Skip to main content
SpringerLink
Log in

On the Application of Financial Security Standards in Blockchain Platforms

  • Chapter
  • First Online:
Blockchain Cybersecurity, Trust and Privacy

Part of the book series: Advances in Information Security ((ADIS,volume 79))

Abstract

Security standards such as the Payment Application Data Security Standard (PA-DSS) have been developed to keep transaction data secured in traditional payment systems. However, blockchain systems are not in the scope of these security standards. In this work, we highlight the differences between traditional and decentralized payment platforms and we present an adaptation of the PA-DSS standards to apply them in transaction-supported, decentralized blockchain platforms. We evaluate the QTUM and Ethereum blockchain platforms by using our adapted standards and we report security gaps on each platform. We conclude that neither platform is suitable for business adoption based on the adapted PA-DSS standard’s evaluation results.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Contract Law - How to Create a Legally Binding Contract. U.S. Small Business Administration (2016), https://www.sba.gov/blogs/contract-law-how-create-legally-binding-contract. Cited 31 July 2019

  2. N. Szabo, The Idea of Smart Contracts (1997), http://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/idea.html. Cited 31 July 2019

  3. N. Szabo, A Formal Language for Analyzing Contracts (2002), http://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/idea.html. Cited 31 July 2019

  4. S. Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System (2008), https://bitcoin.org/bitcoin.pdf. Cited 31 July 2019

  5. P. Dai, N. Mahi, J. Earls, A. Norta, Smart-contract Value-transfer Protocols on a Distributed Mobile Application Platform (2017), https://qtum.org/user/pages/01.home/Qtum%20whitepaper_en%20v0.7.pdf. Cited 31 July 2019

  6. G. Wood, Ethereum: A Secure Decentralised Generalised Transaction Ledger. Ethereum Project (2014), https://gavwood.com/paper.pdf. Cited 31 July 2019

  7. A. Hertig, How Ethereum Works (2019), https://www.coindesk.com/information/how-ethereum-works. Cited 31 July 2019

  8. Payment Application Data Security Standard: Frequently Asked Questions (2008), PCI Security Standards Council. "https://www.pcisecuritystandards.org/minisite/en/docs/PA-DSS_v3.pdf. Cited 31 July 2019

  9. Payment Card Industry (PCI) Payment Application Data Security Standard-Requirements and Security Assessment Procedures version 3.0 (2013), PCI Security Standards Council. https://www.pcisecuritystandards.org/minisite/en/docs/PA-DSS_v3.pdf. Cited 31 July 2019

  10. M. Di Ferrante, R. Mercer, Towards Blockchain Transaction Privacy (2017), https://www.ieee-security.org/TC/EuroSP2017/posters/poster6.pdf. Cited 31 July 2019

  11. M. Conti, S. Kumar, C. Lal, S. Ruj, A survey on security and privacy issues of bitcoin. IEEE Comm. Surveys Tutorials. 20, 3416–3452 (2018)

    Article  Google Scholar 

  12. P. Koshy, D. Koshy, P. McDaniel, An analysis of anonymity in bitcoin using P2P network traffic, in Financial Cryptography and Data Security (FC 2014), ed. by N. Christin, R. Safavi-Naini (Springer, Heidelberg, 2014), pp. 469–485

    Google Scholar 

  13. Y. Sompolinsky, A. Zohar, Secure high-rate transaction processing in bitcoin, in Financial Cryptography and Data Security (FC 2015), ed. by R. Böhme, T. Okamoto (Springer, Heidelberg, 2015), pp. 507–527

    Chapter  Google Scholar 

  14. S. Ma, Y. Deng, D. He, J. Zhang, X. Xie, An efficient NIZK scheme for privacy-preserving transactions over account-model blockchain, in: Cryptology ePrint Archive, Technical Report 2017/1239. The International Association for Cryptologic Research (2017). https://eprint.iacr.org/2017/1239. Cited 31 July 2019

  15. M. Andrychowicz, S. Dziembowski, D. Malinowski, L. Mazurek, Secure multiparty computations on bitcoin, in Proceedings of 2014 IEEE Symposium on Security and Privacy (IEEE, New York, 2014), pp. 443–458

