Accepted Manuscript

A systematic literature review of blockchain cyber security

Paul J. Taylor, Tooska Dargahi, Ali Dehghantanha, Reza M. Parizi, Kim-Kwang

Raymond Choo

PII: S2352-8648(18)30153-6
DOI: https://doi.org/10.1016/j.dcan.2019.01.005
Reference: DCAN 154

To appear in: Digital Communications and Networks

Received Date: 19 June 2018

Revised Date: 13 January 2019
Accepted Date: 21 January 2019

Please cite this article as: P.J. Taylor, T. Dargahi, A. Dehghantanha, R.M. Parizi, K.-K.R. Choo, A
systematic literature review of blockchain cyber security, Digital Communications and Networks (2019),
doi: https://doi.org/10.1016/j.dcan.2019.01.005.

This is a PDF file of an unedited manuscript that has been accepted for publication. As a service to
our customers we are providing this early version of the manuscript. The manuscript will undergo
copyediting, typesetting, and review of the resulting proof before it is published in its final form. Please
note that during the production process errors may be discovered which could affect the content, and all
legal disclaimers that apply to the journal pertain.
Digital Communications and Networks(DCN)
ACCEPTED MANUSCRIPT

journal homepage: www.elsevier.com/locate/dcan

A Systematic Literature Review of

Blockchain Cyber Security

PT
RI
Paul J Taylora , Tooska Dargahia , Ali Dehghantanhab , Reza M. Parizic ,
Kim-Kwang Raymond Choo∗d

SC
a Schoolof Computing, Science & Engineering, University of Salford, Manchester, UK
b Securityof Advanced Systems Lab, School of Computer Science, University of Guelph, Ontario, Canada
c Department of Software Engineering and Game Development, Kennesaw State University, Marietta, GA 30060, USA
d Department of Information Systems and Cyber Security, University of Texas at San Antonio, San Antonio, TX 78249, USA

U
AN
Abstract
Since the publication of Satoshi Nakamoto’s white paper on Bitcoin in 2008, blockchain has slowly become one of the most
talked about methods for securing data storage and transfer through decentralized, trustless, peer-to-peer systems. This research
systematically identifies peer-reviewed literature that seeks to utilize blockchain for cyber security purposes and presents a
M

breakdown of the most adopted blockchain security applications. Our findings depict that the Internet of Things (IoT) lends
itself well to novel blockchain applications, as do networks and machine visualization, public key cryptography, web applica-
tions, certification schemes and the secure storage of personally identifiable information (PII). This timely systematic review
also sheds light on future directions of research, education and practices in the blockchain and cyber security space.
D

c 2018 Published by Elsevier Ltd.

TE

KEYWORDS: Blockchain, Smart contracts, Cyber security, Distributed ledger technology, IoT, Cryptocurrency, Bitcoin

1. Introduction and industry practitioners due to its unique trust and

EP

security characteristics.
As a cryptographic-based distributed ledger, There is no doubt that the popularity of blockchain
blockchain technology [1], [2] enables trusted trans- has increased worldwide. More than simply becom-
C

actions among untrusted participants in the network. ing popular, it has made a lasting impact on the world
Since the introduction of the first Bitcoin blockchain [11]; it has seen commercial adoption [12], influenced
in 2008 [3], various blockchain systems, such as world currency markets [13], facilitated the prolifera-
AC

Ethereum [4], [5] and Hyperledger Fabric [6], have tion of illicit dark web marketplaces, and has been a
emerged with public and private accessibility outside significant factor affecting the proliferation of finan-
of existing fiat currency and electronic voucher cially driven cyber-attacks [14], such as ransomware
systems. Recently, blockchain technology has also [15] and denial of service [16] against retailers and
been the subject of increased scientific research other online organizations. In fact, the implementation
and development [7], [8], [9], [10], and has raised and use of blockchain have far surpassed its original
significant interest among researchers, developers, intended purpose as the backbone to the world’s first
decentralized cryptocurrency. The value of a trustless,
decentralized ledger that carries historic immutability
∗ Kim-Kwang Raymond Choo (Corresponding author) (email: has been recognized by other industries looking to ap-
[email protected]). ply the core concepts to existing business processes.
1 Paul J Taylor (email: Paul.Taylor [email protected]).
2 Tooska Dargahi (email: [email protected]). These unique properties of the blockchain technology
3 Ali Dehghantanha (email: [email protected]). make its application an attractive idea for many ar-
4 Reza M. Parizi (email: [email protected]). eas of business, such as banking [17], logistics [18],
2 ACCEPTED MANUSCRIPT Paul J Taylor, et al.

the pharmaceutical industry [19], smart contracts [20], nical blockchain papers; they found an 80% focus on
[21] and, most importantly in the context of this paper, Bitcoin projects and in particular a common theme of
cyber security [22], [23]. security and privacy. Since 2016 the applications for
Most notably, there is an emerging trend beyond blockchain have diversified, and as such our research
cryptocurrency payments that blockchain could en- looks to establish what research exists specifically in
able a new breed of decentralized applications with- regards to cyber security and blockchain applications.
out intermediaries, and serve as the foundation for Towards the end of 2016, Conoscenti et al. con-
key elements of the Internet’s security infrastructure. ducted an SLR concerning the use and adaptability
Hence, it is important to identify what research cur- of blockchain specifically in relation to IoT and other
rently exists specifically in relation to the application peer-to-peer devices [25]. Interestingly, they high-

PT
of blockchain to the problem of cyber security, in or- lighted that the blockchain could be used for data
der to address how emerging technologies can offer abuse detection without the need of a central report-
solutions to mitigating emerging threats. To iden- ing mechanism; however, they did not look at the
tify what research had already been conducted in re- wider impact of blockchain on cyber security in gen-

RI
lation to blockchain and cyber security, it is neces- eral. Seebacher et al. provided an SLR in 2017 that
sary to systematically map out the availability of rel- highlighted blockchain was increasingly more impact-
evant papers and scholarly works. This paper seeks ful on service systems [26]. They recommended future
to focus on existing literature concerning the use of work to include a review of real-world applications,

SC
blockchain as a supporting technology for cyber secu- which is the basis of our research as we look to see
rity applications; this includes areas of business relat- how blockchain can affect cyber security problems.
ing to privacy, security, integrity and accountability of All the previous studies above answer questions re-
data and its use in securing networked devices, such lating to the wider use of blockchain technology, but

U
as Internet of Things (IoT). Our overarching goal is they do not look specifically its use in improving cyber
to provide a community-driven initiation for a better security solutions. The field of research in relation to
AN
study of blockchain and cyber security that explores blockchain has a relatively short history and is advanc-
the interplay between the two highly discussed fields. ing quickly. A fresh summary of the existence of more
Toward this goal, we will critically examine existing recent research is required, in particular with a focus
works and studies on blockchain cyber security, and on blockchain and cyber security in order to guide new
M

use these insights to develop new directions. research activities.

