With the rapid development of blockchain technology, smart contracts, as its core component, are widely used in various fields. However, with the increase in the number and complexity of smart contracts, their security has become a key issue. Currently, fuzzy testing is the mainstream dynamic security testing technique in the field of Ethereum smart contracts, generating a large number of test cases and executing them to discover vulnerabilities. However, due to the difficulty in covering the deep branching code of smart contracts, vulnerability detection is not comprehensive enough. In order to solve the problem of the difficulty of deep branch code coverage of smart contracts, this paper proposes a fuzzy testing method for smart contracts based on MDP and simulated annealing algorithm, i.e., VMFUZZ. This method first models the execution process of smart contracts as MDP, and then combines with the simulated annealing algorithm to generate the transaction sequences that are prone to triggering vulnerabilities in order to comprehensively cover the execution situation of the contract. Finally, a large number of new test cases are generated through fuzzy testing to detect vulnerabilities. The experimental results show that VMFUZZ is improved in code coverage compared to ILF and has a higher detection rate in vulnerability detection capability.
This paper studies the password-based strong authentication key exchange protocol in the cross-domain scenario, and gives an end-to-end highly secure C2C-PAKE protocol, in which the server shares a password with the client and also has a pair of private/public keys. In contrast, the client has the shared password and the server's public-key. Specifically, we combine the ECQV implicit certificate scheme with the ECDH key exchange protocol to give a highly secure cross-domain protocol. Considering the application of the ECQV implicit certificate scheme in the Internet of Things (IoT), we give an analysis the possibility of the proposed protocol applied in the cross-domain scenario of the IoT. Finally, based on some common attacks, we show a security analysis of our protocol, which achieves perfect forward security and resists dictionary attacks, KCI attacks, replay attacks, Insider-Assisted attacks, and so on.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
INSTITUTIONAL Select your institution to access the SPIE Digital Library.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.