Speakers
Dr. Leonardo Aniello
University of Southampton, UK
Talk title: Efficient Blockchain-based Platforms to Secure Multi-Party Systems
Abstract: A multi-party system includes a number of participants who do not fully trust each other but would benefit from setting up an integrated infrastructure to enable collaboration. ...Relevant real-world examples of multi-party systems are the organisations involved in a supply chain and the cloud providers in a cloud federation. Addressing this trust issue by relying on a third party, likewise any solution featuring some degree of centralisation, would lead to additional costs, introduce possible single-points-of-failure and performance bottlenecks in the overall system and, above all, would shift the problem rather than solve it. A decentralised approach is more suitable, where the collaborative infrastructure itself is implemented over a peer-to-peer network distributed across all the involved parties. Blockchain technology lends itself well to implement a solution like that. However, the design of a blockchain-based platform for multi-party systems entails several choices, such as using either a permissionless blockchain like Bitcoin or a permissioned one like HyperLedger Fabric, the former being more tamper-resistant and secure while the latter being more efficient. In this talk, I will expand on this topic presenting its key facets and challenges, the intrinsic trade-offs between performance and security, some architectural patterns to build efficient and reliable solutions and, finally, open research directions worth to be investigated.
Prof. Stefano Bistarelli
University of Perugia, Italy
Talk title: Blockchain technologies: transactions structure and possible attacks
Abstract: Nowadays there are more than 1 thousand and an half cryptocurrencies and (public) blockchains with an overall capitalization of more than 300 Billions of USD. ...The most famous cryptocurrency (and blockchain) is Bitcoin, described in a white-paper written under the pseudonym of “Satoshi Nakamoto”. His invention is an open-source, peer-to-peer digital currency (being electronic, with no physical manifestation). The presentation will briefly explain what the cryptocurrencies are, starting from the history and legends related to the most famous of them: the Bitcoin. Analyzing the blockchain technology on which the cryptocurrencies rest, we will discuss proof of work as a distributed consent protocol and the transaction model on which it is based; will therefore be shown how the (pseudo) anonymity of cryptocurrency is frequently used for cybercrime purposes and has also contributed to spreading the use of ramsomware (WannaCry and Petya). The security issues of the blockchain system will then be addressed and it will be highlighted how the strength of the technology represented by the distributed registry can result in a weakness of the architecture, through Sybil attacks, Routing attacks, DDoS, cryptographic vulnerabilities and attacks 51% or “Majority Attack ".
Dr. Simone Bronzini
Member of BlockchainEdu and CTO of Chainside, Italy
Talk title: From 7 to 7000 transactions per second
Abstract: Scalability is a critical topic in the Bitcoin ecosystem. Due to critical limits in the block size, the number of on-chain transactions the Bitcoin network can accommodate is very low. This talk will present how the power of bitcoin scripting has been used to overcome these limits through the Lightning Network.
Prof. Mauro Conti
University of Padova, Italy
Welcome Message: Introducing the School and the SPRITZ Security and Privacy Research Group together with its activities in the area of privacy and security of blockchain technology.
Final Remarks
Prof. Pierluigi Gallo
University of Palermo, Italy
Talk title: Handling logic with blockchain, the tradeoff among simplicity, security, and flexibility
Abstract: Not all blockchain platforms are the same, even within the set of permissioned blockchains. Besides the differences in the consensus protocol, ...the defined architecture, and other technical details, the way different platforms deal with the logic makes them more suitable for an application rather than another. The talk shows the design phases of a typical blockchain-based service, highlighting the part related to the implemented logic and the tradeoff among simplicity, security, and flexibility. Through the description of three applications (video surveillance, real estate market, traceability of agri-food products), we will show a few basic design principles and the role of blockchain logic. In the video surveillance application, the focus is on privacy and message authentication. In the real estate market, the accent is on the role of humans in the execution of smart contracts. Finally, in the agri-food example, the relation between blockchain and IoT is taken into account.
