of scientific and commercial solutions,” Comput. Sci. Rev., vol. 39, p. 100332, 2021. doi: 10.1016/j.cosrev.2020.100332
    [133]
    N. Grech, M. Kong, A. Jurisevic, L. Brent, B. Scholz, and Y. Smaragdakis, “MadMax: Analyzing the out-of-gas world of smart contracts,” Commun. ACM, vol. 63, no. 10, pp. 87–95, Oct. 2020. doi: 10.1145/3416262
    [134]
    U. K. Singh, C. Joshi, and D. Kanellopoulos, “A framework for zero-day vulnerabilities detection and prioritization,” J. Inf. Secur. Appl., vol. 46, pp. 164–172, Jun. 2019.
    [135]
    W. B. Wang, D. T. Hoang, P. Z. Hu, Z. H. Xiong, D. Niyato, P. Wang, Y. G. Wen, and D. I. Kim, “A survey on consensus mechanisms and mining strategy management in blockchain networks,” IEEE Access, vol. 7, pp. 22328–22370, Jan. 2019. doi: 10.1109/ACCESS.2019.2896108
    [136]
    N. Atzei, M. Bartoletti, and T. Cimoli, “A survey of attacks on Ethereum smart contracts (SoK),” in Proc. 6th Int. Conf. Principles of Security and Trust, Uppsala, Sweden, 2017, pp. 164–186.
    [137]
    Y. O. Zhao, “Optimizing hash strategy to avoid birthday attack,” J. Phys. Conf. Ser., vol. 1486, no. 3, p. 032004, Apr. 2020. doi: 10.1088/1742-6596/1486/3/032004
    [138]
    L. D. Chen, S. P. Jordan, Y.-K. Liu, Liu, D. Moody, R. C. Peralta, R. A. Perlner, and D. C. Smith-To, “Report on post-quantum cryptography,” National Institute of Standards and Technology, Gaithersburg, USA, 2016.
    [139]
    E. Albert, J. Correas, P. Gordillo, G. Román-Díez, and A. Rubio, “GASOL: Gas analysis and optimization for Ethereum smart contracts,” in Proc. 26th Int. Conf. Tools and Algorithms for the Construction and Analysis of Systems, Dublin, Ireland, 2020, pp. 118–125.
    [140]
    L. S. Wu, H. J. Cai, and H. Li, “SGX-UAM: A secure unified access management scheme with one time passwords via Intel SGX,” IEEE Access, vol. 9, pp. 38029–38042, Mar. 2021. doi: 10.1109/ACCESS.2021.3063770
    [141]
    C. Pu, “Sybil attack in RPL-based internet of things: Analysis and defenses,” IEEE Internet Things J., vol. 7, no. 6, pp. 4937–4949, Jun. 2020. doi: 10.1109/JIOT.2020.2971463
    [142]
    [143]
    N. Lu, B. Wang, Y. X. Zhang, W. B. Shi, and C. Esposito, “NeuCheck: A more practical Ethereum smart contract security analysis tool,” Software: Prac. Exper., vol. 51, no. 10, pp. 2065–2084, Oct. 2021. doi: 10.1002/spe.2745
    [144]
    T. Krupa, M. Ries, I. Kotuliak, K. Koštál, and R. Bencel, “Security issues of smart contracts in Ethereum platforms,” in Proc. 28th Conf. Open Innovations Association, Moscow, Russia, 2021, pp. 208–214.
    [145]
    T. Lin, X. Yang, T. Y. Wang, T. Peng, F. Xu, S. X. Lao, S. Y. Ma, H. F. Wang, and W. J. Hao, “Implementation of high-performance blockchain network based on cross-chain technology for IoT applications,” Sensors, vol. 20, no. 11, p. 3268, Jun. 2020. doi: 10.3390/s20113268
    [146]
    T. Y. Sun and W. S. Yu, “A formal verification framework for security issues of blockchain smart contracts,” Electronics, vol. 9, no. 2, p. 255, Feb. 2020. doi: 10.3390/electronics9020255
    [147]
    Z. J. Lu, Q. Wang, G. Qu, H. C. Zhang, and Z. L. Liu, “A blockchain-based privacy-preserving authentication scheme for VANETs,” IEEE Trans. Very Large Scale Integr. VLSI Syst., vol. 27, no. 12, pp. 2792–2801, Dec. 2019. doi: 10.1109/TVLSI.2019.2929420
    [148]
    W. Jiang, B. Han, M. A. Habibi, and H. D. Schotten, “The road towards 6G: A comprehensive survey,” IEEE Open J. Commun. Soc., vol. 2, pp. 334–366, Feb. 2021. doi: 10.1109/OJCOMS.2021.3057679
    [149]
    A. A. Hussain and F. Al-Turjman, “Artificial intelligence and blockchain: A review,” Trans. Emerg. Telecommun. Technol., vol. 32, no. 9, p. e4268, Sept. 2021.
    [150]
