Blockchain Middleware for Multi-stakeholder Cyber physical systems
We are focusing on creating smart and connected community solutions, which provide participants the capability to not only exchange data and services in a decentralized and perhaps anonymous manner, but also provide them with the capability to preserve an immutable and auditable record of all transactions in the system. Blockchains form a key component of these platforms because they enable participants to reach a consensus on any state variable in the system, without relying on a trusted third party or trusting each other. Distributed consensus not only solves the trust issue, but also provides fault-tolerance since consensus is always reached on the correct state as long as the number of faulty nodes is below a threshold. However, it also introduces new assurance challenges such as privacy and correctness that must be addressed before protocols and implementations can live up to their potential. For instance, smart contracts deployed in practice are riddled with bugs and security vulnerabilities. Our group has been working on a number of projects in this interesting area, including work on transactive energy systems. Our research focuses on both the reusable middleware aspect as well as the foundational technologies required to ensure the rigor and correctness of the platform. We collaborate actively with Prof. Aron Lazka, University of Houston in this project. We are thankful to Siemens Corporate Technology and the National Science Foundation (NSF) for sponsoring our efforts. Specific Research activities are discussed below.
Transactive Energy Systems
To confront issues of privacy, efficiency, and safety in MSCPS, we have developed a platform for transactive energy system microgrids. The availability of distributed energy resources (DER) in communities have presented novel opportunities, as these resources are located closer to loads and can significantly reduce transmission losses and carbon emissions, relative to traditional power sources. However, their intermittent and variable nature often results in spikes in the overall demand on distribution system operators (DSO). To manage these challenges, there has been a surge of interest in building decentralized control schemes, where a pool of DERs combined with energy storage devices can exchange energy locally to smooth fluctuations in net demand. Building a decentralized market for transactive microgrids is challenging because even though a decentralized system provides resilience, it also must satisfy the requirements of privacy, efficiency, safety, and security, which are often in conflict with each other. As such, existing implementations of decentralized markets often focus on resilience and safety but compromise on privacy. Our platform, called TRANSAX, enables participants to trade in an energy futures market, which improves efficiency by finding feasible matches for energy trades, enabling DSOs to plan their energy needs better. TRANSAX provides privacy to participants by anonymizing their trading activity using a distributed mixing service, while also enforcing constraints that limit trading activity based on safety requirements, such as keeping planned energy flow below line capacity. We show that TRANSAX can satisfy the seemingly conflicting requirements of efficiency, safety, and privacy. We also provide an analysis of how much trading efficiency is lost. Trading efficiency is improved through the problem formulation which accounts for temporal flexibility, and system efficiency is improved using a hybrid-solver architecture. We also describe a testbed to run experiments and demonstrate its performance using simulation results. To demonstrate the feasibility of our platform, we perform experiments with dozens of embedded devices and energy production and consumption profiles from a real dataset.
We have also developed SolidWorx, a generic version of TRANSAX for enabling participants to trade in futures market. To improve efficiency we reduce the amount of computation that is performed using the smart contract by implementing a hybrid-solver pattern which relies on off-chain solvers to match the offers posted to the system. We only use the smart contract to verify that the solutions are valid.
Recently, this work has been extended to create a market based edge computing service called MODiCuM. It enables trusted computations between mistrusting parties in the edge-cloud environment while minimizing the additional computation overhead. The existing efforts to construct such a platform, particularly those using blockchain, focus on ensuring global consensus on the results of the computation, but there are many cases where this is not required. Our platform, called MODiCuM, does not execute any of the outsourced computation as part of the smart contract, but instead uses the contract to hold the participants accountable. This effectively replaces the trusted third party required for general trusted two-party computation with the distributed ledger and smart contract.
Lead Author: Anastasia Mavridou
Since smart contracts can perform any computation, they allow the development of decentralized applications, whose execution is safeguarded by the security properties of the underlying platform. Due to their unique advantages, blockchain based platforms are envisioned to have a wide range of applications, ranging from financial to the Internet-of-Things. However, the trustworthiness of the platform guarantees only that a smart contract is executed correctly, not that the code of the contract is correct. In fact, a large number of contracts deployed in practice suffer from software vulnerabilities, which are often introduced due to the semantic gap between the assumptions that contract writers make about the underlying execution semantics and the actual semantics of smart contracts. A recent automated analysis of 19,336 smart contracts deployed in practice found that 8,333 of them suffered from at least one security issue. Although this study was based on smart contracts deployed on the public Ethereum blockchain, the analyzed security issues were largely plat- form agnostic. Security vulnerabilities in smart contracts present a serious issue for two main reasons. Firstly, smart-contract bugs cannot be patched. By design, once a contract is deployed, its functionality cannot be altered even by its creator. Secondly, once a faulty or malicious transaction is recorded, it cannot be removed from the blockchain (“code is law” principle). The only way to roll back a transaction is by performing a hard fork of the blockchain, which requires consensus among the stakeholders and undermines the trustworthiness of the platform. In light of this, it is crucial to ensure that a smart contract is se- cure before deploying it and trusting it with significant amounts of cryptocurrency. To this end, we present the VeriSolid framework for the formal verification and generation of contracts that are specified using a transition-system based model with rigorous operational semantics. VeriSolid provides an end-to-end design framework, which combined with a Solidity code generator, allows the correct- by-design development of Ethereum smart contracts. To the best of our knowledge, VeriSolid is the first framework to promote a model- based, correctness-by-design approach for blockchain-based smart contracts. Properties established at any step of the VeriSolid design flow are preserved in the resulting smart contracts, guaranteeing their correctness. VeriSolid fully automates the process of verification and code generation, while enhancing usability by providing easy-to-use graphical editors for the specification of transition systems and natural-like language templates for the specification of formal properties. By performing verification early at design time, VeriSolid provides a cost-effective approach since fixing bugs later in the development process can be very expensive. Our verification approach can detect typical vulnerabilities, but it may also detect any violation of required properties. Since our tool applies verification at a high-level, it can provide meaningful feedback to the developer when a property is not satisfied, which would be much harder to do at bytecode level.
