HBKU - QCRI
Blockchain Security

This project develops techniques and systems to analyze cryptocurrency transactions and smart contracts to identify vulnerabilities and abnormal transaction patterns, with a particular focus on the types of analysis that helps e-crime investigation. An important feature of the system is to connect the pseudo anonymous world of today’s cryptocurrency platforms with the Internet as well as the Darkweb, so that entities involved in e-crime could be potentially identified and investigated. The system has been used by multiple stakeholders in their data-to-day operations.

Description, Goals, and Focus

The goal of this project is to build a blockchain data platform to address problems related to privacy (e.g., anonymity), cryptocurrency e-crime investigations (e.g., detecting Ponzi schemes), regulatory compliance (e.g., anti-money laundering), and risk management (e.g., detecting illicit transactions).A blockchain consists of linked blocks of transactions between (pseudo)anonymous entities. This data is typically stored in an append-only format that is optimized for verification and validation, which makes it hard to parse and analyze. We are working with local stakeholders and international partners to develop a full-stack blockchain analytics platform to better understand and secure public blockchains using data-centric approaches. This includes addressing the following problems:

  • How can we perform accurate entity resolution and enable high-level queries of (pseudo)anonymous cryptocurrency transactions?
  • How can we perform automated prediction and detection of malicious or illicit cryptocurrency transactions?
  • How can we characterize and monitor cryptocurrency markets and related illicit activities that operate as hidden services like the dark web? 

Publications

  1. Ningyu He, Ruiyi Zhang, Lei Wu, Haoyu Wang, Xiapu Luo, Yao Guo, Ting Yu, and Xuxian Jiang. “EOSAFE: Security analysis of EOSIO smart contracts”. USENIX SEC ’21, Virtual, Aug 2021. PDF
  2. Yazan Boshmaf, Charitha Elvitigala, Husam Al Jawaheri, Primal Wijesekera, and Mashael Al Sabah. “Investigating MMM Ponzi scheme on Bitcoin”. AsiaCCS ’20, Taipei, Taiwan, Oct 2020. PDF
  3. Husam Al Jawaheri, Mashael Al Sabah, Yazan Boshmaf, and Aiman Erbad. “Deanonymizing Tor hidden service users through Bitcoin transactions analysis”. In Computers & Security. Volume 89, Feb 2020. PDF
  4. Yazan Boshmaf, Husam Al Jawaheri, and Mashael Al Sabah. “BlockTag: Design and applications of a tagging system for blockchain analysis”. Proc. of 34th International Conference on ICT Systems Security and Privacy Protection. IFIP SEC ’19, Lisbon, Portugal, Jun 2019. PDF

Patents

  1. Yazan Boshmaf and Sajitha Liyange. “Kansa: System and Methods for Cloud-based Smart Contract Security Auditing”. QF Disclosure No. 2022-142. 2020.
  2. Yazan Boshmaf, Mashael Al Sabah, and Husam Al Jawaheri. “BlockStack: A full-stack system for blockchain analytics”. US Provisional Patent. QF Ref #2019-024, 2019.

Impact

Our research has gained worldwide attention, resulting in international news convergence by reputable outlets, such as WIRED, BBC, and New Scientist. We also received requests for help and data/intelligence sharing by 3rd parties, such as the UK Metropolitan Police and several international law firms. Locally, our research has attracted key stakeholders who joined us in three project-related workshops and multiple research collaboration meetings. We gathered feedback from local stakeholders on key issues they face within the scope of the project, and have developed three applications, namely Dizzy, Toshi, and Kansa, that are useful for them in their day-to-day operations.

We have helped the Financial and Computer Crime Combating Unit at the Qatar Ministry of Interior with ransomware-related incidents, gave a private hearing to the US Federal Trade Commission on deanonymizing dark web users through cryptocurrency analytics, and advised Qatar Central Bank about its new national FinTech strategy. We have also been granted a multi-million-dollar QNRF Cluster research grant about Blockchain and FinTech, in addition to a Technology Development Fund to productize and commercialize our applications, out of which Kansa has been chosen by HBKU Innovation Center for the Startup Program as a research spinoff.

Direction and Future Plans

For the short-term (Now–2 years), we will stay focused on cryptocurrencies to better understand the blockchain technology domain and address pressing, short-term problems that are also important to our stakeholders. For the mid-term (2–3 years from now), we will use our expertise with cryptocurrencies and apply it to general blockchain applications, starting with those that are considered critical, such as Trade Finance. This is also part of the QNRF Cluster application, where we will develop cybersecurity defenses for general-purpose EVM-based blockchains. For the long-term (after 3 years from now), we will widen our focus to the emerging decentralized computing technologies, focusing on the security and privacy of the decentralized web (aka Web 3.0).