content may be borrowed from other resources. see the last...
TRANSCRIPT
Bitcoins,Blockchains andCybersecurity
Dr.DebasisBhattacharya,JD,[email protected]
@uhmcabithttp://maui.hawaii.edu/cybersecurity
Contentmaybeborrowedfromotherresources.Seethelastslideforacknowledgements!
OnlineTransactions
• Physicalcash– Non-traceable(well,mostly!)– Secure(mostly)– Lowinflation
• Can’tbeusedonlinedirectlyØElectroniccreditordebittransactions
uBankseesalltransactionsuMerchantscantrack/profilecustomers
InterfaceHI2017- DebasisBhattacharya9/27/17 2
E-Cash
• Secure– Singleuse– Reliable
• Lowinflation• Privacy-preserving
InterfaceHI2017- DebasisBhattacharya9/27/17 3
E-CashCryptoProtocolsv Chaum82:blindsignaturesfore-cash
v Chaum88:retroactivedoublespenderidentification
v Brandis95:restrictedblindsignatures
v Camenisch05:compactofflinee-cash
• Variouspracticalissues:– Needfortrustedcentralparty– Computationallyexpensive– Etc.
InterfaceHI2017- DebasisBhattacharya9/27/17 4
Bitcoin
• Adistributed,decentralizeddigitalcurrencysystem
• ReleasedbySatoshiNakamoto 2008• Effectivelyabankrunbyanadhocnetwork
– Digitalchecks– Adistributedtransactionlog
InterfaceHI2017- DebasisBhattacharya9/27/17 5
SizeoftheBitCoin Economy• NumberofBitCoins incirculation16.5million(September,2017)
• TotalnumberofBitCoins generatedcannotexceed21million.– Around5millionlefttobemined!
• AveragepriceofaBitcoin:– $3867onSeptember25,2017;– $2350onJune27,2017
¨ Pricehasbeenveryunstableandspeculative.• Currently,244,157tx/dayor~170tx/minute.(Incontrast,Visatransaction200,000perminute!)
InterfaceHI2017- DebasisBhattacharya9/27/17 6
9/27/17 InterfaceHI2017- DebasisBhattacharya 7
9/27/17 InterfaceHI2017- DebasisBhattacharya 8
Bitcoins– AveragepriceonSeptember25,2017
9/27/17 InterfaceHI2017- DebasisBhattacharya 9
Bitcoins– Averagepricesince2011
9/27/17 InterfaceHI2017- DebasisBhattacharya 10
Bitcoins– Averagepricein2017
9/27/17 InterfaceHI2017- DebasisBhattacharya 11
9/27/17 InterfaceHI2017- DebasisBhattacharya 12
9/27/17 InterfaceHI2017- DebasisBhattacharya 13
9/27/17 InterfaceHI2017- DebasisBhattacharya 14
9/27/17 InterfaceHI2017- DebasisBhattacharya 15
BitCoin:Challenges• Creationofavirtualcoin/note
– Howisitcreatedinthefirstplace?– Howdoyoupreventinflation?(Whatpreventsanyonefromcreating
lotsofcoins?)• Validation
– Isthecoinlegit?(proof-of-work)– Howdoyoupreventacoinfromdouble-spending?
• BuyerandSellerprotectioninonlinetransactions– Buyerpays,butthesellerdoesn’tdeliver– Sellerdelivers,buyerpays,butthebuyermakesaclaim.
• Trustonthird-parties– Relyon“proofofwork”insteadoftrust– Verifiablebyeveryone– blockchain isvisibletoall– Nocentralbankorclearinghouse
InterfaceHI2017- DebasisBhattacharya9/27/17 16
SecurityinBitcoin• Authentication
– AmIpayingtherightperson?Notsomeotherimpersonator?
• Integrity– Isthecoindouble-spent?– Cananattackerreverseorchangetransactions?
• Availability– CanImakeatransactionanytimeIwant?
• Confidentiality– Aremytransactionsprivate?Anonymous?
InterfaceHI2017- DebasisBhattacharya9/27/17 17
SecurityinBitcoin• Authenticationà PublicKeyCrypto:DigitalSignatures
– AmIpayingtherightperson?Notsomeotherimpersonator?
• Integrityà DigitalSignaturesandCryptographicHash– Isthecoindouble-spent?– Cananattackerreverseorchangetransactions?
• Availabilityà BroadcastmessagestotheP2Pnetwork– CanImakeatransactionanytimeIwant?
• Confidentialityà Pseudonymity– Aremytransactionsprivate?Anonymous?
