Open Access. Powered by Scholars. Published by Universities.®
- Keyword
-
- Blockchain (3)
- Access Control (2)
- Bitcoin (2)
- Cryptocurrency (2)
- Smart contracts (2)
-
- Accountability (1)
- Anonymity (1)
- Artificial intelligence (1)
- Authentication (1)
- Block-chain (1)
- Blockchains (1)
- Capital budgeting (1)
- Case study (1)
- Cloud computation security (1)
- Cloud security (1)
- Collusion attack (1)
- Collusion attacks (1)
- Comparison (1)
- Contract defect (1)
- Cryptocurrencies (1)
- Cryptographic primitives (1)
- Customer information (1)
- Cyber threats (1)
- Data mining (1)
- Data privacy (1)
- Decentralized apps (1)
- Decision analysis (1)
- Decision tree (1)
- Decreasing functions (1)
- Digital signature (1)
Articles 1 - 24 of 24
Full-Text Articles in Business
Beyond "Protected" And "Private": An Empirical Security Analysis Of Custom Function Modifiers In Smart Contracts, Yuzhou Fang, Daoyuan Wu, Xiao Yi, Shuai Wang, Yufan Chen, Mengjie Chen, Yang Liu, Lingxiao Jiang
Beyond "Protected" And "Private": An Empirical Security Analysis Of Custom Function Modifiers In Smart Contracts, Yuzhou Fang, Daoyuan Wu, Xiao Yi, Shuai Wang, Yufan Chen, Mengjie Chen, Yang Liu, Lingxiao Jiang
Research Collection School Of Computing and Information Systems
A smart contract is a piece of application-layer code running on blockchain ledgers and it provides programmatic logic via transaction-based execution of pre-defined functions. Smart contract functions are by default invokable by any party. To safeguard them, the mainstream smart contract language, i.e., Solidity of the popular Ethereum blockchain, proposed a unique language-level keyword called “modifier,” which allows developers to define custom function access control policies beyond the traditional “protected” and “private” modifiers in classic programming languages.In this paper, we aim to conduct a large-scale security analysis of the modifiers used in real-world Ethereum smart contracts. To achieve this, we …
Towards Automated Safety Vetting Of Smart Contracts In Decentralized Applications, Yue Duan, Xin Zhao, Yu Pan, Shucheng Li, Minghao Li, Fengyuan Xu, Mu Zhang
Towards Automated Safety Vetting Of Smart Contracts In Decentralized Applications, Yue Duan, Xin Zhao, Yu Pan, Shucheng Li, Minghao Li, Fengyuan Xu, Mu Zhang
Research Collection School Of Computing and Information Systems
We propose VetSC, a novel UI-driven, program analysis guided model checking technique that can automatically extract contract semantics in DApps so as to enable targeted safety vetting. To facilitate model checking, we extract business model graphs from contract code that capture its intrinsic business and safety logic. To automatically determine what safety specifications to check, we retrieve textual semantics from DApp user interfaces. To exclude untrusted UI text, we also validate the UI-logic consistency and detect any discrepancies. We have implemented VetSC and applied it to 34 real-world DApps. Experiments have demonstrated that VetSC can accurately interpret smart contract code, …
Secure Hierarchical Deterministic Wallet Supporting Stealth Address, Xin Yin, Zhen Liu, Guomin Yang, Guoxing Chen, Haojin Zhu
Secure Hierarchical Deterministic Wallet Supporting Stealth Address, Xin Yin, Zhen Liu, Guomin Yang, Guoxing Chen, Haojin Zhu
Research Collection School Of Computing and Information Systems
Over the past decade, cryptocurrency has been undergoing a rapid development. Digital wallet, as the tool to store and manage the cryptographic keys, is the primary entrance for the public to access cryptocurrency assets. Hierarchical Deterministic Wallet (HDW), proposed in Bitcoin Improvement Proposal 32 (BIP32), has attracted much attention and been widely used in the community, due to its virtues such as easy backup/recovery, convenient cold-address management, and supporting trust-less audits and applications in hierarchical organizations. While HDW allows the wallet owner to generate and manage his keys conveniently, Stealth Address (SA) allows a payer to generate fresh address (i.e., …
Defining Smart Contract Defects On Ethereum, Jiachi Chen, Xin Xia, David Lo, John Grundy, Xiapu Luo, Ting Chen
Defining Smart Contract Defects On Ethereum, Jiachi Chen, Xin Xia, David Lo, John Grundy, Xiapu Luo, Ting Chen
Research Collection School Of Computing and Information Systems
Smart contracts are programs running on a blockchain. They are immutable to change, and hence can not be patched for bugs once deployed. Thus it is critical to ensure they are bug-free and well-designed before deployment. A Contract defect is an error, flaw or fault in a smart contract that causes it to produce an incorrect or unexpected result, or to behave in unintended ways. The detection of contract defects is a method to avoid potential bugs and improve the design of existing code. Since smart contracts contain numerous distinctive features, such as the gas system. decentralized, it is important …
