Next Article in Journal
Guidelines for Renewal and Securitization of a Critical Infrastructure Based on IoT Networks
Next Article in Special Issue
A Bibliometric Analysis of Research on the Convergence of Artificial Intelligence and Blockchain in Smart Cities
Previous Article in Journal
Perceived City Sustainability and Tourist Behavioural Intentions
Previous Article in Special Issue
A Case Study Based Approach for Remote Fault Detection Using Multi-Level Machine Learning in A Smart Building
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Smart Cities
Volume 6
Issue 2
10.3390/smartcities6020034
Review Report
smartcities-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Smart Contracts for Managing the Chain-of-Custody of Digital Evidence: A Practical Case of Study†

Smart Cities 2023, 6(2), 709-727; https://doi.org/10.3390/smartcities6020034
by Pablo Santamaría, Llanos Tobarra, Rafael Pastor-Vargas and Antonio Robles-Gómez *
Reviewer 1:
Miguel Pincheira
Reviewer 2:
Sina Shahab
Reviewer 3: Anonymous
Smart Cities 2023, 6(2), 709-727; https://doi.org/10.3390/smartcities6020034
Submission received: 15 January 2023 / Revised: 15 February 2023 / Accepted: 17 February 2023 / Published: 23 February 2023
(This article belongs to the Special Issue The Convergence of 5G and IoT in a Smart City Context)

Round 1

Reviewer 1 Report

The paper "Smart Contracts for Managing the Chain-of-Custody of Digital Evidence: A Practical Case of Study" presents an interesting topic. It is well structured, and the use of the English language is according to the expected standard. 

 

However, two main issues need to be addressed before accepting for publication. The first issue is that some sections need rephrasing to be clearer and more fluid (i.e., add information and change structure). The second issue is that the use case needs a discussion. These issues are detailed in the following paragraphs. 

 

------------ 

In the abstract:

"Therefore, the design of a CoC management system must be based on a technological solution that guarantees evidence cannot be manipulated in court since the evidence is acquired until it is placed in the hands of the judge. Knowing, without a doubt, who, when, how, and why somebody could access the digital evidence. Designs and their different challenges are first proposed and analyzed. " 

  • Needs rephrasing to be more fluid. For instance, the sentence "Knowing, without a doubt …" does not seem connected to the previous or the following sentence. 

------------ 

In the introduction:

"By using a Blockchain network, several benefits can be achieved regarding sustainability, automation, and digital transformation. It also offers built-in security control access for information and traces all changes throughout the stored data during its period of life. "

  • The authors should at least name what properties or unique features of blockchain can provide the benefits they claim.

 

"The contracts are deployed taking into account reliability, thanks to the Zero-Knowledge Proof (ZKP) protocol, to validate the transactions without knowing their content.

  • Typically ZKP is related to privacy. How is it related to reliability in this case? The authors should explain it better.

------------ 

In the review: 

"To add the functionality of being a programmable chain, Ethereum was born as Bitcoin by implementing its own cryptocurrency, named Ether, which currently trades like Bitcoin on cryptocurrency markets. However, the concept of a smart contract [14] appeared with Ethereum, which was implemented with an Ethereum Virtual Machine (named EVM), Which allows code to be executed as a complete Turing machine. "

  • Needs rephrasing, as Ethereum seems only an extension of Bitcoin. 
  • Also, the authors should add a small summary to describe the GAP found in current literature or highlight the problem they tackle in the context of the review they present

 

 

 

------------ 

In the proposed model:

  • It needs to be clarified how the author's proposed CoC model is connected to the existing literature. The previous section (related works) was focused on blockchain, but they need to comment on the CoC process. Is the proposed model a CoC process that needs to use blockchain? Or is it CoC as a pure business process.? That needs to be clarified.
  • The authors should end the section by adding a few lines explaining that from the process, the main requirements for the system are drawn and used for the technological solution.

 

------------ 

In technological solution:

  • Overall, this section could be clearer and easier to understand. In order to describe the technological solution, it is better to start with the common elements, then the differences, and finalize by describing each variation. 

 

"This solution considers the lack of maturity and homogeneity of Blockchain technology, as well as the current evolution of many companies towards a cloud service model, so the specific needs of the CoC process are not affected by those technological changes. 

  • I recommend briefly describing which aspects lack maturity in blockchain to highlight why a cloud solution is better. 

 

"Connections to the network depend on the protocol used (XML-RPC in Ethereum networks; and REST API in the case of Hyperledger). This client must interact with the browser in order to integrate network data into a distributed application." 

-This paragraph (lines 329-332) is repeated, starting on line 332. 