1.1. Prior Research 1.2. Research Goals

D

Specifically in relation to the application of The purpose of this research is to analyze existing
blockchain to the problem of cyber security, to the best studies, analyze their findings and summarize the ef-
forts of research into blockchain applications for cyber
TE

of our knowledge, there appears to be very limited sys-

tematic literature reviews (SLRs) in existence. One of security. To assist in focusing the work, we developed
the most recent survey papers in realm of blockchain three research questions, which are shown in Table 1.
and cyber security was performed by Salman et al.
1.3. Contributions
EP

[22]. In this study, the authors highlight the chal-

lenges and problems associated with the use of secu- This SLR is complementary to existing research and
rity services in centralized architecture in various ap- provides the following in order to allow those with
plication domains, and provide a comprehensive re- an interest in blockchain and cyber security to further
C

view of current blockchain-enabled methods for such their work:

security service applications in areas of authentica-
tion, confidentiality, privacy, access control, data and • We identify 42 primary studies relating to
AC

resource provenance, and integrity assurance in dis- blockchain and cyber security up until early
tributed networks. In our view, the study gives a valu- 2018. Others can use this list of studies to fur-
able start to fellow researchers who might be inter- ther their own work in this specific field.
ested in blockchain-based network and service secu- • We select a further 30 primary studies that ful-
rity. A small number of studies, however, in relation filled the criteria we set for quality assessment.
to blockchain and its wider impact have also been pub- These studies can provide suitable benchmarks
lished and we discuss these below to examine the dif- for comparative analysis against other similar re-
ferences between the topics selected by the authors search.
and our research.
Yli-Huumo et al. conducted an SLR in 2016 in or- • We present a comprehensive review of the data
der to determine what current research was published contained within the subset of 30 studies and
in relation to the general concept of blockchain tech- present the data to express the research, ideas and
nology [24]. They excluded legal, economic and regu- considerations in the fields of blockchain and cy-
latory research from their review and focused on tech- ber security.
ACCEPTED
A Systematic Literature Review of Blockchain MANUSCRIPT
Cyber Security 3

Research Questions Discussion (”blockchain” OR ”block-chain” OR ”distributed

(RQ) ledger”) AND ”security”
RQ1: What are Use cases for blockchain have diversified (”blockchain” OR ”block-chain” OR ”distributed
the latest security away from solely cryptocurrency. A re-
focused blockchain view of the latest practical applications
ledger”) AND (”cyber security” OR ”cybersecurity”
applications? will help with understanding the full im- OR ”cyber-security”)
pact of blockchain technology on cyber The platforms searched were:
security. - IEEE Xplore Digital Library
RQ2: How is Blockchain features can be deployed to - ScienceDirect
blockchain used solve problems relating to the security
to improve cyber of devices, networks and their users.
- SpringerLink
security? This will provide an understanding of the - ACM Digital Library

PT
methods used to implement blockchain in - Google Scholar
digital infrastructure for the purpose of se- The searches were run against the title, keywords
curity.
and abstract, where possible depending on the search
RQ3: What methods Cryptocurrency blockchains are com-
platforms. The searches were conducted on 30th April
are available for monly maintained through a proof-of-

RI
blockchain solutions work mechanism whereby miners can 2018 and we processed all studies that had been pub-
to manage security show to the rest of the network that they lished up to this date. The results from these searches
without requiring have invested significant resources in or- were filtered through the inclusion/exclusion criteria,
a cryptocurrency der to assist in the validation of transac-

SC
in Section 2.2, which allowed us to produce a set of
token? tions. This question will look at research
that addresses how a blockchain can be results that could then be run through the snowballing
maintained without the requirement to in- process as described by Wohlin [28]. Forward and
centivize miners for transaction valida- backward snowballing iterations were conducted until
tion.
no further papers were detected that met the inclusion

U
criteria.
Tab. 1: Research Questions
AN
2.2. Inclusion and Exclusion Criteria
• We present a meta-analysis of the state of play in Studies for inclusion in this SLR must report em-
regards to methods in which blockchain can be pirical findings and could be papers on case studies,
implemented to improve security of existing and new technical blockchain applications and commen-
M

emerging cyber technologies. taries on developments of existing security mecha-

nisms through blockchain integration. Papers must be
• We make representations and produce guidelines peer-reviewed and written in English; any results from
to support further work in this area.
D

Google Scholar will be checked for compliance with

This paper is structured as follows. Section 2 de- this as there is a possibility for Google Scholar to re-
turn lower-grade papers. Only the most recent version
TE

scribes the methods from which the primary studies

were systematically selected for analysis. Section 3 of a study will be fed in to this SLR. The key inclusion
presents the findings of the analysis of all the primary and exclusion criteria are shown in Table 2.
studies selected. Section 4 discusses the findings, re-
Criteria for Inclusion Criteria for Exclusion
lating to the research questions discussed earlier. Sec-
EP

The paper must present empirical Papers focusing on eco-

tion 5 concludes the research and offers suggestions data relating to the application and nomic, business or legal im-
for future research. use of blockchain. pacts of blockchain applica-
tions.
C

The paper must contain information Grey literature such as blogs

2. Research Methodology related to blockchain or associated and government documents.
distributed ledger technologies.
To achieve the objective of answering the research
AC

The paper must be a peer reviewed Non-English language pa-

questions, we conducted the SLR in accordance with product published in a conference pers.
the guidance published by Kitchenham and Charters proceeding or journal.
[27]. We sought to move through the planning, con-
ducting and reporting phases of the review in iterations Tab. 2: Primary Study Inclusion and Exclusion Criteria
to allow for thorough evaluation of the SLR.

2.1. Selection of Primary Studies 2.3. Selection Results

Primary studies were highlighted for selection There were a total of 742 studies identified from
through the use of passing keywords to the search fa- the initial keyword searches against the selected plat-
cility of the particular publication or search engine. forms. This was reduced to 665 after the removal of
The keywords were selected to promote the emergence duplicate studies. After running the studies through
of research that would assist in answering the research the inclusion/exclusion criteria the number of papers
questions. The Boolean operators used were restricted remaining for reading were 72. The 72 papers were
to AND and OR. The search strings were: read in full and the inclusion/exclusion criteria were
4 ACCEPTED MANUSCRIPT Paul J Taylor, et al.

re-applied, leaving 32 papers. Forward and backward

snowballing identified an additional 4 and 6 papers re-
spectively, giving a final figure for the number of pa-
pers to be included in this SLR as 42.

2.4. Quality Assessment

An assessment of the determined quality of primary

studies was made according to the guidance set by
Kitchenham and Charters [27]. This allowed for an as-

PT
sessment of the relevance of the papers to the research
questions, with consideration for any signs of research
bias and validity of experimental data. The assessment

RI
process was based on the process used by Hosseini et
al. [29] and five randomly selected papers were sub-
jected to the following quality assessment process in
order to triage their effectiveness. The stages of the

SC
process are described below:
Stage 1: Blockchain. The paper must be mainly Fig. 1: Attrition of Papers Through Processing
focussed on blockchain use or the application of
blockchain technology to a specific problem must be

U
well commented upon. 2.5. Data Extraction
Stage 2: Context. Enough context must be pro- All papers that passed quality assessment had data
AN
vided in relation to the research objectives and find- extracted to assess the completeness of data with the
ings. This will allow for accurate interpretation of the objective of testing the accurate recording of informa-
research. tion contained within the papers. The data extraction
Stage 3: Blockchain application. There must be process was trialled on an initial five (5) studies be-
M

enough detail present in the study to make an accu- fore expanding to include the full set of studies that
rate determination for how the technology was being passed the quality assessment phase. The data from
applied to a specific problem, which will assist in an- each study were extracted, categorized and then stored
swering research questions RQ1 and RQ2.
D

in a spreadsheet. The categories given to the data were

Stage 4: Security context. The papers must pro- as follows:
vide an explanation as to the extent of the security Context Data: Information about the purpose of
TE

problem, in an effort to assist in answering RQ3. the study.

Stage 5: Blockchain performance. Assessing the Qualitative Data: Findings and conclusions pro-
performance of the blockchain in the environment for vided by the authors.
which it is applied will allow for comparisons of dif- Quantitative Data: When applicable to the study,
EP

ferent blockchain applications. data observed by experimentation and research.

