co 447 lec6
play

CO 447 | LEC6 BLOCKCHAIN SECURITY Dr. Benjamin Livshits Stateless - PowerPoint PPT Presentation

CO 447 | LEC6 BLOCKCHAIN SECURITY Dr. Benjamin Livshits Stateless Fingerprinting 2 EFF Fingerprinting Tester https://panopticlick.eff.org 3 Panopticlick Testing 4 IE Brave Fingerprinting Components 5


  1. CO 447 | LEC6 BLOCKCHAIN SECURITY Dr. Benjamin Livshits

  2. Stateless Fingerprinting 2

  3. EFF Fingerprinting Tester https://panopticlick.eff.org 3

  4. Panopticlick Testing 4 IE Brave

  5. Fingerprinting Components 5 https://github.com/Valve/fingerprintjs/blob/master/fingerprint.js 262: getScreenResolution : function () { ¨ 263 var resolution; 214: getPluginsString : function () { 264 if(this.screen_orientation){ 215 if(this.isIE() && this.ie_activex){ ... 216 return this.getIEPluginsString(); 270 }, ... 271 220 }, 272: getCanvasFingerprint : function () { 221 273 var canvas = document.createElement('canvas'); 222: getRegularPluginsString : function () { 274 var ctx = canvas.getContext('2d'); 223 return this.map(navigator.plugins, function (p) { 224 var mimeTypes = this.map(p, function(mt){ ... 229 }, 230 231: getIEPluginsString : function () { 232 if(window.ActiveXObject){ 233 var names = ['ShockwaveFlash.ShockwaveFlash',//flash plugin ... 260 }, 261

  6. Canvas Fingerprinting 6

  7. amiunique.org 7

  8. Fingerprint Details 8

  9. Overall Statistics: Number of entries : 525663 9

  10. Extension Fingerprinting https://extensions.inrialpes.fr 10

  11. Website Fingerprinting 11

  12. Standard Fingerprinting 12

  13. Ad Blocking 13

  14. Motivation ¨ Ads everywhere!

  15. It's Worse on Mobile Devices

  16. Over 50% Traffic From Ads!!!

  17. Solution: Ad-blocking

  18. Ad Blocking in Practice 18

  19. Blocking Lists: filterlists.com 19

  20. Speedups Due to Ad Blockers

  21. Round-Up of Crypto Exchange Hacks So Far in 2019 — How Can They Be Stopped? 21 https://cointelegraph.com/news/round-up-of-crypto- exchanges-hack-so-far-in-2019-how-can-it-be-stopped

  22. Bitrue hack 22

  23. GateHub — 18,473 accounts affected 23

  24. What to Do? 24

  25. Attacks on Crypto Exchanges 2017-2018 25

  26. Blockchain without the Hype 26 ¨ Distributed ledgers and blockchain specifically are about establishing distributed trust ¨ How can a community of individuals agree on the state of the world – or just the state of a database – without the risk of outside control or censorship ¨ Doing this with open-source code and cryptography turns out to be a difficult problem

  27. Distributed Trust 27 ¨ A blockchain is a decentralized, distributed and public digital ledger that is used to record transactions across many computers so that any involved record cannot be altered retroactively, without changing the subsequent blocks ¨ Distributed integrity allows the participants to verify and audit transactions independently and relatively inexpensively

  28. Why Blockchain? 28 ¨ The problem of double-spend(ing) ¨ This is a problem that would have to be addressed in any digital cash scheme, including schemes that preceded Bitcoin ¨ As with counterfeit money, double-spending leads to inflation by inflating the total amount in circulation ¨ This devalues the currency relative to other monetary units or goods (gold, silver) and diminishes user trust as well as the circulation and retention of the currency. ¨ Cryptographic techniques to prevent double-spending, while preserving transaction anonymity are blind signatures and, particularly in offline systems, secret splitting.

  29. Which Problems Does Blockchain Not Solve? 29 ¨ Privacy ¨ Throughput ¨ What about other properties? ¤ Auditability? ¤ Availability? ¤ Non-repudiation?

