Q1. What mistakes did AstraZeneca make?

Ans1: AstraZeneca is one of the world’s top pharmaceutical company with a worldwide
market reach. In July 2007, AstraZeneca entered into a $1.4 billion contract with IBM
for a seven-year global s trategic sourcing for the provision of IT infrastructure
services to 60 countries. However in 2011 AstraZeneca terminated the SLA and terminated
the contract. It has failed to realize that

IT infrastructure and R&D are both crucial to a pharmaceutical company

The drug discovery techniques are very changing rapidly
 The present IT infrastructure of IBM may not able to support all the global
vendor applications.
 Astra Zeneca’s business model was changing rapidly than the contract could
accommodate
 Astra Zeneca failed to cover all details of an eventual and critical part of the contract:
its termination.
 Astra Zeneca could not estimate correctly its own IT infrastructure needs on a 7 year
term basis

Q2. What mistakes did IBM make?

Ans2: IBM is the pioneer and world leader in the IT infrastructure services domain.
Hence it was very eager in the outsourcing contact with AstraZeneca chiefly because; this
contract can be shown as a business model for other companies that wish to use their
information technology infrastructure services outsourcing. The mistakes commited in
drafting the contract were:
 Termination procedures and obligations on both the partners were not mentioned in the
contract.
 IBM knew that in a long-term IT outsourcing contracts they would accrues profit by
making major investment in the first two years as the service is set up and customized
and then making its profit margin in the last two or three years. They failed to cover the
last two or three year’s mandatory implementation in their contract.
 IBM failed to cover all details for contract termination, such as the continuing
services that have to be provided and what their fees should be.

Q3. Why are outsourcing contracts for five or more years?

Ans: An IT infrastructure service outsourcing contract includes the installation of server

hosting and storage for scientific, network and communications, commercial, and supply
chain operations for the entire global sites of the client company. Hence in an outsourcing
contract the Technology company makes major investment in the first two years as the IT
infrastructure service is set up and customized and then starts making its profit margin in
the last two or three years. Hence any outsourcing contract is for five or more years.
Q4. Why do you think two major corporations could make such mistakes?

Ans: Every business entity keeps on evolving and changing in its continuous day to day
existence. Hence its needs and wants also change at the same speed measure. Most major
corporations could make contract-drafting mistakes if they do not take in account their
own growth pace and the associated technical and other needs it requires. The
AstraZeneca and IBM IT infrastructure service outsourcing contract deal failed as it used
the outcome-based specifications model.

Q5. Do you think the 2007 SLA was doomed to fail? Explain your answer.

Ans: The 2007 SLA was doomed to fail as it was based on outcome-based specifications
model and hence does not include estimation for its own growth pace and the associated
technical and other needs its requires.

Q6. What provisions in the 2012 SLAs protect AstraZeneca and the vendors?

Ans: In the 2012 SLAs the special provisions drafted to ensure business protection to
AstraZeneca and the vendors are

Implement multiple contracts with various vendor companies like Computacenter, HCL,
AT&T, and Wipro for different IT services.

The new IT service contracts include the standard provisions of, namely SLAs and
pricing, and also a cooperation policy.

It includes 13 principles that specify the terms of collaboration between the vendor and
vendee company’s.

One of the principle is “fix first, pay later.” Wherein the vendor company cooperates to
fix a technology error ASAP without asking questions about cost.

In return for fast solutions, the vendee company AstraZeneca has to commit a faster
payment to the vendor.

Finally in the event of a contract conflict, both parties can appeal to an independent
arbiter who oversees the cooperation policy between the two companies.

Q7. Why would parties prefer to use an arbitrator instead of filing a lawsuit in court?