Stage 6: Data acquisition. Details about how the Figure 1 shows the number of papers selected at
data was acquired, measured and reported must be each stage of the process and the rate of attrition of pa-
given to determine accuracy. pers from the initial keyword searches from each plat-
C

This checklist for quality assessment was then ap- form down to the final selection of primary studies.
plied to all other primary studies identified and it was
AC

found that 11 studies did not meet one or more of the 2.6. Data Analysis
staged checklist items and as such were removed from To meet the objective of answering the research
the SLR, as shown in Table 3. questions we compiled the data held within the quali-
tative and quantitative data categories. Additionally,
Checklist Criteria Stage Excluded Studies we conducted a meta-analysis of those papers that
Stage 1: Blockchain [S26] [S37] were subjected to the final data extraction process.
Stage 2: Context [S5] [S23]
Stage 3: Blockchain Application [S6] 2.6.1. Publications Over Time
Stage 4: Security Context [S17] [S28] [S32] Despite the fact that the concept of blockchain,
Stage 5: Blockchain Performance [S40] entwined with bitcoin, was published in 2008 there
Stage 6: Data Acquisitionn [S18] [S31] were no final primary study papers published before
2015. This may highlight just how recent the ideas are
Tab. 3: Excluded Studies
concerning cyber security applications for blockchain.
Figure 2 is a chart showing the number of primary
ACCEPTED
A Systematic Literature Review of Blockchain MANUSCRIPT
Cyber Security 5

Keywords Count
blockchain 2389
network 1528
security 1404
transaction 1105
IoT 1041

PT
transactions 773
Fig. 2: Number of Primary Studies Published Over Time information 693
smart 669

RI
control 582
studies published each year. As it can be seen in
devices 552
the figure, there is an upward trend in the usage of
bitcoin 544
blockchain in the cyber security context. We envisage
privacy 543

SC
that in the future we will see a significant number of
distributed 533
research studies regarding the adoption of blockchain
internet 482
in real world applications, as the number of publica-
systems 473
tion until April 2018, is almost half of the whole num-
protocol 450
ber of publications in 2017.

U
consensus 450
technology 430
2.6.2. Significant Keyword Counts
AN
networks 391
In order to convey common themes amongst the pri-
applications 333
mary studies selected, an analysis of keywords was
attacks 320
performed across all 42 of the studies. Table 4 shows
encryption 222
the number of times specific words appeared in total
M

ethereum 156
across the range of primary studies. As it can be seen
in the table, excluding the author selected keywords,
Tab. 4: Primary Study Keyword Count
i.e., ”blockchain” and ”security”, the third most fre-
D

quent keyword in our dataset is ”IoT”, after ”network”

and ”transaction” keywords. This shows an increasing
interest in the adoption of blockchain in the context of
TE

IoT, as we will discuss further in Section 3.

3. Findings
EP

Each primary research paper was read in full and

relevant qualitative and quantitative data was extracted
and summarized in Table 5. Primary studies were de-
C

termined to have a focus or theme in relation to how

blockchain was approaching a particular problem. The
AC

focus of each paper is also recorded below in Table 5.

Each paper’s focus was further grouped into broader
categories to allow for a simplified breakdown of pri-
mary study themes. Studies that had a focus concern-
ing virtual machines, networking and virtual network
management were grouped together into the networks
category. Studies that had a focus of peer-to-peer
sharing, encrypted data storage and searching were
grouped in the category data storage and sharing.
Figure 3 shows the percentage breakdown of themes
Fig. 3: Chart of Primary Study Themes
for the 30 primary studies that made it through quality
assessment to be included in the data analysis.
The themes identified in the primary studies high-
light that almost half (45%) of all studies into cyber
security applications of blockchain are concerned with
6 ACCEPTED MANUSCRIPT Paul J Taylor, et al.

Primary Key Qualitative & Quantitative Data Reported Types of Se-

Study curity Appli-
cations
S1 Data between users and applications can be secured and remain untampered by being stored and passed through a Personal Data
blockchain. Rather than proof-of-work, trusted nodes are rewarded instead by their level of calculated trust assigned
by the network.
S2 DNS can be secured with blockchain using proposed ”D3NS”; backwards compatible new DNS proposal. DNS
S3 Proof of concept pseudonymous protocol for secure communications between IoT devices using bitcoin blockchain for IoT
case study.
S4 Experimental project for immutable naming and storing of data, called ”BlockStack”. Recognition for previously utilized Data Storage
Namecoin blockchain not offering security and reliability of bitcoin blockchain.
S7 Broad look at benefits IoT devices utilizing blockchain. For example, IoT devices from one manufacturer all on same IoT
blockchain and then distribute firmware upgrades peer to peer rather than pushed from the center. Recognition of require-

PT
ment for token, possible solutions offered.
S8 Proposal for a distributed ledger of Public Key Infrastructure (PKI) to avoid potential failure of central repository of PKI’s. Public Key
Recognition for token, new token named Cecoin proposed. Infrastructure
S9 Blockchain based system for providing authenticity for Docker images, without relying on central service such as Notary IoT / Docker
(provides defense against denial of service). Recognition a robust blockchain is needed; used bitcoin for experiment.

RI
S10 Bitcoin blockchain based proposal for securing Smart Home IoT devices on a local blockchain. Assessment of network IoT (Specif-
overheads when utilizing blockchain. ically Smart
Home)
S11 Multi-level network of IoT devices utilizing blockchain. Manages security of the blockchain through communication IoT

SC
between layers rather than fully decentralized nodes and miners.
S12 Suggestion for how low-power IoT devices could communicate with a more sufficient gateway to enabled node commu- IoT
nication on the ethereum blockchain.
S13 Proposal for securely sharing big data and preventing tampering. Utilizes the ethereum blockchain. Big Data
S14 Blockchain based distribution of hashed search indices to allow for keyword searching of encrypted data. Integrity main- Encrypted

U
tained by obtaining value deposit from a joining user and if they act maliciously, this deposit is shared to the rest of the Data Storage
nodes. & Searching
S15 Proposal for the use of blockchain to secure file sharing between nodes within a Software Defined Network (SDN). Networking
AN
Utilizes the ethereum platform.
S16 Securing Virtual Machines in networked environments utilizing private blockchain; IBM’s Hyperledger Fabric demon- Virtual Ma-
strated sufficient properties to allow for the researcher’s proposals. chines
S19 Proposes ”ControlChain”; a blockchain based solution for IoT device access control. Utilizes the same principles as the IoT
bitcoin blockchain and proposes that multiple blockchains could be used to handle different aspects of the IoT control.
M

S20 Proposal for ”ConsortiumDNS”; furthers the work of BlockStack from [S8] and deals with storage limits. DNS
S21 Focusses on IoT data trading, access and privacy. Proposes a blockchain solution for each to provide privacy solutions. IoT
Utilizes the ethereum platform.
S22 Present a scheme for securing access to Wi-Fi hotspots utilizing the bitcoin blockchain. Users authenticate with credentials Wi-Fi
that are stored on the blockchain as signed transactions. Digital signatures prove that credentials are held for the access
D

point. Anonymity is provided using existing CoinShuffle protocol.

