SlideShare a Scribd company logo

Blockchain Security Issues and Challenges

Merlec Mpyana
Merlec Mpyana

This presentation introduces about the Bitcoin private key management related security issues and challenges.

1 of 25
Download to read offline
1 MPYANA MWAMBA MERLEC Department of Computer and Engineering Korea University Dec. 12, 2017 Blockchain Security Issues and Challenges Bitcoin Key Management Security Issues and Challenges
Project Goal 2  We aim to figure out the following questions :  What are the BTC key management security threats ?  How these security risks/issues can be addressed ?  What are the existing approaches and their limitations ?  What are the related challenges ?  The main purpose of this study is to investigate on :  Private key management related security issues and challenges  Bitcoin (BTC) as a BlockChain (BC) application use case
Problem Statement 3  Private Key Security[6]  With BC, a private key is regarded as user identity and security credential  Generated and maintained by the user instead of 3rd party agencies  Hartwig et al.[1] discover a vulnerability in ECDSA* scheme  Side-channel attack and invalid-curve attack might be possible  Does not generate enough randomness during the signature process  Attacker can be able to recover the user’s private key * Elliptic Curve Digital Signature Algorithm
Problem Statement 4  Side-channel attacks  Aim to retrieve secret data from a cryptographic system By observing factors outside the normal computation  invalid-curve attack  Aim to retrieve secret data from a cryptographic system By observing factors outside the normal computation
Problem Statement 5  Private Key Security[6]  Once a user’s private key is lost, it will not be able to recovered  User’s BCT account will face the risks of being tampered by others  If a private key is stolen by criminals  BCT doesn’t dependent on any centralized 3rd party trusted infrastructure  Difficult to track the criminal’s behaviors and recover modified BC information  Decentralized aspect of BC makes the key management task very challenging
Bitcoin Keys and Addresses 6 With bitcoin, keys come in pairs:  Private (secret) key = secret PIN or signature on a check  Provides a control over the account and sign TXs  Public key = bank account number  Unique and derived from private key  Bitcoin address = K recipient, represented by its digital fingerprint  Similar to a beneficiary name on a check (i.e. “Pay to the order of”)  Bitcoin address is generated form and corresponds to a public key Conversion of a public key into a bitcoin address [2] A = RIPEMD160(SHA256(K ))K = k * G G : is the generator point
Bitcoin Wallet (BW) 7 Type-2 deterministic (seeded) wallet [2]: a tree of keys generated from a single seed Type-0 nondeterministic (random) wallet [2]: a collection of randomly generated keys  Contains and manages a collection of key pairs  Mostly, k and K are stored together as a Key pair for convenience Randomly generated number combined with other data (i.e. index or chain code)
Master Keys Creation & PK extension 8http://chimera.labs.oreilly.com/books/1234000001802/ch04.html#hd_wallets Creating master keys and chain code from a root seed [2] Extending a parent private key to create a child private key [2] HMAC : Hash Message Authentication Code Chain code is used to introduce entropy in the function that creates child keys from parent keys.
Bitcoin Wallets (BW) 9https://bitcoin.org/en/choose-your-wallet
Bitcoin Wallet Storage Approaches 10https://www.linkedin.com/pulse/part-2blockchain-technology-situation-malware-join-picco/
BTC Key Management Approaches 11  Works in [3-5] surveyed on the BTC Key management approaches  Found that BTC has several fundamental issues and challenges  It offers opportunities to rethink the key management for end users  First investigation [3] on the usability issues of BTC’s key management  Survey and categorize most known BTC key management proposals  Propose a set of evaluation criteria for BTC key management
1. Keys stored on local device 12  Bitcoin manages several private keys in a bitcoin wallet  Stored on users’ local storage device  Typically in a file or database in a pre-configured file system path.  Bitcoin client can read keys and immediately broadcast TXs over the network https://news.bitcoin.com/idiot-proof-vault-cold-storage-guide/ https://bitcoinnewsmagazine.com/what-is-the-best-bitcoin-wallet-for-2015/
1. Keys stored on local device 13  Several threats to store keys in local devices [3]:  Files storing private keys can be read by any app.  with access to the user’s application folder  Malware may exploit this key management approach  Access to local files results in the adversary gaining access to the victim’s funds  Users must be aware to not mistakenly share their app. folders  P2P file sharing networks, off-site backups or a shared network drive https://www.secureworks.com/research/cryptocurrency-stealing-malware-landscapehttps://www.secureworks.com/research/cryptocurrency-stealing-malware-landscape
