Assessing Blockchain Consensus and Security Mechanisms against the 51% Attack
Round 1
Reviewer 1 Report
The manuscript defined the potency of 51% attack exploitation in which they discussed the most 5 advanced security techniques. The authors discussed the majority hash rate attack and revealed the limitations of the consensus mechanisms by classifying them towards various 43
attack vectors.
Please consider the following:
1- The authors have notable contributions to the field.
2- Some related works don’t convey the bigger picture of the presented work.
3- Figure 3 analysis needs more justifications.
4- Figure 2 is not clear. Consider re-draw it.
5- Why did you choose the presented 5 techniques? Any justifications?
6- A careful revision required; it need proofread (some incomplete statements and long statements).
7- There are several grammatical errors and awkward expressions found throughout the paper. Some parts are hard to understand.
8- The manuscript needs some organization. It should be re-structured. Consider having more sections and sub-sections.
9- The paper could improve in the state of the art. Why didn’t consider the Quality of Experience (QoE) perspectives? I suggest considering the following papers:
- Al Ridhawi, I, Aloqaily, M, Kotb, Y, Al Ridhawi, Y, Jararweh, Y. A collaborative mobile edge computing and user solution for service composition in 5G systems. Trans Emerging Tel Tech. 2018; 29:e3446.
- I. Al Ridhawi, M. Aloqaily, B. Kantarci, Y. Jararweh, H.T. Mouftah, “A continuous diversified vehicular cloud service availability framework for smart cities”, Computer Networks, V. 145, 2018, p.p 207-218, ISSN 1389-1286.
10- Why didn’t consider the security-based critical infrastructures solutions? I suggest considering the following papers:
- S. Otoum, B. Kantarci and H. T. Mouftah, "On the Feasibility of Deep Learning in Sensor Network Intrusion Detection," in IEEE Networking Letters. doi: 10.1109/LNET.2019.2901792.
- F. Nausheen and S. H. Begum, "Healthcare IoT: Benefits, vulnerabilities and solutions," 2018 2nd International Conference on Inventive Systems and Control (ICISC), Coimbatore, 2018, pp. 517-522. doi: 10.1109/ICISC.2018.8399126.
- M. Aloqaily, S. Otoum, I. Al Ridhawi and Yaser Jararweh, “An intrusion detection system for connected vehicles in smart cities”, Ad Hoc Networks,2019, ISSN 1570-8705.
- S. Otoum, B. Kantarci, and H. Mouftah, "Adaptively Supervised and Intrusion-Aware Data Aggregation for Wireless Sensor Clusters in Critical Infrastructures," 2018 IEEE International Conference on Communications (ICC), Kansas City, MO, 2018, pp. 1-6.
Author Response
Thank you for all comments, we found all of them very constructive.Please find attached a PDF with the responses to your comments and suggestions. Thank!
Author Response File: Author Response.pdf
Reviewer 2 Report
This is an interesting and important paper on a topical subject.
The paper is suited for the Section on "Computing and Artificial Intelligence", and Special Issue "Advances in Blockchain Technology and Applications".
The motivation is strong, especially regarding the possibly expensive "attacking technique which intents to fork a blockchain to conduct double-spending".
Figure 1 could be more clear with some additional details.
Table 2 might usefully provide further details.
Equation (1) seems to be presented without explanation.
Discussion of some policy implications in the final section would be helpful.
In the absence of diagnostic checks at many stages of the analysis, it is not entirely clear how to determine the robustness of the results.
Author Response
Thank you for all comments, we found all of them very constructive.
Please find attached a PDF with the responses to your comments and suggestions. Thanks!
Author Response File: Author Response.pdf
Reviewer 3 Report
Summary:
This paper provides an overview of 51% attack on blockchain. The authors discussed a brief introduction to the blockchain basics, then delved into the possible attacks to each consensus mechanism. Later, they introduced the 51% attack and possible mitigations.
Pros:
It is a well-written paper. I particularly liked how authors used figures to make their point more clearly.
Cons:
Although it is a well-written paper, I did not find the scientific contribution of it anywhere. Even the mitigation mechanisms mentioned are not peer-reviewed papers. A simple search on scholar would reveal a large body of work on this approach. Even the references are does not include a lot of peer-reviewed research papers. I would like the authors highlight how their proposal is considered scientific.
The authors managed to introduce 51% attack but they did not succeed to make it clear on "how" they assessed the mitigations. As what is normal in scientific papers, there should be an evaluation framework mentioned somewhere and a few charts to compare the mitigation protocols. But I could not find such approach in this paper. Also, they did not manage to compare their proposed evaluation with other evaluations in the literature. I would like to have a clear understanding on the evaluation mechanism the authors used to come up with their conclusions.
Section 3 contains a few attacks without any introduction (like p+epsilson and etc.). If they are important, the authors should introduce them before mentioning. Otherwise, no need to mention them at all.
Figure 3. I would like to see what are the abbreviations on coins? Why they are selected instead of all other coins in the market?
Section 4. The authors mentioned "the 51% attack is proven to be one of the most catastrophic attack vectors in the blockchain network." it is a big claim and need to be cited. Also, it is in contrast with the abstract in which they mentioned "… these techniques were being considered hypothetical…"
Page 8. The authors mentioned ghash.io incident. I think it is a very important point. I would like the authors to highlight how ghash.io managed to do so and how this has been mitigated.
Few typos on page 2:
… a from a legitimate… => "a" should be deleted
Property contracts, payment information. => the , can be deleted and changed to "and"
Author Response
Thank you for all comments, we found all of them very constructive.
Please find attached a PDF with the responses to your comments and suggestions. Thanks!
Author Response File: Author Response.pdf
Reviewer 4 Report
Summary:
Authors discussed the efficiency of 51% exploitation. They found that the shortcoming of consensus protocol highly impact the attack results. The authors also discussed the serious deficiencies of 5 most advanced security techniques. They draw the conclusion that the likelihood of a 51% attack largely depends on the incapability of the consensus protocol and the hashing that is easily accessible. Attacking challenges are failed to be overcomed by the exercised consensus and security techniques.
Pro:
Majority hash rate attack are clearly described from the perspective of attacking consequences.
5 security mechanisms are well analyzed.
Consider the importance of blockchain on the digital transaction, it will be a great value if author could come up with some mechanisms to improve the security.
Con:
The whole work lack of innovation. I will be really interested in the mechanisms the authors will provide in their future work.
The author may want to mention the outline of their further work to give the audiences an idea about their method.
Comments for author File: Comments.docx
Author Response
Thank you for all comments, we found all of them very constructive.
Please find attached a PDF with the responses to your comments and suggestions. Thanks!
Author Response File: Author Response.pdf
Round 2
Reviewer 1 Report
Authors have considered my comments.
No more comments from my side.
Reviewer 2 Report
The revised paper is a substantial improvement on the original submission.
As it has substantially responded to most of the reviewer's comments and suggestions, the paper is suitable for publication in its present form.
Reviewer 4 Report
I believe the authors have addressed most of the concerns I have. The paper should be ready to be published.