 

 

------------ 

In Case of Study

  • The section needs a small discussion based on analysis or evaluation. Currently, the authors only describe the implementation. One interesting discussion could be done from a business process perspective, compared to existing solutions (or the lack of them). Another interesting discussion could be around evaluating some metrics (e.g., gas usage of the contracts and response times). It would also be interesting to get information about the use of this prototype with real data (or simulated) information regarding the size of the evidence or the number of changes of custody/

 

 

 

 

 

Author Response

Comment/Suggestion:

The paper "Smart Contracts for Managing the Chain-of-Custody of Digital Evidence: A Practical Case of Study" presents an interesting topic. It is well structured, and the use of the English language is according to the expected standard.

However, two main issues need to be addressed before accepting for publication. The first issue is that some sections need rephrasing to be clearer and more fluid (i.e., add information and change structure). The second issue is that the use case needs a discussion. These issues are detailed in the following paragraphs.

Answer:

Thank you very much for your comments and suggestions. These issues have been addressed as detailed below. Specifically, in terms of rephrasing (information and structure) and discussion for the use case. All changes included in the new version of the manuscript are marked in blue color.

Comment/Suggestion:

In the abstract:

"Therefore, the design of a CoC management system must be based on a technological solution that guarantees evidence cannot be manipulated in court since the evidence is acquired until it is placed in the hands of the judge. Knowing, without a doubt, who, when, how, and why somebody could access the digital evidence. Designs and their different challenges are first proposed and analyzed. "

Needs rephrasing to be more fluid. For instance, the sentence "Knowing, without a doubt …" does not seem connected to the previous or the following sentence.

Answer:

The abstract has been revised and rephrased to be more fluid. It has also been shortened and reorganized for this purpose.

Comment/Suggestion:

In the introduction:

"By using a Blockchain network, several benefits can be achieved regarding sustainability, automation, and digital transformation. It also offers built-in security control access for information and traces all changes throughout the stored data during its period of life. "

The authors should at least name what properties or unique features of blockchain can provide the benefits they claim.

Answer:

We have included specific properties and features that blockchain can provide in the new version of the manuscript.

Comment/Suggestion:

"The contracts are deployed taking into account reliability, thanks to the Zero-Knowledge Proof (ZKP) protocol, to validate the transactions without knowing their content.

Typically ZKP is related to privacy. How is it related to reliability in this case? The authors should explain it better.

Answer:

We agree this this comment. This fact has been clarified in the new version of the manuscript. An entity can feel the network is reliable, since their data is protected during the transmission of transactions along a Blockchain network. We understand reliability as a synonym for trustworthiness in the sense of confidence between nodes managing data.

Comment/Suggestion:

In the review:

"To add the functionality of being a programmable chain, Ethereum was born as Bitcoin by implementing its own cryptocurrency, named Ether, which currently trades like Bitcoin on cryptocurrency markets. However, the concept of a smart contract [14] appeared with Ethereum, which was implemented with an Ethereum Virtual Machine (named EVM), Which allows code to be executed as a complete Turing machine. "

Needs rephrasing, as Ethereum seems only an extension of Bitcoin.

Answer:

We have improved this issue in the new version of the manuscript.

Comment/Suggestion:

Also, the authors should add a small summary to describe the GAP found in current literature or highlight the problem they tackle in the context of the review they present.

Answer:

A new paragraph has been added by summarizing these gaps at the end of the second section within the new version of the manuscript.

Comment/Suggestion:

In the proposed model:

It needs to be clarified how the author's proposed CoC model is connected to the existing literature. The previous section (related works) was focused on blockchain, but they need to comment on the CoC process. Is the proposed model a CoC process that needs to use blockchain? Or is it CoC as a pure business process.? That needs to be clarified.

The authors should end the section by adding a few lines explaining that from the process, the main requirements for the system are drawn and used for the technological solution.

Answer:

The Introduction and Literature Review sections have been revised to address this issue. First, when particular objectives are detailed (lines 63-83). Then, when connecting the literature review with the proposed CoC mode (lines 195-205)l.

Comment/Suggestion:

In technological solution:

Overall, this section could be clearer and easier to understand. In order to describe the technological solution, it is better to start with the common elements, then the differences, and finalize by describing each variation.

"This solution considers the lack of maturity and homogeneity of Blockchain technology, as well as the current evolution of many companies towards a cloud service model, so the specific needs of the CoC process are not affected by those technological changes.

Answer:

This suggestion has been addressed in the new version of the manuscript.

Comment/Suggestion:

I recommend briefly describing which aspects lack maturity in blockchain to highlight why a cloud solution is better.

