Nguyen Truong

Nguyen Truong

Assistant Professor @School of Computing Science, University of Glasgow focusing on emerging technologies for Data Privacy & Security, and Decentralisation systems.

Sitemap

A list of all the posts and pages found on the site. For you robots out there is an XML version available for digesting as well.

Pages

Posts

Ethereum DeAnonymisation Techniques

7 minute read

Published:

Anonymize Ethereum with Bitcoin methods

Ethereum Architecture

  • Ethereum stores state and account balance directly
  • Smart contracts
    • Each smart contract is identified by an Ethereum address
    • Written in solidity
  • Blockchain

Ethereum Overview and Privacy Attacks

8 minute read

Published:

Ethereum

Accounts

  • 20-byte address
  • A state -> state’ = transaction of information or value between account
  • Contain 4 fields
    • Nonce: Counter that make sure the transaction can be processed once
    • Ether balance
    • Contract code (for contract account)
    • Storage
  • Type of accounts
    • Externally owned accounts
      • Controlled by private keys
      • Can send messages by creating and signing transaction
    • Contract accounts
      • Controlled by contract code
      • Code is activate when message is received
      • Code could read/write to internal storage or create a message or contract in return

        Contract

  • An autonomous agent the live inside the Ethereum environment
  • Execute a specific code when “triggered”

    Transaction and message

  • Transaction- A sign data package that store a message to be sent from an externally owned account
  • STARTGAS and GASPRICE are to prevent infinite loop by limiting the number of computation steps
  • gas is dependent on the amount of computation and capacity of data
  • Transaction contain
    • Recipient message
    • Signature of the sender
    • Amount of ether to be transfer
    • Data field(optional)
    • STARTGAS - Maximum allowed computation steps
    • GASPRICE - Fees pays by the sender per computational steps(gas)

      Messages

  • Messages is like transaction except it is produced by a contract
  • Messages contain the sender, recipient, amount of ether being sent, data field(optional), STARTGAS

    Ethereum state transition function

  • Validate the transaction
  • Calculate the transaction fee STARTGAS * GASPRICE
  • Subtract the fees from the sender’s account balance and increment the sender’s nonce
  • Transfer the transaction value from sender to recipient.
    • If recipient don’t exist. Create a new account
    • If it’s a contract account, run the contract’s code until completion or run out of gas
  • If ran out of gas or the sender don’t have efficient fund. Revert all state changes except the payment of the fees.
  • Otherwise, refund the remaining gas to the sender.
  • Fees are send to the sender
  • Example of transition function (Send 10eth, 2000 gas, 0.001 ether gasprice and 64 bytes of data)
    • Data being sent:
      • byte[0:31] = 2
      • byte[32:63] = “CHARLIE”

Bitcoin & Blockchain Overview

5 minute read

Published:

What is blockchain?

What is a block?

  • Persistent, immutable and append-only data structure
  • Block used as currency tracks
    • User transactions
    • Timestamp
    • Reference
  • A block (besides the genesis block) is tied to it’s previous block in a cryptographic way
  • Each block contains
    • Header
    • One or more user’s transactions ![Simplified Bitcoin Blockchain]

portfolio

publications

Software defined networking-based vehicular Adhoc Network with Fog Computing

Published in 2015 IFIP/IEEE Integrated Network Management (IM) Symposium, 2015

Although Vehicular Adhoc Networks (VANETs) are deployed in reality offering several services, the current architecture has been facing many difficulties in deployment and management because of poor connectivity, less scalability, less flexibility and less intelligence. We propose a new VANET architecture called FSDN which combines two emergent computing and network paradigm Software Defined Networking (SDN) and Fog Computing as a prospective solution. SDN-based architecture provides flexibility, scalability, programmability and global knowledge while Fog Computing offers delay-sensitive and location-awareness services which could be satisfy the demands of future VANETs scenarios. We figure out all the SDN-based VANET components as well as their functionality in the system. We also consider the system basic operations in which Fog Computing are leveraged to support surveillance services by taking into account resource manager and Fog orchestration models.

Download here

Trust evaluation mechanism for user recruitment in mobile crowd-sensing in the Internet of Things

Published in IEEE Transactions on Information Forensics and Security (TIFS), 2019

Mobile crowd-sensing (MCS) has appeared as a prospective solution for large-scale data collection, leveraging built-in sensors and social applications in mobile devices that enables a variety of Internet of Things (IoT) services. However, the human involvement in MCS results in a high possibility for unintentionally contributing corrupted and falsified data or intentionally spreading disinformation for malevolent purposes, consequently undermining IoT services. Therefore, recruiting trustworthy contributors plays a crucial role in collecting high-quality data and providing a better quality of services while minimizing the vulnerabilities and risks to MCS systems. In this paper, a novel trust model called experience-reputation (E-R) is proposed for evaluating trust relationships between any two mobile device users in an MCS platform.

