A Taxonomy Study on Securing Blockchain-based Industrial Applications: An Overview, Application Perspectives, Requirements, Attacks ...
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
A Taxonomy Study on Securing Blockchain-based Industrial Applications: An Overview, Application Perspectives, Requirements, Attacks, Countermeasures, and Open Issues Khizar Hameeda, Mutaz Barikaa , Saurabh Garga , Muhammad Bilal Amina , Byeong Kanga a Discipline of ICT, School of Technology, Environments, and Design, University of Tasmania, Australia Abstract Blockchain technology has taken on a leading role in today’s industrial applications by providing salient features and showing arXiv:2105.11665v1 [cs.CR] 25 May 2021 significant performance since its beginning. Blockchain began its journey from the concept of cryptocurrency and is now part of a range of core applications to achieve resilience and automation between various tasks. With the integration of Blockchain technology into different industrial applications, many application designs, security and privacy challenges present themselves, posing serious threats to users and their data. Although several approaches have been proposed to address the specific security and privacy needs of targeted applications with functional parameters, there is still a need for a research study on the application, secu- rity and privacy challenges, and requirements of Blockchain-based industrial applications, along with possible security threats and countermeasures. This study presents a state-of-the-art survey of Blockchain-based Industry 4.0 applications, focusing on crucial application and security and privacy requirements, as well as corresponding attacks on Blockchain systems with potential counter- measures. We also analyse and provide the classification of different security and privacy techniques used in these applications to enhance the advancement of security features. Furthermore, we highlight some open issues in industrial applications that help to design secure Blockchain-based applications as future directions. Keywords: Blockchain industrial applications, Application requirements, Security requirements, Privacy-preserving, Security attacks, Countermeasures 1. Introduction data becomes a major concern in Industry 4.0. Blockchain seems to be an excellent solution for dealing with the afore- The widespread adoption of the Internet of Things (IoT) mentioned problems and issues [5]. and related network and communication technologies drives the modern industrial revolution known as Industry 4.0 [1]. Sen- Blockchain technology aims to eliminate the central third sors, actuators, and embedded systems used in the IoT for sens- party between communication parties and to provide an equal ing, computing, and communicating data for industrial automa- opportunity to all network nodes for controlling and manag- tion have a significant impact on Industry 4.0 [2]. As stated, ing the operations over the network. In general, Blockchain Industry 4.0 is a series of cutting-edge technologies based on technology stipulates a trusted P2P platform with an apparent advanced knowledge and communication standards and indus- motive to design the decentralised applications for performing try guidelines applied to manufacturing to help manufacturers secure computations on transactions using cryptography algo- accomplish their goals more effectively [3]. With an emerging rithms. In addition to secure computations, Blockchain tech- trend of new disruptive technologies being used in Industry 4.0, nology also offers a promising solution for storing the verified academics and researchers have focused their efforts on devel- transactions on a shared, immutable ledger. This immutable oping Industry 4.0-based applications for the benefit of society. feature is an embellished concept of Blockchain technology This emerging trend provides an interconnected platform for which provides the irreversible guarantee of transactions stored exchanging large amounts of data used in different processes. at distributed databases [6]. After earning remarkable success However, as the number of users increases rapidly, the network in the field of digital cryptocurrencies, Blockchain technology often experiences bottlenecks, resulting in scalability and sin- has gained much momentum between different business com- gle point of failure issues. Furthermore, it is often vulnerable to munities, and even the interest of different industrial applica- different types of security and privacy threats [4]. Additionally, tion domains such as IoT [7], banking [8] and financial services due to the amount of data exchanged over such an unsecured [9], Smart Grid (SG) [10], logistics [11] and medical [12]. Re- network, ensuring the confidentiality, privacy, and integrity of cent years are witnesses to the flexible nature of Blockchain technology utilised by many applications to provide ease of au- tomation of different manufacturing tasks with the utilisation of Email addresses: hameed.khizar@utas.edu.au (Khizar Hameed), mutaz.barika@unisa.edu.au (Mutaz Barika), inherent features of Blockchain, such as decentralised topology, saurabh.garg@utas.edu.au (Saurabh Garg), bilal.amin@utas.edu.au distributed ledger, transparency, traceability and auditability of (Muhammad Bilal Amin), byeong.kang@utas.edu.au (Byeong Kang) data. Preprint submitted to Journal of LATEX Templates May 26, 2021
Considering the aforementioned core features of Blockchain cordingly, there is a need to research the landscape of security that can be handy for different businesses and fit in Industry 4.0, and privacy issues related to Blockchain-based industrial appli- this technology was characterised by a new revolution for the cations in order to support the design setup of these applica- applications mentioned earlier. In the banking and financial sec- tions and meet the needs of secure environment. Such research tor, for example, a high level of security is required to keep the reduces any reluctance to embrace and adopt Blockchain tech- exchange of customers’ money, data and information secure. nology in Industry 4.0. Practically, this needs many mediators to move the money and assets over a network infrastructure, making the transactions 1.1. Our Contributions more expensive and prone to errors, fraud and misinterpreta- To assist in this topic and provide directions for both devel- tions [13]. Blockchain holds the potential to transform and in- opers and research communities to implement secure industrial novate the way of transferring transactions and assets securely Blockchain-based systems that can meet security and privacy without a trusted party. Thus, it streamlines the transactions, requirements in the industrial scenario, we present a state-of- as well as reducing their complexities and associated costs with the-art research survey that focuses specifically on security and full transparency and accountability. However, many applica- privacy issues in Blockchain-based Industry 4.0 applications tion domains are still hesitant to adopt Blockchain because of and then discusses potential security techniques and solutions these aspects of security and privacy. used to address them. Our concrete contributions to this paper The focus of the previous surveys presented by Yang et al. are as follows: [14] and Li et al. [15] is on providing a high-level overview of security and privacy aspects without discussing the implemen- • A detailed comparison