#RSAC
SESSION ID: PDAC-T10F
Hacking Blockchain
Konstantinos Karagiannis Chief Technology Officer, Security Consulting BT Americas @konstanthacker #RSAC
Another sea change upon us #RSAC It all started Halloween 2008…
3 #RSAC Bitcoin
Satoshi’s altruistic goals met Strong investment—5 million dollar pizza Widespread “positioning” of cryptocurrency Literally and figuratively created the blockchain movement
4 #RSAC Blockchain transaction and verification
Parties exchange data
Transaction verified or queued
5 #RSAC Blockchain structure and validation
Each block identified by hash
Blocks must be validated to be added to chain
6 #RSAC Blockchain mining and chain
Miners “solve puzzle” (proof of work)
Miners rewarded, block added to majority chain
7 #RSAC Blockchain defense
Trying to submit an altered block would change hash function of that block and all following blocks—nodes would detect and reject block.
8 #RSAC Some proposed blockchain applications
Digital assets Identity (black box) Verifiable data Smart contracts
9 #RSAC
Attacks past and present #RSAC Quick caveat
Not allowed to discuss vulnerabilities found during ethical hacks of BT-client financial applications Publicized examples follow to highlight types of attacks possible May use occasional “guesses” to fill in blanks based on experience If I’m wrong, I know the attacks still work!
11 #RSAC 1 RETURN – responsible disclosure
First security vuln identified July, 2010 by ArtForz Allows spending of other user’s bitcoins via Sig OP_1 OP_RETURN Satoshi kept 1 RETURN quiet as he rolled out a patch ArtForz proved Satoshi’s belief early users would want to maintain value in Bitcoin
12 #RSAC Attacks against blockchain infrastructure
Mt. Gox first major bitcoin disaster June 2011: $8 million stolen (admin pw) Feb 2014: $460 million stolen (transaction malleability) No version control software in Mt. Gox—bug fixes often delayed, untested code pushed straight to production Gatecoin hacked May 2016 via a server disruption and reboot (bypassing multisig cold wallets)—more modest 250 BTC and 185,000 ETH.
13 #RSAC Attacks against code
DAO smart contract flaw known of since May 2016 June 17, hacker used recursive flaw to make splits inside splits, moving Ether repeatedly without checking “balance” Hard fork resulted
14 #RSAC Attacks against blockchain sites
2013, payments processor Inputs.io site compromised—for $1 million (social engineering) Steemit blockchain-based blogging platform web site authentication targeted July (no 2FA)—$85,000 funds stolen by transactions (hard fork after) Reports of Coinbase hacking incidents appear on the net regularly. Insured against mass breach, not individual credential attacks
15 #RSAC Attacks against hot wallets
Dec 7, hacker compromises VC Bo Shen’s phone, gaining access to $300,000 in Augur and Ether from wallet Ransomware obvious issue, but malware that steals credentials like Mokes.A can lead to transactions Android phones more susceptible than ever due to poor updating in all but newest devices
16 #RSAC Attacks against cold wallets
Bitfinex tried to remove risk of “security exposures” by adding an extra layer via BitGo BitGo as part of multisig it seems could do whatever it wished Cold wallets turned hot Aug 2016 Over $70 million swiped Losses of 36% across all users unlike FDIC
17 #RSAC Attacks against nodes
Major node attack thwarted Aug 2010—Bitcoin block 74638 flaw could generate 184 Billion transactions! Sept 18, Geth nodes (Ethereum) ran out of memory and crashed on block 2283416 (Ethereum classic sabotage?) Aug, Krypton and Shift hit by proof of concept 51% attack—overpowered by rented NiceHash hashpower Scanning for nodes to target (e.g. TCP port 8333) possible
18 #RSAC Traditional risks to new applications
Digital assets Ownership Identity Black box interactions at risk Verifiable data Malicious transactions Smart contracts Code flaws, repudiation
19 #RSAC
Coming attacks against blockchain’s biggest flaw #RSAC Remember Satoshi’s words?
