• International Journal of Internet, Broadcasting and Communication
• /
• 제13권4호
• /
• pp.1-10
• /
• 2021

The purpose of the study is to contribute to the positive development of blockchain technology by providing data to examine security vulnerabilities and threats to blockchain-based services and review countermeasures. The findings of this study are as follows. Threats to the security of blockchain-based services can be classified into application security threats, smart contract security threats, and network (P2P) security threats. First, application security threats include wallet theft (e-wallet stealing), double spending (double payment attack), and cryptojacking (mining malware infection). Second, smart contract security threats are divided into reentrancy attacks, replay attacks, and balance increasing attacks. Third, network (P2P) security threats are divided into the 51% control attack, Sybil attack, balance attack, eclipse attack (spread false information attack), selfish mining (selfish mining monopoly), block withholding attack, DDoS attack (distributed service denial attack) and DNS/BGP hijacks. Through this study, it is possible to discuss the future plans of the blockchain technology-based ecosystem through understanding the functional characteristics of transparency or some privacy that can be obtained within the blockchain. It also supports effective coping with various security threats.

• 한국컴퓨터정보학회논문지
• /
• 제23권10호
• /
• pp.73-80
• /
• 2018

The shared economy began with the concept of sharing the physical and intellectual assets of individuals with others. Nowadays, the concept of shared economy is becoming one of the industries as an enterprise type. Especially, with the development of the Internet and smart devices, various forms of shared economy have been developed in accordance with the need of sharing of individual income. Digital content is also a shareable commodity and it is seeking to utilize it as an item of shared economy. Accordingly, when digital contents are used as a shared economy, there are various possible threats -security threats that may arise in the course of transactions, potential for theft, alteration and hacking of contents. In this paper, we propose transaction method and content protection method using block chain-ethereum technology to reduce security threats and transparent transactions that can occur in digital contents transactions. Through the proposed method, the trust of the consumer and the supplier can be measured and the encryption can be performed considering the characteristics of the data to be traded. Through this paper, it is possible to increase the transparency of smart transaction of digital contents and to reduce the risk of content distortion, hacking, etc.

• 한국컴퓨터정보학회논문지
• /
• 제24권4호
• /
• pp.65-71
• /
• 2019

IAs smart device penetration rate is more than 90%, mobile transaction ratio using smart device is increasing. Smart contracts are used in various areas of real life including smart trading. By applying smart contracts to the platform for smart transactions through block-chain technology, the threat of hacking or forgery can be reduced. However, various threats to devices in smart transactions can pose a threat to the use of block chain Etherium, an important element in privilege and personal information management. Smart contract used in block chain Ethereum includes important information or transaction details of users. Therefore, in case of an attack of privilege elevation, it is very likely to exploit transaction details or forge or tamper with personal information inquiry. In this paper, we propose a detection and countermeasure method for privilege escalation attack, which is especially important for block chain for secure smart transaction using block chain Ethereum. When comparing the results of this study with the results of similar applications and researches, we showed about 12~13% improvement in performance and suggested the future countermeasures through packet analysis.

• 융합보안논문지
• /
• 제23권1호
• /
• pp.63-68
• /
• 2023

본 연구에서는 블록체인 프로토콜과 네트워크 보안에 관련해서 MITM공격 및 DoS/DDoS 공격 등에 강한 대응수준을 갖출 수 있도록 블록체인 구성과 스마트 컨트랙트 상의 암호화 키 관리 방안과 에 대해 연구한다. 암호화 통신 프로토콜과 인증강화를 통한 중간자 공격(MITM)등의 데이터보안 위협에 대응, 노드간의 로드밸런싱과 분산화 된 방식으로 DDoS 공격 대응, 안전한 코딩과 취약점 검사, 안전한 합의알고리즘에 의한 스마트 컨트랙트 보안 강화, 사용자 인증과 권한 부여 강화를 통한 액세스 제어 및 인증, 블록체인 코어 및 노드의 보안성 강화, 기타 블록체인 프로토콜 업데이트 및 보안 강화를 위한 모니터링 시스템 구축 등을 통해 보안성이 강화된 블록체인 기술을 활용할 수 있을 것으로 기대된다.

• 한국산학기술학회논문지
• /
• 제19권4호
• /
• pp.563-570
• /
• 2018

기존의 온라인 투표가 보안 위협에 대한 불확실성 때문에 공적 선거에 활용되지 못하고 있으며 오프라인 투표로 인해 막대한 비용이 소요되고 있다. 이에 대한 대안으로 블록체인 기술이 대두되고 있다. 블록체인 기술을 온라인 투표에 적용하면 투표자 정보 및 집계 정보를 분산 관리하므로 투명성과 기밀성이 보장될 수 있을 것이다. 블록체인은 투표 정보에 대해 분산관리하므로 기존의 중앙 서버 기반의 온라인 투표 시스템보다 보안 위협으로 부터 안전할 것이다. 이와 같이 블록체인 기술이 공적 선거에 적용되어 투표 정보의 투명성과 기밀성이 보장된다면 투표로 인한 비용을 획기적으로 감소시킬 수 있을 것이다. 본 연구에서는 블록체인 기술 중에 이더리움 기술을 온라인 투표시스템에 적용 개발하고자 한다. 이더리움은 확장성이 뛰어난 블록체인 기술로서 솔리디티 언어 기반의 스마트 컨트랙트를 제공한다. 이더리움의 스마트 컨트랙트를 이용하여 온라인 투표 컨트랙트를 개발하고 각 투표자에게 컨트랙트를 배포한다. 각 투표자는 배포 받은 컨트랙트에 투표하며 투표한 집계는 다른 투표자들에게 분산 저장된다. 실험에서는 저장된 투표 집계 정보에 대해 일관성을 검증한다.

• Journal of Information Processing Systems
• /
• 제16권2호
• /
• pp.301-317
• /
• 2020

An enterprise patch-management system (PMS) typically supplies a single point of failure (SPOF) of centralization structure. However, a Blockchain system offers features of decentralization, transaction integrity, user certification, and a smart chaincode. This study proposes a Hyperledger Fabric Blockchain-based distributed patch-management system and verifies its technological feasibility through prototyping, so that all participating users can be protected from various threats. In particular, by adopting a private chain for patch file set management, it is designed as a Blockchain system that can enhance security, log management, latest status supervision and monitoring functions. In addition, it uses a Hyperledger Fabric that owns a practical Byzantine fault tolerant consensus algorithm, and implements the functions of upload patch file set, download patch file set, and audit patch file history, which are major features of PMS, as a smart contract (chaincode), and verified this operation. The distributed ledger structure of Blockchain-based PMS can be a solution for distributor and client authentication and forgery problems, SPOF problem, and distribution record reliability problem. It not only presents an alternative to dealing with central management server loads and failures, but it also provides a higher level of security and availability.