47 research outputs found

    Evolving Bitcoin Custody

    Full text link
    The broad topic of this thesis is the design and analysis of Bitcoin custody systems. Both the technology and threat landscape are evolving constantly. Therefore, custody systems, defence strategies, and risk models should be adaptive too. We introduce Bitcoin custody by describing the different types, design principles, phases and functions of custody systems. We review the technology stack of these systems and focus on the fundamentals; key-management and privacy. We present a perspective we call the systems view. It is an attempt to capture the full complexity of a custody system, including technology, people, and processes. We review existing custody systems and standards. We explore Bitcoin covenants. This is a mechanism to enforce constraints on transaction sequences. Although previous work has proposed how to construct and apply Bitcoin covenants, these require modifying the consensus rules of Bitcoin, a notoriously difficult task. We introduce the first detailed exposition and security analysis of a deleted-key covenant protocol, which is compatible with current consensus rules. We demonstrate a range of security models for deleted-key covenants which seem practical, in particular, when applied in autonomous (user-controlled) custody systems. We conclude with a comparative analysis with previous proposals. Covenants are often proclaimed to be an important primitive for custody systems, but no complete design has been proposed to validate that claim. To address this, we propose an autonomous custody system called Ajolote which uses deleted-key covenants to enforce a vault sequence. We evaluate Ajolote with; a model of its state dynamics, a privacy analysis, and a risk model. We propose a threat model for custody systems which captures a realistic attacker for a system with offline devices and user-verification. We perform ceremony analysis to construct the risk model.Comment: PhD thesi

    SoK: Design, Vulnerabilities and Defense of Cryptocurrency Wallets

    Full text link
    The rapid growth of decentralized digital currencies, enabled by blockchain technology, has ushered in a new era of peer-to-peer transactions, revolutionizing the global economy. Cryptocurrency wallets, serving as crucial endpoints for these transactions, have become increasingly prevalent. However, the escalating value and usage of these wallets also expose them to significant security risks and challenges. This research aims to comprehensively explore the security aspects of cryptocurrency wallets. It provides a taxonomy of wallet types, analyzes their design and implementation, identifies common vulnerabilities and attacks, and discusses defense mechanisms and mitigation strategies. The taxonomy covers custodial, non-custodial, hot, and cold wallets, highlighting their unique characteristics and associated security considerations. The security analysis scrutinizes the theoretical and practical aspects of wallet design, while assessing the efficacy of existing security measures and protocols. Notable wallet attacks, such as Binance, Mt. Gox are examined to understand their causes and consequences. Furthermore, the paper surveys defense mechanisms, transaction monitoring, evaluating their effectiveness in mitigating threats

    Marketing in the Digital Environment

    Get PDF
    The textbook contains provisions that reveal the main points of marketing in the digital environment and the basic tools necessary for a marketer to successfully implement a variety of projects on the Internet. In particular, the types of Internet business, business models and characteristics of creating a business in the Internet environment, Internet marketing, development and promotion of web resources. It provides analysis of the practical aspects that illustrate the theoretical positions of marketing in the digital environment. The publication contains a series of practical exercises, cases and tests to assess the level of knowledge. It is recommended for students of economics and specialities in the field of Internet business, marketers, teachers, graduate students, as well as a wide range of readers interested in marketing in the digital environment

