Blockchain Applications for E-Commerce Security

‫م‬‫حی‬‫ر‬‫ل‬‫ا‬‫ن‬
‫حم‬
‫ر‬‫ل‬‫ا‬‫اهلل‬‫م‬
‫بس‬
‫م‬‫حی‬‫ر‬‫ل‬‫ا‬‫ن‬
‫حم‬
‫ر‬‫ل‬‫ا‬‫اهلل‬‫م‬
‫بس‬
Tarbiat Modares
University
Blockchain-based ApplicationsBlockchain-based Applications
E-Commerce SecurityE-Commerce Security
Instructor: Sadegh Dorri N.Instructor: Sadegh Dorri N.
http://www.modares.ac.ir/~dorrihttp://www.modares.ac.ir/~dorri
Spring 2019 (1398)Spring 2019 (1398)
Video: https://www.aparat.com/sdorri
Slides: https://www.slideshare.net/SadeghD1/
Podcast: https://shenoto.com/sdorri

Spring 2019 (1398) E-Commerce Security - Blockchain-based Applications 2
OutlineOutline
· Blockchain as a ComponentBlockchain as a Component
- Storage, compute, communication, and asset management
- Suitability criteria and design process
· Blockchain PatternsBlockchain Patterns
- Oracle, off-chain storage, state channel, etc.

Blockchain as a ComponentBlockchain as a Component
· What can it provide?What can it provide?
- data storage, computation services, communication services
- asset management and control
· Key question:Key question: on-chainon-chain vs.vs. off-chainoff-chain
- On-chain
●
Functionality implemented inside the blockchain component using
the blockchain ledger and smart contracts
●
Limited computational power, data storage space, and access
control
- Off-chain
●
Offline data and application logic can be safely hosted off-chain

Blockchain in a SW ArchitectureBlockchain in a SW Architecture
[Patterns]

Blockchain as Storage ElementBlockchain as Storage Element
· FeaturesFeatures
- Authenticated, and append-only ledger
- History of all state changes are preserved.
- Transactions record authorized asset transfers.
- Distributed: all nodes store all data
- Con: Costly storage!
· Where is data stored?Where is data stored?
- Piggy-backed in transactions → Bitcoin (OP_RETURN)
- Contract storage
- Eitherway, data is available to the public!
· Alternative to…Alternative to…
- Conventional databases, cloud storage, P2P file sharing

Blockchain as Computational ElementBlockchain as Computational Element
· Smart contracts are codes which execute on the blockchainSmart contracts are codes which execute on the blockchain
- Bitcoin script is run by external entities → integrity of results is not guaranteed
- Ethereum and its smart contracts can be seen as a general computational platform
· What can be expectedWhat can be expected
- Reach agreements and solve common problems with minimal trust.
- Code can control cryptocurrency, and express triggers, conditions, or business logic
· LimitationsLimitations
- Practical limitations on computational complexity (e.g. max block gas limit in
Ethereum)
- Costly execution
· Alternative to…Alternative to…
- Traditional application platforms, cloud computing

Blockchain as Communication MechanismBlockchain as Communication Mechanism
· Data communicationData communication
- Blockchain plays the role of a
message queue
- Oracles can transfer external
data to the blockchain
· Computation communicationComputation communication
- Submit txs to invoke smart
contract functions
· Coordination facilityCoordination facility
- a distributed
registry/lock/rendezvous

Blockchain as an Asset Mngmnt MechanismBlockchain as an Asset Mngmnt Mechanism
· Tokens can represent either digital assets or physical assetsTokens can represent either digital assets or physical assets
- Fungible assets: interchangeable (e.g. cryptocurrencies, gasoline, and commodities)
- Non-fungible assets: unique and cannot be interchanged (e.g. CryptoKitties, artwork,
and land)
· Tokenization: representation of an asset using a cryptographic tokenTokenization: representation of an asset using a cryptographic token
- The control of this token aligns with the ownership of the corresponding asset.
- By using smart contracts, some conditions can be implemented and associated with
the transfer of ownership.
- Unless the blockchain is backed by legislation as an authoritative title of register, it
will not necessarily be authoritative.
· Standards:Standards: describe the functions and events that token smart contractsdescribe the functions and events that token smart contracts
should implement.should implement.
- ERC206: Ethereum-based fungible tokens
- ERC721: Ethereum-based non-fungible tokens (draft)

EvaluationEvaluation
ofof
SuitabilitySuitability
EvaluationEvaluation
ofof
SuitabilitySuitability
[Suitability]

DesignDesign
ProcessProcess
DesignDesign
ProcessProcess
[Taxonomy]