Answer:

This suggestion has been addressed in the new version of the manuscript. These issues have also been revised in the “Literature Review” and “Discussion y Limitations” sections.

Comment/Suggestion:

"Connections to the network depend on the protocol used (XML-RPC in Ethereum networks; and REST API in the case of Hyperledger). This client must interact with the browser in order to integrate network data into a distributed application."

-This paragraph (lines 329-332) is repeated, starting on line 332.

Answer:

The first paragraph with a similar explanation has been removed to address this comment.

Comment/Suggestion:

In Case of Study

The section needs a small discussion based on analysis or evaluation. Currently, the authors only describe the implementation. One interesting discussion could be done from a business process perspective, compared to existing solutions (or the lack of them). Another interesting discussion could be around evaluating some metrics (e.g., gas usage of the contracts and response times). It would also be interesting to get information about the use of this prototype with real data (or simulated) information regarding the size of the evidence or the number of changes of custody/

Answer:

The new version of the manuscript now contains a small discussion about performance and costs. Both in the literature and discussion sections. The integrity of any evidence has been validated, and the exact form of its calculation to guarantee repeatability. Time and the number of changes are irrelevant since it is not a real-time process. Each evidence and the registry are separated for scalability purposes.

Reviewer 2 Report

This paper explores the application of smart contracts for managing the chain-of-custody of digital evidence. The topic is timely and interesting. Here are my comments to improve the paper:

1- Your abstract is perhaps too long and not very informative. In the abstract, you need to include the major aspects of the entire paper in a prescribed sequence that includes: 1) the overall purpose of the study and the research problem(s) you investigated; 2) the basic design of the study; 3) major findings or trends found as a result of your analysis; and, 4) a brief summary of your interpretations and conclusions. At the moment, some of these aspects are missing.

2- In the introduction, make clearer what knowledge gaps you identified and how your research addresses them. Also, make the research objectives/questions clearer. Answer the “so what?” question. Why investigating such matter is important?

3- The novelty/originality should be clearly justified that the manuscript contains sufficient contributions to the new body of knowledge from the international perspective.  What new things (new theories, new methods, or new policies) can the paper contribute to the existing international literature? This point must be reasonably justified by a Literature Review, clearly introduced in Introduction Section, and completely discussed in Discussion Section.

4- It would be helpful to include some discussions on smart contracts and their associated costs. In this discussion you can include both opportunities and challenges of employing smart contracts. Here are some relevant references:

https://doi.org/10.1016/j.future.2019.12.019

https://doi.org/10.1111/grow.12342

https://doi.org/10.48550/arXiv.1910.11143

5- What are the limitations of your study?

 

6- I would like to see more of a reflection in the conclusion section. what are the implications of your work for future research and decision makers? There is room for improvement in your conclusion section.

Author Response

Comment/Suggestion:

This paper explores the application of smart contracts for managing the chain-of-custody of digital evidence. The topic is timely and interesting. Here are my comments to improve the paper:

Answer:

Thank you very much for your comments and suggestions to improve the quality of our manuscript. All changes included in the new version of the manuscript are marked in blue color.

Comment/Suggestion:

1- Your abstract is perhaps too long and not very informative. In the abstract, you need to include the major aspects of the entire paper in a prescribed sequence that includes: 1) the overall purpose of the study and the research problem(s) you investigated; 2) the basic design of the study; 3) major findings or trends found as a result of your analysis; and, 4) a brief summary of your interpretations and conclusions. At the moment, some of these aspects are missing.

Answer:

The abstract has been revised and rephrased to follow the reviewer’s proposed sequence. It has also been shortened and reorganized with the proposed structure of this reviewer.

Comment/Suggestion:

2- In the introduction, make clearer what knowledge gaps you identified and how your research addresses them. Also, make the research objectives/questions clearer. Answer the “so what?” question. Why investigating such matter is important?

Answer:

The Introduction and Literature Review sections have been revised and expanded in the new version of the manuscript, in order to address how our proposal addresses gaps and limitation of the literature, as well as the importance of our research work.

Comment/Suggestion:

3- The novelty/originality should be clearly justified that the manuscript contains sufficient contributions to the new body of knowledge from the international perspective.  What new things (new theories, new methods, or new policies) can the paper contribute to the existing international literature? This point must be reasonably justified by a Literature Review, clearly introduced in Introduction Section, and completely discussed in Discussion Section.

Answer:

The Introduction and Literature Review sections have been revised and expanded in the new version of the manuscript, in order to address this comment.