1. Keys stored on local device 14  Several threats to store keys in a locally[3] :  Physical storage device theft  Especially in case of mobile devices (i.e. laptops or smart phones)  Equipment failure  Due to natural disasters and electrical failures  Undetected storage failure, etc.  Private key files format long-term readability  A trust fund/long-term saving requires PKs to be stored for a long period of time  Users must ensure that keys’ file format can continue to be read
2. Password-protected (encrypted) wallet 15  BCT clients allow a locally stored wallet file to be encrypted  With a key derived from a user-chosen pw or passphrase  This address only physical theft of underlying devices  Brute-force of the pw if the file containing private key is stolen  Share the pros and cons of non-encrypted wallets  If the pw is forgotten, users lose access to their pw-protected wallet
3. Offline keys Storage 16  To further protect private key form malware-based threats  Traditional physical security techniques  required to protect the wallet (e.g. store the drive in a fire-proof safe)  It makes the wallet inaccessible for immediate use by SW  Preventing users from spending funds (unless the offline storage media is nearby)  This approach can be used for backup.  Offline wallets take time to perform TXs  Need to download all blockchain (< 140GB) into the PC
3. Offline keys Storage 17 https://bitcoinpaperwallet.com/  Requires a QR code reader  to read the key back into a Bitcoin client  Securing this is similar to securing cash  Paper wallet doesn’t contain the funds itself  Enables signing authority over a set of Bitcoins  Funds can be stolen from the wallet  By simply observing the QR code  Not possible with physical money *** Requires printed contents remain unobservable during transportation***
4. Air-gapped & hardware Storage 18  Device holding keys can perform computations  e.g. signing for the keys it holds  Air-gapped device can prevent certain types of theft  By never exposing keys directly to an internet-connected devices  Hardware Security Modules (HSMs) can be used to :  To isolate key materials from host devices  by exposing only the ability to sign transactions https://trezor.io/ Ledger Wallet KeepKey Pi Wallet * Hardware Security Modules https://bitcoinarmory.com
5. Password-derived Keys 19  HD wallets [2] deterministically derive a set of private keys  form a master secret key (a user randomly chosen passphrase)  pw holder can view the balance and funds of any sub-account derived from the pw  If one sub-key k is compromised, only the funds of that sub-key (or sub-keys derived from it) may be stolen  Weak passwords can be found easily through brute-force search  Fingerprint of associated public keys will be in the public ledger  if the account holds any amount of bitcoin Hierarchical Deterministic (HD) wallet https://brainwallet.io/ https://brainwalletx.github.io/
6. Hosted Wallets 20  User wallet is hosted by a trusted third-party WSP*  Key management and storage services are offloaded  No need to perform resource intensive cryptographic operations on devices  WSPs maintain possession of the private keys  Enable user access via standard web authentication mechanisms  May also offer password recovery/reset mechanisms  Users should assume the loss risk  the service could be breached and funds lost *WSP – Web Service Provider https://blockchain.info/
Super-Wallet [9] : Multi Tiered Storage Scheme 21 https://bitcoinsecurityproject.org/SecureStorage/MultiTieredColdStorageScheme/ As a counter measure to theft, hosted wallet providers often keep :  Small float of holdings online in hot storage  Majority of holdings offline in cold storage  Causes delays in TXs for users if the hot storage amount is exhausted.  Implementation complexity
Comparison of Key Management Approaches for Bitcoin Vs Traditional Online Banking Service [3] 22 Client partially awards the benefit Client is awarded the benefit
WRAP UP 23  Most of recent practical security attacks on bitcoin  Leverage weaknesses in the network and consensus layers of BTC BC  to considerably increase the advantage of an adversary BTC shares many of the fundamental challenges of keys management known from other domains.  Bitcoin present opportunity to rethink key management for end users
[1] Mayer, Hartwig. "ECDSA Security in Bitcoin and Ethereum: a Research Survey." (2016). [2] Antonopoulos, Andreas M. "Mastering Bitcoin: unlocking digital cryptocurrencies. " O'Reilly Media, Inc., 2014. [3] Eskandari, Shayan, et al. "A first look at the usability of bitcoin key management." Workshop on Usable Security (USEC), 2015. [4] Goldfeder, Steven, et al. "Securing Bitcoin wallets via a new DSA/ECDSA threshold signature scheme." (2015). [5] Bonneau, Joseph, et al. "Sok: Research perspectives and challenges for bitcoin and cryptocurrencies." Security and Privacy (SP), 2015 IEEE Symposium on. IEEE, 2015 [6] Li, Xiaoqi, et al. "A survey on the security of blockchain systems." Future Generation Computer Systems (2017). [7] RSA Laboratories, “PBKDF2 (Password-Based Key Derivation Function 2),” http://tools.ietf.org/html/rfc2898. [9] Barber, Simon, et al. "Bitter to better—how to make bitcoin a better currency." International Conference on Financial Cryptography and Data Security. Springer, Berlin, Heidelberg, 2012. [10] Top 10 Security Concerns for Bitcoin Wallets and Exchanges - https://bitcoinsecurityproject.org/topten/ REFERENCES 24
25

