Blockchain for the Internet of Vehicles: A Decentralized IoT Solution for Vehicles Communication Using Ethereum
Abstract
:1. Introduction
- Centralization: At the moment, smart vehicle architectures are based on centralized, brokered communication models [4]. More precisely, central cloud servers identify, authenticate, authorize, and connect all the vehicles. Nevertheless, it is not likely that this model will be scaled. The failure of cloud servers can endanger the whole network.
- Lack of Privacy: Typically, user privacy is not protected in the current communication architectures. In other words, data pertaining to the vehicle is exchanged without the owner’s permission. Moreover, noisy or summarized data is revealed to the requester.
- Heterogeneity: The use of connecting devices in IoV is highly variable, as they are deployed by different entities, authorities, and individuals. Moreover, their resolutions, functionalities, and operating conditions differ from each other. Hence, it is challenging to enable the smooth integration of numerous devices at the same time. In particular, merging such devices in a complex network increases the degree of complexity.
- Scalability: A use of miniaturized devices such as actuators and sensors has been increasing due to the prompt rise in embedded technologies. Simultaneously, the data created by such devices is growing indefinitely. Thus, another significant challenge related to the IoV is to manage the number of devices and the data they create.
- Interoperability: Both human and non-human objects represent actors in the IoV ecosystem. Each actor, depending on the environment and the particular situation, can play several roles, such as service providers, data consumer, data provider, and available resource in IoV applications. To materialize the vision of the IoV, it is essential to ensure the smooth interaction of all the actors. If each actor is managed in a different way, their interaction magnifies.
- Mobility: The challenges in terms of mobility are related to protocol efficiency and the IoT network. Currently, the use of sensor networks, Mobile Ad Hoc Networks (MANETs), and mobility protocols of Vehicular Ad Hoc Networks (VANETs) are not adequately equipped to handle standard IoT device because of considerable processing and energy constraints. Moreover, efficient real-time authentication is required instead of the one-time initial configuration considering that the vehicle must continuously authenticate other vehicles present on the roads.
- Safety Threats: The number of autonomous driving functions in smart vehicles keeps growing. Consequently, a security breach that occurs occurred by a malfunction resulting from the installation of malicious software can lead to car crashes and endanger road users.
- A new IoT Solution (DISV) to study all the possible interactions between different components and road users of smart cities, such vehicles, lights, radars, pedestrians and others. This DISV consists of three primary layers:
- -
- The perception layer that consists of multiple Android applications (AV and AP) which are designed to sense and collect information about vehicles, drivers, and infrastructures.
- -
- The network layer, which enables data transfer between devices and the cloud through networks such as wireless or 4G.
- -
- The application layer, which consists of cloud solutions responsible for management, data analysis, and providing services to the user.
- A Decentralized Framework based on Blockchain technology with real time application (RTA) specification aimed at enabling secure communication between vehicles and other actors in transportation systems.
- Good performance of the proposed system particularly in terms of the execution time, costs, availability, integrity, immutability, and security.
2. Blockchain Technique and Ethereum
2.1. Ethereum
2.1.1. Ethereum Virtual Machine (EVM)
2.1.2. Transactions
2.1.3. Ether and Gas
2.1.4. Proof-of-Work (PoW)
3. Literature Review
4. Proposed Solution
4.1. System Overview
- The perception layer is the physical layer. It consists of several IoT devices equipped with sensors designed to identify and collect information about the environment (i.e., physical parameters) and to detect nearby smart objects. The Android Application for Vehicles (AV) embedded into the perception layer collects and analyze data about the trip, the vehicle, and the driver’s behavior. Android Application for Infrastructure (AP) simulates the role of IoT devices integrated into the roads such as radars, traffic lights, roadside electronic signs and others.
- The network layer connects the sensors to other servers, network devices, and smart things, and also transmits and processes sensor data.