Functional Signatures: New Definition And Constructions, Qingwen Guo, Qiong Huang, Sha Ma, Meiyan Xiao, Guomin Yang, Willy Susilo
Functional Signatures: New Definition And Constructions, Qingwen Guo, Qiong Huang, Sha Ma, Meiyan Xiao, Guomin Yang, Willy Susilo
Research Collection School Of Computing and Information Systems
Functional signatures (FS) enable a master authority to delegate its signing privilege to an assistant. Concretely, the master authority uses its secret key sk(F) to issue a signing key sk(f) for a designated function f is an element of F-FS and sends both f and sk(f) to the assistant E, which is then able to compute a signature sigma(f) with respect to pk(F) for a message y in the range of f. In this paper, we modify the syntax of FS slightly to support the application scenario where a certificate of authorization is necessary. Compared with the original FS, our …
Traceable Monero: Anonymous Cryptocurrency With Enhanced Accountability, Yannan Li, Guomin Yang, Wily Susilo, Yong Yu, Man Ho Au, Dongxi Liu
Traceable Monero: Anonymous Cryptocurrency With Enhanced Accountability, Yannan Li, Guomin Yang, Wily Susilo, Yong Yu, Man Ho Au, Dongxi Liu
Research Collection School Of Computing and Information Systems
Monero provides a high level of anonymity for both users and their transactions. However, many criminal activities might be committed with the protection of anonymity in cryptocurrency transactions. Thus, user accountability (or traceability) is also important in Monero transactions, which is unfortunately lacking in the current literature. In this paper, we fill this gap by introducing a new cryptocurrency named Traceable Monero to balance the user anonymity and accountability. Our framework relies on a tracing authority, but is optimistic, in that it is only involved when investigations in certain transactions are required. We formalize the system model and security model …
Coinwatch: A Clone-Based Approach For Detecting Vulnerabilities In Cryptocurrencies, Qingze Hum, Wei Jin Tan, Shi Ying Tey, Latasha Lenus, Ivan Homoliak, Yun Lin, Jun Sun
Coinwatch: A Clone-Based Approach For Detecting Vulnerabilities In Cryptocurrencies, Qingze Hum, Wei Jin Tan, Shi Ying Tey, Latasha Lenus, Ivan Homoliak, Yun Lin, Jun Sun
Research Collection School Of Computing and Information Systems
Cryptocurrencies have become very popular in recent years. Thousands of new cryptocurrencies have emerged, proposing new and novel techniques that improve on Bitcoin's core innovation of the blockchain data structure and consensus mechanism. However, cryptocurrencies are a major target for cyber-attacks, as they can be sold on exchanges anonymously and most cryptocurrencies have their codebases publicly available. One particular issue is the prevalence of code clones in cryptocurrencies, which may amplify security threats. If a vulnerability is found in one cryptocurrency, it might be propagated into other cloned cryptocurrencies. In this work, we propose a systematic remedy to this problem, …
Pmkt: Privacy-Preserving Multi-Party Knowledge Transfer For Financial Market Forecasting, Zhuoran Ma, Jianfeng Ma, Yinbin Miao, Kim-Kwang Raymond Choo, Ximeng Liu, Xiangyu Wang, Tengfei Yang
Pmkt: Privacy-Preserving Multi-Party Knowledge Transfer For Financial Market Forecasting, Zhuoran Ma, Jianfeng Ma, Yinbin Miao, Kim-Kwang Raymond Choo, Ximeng Liu, Xiangyu Wang, Tengfei Yang
Research Collection School Of Computing and Information Systems
While decision-making task is critical in knowledge transfer, particularly from multi-source domains, existing knowledge transfer approaches are not generally designed to be privacy preserving. This has potential legal and financial implications, particularly in sensitive applications such as financial market forecasting. Therefore, in this paper, we propose a Privacy-preserving Multi-party Knowledge Transfer system (PMKT), based on decision trees, for financial market forecasting. Specifically, in PMKT, we leverage a cryptographic-based model sharing technique to securely outsource knowledge reflected in decision trees of multiple parties, and design a secure computation mechanism to facilitate privacy-preserving knowledge transfer. An encrypted user-submitted request from the target …
The Future Of Work Now: Cyber Threat Attribution At Fireeye, Thomas H. Davenport, Steven M. Miller
The Future Of Work Now: Cyber Threat Attribution At Fireeye, Thomas H. Davenport, Steven M. Miller
Research Collection School Of Computing and Information Systems
One of the most frequently-used phrases at business events these days is “the future of work.” It’s increasingly clear that artificial intelligence and other new technologies will bring substantial changes in work tasks and business processes. But while these changes are predicted for the future, they’re already present in many organizations for many different jobs. The job and incumbent described below is an example of this phenomenon. It’s a clear example of an existing job that’s been transformed by AI and related tools.