Recommended

Blockchain Security and Privacy
Blockchain Security and PrivacyBlockchain Security and Privacy
Blockchain Security and Privacy
Anil John
 
Blockchain and Cryptocurrency for Dummies
Blockchain and Cryptocurrency for DummiesBlockchain and Cryptocurrency for Dummies
Blockchain and Cryptocurrency for Dummies
Narudom Roongsiriwong, CISSP
 
Blockchain concepts
Blockchain conceptsBlockchain concepts
Blockchain concepts
Murughan Palaniachari
 
Understanding Blockchain Security
Understanding Blockchain SecurityUnderstanding Blockchain Security
Understanding Blockchain Security
ITU
 
Blockchain Presentation
Blockchain PresentationBlockchain Presentation
Blockchain Presentation
Zied GUESMI
 
Blockchain Study(1) - What is Blockchain?
Blockchain Study(1) - What is Blockchain?Blockchain Study(1) - What is Blockchain?
Blockchain Study(1) - What is Blockchain?
Fermat Jade
 
An Introduction to Blockchain Technology
An Introduction to Blockchain Technology An Introduction to Blockchain Technology
An Introduction to Blockchain Technology
Niuversity
 
Blockchain technology
Blockchain technologyBlockchain technology
Blockchain technology
hellygeorge
 

Recommended

Blockchain Security and Privacy
Blockchain Security and PrivacyBlockchain Security and Privacy
Blockchain Security and Privacy
Anil John
 
Blockchain and Cryptocurrency for Dummies
Blockchain and Cryptocurrency for DummiesBlockchain and Cryptocurrency for Dummies
Blockchain and Cryptocurrency for Dummies
Narudom Roongsiriwong, CISSP
 
Blockchain concepts
Blockchain conceptsBlockchain concepts
Blockchain concepts
Murughan Palaniachari
 
Understanding Blockchain Security
Understanding Blockchain SecurityUnderstanding Blockchain Security
Understanding Blockchain Security
ITU
 
Blockchain Presentation
Blockchain PresentationBlockchain Presentation
Blockchain Presentation
Zied GUESMI
 
Blockchain Study(1) - What is Blockchain?
Blockchain Study(1) - What is Blockchain?Blockchain Study(1) - What is Blockchain?
Blockchain Study(1) - What is Blockchain?
Fermat Jade
 
An Introduction to Blockchain Technology
An Introduction to Blockchain Technology An Introduction to Blockchain Technology
An Introduction to Blockchain Technology
Niuversity
 
Blockchain technology
Blockchain technologyBlockchain technology
Blockchain technology
hellygeorge
 
Introduction to Blockchain
Introduction to BlockchainIntroduction to Blockchain
Introduction to Blockchain
Malak Abu Hammad
 
Blockchain in cyber security
Blockchain in cyber securityBlockchain in cyber security
Blockchain in cyber security
Prateek Panda
 
Ppt on blockchain technology
Ppt on blockchain technologyPpt on blockchain technology
Ppt on blockchain technology
RATAN AGARWALA
 
Blockchain
BlockchainBlockchain
Blockchain
Sai Nath
 
An Introduction to Blockchain
An Introduction to BlockchainAn Introduction to Blockchain
An Introduction to Blockchain
NexThoughts Technologies
 
Blockchain
BlockchainBlockchain
Blockchain
Mohit Singh
 
How does blockchain work
How does blockchain workHow does blockchain work
How does blockchain work
Shishir Aryal
 
Blockchain: The New Technology and Its Applications for Libraries
Blockchain: The New Technology and Its Applications for LibrariesBlockchain: The New Technology and Its Applications for Libraries
Blockchain: The New Technology and Its Applications for Libraries
Bohyun Kim
 
Overview of blockchain technology and architecture
Overview of blockchain technology and architectureOverview of blockchain technology and architecture
Overview of blockchain technology and architecture
EY
 
The Blockchain - The Technology behind Bitcoin
The Blockchain - The Technology behind Bitcoin The Blockchain - The Technology behind Bitcoin
The Blockchain - The Technology behind Bitcoin
Jérôme Kehrli
 
Cybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrencyCybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrency
Tony Martin-Vegue
 
Block chain technology
Block chain technologyBlock chain technology
Block chain technology
Md. Syful Azam
 
Blockchain, cryptography, and consensus
Blockchain, cryptography, and consensusBlockchain, cryptography, and consensus
Blockchain, cryptography, and consensus
ITU
 
Blockchain use cases
Blockchain use casesBlockchain use cases
Blockchain use cases
Software Infrastructure
 
Blockchain consensus algorithms
Blockchain consensus algorithmsBlockchain consensus algorithms
Blockchain consensus algorithms
Anurag Dashputre
 
Blockchain
BlockchainBlockchain
Blockchain
PedramDehghanpour
 
Ethereum-Cryptocurrency (All about Ethereum)
Ethereum-Cryptocurrency (All about Ethereum) Ethereum-Cryptocurrency (All about Ethereum)
Ethereum-Cryptocurrency (All about Ethereum)
عطاءالمنعم اثیل شیخ
 
Blockchain Consensus Protocols
Blockchain Consensus ProtocolsBlockchain Consensus Protocols
Blockchain Consensus Protocols
Melanie Swan
 
Consensus Algorithms.pptx
Consensus Algorithms.pptxConsensus Algorithms.pptx
Consensus Algorithms.pptx
Rajapriya82
 
Introduction to Blockchain
Introduction to BlockchainIntroduction to Blockchain
Introduction to Blockchain
Jordan Harris
 
Biometric electronic wallet for digital currency
Biometric electronic wallet for digital currencyBiometric electronic wallet for digital currency
Biometric electronic wallet for digital currency
eSAT Publishing House
 