    Book  Google Scholar 

  16. F. Zhang, E. Cecchetti, K. Croman, A. Juels, E. Shi, Town Crier: an authenticated data feed for smart contracts, in Proceedings 2016 ACM SIGSAC Conference on Computer Networks and Communications (ACM, New York, 2016), pp. 270–282

    Google Scholar 

  17. M. Gray, C. Hajduk, Anatomy of a Smart Contract. Microsoft Corporation (2017), https://github.com/Azure/azure-blockchain-projects/blob/master/bletchley/AnatomyofASmartContract.md. Cited 31 July 2019

  18. M. Gray, C. Hajduk, Anatomy of a Smart Contract 2. Microsoft Corporation (2017), https://azure.microsoft.com/en-us/blog/scanatomy-2. Cited 31 July 2019

  19. M. Gray, C. Hajduk, Cryptlets Deep Dive. Microsoft Corporation (2017), https://github.com/Azure/azure-blockchain-projects/blob/master/bletchley/CryptletsDeepDive.md. Cited 31 July 2019

  20. A. Kosba, A. Miller, E. Shi, Z. Wen, C. Papamanthou, Hawk: the blockchain model of cryptography and privacy-preserving smart contracts, in Proceedings of 2016 IEEE Symposium on Security and Privacy (IEEE, New York, 2016), pp. 839–858

    Google Scholar 

  21. M. Bartoletti, L. Pompianu, An empirical analysis of smart contracts: platforms, applications, and design patterns, in Financial Cryptography and Data Security (FC 2017), ed. by M. Brenner, K. Rohloff, J. Bonneau, A. Miller, P.Y.A. Ryan, V. Teague, A. Bracciali, M. Sala, F. Pintore, M. Jakobsson (Springer, Heidelberg, 2017), pp. 494–509

    Chapter  Google Scholar 

  22. K. Delmolino, M. Arnett, A. Kosba, A. Miller, E. Shi, M. Bartoletti, L. Pompianu, Step by step towards creating a safe smart contract: lessons and insights from a cryptocurrency lab, in Financial Cryptography and Data Security (FC 2016) ed. by J. Clark, S. Meiklejohn, P.Y.A. Ryan, D. Wallach, M. Brenner, K. Rohloff (Springer, Heidelberg, 2016), pp. 79–94

    Chapter  Google Scholar 

  23. L. Luu, D. Chu, H. Olickel, P. Saxena, A. Hobor, Making smart contracts smarter, in Proceedings of 2016 ACM SIGSAC Conference on Computer Networks and Communications (ACM, New York, 2016), pp. 254–269

    Google Scholar 

  24. V. Buterin, Thinking About Smart Contract Security. Ethereum Project (2016), https://blog.ethereum.org/2016/06/19/thinking-smart-contract-security. Cited 31 July 2019

  25. N. Atzei, M. Bartoletti, T. Cimoli, A survey of attacks on Ethereum smart contracts (SoK), in Principles of Security and Trust (POST 2017), ed. by M. Maffei, M. Ryan (Springer, Heidelberg, 2017), pp. 164–186

    Chapter  Google Scholar 

  26. G. Bello, A.J. Perez, Adapted PA-DSS Standards (2019), https://tinyurl.com/yabykwf8. Cited 31 July 2019

Download references

Author information

Authors and Affiliations

  1. Columbus State University, Columbus, GA, USA

    Gabriel Bello & Alfredo J. Perez

Authors
  1. Gabriel Bello
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alfredo J. Perez
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gabriel Bello .

Editor information

Editors and Affiliations

  1. Department of Information Systems and Cyber Security, University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  2. Cyber Science Lab, School of Computer Science, University of Guelph, Guelph, ON, Canada

    Ali Dehghantanha

  3. College of Computing and Software Engineering, Kennesaw State University, Marietta, GA, USA

    Reza M. Parizi

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Bello, G., Perez, A.J. (2020). On the Application of Financial Security Standards in Blockchain Platforms. In: Choo, KK., Dehghantanha, A., Parizi, R. (eds) Blockchain Cybersecurity, Trust and Privacy. Advances in Information Security, vol 79. Springer, Cham. https://doi.org/10.1007/978-3-030-38181-3_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-38181-3_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-38180-6

  • Online ISBN: 978-3-030-38181-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation