In recent decades, we have witnessed a convergence of multiple technologies into the integrated ever-evolving Smart World ecosystem. The ongoing evolution of the Smart World is shaped by cross-technological integration, as well as the adoption of new technologies into the ecosystem. Particularly, academia and industry envision blockchain technology as one of the major new additions to the Smart World. However, the adoption of blockchain technology is impeded by three major practical challenges: security, scalability, and usability. This dissertation aims at addressing these three challenges by focusing on revealing new blockchain attacks, facilitating threat mitigation in smart contracts, and introducing new trust-free applications of blockchain technology. First, this dissertation addresses some security challenges of blockchain largely overlooked in existing research. We discovered six zero-day social engineering attacks in Ethereum smart contracts and propose measures to address them. Furthermore, we introduce a new attack against hardware crypto wallets, confirmed by the manufacturers of the wallets, which evades security verification by user. Second, the dissertation elaborates on defending smart contracts against attacks. We design a comprehensive five-dimensional classification taxonomy of smart contract defense tools and classify 133 existing threat mitigation solutions using our taxonomy. Next, we introduce a new smart contract security testing approach called transaction encapsulation, and implement a transaction testing tool, which reveals the actual outcomes (either benign or malicious) of Ethereum transactions. Third, the dissertation introduces novel practical blockchain applications that exhibit increased security, privacy, and user control compared to other distributed solutions. We propose a framework that uses a single Ethereum smart contract for enabling high-performance scalable smart contracts on the cloud. Finally, the dissertation introduces a solution that uses Ethereum smart contracts for leveraging decentralized networks of WiFi hotspots with cross-domain authentication and automated QoS enforcement. We implemented and thoroughly evaluated all the proposed attacks, defenses, and frameworks thereby confirming the real-world applicability of our work. The dissertation concludes with an outlook of our ongoing and future efforts to further address the practical challenges associated with the integration of blockchain into the Smart World ecosystem.℗
Read