- The application layer consists of Blockchain application and Central Cloud Server. It delivers application-specific services to the IoT devices. More precisely, the Blockchain application manages communication between vehicles and other actors in the transportation system. The Central Cloud Server is in charge of processing and analyzing the obtained data and managing invitations of other actors.
4.2. The Perception Layer
4.2.1. Android Application for Vehicles (AV)
- VDCS is designed to collect information about the car, such as the car model and characteristics of the motor including horsepower, speed and engine size. Finally, the system collects the data related to the trip such as start and end time, distance, and minimum, maximum, and average speed as illustrated in Figure 2. It is set to detect measures such as rotational velocity along the Roll, Pitch and Yaw axes; acceleration; distance; and GPS position every 15 s.
- The purpose of Driver Drowsiness Detection is to detect driver’s drowsiness and prevent potential accidents it might cause. This system is an element of the Advanced Driver Assistance System (ADAS), which is an integral part of contemporary automotive technology. The role of ADAS is to improve safety and ensure the satisfying driving experience. This system was developed on the basis of Real-Time Driver Drowsiness Detection using Deep Neural Networks techniques. More details about this system can be found in [45,46,47] .
4.2.2. Android Application for Infrastructure (AP)
4.3. The Network Layer
4.4. The Application Layer
4.4.1. Central Cloud Server
4.4.2. The Blockchain Layer
Blockchain Layer Overview
System In- Depth
- -
- “s” field presents the information about the sender such as brand, car matriculation number, and color of the car.
- -
- “ts” field defines the type of sender message that can be sent from a car, pedestrian or infrastructure.
- -
- “t” field contains the time of sending the message. This helps the Android application to decide if the message is new or old. Therefore, if the mobile receives the message late, the notification alert will not be displayed.
- -
- “tf” field contains the time when the message should be removed from the smart contract. Every time any participant adds a new message, it must delete the obsolete messages. Thus, the smart contract becomes lighter and remarkably reduces the execution time, mining time, cost and energy. The finish time value is the result of summing between the start time and duration of the message. The availability of the message in the smart contract is detailed in Table 4.
- -
- “m” field includes the content of the message. For example : “Be careful of a drowsy driver, road crash in Khalifa Street”.
- -
- “mt” field defines the priority of the message as explained in Table 5; there are three message types: information, warning, incident.
- -
- “p” field contains the position of the sender and will not be displayed in case of delay in sending the message and when the sender becomes far from the incident point.
Nominal Scenario
5. Performance Evaluation and Discussion
5.1. Costs
5.2. Execution Time
5.3. Memory and Power Consumption
5.4. Availability
5.5. Integrity
- -
- The accuracy of data—free from errors and confirmed by the protocol.
- -
- The originality of data—accessible sources and preservation in the original form.
- -
- Contemporary—data must be recorded at the exact time it was executed and observed.
- -
- Legible—easy to understand, record permanently, and preserve original entries.
- -
- An attributable—clear demonstration of who observed and recorded data, at what time, and what it is about.
5.6. Consistency
5.7. Confidentiality
- -
- An unauthorized third party must be able to identify the counter-parties to a transaction in a Blockchain until the counter parties reveal that information.
- -
- Transaction details must be invisible to the person who is not involved in that particular transaction until the participating parties don’t disclose their information.
5.8. Immutability
5.9. Security
6. Conclusions and Future Work
Author Contributions
Funding
Acknowledgments
Conflicts of Interest
References
- Atzori, L.; Iera, A.; Morabito, G. The internet of things: A survey. Comput. Netw. 2010, 54, 2787–2805. [Google Scholar] [CrossRef]
- Yang, F.; Wang, S.; Li, J.; Liu, Z.; Sun, Q. The internet of things: A survey. China Commun. 2014, 11, 1–15. [Google Scholar] [CrossRef]
- Delhi: 18,000 Autos Install GPS in One Month, Deadline Extended to February 28. Available online: https://www.hindustantimes.com/delhi-news/delhi-18-000-autos-install-gps-in-one-month-deadline-extended-to-february-28/story-xlIsXOhh94aKOxaO5wwErJ.html (accessed on 18 November 2019).
