Blockchain CBDC Security Threats Using STRIDE

Jaqueline Hans; Sajjad Khan; Davor Svetinovic

doi:10.1109/BCCA58897.2023.10338905

Blockchain CBDC Security Threats Using STRIDE

Jaqueline Hans
, Sajjad Khan
, Davor Svetinovic

Vienna University of Economics and Business
Department of Information Systems and Operations Management
System-on-Chip Lab

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

4 Scopus citations

Abstract

In strategic response to the increasing threats from crypto payment systems, cryptocurrencies, and stablecoins, central banks globally are contemplating the introduction of their digital currencies, termed Central Bank Digital Currencies (CBDCs). This trend, especially the emergence of CBDCs built on blockchain technology, instigates significant discourse on security and privacy concerns. This research paper delves into the potential security risks of blockchain-based CBDCs, distinguishing between permissionless and permissioned network architectures and token-based and account-based access mechanisms. We employed STRIDE, a threat modeling methodology, to elucidate these risks, on architectural constructs derived from CBDC proposals and use cases, identifying 39 distinct threats. Our study intends to enrich the ongoing dialogue on the evolution of blockchain-based CBDCs. The findings provide a robust foundation to guide and inform prudent design decisions by offering a detailed understanding of potential security and privacy risks, thereby contributing to developing more secure CBDCs.

Original language	British English
Title of host publication	2023 5th International Conference on Blockchain Computing and Applications, BCCA 2023
Editors	Moayad Aloqaily, Safa Otoum, Ouns Bouachir, Yaser Jararweh, Yaser Jararweh, Ismaeel AlRidhawi, Khalid Al-Begain, Mohammad Alsmirat
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	522-529
Number of pages	8
ISBN (Electronic)	9798350339239
DOIs	https://doi.org/10.1109/BCCA58897.2023.10338905
State	Published - 2023
Event	5th International Conference on Blockchain Computing and Applications, BCCA 2023 - Kuwait City, Kuwait Duration: 24 Oct 2023 → 26 Oct 2023

Publication series

Name	2023 5th International Conference on Blockchain Computing and Applications, BCCA 2023

Conference

Conference	5th International Conference on Blockchain Computing and Applications, BCCA 2023
Country/Territory	Kuwait
City	Kuwait City
Period	24/10/23 → 26/10/23

Keywords

Blockchain
Central Bank Digital Currencies
Cybersecurity
STRIDE
Threat Modeling

Access to Document

10.1109/BCCA58897.2023.10338905

OpenUrl availability

Full text

Cite this

Hans, J., Khan, S., & Svetinovic, D. (2023). Blockchain CBDC Security Threats Using STRIDE. In M. Aloqaily, S. Otoum, O. Bouachir, Y. Jararweh, Y. Jararweh, I. AlRidhawi, K. Al-Begain, & M. Alsmirat (Eds.), 2023 5th International Conference on Blockchain Computing and Applications, BCCA 2023 (pp. 522-529). (2023 5th International Conference on Blockchain Computing and Applications, BCCA 2023). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/BCCA58897.2023.10338905

Hans, Jaqueline ; Khan, Sajjad ; Svetinovic, Davor. / Blockchain CBDC Security Threats Using STRIDE. 2023 5th International Conference on Blockchain Computing and Applications, BCCA 2023. editor / Moayad Aloqaily ; Safa Otoum ; Ouns Bouachir ; Yaser Jararweh ; Yaser Jararweh ; Ismaeel AlRidhawi ; Khalid Al-Begain ; Mohammad Alsmirat. Institute of Electrical and Electronics Engineers Inc., 2023. pp. 522-529 (2023 5th International Conference on Blockchain Computing and Applications, BCCA 2023).

@inproceedings{52e07a07a297405aabb89259579f2064,

title = "Blockchain CBDC Security Threats Using STRIDE",

abstract = "In strategic response to the increasing threats from crypto payment systems, cryptocurrencies, and stablecoins, central banks globally are contemplating the introduction of their digital currencies, termed Central Bank Digital Currencies (CBDCs). This trend, especially the emergence of CBDCs built on blockchain technology, instigates significant discourse on security and privacy concerns. This research paper delves into the potential security risks of blockchain-based CBDCs, distinguishing between permissionless and permissioned network architectures and token-based and account-based access mechanisms. We employed STRIDE, a threat modeling methodology, to elucidate these risks, on architectural constructs derived from CBDC proposals and use cases, identifying 39 distinct threats. Our study intends to enrich the ongoing dialogue on the evolution of blockchain-based CBDCs. The findings provide a robust foundation to guide and inform prudent design decisions by offering a detailed understanding of potential security and privacy risks, thereby contributing to developing more secure CBDCs.",

keywords = "Blockchain, Central Bank Digital Currencies, Cybersecurity, STRIDE, Threat Modeling",

author = "Jaqueline Hans and Sajjad Khan and Davor Svetinovic",

note = "Publisher Copyright: {\textcopyright} 2023 IEEE.; 5th International Conference on Blockchain Computing and Applications, BCCA 2023 ; Conference date: 24-10-2023 Through 26-10-2023",

year = "2023",

doi = "10.1109/BCCA58897.2023.10338905",

language = "British English",

series = "2023 5th International Conference on Blockchain Computing and Applications, BCCA 2023",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "522--529",

