Search Results (17)

Smart contracts and cryptocurrency wallets are foundational components of decentralized applications (dApps) on blockchain platforms such as Ethereum. While these technologies enable secure, transparent, and automated transactions, their integration also introduces complex security challenges. This study presents a security-oriented analysis of smart contract and wallet integration, focusing on BlockScribe—a decentralized Ethereum-based application for digital record certification. We systematically identify and categorize security risks arising from the interaction between wallet interfaces and smart contract logic. In particular, we analyze how user authorization flows, transaction design, and contract modularity affect the security posture of the entire dApp. To support our findings, we conduct an empirical evaluation using static analysis tools and formal verification methods, examining both contract-level vulnerabilities and integration-level flaws. Our results highlight several overlooked attack surfaces in wallet–contract communication patterns, including reentrancy amplification, permission mismanagement, and transaction ordering issues. We further discuss implications for secure dApp development and propose mitigation strategies that improve the robustness of wallet–contract ecosystems. This case study contributes to a deeper understanding of integration-layer vulnerabilities in blockchain-based systems and offers practical guidance for developers and auditors aiming to strengthen smart contract security. Full article

Aiming to address the shortcomings of traditional blockchain technologies, characterized by high storage redundancy and low transaction query efficiency, we propose a lightweight sender-based blockchain architecture (LSB). In this architecture, the linkage between blocks is associated with the user initiating the transaction, and the hash of the newly generated block is recorded in the user’s wallet, thereby facilitating transaction retrieval. Each user node must store only the blocks that pertain to it, significantly reducing storage costs. To ensure the normal operation of the system, the Delegated Proof of Stake based on Reputation and PBFT (RP-DPoS) consensus algorithm is employed, establishing a reputation model to select honest and reliable nodes for consensus participation while utilizing the Practical Byzantine Fault Tolerance (PBFT) algorithm to verify blocks. The experimental results demonstrate that LSB reduces storage overhead while enhancing the efficiency of querying and verifying transactions. Moreover, in terms of security, it decreases the likelihood of malicious nodes being designated as agent nodes, thereby increasing the chances of honest nodes being selected for consensus participation. Full article

Blockchain wallets are essential interfaces for managing digital assets and authorising transactions within blockchain systems. However, typical blockchain wallets often encounter performance, privacy and cost issues when utilising multi-signature schemes and face security vulnerabilities with single-signature methods. Additionally, while granting users complete control, non-custodial wallets introduce technical complexities and security risks. While custodial wallets can mitigate some of these challenges, they are primary targets for attacks due to the pooling of customer funds. To address these limitations, we propose a chain-agnostic Multi-Party Computation Threshold Signature Scheme (MPC-TSS) shared-custodial wallet with securely distributed key management and recovery. We apply this solution to create a wallet design for wealth managers and their clients, consolidating the management and access of multiple cryptocurrency tokens and services into a single application interface. Full article

The acceleration of the digital transformation process imposed by the pandemic in all the countries of the European Union, and in all sectors, has given way to a revolution that up until a couple of years ago would have been impossible even to imagine. Digital innovation has become a factor of competitiveness in all sectors. In this new scenario that has come to be, the Blockchain technology, the Self-Sovereign Identity paradigm, Internet of Things, and, in general, the new technologies that will emerge, will constitute enhancers of competitiveness and will have to aim for interoperability. In this context, this article develops and presents a model proposal in the healthcare field that aims to highlight how the combination of the Blockchain technology and the Self-Sovereign Identity paradigm restores full control over a person’s identity and information, while ensuring the integrity of all medical reports, enabling secure communications between personal medical devices and patient/doctor applications on devices exploiting peer Decentralized Identifiers and ensuring data privacy, exploiting Zero Knowledge Proofs. The proposal relies on the Veramo platform, treating all medical reports as verifiable credentials and storing them in digital wallets owned by the patient. The article concludes by presenting a prototype designed and implemented for managing medication prescriptions, their issuance, and their exchange. Full article