of existing state-of-the-art research tation scenario for different application domains. With the ad- studies focusing on design, security and privacy issues vancements of Bitcoin and the related cryptocurrency applica- in different Blockchain-based Industry 4.0 applications tions, the research and development communities moved their drives the research enhancement guidelines for our survey focus to investigate the security and privacy aspects of these study. applications. For example, Khalilov and Levi [16] targeted two security properties (that is, anonymity and privacy) for Bitcoin- • We examine the need of developing secure Blockchain- like Digital Cash Systems; Conti et al. [17] identified the se- based Industry 4.0 applications, focusing on the design re- curity and privacy needs in Bitcoin and their related cryptocur- quirements, measuring criteria, and security and privacy rency applications and Zhang et al. [18] covered the security requirements. and privacy needs, and requirements of the Bitcoin-like cryp- • We provide a comprehensive discussion on Blockchain- tocurrency systems. However, these studies are specific surveys based industrial applications to meet security and privacy for exploring the security and privacy of financial transactions requirements and we further elaborate on this to achieve in different models. In the same context, [19] conducted a state- these by utilising security enhancement solutions. of-the-art survey for studying the importance of anonymity and transactional privacy in finance-related applications. This sur- • We explore, discuss and analyse the various types of se- vey only covered some of the security attacks and provided only curity attacks detected on Blockchain-based Industry 4.0 limited cryptography solutions. applications, in conjunction with attack categories, attack- Considering the completion of a successful journey made by ers’ objectives, vulnerabilities exploited and target appli- leading Blockchain versions, a new version of Blockchain, that cations. is Blockchain 4.0, has been introduced to address the challenges and limitations of many real-world applications. The recent sur- • We identify some open issues of integrating Blockchain veys covered security and privacy aspects with different appli- technology into Blockchain-based Industry 4.0 applica- cation domains using Blockchain technology. Joshi et al. [20] tions on a larger scale, which provide researchers with fuel studied security and privacy issues in some Blockchain-based to develop potential future solutions. applications such as finance, healthcare, mobile, defence and IoT. Salman et al. [21] investigated the importance of differ- 1.2. Paper Organization ent security services such as confidentiality, authentication, ac- The organisation of this paper is as follows. Section 2 cess control in IoT, healthcare and some cloud computing ap- provides a related work that includes a detailed compari- plications. Dasgupta et al. [22] outlined the different secu- son of existing published surveys on security and privacy for rity services covering the numerous Blockchain-based appli- Blockchain-based applications and highlights the limitations in cations such as big data, medical and social networks. Has- them. In section 3, we provide an overview of Blockchain tech- san at al. [23] presented a comprehensive survey that high- nology in its introduction, features, layers, types, evolution, lights the privacy issues which arise with the integration of storage structure and transaction models. Section 4 classifies IoT and Blockchain technology for the services available pub- the design, security and privacy requirements of Blockchain- licly. However, these surveys do not provide a comprehensive based Industry 4.0 applications. A detailed discussion on se- study for security and privacy requirements, or for the chal- curity and privacy requirements for Blockchain-based Industry lenges and their mapping to corresponding attacks, with poten- 4.0 applications is provided in section 5. In section 6, we il- tial solutions for Blockchain-based industrial applications. Ac- lustrates and categorises the security and privacy enhancement 2
techniques used in different Blockchain applications to fulfil the mapped the Bitcoin’s system’s significant loopholes in their as- security and privacy objectives. Section 7 describes the differ- sociated threats and categorised each threat with their own pro- ent security and privacy attacks on Blockchain-based Industry posed solutions and techniques. Even though the study con- 4.0 applications. Furthermore, section 8 highlights the open is- sidered the Bitcoin system’s significant vulnerabilities in the sues required to address the development of secure Blockchain literature part, it only focused on addressing the various secu- applications. Finally, we conclude our paper and provide some rity requirements and challenges of the financial system. To future research directions in section 9. cover the privacy issues in Blockchain technology, Feng et al. [19] presented a survey study highlighting the importance of 2. Related Work anonymity and transactional privacy in finance-related applica- tions. Moreover, the limited cryptography solutions regarding This section compares the related surveys that explicitly fo- denial of service and Sybil attacks were discussed in this study. cus on security and privacy issues in different Blockchain- Salman et al. [21] summarised the importance of different enabled applications. We make a detailed comparison of ex- security services such as confidentiality, authentication, access isting state-of-the-art studies related to the security and privacy control in IoT, healthcare and some cloud computing applica- domain in Blockchain-based Industry 4.0 applications based on tions. This study’s major limitation is that the discussion pro- various properties, including published year, publisher, paper vided security services and challenges intended for a limited title, applications covered, problems addressed, existing threats number of applications in Blockchain areas. Dasgupta at al. and vulnerabilities, attacks detected, techniques and solutions [22] outlined the different security services covering the numer- proposed, and future directions. Table 1 shows a detailed com- ous Blockchain-based applications such as big data, medical parison of these surveys. and social networks. However, this research only highlighted The R3-Zcash organisation presents an initial security and the security requirements and challenges for essential aspects privacy survey on the Blockchain in a technical report. In of privacy, along with a limited number of cryptography solu- this report, Yang et al. [14] addressed the security challenges tions. in Blockchain by focusing on confidentiality and privacy in Hassan at al. [23] presented the privacy issues that arise with Blockchain applications. The authors also described the basic the integration of IoT and Blockchain technologies for mak- attacks on Blockchain services like denial of service and 51% ing services publicly available. This survey considered ba- attacks, discussed some solutions and proposed approaches, sic privacy parameters to secure communication in different such as Hawk and Enigma , to overcome these attacks. How- Blockchain-based applications. This survey is a preliminary ever, this survey only highlighted some of the security proper- study for privacy, preserving strategies