- S. Eisele, T. Eghtesad, N. Troutman, A. Laszka, and A. Dubey, Mechanisms for Outsourcing Computation via a Decentralized Market, in 14TH ACM International Conference on Distributed and Event Based Systems, 2020.
- S. Eisele, T. Eghtesad, K. Campanelli, P. Agrawal, A. Laszka, and A. Dubey, Safe and Private Forward-Trading Platform for Transactive Microgrids, Transactions on Cyber-Physical Systems, 2020.
- S. Eisele et al., Blockchains for Transactive Energy Systems: Opportunities, Challenges, and Approaches, IEEE Computer, 2020.
- C. Barreto, T. Eghtesad, S. Eisele, A. Laszka, A. Dubey, and X. Koutsoukos, Cyber-Attacks and Mitigation in Blockchain Based Transactive Energy Systems, in 3rd IEEE International Conference on IndustrialCyber-Physical Systems (ICPS 2020), 2020.
- A. Laszka, A. Mavridou, S. Eisele, E. Statchtiari, and A. Dubey, VeriSolid for TRANSAX: Correct-by-Design Ethereum Smart Contracts for Energy Trading, in First International Summer School on Security and Privacy for Blockchains and Distributed Ledger Technologies, BDLT 2019, Vienna, Austria, 2019.
- M. A. Walker, D. C. Schmidt, and A. Dubey, Chapter Six - Testing at scale of IoT blockchain applications, in Advances in Computers, vol. 115, Oreilly, 2019, pp. 155–179.
- P. Zhang, D. C. Schmidt, J. White, and A. Dubey, Chapter Seven - Consensus mechanisms and information security technologies, in Advances in Computers, vol. 115, Oreilly, 2019, pp. 181–209.
- Y. Zhang, S. Eisele, A. Dubey, A. Laszka, and A. K. Srivastava, Cyber-Physical Simulation Platform for Security Assessment of Transactive Energy Systems, in 7th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems, MSCPES@CPSIoTWeek 2019, Montreal, QC, Canada, 2019, pp. 1–6.
- S. Eisele, P. Ghosh, K. Campanelli, A. Dubey, and G. Karsai, Demo: Transactive Energy Application with RIAPS, in IEEE 22nd International Symposium on Real-Time Distributed Computing, ISORC 2019, Valencia, Spain, May 7-9, 2019, 2019, pp. 85–86.
- A. Laszka, S. Eisele, A. Dubey, G. Karsai, and K. Kvaternik, TRANSAX: A Blockchain-Based Decentralized Forward-Trading Energy Exchanged for Transactive Microgrids, in 24th IEEE International Conference on Parallel and Distributed Systems, ICPADS 2018, Singapore, December 11-13, 2018, 2018, pp. 918–927.
- S. Eisele, A. Laszka, A. Mavridou, and A. Dubey, SolidWorx: A Resilient and Trustworthy Transactive Platform for Smart and Connected Communities, in IEEE International Conference on Internet of Things and Blockchains, 2018, pp. 1263–1272.
- S. Eisele, A. Dubey, G. Karsai, and S. Lukic, Transactive energy demo with RIAPS platform, in Proceedings of the 8th International Conference on Cyber-Physical Systems, ICCPS 2017, Pittsburgh, Pennsylvania, USA, April 18-20, 2017, 2017, p. 91.
- A. Laszka, A. Dubey, M. Walker, and D. C. Schmidt, Providing privacy, safety, and security in IoT-based transactive energy systems using distributed ledgers, in Proceedings of the Seventh International Conference on the Internet of Things, IOT 2017, Linz, Austria, October 22-25, 2017, 2017, pp. 13:1–13:8.
- S. Eisele, I. Madari, A. Dubey, and G. Karsai, RIAPS: Resilient Information Architecture Platform for Decentralized Smart Systems, in 20th IEEE International Symposium on Real-Time Distributed Computing, ISORC 2017, Toronto, ON, Canada, May 16-18, 2017, 2017, pp. 125–132.
- J. Bergquist, A. Laszka, M. Sturm, and A. Dubey, On the design of communication and transaction anonymity in blockchain-based transactive microgrids, in Proceedings of the 1st Workshop on Scalable and Resilient Infrastructures for Distributed Ledgers, SERIAL@Middleware 2017, Las Vegas, NV, USA, December 11-15, 2017, 2017, pp. 3:1–3:6.
- M. A. Walker, A. Dubey, A. Laszka, and D. C. Schmidt, PlaTIBART: a platform for transactive IoT blockchain applications with repeatable testing, in Proceedings of the 4th Workshop on Middleware and Applications for the Internet of Things, M4IoT@Middleware 2017, Las Vegas, NV, USA, December 11, 2017, 2017, pp. 17–22.