Ans: In any mutually agreed business contract usually both the companies prefer to use
an arbitrator instead of filing a lawsuit in court as it not only saves the precious business
time of both the companies in resolving their differences but also protects them from
being affected by damage to their good will in the market due to the failure of the
contract between them. Hence Astra Zeneca and its vendors prefer an arbitrator to resolve
their contract issues.
 Cryptocurrency Security Issues
Rajeev Chowdary
Abstract: The term cryptocurrency defines
the various types of digital currencies,
alternative currencies and virtual currencies
that are designed to work as a medium of
exchange in a peer to peer electronic cash
exchange system. Crypto Currency uses
cryptography technologies to ensure
complete security of its transactions, to
control the creation of additional digital
currency units, and to record the transfer of
assets or other transactions into a peer to
peer distributed append-only enabled public
ledger called blockchain. Today there exist
approximately 1200 different types of crypto
currencies in the present world.
The blockchain, is a decentralized
public transaction database, that functions as
a distributed ledger, wherein all the
transactions committed to the entries of
crypto currency are recorded and displayed
publicly in a peer to peer environment. The
Blockchain stores all the crypto currency
transaction entries in a public ledger as a
sequence of transaction blocks. Each
individual block contains a hash value of the
previous block, and so on the chain grows as
new transactions are verified and added to
the chain.
The primary security feature of all
crypto currencies is the implementation of
the incentive compatible proof-of-work
(PoW) based distributed consensus protocol,
which is executed by incentive based
network nodes called miners in a peer to
peer network environment. The miners act
as agents who are authorized to add a block
to the chain. Their approach of adding a
block relies on a set of cryptographic
puzzles, known as proofs of work, in order
to reach consensus. The longest chain, as
measured by computational effort exerted, is
assumed as the consensus chain and entered
into the block chain database. The miners
take incentive and in return, the block chain
ledger entries detailing the various crypto
currency transactions are checked and
verified for their integrity. This ensures total
security by a decentralized third party
verification by miners who have no stake in
the crypto currency block chain other than
the incentives they receive.
Index Terms—Cryptocurrency, Block Chain,
POW, security threats, data privacy, user
validation.
Introduction:
Since the launch of crypto currency
on 09 January 2009, with the introduction of
Bitcoin crypto currency by Satoshi
Nakamoto, Japanese software developer on
the Source Forge website, its market
capitalization value has grown
phenomenally at an significant growth rate,
amounting to its present net worth of about
one trillion American dollars.
However, this phenomenally
exponential growth in the market
value of crypto currency significantly
motivates many malicious entities to identify
and exploit the various vulnerabilities
existing in crypto currency for their personal
profit. Hence this research article, I
systematically delves deeply on procedures
and methods to discover all reported and
unreported new vulnerabilities in the crypto
currency system[1], proposes appropriate
countermeasures, and accordingly predict
upcoming security threats trends.[2]
As part of my systematic vulnerability
research study, I mention all the various
concepts and features of crypto currency that
may lead to security threats and data privacy
hazards. Initially an overview of all the
major components of a crypto currency
system are mentioned, in detail along with
their respective functionality, underlying
major technologies and their associated
interactions within the crypto currency
system. Later the existing vulnerabilities of
the previously mentioned features of crypto
currency that may lead to various security
threats to the normal functionality of crypto
currency is discussed in detail along with
their associated threat security solutions that
can resolve them. For my research study, I
have used Bitcoin crypto currency as a
crypto currency specimen to conduct survey
based research on my topic Cryptocurrency
Security Issues
Technology behind Bitcoin: Bitcoin coins,
BTC or simply bitcoins is a crypto currency
based secure electronic payment system that
enables digital transactions involving virtual
currency in the form of digital tokens over a
peer-to-peer network environment. Bitcoin
has been designed by its creator Satoshi
Nakamoto [3] as a open-source using block
chain technology, hence nobody owns or
controls it. It consists of a decentralized
block chain technology based limited entries
database that operates without any trusted
third party authority like a central bank,
central manager, a Chartered Accountant, a
notary, or any other centralized information
technology based service. Each individual
