Developers Forum for XinFin XDC Network

chanakya chowdary vasantha
chanakya chowdary vasantha

Posted on • Updated on

[Hackathon] SecureScan:Secure Email Analysis with AI and Blockchain Technology, AI Voice Calling Assistants for alert

What is SecureScan?
SecureScan is an innovative application that uses advanced AI to analyze emails for phishing threats and leverages blockchain technology to maintain the integrity and traceability of email analysis. This dual approach ensures that users are not only alerted to potential phishing attempts but can also verify the authenticity of the analysis, thanks to the immutable nature of blockchain.
Image description

Key Features of SecureScan

  1. Advanced AI Email Analysis:
    Utilizes the latest models from OpenAI to evaluate the content of emails.
    Scores emails based on their likelihood of being a phishing attempt, providing users with a clear metric of threat level.
    Offers detailed explanations for each score, helping users understand why an email was flagged as suspicious.

  2. Blockchain-Enhanced Security:
    Stores hashes of analyzed emails on the XinFin Network, an Ethereum-compatible blockchain platform, ensuring data integrity.
    Allows users to verify the authenticity of the email analysis at any time, providing a reliable method to contest or confirm phishing allegations.
    Deployed smart contract
    Image description

  3. User-Friendly Interface:
    Built with H2O Wave, the app features a sophisticated yet intuitive user interface that makes navigation and operation as straightforward as possible.
    Real-time updates and interactive elements ensure a responsive user experience, tailored for both technical and non-technical users.
    Grouping Searching Filtering can be used to get required emails with ease
    Image descriptionImage description

  4. Comprehensive Email Fetching:
    Integrates securely with email servers using IMAP over SSL, protecting users as they fetch and analyze emails.
    Compatible with all major email providers, ensuring that it can be widely used without compatibility issues.
    Emails fetched are getting Stored on XDC Block Chain.
    Image description

How SecureScan Works?

  1. Login and Fetch: Users log in with their email credentials. SecureScan fetches emails directly from their inboxes using encrypted connections.

  2. Analyze: Each email is analyzed by AI based on its content and metadata. The AI model scores each email and provides a detailed explanation of its findings.
    Here We have the advantage of prompting according to a organization needs to detect phishing emails

  3. Store and Verify: For each analyzed email, a hash is generated and stored on the blockchain. This hash serves as proof of the email's content at the time of analysis.

Special Feature of SecureScan:

Automated AI Voice Calling Assistant for Phishing Awareness: SecureScan includes an innovative feature where an automated AI voice assistant proactively calls users to inform them about potential organization-specific phishing threats. Administrators can utilize this assistant to alert users about possible spam and malicious attacks that are tailored to their organization's unique security concerns. This proactive communication helps in educating and preparing users against specific tactics that cyber attackers might use against them.
Image description
select an email to see the detailed phishing analysis report
Image description
you can click on the call user button to call the user, to let them know about the phishing email and how to react to it. The AI Assistant converses in realtime with the user

Smart Contract To store Email Data:

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.7;

contract EmailDetailStorage {
    address public owner;
    struct EmailDetails {
        string sender;
        string conversationHistory;
        uint phishingScore;
        string explanation;

    mapping(string => bytes32) private emailHashes; // Maps UID to email hash
    mapping(string => EmailDetails) private emailData; // Maps UID to email details

    event HashStored(string uid, bytes32 emailHash);
    event HashRetrieved(string uid, bytes32 emailHash);
    event DetailsStored(string uid, string sender, uint phishingScore, string explanation);
    event DetailsRetrieved(string uid, string sender, uint phishingScore, string explanation);

    constructor() {
        owner = msg.sender;  // Set the owner of the contract to the deployer

    // Modifier to restrict certain functions to the contract's owner
    modifier isOwner() {
        require(msg.sender == owner, "Caller is not the owner");