- Dorri, A.; Steger, M.; Kanhere, S.S.; Jurdak, R. BlockChain: A Distributed Solution to Automotive Security and Privacy. IEEE Commun. Mag. 2017, 55, 119–125. [Google Scholar] [CrossRef] [Green Version]
- Al-kahtani, M. Survey on Security Attacks in Vehicular Ad hoc Networks (VANETs). In Proceedings of the the 6th International Conference on Signal Processing and Communication Systems (ICSPCS), Gold Coast, Australia, 12–14 December 2012; Volume 12–14, pp. 1–9. [Google Scholar]
- Ahmad, F.; Hall, J.; Adnane, A.; Franqueira, V.N.L. Faith in Vehicles: A Set of Evaluation Criteria for Trust Management in Vehicular Ad-Hoc Network. In Proceedings of the the IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), Exeter, UK, 24–27 July 2017; Volume 21–23, pp. 44–52. [Google Scholar]
- Aloqaily, M.; Otoum, S.; Al Ridhawi, I.; Jararweh, Y. An Intrusion Detection System for Connected Vehicles in Smart Cities. Ad Hoc Netw. 2019, 90, 101842. [Google Scholar] [CrossRef]
- Glass, S.M.; Muthukkumarasamy, V.; Portmann, M. Detecting Man-in-the-Middle and Wormhole Attacks in Wireless Mesh Networks. In Proceedings of the the International Conference on Advanced Information Networking and Applications, Bradford, UK, 26–29 May 2009; Volume 26–29, pp. 530–538. [Google Scholar]
- Controlling Vehicle Features of Nissan LEAFs across the Globe via Vulnerable APIs. Available online: https://www.troyhunt.com/controlling-vehicle-features-of-nissan/ (accessed on 15 January 2020).
- Hackers Discovered It is Possible to Remotely Control Features of Mitsubishi Outlander PHEV by Hacking the Mobile Applications Designed by the Car Vendor. Available online: https://securityaffairs.co/wordpress/48114/hacking/mitsubishi-outlander-phev-hacking.html (accessed on 15 January 2020).
- Tesla Fixes Security Bugs After Claims of Model S Hack. Available online: https://www.reuters.com/article/us-tesla-cyber/tesla-fixes-security-bugs-after-claims-of-model-s-hack-idUSKCN11Q2SD (accessed on 15 January 2020).
- Team of Hackers Take Remote Control of Tesla Model S from 12 Miles Away. Available online: https://www.theguardian.com/technology/2016/sep/20/tesla-model-s-chinese-hack-remote-control-brakes (accessed on 15 January 2020).
- Sharma, P.K.; Moon, S.Y.; Park, J.H. Block-VN: A Distributed Blockchain Based Vehicular Network Architecture in Smart City. JIPS 2017, 13, 184–195. [Google Scholar]
- Yuan, Y.; Wang, F.Y. Towards blockchain-based intelligent transportation systems. In Proceedings of the IEEE 19th International Conference on Intelligent Transportation Systems (ITSC), Rio de Janeiro, Brazil, 1–4 November 2016; pp. 2663–2668. [Google Scholar]
- Bitcoin: A Peer-to-Peer Electronic Cash System. Available online: https://bitcoin.org/bitcoin.pdf (accessed on 15 January 2020).
- Cruz, P.J.; Kaji, Y.; Yanai, N. RBAC-SC: Role-Based Access Control Using Smart Contract. IEEE Access 2018, 6, 12240–12251. [Google Scholar] [CrossRef]
- Ethereum. Blockchain App Platform. Available online: https://ethereum.org/ (accessed on 15 January 2020).
- Ripple. Available online: https://ripple.com/ (accessed on 15 January 2020).
- Stellar. Available online: https://www.stellar.org/ (accessed on 15 January 2020).