of IoT-based applica- ties and objectives, and their solutions, without further discus- tions with a limited target scope. The recent research work by sion regarding the most recent vulnerabilities. Li et al. [15] Zhang et al. [18] covered the requirements of security and pri- highlighted the security and privacy threats in Blockchain sys- vacy for Bitcoin-like cryptocurrency systems. Different secu- tems. In this survey, the authors discussed the different vulner- rity attacks on Blockchain services, such as the denial of ser- abilities and attacks in these systems. Similar to [14], some vice and mining attacks with multiple security solutions, were of the security solutions, that is, smart pool, Oyente, Town- discussed. The limitation of this research work is that it only crier, and Hawk, are discussed to address the fundamental secu- explored the security and privacy requirements, focusing on dif- rity weaknesses and privacy challenges in Blockchain systems. ferent models for financial transactions. However, these solutions only deal with smart contract applica- In a further study, Wang et al. [30] discussed privacy issues tions to enforce the security policies of the Blockchain systems. related to user identity and transactional privacy in Blockchain To address the anonymity and privacy challenges in systems. This research study covered the traditional security Blockchain-based digital cash systems, Khalilov and Levi [16] mechanisms used to protect privacy, such as zero-knowledge provided a detailed survey to cover the given problems. Bitcoin proof and ring signatures, channel protocol, encryption and and its further extension of digital cash systems aim to work coin mixing mechanisms (Mix coin, Blind coin, Coin join, and with different community studies to resolve the various limita- so on) based on Blockchain technology. However, this study tions of address mappings in digital cash systems. The authors only covered limited privacy protection solutions which were also covered the multiple attacks on these systems with their mainly based on Blockchain technology. Casino et al. [24] prospective solutions. However, this research work is a specific underlined the importance of Blockchain technology and its study on the security and privacy of financial transactions with underlying features in various real-time applications, ranging various models. Joshi et al. [20] presented a survey to highlight from industrial to business perspectives. This study’s applica- the security and privacy required in some of the Blockchain- tions were health care, IoT, voting, supply chain and a few in based applications such as finance, healthcare, mobile, defence the business sector, such as data management, banking and in- and IoT. However, the drawback of this study is that the authors surance. However, this study did not address security threats only addressed two forms of attacks, including denial of ser- and privacy issues in these Blockchain applications, nor did vice and 51% attacks, and proposed the specific cryptography it discuss further solutions to overcome them. Akram et al. primitives as a solution. [27] presented a systematic review of existing security solu- Conti et al. [17] outlined the security and privacy needs in tions specifically designed for Industry 4.0 applications. How- Bitcoin and its related applications. This survey identified and ever, this study’s scope only covered a few Blockchain-based 3
Table 1: Existing Surveys on Security and Privacy of Blockchain-based Industry 4.0 Applications Threats Techniques Year Applications Problems Attacks Ref Paper Title /Vulnerabilities /Solutions Future Directions Published /Publisher Covered Addressed Highlighted Discussed Discussed [14] 2016 Survey of Not defined Confidentiality and Not defined Denial of service Zero-knowledge proofs, Not defined R3-Zcash confidentiality and privacy in attack, 51% attack Ring signatures, Mixing privacy preserving Blockchain Pedersen commitments technologies for with range proofs, Hawk, Blockchain Enigma [15] 2017 A survey on the Not defined Security threats to 51% vulnerability, Selfish mining Smartpool, Quantitative Develop efficient and less Elsevier security of Blockchain Privacy key security, attack, DAO attack, framework, OYENTE, time-consuming consensus Blockchain systems Criminal activity, BGP hijacking Hawk, Town Crier algorithms, Design scalable and Double spending, attack, Eclipse efficient privacy preserving Transaction privacy attack, Liveness schemes for decentralised leakage attack, Balance applications, Improve the data attack cleanup and detections method in smart contracts [16] 2018 IEEE A survey on Bitcoin-like digital Anonymity and Discovering Bitcoin Denial of service Mixing, Blind signatures, Investigate more effective Communi- anonymity and cash systems privacy addresses and attack, Majority Ring signatures, methods to improve anonymity cations privacy in identities, Mapping attack, Homomorphic and privacy in Bitcoin, Design Surveys & Bitcoin-like digital Bitcoin addresses to Re-identification encryption, Zero more secure cryptography Tutorials cash systems IP addresses, attack, knowledge proof protocols, Improve scalability Linking Bitcoin Fingerprinting in the existing Bitcoin related 4 addresses and their attack, Man-in-the cash systems, Balance the mapping to middle attack, trusted and integrity relation- geo-locations ship with anonymity and privacy of users [20] 2018 Math- A survey on security Finance, Healthcare, Security and privacy Privacy leakage, Denial of service Traceability, Design secure ematical and privacy issues of Mobile, Defence, in Blockchain Selfish mining, attack, 51% attack cryptography techniques Blockchain-based applications Foundations Blockchain Automobile, IoT Personally in the areas of security and of technology identifiable privacy Computing information, Security [17] 2018 IEEE A survey on security Bitcoin Security and Privacy 51% vulnerability, Bitcoin system CoinJoin, CoinShuffle Propose game theory and Communi- and privacy Issues of in Bitcoin Sybil and attacks, Bitcoin Xim, CoinShuffle++, stability, Design of cations Bitcoin double-spending, network and entities DiceMix, ValueShuffle, cryptography and keying Surveys & Mining pool, attacks Dandelion, SecureCoin, protocols, Improve Blockchain Tutorials Client-side Security CoinParty, MixCoin, consensus algorithms, Design BlindCoin, TumbleBit of incentive mechanisms for miners, Generation of privacy preserving smart contracts [19] 2019 A survey on privacy Finance Privacy (Identity and De- anonymization, DoS attack, Sybil Centralised and Design of scalable system, Elsevier protection in Transaction) Transaction pattern attack decentralised mixing Design of a strong privacy Blockchain system schemes, Ring scheme, Compatibility of signatures, CryptoNote, transaction structure with NIZK different privacy requirements, Traceability and accountability of transactions
