Download pdf - Hacking Blockchain - RSA Conference · SESSION ID: #RSAC Konstantinos Karagiannis Hacking Blockchain PDAC-T10F Chief Technology Officer, Security Consulting BT Americas @konstanthacker

SESSIONID:SESSIONID:

#RSAC

KonstantinosKaragiannis

HackingBlockchain

PDAC-T10F

ChiefTechnologyOfficer,SecurityConsultingBTAmericas@konstanthacker

#RSAC

Anotherseachangeuponus

#RSAC

ItallstartedHalloween2008…

3

#RSAC

Bitcoin

4

Satoshi’saltruisticgoalsmet

Stronginvestment—5milliondollarpizza

Widespread“positioning”ofcryptocurrency

Literallyandfigurativelycreatedtheblockchainmovement

#RSAC

Blockchain transactionandverification

5

Partiesexchangedata

Transactionverifiedorqueued

#RSAC

Blockchain structureandvalidation

6

Eachblockidentifiedbyhash

Blocksmustbevalidatedtobeaddedtochain

#RSAC

Blockchain mining andchain

7

Miners“solvepuzzle”(proofofwork)

Minersrewarded,blockaddedtomajoritychain

#RSAC

Blockchain defense

8

Tryingtosubmitanalteredblockwouldchangehashfunctionofthatblockandallfollowingblocks—nodeswoulddetectandrejectblock.

#RSAC

Someproposedblockchain applications

9

Digitalassets

Identity(blackbox)

Verifiabledata

Smartcontracts

#RSAC

Attackspastandpresent

#RSAC

Quickcaveat

11

NotallowedtodiscussvulnerabilitiesfoundduringethicalhacksofBT-clientfinancialapplications

Publicizedexamplesfollowtohighlighttypesofattackspossible

Mayuseoccasional“guesses”tofillinblanksbasedonexperience

IfI’mwrong,Iknowtheattacksstillwork!

#RSAC

1RETURN– responsibledisclosure

12

Firstsecurityvuln identifiedJuly,2010byArtForz

Allowsspendingofotheruser’sbitcoinsviaSig OP_1 OP_RETURN

Satoshikept1RETURNquietasherolledoutapatch

ArtForz provedSatoshi’sbeliefearlyuserswouldwanttomaintainvalueinBitcoin

#RSAC

Attacksagainstblockchain infrastructure

13

Mt.Gox firstmajorbitcoindisasterJune2011:$8millionstolen(adminpw)Feb2014:$460millionstolen(transactionmalleability)

NoversioncontrolsoftwareinMt.Gox—bugfixesoftendelayed,untestedcodepushedstraighttoproduction

Gatecoin hackedMay2016viaaserverdisruptionandreboot(bypassingmultisig coldwallets)—moremodest250BTCand185,000ETH.

#RSAC

Attacksagainstcode

14

DAOsmartcontractflawknownofsinceMay2016

June17,hackerusedrecursiveflawtomakesplitsinsidesplits,movingEtherrepeatedlywithoutchecking“balance”

Hardforkresulted

#RSAC

Attacksagainstblockchain sites

15

2013,paymentsprocessorInputs.iositecompromised—for$1million(socialengineering)

Steemit blockchain-basedbloggingplatformwebsiteauthenticationtargetedJuly(no2FA)—$85,000fundsstolenbytransactions(hardforkafter)

ReportsofCoinbase hackingincidentsappearonthenetregularly.Insuredagainstmassbreach,notindividualcredentialattacks

#RSAC

Attacksagainsthotwallets

16

Dec7,hackercompromisesVCBoShen’sphone,gainingaccessto$300,000inAugurandEtherfromwallet

Ransomwareobviousissue,butmalwarethatstealscredentialslikeMokes.A canleadtotransactions

Androidphonesmoresusceptiblethaneverduetopoorupdatinginallbutnewestdevices

#RSAC

Attacksagainstcoldwallets

17

Bitfinex triedtoremoveriskof“securityexposures”byaddinganextralayerviaBitGoBitGo aspartofmultisig itseemscoulddowhateveritwishedColdwalletsturnedhotAug2016Over$70millionswipedLossesof36%acrossallusersunlikeFDIC

#RSAC

Attacksagainstnodes

18

MajornodeattackthwartedAug2010—Bitcoinblock74638flawcouldgenerate184Billiontransactions!Sept18,Geth nodes(Ethereum)ranoutofmemoryandcrashedonblock2283416(Ethereum classicsabotage?)Aug,KryptonandShifthitbyproofofconcept51%attack—overpoweredbyrentedNiceHash hashpowerScanningfornodestotarget(e.g.TCPport8333)possible

#RSAC

Traditionalriskstonewapplications

19

DigitalassetsOwnership

IdentityBlackboxinteractionsatrisk

VerifiabledataMalicioustransactions

SmartcontractsCodeflaws,repudiation

#RSAC

Comingattacksagainstblockchain’s biggestflaw

#RSAC

RememberSatoshi’swords?