editor = "Moayad Aloqaily and Safa Otoum and Ouns Bouachir and Yaser Jararweh and Yaser Jararweh and Ismaeel AlRidhawi and Khalid Al-Begain and Mohammad Alsmirat",

booktitle = "2023 5th International Conference on Blockchain Computing and Applications, BCCA 2023",

address = "United States",

}

Hans, J, Khan, S & Svetinovic, D 2023, Blockchain CBDC Security Threats Using STRIDE. in M Aloqaily, S Otoum, O Bouachir, Y Jararweh, Y Jararweh, I AlRidhawi, K Al-Begain & M Alsmirat (eds), 2023 5th International Conference on Blockchain Computing and Applications, BCCA 2023. 2023 5th International Conference on Blockchain Computing and Applications, BCCA 2023, Institute of Electrical and Electronics Engineers Inc., pp. 522-529, 5th International Conference on Blockchain Computing and Applications, BCCA 2023, Kuwait City, Kuwait, 24/10/23. https://doi.org/10.1109/BCCA58897.2023.10338905

Blockchain CBDC Security Threats Using STRIDE. / Hans, Jaqueline; Khan, Sajjad; Svetinovic, Davor.
2023 5th International Conference on Blockchain Computing and Applications, BCCA 2023. ed. / Moayad Aloqaily; Safa Otoum; Ouns Bouachir; Yaser Jararweh; Yaser Jararweh; Ismaeel AlRidhawi; Khalid Al-Begain; Mohammad Alsmirat. Institute of Electrical and Electronics Engineers Inc., 2023. p. 522-529 (2023 5th International Conference on Blockchain Computing and Applications, BCCA 2023).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Blockchain CBDC Security Threats Using STRIDE

AU - Hans, Jaqueline

AU - Khan, Sajjad

AU - Svetinovic, Davor

PY - 2023

Y1 - 2023

N2 - In strategic response to the increasing threats from crypto payment systems, cryptocurrencies, and stablecoins, central banks globally are contemplating the introduction of their digital currencies, termed Central Bank Digital Currencies (CBDCs). This trend, especially the emergence of CBDCs built on blockchain technology, instigates significant discourse on security and privacy concerns. This research paper delves into the potential security risks of blockchain-based CBDCs, distinguishing between permissionless and permissioned network architectures and token-based and account-based access mechanisms. We employed STRIDE, a threat modeling methodology, to elucidate these risks, on architectural constructs derived from CBDC proposals and use cases, identifying 39 distinct threats. Our study intends to enrich the ongoing dialogue on the evolution of blockchain-based CBDCs. The findings provide a robust foundation to guide and inform prudent design decisions by offering a detailed understanding of potential security and privacy risks, thereby contributing to developing more secure CBDCs.

AB - In strategic response to the increasing threats from crypto payment systems, cryptocurrencies, and stablecoins, central banks globally are contemplating the introduction of their digital currencies, termed Central Bank Digital Currencies (CBDCs). This trend, especially the emergence of CBDCs built on blockchain technology, instigates significant discourse on security and privacy concerns. This research paper delves into the potential security risks of blockchain-based CBDCs, distinguishing between permissionless and permissioned network architectures and token-based and account-based access mechanisms. We employed STRIDE, a threat modeling methodology, to elucidate these risks, on architectural constructs derived from CBDC proposals and use cases, identifying 39 distinct threats. Our study intends to enrich the ongoing dialogue on the evolution of blockchain-based CBDCs. The findings provide a robust foundation to guide and inform prudent design decisions by offering a detailed understanding of potential security and privacy risks, thereby contributing to developing more secure CBDCs.

KW - Blockchain

KW - Central Bank Digital Currencies

KW - Cybersecurity

KW - STRIDE

KW - Threat Modeling

UR - https://www.scopus.com/pages/publications/85181769939

U2 - 10.1109/BCCA58897.2023.10338905

DO - 10.1109/BCCA58897.2023.10338905

M3 - Conference contribution

AN - SCOPUS:85181769939

T3 - 2023 5th International Conference on Blockchain Computing and Applications, BCCA 2023

SP - 522

EP - 529

BT - 2023 5th International Conference on Blockchain Computing and Applications, BCCA 2023

A2 - Aloqaily, Moayad

A2 - Otoum, Safa

A2 - Bouachir, Ouns

A2 - Jararweh, Yaser

A2 - AlRidhawi, Ismaeel

A2 - Al-Begain, Khalid

A2 - Alsmirat, Mohammad

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 5th International Conference on Blockchain Computing and Applications, BCCA 2023

Y2 - 24 October 2023 through 26 October 2023

ER -

Hans J, Khan S, Svetinovic D. Blockchain CBDC Security Threats Using STRIDE. In Aloqaily M, Otoum S, Bouachir O, Jararweh Y, Jararweh Y, AlRidhawi I, Al-Begain K, Alsmirat M, editors, 2023 5th International Conference on Blockchain Computing and Applications, BCCA 2023. Institute of Electrical and Electronics Engineers Inc. 2023. p. 522-529. (2023 5th International Conference on Blockchain Computing and Applications, BCCA 2023). doi: 10.1109/BCCA58897.2023.10338905

Blockchain CBDC Security Threats Using STRIDE

Abstract

Publication series

Conference

Keywords

Access to Document

OpenUrl availability

Other files and links

Fingerprint

Cite this