S24 Discussion on strengths of blockchain in improving security, particularly with IoT. Highlights security benefits of IoT IoT
supply chain from manufacturer to end-user.
TE

S25 Position paper highlights increasing importance of blockchain application to IoT in homes, battlefields and healthcare. IoT
Conceives a way for IoT to install secure firmware updates.
S27 Proposes a Distributed Ledger Based Access Control (DL-BAC) for web applications. Distributed ledger refers to a Web Applica-
generic blockchain similar to bitcoin. tions
S29 Uses an MIT research data privacy concept to explore differences between blockchain proof-of-work and proof-of- Data Privacy
EP

credibility consensus mechanisms. Nodes are given a score to determine their credibility dependent on number of con-
nections to other trusted nodes.
S30 Proposes their own blockchain for managing Public Key Infrastructure and mining is incentivized not through currency Public Key
tokens but data payloads labelled approval, auth, renew, blame, ban and revoke, which builds trust across nodes. Infrastructure
S33 Proposes a blockchain gateway between IoT devices, specifically wearable devices, and their end-users in order to protect Data Privacy
C

data privacy. User device preferences are encrypted and stored on the blockchain for retrievable only by that user.
S34 Utilises a consortium blockchain, where there are specified N members to detect hashed malware on Android devices. Malware (An-
droid)
AC

S35 Provides an application of blockchain in the form of securing historic IoT connections and sessions and detecting mali- IoT
cious behavior. Suggested architecture is that the blockchain protocol sits between the application and transports layers
of the network. Utilizes token rewards similar to bitcoin but treats them as units of voting power.
S36 Propose pricing strategies for blockchain based distributed peer to peer transactions. Blockchain concepts and incentiviza- Peer to Peer
tion based on bitcoin. Data Sharing
S38 Substantial review of IoT security and how blockchain could meet the challenges of reducing the existing security threats IoT
against such devices. Mentions ethereum as a potential platform to allow for smart contracts to be developed in endless
ways.
S39 Proposal to develop ”IoTChain” for utilizing blockchain to allow for secure access and authentication to IoT devices. IoT
Evaluation of the feasibility of their proposal was conducted on the ethereum platform. Researchers utilize three full
nodes; clients, key servers and authentication servers. The latter acts as the miner of the transactions and stores data
on the blockchain using either proof-of-work or proof-of-stake consensus mechanisms. For IoTChain the researchers
conceptualize their own Proof-of-Possession mechanism.
S41 Thorough review of how blockchain works, current Proof-of-X concepts and their advantages and disadvantages. Dis- IoT
cusses useful applications of blockchain with IoT security, for example access control. Quantifies the risk of selfish mining
nodes.
S42 Discusses security of Virtual Network Functions and associated datacentre management. Proposes a consensus blockchain Virtual
solution using a Practical Byzantine Fault Tolerance (PBFT) consensus mechanism. Hard disk sector size impacts on Network
blockchain information retrieval speeds; larger sectors deliver faster speeds. Experimentation indicated write speeds on Management
the PBFT system are 10-20 times the speed of what would be obtained on ethereum and bitcoin platforms.

Tab. 5: Key Findings and Themes from Primary Studies

ACCEPTED
A Systematic Literature Review of Blockchain MANUSCRIPT
Cyber Security 7

the security of IoT devices. Data Storage and Shar- ers. The bitcoin blockchain is the most established,
ing is the second most popular theme with 16%; the invested in and decentralized blockchain [30] avail-
studies include blockchain applications for searching able and provides a useful testbed for experimental
encrypted cloud-based data and preventing tampering concepts, however it can suffer high latency and fees
of file names and the data contained within. Networks during times of high network demand with the current
are the third most common theme with 10% and are protocols being employed [31].
mostly concerned with how blockchain can provide The current ethereum and bitcoin adopted proof-of-
security and authenticity to virtual machines and con- work mechanisms for achieving consensus can prove
tainers. Data Privacy and Public Key Infrastructure to be detrimental to lightweight loT infrastructures
are the fourth most common theme with 7% each; the as they need to use resource intensive processes and

PT
blockchain applications allow for end users to authen- networking to hash blocks of transactions to a point
ticate in some way with another entity or service and where they achieve a predetermined level of difficulty.
do so in a way that they do not need to rely on a vul- This mechanism may not be best suited to IoT de-
nerable central server of information. The fifth most vices as they are typically designed to have the min-

RI
common theme is Domain Name Systems and how imal hardware and power required to perform the task
blockchain can effectively host DNS records in a dis- in hand. To address this, several primary studies con-
tributed environment to prevent malicious changes and cerned with IoT proposed their own solutions, such

SC
denial of service attacks. The least common themes as the Proof-of-Possession in the IoTChain proposal
relate to Wi-Fi, Web and Malware with 3% each. [S39].
The Proof-of-Credibility blockchain [S29] achieved
consensus by assigning a credibility score to individ-
4. Discussion

U
ual nodes [32]. It was proposed in [S29] that a hy-
bridized blockchain showed that a blockchain utiliz-
The initial keyword searches highlighted that
ing both proof-of-stake and [33] proof-of-credibility
AN
there are a substantial number of papers related
could be more resistance to attack than proof-of-work.
to blockchain. The technology of blockchain and
This suggests that security does not have to solely rely
truly distributed decentralized systems has only been
on PoW mechanisms.
around for ten years and is clearly still in its infancy.
The strength, robustness and trustless appeal of any
M

A sizeable portion of the selected primary studies are

experimental proposals or concepts for solutions to to- blockchain comes from its ”democratic” system [S9]
day’s problems and have little in the way of quantita- and due to this the primary studies, in general, showed
tive data or practical application. Some of the more recognition that the use of existing blockchain is a ne-
D

practical security solutions offered in the remaining cessity. The more participating nodes there are and
primary studies display innovative techniques for solv- the better the mechanism to regulate behavior of min-
ing nodes, the better the decentralization and need
TE

ing a wide range of problems concerning data secu-

rity, mutability and authentication of users. The solu- for trust of individual nodes, which leads to improve
tions often depend on a significant change to that sys- blockchain security and reliability.
tem’s infrastructure; for example, a change in network RQ1: What are the latest security focused
blockchain applications?
EP

architecture or a reliance on a particular blockchain

or platform over a single, centralized server. Due to It is important to stress that this systematic litera-
the labour involved with changing or moving an ex- ture review has focused on cyber security applications
isting system it is difficult for some of the practical of blockchain and no other potential or existing appli-
C

concepts to be run in an experimental environment cations such as healthcare and logistics.

for any length of time to determine the effectiveness With that in mind it should be noted that during the
process of attrition to select the primary studies the
AC

of the blockchain application over conventional secu-

rity. Notable exceptions included IoTChain [S39] and researchers noted that studies regarding finance and
their experimentation of different consensus mecha- healthcare were plentiful. Each of these may have ad-
nisms. They utilized the existing and well established dressed security issues in their own right, however the
ethereum platform to conduct their development and selection process concentrated on studies that at their
experimental analysis; it seems that the most practi- core were focused on security.
cal and ready-to-deploy solutions were those that had The opportunities to improve security of the Inter-
been trialled on ethereum or bitcoin platforms. net of Things are clearly abundant when consideration
The researchers appeared to lean towards using is given to the fact that almost half of all published
established platforms such as ethereum and bitcoin cyber security blockchain applications concerned IoT.
for a few different reasons. Ethereum allows for This may be because of the proliferation of IoT in our
very customisable programming of smart contracts homes, military and healthcare and the ever increasing
and blockchain applications in the language Solid- demand for IoT solutions [34]. Similarly, demand for
ity, which is not too far removed from Javascript and solutions to security threats to IoT may be spawned
Python and as such makes it attractive to develop- from well covered media reports of attacks orches-
8 ACCEPTED MANUSCRIPT Paul J Taylor, et al.

trated through the exploit of such devices [35]. will more data be added to the chain of previous infor-
The latest studies suggested that the most security mation. As outlined in other areas of this paper this is
focused blockchain applications were as follows: achieved in many different ways but the bottom line is
this: many members of a group who all have access to
• IoT —Authentication of devices to the network the same information will be able to secure that group
and the authentication of end users to the devices far better than a group made up of one leader and a
themselves [S10] [S19] [S21]. Secure deploy- host of members who rely on the leader for their in-
ment of firmware through peer-to-peer propaga- formation, particularly when bad actors could come in
tion of updates [S7] [S24] [S25]. Threat detec- the form of group members or the leader themselves.
tion and malware prevention [S34] [S35]. Based on the most security focused blockchain

PT
applications identified in RQ1, we discuss how
• Data Storage and Sharing —Ensuring that data blockchain was applied to improve cyber security in
stored in the cloud remains resistant to unautho- IoT, data storage and sharing, network security, pri-
rized change, hash lists to allow for searching of vate user data, navigation and utility of World Wide