Threats Techniques Year Applications Problems Attacks Ref Paper Title /Vulnerabilities /Solutions Future Directions Published /Publisher Covered Addressed Highlighted Discussed Discussed [21] 2019 IEEE Security services IoT, Healthcare, Explore security Vulnerabilities in Man-in-the- middle Presented the multiple Design the different solutions Communi- using Blockchain: A Cloud computing challenges, traditional attack, Data theft Blockchain- based covering the large scale cations state of the art survey problems, and centralised attack architectures to enhance applications and real- time Surveys & services, architectures and support security environments Tutorials (Authentication, services privacy, integrity, confidentiality, non-repudiation, data provenance) in existing security architectures [22] 2019 A survey of Big data, Medical, Security and privacy Keys, Quantum, Replay attack, cryptography operations Design resilient security Springer Blockchain from Social networks, in Blockchain Identity, Reputation, Impersonation solutions to overcome the cyber security perspective Sports, Shopping, Application, attack, Sybil attack, attacks, Propose energy Education, Manipulation, Eclipse attack, Time efficient mining algorithms, Entertainment, Service, Malware jacking attack, Race Design query architecture for Finance attack, DDoS attack, Blockchain Double spending attack, Finney attack, Vector76 attack, Collusion attack 5 [23] 2019 Privacy preservation IoT (Healthcare, Privacy in IoT User identity privacy, Address reuse attack, Anonymisation, Explore and design the further Elsevier in Blockchain -based Energy, Intelligent Transaction privacy Deanonymisation Encryption, Private Blockchain -based IoT areas IoT systems: transportation, analysis using contract, Mixing, such as Industrial IoT, Internet Integration issues, Finance) graphs attack, Wallet Differential privacy of farming, cities, Mobile Prospects, privacy leakage things, Smart cities, Mobile challenges, and attack, Sybil attack, crowd sensing future research Message spoofing directions attack, Linking attack [18] 2019 ACM Security and Privacy Financial transaction Security and privacy Inconsistencies DoS attack, DDoS Mixing, Anonymous Design efficient consensus on Blockchain issues in Blockchain between ledgers, attack, Double signatures, algorithms, Develop Falsifying or forging spending attack, Homomorphic lightweight cryptography the certificates, Data 51% consensus encryption, algorithms, User identity unavailability, attack, Attribute-Based problem, Linkability of Double spending de-anonymisation Encryption (ABE), transactions problem, Disclosure attack, Secure multi-party of information, computation, Non-interactive zero-knowledge (NIZK) proof, The trusted execution environment (TEE)-based smart contracts, Game-based smart contracts
Threats Techniques Year Applications Problems Attacks Ref Paper Title /Vulnerabilities /Solutions Future Directions Published /Publisher Covered Addressed Highlighted Discussed Discussed [24] 2019 A systematic Financial Impact of Not Applicable Not Applicable Not Applicable Suitability of Blockchain for Elsevier literature review of applications integrity Blockchain on specific applications, Explore Blockchain-based verification different applications the latency and scalability applications: current Governance Public issues, Explore sustainability of status classification sector Voting mining protocols and open issues Internet of Things Healthcare Business Applications Education Data management construction and real state Banking and Insurance Waste Management [25] 2019 Blockchain Healthcare Financial Use of Blockchain in Not Applicable Double spending Not Applicable Not Applicable Elsevier technology: a survey Internet of Things various applications privacy leakage on applications and Legal perspective and their linked private key security security privacy Government Power challenges Mining attack challenges grid Transport Balanced attack Commercial CloudData Reputation system 6 Education [26] 2019 IEEE A Review on the Industrial Internet of Analysing benefits Not Applicable Not Applicable Not Applicable Scalability Consensus Access Application of Things, Vertical and, and challenges of Mechanism Privacy and Blockchain to the Horizontal Blockchain in Security Energy Efficiency Next Generation of Integration Systems, Industry 4.0 Management of Chains Cybersecure Cyber Physical applications Industry 4.0 Smart Production System, Factories Industry Augmented and Virtual Reality, Big Data and Data Analytical, Autonomous Robots and Vehicles, Cloud and Edge Computing, Additive Manufacturing, Cyber Security, Simulation Software [27] 2020 Wiley Adoption of Energy Health Blockchain-based Not Applicable Not Applicable Not Applicable Interoperability and Blockchain Supply chain security solutions for governance, Rules and technology in Internet of Things Industry 4.0 regulation for governance various realms: Resource Monitoring applications Opportunities and challenges
Threats Techniques Year Applications Problems Attacks Ref Paper Title /Vulnerabilities /Solutions Future Directions Published /Publisher Covered Addressed Highlighted Discussed Discussed [28] 2020 Blockchain 3.0 E-voting Health care Use of Blockchain in Not Applicable Not Applicable Not Applicable Not Applicable Elsevier applications survey Record and Identity various industrial management applications decentralised notary Intellectual property Supplychain management [29] 2020 Blockchain Finance Identity Applicability of 50% vulnerability, Not Applicable Not Applicable Not Applicable Elsevier technology: Is it protection Foreign Blockchain in code vulnerability, hype or real in aid Voting various construction private key security construction industry transportation Food applications and criminal activity and agriculture their feasibility exposing identities 7 Healthcare Logistics Management MultipleData Applications for construction [4] 2020 IEEE Blockchain for Supply chain and Blockchain-based Not Applicable Not Applicable Not Applicable Not Applicable Access Industry 4.0 A Logistics, Energy solutions in various Comprehensive Domain, Digital Industry 4.0 Review Content Distribution, applications Tourism and Hospitality Industry, Smart Healthcare, Smart City, Business, IoT, Manufacturing, Agriculture,
security approaches, described their merits and demerits, and try 4.0 and Blockchain technology features such as decentral- discussed the challenges of interoperability and governance. isation, immutability and accountability to digitise and auto- In another study, Maesa and Mori [28] explored the use of mate business process workflows and to support open inter- Blockchain from an Industrial 3.0 perspective and its links to operations of service providers, in order to achieve asset trust- underlying applications. They then further discussed the prob- worthiness. To accomplish this goal, Viriyasitavat et al. [32] in- lem and solution requirements of Blockchain adoption in Indus- vestigated a business process management method in the com- try 3.0. However, this study’s limitation was that it focused only position services in which Blockchain technology is used to on the importance of Blockchain technology in Industry 3.0 and identify the best possible combinations and determine partner did not cover the needs of security and the privacy issues. Mo- businesses’ trustworthiness, using automated process manage- hanta et al. [25] discussed the importance of Blockchain in vari- ment solutions. Moreover, a middleware approach is provided ous Blockchain applications, including healthcare, finance, IoT, in [5] for leveraging Blockchain tools and capabilities to allow cloud computing, power grids, smart transport and so on, and for more stable and transparent autonomous smart manufactur- then highlighted the different security and privacy issues and ing applications, enabling different parties to build trust in the challenges in those applications. The limitation found in this manufacturing