|
A systematic review of the literature on security and privacy and improving an onymity in the blockchain network
|
Fatemeh Charlank Bakhtiari *1   , Abbas Ghaemi Bafghi1 |
| 1- Department of Computer Science, Faculty of Engineering, Ferdowsi University, Mashhad, Iran |
|
|
Abstract: (201 Views) |
| With the rapid development of digital technolo gies, the need for new solutions to protect privacy and data security has increased. One technology that has attracted much attention is blockchain, a distributed ledger known for its features like transparency, de centralization, and security, particularly regarding privacy. However, this technology can pose a threat to users’ privacy, especially concerning the origin, destination, and flow of cryptocurrency transactions. Therefore, anonymity in blockchain transactions and the protection of users’ privacy are key aspects of this technology. In this paper, we review the secu rity features of blockchain, which include integrity, transparency, traceability, honesty, anonymity, and immutability. Each feature plays a fundamental role in maintaining the security and integrity of blockchain-based systems. Also, the problems in pro tecting privacy in permissionless blockchains have been examined. For this purpose, a systematic re view of the existing articles and research in this field has been reviewed and categorized. A systematic literature review is an efficient research tool. It in cludes three main stages: planning, implementation, and reporting. In the planning phase, research ques tions are extracted and appropriate databases are selected for searching. In the implementation phase, data is extracted from various articles and publi cations, and in the reporting phase, the results are presented in detail. Finally, this research method answers fundamental questions in various blockchain f ields, including privacy, anonymity, and threats. The four main research questions are: 1) What are the characteristics, advantages, and disadvantages of different types of blockchains? 2) What are the concepts of anonymity, pseudo-anonymity, privacy, and confidentiality, and how are privacy practices implemented? 3) What are the vulnerabilities and threats to privacy and anonymity? 4) What methods can address threats to privacy and anonymity? To carry out this research, a detailed plan was de veloped to search for and collect scientific articles and resources from reputable databases, including IEEE Xplore, ACM, ScienceDirect, Springer, and Google Scholar. The searches were conducted using keywords like ”blockchain,” ”privacy,” ”anonymity,” and ”se curity.” A review was conducted of articles published between 2018 and 2023. Based on the established in clusion and exclusion criteria, duplicate studies were eliminated, refining the final results. The initial stage of searching using the keyword ”Blockchain” in various databases identified numer ous articles from diverse fields such as the Internet of Things, healthcare, smart contracts, banking and f inance, and other fields. After reviewing the titles, keywords, and abstracts, it was determined that a sig nificant challenge in this field is ensuring the privacy and security of users’ identities in the blockchain. In the nextstage, thekeywords”Blockchain,””Privacy,” ”Anonymity,” and ”Security” were used to search and identify morearticles. The article filtering process was divided into three stages. In the first stage, the ini tial review of titles and keywords reduced the number of articles from 1,233 to 947. In the second stage, af ter reviewing the abstracts, 404 relevant articles were identified. Finally, in the third stage, the full texts of the remaining articles were read, and the same num ber of articles was selected for more accurate infor mation extraction. The distribution of articles was analyzed in three ways: year of publication, source of publication, and topic. This survey indicates that the scientific com munity’s attention has fluctuated, increasing and then decreasing until 2019. IEEE and ScienceDirect have contributed the most to this topic, with 328 and 251 papers, respectively, while ACM has contributed the least. Figures 1, 2, and 3 demonstrate an increas ing use of blockchain technology across various fields, including cybersecurity, privacy, and anonymity. Answer to the first research question: Blockchains can be classified into three categories: public (permis sionless), private (permissioned), and consortium. Public chains like Bitcoin and Ethereum offer high transparency and decentralized security, enabling participation from everyone. The need for widespread consensus leads to decreased efficiency and increased energy consumption. In contrast, private chains allow access only to specific individuals or organizations and are suitable for corporate applications with high efficiency, faster processing, and greater