Comment/Suggestion:

4- It would be helpful to include some discussions on smart contracts and their associated costs. In this discussion you can include both opportunities and challenges of employing smart contracts. Here are some relevant references:

https://doi.org/10.1016/j.future.2019.12.019

https://doi.org/10.1111/grow.12342

https://doi.org/10.48550/arXiv.1910.11143

Answer:

We have included some discussion on smart contracts and associated costs, as well as their opportunities and challenges, as proposed by the reviewer. These references have been included in the new version of the manuscript.

Comment/Suggestion:

5- What are the limitations of your study?

Answer:

A new section, named “Discussion and Limitations”, addresses the limitations of our study.

Comment/Suggestion:

6- I would like to see more of a reflection in the conclusion section. what are the implications of your work for future research and decision makers? There is room for improvement in your conclusion section.

Answer:

We have revised the “Conclusions” sections in the new version of the manuscript to address this suggestion.

Reviewer 3 Report

The article presents a model for the process of managing the Chain-of-Custody (CoC) of digital evidence and makes an attempt to show a technical solution.

The manuscript is structured correctly. However, it lacks the "Discussion and limitations" sections. Besides, the content is not presented in a logically consistent order. Many sentences are repeated throughout the manuscript, e.g. lines 472-474 repeat information from lines 469-470. In lines 540-542, Solidity language is introduced once again. Please check the whole text once again and reorganize it where needed. 

The writing style of the article needs improvement. For example, the sentence in the "Abstract" section on lines 4-6 needs to be split into two simpler declarative sentences. Please correct the whole manuscript.

In the "Introduction" section, the authors must clearly state the contributions of the paper. The authors must underline what is the difference in comparison to existing work and point out the main advantages of their approach. That is the right place to refer to papers [19-21]. Thus, commenting on the paper [19] should be moved from section 5.3 to the "Introduction". 

A background in blockchain technology is not sufficient. In the "Literature Review" section the authors have not discussed an essential component which is a smart contract. They mentioned it in only two sentences, in lines 101-105. The authors should comment on the design and testing of smart contracts as a part of blockchain's distributed applications. I would like the authors to include in the "References" section and use in the manuscript the following papers: "Smart Contract Development: Challenges and Opportunities" (https://doi.org/10.1109/TSE.2019.2942301) and "The k + 1 Symmetric Test Pattern for Smart Contracts" (https://doi.org/10.3390/sym14081686). The first is a review of the topic and the second shows the approach to test suite construction based on software design patterns. The reliability of smart contracts in the blockchain network is becoming even more important in the CoC of digital evidence. The authors mentioned the topic in lines 64-66 while presenting the contribution but testing is not covered in the manuscript further.

An architectural description of the case study is the weakest side of the manuscript. The authors should look for relevant papers with architectural views and descriptions of blockchain applications. As a result, the "References" section should be enriched. It is worth using Unified Modeling Language diagrams. For example, Figure 6 can be represented in a more standardized way in a UML Deployment diagram. 

The authors also abuse the term "optimal", e.g. in lines 347, 441.

Figure 8 brings nothing new. The Remix IDE is shown in Figure 7. Besides, the code of the function CreateEvidence from figure 9 should be presented in the listing on page 13.

The authors do not specify which smart contracts they have implemented. They did not provide a list of their functions.

The "Conclusions" section should be more supported by the results and it is worth adding the planned further work.

Author Response

Comment/Suggestion:

The article presents a model for the process of managing the Chain-of-Custody (CoC) of digital evidence and makes an attempt to show a technical solution.

Answer:

Thank you very much for your comments and suggestions. These issues have been addressed as detailed below. All changes included in the new version of the manuscript are marked in blue color.

Comment/Suggestion:

The manuscript is structured correctly. However, it lacks the "Discussion and limitations" sections. Besides, the content is not presented in a logically consistent order. Many sentences are repeated throughout the manuscript, e.g. lines 472-474 repeat information from lines 469-470. In lines 540-542, Solidity language is introduced once again. Please check the whole text once again and reorganize it where needed.

Answer:

A result discussion and limitations of our study are now detailed explicitly in a new section, named “Discussion and Limitations”, and revised along the new version of the manuscript. Additionally, the new version of the manuscript has been revised to avoid these repetitions.

Comment/Suggestion:

The writing style of the article needs improvement. For example, the sentence in the "Abstract" section on lines 4-6 needs to be split into two simpler declarative sentences. Please correct the whole manuscript.

Answer:

The new version of the manuscript has been revised and rephrased when needed. The abstract as also been revised, shortened, and reorganized according to the reviewers’ comments.

