hacking blockchain - rsa conference · session id: #rsac konstantinos karagiannis hacking...
TRANSCRIPT
SESSIONID:SESSIONID:
#RSAC
KonstantinosKaragiannis
HackingBlockchain
PDAC-T10F
ChiefTechnologyOfficer,SecurityConsultingBTAmericas@konstanthacker
#RSAC
Bitcoin
4
Satoshi’saltruisticgoalsmet
Stronginvestment—5milliondollarpizza
Widespread“positioning”ofcryptocurrency
Literallyandfigurativelycreatedtheblockchainmovement
#RSAC
Blockchain structureandvalidation
6
Eachblockidentifiedbyhash
Blocksmustbevalidatedtobeaddedtochain
#RSAC
Blockchain mining andchain
7
Miners“solvepuzzle”(proofofwork)
Minersrewarded,blockaddedtomajoritychain
#RSAC
Blockchain defense
8
Tryingtosubmitanalteredblockwouldchangehashfunctionofthatblockandallfollowingblocks—nodeswoulddetectandrejectblock.
#RSAC
Someproposedblockchain applications
9
Digitalassets
Identity(blackbox)
Verifiabledata
Smartcontracts
#RSAC
Quickcaveat
11
NotallowedtodiscussvulnerabilitiesfoundduringethicalhacksofBT-clientfinancialapplications
Publicizedexamplesfollowtohighlighttypesofattackspossible
Mayuseoccasional“guesses”tofillinblanksbasedonexperience
IfI’mwrong,Iknowtheattacksstillwork!
#RSAC
1RETURN– responsibledisclosure
12
Firstsecurityvuln identifiedJuly,2010byArtForz
Allowsspendingofotheruser’sbitcoinsviaSig OP_1 OP_RETURN
Satoshikept1RETURNquietasherolledoutapatch
ArtForz provedSatoshi’sbeliefearlyuserswouldwanttomaintainvalueinBitcoin
#RSAC
Attacksagainstblockchain infrastructure
13
Mt.Gox firstmajorbitcoindisasterJune2011:$8millionstolen(adminpw)Feb2014:$460millionstolen(transactionmalleability)
NoversioncontrolsoftwareinMt.Gox—bugfixesoftendelayed,untestedcodepushedstraighttoproduction
Gatecoin hackedMay2016viaaserverdisruptionandreboot(bypassingmultisig coldwallets)—moremodest250BTCand185,000ETH.
#RSAC
Attacksagainstcode
14
DAOsmartcontractflawknownofsinceMay2016
June17,hackerusedrecursiveflawtomakesplitsinsidesplits,movingEtherrepeatedlywithoutchecking“balance”
Hardforkresulted
#RSAC
Attacksagainstblockchain sites
15
2013,paymentsprocessorInputs.iositecompromised—for$1million(socialengineering)
Steemit blockchain-basedbloggingplatformwebsiteauthenticationtargetedJuly(no2FA)—$85,000fundsstolenbytransactions(hardforkafter)
ReportsofCoinbase hackingincidentsappearonthenetregularly.Insuredagainstmassbreach,notindividualcredentialattacks
#RSAC
Attacksagainsthotwallets
16
Dec7,hackercompromisesVCBoShen’sphone,gainingaccessto$300,000inAugurandEtherfromwallet
Ransomwareobviousissue,butmalwarethatstealscredentialslikeMokes.A canleadtotransactions
Androidphonesmoresusceptiblethaneverduetopoorupdatinginallbutnewestdevices
#RSAC
Attacksagainstcoldwallets
17
Bitfinex triedtoremoveriskof“securityexposures”byaddinganextralayerviaBitGoBitGo aspartofmultisig itseemscoulddowhateveritwishedColdwalletsturnedhotAug2016Over$70millionswipedLossesof36%acrossallusersunlikeFDIC
#RSAC
Attacksagainstnodes
18
MajornodeattackthwartedAug2010—Bitcoinblock74638flawcouldgenerate184Billiontransactions!Sept18,Geth nodes(Ethereum)ranoutofmemoryandcrashedonblock2283416(Ethereum classicsabotage?)Aug,KryptonandShifthitbyproofofconcept51%attack—overpoweredbyrentedNiceHash hashpowerScanningfornodestotarget(e.g.TCPport8333)possible
#RSAC
Traditionalriskstonewapplications
19
DigitalassetsOwnership
IdentityBlackboxinteractionsatrisk
VerifiabledataMalicioustransactions
SmartcontractsCodeflaws,repudiation
#RSAC
RememberSatoshi’swords?