Bitcoin owner has full rights and control
over his/her crypto currency, and could sell
or spend their Bitcoins anytime and
anywhere without the indulgence or
approval of any centralized Bitcoin
authority.
The five main technologies used in
Bitcoin and all other crypto currencies are 1)
peer-to-peer (P2P) network environment 2)
decentralized electronic payment system 3)
probabilistic distributed consensus protocol.
4) Incentive based miners and 5)
Asymmetric cryptography key based secure
digital hash tokens.
1) peer-to-peer (P2P) network environment:
A peer-to-peer (P2P) network was initially
created way back, in the early 1980’s when
two or more computers were connected
together in a network environment to share
all mutual resources without going through a
separate server computer control or
authorization process. A peer to peer
network connection can be created through
an ad hoc connection (two or more
computers connected via a Universal Serial
Bus to transfer files) or through an
permanent network infrastructure that links
all computers using twisted pair copper
wires. Typically, an office or home P2P
networks operates over Ethernet (10M
bit/sec) or Fast Ethernet (100M bit/sec) or a
Gigabit Ethernet (1024 bits/sec) and
implements a hub-and-spoke topology also
called as start topology using Category 5
(Cat 5 twisted-pair) copper wire runs among
the PCs and an Ethernet hub or switch,
enabling users of those P2P networked
computers to share and access one another's
hard drives, printers or even share an
Internet connection. In summary, every
computer connected in a P2P network works
as a server as well as a client. No special
network operating system is necessary on
the computers in a P2P network
environment and no need of advanced
special server-side network applications like
directory services , global catalog server,
DNS server, Routers, VLANS, DHCP server
or BOOTP server.
In a P2P network environment, all resource
access rights are set and governed by
implementing sharing permissions on each
individual computer.
Crypto currency uses such a peer to
peer network environment to share, sell,
spend digital currency through hashed
transactions. Crypto currencies like Bitcoin
uses special protocols like probabilistic
distributed consensus protocol and
applications for decentralized electronic
payment system to set up direct relationships
among peer to peer network group users
over the Internet communication channel
itself.
Vulnerabilities and solutions
The security vulnerabilities in an
Peer to Peer network environment are its
access permission which have to be set
rigidly encompassing the parameters of the
P2P network environment[4]. The resources
sharing and access rights of each user of the
node computers must be set with strict
security policy based guidelines.
2) Decentralized virtual currency electronic
payment system – EPS or Electronic
payment systems are governmental and non-
governmental organizations that issue their
own version digital currency, create and
implement new methods for their virtual
currency distribution and provide all
provisions to conduct for electronic financial
transactions securely[6]. A typical EPS is an
part of large Internet companies, wherein
they use virtual currency as an element of
their business activity.
Vulnerabilities and solutions
Every electronic payment system issues its
own developed version of electronic
currency that corresponds to paper currency.
Each virtual currency differ in levels of
technology used, development criteria,
functionality, coverage, and intended usage
purpose.
The primary security issue that raises
is the development process are that these
virtual currency exists only in the form of
records in the database (DB), in which
where all transactions between the seller and
buyer are conducted using the addresses of
sender / recipients. For security purposes all
these transactions are stored unencrypted in
the database, without mentioning the actual
information about the real owner of these
addresses. For further privacy of the virtual
currency owner there are no records
committed or stored to the database
regarding the amount of bitcoins owned by
the him or her. The real amount of virtual
currency hold by any given addressee could
be estimated only through the transactional
chain records. However the estimation of
how many virtual currencies are listed for
the owners address are made by client
programs.
3) Probabilistic distributed consensus
protocol.
The primary security feature in all crypto
currencies is the implementation of the
incentive compatible proof-of-work (PoW)
based distributed consensus protocol and
probabilistic distributed consensus protocol,
The former protocol is executed by incentive
based network nodes called miners in a peer
to peer network environment [7]. The miners
act as agents who are authorized to add a
block to the chain. Their approach of adding
a block relies on a set of cryptographic
puzzles, known as proofs of work, in order
to reach consensus As the digital currency
has matured, virtual currency mining has
become more challenging and complex.