Blockchains and Adult Education
Blockchains and Adult EducationBlockchains and Adult Education
Blockchains and Adult Education
John Domingue
 

More Related Content

What's hot

Introduction to Blockchain
Introduction to BlockchainIntroduction to Blockchain
Introduction to Blockchain
Malak Abu Hammad
 
Blockchain in cyber security
Blockchain in cyber securityBlockchain in cyber security
Blockchain in cyber security
Prateek Panda
 
Ppt on blockchain technology
Ppt on blockchain technologyPpt on blockchain technology
Ppt on blockchain technology
RATAN AGARWALA
 
Blockchain
BlockchainBlockchain
Blockchain
Sai Nath
 
An Introduction to Blockchain
An Introduction to BlockchainAn Introduction to Blockchain
An Introduction to Blockchain
NexThoughts Technologies
 
Blockchain
BlockchainBlockchain
Blockchain
Mohit Singh
 
How does blockchain work
How does blockchain workHow does blockchain work
How does blockchain work
Shishir Aryal
 
Blockchain: The New Technology and Its Applications for Libraries
Blockchain: The New Technology and Its Applications for LibrariesBlockchain: The New Technology and Its Applications for Libraries
Blockchain: The New Technology and Its Applications for Libraries
Bohyun Kim
 
Overview of blockchain technology and architecture
Overview of blockchain technology and architectureOverview of blockchain technology and architecture
Overview of blockchain technology and architecture
EY
 
The Blockchain - The Technology behind Bitcoin
The Blockchain - The Technology behind Bitcoin The Blockchain - The Technology behind Bitcoin
The Blockchain - The Technology behind Bitcoin
Jérôme Kehrli
 
Cybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrencyCybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrency
Tony Martin-Vegue
 
Block chain technology
Block chain technologyBlock chain technology
Block chain technology
Md. Syful Azam
 
Blockchain, cryptography, and consensus
Blockchain, cryptography, and consensusBlockchain, cryptography, and consensus
Blockchain, cryptography, and consensus
ITU
 
Blockchain use cases
Blockchain use casesBlockchain use cases
Blockchain use cases
Software Infrastructure
 
Blockchain consensus algorithms
Blockchain consensus algorithmsBlockchain consensus algorithms
Blockchain consensus algorithms
Anurag Dashputre
 
Blockchain
BlockchainBlockchain
Blockchain
PedramDehghanpour
 
Ethereum-Cryptocurrency (All about Ethereum)
Ethereum-Cryptocurrency (All about Ethereum) Ethereum-Cryptocurrency (All about Ethereum)
Ethereum-Cryptocurrency (All about Ethereum)
عطاءالمنعم اثیل شیخ
 
Blockchain Consensus Protocols
Blockchain Consensus ProtocolsBlockchain Consensus Protocols
Blockchain Consensus Protocols
Melanie Swan
 
Consensus Algorithms.pptx
Consensus Algorithms.pptxConsensus Algorithms.pptx
Consensus Algorithms.pptx
Rajapriya82
 
Introduction to Blockchain
Introduction to BlockchainIntroduction to Blockchain
Introduction to Blockchain
Jordan Harris
 

What's hot (20)

Introduction to Blockchain
Introduction to BlockchainIntroduction to Blockchain
Introduction to Blockchain
 
Blockchain in cyber security
Blockchain in cyber securityBlockchain in cyber security
Blockchain in cyber security
 
Ppt on blockchain technology
Ppt on blockchain technologyPpt on blockchain technology
Ppt on blockchain technology
 
Blockchain
BlockchainBlockchain
Blockchain
 
An Introduction to Blockchain
An Introduction to BlockchainAn Introduction to Blockchain
An Introduction to Blockchain
 
Blockchain
BlockchainBlockchain
Blockchain
 
How does blockchain work
How does blockchain workHow does blockchain work
How does blockchain work
 
Blockchain: The New Technology and Its Applications for Libraries
Blockchain: The New Technology and Its Applications for LibrariesBlockchain: The New Technology and Its Applications for Libraries
Blockchain: The New Technology and Its Applications for Libraries
 
Overview of blockchain technology and architecture
Overview of blockchain technology and architectureOverview of blockchain technology and architecture
Overview of blockchain technology and architecture
 
The Blockchain - The Technology behind Bitcoin
The Blockchain - The Technology behind Bitcoin The Blockchain - The Technology behind Bitcoin
The Blockchain - The Technology behind Bitcoin
 
Cybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrencyCybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrency
 
Block chain technology
Block chain technologyBlock chain technology
Block chain technology
 
Blockchain, cryptography, and consensus
Blockchain, cryptography, and consensusBlockchain, cryptography, and consensus
Blockchain, cryptography, and consensus
 
Blockchain use cases
Blockchain use casesBlockchain use cases
Blockchain use cases
 
Blockchain consensus algorithms
Blockchain consensus algorithmsBlockchain consensus algorithms
Blockchain consensus algorithms
 