- Wood, G. Ethereum: A Secure Decentralised Generalised Transaction Ledger. Yellow Paper. Available online: https://ethereum.github.io/yellowpaper/paper.pdf (accessed on 15 January 2020).
- Ethereum Homestead Documentation. Available online: https://ethereum-homestead.readthedocs.io/en/latest/index.html (accessed on 15 January 2020).
- Esposito, C.; Santis, A.D.; Tortora, G.; Chang, H.; Choo, K.K.R. Blockchain: A Panacea for Healthcare Cloud-Based Data Security and Privacy? IEEE Cloud Comput. 2018, 5, 31–37. [Google Scholar] [CrossRef]
- Liang, X.; Zhao, J.; Shetty, S.; Liu, J.; Li, D. Integrating Blockchain for data sharing and collaboration in mobile healthcare applications. In Proceedings of the 2017 IEEE 28th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC), Montreal, QC, Canada, 8–13 October 2017. [Google Scholar]
- Ferrag, M.A.; Maglaras, L.; Argyriou, A.; Kosmanos, D.; Janicke, H. Security for 4G and 5G cellular networks: A survey of existing authentication and privacy-preserving schemes. J. Netw. Comput. Appl. 2018, 101, 55–82. [Google Scholar] [CrossRef] [Green Version]
- Fan, K.; Ren, Y.; Wang, Y.; Li, H.; Yang, Y. Blockchain-based efficient privacy preserving and data sharing scheme of content-centric network in 5G. IET Commun. 2018, 12, 527–532. [Google Scholar] [CrossRef]
- Xu, C.; Wang, K.; Guo, M. Intelligent Resource Management in Blockchain-Based Cloud Datacenters. IEEE Cloud Comput. 2017, 4, 50–59. [Google Scholar] [CrossRef]
- Huang, X.; Xu, C.; Wang, P.; Liu, H. LNSC: A security model for electric vehicle and charging pile management based on Blockchain ecosystem. IEEE Access 2018, 6, 13565–13574. [Google Scholar] [CrossRef]
- Kang, J.; Yu, R.; Huang, X.; Maharjan, S.; Zhang, Y.; Hossain, E. Enabling Localized Peer-to-Peer Electricity Trading Among Plug-in Hybrid Electric Vehicles Using Consortium Blockchains. IEEE Trans. Ind. Inform. 2017, 13, 3154–3164. [Google Scholar] [CrossRef]
- Li, L.; Liu, J.; Cheng, L.; Qiu, S.; Wang, W.; Zhang, X.; Zhang, Z. CreditCoin: A Privacy-Preserving Blockchain-Based Incentive Announcement Network for Communications of Smart Vehicles. IEEE Trans. Intell. Transp. Syst. 2018, 19, 2204–2220. [Google Scholar] [CrossRef] [Green Version]
- Yang, Z.; Zheng, K.; Yang, K.; Leung, V.C.M. A blockchain-based reputation system for data credibility assessment in vehicular networks. In Proceedings of the 2017 IEEE 28th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC), Montreal, QC, Canada,, 8–13 October 2017; pp. 1–5. [Google Scholar]
- Lei, A.; Cruickshank, H.; Cao, Y.; Asuquo, P.; Ogah, C.P.A.; Sun, Z. Blockchain-Based Dynamic Key Management for Heterogeneous Intelligent Transportation Systems. IEEE Internet Things 2017, 4, 1832–1843. [Google Scholar] [CrossRef] [Green Version]
- Shojafar, M.; Cordeschi, N.; Baccarelli, E. Energy-efficient adaptive resource management for real-time vehicular cloud services. IEEE Trans. Cloud Comput. 2016, 7, 196–209. [Google Scholar] [CrossRef]
- Cordeschi, N.; Amendola, D.; Shojafar, M.; Baccarelli, E. Distributed and adaptive resource management in cloud-assisted cognitive radio vehicular networks with hard reliability guarantees. Veh. Commun. 2015, 2, 1–12. [Google Scholar] [CrossRef]
- Aloqaily, M.; Al Ridhawi, I.; Kantraci, B.; Mouftah, H.T. Vehicle as a Resource for Continuous Service Availability in Smart Citites. In Proceedings of the IEEE 28th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC), Montreal, QC, Canada,, 8–13 October 2017. [Google Scholar]