    N. Deepa, Q.-V. Pham, D. C. Nguyen, S. Bhattacharya, B. Prabadevi, T. R. Gadekallu, P. K. R. Maddikunta, F. Fang, and P. N. Pathirana, “A survey on blockchain for big data: Approaches, opportunities, and future directions,” Future Gener. Comput. Syst., vol. 131, pp. 209–226, Jun. 2022. doi: 10.1016/j.future.2022.01.017
    [151]
    J. Mitchell and D. Guile, “Fusion skills and industry 5.0: Conceptions and challenges,” in Insights Into Global Engineering Education After the Birth of Industry 5.0, M. Bouezzeddine, Ed. IntechOpen, 2022, pp. 53.
    [152]
    H.-Y. Tran and J. K. Hu, “Privacy-preserving big data analytics a comprehensive survey,” J. Parallel Distrib. Comput., vol. 134, pp. 207–218, Dec. 2019. doi: 10.1016/j.jpdc.2019.08.007
    [153]
    S. F. Lin, Y. H. Kong, S. T. Nie, W. J. Xie, and J. Du, “Research on cross-chain technology of blockchain,” in Proc. 6th Int. Conf. Smart Grid and Electrical Automation, Kunming, China, 2021, pp. 405–408.
    [154]
    T. Feneuil, A. Joux, and M. Rivain, “Syndrome decoding in the head: Shorter signatures from zero-knowledge proofs,” in Proc. 42nd Annu. Int. Cryptology Conf. Advances in Cryptology, Barbara, USA, 2022, pp. 541–572.
    [155]
    X. Zhou, Z. L. Xu, C. Wang, and M. Y. Gao, “PPMLAC: High performance chipset architecture for secure multi-party computation,” in Proc. 49th Annu. Int. Symp. Computer Architecture, New York, USA, 2022, pp. 87–101.
    [156]
    C. Chen, C. Wang, T. Qiu, M. Atiquzzaman, and D. O. Wu, “Caching in vehicular named data networking: Architecture, schemes and future directions,” IEEE Commun. Surv. Tutorials, vol. 22, no. 4, pp. 2378–2407, Oct.–Nov.–Dec. 2020. doi: 10.1109/COMST.2020.3005361
    [157]
    Y. T. Wang, Z. Su, J. B. Ni, N. Zhang, and X. M. Shen, “Blockchain-empowered space-air-ground integrated networks: Opportunities, challenges, and solutions,” IEEE Commun. Surv. Tutorials, vol. 24, no. 1, pp. 160–209, Jan.-Feb.-Mar. 2022.
    [158]
    C. C. Liu, “Enhancing IoT security with blockchain,” Ph.D. dissertation, The George Washington Univ., Washington, USA, 2020.
    [159]
    M. Sparkes, “What is a metaverse,” New Sci., vol. 251, no. 3348, p. 18, Aug. 2021.
    [160]
    T. J. Gilbride, P. J. Lenk, and J. D. Brazell, “Market share constraints and the loss function in choice-based conjoint analysis,” Market. Sci., vol. 27, no. 6, pp. 995–1011, Jul. 2008. doi: 10.1287/mksc.1080.0369
    [161]
    B. A. Khalaf, S. A. Mostafa, A. Mustapha, M. A. Mohammed, and W. M. Abduallah, “Comprehensive review of artificial intelligence and statistical approaches in distributed denial of service attack and defense methods,” IEEE Access, vol. 7, pp. 51691–51713, Apr. 2019. doi: 10.1109/ACCESS.2019.2908998

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Figures(4)  / Tables(6)

    Article Metrics

    Article views (718) PDF downloads(203) Cited by()

    Highlights

    • We present security defects in the technical principles and implementation mechanisms of cross-chains, such as notary, hash-locking, and sidechain/relay mechanism, and discuss the impact of the structures and characteristics of blockchain systems on cross-chain security
    • We analyze different cross-chain attacks from multiple dimensions, such as multi-chain combination attacks, native chain attacks, and inter-chain attack diffusion, and subsequently investigate the attack principle and attack path corresponding to each attack
    • We explore the multi-level, inter-chain risk control method structure and intelligent defense approaches for cross-chain systems, and point out future research directions in cross-chain secure applications, such as metaverse, sixth-generation (6G) communication systems, edge intelligent computing, digital economy, Web 3.0, and artificial intelligence (AI)

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return