process. survey study was that it focused only on security and privacy challenges and did not discuss security solutions to overcome 3. A Generalised Overview of Blockchain those challenges. In a recent survey, Perera et al. [29] explored the possibility of adopting Blockchain technology in Industry Blockchain is a decentralised and distributed ledger tech- 3.0 application sectors, particularly in the construction sector, nology that follows the peer-to-peer (P2P) network fashion in by demonstrating its relevance with different use-case perspec- which participating nodes can interact and communicate with tives. However, this study’s focus was solely on exploring and others, without having trusted third parties. The distributed mapping the various aspects and features of Blockchain in the ledger is a shared, timestamped, immutable and append-only industrial sectors and did not cover in detail the security threats database that keeps a record of transactions in a block structure. and issues related to these applications or possible countermea- Each block is connected to its predecessor block by a cryptog- sures. raphy hash stored in the block header to form a full chain called Fernandez-Carames and Fraga-Lamas [26] presented a sur- a Blockchain. Each block structure contains multiple informa- vey to analyse the advantages and disadvantages of using tion, such as timestamp, nonce and transaction-related, to a spe- Blockchain and smart contracts to build Industry 4.0 applica- cific event. A timestamp indicates the time of creating each tions. However, this study primarily focused on describing a block, whereas nonce is a unique random number generated to general roadmap for Industry 4.0 researchers to illustrate how each block and used in different cryptography operations. In a to use Blockchain for more cybersecure industries. Bodkhe Blockchain, each block can contain multiple verified transac- et al. [4] conducted a recent survey to investigate emerging tions stored as hash values that cannot be changed or modified Blockchain-based solutions and their applicability for various regardless of the need for a lot of computing power [6, 33]. smart applications, especially in Industry 4.0. However, this Blockchain allows the network’s participating nodes to in- study’s focus covered only the merit and demerits of available teract and communicate with others without a significant third solutions with a few countermeasures. Furthermore, this study party to manage and provide verification services. Communica- did not go into detail about security risks and privacy attacks in tion between network nodes is first validated and then stored as Blockchain applications. a transaction in a Blockchain database. Different cryptography The Industry 4.0 revolution has brought new paradigms to primitives, such as digital signatures, are used in Blockchain the manufacturing industry, for example Cyber-Physical Pro- to determine the level of trust for broadcasting transactions be- duction Systems (CPPSs), which can provide many advantages tween nodes. Usually, there are two types of nodes involved in and future opportunities, such as self-awareness, self-prediction the Blockchain network which are responsible for creating and and self-reconfiguration. CPPSs attempts to connect the vir- validating blocks. One is a simple node that can create the ac- tual and physical production realms but an integrated computa- count wallets and transactions in the network. Simultaneously, tional platform is necessary to execute these systems in the real the others are full nodes (also called miner nodes) responsi- world. To achieve this, Lee et al. [3] investigated the possible ble for verifying or validating transactions before grouping and consequences of introducing Blockchain in real-world cyber- adding them to the Blockchain. Although both types of nodes physical systems for creation and implementation perspectives. can access all the blocks in the distributed ledger, no one has Moreover, a three-tier Blockchain architecture was also pro- full control of the blocks and cannot modify them [34]. vided to direct industrial researchers to clearly define the role of To ensure the reliability of data and transactions and to main- Blockchain technology in next-generation manufacturing pro- tain trust between decentralised nodes, Blockchain systems fol- cesses. To achieve the security and privacy of the devices and low the consensus concept, in which nodes do not accept any networks in industrial manufacturing processes under a smart trusted third party’s services to manage their behaviour and in- factory setup, Lin et al. [31] presented a Blockchain-based se- teractions. Each interaction between the communicating nodes cure mutual authentication system to enforce fine-grained ac- is cryptographically secured and recorded in the distributed cess policies. ledger. By receiving broadcast transactions, full nodes or miner Business process management (BPM) integrates with Indus- nodes on the Blockchain network can verify transactions using 8
Decentralisation Immutability Open Source Anonymity Autonomy Transparency Data Features Blockchain 1.0 Network Blockchain 2.0 Consensus Blockchain 3.0 Layers Blockchain Evolution Overview Incentive Blockchain 4.0 Incentives Smart Contract Blockchain 5.0 Application Transaction Types Storage Models Structure UTXO Account-based Public Private Consortium Off-chain Blockchain Blockchain On-chain Online Blockchain Figure 1: A Generalised Overview of Blockchain computational procedures. After verification, the miner nodes models. A generalised overview of Blockchain, which illus- build a new block of validated transactions and add them to trates its features, evolution, layers, types, storage structure and the Blockchain. To conclude, the complete process of validat- transaction models, is shown in Fig. 1. ing and adding transactions to the Blockchain is called mining. followed by some decision-making or consensus mechanism. 3.1. Features Each consensus mechanism is associated with miners’ rewards The overall Blockchain technology can be summarised with for their effort and computation [35]. the following features: decentralisation, immutability, open Depending on the Blockchain systems and their types, sev- source, anonymity, autonomy and transparency which is used eral consensus mechanisms have been proposed. Nevertheless, to achieve a set of security features for different applications. the commonly used consensus mechanisms in most Blockchain systems are PoW (Proof of Work) [36], PoS (Proof of Stake) [37], PBFT (Practical Byzantine Fault Tolerance) [38] and 3.1.1. Decentralisation DPoS (Delegated Proof of Stake) [39]. The PoW consen- Decentralisation feature allows a group of nodes to be organ- sus mechanism is generally used by the Bitcoin cryptocur- ised in a P2P manner and is responsible for maintaining the net- rency, while the Ethereum Blockchain systems use the PoS. work’s overall structure, rather than relying on a single govern- Apart from these consensus mechanisms, several other consen- ing authority to control and manage network-wide operations sus mechanisms have also been developed, such as PoA (Proof [44]. of Authentication) [40], PoET (Proof of Elapsed Time) [41], PoSpace (Proof of Space) [42] and PoI (Proof of Importance) 3.1.2. Immutability [43]. Blockchain’s immutability feature relates to the distributed Blockchain technology can be classified into the following ledger, which means that the state of Blockchain remains un- set of properties that may vary depending on the design per- changed. Since the data stored in the distributed ledger cannot spectives of each application, ranging from single user level to be modified or changed once the majority of the nodes have business level. These properties include evolution, layered ar- been verified, immutability ensures the integrity and traceabil- chitecture, Blockchain types, storage structure and transaction ity of Blockchain data in a verifiable manner [45]. 9