Currently, the monetary value of cryptocurrencies is extremely high, leading to frequent theft attempts. Cyberattacks targeting cryptocurrency wallets and the scale of these attacks are also increasing annually. However, many studies focus on large-scale exchanges, leading to a lack of research on cryptocurrency wallet security. Nevertheless, the threat to individual wallets is real and can lead to severe consequences for individuals. In this paper, we analyze the security of the open-source cryptocurrency wallets Sparrow, Etherwall, and Bither against brute-force attacks, a fundamental threat in password-based systems. As cryptocurrency wallets use passwords to manage users’ private keys, we analyzed the private key management mechanism and implemented a password verification oracle. We used this oracle for brute-force attacks. We identified the private key management mechanism by conducting a code-level investigation and evaluated the three wallets’ security through practical experimentation. The experiment results revealed that the wallets’ security, which depends on passwords, could be diminished due to the password input space and the configuration of password length settings. We propose a general methodology for analyzing the security of desktop cryptocurrency wallets against brute-force attacks and provide practical guidelines for designing secure wallets. By using the analysis methods suggested in this paper, one can evaluate the security of wallets. Full article

In this paper, we predict money laundering in Bitcoin transactions by leveraging a deep learning framework and incorporating more characteristics of Bitcoin transactions. We produced a dataset containing 46,045 Bitcoin transaction entities and 319,311 Bitcoin wallet addresses associated with them. We aggregated this information to form a heterogeneous graph dataset and propose three metapath representations around transaction entities, which enrich the characteristics of Bitcoin transactions. Then, we designed a metapath encoder and integrated it into a heterogeneous graph node embedding method. The experimental results indicate that our proposed framework significantly improves the accuracy of illicit Bitcoin transaction recognition compared with traditional methods. Therefore, our proposed framework is more conducive in detecting money laundering activities in Bitcoin transactions. Full article

Internet of Things (IoT) has made significant strides in energy management systems recently. Due to the continually increasing cost of energy, supply–demand disparities, and rising carbon footprints, the need for smart homes for monitoring, managing, and conserving energy has increased. In IoT-based systems, device data are delivered to the network edge before being stored in the fog or cloud for further transactions. This raises worries about the data’s security, privacy, and veracity. It is vital to monitor who accesses and updates this information to protect IoT end-users linked to IoT devices. Smart meters are installed in smart homes and are susceptible to numerous cyber attacks. Access to IoT devices and related data must be secured to prevent misuse and protect IoT users’ privacy. The purpose of this research was to design a blockchain-based edge computing method for securing the smart home system, in conjunction with machine learning techniques, in order to construct a secure smart home system with energy usage prediction and user profiling. The research proposes a blockchain-based smart home system that can continuously monitor IoT-enabled smart home appliances such as smart microwaves, dishwashers, furnaces, and refrigerators, among others. An approach based on machine learning was utilized to train the auto-regressive integrated moving average (ARIMA) model for energy usage prediction, which is provided in the user’s wallet, to estimate energy consumption and maintain user profiles. The model was tested using the moving average statistical model, the ARIMA model, and the deep-learning-based long short-term memory (LSTM) model on a dataset of smart-home-based energy usage under changing weather conditions. The findings of the analysis reveal that the LSTM model accurately forecasts the energy usage of smart homes. Full article

Self-sovereign identity (SSI) is a user-centric, decentralised identity approach that provides a means for identification, authentication, and authorisation without the involvement of external entities, responsible for identity provisioning and management in current centralised and federated approaches. In general, the basic building blocks of an SSI system include decentralised identifiers, verifiable credentials, identity wallets, a verifiable data registry, and three main actors: issuer, identity holder, and verifier. Even though the SSI field is dominated by proposals, SSI systems can be implemented in different ways, which is reflected in the absence of a well-defined architecture. Thus, the best implementation is still a matter of research, the requirements of the individual system, and its field of application. However, well-designed and implemented systems are crucial to avoiding failures, speeding up the development process, ensuring high quality, and the broader adoption of SSI solutions. Hence, the main objective of this study was to identify design patterns and good practices of the SSI ecosystems by reviewing and analysing the literature, technical documentation, and existing SSI implementations. Therefore, the study is built on existing knowledge, and presents a comprehensive catalogue of thirty-five SSI design patterns that can serve as a starting point for a possible SSI system design. Full article