Collusion Attacks And Fair Time-Locked Deposits For Fast-Payment Transactions In Bitcoin, Xingjie Yu, Shiwen Michael Thang, Yingjiu Li, Robert H. Deng
Collusion Attacks And Fair Time-Locked Deposits For Fast-Payment Transactions In Bitcoin, Xingjie Yu, Shiwen Michael Thang, Yingjiu Li, Robert H. Deng
Research Collection School Of Computing and Information Systems
In Bitcoin network, the distributed storage of multiple copies of the block chain opens up possibilities for doublespending, i.e., a payer issues two separate transactions to two different payees transferring the same coins. While Bitcoin has inherent security mechanism to prevent double-spending attacks, it requires a certain amount of time to detect the doublespending attacks after the transaction has been initiated. Therefore, it is impractical to protect the payees from suffering in double-spending attacks in fast payment scenarios where the time between the exchange of currency and goods or services is shorten to few seconds. Although we cannot prevent double-spending …
Blockchain Based Efficient And Robust Fair Payment For Outsourcing Services In Cloud Computing, Yinghui Zhang, Robert H. Deng, Ximeng Liu, Dong Zheng
Blockchain Based Efficient And Robust Fair Payment For Outsourcing Services In Cloud Computing, Yinghui Zhang, Robert H. Deng, Ximeng Liu, Dong Zheng
Research Collection School Of Computing and Information Systems
As an attractive business model of cloud computing, outsourcing services usually involve online payment and security issues. The mutual distrust between users and outsourcing service providers may severely impede the wide adoption of cloud computing. Nevertheless, most existing payment solutions only consider a specific type of outsourcing service and rely on a trusted third-party to realize fairness. In this paper, in order to realize secure and fair payment of outsourcing services in general without relying on any third-party, trusted or not, we introduce BCPay, a blockchain based fair payment framework for outsourcing services in cloud computing. We first present the …
Fair Deposits Against Double-Spending For Bitcoin Transactions, Xingjie Yu, Shiwen M. Thang, Yingjiu Li, Robert H. Deng
Fair Deposits Against Double-Spending For Bitcoin Transactions, Xingjie Yu, Shiwen M. Thang, Yingjiu Li, Robert H. Deng
Research Collection School Of Computing and Information Systems
In Bitcoin network, the distributed storage of multiple copies of the blockchain opens up possibilities for double spending, i.e., a payer issues two separate transactions to two different payees transferring the same coins. To detect the doublespending and penalize the malicious payer, decentralized non-equivocation contracts have been proposed. The basic idea of these contracts is that the payer locks some coins in a deposit when he initiates a transaction with the payee. If the payer double spends, a cryptographic primitive called accountable assertions can be used to reveal his Bitcoin credentials for the deposit. Thus, the malicious payer could be …
Electronic Contract Signing Without Using Trusted Third Party, Zhiguo Wan, Robert H. Deng, David Kuo Chuen Lee
Electronic Contract Signing Without Using Trusted Third Party, Zhiguo Wan, Robert H. Deng, David Kuo Chuen Lee
Research Collection School Of Computing and Information Systems
Electronic contract signing allows two potentially dis-trustful parties to digitally sign an electronic document “simultaneously” across a network. Existing solutions for electronic contract signing either require the involvement of a trusted third party (TTP), or are complex and expensive in communication and computation. In this paper we propose an electronic contract signing protocol between two parties with the following advantages over existing solutions: 1) it is practical and scalable due to its simplicity and high efficiency; 2) it does not require any trusted third party as the mediator; and 3) it guarantees fairness between the two signing parties. We achieve …
Improving Internet Security Through Mandatory Information Disclosure, Qian Tang, Andrew B. Whinston
Improving Internet Security Through Mandatory Information Disclosure, Qian Tang, Andrew B. Whinston
Research Collection School Of Computing and Information Systems
Although disclosure has long been considered as a solution to internalize externalities, mandatory security information disclosure is still in debate. We propose a mandatory disclosure mechanism based on existing data. The information is disclosed as straightforward rankings of organizations for users to understand, interpret, and make comparisons. As a result, the disclosure can influence organizations through reputational effects. We created a public website to disclose information regularly and conducted a quasi-experiment on outgoing spam to test the effectiveness of our mechanism on four matched country groups. For each treated country, we released the ranking list of top 10 most spamming …
