#RSAC

SESSION ID: PDAC-T10F

Hacking

Konstantinos Karagiannis Chief Technology Officer, Security Consulting BT Americas @konstanthacker #RSAC

Another sea change upon us #RSAC It all started Halloween 2008…

3 #RSAC

Satoshi’s altruistic goals met Strong investment—5 million dollar pizza Widespread “positioning” of Literally and figuratively created the blockchain movement

4 #RSAC Blockchain transaction and verification

Parties exchange data

Transaction verified or queued

5 #RSAC Blockchain structure and validation

Each block identified by hash

Blocks must be validated to be added to chain

6 #RSAC Blockchain mining and chain

Miners “solve puzzle” ()

Miners rewarded, block added to majority chain

7 #RSAC Blockchain defense

Trying to submit an altered block would change hash function of that block and all following blocks—nodes would detect and reject block.

8 #RSAC Some proposed blockchain applications

Digital assets Identity (black box) Verifiable data Smart contracts

9 #RSAC

Attacks past and present #RSAC Quick caveat

Not allowed to discuss vulnerabilities found during ethical hacks of BT-client financial applications Publicized examples follow to highlight types of attacks possible May use occasional “guesses” to fill in blanks based on experience If I’m wrong, I know the attacks still work!

11 #RSAC 1 RETURN – responsible disclosure

First security vuln identified July, 2010 by ArtForz Allows spending of other user’s via Sig OP_1 OP_RETURN Satoshi kept 1 RETURN quiet as he rolled out a patch ArtForz proved Satoshi’s belief early users would want to maintain value in Bitcoin

12 #RSAC Attacks against blockchain infrastructure

Mt. Gox first major bitcoin disaster June 2011: $8 million stolen (admin pw) Feb 2014: $460 million stolen (transaction malleability) No version control software in Mt. Gox—bug fixes often delayed, untested code pushed straight to production Gatecoin hacked May 2016 via a server disruption and reboot (bypassing multisig cold wallets)—more modest 250 BTC and 185,000 ETH.

13 #RSAC Attacks against code

DAO flaw known of since May 2016 June 17, hacker used recursive flaw to make splits inside splits, moving Ether repeatedly without checking “balance” Hard resulted

14 #RSAC Attacks against blockchain sites

2013, payments processor Inputs.io site compromised—for $1 million (social engineering) blockchain-based blogging platform web site authentication targeted July (no 2FA)—$85,000 funds stolen by transactions (hard fork after) Reports of hacking incidents appear on the net regularly. Insured against mass breach, not individual credential attacks

15 #RSAC Attacks against hot wallets

Dec 7, hacker compromises VC Bo Shen’s phone, gaining access to $300,000 in Augur and Ether from wallet Ransomware obvious issue, but malware that steals credentials like Mokes.A can lead to transactions Android phones more susceptible than ever due to poor updating in all but newest devices

16 #RSAC Attacks against cold wallets

Bitfinex tried to remove risk of “security exposures” by adding an extra layer via BitGo BitGo as part of multisig it seems could do whatever it wished Cold wallets turned hot Aug 2016 Over $70 million swiped Losses of 36% across all users unlike FDIC

17 #RSAC Attacks against nodes

Major node attack thwarted Aug 2010—Bitcoin block 74638 flaw could generate 184 Billion transactions! Sept 18, Geth nodes () ran out of memory and crashed on block 2283416 ( sabotage?) Aug, Krypton and Shift hit by proof of concept 51% attack—overpowered by rented NiceHash hashpower Scanning for nodes to target (e.g. TCP port 8333) possible

18 #RSAC Traditional risks to new applications

Digital assets Ownership Identity Black box interactions at risk Verifiable data Malicious transactions Smart contracts Code flaws, repudiation

19 #RSAC

Coming attacks against blockchain’s biggest flaw #RSAC Remember Satoshi’s words?