RI
data can be maintained and stored securely, and Web:
data exchanged can be verified as being the same
from dispatch to receipt [S4] [S13] [S14]. • IoT —Mainly private blockchains (such as Hy-

SC
• Network Security —Due to increasingly utilized perledger Fabric) are applied to implement per-
visualized machines, software defined networks missioned access control for devices (nodes) in
and the use of containers for application deploy- the network [S10] [S19] [S21] to securely track
ment blockchain allows for authentication criti- data management and prevent any malicious ac-
cess. In another class of work, blockchain is used

U
cal data to be stored in a decentralized and robust
manner [S15] [S16] [S42]. to improve the security of firmware deployment
through peer-to-peer propagation of updates [S7]
AN
• Private User Data —Including end user settings [S24] [S25] to provide IoT device identification,
for wearable Bluetooth devices and the protec- authentication and seamless secure data transfer.
tion of personal identifiable information being An application of blockchain in the form of se-
exchanged with other parties [S29] [S33]. curing historic IoT connections and sessions and
M

detecting malicious behavior is provided in [S34]

• Navigation and utility of the World Wide Web [S35]. In these works, suggested architecture is
—Ensuring validity of the wireless internet ac- that the blockchain protocol sits between the ap-
cess point being connected to [S22], navigating
D

plication and transports layers of the network.

to the correct web page through accurate DNS Utilizes token rewards similar to bitcoin but treats
records [S2] [S20], safely utilizing web appli- them as units of voting power.
TE

cations [S27] and communicating with others

through secure, encrypted methods [S8] [S39]. • Data Storage and Sharing —Both public and pri-
vate distributed ledgers are used to eliminate a
RQ2: How is blockchain used to improve cyber single source of failure within a given storage
EP

security? ecosystem, protecting its data from tampering.

Blockchain and the surrounding technologies offer That is, blockchain helps to ensure that data
no silver bullet for cyber security issues. If anything, stored in the cloud remains resistant to unautho-
they simply bolster existing efforts to secure networks, rized change, hash lists to allow for searching of
C

communications and data. Blockchain utilities en- data can be maintained and stored securely, and
cryption and hashing to store immutable records and data exchanged can be verified as being the same
AC

many of the existing cyber security solutions utilize from dispatch to receipt [S4] [S13] [S14]. In a
very similar technology as well. The majority of ex- nutshell, blockchain improves data storage and
isting security measures rely on a single trusted au- sharing security by creating a decentralized net-
thority to verify information or store encrypted data. work that uses client-side encryption in which
This leaves the system prone to attack; many bad data owners will have full traceable control of
actors could focus their efforts on a single target to their data.
commit denial of service attacks, inject malicious in-
formation and extort data through theft or blackmail. • Network Security —Majority of works in this
Blockchains have the upper hand over current secu- category use blockchains to improve software de-
rity measures in that true blockchains are decentral- fined networks (SDNs) and the use of contain-
ized and do not require the authority or trust of any ers for authentication critical data to be stored
one member of the group or network; the system does in a decentralised and robust manner [S15] [S16]
not require trust because each node, or member, has a [S42]. In such works, blockchain-enabled archi-
complete copy of all the historic information available tecture of SDN controllers using a cluster struc-
and only through achieving consensus of the majority ture is used. The architecture uses public and
ACCEPTED
A Systematic Literature Review of Blockchain MANUSCRIPT
Cyber Security 9

private blockchains for P2P communication be- One study [S11] even explored the possibility of re-
tween nodes in the network and SDN controllers lying on multiple blockchain layers for trust and au-
to make the blockchain appropriate to address thentication of transaction between hierarchical lay-
network security issues. ers.
Some of the studies proposed blockchain as being
• Private User Data —Comparing to other cat- a solution to a particular security solution but made
egories, the application of blockchain for im- no reference to whether an existing blockchain should
proving data privacy has been less discussed in be used or a new one developed. Equally, some pa-
the literature. The reason could be due to the pers avoided the mention of the use of tokens entirely
irreversibility nature of blockchain (everybody and [S25] is an example of a paper that proposes some

PT
has a copy of the ledger), which makes it hard interesting security solutions without specifying par-
to be used for privacy purposes, particularly in ticulars in relation to the blockchain itself.
data protection. In the current approaches [S29] There is no evidence available in the primary stud-
[S33], typically user device preferences are en- ies to suggest that any system other than a proof-of-

RI
crypted and stored on the blockchain for retriev- work consensus mechanism awarding miners a token
able only by that user. Also, they explore dif- of value has been able to scale securely with the levels
ferences between blockchain PoW and proof-of- of network traffic the bitcoin and ethereum networks
credibility consensus mechanisms, where nodes

SC
are subjected to.
are given a score to determine their credibility
dependent on number of connections to other
trusted nodes. 5. Future Research Directions of Blockchain in
Cyber Security

U
• Navigation and utility of the World Wide Web
—Blockchain is used to improve the validity Based on the results of this survey and our obser-
AN
of the wireless internet access point being con- vations, we present the following research directions
nected to [S22], by storing and monitoring the of blockchain in the field of cyber security that worth
access control data on a local ledger. Also, further investigation:
blockchain is used to help navigating to the cor- Blockchain in IoT security: Security in IoT net-
M

rect web page through accurate DNS records [S2] works has been claimed as a pressing need of the in-
[S20], safely utilizing web applications [S27] and dustry that gets utmost priority for improvement and
communicating with others through secure, en- enforcement. Despite current research and the fact
crypted methods [S8] [S39]. To implement these that almost any article on blockchain cyber security
D

solutions, the idea of consortium blockchain has in the literature points out that the security of IoT
been used, in which the consensus process is con- systems could be revitalized if it is supported with
TE

trolled by a preselected set of nodes in the net- blockchain technology. Yet, little is known and dis-
work. cussed about factors related to decisions and feasibil-
ity to adopt this technology, and how and where it can
RQ3: What methods are available for systemically be put into use to remedy current IoT
EP

blockchain solutions to manage security with- security’s risks/threats in a clear context, allowing to
out requiring a cryptocurrency token? imagine and then create future vectors in this specific
A substantial number of primary studies accepted domain. Thus, it is important for future research to de-
that token incentivization of miners [36], [37], such velop some kind of quantifiable guidelines and tools
C

as in the reward of bitcoin, is a well-established and that can help realize this gap in the literature. Fur-
robust method for achieving consensus of the longest thermore, proposing lightweight blockchain-based so-
AC

chain [S8] [S9] [S13] [S14] [S21] [S22] [S29] [S30] lutions for resource constrained IoT devices (running
[S36] [S38]. That said, novel approaches to token on the edge of network) could be another avenue of
distribution suggest that there are options outside of further research.
paying miners currency tokens; [S30] suggests that to- Blockchain for AI data security: In modern
kens hold value in allowing recipient nodes more vot- computing ecosystem, data is captured from various
ing power; the more a node contributes to mining, the sources and is transmitted from devices (e.g., IoT)
more voting power it will have over the choice of chain through the networks. Artificial intelligence (AI) and
going forward. its derivatives have been used as powerful tools to ana-
The proposal of [S7] suggests the possibility of lyze and process the captured data to achieve effective
each IoT automatically charging other devices a token reasoning in addressing security issues. Although AI
amount for pushing firmware upgrade. is powerful and can be engaged with distributed com-
IBM’s Hyperledger Fabric [S16] utilizes their puting, deceptive analysis would be generated when
own Chaincode to secure transactions within the corrupted or dishonest data is intentionally or uninten-
blockchain and achieve consensus; tokens of currency tionally integrated by a malicious third-parity based
are optional. on adversarial inputs. Blockchain as a popular ledger
10 ACCEPTED MANUSCRIPT Paul J Taylor, et al.