Detecting Click Fraud In Online Advertising: A Data Mining Approach, Richard Oentaryo, Ee Peng Lim, Michael Finegold, David Lo, Feida Zhu, Clifton Phua, Eng-Yeow Cheu, Ghim-Eng Yap, Kelvin Sim, Kasun Perera, Bijay Neupane, Mustafa Faisal, Zeyar Aung, Wei Lee Woon, Wei Chen, Dhaval Patel, Daniel Berrar
Detecting Click Fraud In Online Advertising: A Data Mining Approach, Richard Oentaryo, Ee Peng Lim, Michael Finegold, David Lo, Feida Zhu, Clifton Phua, Eng-Yeow Cheu, Ghim-Eng Yap, Kelvin Sim, Kasun Perera, Bijay Neupane, Mustafa Faisal, Zeyar Aung, Wei Lee Woon, Wei Chen, Dhaval Patel, Daniel Berrar
Research Collection School Of Computing and Information Systems
Click fraud - the deliberate clicking on advertisements with no real interest on the product or service offered - is one of the most daunting problems in online advertising. Building an elective fraud detection method is thus pivotal for online advertising businesses. We organized a Fraud Detection in Mobile Advertising (FDMA) 2012 Competition, opening the opportunity for participants to work on real-world fraud data from BuzzCity Pte. Ltd., a global mobile advertising company based in Singapore. In particular, the task is to identify fraudulent publishers who generate illegitimate clicks, and distinguish them from normal publishers. The competition was held from …
Evaluation Of Different Electronic Product Code Discovery Service Models, Su Mon Kywe, Jie Shi, Yingjiu Li, Raghuwanshi Kailash
Evaluation Of Different Electronic Product Code Discovery Service Models, Su Mon Kywe, Jie Shi, Yingjiu Li, Raghuwanshi Kailash
Research Collection School Of Computing and Information Systems
Electronic Product Code Discovery Service (EPCDS) is an important concept in supply chain processes and in Internet of Things (IOT). It allows supply chain participants to search for their partners, communicate with them and share product information using standardized interfaces securely. Many researchers have been proposing different EPCDS models, considering different requirements. In this paper, we describe existing architecture designs of EPCDS systems, namely Directory Service Model, Query Relay Model and Aggregating Discovery Service Model (ADS). We also briefly mention Secure Discovery Service (SecDS) Model, which is an improved version of Directory Service Model with a secure attribute-based access control …
Profit-Maximizing Firm Investments In Customer Information Security, Yong Yick Lee, Robert J. Kauffman, Ryan Sougstad
Profit-Maximizing Firm Investments In Customer Information Security, Yong Yick Lee, Robert J. Kauffman, Ryan Sougstad
Research Collection School Of Computing and Information Systems
When a customer interacts with a firm, extensive personal information often is gathered without the individual's knowledge. Significant risks are associated with handling this kind of information. Providing protection may reduce the risk of the loss and misuse of private information, but it imposes some costs on both the firm and its customers. Nevertheless, customer information security breaches still may occur. They have several distinguishing characteristics: (1) typically it is hard to quantify monetary damages related to them; (2) customer information security breaches may be caused by intentional attacks, as well as through unintentional organizational and customer behaviors; and (3) …
Fraud Detection In Online Consumer Reviews, Nan Hu, Ling Liu, Vallabh Sambamurthy
Fraud Detection In Online Consumer Reviews, Nan Hu, Ling Liu, Vallabh Sambamurthy
Research Collection School Of Computing and Information Systems
Increasingly, consumers depend on social information channels, such as user-posted online reviews, to make purchase decisions. These reviews are assumed to be unbiased reflections of other consumers' experiences with the products or services. While extensively assumed, the literature has not tested the existence or non-existence of review manipulation. By using data from Amazon and Barnes & Noble, our study investigates if vendors, publishers, and writers consistently manipulate online consumer reviews. We document the existence of online review manipulation and show that the manipulation strategy of firms seems to be a monotonically decreasing function of the product's true quality or the …
Editorial: Special Issue On Ubiquitous Electronic Commerce Systems, Robert H. Deng, Jari Veijalainen, Shiguo Lian, Dimitris Kanellopoulos
Editorial: Special Issue On Ubiquitous Electronic Commerce Systems, Robert H. Deng, Jari Veijalainen, Shiguo Lian, Dimitris Kanellopoulos
Research Collection School Of Computing and Information Systems
Ubiquitous computing is a post-desktop model of human-computer interaction in which information processing has been thoroughly integrated into everyday objects and activities. Emerging ubiquitous electronic commerce systems (UECS) are expected to be available anytime, anywhere, and using different official or personal computing devices. Systems and services such as digital libraries, on-line business transactions, mobile office and mobile TV are widely deployed. Users will be able to access these services anytime, anywhere, while using any computing device in a pervasive way.