     * Store the hash of an email's contents along with sender, conversation history, phishing score, and an explanation.
     * @param uid the unique identifier for the email
     * @param hash the SHA-256 hash of the email's contents
     * @param sender the sender of the email
     * @param conversationHistory the conversation history as a string
     * @param phishingScore the phishing score as an integer
     * @param explanation the explanation regarding the phishing score or email
    function storeEmailData(
        string calldata uid,
        bytes32 hash,
        string calldata sender,
        string calldata conversationHistory,
        uint phishingScore,
        string calldata explanation
    ) external isOwner {
        require(emailHashes[uid] == 0, "Data already exists for this UID");

        emailHashes[uid] = hash;
        emailData[uid] = EmailDetails({
            sender: sender,
            conversationHistory: conversationHistory,
            phishingScore: phishingScore,
            explanation: explanation

        emit HashStored(uid, hash);
        emit DetailsStored(uid, sender, phishingScore, explanation);

     * Retrieve the hash and details of an email using UID.
     * @param uid the unique identifier for the email
     * @return hash the SHA-256 hash of the email
     * @return sender the sender of the email
     * @return conversationHistory the conversation history
     * @return phishingScore the phishing score
     * @return explanation the explanation about the email
    function retrieveEmailData(string calldata uid) external view returns (
        bytes32 hash,
        string memory sender,
        string memory conversationHistory,
        uint phishingScore,
        string memory explanation
    ) {
        require(emailHashes[uid] != 0, "No data stored for this UID");

        EmailDetails storage details = emailData[uid];
        return (

     * Change the owner of the contract.
     * @param newOwner the address of the new owner
    function changeOwner(address newOwner) external isOwner {
        require(newOwner != address(0), "New owner is the zero address");
        owner = newOwner;
Enter fullscreen mode Exit fullscreen mode

Helper Function to store data on chain

def store_email_data_on_chain(uid, email_body, sender, conversation_history, phishing_score, explanation):
        uid = str(uid)  # Ensure UID is a string as expected by the ABI
        private_key = '1913b305c73fdd97e6565d6a2c8a0baf51030d52c29a4f847b94b79a1eca32dc'
        account = w3.eth.account.from_key(private_key)
        email_hash = w3.keccak(text=email_body)
        sender_address = account.address
        #print(f"Sender Address: {sender_address}")

        #print(uid, email_hash, sender, conversation_history, phishing_score, explanation)
        # Retrieve account balance
        balance = w3.eth.get_balance(sender_address)
        print(f"Account balance: {w3.from_wei(balance, 'ether')} XDC")

        # Gas estimation
        gas_price = w3.eth.gas_price
        gas_limit = 400000  # Adjusted for possibly greater transaction complexity
        total_cost = gas_price * gas_limit
        print(f"Estimated gas cost (in wei): {total_cost} (Gas price: {gas_price}, Gas limit: {gas_limit})")

        if balance < total_cost:
            return f"Error: Insufficient funds for the transaction. Required: {w3.from_wei(total_cost, 'ether')} XDC, Available: {w3.from_wei(balance, 'ether')} XDC"

        # Transaction count (nonce) for the sender's address
        nonce = w3.eth.get_transaction_count(sender_address)

        # Build the transaction
        tx = contract.functions.storeEmailData(uid, email_hash, sender, conversation_history, phishing_score, explanation).build_transaction({
            'chainId': 51,  # Chain ID for XinFin MainNet, use 51 for Apothem Testnet if necessary
            'gas': gas_limit,
            'gasPrice': gas_price,
            'nonce': nonce,

        # Sign the transaction with the sender's private key
        signed_tx = account.sign_transaction(tx)

        # Send the transaction
        tx_receipt = w3.eth.send_raw_transaction(signed_tx.rawTransaction)
        return tx_receipt.hex()
    except Exception as e:
        return f"Error: {str(e)}"

Enter fullscreen mode Exit fullscreen mode

helper function to retrieve email data from the chain

def get_email_details(uid):
    return contract.functions.getEmailDetails(uid).call()

Enter fullscreen mode Exit fullscreen mode
  1. github-link:
  2. Youtube-link:

Discussion (0)