21
August2015:NSApubliclywarnedagainstusingECC,thetypeofencryptioninblockchain
#RSAC
Ellipticcurvecryptography
22
Publickeysystem,likeRSA,ElGamal,Rabin
Basedonalgebraicstructureofellipticcurvesoverfinitefields
Publickeyforencryptionorsigvalidation
Privatekeyfordecryptionorsiggeneration
#RSAC
ECCBitcoinexample
23
Bitcoinwalletaddressesmadeof:Publickey,privatekey,andaddress
Publickeyderivedfromprivatekeybyellipticcurvemultiplication
Addressderivedby:applyingSHA256hashfunctiontopublickeyapplyingRIPEMD-160hashfunctionaddingchecksumforerrorcorrection
“Used”bitcoinorotherentitieshavepublickeysexposedonblockchain
#RSAC
Quantumthreatlooming
24
QuantumcomputerscancrackECC
Machinesexploitquantum“weirdness”ofsuperpositiontoallowexistenceofqubits
Qubitscanbeapercentageofbothzeroandoneatthesametime
Qubitsandspecialalgorithmsallowquantumcomputerstodothingsclassicalcomputerscan’tdointhousandsofyears
#RSAC
World’seasiestexplanationofsuperposition
26
Wavepatternwithoutobservationofwhichslitaparticlegoesthrough
#RSAC
World’seasiestexplanationofsuperposition
27
Evenoneparticlegoingthroughatatimecreateswavepattern
#RSAC
World’seasiestexplanationofsuperposition
28
Useadetectoroneitherslit,andpoolingappears:particle-waveduality
#RSAC
Maintainingsuperposition
29
Observingeitherslitdestroyedthesuperposition
Quantumcomputersneedtomaintainsuperpositionamongmanyqubitstoperformcalculations
UniversityofMarylandandothershavefoundnewwaystochaintogetherqubits
#RSAC
Withenoughstablequbits…
30
AquantumcomputercanrunShor’salgorithm(1994)andquicklycrackanypublickeyencryptionbyfindingfactorsoflargenumbers
Likelyanswersinterfereconstructively,unlikelyonesdestructively
Simplequantumcomputersrunitwithtwophotonicqubits,showing21=3*7
Within3yearsQCsmayhavehundredsofqubits
#RSAC
Bitcoinexamplewithin3years
31
Bitcointransactionincludesasignatureandapublickeytoverifyowner
Thatpubliclyavailableinformationisallaquantumcomputerneedstogetprivatekeyand“become”anotheruser
Thistypeofattackcanbedonepassively(offline)bydownloadinganytypeofblockchain
Noreuse?
#RSAC
Lamport signatures—astopgap?
32
Publickeyconsistsof320hashesratherthananellipticcurvepoint
AddressisSHA256+RIPEMD-160hashofpublickey
Transactionincludespublickeyandsignature—verifierscheckif:publickeymatchesaddresssignaturematchesmessageandpublickey
EvenwithGrover’salgorithm,ittakes2^80stepstoconstructafraudulenttransactionor2^80*80stepstocrackallhashes(trillionsoftrillions)
#RSAC
Post-quantumcrypto
33
Codebased
Hashbased
Latticebased
Multivariatequadraticequations
Onetimepad
liboqs,opensourceClibrary(https://openquantumsafe.org/haveforkforSSLaswell)
#RSAC
Applythesewarnings!
34
Assoonaspossible,takeanewlookatanyblockchain applicationsyou’redevelopingorusinginyourcompany
Besureanyoftheseapplicationsactuallyneedtobeblockchainbased,considering:securitypermanenceofdata(beingabletomakechangescanbeagoodthing)whethercurrenttechnologymaybesuperior(noteverythingshouldbebc)
Isyourblockchain appanoverlaytoaprovenblockchain andprotocol,orisitpotentiallytoountestedforcriticalapplications?
#RSAC
Applythesewarnings!
35
Withinthenextthreemonthsprioritizetestingthesecurityofblockchain applicationsbytheircriticalitytoyourbusiness
Performethicalhackingengagementsagainsttheimplementation ofyourplatform—rememberallthebasicflawsthatundoevensoundcrypto
Makesureyourethicalhackershaveactuallyworkedwithblockchainprotocolsbefore—thisisn’tthetimeforavendortolearnonyourdime
#RSAC
Applythesewarnings!
36
Lookingahead,sixmonthsandon,whatcanyoudotoensurethefutureofblockchain security
It’stoolatetodevelopapplicationsthatarenotpost-quantumsafe
Considerinvestingyourdevresourcestogivesomethingbacktoblockchain
NISThasmadecalltoarmstodeveloppostquantumcryptosolutionsforPK—workingonthiscouldimprovebc goingforward (http://www.nist.gov/pqcrypto)