InterfaceHI2017- DebasisBhattacharya9/27/17 18
PublicKeyCrypto:Encryption
• Keypair:publickeyandprivatekey
InterfaceHI2017- DebasisBhattacharya9/27/17 19
PublicKeyCrypto:DigitalSignature• First,createamessagedigestusingacryptographichash• Then,encryptthemessagedigestwithyourprivatekey
Authentication
Integrity
Non-repudiation
InterfaceHI2017- DebasisBhattacharya9/27/17 20
CryptographicHashFunctions
• Consistent:hash(X)alwaysyieldssameresult
• One-way:givenY,hardto findXs.t. hash(X)=Y
• Collisionresistant:givenhash(W)=Z,hardto findXsuchthathash(X)=Z
Hash FnMessage of arbitrary lengthFixed Size
Hash
InterfaceHI2017- DebasisBhattacharya9/27/17 21
BacktoBitCoin• Validation
– Isthecoinlegit?(proof-of-work)à UseofCryptographicHashes
– Howdoyoupreventacoinfromdouble-spending?àBroadcasttoallnodes
• Creationofavirtualcoin/note– Howisitcreatedinthefirstplace?à Provideincentivesforminers,earnbitcoinsafterwork!
– Howdoyoupreventinflation?(Whatpreventsanyonefromcreatinglotsofcoins?)à LimitthecreationrateoftheBitCoins.Rightnow,12.5coinstominers
InterfaceHI2017- DebasisBhattacharya9/27/17 22
Bitcoin• Electroniccoin==chainofdigitalsignatures• BitCoin transfer:Sign(Previoustransaction+Newowner’spublickey)• Anyonecanverify(n-1)th ownertransferredthistothenthowner.• AnyonecanfollowthehistoryGivenaBitCoin
InterfaceHI2017- DebasisBhattacharya9/27/17 23
Bitcoin Transactions
Public key 0xa8fc93875a972ea
Signature 0xa87g14632d452cd
Public key 0xc7b2f68...
InterfaceHI2017- DebasisBhattacharya9/27/17 24
UseofCryptographicHashes¨ Proof-of-work
¨ Blockcontainstransactionstobevalidatedandprevioushashvalue.¨ Pickanouce suchthatH(prev hash,nounce,Tx)<E.Eisavariablethat
thesystemspecifies.Basically,thisamountstofindingahashvaluewho’sleadingbitsarezero.Theworkrequiredisexponentialinthenumberofzerobitsrequired.
¨ Verificationiseasy.Butproof-of-workishard.
InterfaceHI2017- DebasisBhattacharya9/27/17 25
PreventingDouble-spending
• Theonlywayistobeawareofalltransactions.• Eachnode(miner)verifiesthatthisisthefirstspendingoftheBitcoin bythepayer.
• Onlywhenitisverifieditgeneratestheproof-of-workandattachittothecurrentchain.
InterfaceHI2017- DebasisBhattacharya9/27/17 26
Bitcoin Network• EachP2Pnoderunsthefollowingalgorithm:
– Newtransactionsarebroadcasttoallnodes.– Eachnode(miners)collectsnewtransactionsintoablock.– Eachnodeworksonfindingaproof-of-workforitsblock.(Hard
todo.Probabilistic.Theonetofinishearlywillprobablywin.)– Whenanodefindsaproof-of-work,itbroadcaststheblocktoall
nodes.– Nodesaccepttheblockonlyifalltransactionsinitarevalid
(digitalsignaturechecking)andnotalreadyspent(checkallthetransactions).
– Nodesexpresstheiracceptancebyworkingoncreatingthenextblockinthechain,usingthehashoftheacceptedblockastheprevioushash.
InterfaceHI2017- DebasisBhattacharya9/27/17 27
Tiebreaking• Twonodesmayfindacorrectblocksimultaneously.
– Keepbothandworkonthefirstone– Ifonegrowslongerthantheother,takethelongerone
Twodifferentblockchains(orblocks)maysatisfytherequiredproof-of-work.
InterfaceHI2017- DebasisBhattacharya9/27/17 28
RevertingisHard
• Revertinggetsexponentiallyhardasthechaingrows.
1.Modifythetransaction(revertorchangethepayer)
2.Recomputenonce
3.Recomputethenextnonce
InterfaceHI2017- DebasisBhattacharya9/27/17 29
PracticalLimitation
• Atleast10mins toverifyatransaction.– Agreetopay– Waitforoneblock(10mins)forthetransactiontogothrough.
– But,foralargetransaction($$$)waitlonger,around60minutes.Becauseifyouwaitlongeritbecomesmoresecure.
– Forlarge$$$,youwaitforsixblocks(1hour).
InterfaceHI2017- DebasisBhattacharya9/27/17 30
Optimizations• Merkle Tree
– Onlykeeptheroothash• Deletetheinteriorhashvaluestosavedisk• Blockheaderonlycontainstheroothash• Blockheaderisabout80bytes• 80bytes*6per/hr *24hrs *365=4.2MB/year
– WhykeepuseaMerkle tree?
InterfaceHI2017- DebasisBhattacharya9/27/17 31
Simplifiedpaymentverification• Anyusercanverifyatransactioneasilybyaskinganode.• First,getthelongestproof-of-workchain• Querytheblockthatthetransactiontobeverified(tx3)isin.• OnlyneedHash01andHash2toverify;nottheentireTx’s.
