Bitcoins,Blockchains andCybersecurity

Dr.DebasisBhattacharya,JD,DBAdebasisb@hawaii.edu

@uhmcabithttp://maui.hawaii.edu/cybersecurity

Contentmaybeborrowedfromotherresources.Seethelastslideforacknowledgements!

OnlineTransactions

• Physicalcash– Non-traceable(well,mostly!)– Secure(mostly)– Lowinflation

• Can’tbeusedonlinedirectlyØElectroniccreditordebittransactions

uBankseesalltransactionsuMerchantscantrack/profilecustomers

InterfaceHI2017- DebasisBhattacharya9/27/17 2

E-Cash

• Secure– Singleuse– Reliable

• Lowinflation• Privacy-preserving

InterfaceHI2017- DebasisBhattacharya9/27/17 3

E-CashCryptoProtocolsv Chaum82:blindsignaturesfore-cash

v Chaum88:retroactivedoublespenderidentification

v Brandis95:restrictedblindsignatures

v Camenisch05:compactofflinee-cash

• Variouspracticalissues:– Needfortrustedcentralparty– Computationallyexpensive– Etc.

InterfaceHI2017- DebasisBhattacharya9/27/17 4

Bitcoin

• Adistributed,decentralizeddigitalcurrencysystem

• ReleasedbySatoshiNakamoto 2008• Effectivelyabankrunbyanadhocnetwork

– Digitalchecks– Adistributedtransactionlog

InterfaceHI2017- DebasisBhattacharya9/27/17 5

SizeoftheBitCoin Economy• NumberofBitCoins incirculation16.5million(September,2017)

• TotalnumberofBitCoins generatedcannotexceed21million.– Around5millionlefttobemined!

• AveragepriceofaBitcoin:– $3867onSeptember25,2017;– $2350onJune27,2017

¨ Pricehasbeenveryunstableandspeculative.• Currently,244,157tx/dayor~170tx/minute.(Incontrast,Visatransaction200,000perminute!)

InterfaceHI2017- DebasisBhattacharya9/27/17 6

9/27/17 InterfaceHI2017- DebasisBhattacharya 7

9/27/17 InterfaceHI2017- DebasisBhattacharya 8

Bitcoins– AveragepriceonSeptember25,2017

9/27/17 InterfaceHI2017- DebasisBhattacharya 9

Bitcoins– Averagepricesince2011

9/27/17 InterfaceHI2017- DebasisBhattacharya 10

Bitcoins– Averagepricein2017

9/27/17 InterfaceHI2017- DebasisBhattacharya 11

9/27/17 InterfaceHI2017- DebasisBhattacharya 12

9/27/17 InterfaceHI2017- DebasisBhattacharya 13

9/27/17 InterfaceHI2017- DebasisBhattacharya 14

9/27/17 InterfaceHI2017- DebasisBhattacharya 15

BitCoin:Challenges• Creationofavirtualcoin/note

– Howisitcreatedinthefirstplace?– Howdoyoupreventinflation?(Whatpreventsanyonefromcreating

lotsofcoins?)• Validation

– Isthecoinlegit?(proof-of-work)– Howdoyoupreventacoinfromdouble-spending?

• BuyerandSellerprotectioninonlinetransactions– Buyerpays,butthesellerdoesn’tdeliver– Sellerdelivers,buyerpays,butthebuyermakesaclaim.

• Trustonthird-parties– Relyon“proofofwork”insteadoftrust– Verifiablebyeveryone– blockchain isvisibletoall– Nocentralbankorclearinghouse

InterfaceHI2017- DebasisBhattacharya9/27/17 16

SecurityinBitcoin• Authentication

– AmIpayingtherightperson?Notsomeotherimpersonator?

• Integrity– Isthecoindouble-spent?– Cananattackerreverseorchangetransactions?

• Availability– CanImakeatransactionanytimeIwant?

• Confidentiality– Aremytransactionsprivate?Anonymous?

InterfaceHI2017- DebasisBhattacharya9/27/17 17

SecurityinBitcoin• Authenticationà PublicKeyCrypto:DigitalSignatures

– AmIpayingtherightperson?Notsomeotherimpersonator?

• Integrityà DigitalSignaturesandCryptographicHash– Isthecoindouble-spent?– Cananattackerreverseorchangetransactions?

• Availabilityà BroadcastmessagestotheP2Pnetwork– CanImakeatransactionanytimeIwant?

• Confidentialityà Pseudonymity– Aremytransactionsprivate?Anonymous?