A Hybrid Method To Detect Deflation Fraud In Cost-Per-Action Online Advertising, Xuhua Ding
A Hybrid Method To Detect Deflation Fraud In Cost-Per-Action Online Advertising, Xuhua Ding
Research Collection School Of Computing and Information Systems
Web advertisers prefer the cost-per-action (CPA) advertisement model whereby an advertiser pays a web publisher according to the actual amount of transactions, rather than the volume of advertisement clicks. The main obstacle for a wide deployment of this model is the deflation fraud. Namely, a dishonest advertiser under-reports the transaction count in order to discharge less. In this paper, we present a mechanism to detect such a fraud using a hybrid of cryptography and probability tools. With the assistance from a small number of users, the publisher can detect deflation fraud with a success probability growing exponentially with the fraud …
An Information-Sharing Based Anti-Phishing System, Yueqing Cheng, Zhen Yuan, Lei Ma, Robert H. Deng
An Information-Sharing Based Anti-Phishing System, Yueqing Cheng, Zhen Yuan, Lei Ma, Robert H. Deng
Research Collection School Of Computing and Information Systems
This paper presents the design of an informationsharing based or server-assisted anti-phishing system. The system follows a client-server architecture and makes decision based on not only client side heuristics but also collective information from multiple clients. When visiting a web site, a client side proxy, installed as a plug-in to a browser, decides on the legitimacy of the web site based on a combination of white list, black list and heuristics. In case the client side proxy does not have sufficient information to make a clear judgment, it reports the suspicious site to a central server which has access to …
How Much You Watch, How Much You Pay, Yongdong Wu, Hwee Hwa Pang, Robert H. Deng
How Much You Watch, How Much You Pay, Yongdong Wu, Hwee Hwa Pang, Robert H. Deng
Research Collection School Of Computing and Information Systems
This paper presents a pay-video scheme that manages video stream, key stream and payment stream efficiently. In our scheme, the owner segments a video into fragments and encrypts them with independent keys. The keys are generated with a novel concept called as hash interval, where each hash interval discloses a range of numbers without disclosing any information on numbers outside of the range. The video fragments are then broadcast on one or more channels. A buyer can purchase the keys to decrypt any fragments and, within each fragment, any desired quality level. The accompanying payment protocol is integrated with the …
Technology Competition And Optimal Investment Timing: A Real Options Perspective, Robert J. Kauffman, X. Li
Technology Competition And Optimal Investment Timing: A Real Options Perspective, Robert J. Kauffman, X. Li
Research Collection School Of Computing and Information Systems
Companies often choose to defer irreversible investments to maintain valuable managerial flexibility in an uncertain world. For some technology-intensive projects, technology uncertainty plays a dominant role in affecting investment timing. This article analyzes the investment timing strategy for a firm that is deciding about whether to adopt one or the other of two incompatible and competing technologies.We develop a continuous-time stochastic model that aids in the determination of optimal timing for managerial adoption within the framework of real options theory. The model captures the elements of the decision-making process in such a way so as to provide managerial guidance in …
An Efficient And Practical Scheme For Privacy Protection In E-Commerce Of Digital Goods, Feng Bao, Robert H. Deng, Peirong Feng
An Efficient And Practical Scheme For Privacy Protection In E-Commerce Of Digital Goods, Feng Bao, Robert H. Deng, Peirong Feng
Research Collection School Of Computing and Information Systems
It is commonly acknowledged that customers’ privacy in electronic commerce should be well protected. The solutions may come not only from the ethics education and legislation, but also from cryptographic technologies. In this paper we propose and analyze a privacy protection scheme for e-commerce of digital goods. The scheme takes cryptography as its technical means to realize privacy protection for online customers. It is efficient in both computational cost and communication cost. It is very practical for real e-commerce systems compared with previous solutions. The cryptographic technique presented in this paper is rather simple. But the scheme has great application …