Dr. Ghassan Karame
NEC Labs, Germany
Talk title: On the Security and Scalability of Existing Blockchains
Abstract: In this talk, we overview, detail, and analyze the security provisions of Bitcoin and its underlying blockchain—effectively capturing recently reported attacks and threats in the system. Our contributions go beyond the mere analysis of reported vulnerabilities of Bitcoin; namely, we describe and evaluate a number of countermeasures to deter threats on the system—some of which have already been incorporated in the system. Finally, we overview state of the art attempts to solve these shortcomings in existing modern blockchain systems
Dr. Chhagan Lal
University of Padova, Italy
Talk title: Blockchain Technology: the next revolution?
Abstract: Blockchain technology holds immense promise for a variety of industries, including financial services, real estate, supply chain management, health care, academia and more. From smart contracts to blockchain-encrypted academic credentials, these use cases are vast and far-reaching. ...To make sense of this revolution, you need to understand what a blockchain is and what it is capable of doing. Blockchain is the technology backbone of Bitcoin. The distributed ledger functionality coupled with security of BlockChain, makes it very attractive technology to solve the current Financial as well as non-financial business problems. For instance, the large Financial institutions like Visa, Mastercard, Banks, NASDAQ, etc., are investing in exploring application of current business models on BlockChain. The Blockchain technologies among other features offer immutability, transparency, robustness, auditability, integrity, authenticity, and security. In this talk, we will discuss about the Blockchain and its associated technologies such as consensus protocols and peer-to-peer networks. Finally, the use of Blockchain for implementing the smart-contacts will also be presented along with its benefits and limitations.
Prof. Veelasha Moonsamy
Radboud University, NL
Talk title: Detection of browser-based crytocurrency mining
Abstract: A wave of alternative coins that can be effectively mined without specialized hardware, and a surge in cryptocurrencies’ market value has led to the development of cryptocurrency mining (cryptomining) services, ...which can be easily integrated into websites to monetize the computational power of their visitors. While legitimate website operators are exploring these services as an alternative to advertisements, they have also drawn the attention of cybercriminals: drive-by mining (also known as cryptojacking) is a new web-based attack, in which an infected website secretly executes JavaScript code and/or a WebAssembly module in the user’s browser to mine cryptocurrencies without her consent. In this talk, I will elaborate on the comprehensive analysis we performed on Alexa’s Top 1 Million websites to shed light on the prevalence and profitability of this attack. We study the websites affected by drive-by mining to understand the techniques being used to evade detection, and the latest web technologies being exploited to efficiently mine cryptocurrency. As a result of our study, we identified 20 active cryptomining campaigns. Furthermore, motivated by our findings, we investigate possible countermeasures against this type of attack. I will discuss how current blacklisting approaches and heuristics based on CPU usage are insufficient, and present MineSweeper [1], a novel detection technique that is based on the intrinsic characteristics of cryptomining code, and, thus, is resilient to obfuscation.
Dr. Michele Nati
IOTA Foundation, UK
Talk title: IOTA, A ledger for the Internet of Things. Innovation opportunities and research challenges (Industry Talk)
Abstract: This talk will provide a deep-dive into IOTA distributed ledger technology and explain what are the features that makes it suitable to support an economy of trusted IoT data, machines and services. The talk will cover technical aspects that span from theory to practice, including research challenges and those deriving from the deployment of the IOTA infrastructure in the real world. Application examples and a short tutorial on how to make your first IOTA transaction will conclude the talk.
Prof. Jan S. Rellermeyer
TU Delft, NL
Talk title: TrustChain: Replacing Global Consensus with Trust
Abstract: The success of the major crypto-currencies has propelled the expectations of the industry and researchers alike. To us, however, the true fascination of blockchain ...technology lies not in the highly speculative markets surrounding it but instead in the potential for a complete shift in paradigm of how business can be made in an entirely decentralized, community-driven way between individuals and even autonomously acting services and devices. In order to get there, however, blockchain technology needs to deliberate itself from one of its arguably biggest design flaws, the reliance on global consensus. With TrustChain, we have built a blockchain system that is explicitly designed around the idea of replacing global consensus with formalizing an element that is more natural for community-driven systems: Trust. TrustChain allows participants to keep their own history in the form of a local blockchain. Entanglement between the individual chains is created by recording successful transactions in the chains of both participants, signed by both entities to create irrefutable evidence. In this class, you will learn about the design and implementation of TrustChain and how we build several systems around it, including a novel peer-to-peer system to circumvent Internet censorship.