InterfaceHI2017- DebasisBhattacharya9/27/17 18

PublicKeyCrypto:Encryption

• Keypair:publickeyandprivatekey

InterfaceHI2017- DebasisBhattacharya9/27/17 19

PublicKeyCrypto:DigitalSignature• First,createamessagedigestusingacryptographichash• Then,encryptthemessagedigestwithyourprivatekey

Authentication

Integrity

Non-repudiation

InterfaceHI2017- DebasisBhattacharya9/27/17 20

CryptographicHashFunctions

• Consistent:hash(X)alwaysyieldssameresult

• One-way:givenY,hardto findXs.t. hash(X)=Y

• Collisionresistant:givenhash(W)=Z,hardto findXsuchthathash(X)=Z

Hash FnMessage of arbitrary lengthFixed Size

Hash

InterfaceHI2017- DebasisBhattacharya9/27/17 21

BacktoBitCoin• Validation

– Isthecoinlegit?(proof-of-work)à UseofCryptographicHashes

– Howdoyoupreventacoinfromdouble-spending?àBroadcasttoallnodes

• Creationofavirtualcoin/note– Howisitcreatedinthefirstplace?à Provideincentivesforminers,earnbitcoinsafterwork!

– Howdoyoupreventinflation?(Whatpreventsanyonefromcreatinglotsofcoins?)à LimitthecreationrateoftheBitCoins.Rightnow,12.5coinstominers

InterfaceHI2017- DebasisBhattacharya9/27/17 22

Bitcoin• Electroniccoin==chainofdigitalsignatures• BitCoin transfer:Sign(Previoustransaction+Newowner’spublickey)• Anyonecanverify(n-1)th ownertransferredthistothenthowner.• AnyonecanfollowthehistoryGivenaBitCoin

InterfaceHI2017- DebasisBhattacharya9/27/17 23

Bitcoin Transactions

Public key 0xa8fc93875a972ea

Signature 0xa87g14632d452cd

Public key 0xc7b2f68...

InterfaceHI2017- DebasisBhattacharya9/27/17 24

UseofCryptographicHashes¨ Proof-of-work

¨ Blockcontainstransactionstobevalidatedandprevioushashvalue.¨ Pickanouce suchthatH(prev hash,nounce,Tx)<E.Eisavariablethat

thesystemspecifies.Basically,thisamountstofindingahashvaluewho’sleadingbitsarezero.Theworkrequiredisexponentialinthenumberofzerobitsrequired.

¨ Verificationiseasy.Butproof-of-workishard.

InterfaceHI2017- DebasisBhattacharya9/27/17 25

PreventingDouble-spending

• Theonlywayistobeawareofalltransactions.• Eachnode(miner)verifiesthatthisisthefirstspendingoftheBitcoin bythepayer.

• Onlywhenitisverifieditgeneratestheproof-of-workandattachittothecurrentchain.

InterfaceHI2017- DebasisBhattacharya9/27/17 26

Bitcoin Network• EachP2Pnoderunsthefollowingalgorithm:

– Newtransactionsarebroadcasttoallnodes.– Eachnode(miners)collectsnewtransactionsintoablock.– Eachnodeworksonfindingaproof-of-workforitsblock.(Hard

todo.Probabilistic.Theonetofinishearlywillprobablywin.)– Whenanodefindsaproof-of-work,itbroadcaststheblocktoall

nodes.– Nodesaccepttheblockonlyifalltransactionsinitarevalid

(digitalsignaturechecking)andnotalreadyspent(checkallthetransactions).

– Nodesexpresstheiracceptancebyworkingoncreatingthenextblockinthechain,usingthehashoftheacceptedblockastheprevioushash.

InterfaceHI2017- DebasisBhattacharya9/27/17 27

Tiebreaking• Twonodesmayfindacorrectblocksimultaneously.

– Keepbothandworkonthefirstone– Ifonegrowslongerthantheother,takethelongerone

Twodifferentblockchains(orblocks)maysatisfytherequiredproof-of-work.

InterfaceHI2017- DebasisBhattacharya9/27/17 28

RevertingisHard

• Revertinggetsexponentiallyhardasthechaingrows.

1.Modifythetransaction(revertorchangethepayer)

2.Recomputenonce

3.Recomputethenextnonce

InterfaceHI2017- DebasisBhattacharya9/27/17 29

PracticalLimitation

• Atleast10mins toverifyatransaction.– Agreetopay– Waitforoneblock(10mins)forthetransactiontogothrough.

– But,foralargetransaction($$$)waitlonger,around60minutes.Becauseifyouwaitlongeritbecomesmoresecure.

– Forlarge$$$,youwaitforsixblocks(1hour).

InterfaceHI2017- DebasisBhattacharya9/27/17 30

Optimizations• Merkle Tree

– Onlykeeptheroothash• Deletetheinteriorhashvaluestosavedisk• Blockheaderonlycontainstheroothash• Blockheaderisabout80bytes• 80bytes*6per/hr *24hrs *365=4.2MB/year

– WhykeepuseaMerkle tree?

InterfaceHI2017- DebasisBhattacharya9/27/17 31

Simplifiedpaymentverification• Anyusercanverifyatransactioneasilybyaskinganode.• First,getthelongestproof-of-workchain• Querytheblockthatthetransactiontobeverified(tx3)isin.• OnlyneedHash01andHash2toverify;nottheentireTx’s.