Blockchain
BlockchainBlockchain
Blockchain
 
Ethereum-Cryptocurrency (All about Ethereum)
Ethereum-Cryptocurrency (All about Ethereum) Ethereum-Cryptocurrency (All about Ethereum)
Ethereum-Cryptocurrency (All about Ethereum)
 
Blockchain Consensus Protocols
Blockchain Consensus ProtocolsBlockchain Consensus Protocols
Blockchain Consensus Protocols
 
Consensus Algorithms.pptx
Consensus Algorithms.pptxConsensus Algorithms.pptx
Consensus Algorithms.pptx
 
Introduction to Blockchain
Introduction to BlockchainIntroduction to Blockchain
Introduction to Blockchain
 

Similar to Blockchain Security Issues and Challenges

Biometric electronic wallet for digital currency
Biometric electronic wallet for digital currencyBiometric electronic wallet for digital currency
Biometric electronic wallet for digital currency
eSAT Publishing House
 
Blockchains and Adult Education
Blockchains and Adult EducationBlockchains and Adult Education
Blockchains and Adult Education
John Domingue
 
Bitcoin practical and useful
Bitcoin practical and usefulBitcoin practical and useful
Bitcoin practical and useful
PrivKey, LLC
 
Blockchain an introduction_n_li
Blockchain an introduction_n_liBlockchain an introduction_n_li
Blockchain an introduction_n_li
nikinew1
 
An Introduction to Blockchains
An Introduction to BlockchainsAn Introduction to Blockchains
An Introduction to Blockchains
Dr. Nikolaus Lipusch
 
IRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET- Blockchain Technology in Cloud Computing : A Systematic ReviewIRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET Journal
 
Bitcoin
BitcoinBitcoin
Bitcoin
Lakshya Sharma
 
BLOCKSAFE WHITEPAPER
BLOCKSAFE WHITEPAPERBLOCKSAFE WHITEPAPER
BLOCKSAFE WHITEPAPER
LandmarkClub
 
Bitcoin
BitcoinBitcoin
Bitcoin
Yonas Habetamu
 
BLOCKCHAIN, DIGITAL WALLET And CRYPTOCURRENCY
BLOCKCHAIN, DIGITAL WALLET And CRYPTOCURRENCYBLOCKCHAIN, DIGITAL WALLET And CRYPTOCURRENCY
BLOCKCHAIN, DIGITAL WALLET And CRYPTOCURRENCY
sanidulsattar
 
IRJET- An Overview of the Security of Blockchain
IRJET- An Overview of the Security of BlockchainIRJET- An Overview of the Security of Blockchain
IRJET- An Overview of the Security of Blockchain
IRJET Journal
 
Security_evaluation_of_smart_contract_based_Ethereum_wallets___NSS__Camera_re...
Security_evaluation_of_smart_contract_based_Ethereum_wallets___NSS__Camera_re...Security_evaluation_of_smart_contract_based_Ethereum_wallets___NSS__Camera_re...
Security_evaluation_of_smart_contract_based_Ethereum_wallets___NSS__Camera_re...
Muthusankaranarayana1
 
chapter 4 Selected Topics in computer.pptx
chapter 4 Selected Topics in computer.pptxchapter 4 Selected Topics in computer.pptx
chapter 4 Selected Topics in computer.pptx
AschalewAyele2
 
chapter 4 Selected Topics in computer.pptx
chapter 4 Selected Topics in computer.pptxchapter 4 Selected Topics in computer.pptx
chapter 4 Selected Topics in computer.pptx
AschalewAyele2
 
blockchain
blockchainblockchain
blockchain
MdMahfuzurRahman83
 
Blockchain by Aman Thakur.pptx
Blockchain by Aman Thakur.pptxBlockchain by Aman Thakur.pptx
Blockchain by Aman Thakur.pptx
The NorthCap University
 
Bitcoin technology
Bitcoin technologyBitcoin technology
Bitcoin technology
PatrickLanceDeVera
 
Bitcoin 2.0
Bitcoin 2.0 Bitcoin 2.0
Bitcoin 2.0
Singapore Management University
 
A blockchain-based Aadhar system: distributed authentication system
A blockchain-based Aadhar system: distributed authentication systemA blockchain-based Aadhar system: distributed authentication system
A blockchain-based Aadhar system: distributed authentication system
TELKOMNIKA JOURNAL
 
WHAT IS CRYPTOCURRENCY EXPECTED APPLICATIONS.
WHAT IS CRYPTOCURRENCY EXPECTED APPLICATIONS.WHAT IS CRYPTOCURRENCY EXPECTED APPLICATIONS.
WHAT IS CRYPTOCURRENCY EXPECTED APPLICATIONS.
Qutomatic
 

Similar to Blockchain Security Issues and Challenges (20)

Biometric electronic wallet for digital currency
Biometric electronic wallet for digital currencyBiometric electronic wallet for digital currency
Biometric electronic wallet for digital currency
 
Blockchains and Adult Education
Blockchains and Adult EducationBlockchains and Adult Education
Blockchains and Adult Education
 
Bitcoin practical and useful
Bitcoin practical and usefulBitcoin practical and useful
Bitcoin practical and useful
 