Prof. Laura Ricci
University of Pisa, Italy
Talk title: Smart Contract Programming in Ethereum
Abstract: If Bitcoin has offered a breakthrough in the field of currency, Ethereum offers an equivalent disruptive technology for a wider class ...of applications, i.e. supply chains, financial assets, legal contracts, distributed games, and distributed social networks. While Bitcoin exploits a simple form of smart contracts, the biggest innovation of Ethereum is the introduction of Turing complete languages for programming smart contract. The smart contracts are stored in the blockchain and are executed by all the nodes of the network, changing the state of the system which appears like a single distributed computer. In the first part of the talk we will give an overview of the main characteristics of the Ethereum blockchain (accounts, gas consumption, Proof based consensus), also highlighting the main differences with respect to Bitcoin. The second part of the talk will introduce Solidity, a language for smart contract, and present some classical applications, like Ponzi schemes, auctions, lotteries, gambling and distributed games. The last part of the lesson will present Remix, a simple web based environment. The students will write and deploy in Remix simple smart contracts written in Solidity.
Prof. Sushmita Ruj
ISI Kolkata, India
Talk title: Blockchain enabled Data Storage, Sharing and Trading
Abstract: Data is of unprecedented importance. Storing and sharing sensitive data can be challenging in view of various privacy policies. In the first part, ...we will talk about various types of proofs of storage. In the second part, we will discuss the limitations of existing techniques for data storage and sharing and the need for blockchain based solutions. We will also talk about P2P data sharing on blockchains. In the last part, we will talk about data marketplaces. The most valuable companies of today treat data as a commodity, which they trade and earn revenues. Present data marketplaces are inadequate as they fail to satisfy all the desirable properties - fairness, efficiency and privacy. We will present a design of a blockchain enabled data marketplace that fulfils all the above properties. We will discuss the challenges in implementing and deploying a complete data marketplace.
Prof. Claudia Sandei
University of Padova, Italy
Talk title: Blockchain and Cryptocurrencies: Legal Aspects
Abstract: By enabling new, often decentralised, means for human transactions and agreements, blockchain has the potential to transform or disrupt important social and economic institutions. Not surprisingly, this raises a number of interesting and thorny legal and regulatory issues, such as are smart contracts real contracts? To what extent does data stored on a blockchain have legally binding status? Are cripto like fiat currencies? Starting from these questions the lecture will provide participants with an overwiew of regulatory responses in order to make them aware also of the legal effects of technology.
Dr. Ernesto Ettore Troiano
Industry Talk: Blockchain and Cryptocurrencies Security - Needs and Opportunities (GFT Italia -Industry Talk)
Abstract:
The quest for better user experiences for consumers and citizens and for new business opportunities is virtually endless. How blockchains and cryptocurrencies can support new busin...ess models and the how the security of critical infrastructure will be affected is the challenge. The talk will consider a business case which exploits smart contracts for service providers and communities and an European project that addresses cyber and physical security for financial organizations. In particular the H2020 FINSEC project, (Integrated Framework for Predictive and Collaborative Security of Financial Infrastructures), is developing, demonstrating and bringing to market an integrated, intelligent, collaborative and predictive approach to the security of critical infrastructures in the financial sector. To this end, FINSEC introduces, implements and validates a novel reference architecture for integrated physical and cyber security of critical infrastructures, which will enable handling of dynamic, advanced and asymmetric attacks, while at the same time boosting financial organizations’ compliance to security standards and regulations.
The project defines mechanism for intelligent and adaptive monitoring and data collection taking in account the physical-cyber security context. The collaborative module exploits blockchain technology to allow stakeholders in the Financial Sector to share threat information for vulnerability assessment, risk analysis, threat identification.