Vulnerabilities and solutions
In this feature the chief vulnerability
lies in the interactive consensus consistency
that may vary from computer to computer
and hence needs strict policy based protocol
implementation
4) Incentive based miners
Crypto currencies like Bitcoin use a
decentralized electronic payment system that
maintains a public transaction ledger in a
distributed manner. Anonymous participants
called miners, who implement a
Probabilistic distributed, maintain this public
transaction ledger consensus protocol that
maintains and extends a distributed data
structure called the block chain. Crypto
currency payers broadcast their payment
transactions and miners record these
transactions into the blocks they generate.
The miners are rewarded by receiving newly
minted bitcoins. In this procedure the crypto
currency are created and distributed
among the miners who are rewarded with
the first recipients of the freshly minted
digital currency which they can sell or
spend.
Vulnerabilities and solutions
As of today, the digital currency has
matured to a fair degree, and hence it has
become more challenging to mint it in terms
of cryptography puzzle resolution and the
computing power to resolve it. As the
minting cycles increase, the encrypted hash
problems have become so complicated that
it requires a lot of expensive and
collaborative computing power to resolve it.
This causes the primary vulnerability in the
miners related risks where some miners have
started compromising public Wi-Fi networks
to hack and access public mobile devices to
continue mining of virtual currency. Such
type of malicious hijack attacks incidents
were reported all over the world and hence
To protect our computing device
from any such computing resource stealing
attack we must ensure that all of the
operating system is configured to provide
enhanced security to its security
applications. Once the Operating System is
fully updated it become virtually impossible
to hack it or steal the data. Next the websites
are compromised to collect user data and
phone nunbers which can be later used to
hack then and convert then to a crypto
zombie to assist in the cryptho hash code
resolving process. Using anti virus and anti
hacking software we can prevent its
happening.
5) Asymmetric cryptography key based
secure digital hash tokens – Asymmetric
cryptography public and private keys
technology is used in all crypto currency
based electronic payment systems[5]
including Bitcoins information regarding the
payment transactions that involves the
transfer of bitcoins between one user(seller
or spender) to another user (buyer) the
buyers destination address which is called
Bitcoin address is generated by the block
chain technology by performing a series of
irreversible cryptographic hashing
operations on the seller / spender user’s
public key.
Vulnerabilities and solutions
As an security measure, a Bitcoin
owner can have multiple destination[8]
addresses (cryptographic hashes) by
generating multiple public keys and
associate these multiple addresses with one
or more of crypto currency digital wallets.
The private key of the selling user is
required to sell or spend their owned
bitcoins in the form of digitally signed
transactions that are promptly recorded, into
the limited entries block chain based
database. By using the destination address
hash of the public key as a receiving address
provides the selling user a degree of security
by anonymizing his identity to the buying
user.
Conclusion: In this research, study of all the
five primary security concerns of a typical
crypto currency like Bitcoin are evaluated in
detail through the perspective of their crypto
currency features and technologies involved.
The related solutions to resolve these
identified vulnerabilities are also described
in brief.
References:
[1] Mauro Conti, Senior Member, IEEE,
Sandeep Kumar E, Member, IEEE, Chhagan
Lal, Member, IEEE, Sushmita Ruj, Senior
Member, IEEE, (2016) A Survey on
Security and Privacy Issues of Bitcoin
[2] Bag, S., Ruj, S., Sakurai, K. (2017):
Bitcoin block withholding attack: analysis
and mitigation. IEEE Trans. Inf. Forensics
Security. 12(8), 1967–1978
[3] Satoshi Nakamoto, (2008) “Bitcoin: A
peer-to-peer electronic cash system,”
Available: http://bitcoin.org/bitcoin.pdf
[4] A. Maria, Z. Aviv, and V. Laurent,
(2017) “Hijacking bitcoin: Routing attacks
on cryptocurrencies,” in Security and
Privacy (SP), 2017 IEEE Symposium on.
IEEE
[5] A. Lei, H. Cruickshank, Y. Cao, P.
Asuquo, C. P. A. Ogah, and Z. Sun, (2017),
“Blockchain-based dynamic key
management for heterogeneous intelligent
transportation systems,” IEEE Internet of
Things Journal, no. 99,
[6] F. Tschorsch and B. Scheuermann,
(2016), “Bitcoin and beyond: A technical
survey on decentralized digital currencies,”
IEEE Communications
Surveys Tutorials, vol. 18, no. 3, pp. 2084–
2123,
[7] M. Rosenfeld, (2011), “Analysis of
bitcoin pooled mining reward systems,”
CoRR, vol. abs/1112.4980,
[8] O. Schrijvers, J. Bonneau, D. Boneh, and
T. Roughgarden,(2017), Incentive
Compatibility of Bitcoin Mining Pool
Reward Functions. Springer
Berlin Heidelberg, pp. 477–498