3.1.3. Open Source Bitcoin is not just a currency system; it also changed the eco- An open-source feature of Blockchain technology allows de- nomic models and working structure of different organisations, velopers to build trust between network nodes and their data, for example, government sectors [55], banking [56] and ac- using some of the available code features constructed. It can counting. For security purposes, Bitcoin utilises the immutable also provide a way to create new decentralised applications to feature of distributed ledger, to ensure the integrity of recorded govern the code and adopt a flexible approach [46]. transactions and to guarantee that no one can change or modify the transactions. In addition, advanced cryptography protocols, 3.1.4. Anonymity such as hashing algorithms and digital signatures, provide the authentication trust and privacy of users in the Blockchain envi- Anonymity applies to an entity’s status as being secret and ronment [57]. However, at present, in Blockchain 1.0, there are unrevealed means that no one can access the users’ true identity a few issues about computational cost, extended waiting times, from their behaviour or their transactions in the system [47]. lack of inter-operability and versatility which are recognised as major barriers to wider adoption. 3.1.5. Autonomy Autonomy can be defined as self-governing in any system 3.2.2. Blockchain 2.0 capable of performing functions independently to achieve spe- Blockchain technology is considered a fast-growing technol- cific objectives. The anonymity feature of Blockchain enables ogy that has been revolutionised by continuous improvements users to participate in a self-organising system and gives them and rapid progression in the distributed ledger to develop smart the freedom to verify transactions without involving any cen- applications for society and businesses. Blockchain version 2.0 tralised third party [48]. comes with the concept of smart contracts, small executable user programs which run in the Blockchain environment called 3.1.6. Transparency Ethereum Blockchain to carry out different automatic tasks and Transparency is one of the most appealing features of make valid decisions [58]. The key features of such programs Blockchain technology as it allows any user to join the network are that they execute automatically, based on defined logics and and verify transactions before adding to the distributed ledger. conditions in them, for example, time, performance, the de- In Bitcoin, transparency allows users to track the history of all cision and verification policies [59]. It is equally important transactions, for example, who created them and who verified to describe here that these small programs (or contracts) run them [49]. with the autonomous identities of users to protect personal in- formation in the Blockchain network [60]. The advantage of 3.2. Evolution the smart contracts is that they can possibly reduce execution and verification times without requiring additional system re- Blockchain technology continues to evolve its underlying ar- sources to perform computation. Further, it can also allow the chitecture through a sequence of phases or evolution for devel- users to write smart contracts in a transparent way which pre- oping a variety of applications, as illustrated in Fig. 2. In each vents different fraud and hazard problems [13]. To summarise, phase, Blockchain technology identifies the various inherited the Ethereum Blockchain [61] is the most prominent feature of challenges and has proposed splendid solutions to overcome Blockchain version 2.0 in which the users are allowed to write them. To this end, the Blockchain evolution phases (1.0 to 4.0) and execute smart contracts in a secure way. are designed to provide a variety of lookouts, such as function- ality, features, strengths, challenges, and security issues. Ver- 3.2.3. Blockchain 3.0 sion 5.0 is currently under development, and research commu- The major limitations found in previous Blockchain ver- nities are working on it to improve its functionality for different sions (1.0 and 2.0) are that they mostly rely on the public business models. Table 2 summarises the different Blockchain Blockchain network and cannot store a massive amount of data generations (from 1.0 to 5.0) with respect to their applications, in the distributed ledger of Blockchain technology. Bitcoin and consensus mechanisms and features for each generation. Ethereum are open to everyone and the data are produced and recorded on the Blockchain daily. Therefore, the primary need 3.2.1. Blockchain 1.0 is to store a large amount of data in different storage places, Following this, the first application of Blockchain technology such as data servers and clouds [62]. For this purpose, a new was a very famous cryptocurrency named Bitcoin proposed by version of the Blockchain has proposed a Blockchain 3.0 in Satoshi Nakamoto in 2009 under the first evolution phase called which the decentralisation concept is utilised to store a huge Blockchain 1.0 [50]. The Bitcoin concept is very famous with amount of data and to legally support a wide variety of commu- the most commonly used terms on the internet being “Cryp- nication mediums [63]. Indeed, the code in decentralised appli- tocurrency” [51], “Cash for the internet” [52], and “Internet of cations supports multiple servers to run and compile it; whereas money” [53]. Bitcoin used the concept of distributed ledger a single server with limited storage only runs limited applica- technology to transfer money without the need for a trusted tions [64]. The advantage of Blockchain 3.0 is that it allows third party. On the scene, this technology has become a fast the developer to write the code of applications in any language and rapid growing digital payment system adopted by most of since it requires system calls to communicate with the decen- the financial organisations around the globe [54]. At present, tralised system for the execution of the program. Apart from 10
