Security Assessment of Authentication and Authorization Mechanisms in Ethereum, Quorum, Hyperledger Fabric and Corda Marie-Jeanne Lagarde, Master's thesis 2018-2019
Agenda Introduction Motivation 1. Scope 2. Research Questions 3. Methodology Roadmap 1. Analysis framework 2. Hypothesis 3. Platform Security Assessment Experiments 4. Threat model 5. Ethereum 1. Quorum 2. Hyperledger Fabric 3. Corda Discussion 4. Conclusion � 2
Introduction Motivation 1. Scope 2. Research Questions 3. Methodology Roadmap 1. Analysis framework 2. Hypothesis 3. Platform Security Assessment Experiments 4. Threat model 5. Ethereum 1. Quorum 2. Hyperledger Fabric 3. Corda Discussion 4. Conclusion � 3
Motivation Blockchain Attackers Industry � 4
Scope: definition of the subject “Security of main blockchain technologies” 4 platforms Area of interest Ethereum Authentication: verifying the proclaimed identity Quorum Hyperledger Fabric Authorization: verifying the access rights Corda � 5
Research Questions How are the mechanisms designed and implemented? RQ1 What are the vulnerabilities? RQ2 How can we harden the systems? RQ3 � 6
Introduction Motivation 1. Scope 2. Research Questions 3. Methodology Roadmap 1. Analysis framework 2. Hypothesis 3. Platform Security Assessment Experiments 4. Threat model 5. Ethereum 1. Quorum 2. Hyperledger Fabric 3. Corda Discussion 4. Conclusion � 7
Roadmap Implementation: Deployments & Experiments Design Analysis Contributions: Security Assessment & Hardening Guidelines � 8
Analysis Framework Implementation: Deployments & Experiments 1) Network permissioning 2) Transaction 3) Remote user (off-site location access) Design Analysis Contributions: Security Assessment & Hardening Guidelines � 9
Hypothesis for deployment H1 Most deployed platform versions are the most likely to be targeted by attackers H2 Users tend to adapt their systems from existing official sample scripts Ethereum Quorum Hyperledger Fabric Corda Hyperledger Fabric v1.3.0 Corda Example Dapp v3.3 Geth Client v1.8.23 Quorum 2.2.1 using 7nodes using Deploy your first network demo with Tessera tutorial � 10
Experiments: a Total of 18 Experiments Conducted Implementation: Deployments & Experiments Role of the experiments: ● Assess behaviour ● Test uncertain behaviours ● Assess the popularity of known attacks Design Analysis Contributions: Security ● Demonstrate possible vulnerabilities Assessment & Hardening Guidelines � 11
Threat model definition 1) Authentication threats: Implementation: Deployments ● Brute force / dictionary attack & Experiments ● Password sniffing attack ● Key compromise attack ● Replay attack ● MITM / Session hijacking ● Source non-repudiation ● DDoS and DoS 2) Authorization threats: ● Elevation of privileges ● Exploitation of access granting vulnerabilities Design Analysis Contributions: Security Assessment & Hardening Guidelines 3) Security single points of failure 4) Default parameters vulnerabilities � 12
Introduction Motivation 1. Scope 2. Research Questions 3. Methodology Roadmap 1. Analysis framework 2. Hypothesis 3. Platform Security Assessment Experiments 4. Threat model 5. Ethereum 1. Quorum 2. Hyperledger Fabric 3. Corda Discussion 4. Conclusion � 13
Ethereum: Authentication and Authorization Mechanisms Authenticated channel for node communication key-based Transaction sender authentication key-based General remote user authentication non-existing Account owner remote authentication passphrase-based Remote user authorization Depends on which modules are enabled � 14
Experiment: RPC honeypot Gather information about the motives and tactics of attackers Goals Setup • Deploy a node with all RPC • Default account unlock duration modules enable listening to all 300s incoming port . • Measure the likelihood of an • Capture the traffic during one attack occuring within this and a half hour using lapse of time Wireshark. � 15
Experiments: RPC honeypot results 10849 packets observed from 13 different ● attackers The largest interval between two attempts is 20 ● seconds Dictionary attack ● Main purpose is financial benefits ● Packet captured with Wireshark � 16