August 2015: NSA publicly warned against using ECC, the type of encryption in blockchain

21 #RSAC Elliptic curve cryptography

Public key system, like RSA, El Gamal, Rabin Based on algebraic structure of elliptic curves over finite fields Public key for encryption or sig validation Private key for decryption or sig generation

22 #RSAC ECC Bitcoin example

Bitcoin wallet addresses made of: Public key, private key, and address Public key derived from private key by elliptic curve multiplication Address derived by: applying SHA256 hash function to public key applying RIPEMD-160 hash function adding checksum for error correction “Used” bitcoin or other entities have public keys exposed on blockchain

23 #RSAC Quantum threat looming

Quantum computers can crack ECC Machines exploit quantum “weirdness” of superposition to allow existence of qubits Qubits can be a percentage of both zero and one at the same time Qubits and special algorithms allow quantum computers to do things classical computers can’t do in thousands of years

24 #RSAC World’s easiest explanation of superposition

Expected particle behavior or “pooling”

25 #RSAC World’s easiest explanation of superposition

Wave pattern without observation of which slit a particle goes through

26 #RSAC World’s easiest explanation of superposition

Even one particle going through at a time creates wave pattern

27 #RSAC World’s easiest explanation of superposition

Use a detector on either slit, and pooling appears: particle-wave duality

28 #RSAC Maintaining superposition

Observing either slit destroyed the superposition Quantum computers need to maintain superposition among many qubits to perform calculations University of Maryland and others have found new ways to chain together qubits

29 #RSAC With enough stable qubits…

A quantum computer can run Shor’s algorithm (1994) and quickly crack any public key encryption by finding factors of large numbers Likely answers interfere constructively, unlikely ones destructively Simple quantum computers run it with two photonic qubits, showing 21=3*7 Within 3 years QCs may have hundreds of qubits

30 #RSAC Bitcoin example within 3 years

Bitcoin transaction includes a signature and a public key to verify owner That publicly available information is all a quantum computer needs to get private key and “become” another user This type of attack can be done passively (offline) by downloading any type of blockchain No reuse?

31 #RSAC Lamport signatures—a stopgap?

Public key consists of 320 hashes rather than an elliptic curve point Address is SHA256+RIPEMD-160 hash of public key Transaction includes public key and signature— verifiers check if: public key matches address signature matches message and public key Even with Grover’s algorithm, it takes 2^80 steps to construct a fraudulent transaction or 2^80 * 80 steps to crack all hashes (trillions of trillions)

32 #RSAC Post-quantum crypto

Code based Hash based Lattice based Multivariate quadratic equations One time pad liboqs, open source C library (https://openquantumsafe.org/ have fork for SSL as well)

33 #RSAC Apply these warnings!

As soon as possible, take a new look at any blockchain applications you’re developing or using in your company Be sure any of these applications actually need to be blockchain based, considering: security permanence of data (being able to make changes can be a good thing) whether current technology may be superior (not everything should be bc) Is your blockchain app an overlay to a proven blockchain and protocol, or is it potentially too untested for critical applications?

34 #RSAC Apply these warnings!

Within the next three months prioritize testing the security of blockchain applications by their criticality to your business Perform ethical hacking engagements against the implementation of your platform—remember all the basic flaws that undo even sound crypto Make sure your ethical hackers have actually worked with blockchain protocols before—this isn’t the time for a vendor to learn on your dime

35 #RSAC Apply these warnings!

Looking ahead, six months and on, what can you do to ensure the future of blockchain security It’s too late to develop applications that are not post-quantum safe Consider investing your dev resources to give something back to blockchain NIST has made call to arms to develop post quantum crypto solutions for PK— working on this could improve bc going forward (http://www.nist.gov/​pqcrypto)

36 #RSAC

Questions? Please join me for a “focus on” session (FON4-T11) today in Moscone West 2024 from 3:45 to 4:15 @konstanthacker