how to hack
play

How to Hack Blockchain Systems Parinya Ekparinya Vincent Gramoli - PowerPoint PPT Presentation

How to Hack Blockchain Systems Parinya Ekparinya Vincent Gramoli Guillaume Jourjon The University of Sydney Page 1 Blockchain Block #41 Block #42 Block #43 Block #44 Proof: Proof: Proof: Proof: 0xd00d1e 0xc0ffee 0xf00baa


  1. How to Hack Blockchain Systems Parinya Ekparinya Vincent Gramoli Guillaume Jourjon The University of Sydney Page 1

  2. Blockchain Block #41 Block #42 Block #43 Block #44 Proof: Proof: Proof: Proof: 0xd00d1e… 0xc0ffee… 0xf00baa… 0xfabfab… Parent Proof: Parent Proof: Parent Proof: Parent Proof: 0xf00baa… 0xd00d1e… 0xc0ffee… 0xf00baa… TX: Alice -> Bob TX: Mallory -> Bob TX: Ted -> Alice TX: Mallory -> Alice The University of Sydney Page 2

  3. Blockchain Block #41 Block #42 Block #43 Block #44 Proof: Proof: Proof: Proof: 0xd00d1e… 0xc0ffee… 0xf00baa… 0xfabfab… Parent Proof: Parent Proof: Parent Proof: Parent Proof: 0xf00baa… 0xd00d1e… 0xc0ffee… 0xf00baa… TX: Alice -> Bob TX: Mallory -> Bob TX: Ted -> Alice TX: Mallory -> Alice The University of Sydney Page 3

  4. The University of Sydney Page 4

  5. The University of Sydney Page 5

  6. $ 10 The University of Sydney Page 6

  7. $ 10 The University of Sydney Page 7

  8. $ 10 $ 10 The University of Sydney Page 8

  9. $ 10 $ 10 The University of Sydney Page 9

  10. $ 10 $ 10 The University of Sydney Page 10

  11. $ 10 $ 10 The University of Sydney Page 11

  12. $ 10 $ 10 The University of Sydney Page 12

  13. What da h… $ 10 The University of Sydney Page 13

  14. The University of Sydney Page 14

  15. Q: is it possible to double spend on Ethereum with network attacks? The University of Sydney Page 15

  16. Approaches to study … – Goals: 1. How the blockchain system decide a block? 2. How the blockchain system resolve fork? The University of Sydney Page 16

  17. Approaches to study … – Goals: 1. How the blockchain system decide a block? 2. How the blockchain system resolve fork? – Reading the documentation – Scattered and un-organised information: website, wiki, github, issue tracker, yellow paper , etc. – Lack of necessary information – Intention ≠ Actual implementation – Reading the code !! – Running it for real because the devil is in the detail … The University of Sydney Page 17

  18. Decided Blocks and Committed Transactions in PoW/Ethereum – Given a blockchain with parameter k, a block at index i is decided when the chain depth reaches i+k – A transaction is committed if it belongs to a decided block i i+1 0 1 i+k-1 i+k Decided Undecided Transaction block block The University of Sydney Page 18 Ekparinya et al, "Impact of Man-in-the-middle Attacks on Ethereum"

  19. Expected Branch Selection in PoW/Ethereum: GHOST The University of Sydney Page 19

  20. Expected Branch Selection in PoW/Ethereum: GHOST The University of Sydney Page 20

  21. Actual Branch Selection in PoW/Ethereum: Highest total difficulty The University of Sydney Page 21

  22. Actual Branch Selection in PoW/Ethereum: Highest total difficulty The University of Sydney Page 22

  23. Example 1: Man-in-the-middle Attack against PoW The University of Sydney Page 23

  24. Example 1: Man-in-the-middle Attack against PoW The University of Sydney Page 24

  25. Example 1: Man-in-the-middle Attack against PoW The University of Sydney Page 25

  26. Example 1: Man-in-the-middle Attack against PoW The University of Sydney Page 26

  27. Example 1: Man-in-the-middle Attack against PoW The University of Sydney Page 27

  28. Decided Blocks and Committed Transactions in AuRa PoA/Ethereum – A decision requires strictly more than half, only one partition may decide blocks Can decide a block The University of Sydney Page 31

  29. Branch Selection in AuRa PoA/Ethereum : Longest branch The University of Sydney Page 32

  30. Branch Selection in AuRa PoA/Ethereum : Longest branch The University of Sydney Page 33

  31. Example 2: The Cloning Attack against PoA The University of Sydney Page 34

  32. Example 2: The Cloning Attack against PoA The University of Sydney Page 35

  33. Example 2: The Cloning Attack against PoA The University of Sydney Page 36

  34. Example 2: The Cloning Attack against PoA The University of Sydney Page 37

  35. Example 2: The Cloning Attack against PoA The University of Sydney Page 38

  36. The requirements for the experiments – Control over computing resources ➢ OpenStack Private Cloud – Network control and isolation ➢ Virtual switches, Virtual routers (Quagga) and VLAN – Highly automated ➢ OpenStack API and Ethereum API – Robust data collection ➢ Elasticsearch The University of Sydney Page 39

  37. Testbed Provisioning The University of Sydney Page 40

  38. Testbed Provisioning The University of Sydney Page 41

  39. Testbed Provisioning The University of Sydney Page 42

  40. Testbed Provisioning The University of Sydney Page 43

  41. Time for Discussions !! The University of Sydney Page 44

Recommend


More recommend