Source: https://spectrum.ieee.org/computing/networks/do-you-need-a-blockchain

Blockchain PatternsBlockchain Patterns

Oracle PatternOracle Pattern
· Introducing the state of external systems into the closedIntroducing the state of external systems into the closed
blockchain execution environment.blockchain execution environment.
- The state of external systems is not directly accessible to smart
contracts.
- Yet, function calls in smart contracts sometimes need to access
state of the external world.
· Oracle: a trusted third-party that provides smart contractsOracle: a trusted third-party that provides smart contracts
with information about the external world.with information about the external world.
- On-chain: a smart contract with external state being injected
into the oracle periodically by an off-chain injector.
- Off-chain: a server outside the blockchain

Off-Chain Data Storage PatternOff-Chain Data Storage Pattern
· Use hashing to ensure the integrity of arbitrarily large datasetsUse hashing to ensure the integrity of arbitrarily large datasets
which may not fit directly on the blockchain.which may not fit directly on the blockchain.
- Blockchain has limited and high cost storage for data.
- Data cannot take advantage of the immutability or integrity
guarantees without being stored on the blockchain.
· Solution: store a hash value (digest) of the raw data on chainSolution: store a hash value (digest) of the raw data on chain
- The raw data might be changed without authorization.
- This change will be detected but prevention/recovery is not possible.
· ExamplesExamples
- Proof-of-Existence (POEX.IO) on Bitcoin
- Chainy on Ethereum (smart contract)

State Channel PatternState Channel Pattern
· Transactions are performed off-chain with periodic recording of netTransactions are performed off-chain with periodic recording of net
transaction settlements on-chaintransaction settlements on-chain
- Cheap: too small in value w.r.t. transaction fee
- Timely: require much shorter latency
- E.g. Wi-Fi data usage, Utility bills, …
· Solution: establish an agreed off-chain protocol between two participants,Solution: establish an agreed off-chain protocol between two participants,
with a deposit from one or both locked up as security in a smart contractwith a deposit from one or both locked up as security in a smart contract
for the lifetime of the channel.for the lifetime of the channel.
- The state channel keeps the intermediate states of the small transactions off-chain
- Only the finalized aggregated (net) transaction is stored on-chain.
· Examples:Examples:
- The Lightning network for Bitcoin
- The Raiden Network, Orinoco, State channel, and Gnosis Go for Ethereum

Other PatternsOther Patterns
· HashlockHashlock
- Hash of an off-chain generated secret is stored in the transaction, and whoever
reveals the secret matching the hash, will be authorized to do sth.
· Contract RegistryContract Registry
- The address of the latest version of an smart contract is located by looking up its
name on a contract registry.
· Data ContractData Contract
- Store data in a smart contract separate from contract logic to allow for easier
code migration from one version to the other.
· Factory ContractFactory Contract
- An on-chain template contract is used as a factory that generates contract
instances from the template.
- No need to keep the template off-chain

Questions?Questions?
Sadegh Dorri N.Sadegh Dorri N.
dorri@modares.ac.ir
http://www.modares.ac.ir/~dorri

ReferencesReferences
· The slides are mainly based on these three chapters ofThe slides are mainly based on these three chapters of
X. Xu et al.,X. Xu et al., Architecture for Blockchain ApplicationsArchitecture for Blockchain Applications, Springer Nature Switzerland, 2019, Springer Nature Switzerland, 2019
- Chapter 5: Blockchain in Software Architecture
- Chapter 6: Design Process for Applications on Blockchain
- Chapter 7: BlockchainPatterns
· [Taxonomy] X. Xu et al., “A Taxonomy of Blockchain-Based Systems for Architecture
Design,” in IEEE International Conference on Software Architecture (ICSA), Gothenburg,
Sweden, 2017, pp. 243–252.
· [Suitability] S. K. Lo, X. Xu, Y. K. Chiam, and Q. Lu, “Evaluating Suitability of Applying
Blockchain,” in 22nd International Conference on Engineering of Complex Computer
Systems (ICECCS), Fukuoka, Japan, 2017, pp. 158–161.
· [Patterns] X. Xu, C. Pautasso, L. Zhu, Q. Lu, and I. Weber, “A Pattern Collection for
Blockchain-based Applications,” in Proceedings of the 23rd European Conference on
Pattern Languages of Programs (EuroPLoP), Irsee, Germany, 2018, pp. 1–20.

Blockchain Applications for E-Commerce Security

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie Blockchain Applications for E-Commerce Security

Ähnlich wie Blockchain Applications for E-Commerce Security (20)

Mehr von Sadegh Dorri N.

Mehr von Sadegh Dorri N. (13)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Blockchain Applications for E-Commerce Security