  30. Killer App 30 ¨ So far, the killer app is cryptographic money ¨ Global transaction history can be found on a public ledger like Bitcoin or Ethereum ¨ No need for a bank or a government approving your transactions ¨ You can remain largely anonymous ¨ Transactions cannot be reverted unlike SWIFT or other government-controlled payment systems ¨ Don’t need intermediaries – can control your own privacy keys

  31. Consensus Building 31 ¨ Proof-of-Work (PoW): BTC, ETH ¨ Proof-of-Stake (PoS): ¨ Delegated Proof-of-Stake (DPoS): EOS ¨ Proof-of-Authority (PoA): Quorum

  32. Lisk POS 32

  33. 51% Attacks 33 ¨ A double spending attack, is a potential attack against cryptocurrencies that has happened to several cryptocurrencies, e.g. due to the 51% attack. ¨ While it hasn't happened against many of the largest cryptocurrencies, such as Bitcoin (with even the capability arising for it in 2014), it has happened to one of its forks, Bitcoin Gold, then 26th largest cryptocurrency.

  34. Bitcoin Gold Hack 34 ¨ In 2018, Bitcoin Gold (and two other cryptocurrencies) were hit a by a successful 51% hashing attack by an unknown actor.[3] The attackers successfully committed a double spend attack on Bitcoin Gold, a cryptocurrency forked from Bitcoin in 2017 ¨ Approximately $18.6 million USD worth of Bitcoin Gold was transferred to a cryptocurrency exchange (typically as part of a pair transaction in exchange of a fiat currency or another cryptocurrency) and then reverted in the public ledger maintained by consensus of Proof-of-Work by exercising a >51% mine power

  35. 35 https://mycryptoeconomist.com/blockchain-101/

  36. Components of a Blockchain 36 Digital Ledger Digital Asset The digital ledger also known as DLT The digital asset in this case being ¨ ¨ [Distributive Ledger Technology] is bitcoin. The asset is the transaction item continually updated database of all the on the blockchain being transacted. This transactions on the blockchain. The transaction item can be any number of blockchain is comprised of transactions things not only cryptocurrencies like on a block that contain all the previous bitcoin. There are blockchains blocks transaction history ‘chained’ programmed for ID information, Legal together by Cryptographic science also documents etc.. known as Cryptography. Consensus Network Participants Consensus is used to verify every single ¨ Network participants also known as ¨ transaction from all participants on the nodes on the blockchain are connected blockchain. Without combined and computers. These computers such yours complete consensus on the blockchain or mine have stored the blockchain on network the transaction are not verified their respective hard drives and and therefore rejected. This keeps the remotely plug into it with an internet integrity of the blockchain in place. connection. This allows consensus to be Consensus is required for public made on transactions as noted above. blockchains and not necessarily private blockchains.

  37. Hacker Makes Over $18 Million in Double- Spend Attack on Bitcoin Gold Network 37 https://www.bleepingcomputer.com/news/security/hacker-makes-over-18-million-in-double-spend-attack-on-bitcoin-gold-network/

  38. ZenCash 51% Attack 38

  39. Double-Spend Observed 39

  40. Crypto51.app 40

  41. How to Estimate the Costs 41

  42. NiceHash.com 42

  43. Decentralization in Bitcoin and Ethereum Networks 43 Mining on cryptocurrency networks is a complex process that typically requires large computation power. With the current mining difficulty of Bitcoin and Ethereum, using commodity hardware to generate blocks is not feasible, which centralizes the mining process somewhat. However, as long as there are many different entities mining, the system is still decentralized. We compare the decentralization of the mining process between Bitcoin and Ethereum.

  44. Distribution of Mining Power in Bitcoin and Ethereum Networks 44

  45. Consolidation Effects 45 ¨ Figure 4 illustrates that, in Bitcoin, the weekly mining power of a single entity has never exceeded 21% of the overall power. In contrast, the top Ethereum miner has never had less than 21% of the mining power. Moreover, the top four Bitcoin miners have more than 53% of the average mining power. On average, 61% of the weekly power was shared by only three Ethereum miners. These observations suggest a slightly more centralized mining process in Ethereum

  46. Really Decentralized? 46 ¨ Even 90% of the mining power seems to be controlled by only 16 miners in Bitcoin and only 11 mine ¨ Results show that a Byzantine quorum system [53] of size 20 could achieve better decentralization than proof-of-work mining at a much lower resource cost. ¨ This shows that further research is necessary to create a permissionless consensus protocol without such a high degree of centralization.

More recommend