Download here

Semantic smart contracts for blockchain-based services in the Internet of Things

Published in IEEE International Symposium on Network Computing and Applications (NCA), 2019

The emerging Blockchain (BC) and Distributed Ledger technologies have come to impact a variety of domains, from capital market sectors to digital asset management in the Internet of Things (IoT). As a result, more and more BC-based decentralized applications for numerous cross-domain services have been developed. These applications implement specialized decentralized computer programs called Smart Contracts (SCs) which are deployed into BC frameworks. Although these SCs are open to public, it is challenging to discover and utilize such SCs for a wide range of usages from both systems and end-users because such SCs are already compiled in form of byte-codes without any associated meta-data. This motivates us to propose a solution called Semantic SC (SSC) which integrates RESTful semantic web technologies in SCs, deployed on the Ethereum Blockchain platform, for indexing, browsing and annotating such SCs. The solution also exposes the relevant distributed ledgers as Linked Data for enhancing the discovery capability.

Download here

GDPR-compliant personal data management: A blockchain-based solution

Published in IEEE Transactions on Information Forensics and Security (TIFS), 2019

The General Data Protection Regulation (GDPR) gives control of personal data back to the owners by appointing higher requirements and obligations on service providers who manage and process personal data. As the verification of GDPR-compliance, handled by a supervisory authority, is irregularly conducted; it is challenging to be certified that a service provider has been continuously adhering to the GDPR. Furthermore, it is beyond the capability of the dat owners to perceive whether a service provider complies with the GDPR and effectively protects her personal data. This motivates us to envision a design concept for developing a GDPR-compliant personal data management platform leveraging the emerging blockchain and smart contract technologies.

Download here

Blockchain-based personal data management: From fiction to solution

Published in IEEE International Symposium on Network Computing and Applications (NCA), 2019

The emerging blockchain technology has enabled various decentralised applications in a trustless environment without relying on a trusted intermediary. However, when utilising Blockchain for developing a personal data management system, fictions have occurred in existing approaches and been promulgated in the literature. Such fictions are theoretically doable; unfortunately, by thoroughly breaking down consensus protocols and transaction validation processes, we clarify that such existing approaches are either impractical or highly inefficient due to the natural limitations of the blockchain and Smart Contracts technologies. This encourages us to propose a feasible solution in which such fictions are reduced by designing a novel system architecture with a blockchain-based proof of permission protocol.

Download here

Privacy Preservation in Federated Learning: Insights from the GDPR Perspective

Published in Elsevier Computers and Security (CoSE), 2020

Federated learning (FL) emerges as a prospective solution that facilitates distributed collaborative learning without disclosing original training data whilst naturally complying with the GDPR. Recent research has demonstrated that retaining data and computation on-device in FL is not sufficient enough for privacy-guarantee. This article is dedicated to surveying on the state-of-the-art privacy-preserving techniques which can be employed in FL in a systematic fashion, as well as how these techniques mitigate data security and privacy risks.

Download here

A blockchain-based trust system for decentralised applications: When trustless needs trust

Published in Elsevier Future Generation Computer Systems, 2021

Blockchain technology has been envisaged to commence an era of decentralised applications and services (DApps) without the need for a trusted intermediary. Such DApps open a marketplace in which services are delivered to end-users by contributors which are then incentivised by cryptocurrencies in an automated, peer-to-peer, and trustless fashion. However, blockchain, consolidated by smart contracts, only ensures on-chain data security, autonomy and integrity of the business logic execution defined in smart contracts. It cannot guarantee the quality of service of DApps, which entirely depends on the services performance. Thus, there is a critical need for a trust system to reduce the risk of dealing with fraudulent counterparts in a blockchain network. These reasons motivate us to develop a fully decentralised trust framework deployed on top of a blockchain platform, operating along with DApps in the marketplace to demoralise deceptive entities while encouraging trustworthy ones. The trust system works as an underlying decentralised service providing a feedback mechanism for end-users and maintaining trust relationships among them in the ecosystem accordingly.

Download here

Data Privacy Threat Modelling for Autonomous Systems: A Survey From the GDPR’s Perspective

Published in IEEE Transactions on Big Data, 2022

Preserving the data privacy and security of AI-based applications is of utmost importance. In this respect, a modelling technique for identifying potential data privacy threats and specifying countermeasures to mitigate the related vulnerabilities in such AI-based systems plays a significant role in preserving and securing personal data. Various threat modelling techniques have been proposed such as STRIDE, LINDDUN, and PASTA but none of them is sufficient to model the data privacy threats in autonomous systems. Furthermore, they are not designed to model compliance with data protection legislation like the EU/UK General Data Protection Regulation (GDPR), which is fundamental to protecting data owners privacy as well as to preventing personal data from potential privacy-related attacks. In this article, we survey the existing threat modelling techniques for data privacy threats in autonomous systems and then analyse such techniques from the viewpoint of GDPR compliance.

Download here

talks

teaching

COMPSCI4062 Cyber Security Fundamentals

Undergrad/Postgrad Course, Thompson Building, University of Glasgow, 2022

Goals of the Course and ILOs:

The aim of this course is to provide participants with the opportunity to develop a security mind-set by introducing students to introductory core material in the area of computer security.

COMPSCI5079 Cryptography and Secure Development (CSD-M)

Master course, Thomson Building 236 Lecture Theatre, 2023

Main Goals of the Course:

This course covers two main goals:

  1. Encryption and Decryption algorithms, and
  2. How to utilise the algorithms in developing secure applications.
  • The first part of this course focuses on encryption algorithms.
  • The second part of this course focuses on developing secure applications.
  • Coverage on how they are used is provided in Cyber Security Fundamentals. – More specialised courses are Enterprise Cyber Security; Cyber Security Forensics; Human-Centred Security; Safety-Critical Systems.