In this paper, we have presented the design and implementation of a blockchain-based approach for ensuring reliable supply chain management for commodities transported through smart containers. To administer interactions between the sender and receiver, our developed system makes use of the Ethereum blockchain’s smart contract features. Smart containers equipped with Internet of Things (IoT)-enabled sensors are used to monitor shipping conditions to check predefined shipping requirements. Smart contracts on Ethereum are used to automate payments, validate receivers, and give refunds in the case of violation of predefined requirements. We have also implemented our designed front-end decentralized WebApp and wallet that allows the sender and receiver to communicate with Ethereum smart contracts. Full article

The goal of this study is to examine and identify the factors influencing customer attitude toward and intention to use digital wallets (electronic wallets, e-wallets) during and after the COVID-19 pandemic. A total of 257 correctly fulfilled questionnaires from an online survey were summarized. The main features of e-wallet payment systems were classified with a focus on consumer satisfaction via the integration of classic and modern data analysis methods. Structural Equation Modeling (SEM) was preferred to reveal the dependencies between the variables from e-wallets users’ perspective. The designed model can discover and explain the underlying relationships that determine the e-wallets’ adoption mechanism. The obtained results lead to specific recommendations to stakeholders in the value chain of payment processing. Financial regulatory authorities could employ the presented results in planning the development of payment systems. E-commerce marketers could utilize the proposed methodology to assess, compare and select an alternative way for order payment. E-wallet service providers could establish a reliable multi-criteria system for the evaluation of digital wallet adoption. Being aware of the most important components of e-wallets value, managers can more effectively run and control payment platforms, enhance customer experience, and thus improve the company’s competitiveness. As the perceived value of customer satisfaction is subjective and dynamic, measurements and data analysis should be conducted periodically. Full article

In the ring-architecture-based federated learning framework, security and fairness are severely compromised when dishonest clients abort the training process after obtaining useful information. To solve the problem, we propose a Ring- architecture-based Fair Federated Learning framework called RingFFL, in which we design a penalty mechanism for FL. Before the training starts in each round, all clients that will participate in the training pay deposits in a set order and record the transactions on the blockchain to ensure that they are not tampered with. Subsequently, the clients perform the FL training process, and the correctness of the models transmitted by the clients is guaranteed by the HASH algorithm during the training process. When all clients perform honestly, each client can obtain the final model, and the number of digital currencies in each client’s wallet is kept constant; otherwise, the deposits of clients who leave halfway will be compensated to the clients who perform honestly during the training process. In this way, through the penalty mechanism, all clients either obtain the final model or are compensated, thus ensuring the fairness of federated learning. The security analysis and experimental results show that RingFFL not only guarantees the accuracy and security of the federated learning model but also guarantees the fairness. Full article

Life without computers is unimaginable. However, computers remain vulnerable to cybercrimes, a USD 6 trillion industry that the world has come to accept as a “necessary evil”. Third-party permissions resulting in an attack surface (AS) and in-computer storage that computers mandate are key design elements that hackers exploit, formerly by remote malware installation and later by stealing personal data using authentication faking techniques. In legacy computers, the AS cannot be completely eliminated, nor can a connected device retain data offline, rendering fool-proof cybersecurity impossible. Although the architects of legacy computers made perfectly reasonable engineering trade-offs for their world, our world is very different. Zero vulnerability computing (ZVC) challenges the impossible with in-computer offline storage (ICOS) and Supra OS (SOS), to deliver comprehensive protection against vulnerabilities. The feasibility of ZVC is demonstrated in a tiny permanently computer-mounted hardware wallet, providing the first evidence of the complete obliteration of the AS. Malware cannot infect the ZVC device on account of lacking an AS, nor can personal data be hacked as they mostly remain offline, except for sporadic processing. Further research should explore whether ZVC can fully secure computers in more complex real-world scenarios and open a new epoch in the evolution of computers and the Internet. Full article