Blockchain 5.0 Blockchain Artificial Intelligence 4.0 - Web 3.0 Blockchain Industry - Smart City 3.0 - Energy - Internet of Things - Manufacturing - Agriculture Blockchain Decentralised Applications - Electronic Voting 2.0 - Health Care - Identity and Access Control Systems - Notary Systems Blockchain Smart Contracts - Supply Chain 1.0 - Ethereum - Hyperledger - Codius Cryptocurrencies - Bitcoin - Small Value Payments - Foreign Exchange - Gambling Figure 2: Blockchain Evolution the disadvantages, there are various security challenges faced cesses are transformed into linked systems using automated, au- by these decentralised networks such as authentication, autho- tonomous systems, which are also underpinned by Blockchain risation and access control of users and their data. The privacy technology. This convergence is primarily centred on the use of users and their transactions in a decentralised network is also of Blockchain features such as public ledgers and distributed a challenging task, along with other security requirements [65]. databases, as well as the implementation of smart contracts in To illustrate the concept of Blockchain 3.0, the developers of industry processes to remove the need for paper-based contracts smart contracts introduced Genaro [66], a first Turing machine- and to control the network through consensus [26]. Moreover, based public Blockchain, which permits the users to write and introducing Blockchain version 4.0 into Industry 4.0 aims to deploy native smart contracts in decentralised storage systems achieve transparency in the industrial processes from planning with the support of different network modules in the one place. to implementation, and to establish the relationship between in- dustry policies and underlying Blockchain features [78]. 3.2.4. Blockchain 4.0 There are a few examples of Industry 4.0 which have recently With the completion of a successful journey made by lead- adopted this new version into their business processes: financial ing Blockchain versions (from 1.0 to 3.0), the new version of services [8], IoT [79], Transport and Logistics [80], SG [81, 82] Blockchain 4.0 is presented to address the industrial challenges and eHealth [83]. and limitations of real-world applications. Blockchain 4.0 is a new generation or version of Blockchain technology that aims 3.2.5. Blockchain 5.0 to introduce Blockchain into the industrial world and make it Although Blockchain technology is relatively new, it has ad- practical for developing and running real-world applications in vanced dramatically. It is now used in a broad range of in- a secure and decentralised way. The new version also enables dustrial sectors, including banking, healthcare, IoT and sup- us to propose new solutions and fills the gap between business ply chain management. After achieving considerable success in and information technology industries [77]. earlier versions, Blockchain 5.0 is designed to serve the needs Furthermore, Blockchain 4.0 enables the industry and busi- of the next generation business peoples’ by formalising and ness sectors to transition their entire structure and processes (or standardising digital lifelines. Therefore, it is becoming ex- parts of them) transparently, to stable, self-recording applica- tremely important to have Blockchain 5.0 in the today’s world. tions built on a decentralised, distributed and immutable ledger. The aim of Blockchain 5.0 is to concentrate on the integration As Industry 4.0 is known as a revolutionary technological wave of AI and DLT in order to develop the next generation of decen- for the interconnectivity between people and machines, it pro- tralised Web 3.0 applications to achieve data privacy, security, vides substantial industry growth and productivity change that and interoperability. By making this option, a project called positively affects both the human quality of life and the envi- ”Relictum Pro” is well on its way to achieving success in the ronment [75]. new age of Blockchain technology, which is characterised by The convergence of Industry 4.0 and the Blockchain 4.0 gen- Blockchain 5.0. The “Relictum Pro” Project has advanced tech- eration creates a joined paradigm based on trusted networks nology to use Blockchain 5.0 to build virtual channels on this that eliminate the need for a third party. Individual manual pro- dedicated network. As a result, there is a significant increase 11
Table 2: Different Blockchain Generations along with their Applications, Consensus Mechanism and Unique Features Consensus Blockchain Generations Applications Unique Features Mechanism Used Blockchain 1.0 • Digital Currencies • PoW [36] • Mostly Designed for Cryptocurrencies – Bitcoin [50], Bitcoin Cash [67], Litecoin [68], Ripple [69], • PoS • Simple Ledgers etc. • Proof of Elapsed Time (PoET) • Public Blockchain • Small Value Payments [70] • Proof of Space • Foreign Exchange • Federated Byzantine Agreement (Federated BA) • Gambling • Proof of Memory • Money Laundering Blockchain 2.0 • Ethereum [61] • PoS [37] • Use of Smart Contracts • Hyperledger [71] • Practical Byzantine Fault Tolerance (PBFT) [38] • Micro-transactions • Codius [72] • Byzantine Fault Tolerance (BFT) - BFT-SMaRt • Digital Assets [73] • Privacy • Decentralised Autonomous Organisations (DAOs) • Decentralised Autonomous Corporations (DACs) [74] • Has own Contact-Oriented Language (Solidity) • Public Blockchain 12 Blockchain 3.0 Enterprise Blockchain Applications [28] Only few of them listed here but not limited to [75] • Electronic Voting • Tendermint • Instantaneous Transaction • Healthcare • DPoS • High Scalability • Identity and Access Control Systems • Raft • Interoperability • Notary Systems • Casper • Sustainability • Supply chain • Staller • Governance • Cloud Servicing • Multi layer Middle-ware Blockchain 4.0 Industrial Perspectives [76] Only few of them listed here but not limited to [75] • Cyber Physical Systems (CPS) • Industry Consortium • Hash DAG • Smart Manufacturing • Consensus Mechanism Efficiency • Proof of Importance (PoI) • Industrial Internet of Things (IIoT) • Proof of Burn (PoB) • Transparency • Agriculture • Proof of Value (PoV) • Improve Scalability • Energy Trading • Proof of Majority (PoM) • Energy Efficiency • Smart Product • Proof of History (PoH) • Smart City Blockchain 5.0 Web 3.0 Applications Not Available Combination of Artificial Intelligence and DLT • Data Privacy • Security • Interoperability
in transfer rates and the introduction of a seamless system with achieving consensus and how they can be applied depending on smaller block sizes and faster transactions [84]. the consensus process. Various consensus mechanisms, such as PoW, PoS, DPoS, PBFT, DBFT, etc., have been proposed 3.3. Layers and used by various Blockchain-based applications. PoW al- The layered architecture of Blockchain can be divided into gorithm was the first Blockchain algorithm to be implemented the following categories from top to bottom: application layer, into the Blockchain network. PoS is a Blockchain consensus al- smart contract layer, incentive layer, consensus layer, network gorithm that allows miners to participate in the mining process layer and data layer [85, 86]. Fig. 3 illustrates the layered ar- by staking their coins. DPoS is a variant of PoS in which the chitecture of Blockchain. stakeholders’ problem is fully resolved, and any component on the network may act as a delegate. PBFT is primarily concerned with the state machine because it can replicate the system while 3.3.1. Application Layer avoiding the primary Byzantine general issue. DBFT is one of The application layer is devoted to creating a wide range of the most well-known consensus algorithms, and it is created to Blockchain applications for use in many businesses and indus- address the shortcomings of PBFT. trial sectors. This layer is an essential component of any ar- chitecture because it allows humans to communicate with the 3.3.5. Network Layer existing system and facilitates communication between an indi- The network layer is the fifth layer in the Blockchain layer vidual or a system over a network. The application layer com- architecture, and it is primarily responsible for information ex- prises smart contracts, chain code, scripts, application program change between Blockchain nodes. Although various compo- interface (APIs), user interfaces and frameworks. Further, it nents constitute