Authentication Vulnerabilities Node authenticated Remote account owner Communication authentication Man-in-the-Middle and Passphrase brute force Session Hijacking and dictionary attacks RLPx handshake is RPC is stateless ● ● considered to be broken: aes-secret and mac-secret are reused for both reading Passphrase sniffing and writing RPC is plain text ● Isolate a node from the Isolate a node from the Funds stealing Funds stealing DDoS and DoS Man-in-the-Middle network network No authentication ● ✓ Session Hijacking If account default unlock ● duration is different from 0 By default, APIs disabled Key compromise: Elliptical curve secp256k1 vulnerable to Pollards rho speed up attacks (Hartwig Mayer research [1] , only successful on 109 bit long keys) � 17
Quorum : Authentication and Authorization Mechanisms of Ethereum Permissioned Platform Key-based and optionally certificate-based if TLS CA Node authentication Transaction sender authentication key-based Transaction receiver authorization ACL General remote user authentication non-existing Account owner remote authentication passphrase-based Remote user authorization Depends on which modules are enabled TLS can be enabled in the modes: CA, Trust on First use (TOFU), whitelist � 18
Experiments : permissioning & honeypot Triggers inconsistent behaviour 1) Different permissioning files TLS Mode None CA TOFU & TOFU Whitelist CA Dynamic Yes Yes Yes Yes No addition of 2) Dynamicity of addition/revocation a node Dynamic Yes Yes via Yes via No No revocation CRL CRL of a node 3) Honeypot for espionage No attacker is detected � 19
Authentication Vulnerabilities: many similarities with Ethereum Node authentication Remote account owner Block communication via authentication HTTP If TLS disabled : Man-in- Passphrase brute force If TLS disabled: Man-in-the- the-Middle and and dictionary attacks Middle, replay attack, Session Hijacking RPC is stateless source non-repudiation, ● By default, TLS disabled By default, RPC enabled By default, TLS disabled RLPx handshake is ● DDoS and DoS Passphrase sniffing considered to be broken. Espionage/Sabotage Espionage/Sabotage Espionage/Sabotage Espionage/Sabotage Espionage/Sabotage Espionage/Sabotage RPC is plain text ● If mutual TLS disabled: Man-in-the-Middle DDoS and DoS Session Hijacking Key compromise: Elliptical curve secp256k1 vulnerable to Pollards rho speed up attacks (Hartwig If account default unlock ● duration is different from 0 Mayer research [1] , only successful on 109 bit long keys) � 20
Vulnerabilities Exploitation of Access Granting and Single points of failure Elevation of Privileges Revoking Vulnerabilities ● TLS TOFU and Whitelist Module-enabling attacks ● Root CA is used for TLS ● modes do support node and Identity revocation Transaction access ● using RPC ● Different permissioning files Additional vulnerability: TOFU mode prevents a node from changing a compromised key pair. � 21
Hyperledger Fabric : Authentication and Authorization Mechanisms Certificate-based Message sender authentication Node role granting ABAC Transaction sender authorization ACL Hyperledger Fabric offers a module called Fabric CA which handles certificate issuing. � 22
Experiment A malicious majority can New prevent an organization Org from being noticed of a change in the configuration 1) Majority vote Org3 removal (but Org3 is not noticed that it has been removed) 2) Majority vote New Org Addition 3) Majority vote Org3 Addition (but Org3 is not noticed that it has been re-added) � 23
Authentication Vulnerabilities Message sender Message sender authentication in Fabric CA authentication If client authentication is disabled: brute force and dictionary attacks, DDoS and DoS Sabotage (inoperative Malicious registrations If mutual TLS is disabled: network) DDoS and DoS If TLS disabled: sniffing, replay, MITM and session hijacking By default, TLS disabled attacks By default, mutual TLS disabled � 24
Vulnerabilities Exploitation of Access Granting and Single points of failure Elevation of Privileges Revoking Vulnerabilities Single node orderer Lack of smart contract No support to revoke ● ● TLS certificates sandboxing causing Single root CA: if possible elevation of ● No expiration of ● same root CA is used privileges (Nettitude, identity certificate for TLS and MSP Security Assessment identities report [2] ) � 25
Corda: Authentication and Authorization Mechanisms Message sender authentication Certificate-based Node role granting ABAC Transaction sender authorization Depends on notaries nodes General remote user authentication Password-based Remote user authorization Capability list � 26
Recommend
More recommend