control over data, but may lead to centralization and are vulner able to changes. Consortium chains blend elements of both public and private blockchains. They main tain a balance between transparency and privacy by being managed by a group of trusted organizations. Nonetheless, this management approach can compli cate processes because it necessitates coordination among the various network members. Answertothesecondresearchquestion:Anonymity, pseudo-anonymity, privacy, and confidentiality are key concepts in blockchain security. Anonymity refers to the concealment of users’ identities, while pseudo-anonymity refers to the use of pseudonymous addresses that still allow indirect identification of users. Privacy gives users control over their personal information and transactions, while confidentiality protects against unauthorized disclosure of that in formation. Although these concepts are related, they have distinct differences. Anonymity can improve user security but may also foster abuse, while privacy mainly focuses on the management of user data. To preserve privacy on the blockchain, methods such as one-time addresses (generating a new address for each transaction), group signatures (allowing an in dividual’s identity to remain hidden among a group of users), zero-knowledge proofs (which allow a claim to be verified without revealing information), and transaction mixers (which combine transaction data to prevent tracking) are used, each of which offers different levels of security and efficiency. The follow ing is a comparison of various privacy methods and their key features, including security level, efficiency, level of anonymity, and implementation challenges. Some methods, such as zero-knowledge proofs, are highly secure but computationally expensive, while methods such as one-time addresses are simpler but provide a lower level of anonymity. This table helps you decide which method is best for your needs. Answer to the third research question: Blockchain threats and vulnerabilities are categorized into nine main groups: application attacks, consensus attacks, cryptanalysis, double spending, identity privacy, net work attacks, smart contracts, mining attacks, and unclassified attacks, each of which threatens user se curity and privacy differently. Network attacks such as sibyl attacks, denial of service, and data inter ception are the most common threats that can ex pose user information and reduce network perfor mance. Consensus and cryptanalysis attacks can dis rupttransactionsecurityandputuserdataatrisk.On the other hand, double spending attacks and smart contract vulnerabilities (such as the DAO attack) mayleadtofinancialfraudandassettheft. Also, iden tity privacy attacks such as impersonation and wal let information leakage can reveal user identities. Ad dressing these threats necessitates the use of stronger cryptography, enhanced consensus mechanisms, and the application of privacy-preserving methods. Addi tionally, the focus of the scientific community high lights that network attacks are particularly critical due to their direct impact on the security and per formance of blockchain technology. To address the fourth research question, various security solutions have been evaluated to counter threats to the chain of custody, tailored to the specific type of attack. Self-organizing maps, access control layer encryption, and rigorous transaction validation are employed to combat application and consensus attacks. Network attacks and cryptanalysis can be mitigated through data encryption, traffic analysis, security protocols like BGPsec,andstrongdigitalsignatures. Toprevent double spending, techniques such as utilizing nonces in transactions and combining digital signatures are employed. Smart contracts are secured through dy namicrules, secure payment methods, and smart con tracts. Also, to prevent user identity extraction and general threats, techniques such as zero-knowledge proofs, zero-blocks, anonymity, and intrusion detec tion are implemented in the network, which plays an important role in maintaining user security and pri vacy. This study can be used as a research basis to identify open issues and create new research direc tions in the future. The statistical data presented in tables and graphs indicate the positive impact of the blockchain on improving the performance of in formation systems and reducing costs. The findings of this study can guide the development of secure blockchain-based systems in the future and provide new directions for further research. |
|
| Keywords: Blockchain, Privacy, Anonymity, Security |
|
|
Full-Text [PDF 2386 kb]
(106 Downloads)
|
Type of Study: Review Article |
Subject:
Special
Received: 2024/04/28 | Accepted: 2025/01/6 | Published: 2025/06/16
|
|
|
|
|
|
|
| Send email to the article author |
|
|
|
| Add your comments about this article |
|
|
|
|
|