August 2015: NSA publicly warned against using ECC, the type of encryption in blockchain
21 #RSAC Elliptic curve cryptography
Public key system, like RSA, El Gamal, Rabin Based on algebraic structure of elliptic curves over finite fields Public key for encryption or sig validation Private key for decryption or sig generation
22 #RSAC ECC Bitcoin example
Bitcoin wallet addresses made of: Public key, private key, and address Public key derived from private key by elliptic curve multiplication Address derived by: applying SHA256 hash function to public key applying RIPEMD-160 hash function adding checksum for error correction “Used” bitcoin or other entities have public keys exposed on blockchain
23 #RSAC Quantum threat looming
Quantum computers can crack ECC Machines exploit quantum “weirdness” of superposition to allow existence of qubits Qubits can be a percentage of both zero and one at the same time Qubits and special algorithms allow quantum computers to do things classical computers can’t do in thousands of years
24 #RSAC World’s easiest explanation of superposition
Expected particle behavior or “pooling”
25 #RSAC World’s easiest explanation of superposition
Wave pattern without observation of which slit a particle goes through
26 #RSAC World’s easiest explanation of superposition
Even one particle going through at a time creates wave pattern
27 #RSAC World’s easiest explanation of superposition
Use a detector on either slit, and pooling appears: particle-wave duality
28 #RSAC Maintaining superposition
Observing either slit destroyed the superposition Quantum computers need to maintain superposition among many qubits to perform calculations University of Maryland and others have found new ways to chain together qubits
29 #RSAC With enough stable qubits…
A quantum computer can run Shor’s algorithm (1994) and quickly crack any public key encryption by finding factors of large numbers Likely answers interfere constructively, unlikely ones destructively Simple quantum computers run it with two photonic qubits, showing 21=3*7 Within 3 years QCs may have hundreds of qubits
30 #RSAC Bitcoin example within 3 years
Bitcoin transaction includes a signature and a public key to verify owner That publicly available information is all a quantum computer needs to get private key and “become” another user This type of attack can be done passively (offline) by downloading any type of blockchain No reuse?
31 #RSAC Lamport signatures—a stopgap?
Public key consists of 320 hashes rather than an elliptic curve point Address is SHA256+RIPEMD-160 hash of public key Transaction includes public key and signature— verifiers check if: public key matches address signature matches message and public key Even with Grover’s algorithm, it takes 2^80 steps to construct a fraudulent transaction or 2^80 * 80 steps to crack all hashes (trillions of trillions)
32 #RSAC Post-quantum crypto
Code based Hash based Lattice based Multivariate quadratic equations One time pad liboqs, open source C library (https://openquantumsafe.org/ have fork for SSL as well)
33 #RSAC Apply these warnings!
As soon as possible, take a new look at any blockchain applications you’re developing or using in your company Be sure any of these applications actually need to be blockchain based, considering: security permanence of data (being able to make changes can be a good thing) whether current technology may be superior (not everything should be bc) Is your blockchain app an overlay to a proven blockchain and protocol, or is it potentially too untested for critical applications?
34 #RSAC Apply these warnings!
Within the next three months prioritize testing the security of blockchain applications by their criticality to your business Perform ethical hacking engagements against the implementation of your platform—remember all the basic flaws that undo even sound crypto Make sure your ethical hackers have actually worked with blockchain protocols before—this isn’t the time for a vendor to learn on your dime
35 #RSAC Apply these warnings!
Looking ahead, six months and on, what can you do to ensure the future of blockchain security It’s too late to develop applications that are not post-quantum safe Consider investing your dev resources to give something back to blockchain NIST has made call to arms to develop post quantum crypto solutions for PK— working on this could improve bc going forward (http://www.nist.gov/pqcrypto)
36 #RSAC
Questions? Please join me for a “focus on” session (FON4-T11) today in Moscone West 2024 from 3:45 to 4:15 @konstanthacker