Bachelorarbeit BCLR-2020-45

Salaheddine, Ali: Design and implementation of secure smart contracts for mobile target tracking applications.
Universität Stuttgart, Fakultät Informatik, Elektrotechnik und Informationstechnik, Bachelorarbeit Nr. 45 (2020).
77 Seiten, englisch.

In recent years, cryptocurrencies implemented on top of Blockchains became very popular, with Bitcoin as the most prominent example. However, novel Blockchain-based platforms such as Ethereum also support distributed applications beyond cryptocurrencies through so-called smart contracts. Technically, smart contracts are programs, whose code and execution state is stored in the Blockchain, inherently featuring the ability to transfer (electronic) money during their execution. In this Bachelor thesis, we investigate how smart contracts can be used to implement a distributed crowdsensing application for tracking mobile objects by a crowd of privately owned mobile devices. Such a system could be used, for instance, to nd lost or stolen objects, such as keys, vehicles (cars, bicycles, . . . ), or pets tagged with short-range radio transmitters implemented using readily available Bluetooth or RFID technology. These objects can then be detected by smartphones of private users in the vicinity of the object, effectively implementing a huge sensor network covering many parts of the world without any upfront investments by a central entity. Although highly attractive, implementing a crowdsensing application on top of a Blockchain platform such as Ethereum comes with several challenges. First of all, users need incentives to participate in searching for mobile objects. A natural incentive is a monetary reward that participants automatically receive through the smart contract when reporting sightings (timestamped positions) of wanted objects. However, this directly brings up the problem of malicious participants (attackers) who try to get the reward without actually executing the work of searching for the object by simply reporting fake positions. Therefore, one major goal of this Bachelor thesis is to counter such attacks by proposing effective counter-measures, and implementing and evaluating them for the Ethereum platform. In detail, we propose a basic reputation-based approach for detecting fake positions which judges each sighting made by a mobile devices according to the reputation of that device, implemented by a smart contract. Furthermore, advanced attacks are identified compromising the basic reputation-based approach and effective counter-measures to these advanced attacks are proposed. Identified advanced attacks include reputation farming, where the attacker tries to aggregate reputation first before launching the attack, and the so-called copycat attack, where the attacker simply copies already submitted valid sightings form honest participants, making his fake positions indistinguishable from valid positions. Our evaluations analyses the monetary cost of executing smart contracts with and without our security mechanisms. The results show that the overhead included by our reputation-based approach is at maximum 45% of the cost of a smart contract without implemented security mechanisms.

Volltext und
andere Links
Abteilung(en)Universität Stuttgart, Institut für Parallele und Verteilte Systeme, Verteilte Systeme
BetreuerRothermel, Prof. Kurt; Dürr, Dr. Frank
Eingabedatum17. Dezember 2020
   Publ. Informatik