Blockchain an introduction_n_li
Blockchain an introduction_n_liBlockchain an introduction_n_li
Blockchain an introduction_n_li
 
An Introduction to Blockchains
An Introduction to BlockchainsAn Introduction to Blockchains
An Introduction to Blockchains
 
IRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET- Blockchain Technology in Cloud Computing : A Systematic ReviewIRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET- Blockchain Technology in Cloud Computing : A Systematic Review
 
Bitcoin
BitcoinBitcoin
Bitcoin
 
BLOCKSAFE WHITEPAPER
BLOCKSAFE WHITEPAPERBLOCKSAFE WHITEPAPER
BLOCKSAFE WHITEPAPER
 
Bitcoin
BitcoinBitcoin
Bitcoin
 
BLOCKCHAIN, DIGITAL WALLET And CRYPTOCURRENCY
BLOCKCHAIN, DIGITAL WALLET And CRYPTOCURRENCYBLOCKCHAIN, DIGITAL WALLET And CRYPTOCURRENCY
BLOCKCHAIN, DIGITAL WALLET And CRYPTOCURRENCY
 
IRJET- An Overview of the Security of Blockchain
IRJET- An Overview of the Security of BlockchainIRJET- An Overview of the Security of Blockchain
IRJET- An Overview of the Security of Blockchain
 
Security_evaluation_of_smart_contract_based_Ethereum_wallets___NSS__Camera_re...
Security_evaluation_of_smart_contract_based_Ethereum_wallets___NSS__Camera_re...Security_evaluation_of_smart_contract_based_Ethereum_wallets___NSS__Camera_re...
Security_evaluation_of_smart_contract_based_Ethereum_wallets___NSS__Camera_re...
 
chapter 4 Selected Topics in computer.pptx
chapter 4 Selected Topics in computer.pptxchapter 4 Selected Topics in computer.pptx
chapter 4 Selected Topics in computer.pptx
 
chapter 4 Selected Topics in computer.pptx
chapter 4 Selected Topics in computer.pptxchapter 4 Selected Topics in computer.pptx
chapter 4 Selected Topics in computer.pptx
 
blockchain
blockchainblockchain
blockchain
 
Blockchain by Aman Thakur.pptx
Blockchain by Aman Thakur.pptxBlockchain by Aman Thakur.pptx
Blockchain by Aman Thakur.pptx
 
Bitcoin technology
Bitcoin technologyBitcoin technology
Bitcoin technology
 
Bitcoin 2.0
Bitcoin 2.0 Bitcoin 2.0
Bitcoin 2.0
 
A blockchain-based Aadhar system: distributed authentication system
A blockchain-based Aadhar system: distributed authentication systemA blockchain-based Aadhar system: distributed authentication system
A blockchain-based Aadhar system: distributed authentication system
 
WHAT IS CRYPTOCURRENCY EXPECTED APPLICATIONS.
WHAT IS CRYPTOCURRENCY EXPECTED APPLICATIONS.WHAT IS CRYPTOCURRENCY EXPECTED APPLICATIONS.
WHAT IS CRYPTOCURRENCY EXPECTED APPLICATIONS.
 

Recently uploaded

一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
ydteq
 
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdfGoverning Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
WENKENLI1
 
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
thanhdowork
 
CME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional ElectiveCME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional Elective
karthi keyan
 
Railway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdfRailway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdf
TeeVichai
 
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Teleport Manpower Consultant
 
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxCFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
R&R Consult
 
ethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.pptethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.ppt
Jayaprasanna4
 
ethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.pptethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.ppt
Jayaprasanna4
 
Standard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - NeometrixStandard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - Neometrix
Neometrix_Engineering_Pvt_Ltd
 
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
Amil Baba Dawood bangali
 
Runway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptxRunway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptx
SupreethSP4
 
Final project report on grocery store management system..pdf
Final project report on grocery store management system..pdfFinal project report on grocery store management system..pdf
Final project report on grocery store management system..pdf
Kamal Acharya
 
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdfJ.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
MLILAB
 
weather web application report.pdf
weather web application report.pdfweather web application report.pdf
weather web application report.pdf
Pratik Pawar
 
Investor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptxInvestor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptx
AmarGB2
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
MdTanvirMahtab2
 
block diagram and signal flow graph representation
block diagram and signal flow graph representationblock diagram and signal flow graph representation
block diagram and signal flow graph representation
Divya Somashekar
 
ASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdfASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdf
AhmedHussein950959
 
space technology lecture notes on satellite
space technology lecture notes on satellitespace technology lecture notes on satellite
space technology lecture notes on satellite
ongomchris
 

Recently uploaded (20)

一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
 
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdfGoverning Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
 
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
 
CME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional ElectiveCME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional Elective
 
Railway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdfRailway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdf
 
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
 
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxCFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
 
ethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.pptethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.ppt
 
ethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.pptethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.ppt
 
Standard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - NeometrixStandard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - Neometrix
 
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
 
Runway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptxRunway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptx
 
Final project report on grocery store management system..pdf
Final project report on grocery store management system..pdfFinal project report on grocery store management system..pdf
Final project report on grocery store management system..pdf
 
