Abstract
Security standards such as the Payment Application Data Security Standard (PA-DSS) have been developed to keep transaction data secured in traditional payment systems. However, blockchain systems are not in the scope of these security standards. In this work, we highlight the differences between traditional and decentralized payment platforms and we present an adaptation of the PA-DSS standards to apply them in transaction-supported, decentralized blockchain platforms. We evaluate the QTUM and Ethereum blockchain platforms by using our adapted standards and we report security gaps on each platform. We conclude that neither platform is suitable for business adoption based on the adapted PA-DSS standard’s evaluation results.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Contract Law - How to Create a Legally Binding Contract. U.S. Small Business Administration (2016), https://www.sba.gov/blogs/contract-law-how-create-legally-binding-contract. Cited 31 July 2019
N. Szabo, The Idea of Smart Contracts (1997), http://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/idea.html. Cited 31 July 2019
N. Szabo, A Formal Language for Analyzing Contracts (2002), http://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/idea.html. Cited 31 July 2019
S. Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System (2008), https://bitcoin.org/bitcoin.pdf. Cited 31 July 2019
P. Dai, N. Mahi, J. Earls, A. Norta, Smart-contract Value-transfer Protocols on a Distributed Mobile Application Platform (2017), https://qtum.org/user/pages/01.home/Qtum%20whitepaper_en%20v0.7.pdf. Cited 31 July 2019
G. Wood, Ethereum: A Secure Decentralised Generalised Transaction Ledger. Ethereum Project (2014), https://gavwood.com/paper.pdf. Cited 31 July 2019
A. Hertig, How Ethereum Works (2019), https://www.coindesk.com/information/how-ethereum-works. Cited 31 July 2019
Payment Application Data Security Standard: Frequently Asked Questions (2008), PCI Security Standards Council. "https://www.pcisecuritystandards.org/minisite/en/docs/PA-DSS_v3.pdf. Cited 31 July 2019
Payment Card Industry (PCI) Payment Application Data Security Standard-Requirements and Security Assessment Procedures version 3.0 (2013), PCI Security Standards Council. https://www.pcisecuritystandards.org/minisite/en/docs/PA-DSS_v3.pdf. Cited 31 July 2019
M. Di Ferrante, R. Mercer, Towards Blockchain Transaction Privacy (2017), https://www.ieee-security.org/TC/EuroSP2017/posters/poster6.pdf. Cited 31 July 2019
M. Conti, S. Kumar, C. Lal, S. Ruj, A survey on security and privacy issues of bitcoin. IEEE Comm. Surveys Tutorials. 20, 3416–3452 (2018)
P. Koshy, D. Koshy, P. McDaniel, An analysis of anonymity in bitcoin using P2P network traffic, in Financial Cryptography and Data Security (FC 2014), ed. by N. Christin, R. Safavi-Naini (Springer, Heidelberg, 2014), pp. 469–485
Y. Sompolinsky, A. Zohar, Secure high-rate transaction processing in bitcoin, in Financial Cryptography and Data Security (FC 2015), ed. by R. Böhme, T. Okamoto (Springer, Heidelberg, 2015), pp. 507–527
S. Ma, Y. Deng, D. He, J. Zhang, X. Xie, An efficient NIZK scheme for privacy-preserving transactions over account-model blockchain, in: Cryptology ePrint Archive, Technical Report 2017/1239. The International Association for Cryptologic Research (2017). https://eprint.iacr.org/2017/1239. Cited 31 July 2019
M. Andrychowicz, S. Dziembowski, D. Malinowski, L. Mazurek, Secure multiparty computations on bitcoin, in Proceedings of 2014 IEEE Symposium on Security and Privacy (IEEE, New York, 2014), pp. 443–458
F. Zhang, E. Cecchetti, K. Croman, A. Juels, E. Shi, Town Crier: an authenticated data feed for smart contracts, in Proceedings 2016 ACM SIGSAC Conference on Computer Networks and Communications (ACM, New York, 2016), pp. 270–282
M. Gray, C. Hajduk, Anatomy of a Smart Contract. Microsoft Corporation (2017), https://github.com/Azure/azure-blockchain-projects/blob/master/bletchley/AnatomyofASmartContract.md. Cited 31 July 2019
M. Gray, C. Hajduk, Anatomy of a Smart Contract 2. Microsoft Corporation (2017), https://azure.microsoft.com/en-us/blog/scanatomy-2. Cited 31 July 2019
M. Gray, C. Hajduk, Cryptlets Deep Dive. Microsoft Corporation (2017), https://github.com/Azure/azure-blockchain-projects/blob/master/bletchley/CryptletsDeepDive.md. Cited 31 July 2019
A. Kosba, A. Miller, E. Shi, Z. Wen, C. Papamanthou, Hawk: the blockchain model of cryptography and privacy-preserving smart contracts, in Proceedings of 2016 IEEE Symposium on Security and Privacy (IEEE, New York, 2016), pp. 839–858
M. Bartoletti, L. Pompianu, An empirical analysis of smart contracts: platforms, applications, and design patterns, in Financial Cryptography and Data Security (FC 2017), ed. by M. Brenner, K. Rohloff, J. Bonneau, A. Miller, P.Y.A. Ryan, V. Teague, A. Bracciali, M. Sala, F. Pintore, M. Jakobsson (Springer, Heidelberg, 2017), pp. 494–509
K. Delmolino, M. Arnett, A. Kosba, A. Miller, E. Shi, M. Bartoletti, L. Pompianu, Step by step towards creating a safe smart contract: lessons and insights from a cryptocurrency lab, in Financial Cryptography and Data Security (FC 2016) ed. by J. Clark, S. Meiklejohn, P.Y.A. Ryan, D. Wallach, M. Brenner, K. Rohloff (Springer, Heidelberg, 2016), pp. 79–94
L. Luu, D. Chu, H. Olickel, P. Saxena, A. Hobor, Making smart contracts smarter, in Proceedings of 2016 ACM SIGSAC Conference on Computer Networks and Communications (ACM, New York, 2016), pp. 254–269
V. Buterin, Thinking About Smart Contract Security. Ethereum Project (2016), https://blog.ethereum.org/2016/06/19/thinking-smart-contract-security. Cited 31 July 2019
N. Atzei, M. Bartoletti, T. Cimoli, A survey of attacks on Ethereum smart contracts (SoK), in Principles of Security and Trust (POST 2017), ed. by M. Maffei, M. Ryan (Springer, Heidelberg, 2017), pp. 164–186
G. Bello, A.J. Perez, Adapted PA-DSS Standards (2019), https://tinyurl.com/yabykwf8. Cited 31 July 2019
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Bello, G., Perez, A.J. (2020). On the Application of Financial Security Standards in Blockchain Platforms. In: Choo, KK., Dehghantanha, A., Parizi, R. (eds) Blockchain Cybersecurity, Trust and Privacy. Advances in Information Security, vol 79. Springer, Cham. https://doi.org/10.1007/978-3-030-38181-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-38181-3_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-38180-6
Online ISBN: 978-3-030-38181-3
eBook Packages: Computer ScienceComputer Science (R0)