- Al Ridhawi, I.; Aloqaily, M.; Kantarci, B.; Jararweh, Y.; Mouftah, H.T. A continuous diversified vehicular cloud service availability framework for smart cities. Comput. Netw. 2018, 145, 207–218. [Google Scholar] [CrossRef]
- Singh, M.; Kim, S. Blockchain based intelligent vehicle data sharing framework. arXiv 2017, arXiv:1708.09721. [Google Scholar]
- Singh, M.; Kim, S. Intelligent vehicle-trust point: Reward based intelligent vehicle communication using blockchain. arXiv 2017, arXiv:1707.07442. [Google Scholar]
- Singh, M.; Kim, S. Introduce reward-based intelligent vehicles communication using blockchain. In Proceedings of the 2017 International SoC Design Conference (ISOCC), IEEE, Seoul, Korea, 5–8 November 2017; pp. 15–16. [Google Scholar]
- Kang, J.; Yu, R.; Huang, X.; Wu, M.; Maharjan, S.; Xie, S.; Zhang, Y. Blockchain for secure and efficient data sharing in vehicular edge computing and networks. IEEE Internet Things J. 2018, 6, 4660–4670. [Google Scholar] [CrossRef]
- Leiding, B.; Memarmoshrefi, P.; Hogrefe, D. Self-managed and blockchain-based vehicular ad-hoc networks. In Proceedings of the 2016 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct, Heidelberg, Germany, 15 September 2016; pp. 137–140. [Google Scholar]
- Reilly, E.; Maloney, M.; Siegel, M.; Falco, G. A smart city iot integrity-first communication protocol via an ethereum blockchain light client. In Proceedings of the International Workshop on Software Engineering Research and Practices for the Internet of Things (SERP4IoT 2019), Marrakech, Morocco, 3–6 April 2019; pp. 15–19. [Google Scholar]
- Falco, G.; Siegel, J.E. Assuring Automotive Data and Software Integrity Employing Distributed Hash Tables and Blockchain. arXiv 2020, arXiv:2002.02780. [Google Scholar]
- Rowan, S.; Clear, M.; Gerla, M.; Huggard, M.; Goldrick, C.M. Securing vehicle to vehicle communications using blockchain through visible light and acoustic side-channels. arXiv 2017, arXiv:1704.02553. [Google Scholar]
- The Mystery Behind Block Time. Available online: https:https://medium.facilelogin.com/the-mystery-behind-block-time-63351e35603a (accessed on 15 January 2020).
- Jabbar, R.; Al-Khalifa, K.; Kharbeche, M.; Alhajyaseen, W.; Jafari, M.; Jiang, S. Real-time Driver Drowsiness Detection for Android Application Using Deep Neural Networks Techniques. Procedia Comput. Sci. 2018, 130, 400–407. [Google Scholar] [CrossRef]
- Jabbar, R.; Al-Khalifa, K.; Kharbeche, M.; Alhajyaseen, W.; Jafari, M.; Jiang, S. Applied Internet of Things IoT: Car monitoring system for Modeling of Road Safety and Traffic System in the State of Qatar. In Proceedings of the Qatar Foundation Annual Research Conference 2018 (ARC’18), Doha, Qatar, 19–20 March 2018; HBKU Press: Doha, Qatar, 2018; Volume 2018. [Google Scholar]
- Jabbar, R.; Shinoy, M.; Kharbeche, M.; Al-Khalifa, K.; Krichen, M.; Barkaoui, K. Driver Drowsiness Detection Model Using Convolutional Neural Networks Techniques for Android Application. arXiv 2020, arXiv:cs.CV/2002.03728. [Google Scholar]
- Getting Deep Into Ethereum: How Data Is Stored In Ethereum? Available online: https://hackernoon.com/getting-deep-into-ethereum-how-data-is-stored-in-ethereum-e3f669d96033 (accessed on 15 January 2020).
- Wu, J.; Luo, S.; Wang, S.; Wang, H. NLES: A novel lifetime extension scheme for safety-critical cyber-physical systems using SDN and NFV. IEEE Internet Things J. 2018, 6, 2463–2475. [Google Scholar] [CrossRef]
- Guan, Z.; Zhang, Y.; Wu, L.; Wu, J.; Li, J.; Ma, Y.; Hu, J. APPA: An anonymous and privacy preserving data aggregation scheme for fog-enhanced IoT. J. Netw. Comput. Appl. 2019, 125, 82–92. [Google Scholar] [CrossRef]
- Greenspan, D.G. Ending the Bitcoin vs Blockchain Debate. MultiChain. Available online: http://www.multichain.com/blog/2015/07/bitcoin-vs-blockchain-debate/ (accessed on 15 January 2020).
- Shomer, A. The Colored Coins Protocol. Available online: https://github.com/Colored-Coins/Colored-Coins-Protocol-Specification/wiki (accessed on 15 January 2020).
- Maria Apostolaki, A.Z.; Vanbever, L. Hijacking bitcoin: Routing Attacks on Cryptocurrencies. Available online: https://arxiv.org/pdf/1605.07524v2.pdf (accessed on 15 January 2020).
- Abeyratne, S.; Monfared, R. Blockchain ready manufacturing supply chain using distributed ledger. Int. J. Res. Eng. Technol. 2016, 9, 1–10. [Google Scholar]
- Umeh, J. Blockchain double bubble or double trouble? ITNOW. Available online: https://academic.oup.com/itnow/article/58/1/58/2392029 (accessed on 15 January 2020).
- Mlö, F. Decentralized Transactions in a Centralized Environment: A Blockchain Study Within the Transport Industry. Available online: http://www.diva-portal.org/smash/record.jsf?pid=diva2%3A1116772&dswid=8232 (accessed on 15 January 2020).
- Open Web Application Security Project (OWASP). Available online: https://www.owasp.org/index.php/Main_Page (accessed on 15 January 2020).
- Mihelj, J.; Zhang, Y.; Kos, A.; Sedlar, U. Crowdsourced traffic event detection and source reputation assessment using smart contracts. Sensors 2019, 19, 3267. [Google Scholar] [CrossRef] [Green Version]
Goals | Tuning Completeness | Performance | |
---|---|---|---|
M. Singh et al. | Developing an Intelligent Vehicle-Trust Point protocol for secure and fast vehicular communications | No | No |
J. Kang et al. | Developing a consortium blockchain-based distributed data management system | No | No |
B. et and al. | Developing an Ethereum-based automatic management framework for distributed vehicular network | No | No |
E. Reilly et al. | Developing a novel light client communications protocol based on Ethereum contracts for smart cities. | Yes | No |
G. Falco et al. | Developing a Blockchain-based automotive hashing validation mechanism for vehicular data provenance | No | Yes |
S. Rowan et al. | A novel and robust protocol for key production based on public-key Blockchain architecture with the use of both ultrasonic audio and visual light physical channels | No | No |
Proposed System | Decentralized IoT Solution for Vehicles communication (DISV) based~ on the concept of Ethereum | Yes | Yes |
Layers | Developed Solution | Main Features |
---|---|---|
Perception layer | Android Application for Vehicles (AV) | Collects and analyze data about the trip, the vehicle, and the driver’s behavior. |
Android Application for Infrastructure (AP) | Simulate the role of IoT devices integrated into the roads such as radars, traffic lights, roadside electronic signs and other. | |
Network layer | Connects the sensors to other servers, networks devices and smart things. | |
Application layer | Blockchain Application | Managing communication between vehicles and other actors in the transportation system. |
Central Cloud Server | Processes and analysis obtained data Manages invitations of the of other actors. |
Model | Example |
---|---|
{ | { |
Sender : , | "s": "Toyota , 404551 , white", |
TypeSender : | , "ts": "Car", |
Time : , | "t": " 2018-10-13 19:43:16", |
FinishTime , | "tf": " 2018-10-13 19:53:16", |
Message , | "m": "Alert Drowsy driver", |
TypeMessage: | "tm": "3", |
Position , | "p": " 25.333091, 51.467223", |
} | } |
Urgent Level | Duration of Message | Example |
---|---|---|
0 | 10 min | Drowsy driver or bad driver behavior |
1 | 1 h | Streets crowded |
2 | 6 h | Temporary Closed Roads |
3 | 12 h | Maintenance work |
Type | Message |
---|---|
Information message | i.e., Informative messages from the Ministry of Interior. It is displayed only in the message page of the Android application. |
Warning message | i.e., Information about traffic signal not working. It is displayed as a pop-up message. |
Incident message | i.e., A drowsy driver, critical zone or extreme weather condition. It is displayed as a pop-up message with an alert sound to get the driver’s attention. |
Function | Gas Used | Price |
---|---|---|
Deploy Contract | 389,473 | 0.07572 (one time/Truffle) |
SetMessage | 140,345–257,488 | 0.02486–0.0456 |
Get Message | 0 | 0 |
No. | System Attack | Description | Security and Privacy Requirements |
---|---|---|---|
A1 | Injection | Injection Attacks (CRLF, LDAP, and SQL injection) take part when untrusted data is sent by an attacker to an interpreter and then executed as a command without adequate authorization. | The prevention is done by the system by ensuring that data is separate from queries and commands. |
A2 | Broken Authentication | Broken Authentication and Session Management vulnerabilities refer to users being able to work around sessions and authentic mechanisms or manipulate them. | The prevention is done by the system through strong storage mechanisms and password policies. |
A3 | Sensitive Data Exposure | Applications and APIs which do not have proper protection of sensitive data such as username and passwords and financial information. Accordingly, attackers can steal identities and commit fraud upon accessing such information. | It is necessary to have SSL incorporated into the system and to transfer sensitive data only with encryption such as AES-256. The detection of insecure obfuscation techniques is needed. |
A4 | XML External Entities (XEE) | Exploitation of vulnerable XML processors by attackers by uploading XL and inserting hostile content in an ML document. It can also be done by exploiting vulnerable integrations, dependencies, and code. | It is recommended to incorporate the Rest paradigm into the system and use data formats such as JSON. Also, avoiding the serialization of sensitive data is needed. |
A5 | Broken Access Control | This vulnerability occurs when users can access certain applications functionalities that are not intended for their use. Accordingly, they can modify a URL as a way to reach other functionalities. | It is necessary to incorporate a strong access control mechanism into the system. |
A6 | Security Misconfiguration | This is the case of insecure and outdated configurations and also not adequate protection of directories and files by a web server. | All components of an application, including an operating system, language runtime, and server must be suitably hardened following recommended best practices. |
A7 | Cross-Site Scripting | Attackers perform scripts using XSS in the victim’s web service endpoint or browser to redirect the user to malicious sites, deface websites orhijack user sessions. | To prevent malicious data from harming the database or website the system must render the correct data (Validate the Data). |
A8 | Insecure Deserialization | Insecure deserialization flaws allow an attacker to execute remote code in the application, elevate privileges, carry out injection and delete or tamper with serialized (written to disk) objects. | The system must incorporate SSL. |
A9 | Using Components With Known Vulnerabilities | Vulnerable components-frameworks, libraries, etc must run with full privilege. | The system must use approved enterprise libraries. |
A10 | Insufficient Logging And Monitoring | The detecting time of a breach is typically measured in weeks and sometimes months. Thus, in sufficient logging and ineffective integration, relevant security incident response systems allow attackers to reach other systems and become a persistent threat. | Monitoring systems such as Appdynamics and Dynatrace have defined rules and send proactive alerts. They should be incorporated into the system. |