The abstract has been revised and rephrased to follow the reviewer’s proposed sequence. It has also been shortened and reorganized with the proposed structure of this reviewer.

Comment/Suggestion:

In the "Introduction" section, the authors must clearly state the contributions of the paper. The authors must underline what is the difference in comparison to existing work and point out the main advantages of their approach. That is the right place to refer to papers [19-21]. Thus, commenting on the paper [19] should be moved from section 5.3 to the "Introduction".

Answer:

The Introduction and Literature Review sections have been revised and expanded in the new version of the manuscript, by clarifying the main novelties of our solution.

Comment/Suggestion:

A background in blockchain technology is not sufficient. In the "Literature Review" section the authors have not discussed an essential component which is a smart contract. They mentioned it in only two sentences, in lines 101-105. The authors should comment on the design and testing of smart contracts as a part of blockchain's distributed applications. I would like the authors to include in the "References" section and use in the manuscript the following papers: "Smart Contract Development: Challenges and Opportunities" (https://doi.org/10.1109/TSE.2019.2942301) and "The k + 1 Symmetric Test Pattern for Smart Contracts" (https://doi.org/10.3390/sym14081686). The first is a review of the topic and the second shows the approach to test suite construction based on software design patterns. The reliability of smart contracts in the blockchain network is becoming even more important in the CoC of digital evidence. The authors mentioned the topic in lines 64-66 while presenting the contribution but testing is not covered in the manuscript further.

Answer:

We have included these and new other references (recommended by another reviewer) in the new version of the manuscript, to improve the literature review. A detailed review of the literature or fundamentals of Smart contracts has not been done as the proposal focuses on the appropriate architectures for managing digital evidence in CoC, not so much on developing Smart Contracts. In any case, we thank the reviewer for the proposal because it allows us to study these contracts from the point of view of efficiency in their deployment and execution, as well as costs.

Comment/Suggestion:

An architectural description of the case study is the weakest side of the manuscript. The authors should look for relevant papers with architectural views and descriptions of blockchain applications. As a result, the "References" section should be enriched. It is worth using Unified Modeling Language diagrams. For example, Figure 6 can be represented in a more standardized way in a UML Deployment diagram.

Answer:

The literature review has been revised and our technological is justified according to the existing gaps along the new version of the manuscript. Additionally, the prototype section and the new discussion and limitations section clarify these aspects suggested by the reviewer. The prototype has been developed for didactic purposes as a proof of concept. For this reason, UML diagrams have not been included, but a technological architecture does.

Comment/Suggestion:

The authors also abuse the term "optimal", e.g. in lines 347, 441.

Answer:

We have addressed this issue in the new version of the manuscript.

Comment/Suggestion:

Figure 8 brings nothing new. The Remix IDE is shown in Figure 7. Besides, the code of the CreateEvidence function from figure 9 should be presented in the listing on page 13.

Answer:

Figure 8 has been removed from the new version of the manuscript. Additionally, the code of the function Create Evidence is now presented in specific page, in which the principal functions of the implemented smart contract are described, as recommended by the reviewer.

Comment/Suggestion:

The authors do not specify which smart contracts they have implemented. They did not provide a list of their functions.

Answer:

Sorry for this issue. A link of the source code of the CoC prototype was only included in the cover letter. It can be observed from this link. In addition to this, we provide in the new version of the manuscript a list of the principal available functions of the smart contract implemented over Quorum.

Comment/Suggestion:

The "Conclusions" section should be more supported by the results, and it is worth adding the planned further work.

Answer:

A result discussion and possible further works are included in the new version of the manuscript. The new section “Discussion and Limitations” contains the information related to this comment.

Round 2

Reviewer 2 Report

Thanks for addressing my comments.

Reviewer 3 Report

The article presents a model for the process of managing the Chain-of-Custody (CoC) of digital evidence and makes an attempt to show a technical solution.

In its current form, the article is structured correctly and the content is presented in a logically consistent order.

I confirm that the authors have addressed virtually all of my concerns. They rebuilt the "Abstract" and "Introduction" sections. The authors added the "Discussion and limitations" section. Moreover, they significantly improved the "References" and "Related work" sections according to all comments. Smart contracts have been discussed sufficiently. The “Conclusion” section contains a refined future work description.

However, the design part might have been presented in a more unified fashion.

Generally, the manuscript has been improved precisely and the authors have highlighted changed parts of the text. 

The English stylistic and punctuation errors have also been corrected thoroughly. Besides, the figures have been corrected properly.

I recommend accepting the manuscript in its present form for publication in the Smart Cities journal. 

Back to TopTop