technology has the potential to be leveraged in differ- security and without doubt there are worthy applica-
ent aspects of cyber space. The blockchain attempts tions for blockchain, however a decentralized, trust-
to reduce transaction risks and financial fraud, due less system cannot by itself solve all the problems one
to characteristics such as decentralization, verifiabil- may uncover in the field of cyber security; blockchain
ity and immutability for ensuring authenticity, relia- applications for cyber security merely evolve and bol-
bility and integrity of data. When the trust and reli- ster the existing efforts to enhance security and deter
ability of the data can be ensured, more secure and malicious actors.
trustworthy outcomes can be produced by the AI. A This research highlights the opportunities available
future research direction could be the exploration of for future research to be conducted in areas of cyber
blockchain in security of AI data in B2B and M2M security outside the realm of IoT. As the world wide

PT
environments. web moves towards mass adoption of https encryption
Sidechain security: The sidechain technology and end users increasingly use some form of encryp-
[38], [39] has most recently emerged as a separate tion for everyday communication [44], there is an ever
chain attached to the main chain, in parallel with trans- increasing need to securely manage the surrounding

RI
actions, to alleviate the challenges (mainly perfor- cryptography and certification schemes.
mance) related to main blockchains. In the near future, Potential research agenda 1: The research surround-
we envision a distributed multi-blockchain ecosys- ing IoT security using blockchain applications often

SC
tem, in which different main chains and sidechains made comment on network latency and power con-
are required to collaborate with each other in various sumption to maintain the distributed network. For the
scenarios. However, the practical understanding of purpose of this paper it was not possible to quantify
sidechains remain poorly understand, and many fun- such data due to the variability in solutions employed
damental research questions to be debated. For exam-

U
by each group of researchers; future work could in-
ple, clude an assessment of network latency, power con-
sumption and data packet flows of blockchain based
AN
1. How do these sidechains establish security de- IoT networks, standardizing the data presented in the
faults to prevent attacks? primary studies.
2. How could blockchain customers be assured of Potential research agenda 2: Several of the primary
M

the integrity and confidentiality of their data studies [43], [20], [45] opted to use the Ethereum plat-
through sidechains? form and smart contracts to find solutions to their
security problems. Further future work could in-
Answering these questions is vital to the future inves- clude a review of the various ways in which Ethereum
D

tigations to have a more sustained blockchain cyber and/or other permissionless/permissioned Blockchain
security research [40]. platforms have been, or can be, used to develop inno-
TE

Releasing open-source software and dataset, and vative cyber security solutions.
engaging with community: Blockchain cyber secu- Potential research agenda 3: The more distributed,
rity research is fractured between academia and the investable and decentralized cryptocurrency tokens
developer community. Future steps to heal this divide have the more robust and secure blockchains to sup-
EP

are required by academic researchers to release more port the applications proposed by researchers, and
open-source applications, tools, and dataset by engag- for that reason cryptocurrencies will grow along-
ing industry community and start-ups. In fact, there side the adoption of blockchain security techniques.
is a large community interested in blockchain analy- While Bitcoin remains the most successful decen-
C

sis (evidenced by the popularity of open-source tools tralised cryptocurrency with the lengthiest, most ro-
such as bitcoin-abe [41] or BlockBench [42] for in- bust blockchain, there has been increasing interest in
designing a forensically-friendly cryptocurrency ar-
AC

stance), so academic researchers should actively in-

volve the community in the development, validation, chitecture, which will facilitate lawful (forensic) in-
and maintenance of their research results. vestigation of suspicious cryptocurrency transactions,
such as those used in cybercriminal activities (e.g.,
ransomware and terrorism financing).
6. Conclusion and Future Work Potential research agenda 4: It is known that per-
missionless blockchain frameworks, such as Bitcoin
This research has carved out relevant recent re- and Ethereum, generally take between minutes to
search available on how blockchain solutions can con- reach consensus. However, such latency may not
tribute to cyber security problems. The initial keyword be acceptable for time and delay-sensitive applica-
searches for this research and current media reporting tions such as Internet of Battlefield Things (IoBT)
[43] highlight blockchain as being a standalone tech- deployment. Hence, a potential research agenda is
nology that brings with it an exorbitant array of possi- to design blockchain based solutions, for example
ble solutions for finance, logistics, healthcare and cy- in combination with hardware-based approaches,
ber security. This research has focused solely on cyber with reduced latency that are suited for time and
ACCEPTED
A Systematic Literature Review of Blockchain MANUSCRIPT
Cyber Security 11

delay-sensitive applications. [S14] C. Cai, X. Yuan, and C. Wang, “Hardening Dis-

tributed and Encrypted Keyword Search via Blockchain,”
Primary Studies 2017 IEEE Symp. Privacy-Aware Comput., pp. 119–128,
2017.
[S1] G. Zyskind and A. S. Pentland, “Decentralizing
[S15] S. Ram Basnet and S. Shakya, “BSS: Blockchain
Privacy: Using Blockchain to Protect Personal Data,” 2015.
Security over Software Defined Network,” Ieee Iccca, pp.
720–725, 2017.
[S2] B. Benshoof, A. Rosen, A. G. Bourgeois, and R. W.
Harrison, “Distributed decentralized domain name service,”
[S16] N. Bozic, G. Pujolle, and S. Secci, “Securing virtual
Proc. - 2016 IEEE 30th Int. Parallel Distrib. Process. Symp.
machine orchestration with blockchains,” 2017 1st Cyber

PT
IPDPS 2016, pp. 1279–1287, 2016.
Secur. Netw. Conf., pp. 1–8, 2017.
[S3] A. Ouaddah, A. Abou Elkalam, and A. Ait Ouahman,
[S17] F. Dai, Y. Shi, N. Meng, L. Wei, and Z. Ye, “From
“FairAccess: a new Blockchain-based access control
Bitcoin to cybersecurity: A comparative study of blockchain

RI
framework for the Internet of Things,” Secur. Commun.
application and security issues,” 2017 4th Int. Conf. Syst.
Networks, vol. 9, no. 18, pp. 5943–5964, 2016.
Informatics, no. 61471129, pp. 975–979, 2017.

[S4] M. Ali et al., “Blockstack: A Global Naming and

[S18] N. Rifi, E. Rachkidi, N. Agoulmine, and N. C. Taher,

SC
Storage System Secured by Blockchains,” USENIX Annu.
“Towards using blockchain technology for IoT data access
Tech. Conf., pp. 181–194, 2016.
protection,” 2017 IEEE 17th Int. Conf. Ubiquitous Wirel.
Broadband, pp. 1–5, 2017.
[S5] A. Dorri, S. S. Kanhere, and R. Jurdak, “Blockchain in

U
internet of things: Challenges and Solutions,” 2016. [S19] O. J. A. Pinno, A. R. A. Gregio, and L. C. E. De
Bona, “ControlChain: Blockchain as a Central Enabler for
[S6] J. Filipek and L. Hudec, “Advances In Distributed Access Control Authorizations in the IoT,” GLOBECOM
AN
Security For Mobile Ad Hoc Networks,” Proc. 17th Int. 2017 - 2017 IEEE Glob. Commun. Conf., pp. 1–6, 2017.
Conf. Comput. Syst. Technol. 2016 - CompSysTech ’16,
no. June, pp. 89–96, 2016. [S20] X. Wang, K. Li, H. Li, Y. Li, and Z. Liang, “Con-
sortiumDNS: A Distributed Domain Name Service Based
M

[S7] K. Christidis and M. Devetsikiotis, “Blockchains and on Consortium Chain,” 2017 IEEE 19th Int. Conf. High
Smart Contracts for the Internet of Things,” IEEE Access, Perform. Comput. Commun. IEEE 15th Int. Conf. Smart
vol. 4, pp. 2292–2303, 2016. City; IEEE 3rd Int. Conf. Data Sci. Syst., pp. 617–620,
2017.
D