InterfaceHI2017- DebasisBhattacharya9/27/17 32

BitCoin Economics¨ Ratelimitingonthecreationofanewblock

¨ Adapttothe“network’scapacity”¨ Ablockcreatedevery10mins (sixblockseveryhour)

¨ How?Difficultyisadjustedeverytwoweekstokeeptheratefixedascapacity/computingpowerincreases

¨ NnewBitcoins pereachnewblock:creditedtotheminerà incentivesforminers¨ Nwas50initially.In2013,N=25¨ Since 2016N=12.5,nexthalfisJune2020forN=6.25.¨ Halvedevery210,000blocks(everyfouryears)¨ Thus,thetotalnumberofBitCoins willnotexceed21million.

(Afterthisminertakesafee)

InterfaceHI2017- DebasisBhattacharya9/27/17 33

PrivacyImplications

• Noanonymity,onlypseudonymity• Alltransactionsremainontheblockchain–indefinitely!

• Retroactivedatamining– Targetuseddataminingoncustomerpurchasestoidentifypregnantwomenandtargetadsatthem(NYT2012),endedupinformingawoman’sfatherthathisteenagedaughterwaspregnant

– Imaginewhatcreditcardcompaniescoulddowiththedata

InterfaceHI2017- DebasisBhattacharya9/27/17 34

9/27/17 InterfaceHI2017- DebasisBhattacharya 35

9/27/17 InterfaceHI2017- DebasisBhattacharya 36

Bitcoins– Averagepricedroppedin2014butrisingsince!

9/27/17 InterfaceHI2017- DebasisBhattacharya 37

9/27/17 InterfaceHI2017- DebasisBhattacharya 38

9/27/17 InterfaceHI2017- DebasisBhattacharya 39

9/27/17 InterfaceHI2017- DebasisBhattacharya 40

9/27/17 InterfaceHI2017- DebasisBhattacharya 41

9/27/17 InterfaceHI2017- DebasisBhattacharya 42

9/27/17 InterfaceHI2017- DebasisBhattacharya 43

BitcoinSecurity101

• WhenusinganonlineservicesuchasanbitcoinexchangesuchasCoinbase:– Enable2-Factor-Authentication(likeGoogleauthenticatororYubiKey)onyouraccount

– WatchoutforSocialEngineeringthatcantakeswitchyourphonebycallingVerizonCustomerSvc!

• EnsuresecurityofyourAPIKey– APIKeyallowsapplicationstoretrievebitcoinsfromyourdigitalwallet.

9/27/17 InterfaceHI2017- DebasisBhattacharya 44

9/27/17 InterfaceHI2017- DebasisBhattacharya 45

BitcoinSecurity101

• Alwayshavedirectcontrolofyourbitcoins(privatekeys).Ifyoudon’thave(orlose)thekeys,youdon’tcontrolthebitcoins.

• Keeplittlecash($100to$500)intheexchange• Makeregularbackupsofyourbitcoinwallet!

– Or,useTrezor hardwarewalletorpaperwallet• Realizethatyouwillbethetargetformalware,socialengineeringandotherhacks!

9/27/17 InterfaceHI2017- DebasisBhattacharya 46

9/27/17 InterfaceHI2017- DebasisBhattacharya 47

9/27/17 InterfaceHI2017- DebasisBhattacharya 48

9/27/17 InterfaceHI2017- DebasisBhattacharya 49

Conclusion

• Cryptocurrenciesandtechnologyareheretostay…– www.Bitcoin,org - StartedbySatoshiNakamoto,10/08– www.ZeroCoin.org - ExtendBitcointomakeitprivate– www.Litecoin.org - OpenSourceP2PInternetCurrency– www.Ethereum.org - SmartContracts(Microsoft)– www.Hyperledger.org - Blockchains forBusiness(IBM)

• Securityisanissuejustlikeanythingelse– Consumers:SocialEngineering,Malware,Phishingetc.– Exchanges:Hacks,Botnets,Malware,Phishing,APTetc.

9/27/17 InterfaceHI2017- DebasisBhattacharya 50

Acknowledgement• Someoftheslides,content,orpicturesareborrowedfrom

thefollowingresources,andsomepicturesareobtainedthroughGooglesearchwithoutbeingreferencedbelow:

• L24-BitCoinandSecurity,manyoftheslidesborrowedfromthispresentationwithmodifications.

• PresentationbyAmirHoumansadr fromUmass CSentitled“SecureDigitalCurrency:Bitcoin”,CS660,Spring2015

InterfaceHI2017- DebasisBhattacharya9/27/17 51

9/27/17 InterfaceHI2017- DebasisBhattacharya 52

Dr.DebasisBhattacharya,JD,DBAdebasisb@hawaii.edu@uhmcabithttp://maui.hawaii.edu/cybersecurity