No. | System Attack | Description | Security and Privacy Requirements |
---|---|---|---|
AE1 | Re-Entrancy (DAO attack) | The smart contract of Ethereum can call and use codes of other external contacts, which can be hijacked and subsequently forced to conduct new codes through, for instance, a fallback function. | The transfer function should not send more than 2,300 gas with the external call, as it prevents the destination address/contract from calling another contract. |
AE2 | Arithmetic Over/Under Flows | The Ethereum Virtual Machine (EVM) determines fixed-size data types for integers. Attackers can exploit Variables in Solidity in a case of unchecked user input and performed calculations in numbers outside the range of the data type storing them them. | Protecting against under/overflow vulnerabilities is performed by designing or using mathematical libraries to replace the standard math operators, namely addition, subtraction and multiplication. |
AE3 | Delegatecall | Ethereum developers use the CALL and DELEGATECALL opcodes to modularize their code. However, DELEGATECALL can result in unintended code execution. | Solidity holds the library keyword to implement library contracts. (Check the Solidity Docs) Consequently, the library contract is non-self-destructable and stateless. |
AE4 | Default Visibilities | Solidity functions include visibility specifiers to dictate how functions are permitted to be called. Incorrect use of those specifiers results in serious vulnerabilities | The visibility of all functions should be specified in the contract. |
AE5 | Short Address/Parameter Attack | The parameters passed to the smart contract are encoded by the ABI specification. Sending encoded parameters shorter than the expected parameter length is possible. | Prior to sending the inputs to the Blockchain, they should be validated by the system. |
midrule AE6 | Unchecked CALL Return Values | Performing external calls in solidity can be done in several ways. Typically, the transfer method is used to send ETH to external accounts; while the send () function is employed for versatile external calls. Moreover, the CALL is used directly in solidity. | In all possible cases the transfer() function should be used instead of send() transfer() reverts when the external transaction reverts. |
AE7 | Denial of Service (DOS) | A DDoS attack on Ethereum Blockchain indicates that an attacker intends to use all resources of the network so that minors cannot record or cater to other transactions. | Contracts must not loop through data structures which allow artificial manipulation by external users. |
AE8 | Tx.Origin Authentication | Contracts authorizing users by the tx.origin variable are vulnerable to phishing attacks. These attacks trick users to carry out authenticated actions on the vulnerable contract. | Do not use tx.origin for authorization in smart contracts. |
© 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Jabbar, R.; Kharbeche, M.; Al-Khalifa, K.; Krichen, M.; Barkaoui, K. Blockchain for the Internet of Vehicles: A Decentralized IoT Solution for Vehicles Communication Using Ethereum. Sensors 2020, 20, 3928. https://doi.org/10.3390/s20143928
Jabbar R, Kharbeche M, Al-Khalifa K, Krichen M, Barkaoui K. Blockchain for the Internet of Vehicles: A Decentralized IoT Solution for Vehicles Communication Using Ethereum. Sensors. 2020; 20(14):3928. https://doi.org/10.3390/s20143928
Chicago/Turabian StyleJabbar, Rateb, Mohamed Kharbeche, Khalifa Al-Khalifa, Moez Krichen, and Kamel Barkaoui. 2020. "Blockchain for the Internet of Vehicles: A Decentralized IoT Solution for Vehicles Communication Using Ethereum" Sensors 20, no. 14: 3928. https://doi.org/10.3390/s20143928
APA StyleJabbar, R., Kharbeche, M., Al-Khalifa, K., Krichen, M., & Barkaoui, K. (2020). Blockchain for the Internet of Vehicles: A Decentralized IoT Solution for Vehicles Communication Using Ethereum. Sensors, 20(14), 3928. https://doi.org/10.3390/s20143928