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdfJ.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
 
weather web application report.pdf
weather web application report.pdfweather web application report.pdf
weather web application report.pdf
 
Investor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptxInvestor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptx
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
 
block diagram and signal flow graph representation
block diagram and signal flow graph representationblock diagram and signal flow graph representation
block diagram and signal flow graph representation
 
ASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdfASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdf
 
space technology lecture notes on satellite
space technology lecture notes on satellitespace technology lecture notes on satellite
space technology lecture notes on satellite
 

Blockchain Security Issues and Challenges

  • 1. 1 MPYANA MWAMBA MERLEC Department of Computer and Engineering Korea University Dec. 12, 2017 Blockchain Security Issues and Challenges Bitcoin Key Management Security Issues and Challenges
  • 2. Project Goal 2  We aim to figure out the following questions :  What are the BTC key management security threats ?  How these security risks/issues can be addressed ?  What are the existing approaches and their limitations ?  What are the related challenges ?  The main purpose of this study is to investigate on :  Private key management related security issues and challenges  Bitcoin (BTC) as a BlockChain (BC) application use case
  • 3. Problem Statement 3  Private Key Security[6]  With BC, a private key is regarded as user identity and security credential  Generated and maintained by the user instead of 3rd party agencies  Hartwig et al.[1] discover a vulnerability in ECDSA* scheme  Side-channel attack and invalid-curve attack might be possible  Does not generate enough randomness during the signature process  Attacker can be able to recover the user’s private key * Elliptic Curve Digital Signature Algorithm
  • 4. Problem Statement 4  Side-channel attacks  Aim to retrieve secret data from a cryptographic system By observing factors outside the normal computation  invalid-curve attack  Aim to retrieve secret data from a cryptographic system By observing factors outside the normal computation
  • 5. Problem Statement 5  Private Key Security[6]  Once a user’s private key is lost, it will not be able to recovered  User’s BCT account will face the risks of being tampered by others  If a private key is stolen by criminals  BCT doesn’t dependent on any centralized 3rd party trusted infrastructure  Difficult to track the criminal’s behaviors and recover modified BC information  Decentralized aspect of BC makes the key management task very challenging
  • 6. Bitcoin Keys and Addresses 6 With bitcoin, keys come in pairs:  Private (secret) key = secret PIN or signature on a check  Provides a control over the account and sign TXs  Public key = bank account number  Unique and derived from private key  Bitcoin address = K recipient, represented by its digital fingerprint  Similar to a beneficiary name on a check (i.e. “Pay to the order of”)  Bitcoin address is generated form and corresponds to a public key Conversion of a public key into a bitcoin address [2] A = RIPEMD160(SHA256(K ))K = k * G G : is the generator point
  • 7. Bitcoin Wallet (BW) 7 Type-2 deterministic (seeded) wallet [2]: a tree of keys generated from a single seed Type-0 nondeterministic (random) wallet [2]: a collection of randomly generated keys  Contains and manages a collection of key pairs  Mostly, k and K are stored together as a Key pair for convenience Randomly generated number combined with other data (i.e. index or chain code)
  • 8. Master Keys Creation & PK extension 8http://chimera.labs.oreilly.com/books/1234000001802/ch04.html#hd_wallets Creating master keys and chain code from a root seed [2] Extending a parent private key to create a child private key [2] HMAC : Hash Message Authentication Code Chain code is used to introduce entropy in the function that creates child keys from parent keys.
  • 10. Bitcoin Wallet Storage Approaches 10https://www.linkedin.com/pulse/part-2blockchain-technology-situation-malware-join-picco/
  • 11. BTC Key Management Approaches 11  Works in [3-5] surveyed on the BTC Key management approaches  Found that BTC has several fundamental issues and challenges  It offers opportunities to rethink the key management for end users  First investigation [3] on the usability issues of BTC’s key management  Survey and categorize most known BTC key management proposals  Propose a set of evaluation criteria for BTC key management
  • 12. 1. Keys stored on local device 12  Bitcoin manages several private keys in a bitcoin wallet  Stored on users’ local storage device  Typically in a file or database in a pre-configured file system path.  Bitcoin client can read keys and immediately broadcast TXs over the network https://news.bitcoin.com/idiot-proof-vault-cold-storage-guide/ https://bitcoinnewsmagazine.com/what-is-the-best-bitcoin-wallet-for-2015/
  • 13. 1. Keys stored on local device 13  Several threats to store keys in local devices [3]:  Files storing private keys can be read by any app.  with access to the user’s application folder  Malware may exploit this key management approach  Access to local files results in the adversary gaining access to the victim’s funds  Users must be aware to not mistakenly share their app. folders  P2P file sharing networks, off-site backups or a shared network drive https://www.secureworks.com/research/cryptocurrency-stealing-malware-landscapehttps://www.secureworks.com/research/cryptocurrency-stealing-malware-landscape
  • 14. 1. Keys stored on local device 14  Several threats to store keys in a locally[3] :  Physical storage device theft  Especially in case of mobile devices (i.e. laptops or smart phones)  Equipment failure  Due to natural disasters and electrical failures  Undetected storage failure, etc.  Private key files format long-term readability  A trust fund/long-term saving requires PKs to be stored for a long period of time  Users must ensure that keys’ file format can continue to be read
  • 15. 2. Password-protected (encrypted) wallet 15  BCT clients allow a locally stored wallet file to be encrypted  With a key derived from a user-chosen pw or passphrase  This address only physical theft of underlying devices  Brute-force of the pw if the file containing private key is stolen  Share the pros and cons of non-encrypted wallets  If the pw is forgotten, users lose access to their pw-protected wallet
  • 16. 3. Offline keys Storage 16  To further protect private key form malware-based threats  Traditional physical security techniques  required to protect the wallet (e.g. store the drive in a fire-proof safe)  It makes the wallet inaccessible for immediate use by SW  Preventing users from spending funds (unless the offline storage media is nearby)  This approach can be used for backup.  Offline wallets take time to perform TXs  Need to download all blockchain (< 140GB) into the PC
  • 17. 3. Offline keys Storage 17 https://bitcoinpaperwallet.com/  Requires a QR code reader  to read the key back into a Bitcoin client  Securing this is similar to securing cash  Paper wallet doesn’t contain the funds itself  Enables signing authority over a set of Bitcoins  Funds can be stolen from the wallet  By simply observing the QR code  Not possible with physical money *** Requires printed contents remain unobservable during transportation***
  • 18. 4. Air-gapped & hardware Storage 18  Device holding keys can perform computations  e.g. signing for the keys it holds  Air-gapped device can prevent certain types of theft  By never exposing keys directly to an internet-connected devices  Hardware Security Modules (HSMs) can be used to :  To isolate key materials from host devices  by exposing only the ability to sign transactions https://trezor.io/ Ledger Wallet KeepKey Pi Wallet * Hardware Security Modules https://bitcoinarmory.com
  • 19. 5. Password-derived Keys 19  HD wallets [2] deterministically derive a set of private keys  form a master secret key (a user randomly chosen passphrase)  pw holder can view the balance and funds of any sub-account derived from the pw  If one sub-key k is compromised, only the funds of that sub-key (or sub-keys derived from it) may be stolen  Weak passwords can be found easily through brute-force search  Fingerprint of associated public keys will be in the public ledger  if the account holds any amount of bitcoin Hierarchical Deterministic (HD) wallet https://brainwallet.io/ https://brainwalletx.github.io/
  • 20. 6. Hosted Wallets 20  User wallet is hosted by a trusted third-party WSP*  Key management and storage services are offloaded  No need to perform resource intensive cryptographic operations on devices  WSPs maintain possession of the private keys  Enable user access via standard web authentication mechanisms  May also offer password recovery/reset mechanisms  Users should assume the loss risk  the service could be breached and funds lost *WSP – Web Service Provider https://blockchain.info/
  • 21. Super-Wallet [9] : Multi Tiered Storage Scheme 21 https://bitcoinsecurityproject.org/SecureStorage/MultiTieredColdStorageScheme/ As a counter measure to theft, hosted wallet providers often keep :  Small float of holdings online in hot storage  Majority of holdings offline in cold storage  Causes delays in TXs for users if the hot storage amount is exhausted.  Implementation complexity
  • 22. Comparison of Key Management Approaches for Bitcoin Vs Traditional Online Banking Service [3] 22 Client partially awards the benefit Client is awarded the benefit
  • 23. WRAP UP 23  Most of recent practical security attacks on bitcoin  Leverage weaknesses in the network and consensus layers of BTC BC  to considerably increase the advantage of an adversary BTC shares many of the fundamental challenges of keys management known from other domains.  Bitcoin present opportunity to rethink key management for end users
  • 24. [1] Mayer, Hartwig. "ECDSA Security in Bitcoin and Ethereum: a Research Survey." (2016). [2] Antonopoulos, Andreas M. "Mastering Bitcoin: unlocking digital cryptocurrencies. " O'Reilly Media, Inc., 2014. [3] Eskandari, Shayan, et al. "A first look at the usability of bitcoin key management." Workshop on Usable Security (USEC), 2015. [4] Goldfeder, Steven, et al. "Securing Bitcoin wallets via a new DSA/ECDSA threshold signature scheme." (2015). [5] Bonneau, Joseph, et al. "Sok: Research perspectives and challenges for bitcoin and cryptocurrencies." Security and Privacy (SP), 2015 IEEE Symposium on. IEEE, 2015 [6] Li, Xiaoqi, et al. "A survey on the security of blockchain systems." Future Generation Computer Systems (2017). [7] RSA Laboratories, “PBKDF2 (Password-Based Key Derivation Function 2),” http://tools.ietf.org/html/rfc2898. [9] Barber, Simon, et al. "Bitter to better—how to make bitcoin a better currency." International Conference on Financial Cryptography and Data Security. Springer, Berlin, Heidelberg, 2012. [10] Top 10 Security Concerns for Bitcoin Wallets and Exchanges - https://bitcoinsecurityproject.org/topten/ REFERENCES 24
  • 25. 25