21

August2015:NSApubliclywarnedagainstusingECC,thetypeofencryptioninblockchain

#RSAC

Ellipticcurvecryptography

22

Publickeysystem,likeRSA,ElGamal,Rabin

Basedonalgebraicstructureofellipticcurvesoverfinitefields

Publickeyforencryptionorsigvalidation

Privatekeyfordecryptionorsiggeneration

#RSAC

ECCBitcoinexample

23

Bitcoinwalletaddressesmadeof:Publickey,privatekey,andaddress

Publickeyderivedfromprivatekeybyellipticcurvemultiplication

Addressderivedby:applyingSHA256hashfunctiontopublickeyapplyingRIPEMD-160hashfunctionaddingchecksumforerrorcorrection

“Used”bitcoinorotherentitieshavepublickeysexposedonblockchain

#RSAC

Quantumthreatlooming

24

QuantumcomputerscancrackECC

Machinesexploitquantum“weirdness”ofsuperpositiontoallowexistenceofqubits

Qubitscanbeapercentageofbothzeroandoneatthesametime

Qubitsandspecialalgorithmsallowquantumcomputerstodothingsclassicalcomputerscan’tdointhousandsofyears

#RSAC

World’seasiestexplanationofsuperposition

25

Expectedparticlebehavioror“pooling”

#RSAC


26

Wavepatternwithoutobservationofwhichslitaparticlegoesthrough

#RSAC


27

Evenoneparticlegoingthroughatatimecreateswavepattern

#RSAC


28

Useadetectoroneitherslit,andpoolingappears:particle-waveduality

#RSAC

Maintainingsuperposition

29

Observingeitherslitdestroyedthesuperposition

Quantumcomputersneedtomaintainsuperpositionamongmanyqubitstoperformcalculations

UniversityofMarylandandothershavefoundnewwaystochaintogetherqubits

#RSAC

Withenoughstablequbits…

30

AquantumcomputercanrunShor’salgorithm(1994)andquicklycrackanypublickeyencryptionbyfindingfactorsoflargenumbers

Likelyanswersinterfereconstructively,unlikelyonesdestructively

Simplequantumcomputersrunitwithtwophotonicqubits,showing21=3*7

Within3yearsQCsmayhavehundredsofqubits

#RSAC

Bitcoinexamplewithin3years

31

Bitcointransactionincludesasignatureandapublickeytoverifyowner

Thatpubliclyavailableinformationisallaquantumcomputerneedstogetprivatekeyand“become”anotheruser

Thistypeofattackcanbedonepassively(offline)bydownloadinganytypeofblockchain

Noreuse?

#RSAC

Lamport signatures—astopgap?

32

Publickeyconsistsof320hashesratherthananellipticcurvepoint

AddressisSHA256+RIPEMD-160hashofpublickey

Transactionincludespublickeyandsignature—verifierscheckif:publickeymatchesaddresssignaturematchesmessageandpublickey

EvenwithGrover’salgorithm,ittakes2^80stepstoconstructafraudulenttransactionor2^80*80stepstocrackallhashes(trillionsoftrillions)

#RSAC

Post-quantumcrypto

33

Codebased

Hashbased

Latticebased

Multivariatequadraticequations

Onetimepad

liboqs,opensourceClibrary(https://openquantumsafe.org/haveforkforSSLaswell)

#RSAC

Applythesewarnings!

34

Assoonaspossible,takeanewlookatanyblockchain applicationsyou’redevelopingorusinginyourcompany

Besureanyoftheseapplicationsactuallyneedtobeblockchainbased,considering:securitypermanenceofdata(beingabletomakechangescanbeagoodthing)whethercurrenttechnologymaybesuperior(noteverythingshouldbebc)

Isyourblockchain appanoverlaytoaprovenblockchain andprotocol,orisitpotentiallytoountestedforcriticalapplications?

#RSAC

Applythesewarnings!

35

Withinthenextthreemonthsprioritizetestingthesecurityofblockchain applicationsbytheircriticalitytoyourbusiness

Performethicalhackingengagementsagainsttheimplementation ofyourplatform—rememberallthebasicflawsthatundoevensoundcrypto

Makesureyourethicalhackershaveactuallyworkedwithblockchainprotocolsbefore—thisisn’tthetimeforavendortolearnonyourdime

#RSAC

Applythesewarnings!

36

Lookingahead,sixmonthsandon,whatcanyoudotoensurethefutureofblockchain security

It’stoolatetodevelopapplicationsthatarenotpost-quantumsafe

Considerinvestingyourdevresourcestogivesomethingbacktoblockchain

NISThasmadecalltoarmstodeveloppostquantumcryptosolutionsforPK—workingonthiscouldimprovebc goingforward (http://www.nist.gov/pqcrypto)

#RSAC

Questions?Pleasejoinmefora“focuson”session(FON4-T11)todayinMoscone West2024from3:45to4:15

@konstanthacker