InterfaceHI2017- DebasisBhattacharya9/27/17 32
BitCoin Economics¨ Ratelimitingonthecreationofanewblock
¨ Adapttothe“network’scapacity”¨ Ablockcreatedevery10mins (sixblockseveryhour)
¨ How?Difficultyisadjustedeverytwoweekstokeeptheratefixedascapacity/computingpowerincreases
¨ NnewBitcoins pereachnewblock:creditedtotheminerà incentivesforminers¨ Nwas50initially.In2013,N=25¨ Since 2016N=12.5,nexthalfisJune2020forN=6.25.¨ Halvedevery210,000blocks(everyfouryears)¨ Thus,thetotalnumberofBitCoins willnotexceed21million.
(Afterthisminertakesafee)
InterfaceHI2017- DebasisBhattacharya9/27/17 33
PrivacyImplications
• Noanonymity,onlypseudonymity• Alltransactionsremainontheblockchain–indefinitely!
• Retroactivedatamining– Targetuseddataminingoncustomerpurchasestoidentifypregnantwomenandtargetadsatthem(NYT2012),endedupinformingawoman’sfatherthathisteenagedaughterwaspregnant
– Imaginewhatcreditcardcompaniescoulddowiththedata
InterfaceHI2017- DebasisBhattacharya9/27/17 34
9/27/17 InterfaceHI2017- DebasisBhattacharya 35
9/27/17 InterfaceHI2017- DebasisBhattacharya 36
Bitcoins– Averagepricedroppedin2014butrisingsince!
9/27/17 InterfaceHI2017- DebasisBhattacharya 37
9/27/17 InterfaceHI2017- DebasisBhattacharya 38
9/27/17 InterfaceHI2017- DebasisBhattacharya 39
9/27/17 InterfaceHI2017- DebasisBhattacharya 40
9/27/17 InterfaceHI2017- DebasisBhattacharya 41
9/27/17 InterfaceHI2017- DebasisBhattacharya 42
9/27/17 InterfaceHI2017- DebasisBhattacharya 43
BitcoinSecurity101
• WhenusinganonlineservicesuchasanbitcoinexchangesuchasCoinbase:– Enable2-Factor-Authentication(likeGoogleauthenticatororYubiKey)onyouraccount
– WatchoutforSocialEngineeringthatcantakeswitchyourphonebycallingVerizonCustomerSvc!
• EnsuresecurityofyourAPIKey– APIKeyallowsapplicationstoretrievebitcoinsfromyourdigitalwallet.
9/27/17 InterfaceHI2017- DebasisBhattacharya 44
9/27/17 InterfaceHI2017- DebasisBhattacharya 45
BitcoinSecurity101
• Alwayshavedirectcontrolofyourbitcoins(privatekeys).Ifyoudon’thave(orlose)thekeys,youdon’tcontrolthebitcoins.
• Keeplittlecash($100to$500)intheexchange• Makeregularbackupsofyourbitcoinwallet!
– Or,useTrezor hardwarewalletorpaperwallet• Realizethatyouwillbethetargetformalware,socialengineeringandotherhacks!
9/27/17 InterfaceHI2017- DebasisBhattacharya 46
9/27/17 InterfaceHI2017- DebasisBhattacharya 47
9/27/17 InterfaceHI2017- DebasisBhattacharya 48
9/27/17 InterfaceHI2017- DebasisBhattacharya 49
Conclusion
• Cryptocurrenciesandtechnologyareheretostay…– www.Bitcoin,org - StartedbySatoshiNakamoto,10/08– www.ZeroCoin.org - ExtendBitcointomakeitprivate– www.Litecoin.org - OpenSourceP2PInternetCurrency– www.Ethereum.org - SmartContracts(Microsoft)– www.Hyperledger.org - Blockchains forBusiness(IBM)
• Securityisanissuejustlikeanythingelse– Consumers:SocialEngineering,Malware,Phishingetc.– Exchanges:Hacks,Botnets,Malware,Phishing,APTetc.
9/27/17 InterfaceHI2017- DebasisBhattacharya 50
Acknowledgement• Someoftheslides,content,orpicturesareborrowedfrom
thefollowingresources,andsomepicturesareobtainedthroughGooglesearchwithoutbeingreferencedbelow:
• L24-BitCoinandSecurity,manyoftheslidesborrowedfromthispresentationwithmodifications.
• PresentationbyAmirHoumansadr fromUmass CSentitled“SecureDigitalCurrency:Bitcoin”,CS660,Spring2015
InterfaceHI2017- DebasisBhattacharya9/27/17 51
9/27/17 InterfaceHI2017- DebasisBhattacharya 52
Dr.DebasisBhattacharya,JD,[email protected]@uhmcabithttp://maui.hawaii.edu/cybersecurity