the network layer and allow nodes to commu- is also responsible for delivering specific user interface compo- nicate on a Blockchain network, three primary components are nents and encompasses all that makes an application work, such considered primary components: the P2P network, the broad- as protocols and code. casting protocol and the validation mechanism. In a P2P net- work, all nodes communicate using simple rules, and each 3.3.2. Smart Contract Layer node has an equal opportunity to create a new block in the The smart contract layer is the second layer of the Blockchain Blockchain network. Following the generation of a block, each layer architecture, containing smart contract script and algorith- node broadcast the data to the P2P network for validation. All mic logic for performing specific tasks inside the Blockchain nodes do not have to receive the block data during broadcast- application. In general, a smart contract script is a piece of ing, but the primary node must accept it and connect it to the code that is written and stored on the distributed ledger, and Blockchain to form a chain structure. The nodes in the vali- network nodes automatically execute it. Algorithmic logic is a dation mechanism obtain a new block containing information set of rules and conditions that control how parties interact and from other peer nodes and then verify the information before communicate. When certain predefined conditions are met, the adding it to the Blockchain. The node agreed to add the new agreement is enforced and executed automatically. block to the Blockchain based on the validity of the informa- tion. 3.3.3. Incentive Layer The incentive layer is the third layer in the layered architec- 3.3.6. Data Layer ture of Blockchain. It is responsible for distributing incentives The data layer is responsible for handling and storing to nodes that contributed to the Blockchain by inserting valid Blockchain data since it manages the data structure and phys- blocks. The incentive method is primarily composed of two ical storage space. As we know, Blockchain is based on dis- mechanisms: the issuance of incentives and the allocation of tributed ledger technology; it enables the secure and efficient incentives. Aside from that, this layer enables nodes to partic- storage of data on a shared digital database. The ledger is con- ipate in Blockchain verification by providing incentives. For structed using a linked list of blocks, referred to as Merkle trees, instance, in Bitcoin, miners are rewarded with bitcoins, allow- that are encrypted using asymmetric encryption. The following ing additional users to join the network and mine the blocks. components comprise the data layer: hash function, asymmet- Similarly, ethers are used as mining incentives in Ethereum. ric cryptography, Merkle tree, transaction, block structure and chain structure. A hash function is used to convert the transac- 3.3.4. Consensus Layer tions into hash values since transactions are stored in the block This layer is responsible for enforcing network rules that in the form of hashes. Asymmetric encryption, such as pub- specify how nodes within the network should behave in order lic and private key pairs, is often used to secure the transfer to achieve consensus on broadcasted transactions. It also en- of blocks through a network. The Merkle tree is used to ar- sures the integrity of records stored on the Blockchain as the range transactions as a tree and store them on the Blockchain. A fundamental layer of the Blockchain architecture. To accom- transaction is any piece of data that is stored on the Blockchain. plish this goal, the consensus layer incorporates several con- Blocks are primarily used as data structures, with the primary sensus protocols that enable Blockchain nodes to agree on the function of grouping all transactions and then distributing them authenticity and legitimacy of newly created data blocks. The to all nodes in the P2P network for verification. The trans- consensus layer contains specifications that define the rules for actions specified by the user are linked together in the chain 13
Application Smart Contract Incentive Consensus Network Data Figure 3: Layered Architecture of Blockchain structure by storing the hash of the previous block, in which 3.4.2. Private Blockchain each block stores the root hash. In contrast to the public Blockchain, a private Blockchain is a permission-based Blockchain network that manages and spec- 3.4. Types ifies access for an organisation or group of people to read or Starting with the types, there are three Blockchain types: write the blocks from the Blockchain [92]. Unlike a public public, private and consortium. These types are divided ac- Blockchain, a single authority is responsible for managing and cording to their assessment criteria and permission rules, all of updating the complete Blockchain setup by defining the rules which require access to the Blockchain network. and policies. In particular, a private Blockchain is designed for those organisations which want to keep their data safe within 3.4.1. Public Blockchain the given, defined boundaries, such as finance and audit com- The public Blockchain is the most fundamental type of panies [15]. In a private Blockchain, the miners are the special Blockchain network in which any user can participate, send and nodes or trusted agents in which other nodes of the Blockchain receive transactions, and validate (mine) the network’s transac- network can blindly trust. The encrypted immutable ledger is tions [87]. The validation process is performed by specifically shared with all other organisation members to keep the data designated nodes called miners which run the consensus algo- safe [93]. Generally speaking, a private Blockchain can solve rithm to verify the network’s transactions. The miners also add challenging problems by providing secure solutions for differ- updated and validated blocks in the existing Blockchain [88]. ent corporate sectors [6] and governmental organisations [94]. Indeed, the consensus algorithms such as PoW [36] and PoS [37] are mostly employed in a public Blockchain, in which a reward is given to the miners for their services (hashing or com- 3.4.3. Consortium Blockchain putations) in the network. The distribution of reward in the pub- The hybrid form of the Blockchain network is referred to lic network is directly proportional to the effort made by each as a consortium Blockchain. In simpler terms, the consortium miner; everyone has an equal opportunity to validate the blocks Blockchain combines different features and properties used in [89]. Moreover, different cryptography protocols are utilised in both public and private Blockchain networks. In most cases, the public Blockchain to authenticate and secure users’ trans- the read request to access the specific block could be from a actions [90]. For privacy purposes, the identity of each user public Blockchain, whereas the write request is allowed only to remains anonymous in the public Blockchain. By confirming private Blockchain nodes [95]. Fig. 4 depicts an example of all the above features, Bitcoin [50], Ethereum [61], Litecoin various access policies (read, write and approve) on a consor- [68] and Monero [91] are the most common and well-known tium Blockchain as executed by other Blockchain types, such as examples of the public Blockchain network. public and private [96]. However, the consortium Blockchain’s 14
You can also read