[S8] B. Qin, J. Huang, Q. Wang, X. Luo, B. Liang, and

W. Shi, “Cecoin: A decentralized PKI mitigating MitM [S21] Z. Huang, X. Su, Y. Zhang, C. Shi, H. Zhang, and L.
TE

attacks,” Futur. Gener. Comput. Syst., 2017. Xie, “A decentralized solution for IoT data trusted exchange
based-on blockchain,” 2017 3rd IEEE Int. Conf. Comput.
[S9] Q. Xu, C. Jin, M. F. B. M. Rasid, B. Veeravalli, and K. Commun., pp. 1180–1184, 2017.
M. M. Aung, “Blockchain-based decentralized content trust
for docker images,” Multimed. Tools Appl., pp. 1–26, 2017. [S22] Y. Niu, L. Wei, C. Zhang, J. Liu, and Y. Fang, “An
EP

anonymous and accountable authentication scheme for

[S10] A. Dorri, S. S. Kanhere, R. Jurdak, and P. Gau- Wi-Fi hotspot access with the Bitcoin blockchain,” 2017
ravaram, “Blockchain for IoT security and privacy: The IEEE/CIC Int. Conf. Commun. China, no. Iccc, pp. 1–6,
case study of a smart home,” 2017 IEEE Int. Conf. 2017.
C

Pervasive Comput. Commun. Work. (PerCom Work., pp.

618–623, 2017. [S23] H. Gupta, “A Security Framework for IOT Devices
AC

Against Wireless Threats,” 2017.

[S11] C. Li and L. J. Zhang, “A blockchain based new
secure multi-layer network model for internet of things,” [S24] N. Kshetri, “Blockchain’s roles in strengthening
Proc. - 2017 IEEE 2nd Int. Congr. Internet Things, ICIOT cybersecurity and protecting privacy,” Telecomm. Policy,
2017, pp. 33–41, 2017. vol. 41, no. 10, pp. 1027–1038, 2017.

[S12] K. R. Özyılmaz and A. Yurdakul, “Integrating low- [S25] M. Banerjee, J. Lee, and K.-K. R. Choo, “A
power IoT devices to a blockchain-based infrastructure,” blockchain future to Internet of Things security: A position
Proc. Thirteen. ACM Int. Conf. Embed. Softw. 2017 paper,” Digit. Commun. Networks, 2017.
Companion - EMSOFT ’17, pp. 1–2, 2017.
[S26] F. Buccafurri, G. Lax, S. Nicolazzo, and A. Nocera,
[S13] L. Yue, H. Junqin, Q. Shengzhi, and W. Ruijin, “Big “Overcoming Limits of Blockchain for IoT Applications,”
Data Model of Security Sharing Based on Blockchain,” Proc. 12th Int. Conf. Availability, Reliab. Secur. - ARES
2017 3rd Int. Conf. Big Data Comput. Commun., pp. ’17, pp. 1–6, 2017.
117–121, 2017.
[S27] L. Xu, L. Chen, N. Shah, Z. Gao, Y. Lu, and W. Shi,
12 ACCEPTED MANUSCRIPT Paul J Taylor, et al.

“DL-BAC: Distributed Ledger Based Access Control for Blockchain to Secure Internet of Things and the Stalker
Web Applications,” Proc. 26th Int. Conf. World Wide Web Attack,” vol. 2018, 2018.
Companion, pp. 1445–1450, 2017.
[S42] I. D. Alvarenga, “Securing Configuration, Manage-
[S28] J. Spasovski and P. Eklund, “Proof of Stake ment And Migration Of Virtual Network Functions Using
Blockchain,” Proc. 9th Int. Conf. Manag. Digit. Ecosyst. - Blockchain,” 2018.
MEDES ’17, no. November, pp. 251–258, 2017.

[S29] D. Fu and F. Liri, “Blockchain-based trusted comput-

References
ing in social network,” 2016 2nd IEEE Int. Conf. Comput.
Commun. ICCC 2016 - Proc., pp. 19–22, 2017. [1] T. Aste, P. Tasca and T. Di Matteo, ”Blockchain Technologies:

PT
The Foreseeable Impact on Society and Industry,” in Com-
[S30] A. Moinet, B. Darties, and J.-L. Baril, “Blockchain puter, vol. 50, no. 9, pp. 18-28, 2017.
based trust & authentication for decentralized sensor [2] Z. Zheng, S. Xie, H. Dai, X. Chen, and H. Wang, “An
Overview of Blockchain Technology: Architecture, Consen-
networks,” pp. 1–2, 2017. sus, and Future Trends,” in 2017 IEEE International Congress

RI
on Big Data (BigData Congress), pp. 557–564, 2017.
[S31] D. Li, Z. Cai, L. Deng, X. Yao, and H. H. Wang, [3] S. Nakamoto, “Bitcoin: A Peer-to-Peer Electronic
“Information security model of block chain based on Cash System,” Www.Bitcoin.Org, [Online]. Available:
intrusion sensing in the IoT environment,” Cluster Comput., https://bitcoin.org/bitcoin.pdf, 2008.

SC
vol. 1, pp. 1–18, 2018. [4] G. Wood, “Ethereum: a secure decentralized generalized
transaction ledger Yellow Paper,” Ethereum Project. Yellow
Pap., pp. 1–32, 2014.
[S32] Y. Zhao, Y. Li, Q. Mu, B. Yang, and Y. Yu, “Secure [5] V. Buterin, “A next-generation smart contract and decen-
Pub-Sub: Blockchain-Based Fair Payment with Reputation tralized application platform,” Etherum, [Online]. Available:

U
for Reliable Cyber Physical Systems,” IEEE Access, vol. 6, http://buyxpr.com/build/pdfs/EthereumWhitePaper.pdf, 2014.
pp. 12295–12303, 2018. [6] E. Androulaki et al., “Hyperledger Fabric: A Distributed Op-
erating System for Permissioned Blockchains,” in Proceedings
AN
of the Thirteenth EuroSys Conference, pp. 30:1–30:15, 2018.
[S33] S. C. Cha, J. F. Chen, C. Su, and K. H. Yeh, “A [7] L. Kan, Y. Wei, A. Hafiz Muhammad, W. Siyuan, G. Lin-
Blockchain Connected Gateway for BLE-based Devices in chao, and H. Kai, “A Multiple Blockchains Architecture
the Internet of Things,” IEEE Access, vol. 3536, no. c, 2018. on Inter-Blockchain Communication,” in 2018 IEEE Interna-
tional Conference on Software Quality, Reliability and Secu-
M

[S34] J. Gu, B. Sun, X. Du, J. Wang, Y. Zhuang, and Z. rity Companion (QRS-C), pp. 139–145, 2018.
[8] D. Miller, “Blockchain and the Internet of Things in the Indus-
Wang, “Consortium blockchain-based malware detection in trial Sector,” IT Professional, vol. 20, no. 3, pp. 15–18, 2018.
mobile devices,” IEEE Access, vol. 6, pp. 12118–12128, [9] J. Fiaidhi, S. Mohammed, and S. Mohammed, “EDI with
2018. Blockchain as an Enabler for Extreme Automation,” IT Pro-
D

fessional, vol. 20, no. 4, pp. 66–72, 2018.