E-wallets are a modern electronic payment system technology that easily recognize consumer interest, making our transactions very convenient and efficient. E-wallets are intended to substitute the existing physical wallet, which may tell others something about us as a person. That is why using a physical wallet is a unique, personal experience that cannot be duplicated. A solution would be to replace the physical wallet with an e-wallet on an existing mobile device. The personal nature of the e-wallet is that it should be installed on a unique device. One of the fundamental protections against any illegal access to e-wallet application is through authentication. In particular, the fundamental authentication category used in an existing e-wallet is based on knowledge (i.e., what you know), ownership (i.e., what you have), and biometric (i.e., what you are) authentication, which are sometimes prone to security threats such as account takeover, sim swapping, app cloning, or know your customer verification attacks. The design of an e-wallet authentication on mobile device solution must take into consideration the intensity of the security. To address this problem, this study proposes a design of e-wallet apps with an extension security element that focuses on the device identity in the existing user authentication mechanism. This study covers four fundamental categories of authentication: password, one time password, fingerprints, and international mobile equipment identifier. Using IMEI limits an e-wallet to be in one specific device in one time; this brings it into line with the nature of a physical wallet. In addition, it will be ready to handle the mentioned threats above, which will ultimately result in the far more reliable to use of e-wallet apps. The proposed authentication design has two phases, a registration phase and an authentication phase. The proposed method has been developed and implemented based on an Android Studio Firebase real-time database management and PayPal. In addition, the complete design has been evaluated using functional requirement testing to see how closely it meets functionality requirements. The results obtained from functional testing show that the functionalities of the proposed method meet the requirements, and one cannot use a same account on two devices; hence, it is secure from attacks. The result also shows that the proposed method has no errors. Moreover, it has been shown that our proposed method has better security parameters in terms of the existing method. Full article

Low-rise residential and public masonry structures constitute a large portion of the building patrimony, yet they were erected during the massive reconstruction of Southeast Europe after World War II before any design rules existed in the engineering praxis. Unreinforced unconfined masonry buildings (URM) were proven rather vulnerable during stronger earthquake motions in the recent past. To determine lateral strength, stiffness, and capacity of energy dissipation of the URM walls, in-plane tests were performed at the University of Sarajevo. Two full-scale plain walls (233 × 241 × 25 cm) built with solid clay brick and lime-cement mortar and two walls strengthened with RC jacketing on both sides were subjected to cyclic lateral loading under constant vertical precompression. Plain walls failed in shear with a typical cross-diagonal crack pattern. Jacketed walls exhibited rocking with characteristic S-shaped hysteretic curves and significantly larger ductility compared with plain walls. Wallets were tested for modulus of elasticity and compressive strength of masonry and the results showed considerable variations. Full article

In recent years, blockchains systems have seen massive adoption in retail and enterprise environments. Cryptocurrencies become more widely adopted, and many online businesses have decided to add the most popular ones, like Bitcoin or Ethereum, next to Visa or Mastercard payments. Due to the decentralized nature of blockchain-based systems, there is no possible way to revert confirmed transactions. It may result in losses caused by human error or poor design of the user interface. We created a cryptocurrency wallet with a full on-chain solution for aliasing accounts and tokens to improve user experience and avoid unnecessary errors. The aliasing system consists of a number of smart contracts deployed on top of the blockchain network that give the ability to register aliases to accounts and tokens and use them instead of opaque addresses. Our solution shows how performant modern blockchains are and presents a way of building fully decentralized applications that can compete with centralized ones in terms of performance. Full article