[S35] Y. Gupta, R. Shorey, D. Kulkarni, and J. Tew, “The [10] M. Samaniego and R. Deters, “Blockchain as a Service for
IoT,” in 2016 IEEE International Conference on Internet of
TE

applicability of blockchain in the Internet of Things,” 2018

Things (iThings) and IEEE Green Computing and Commu-
10th Int. Conf. Commun. Syst. Networks, pp. 561–564, nications (GreenCom) and IEEE Cyber, Physical and Social
2018. Computing (CPSCom) and IEEE Smart Data (SmartData), pp.
433–436, 2016.
[S36] Y. He, H. Li, X. Cheng, Y. A. N. Liu, C. Yang, and [11] M. E. Peck, “Blockchains: How they work and why they’ll
EP

L. Sun, “A Blockchain based Truthful Incentive Mechanism change the world,” IEEE Spectrum, 2017.
[12] “Bitcoin Could Be Accepted at 300,000 Japanese Stores in
for Distributed P2P,” IEEE Access, vol. xx, no. c, 2018.
2017.”
[13] S. Chen, C. Y.-H. Chen, W. K. Härdle, T. M. Lee, and B. Ong,
[S37] J. H. Jeon, K. Kim, and J. Kim, “Block chain based “Chapter 8 - Econometric Analysis of a Cryptocurrency Index
C

data security enhanced IoT Server Platform,” pp. 941–944, for Portfolio Investment BT - Handbook of Blockchain, Digi-
2018. tal Finance, and Inclusion, Volume 1,” Academic Press, 2018,
pp. 175–206.
AC

[14] K.-K. R. Choo, “Cryptocurrency and Virtual Currency,” in

[S38] M. A. Khan and K. Salah, “IoT security: Review, Handbook of Digital Currency, Elsevier, 2015, pp. 283–307.
blockchain solutions, and open challenges,” Futur. Gener. [15] S. Homayoun, A. Dehghantanha, M. Ahmadzadeh, S.
Comput. Syst., vol. 82, pp. 395–411, 2018. Hashemi, and R. Khayami, “Know Abnormal, Find Evil: Fre-
quent Pattern Mining for Ransomware Threat Hunting and In-
[S39] O. Alphand et al., “IoTChain: A Blockchain Security telligence,” IEEE Trans. Emerg. Top. Comput., pp. 1–1, 2017.
Architecture for the Internet of Things” To cite this version: [16] O. Osanaiye, H. Cai, K.-K. R. Choo, A. Dehghantanha, Z. Xu,
and M. Dlodlo, “Ensemble-based multi-filter feature selection
HAL Id: hal-01705455 IoTChain: A Blockchain Security method for DDoS detection in cloud computing,” Eurasip J.
Architecture for the Internet of Things,” 2018. Wirel. Commun. Netw., vol. 2016, no. 1, 2016.
[17] “Five ways banks are using blockchain.”
[S40] C. Dukkipati, “Decentralized , BlockChain Based [18] “How Blockchain Will Transform The Supply Chain And Lo-
Access Control Framework for the Heterogeneous Internet gistics Industry.”
[19] K. Megget, “Securing the supply chain,” 2018.
of Things,” pp. 61–69, 2018.
[20] R. M. Parizi, Amritraj, and A. Dehghantanha, “Smart Contract
Programming Languages on Blockchains: An Empirical Eval-
[S41] E. F. Jesus, V. R. L. Chicarino, C. V. N. De Albu- uation of Usability and Security”, International Confernce on
querque, and A. A. D. A. Rocha, “A Survey of How to Use Blockchain, Seattle, USA, pp. 75-91, 2018.
ACCEPTED
A Systematic Literature Review of Blockchain MANUSCRIPT
Cyber Security 13

[21] “Smart Contracts On The Blockchain: Can Businesses Reap ware Engineering (CASCON’18), IBM, Canada, pp. 103-113,
The Benefits?” 2018.
[22] T. Salman, M. Zolanvari, A. Erbad, R. Jain and M. Samaka,
”Security Services Using Blockchains: A State of the Art
Survey,” in IEEE Communications Surveys & Tutorials. doi:
10.1109/COMST.2018.2863956, 2018.
[23] “Convergence of Blockchain and Cybersecurity - IBM Gov-
ernment Industry Blog.”
[24] J. Yli-Huumo, D. Ko, S. Choi, S. Park, and K. Smolander,
“Where is current research on Blockchain technology? - A
systematic review,” PLoS One, vol. 11, no. 10, pp. 1–27, 2016.
[25] M. Conoscenti, A. Vetrò, and J. C. De Martin, “Blockchain
for the Internet of Things: A systematic literature review,” in

PT
2016 IEEE/ACS 13th International Conference of Computer
Systems and Applications (AICCSA), 2016, pp. 1–6.
[26] S. Seebacher and R. Schüritz, “Blockchain Technology as an
Enabler of Service Systems: A Structured Literature Review,”

RI
in Exploring Services Science, 2017, pp. 12–23.
[27] B. Kitchenham and S. Charters, “Guidelines for performing
Systematic Literature Reviews in Software Engineering,” En-
gineering, vol. 2, p. 1051, 2007.
[28] C. Wohlin, “Guidelines for snowballing in systematic litera-

SC
ture studies and a replication in software engineering,” Proc.
18th Int. Conf. Eval. Assess. Softw. Eng. - EASE ’14, pp.
1–10, 2014.
[29] S. Hosseini, B. Turhan, and D. Gunarathna, “A Systematic
Literature Review and Meta-Analysis on Cross Project De-

U
fect Prediction,” IEEE Transactions on Software Engineering.
2017.
[30] “Bitcoin price, charts, market cap, and other metrics — Coin-
AN
MarketCap.”
[31] “What are Blockchain’s Issues and Limitations? - CoinDesk.”
[32] H. Watanabe, S. Fujimura, A. Nakadaira, Y. Miyazaki, A.
Akutsu, and J. Kishigami, “Blockchain contract: Securing a
blockchain applied to smart contracts,” in 2016 IEEE Interna-
M

tional Conference on Consumer Electronics (ICCE), 2016, pp.

467–468.
[33] “The challenge of providing heavyweight security for
lightweight IoT devices — Mbed Blog.”
D

[34] “Global Cellular IoT Market (2017-2023): Increasing De-

mand for Long Range Connectivity - Research and Markets
— Business Wire.”
TE

[35] “IoT Botnets & DDoS Attacks: What you need to know.”
[36] R. M. Parizi and A. Dehghantanha, ”On the Understanding of
Gamification in Blockchain Systems,” 2018 6th International
Conference on Future Internet of Things and Cloud Work-
shops (FiCloudW), Barcelona, 2018, pp. 214-219.
[37] R. M. Parizi, ”On the gamification of human-centric trace-
EP

ability tasks in software testing and coding,” 2016 IEEE 14th

International Conference on Software Engineering Research,
Management and Applications (SERA), Towson, MD, 2016,
pp. 193-200.
[38] A. Back et al., “Enabling Blockchain Innova-
C

tions with Pegged Sidechains,”, [Online]. Available:

http://www.blockstream.com/sidechains.pdf, 2014.
AC

[39] P. Robinson, “Requirements for Ethereum Private

Sidechains,” arXiv Prepr. arXiv1806.09834, 2018.
[40] R. M. Parizi, Q. Zhang, K. K. R. Choo, “A Pentagon of
Considerations Towards More Secure Blockchains,” IEEE
Blockchain Newsletter, 2018.
[41] Bitcoin-abe, https://github.com/bitcoin-abe/bitcoin-abe
[42] T. T. A. Dinh, J. Wang, G. Chen, R. Liu, B. C. Ooi, and K.-L.
Tan, “BLOCKBENCH: A Framework for Analyzing Private
Blockchains,” in Proceedings of the 2017 ACM International
Conference on Management of Data, pp. 1085–1100, 2017.
[43] “Blockchain is this year’s buzzword – but can it outlive the
hype? — Technology — The Guardian.”
[44] “Use of WhatsApp in NHS ‘widespread’, say doctors - BBC
News.”
[45] R. M. Parizi, A. Dehghantanha, K. K. R. Choo, and A. Singh,
“Empirical Vulnerability Analysis of Automated Smart Con-
tracts Security Testing on Blockchains,” in 28th ACM An-
nual International Conference on Computer Science and Soft-