    Bitcoin em Pagamentos Online: Expandindo a moeda digital em pagamentos digitais

    Get PDF
    Technology has evolved exponentially, which has boosted the digitalization of payment systems. Thus, cryptocurrency emerged as a form of digital money and payment, whose adoption has been rising in recent years. On the other hand, the internet and technology also impacted e-commerce, which has potential for growth and development, consequently influencing online payment methods. While cryptocurrencies can attract and retain customers by offering an innovative, low-cost, and efficient payment alternative, there is still some resistance to market entry due to a lack of knowledge and trust. Aiming toward expanding the knowledge of cryptocurrencies, and sharing how payments with them work, this project seeks to develop a prototype capable of processing online Bitcoin cryptocurrency transactions. This prototype performs the integration with cryptocurrency payment gateways, being easily adapted to be integrated with other applications and support more cryptocurrencies. The evaluation conducted in this project is based on the Goal/Question/Metric approach, structuring the analysis concerning the quality attributes of Maintainability, Security and Reliability. The results are positive as the solution met all the expected values.A tecnologia tem evoluído exponencialmente o que potenciou a digitalização os sistemas de pagamento. Assim surgiu a criptomoeda como uma forma de dinheiro digital e pagamento, cuja adoção tem crescido nos últimos anos. Por outro lado, a internet e a tecnologia, têm também um grande impacto no comércio eletrónico que apresenta potencial de crescimento e desenvolvimento tendo assim influenciado os meios de pagamento online. Apesar de as criptomoedas puderem atrair e reter clientes ao oferecer uma alternativa de pagamento inovadora, de baixo custo e eficiente, ainda existe alguma resistência na entrada no mercado devido à falta de conhecimento e confiança. Tendo como objetivo expandir o conhecimento das criptomoedas, e partilhar como funcionam os pagamentos com estas, este projeto pretende desenvolver um protótipo capaz de suportar a criptomoeda Bitcoin para processamento de transações online. Este protótipo realiza a integração com gateways de pagamento de criptomoedas, sendo facilmente adaptado para ser integrado com outras aplicações e suportar mais criptomoedas. A avaliação realizada neste projeto é baseada na abordagem Goal/Question/Metric, estruturando a análise em relação aos atributos de qualidade de Manutenibilidade, Segurança e Confiabilidade. Os resultados finais são positivos visto que a solução cumpriu todos os valores expectáveis

    A Survey of Practical Formal Methods for Security

    Get PDF
    In today's world, critical infrastructure is often controlled by computing systems. This introduces new risks for cyber attacks, which can compromise the security and disrupt the functionality of these systems. It is therefore necessary to build such systems with strong guarantees of resiliency against cyber attacks. One way to achieve this level of assurance is using formal verification, which provides proofs of system compliance with desired cyber security properties. The use of Formal Methods (FM) in aspects of cyber security and safety-critical systems are reviewed in this article. We split FM into the three main classes: theorem proving, model checking, and lightweight FM. To allow the different uses of FM to be compared, we define a common set of terms. We further develop categories based on the type of computing system FM are applied in. Solutions in each class and category are presented, discussed, compared, and summarised. We describe historical highlights and developments and present a state-of-the-art review in the area of FM in cyber security. This review is presented from the point of view of FM practitioners and researchers, commenting on the trends in each of the classes and categories. This is achieved by considering all types of FM, several types of security and safety-critical systems, and by structuring the taxonomy accordingly. The article hence provides a comprehensive overview of FM and techniques available to system designers of security-critical systems, simplifying the process of choosing the right tool for the task. The article concludes by summarising the discussion of the review, focusing on best practices, challenges, general future trends, and directions of research within this field

    Acsesor: A New Framework for Auditable Custodial Secret Storage and Recovery

    Get PDF
    Custodial secret management services provide a convenient centralized user experience, portability, and emergency recovery for users who cannot reliably remember or store their own credentials and cryptographic keys. Unfortunately, these benefits are only available when users compromise the security of their secrets and entrust them to a third party. This makes custodial secret management service providers ripe targets for exploitation, and exposes valuable and sensitive data to data leaks, insider attacks, and password cracking, among other dangers. Several password managers and cryptocurrency wallets today utilize non-custodial solutions, where their users are in charge of a high-entropy secret, such as a cryptographic secret key or a long passphrase, that controls access to their data. One can argue that these solutions have a stronger security model, as the service provider no longer constitutes a single point of trust. However, the obvious downside is that it is very difficult for people to store cryptographic secrets reliably, making emergency recovery a serious problem. We present Acsesor: a new framework for auditable custodial secret management with decentralized trust. Our framework offers a middle-ground between a fully custodial (centralized) and fully non-custodial (user-managed/distributed) recovery system: it enhances custodial recovery systems with cryptographically assured access monitoring and a distributed trust assumption. In particular, the Acsesor framework distributes the recovery process across a set of (user-chosen) guardians. However, the user is never required to interact directly with the guardians during recovery, which allows us to retain the high usability of centralized custodial solutions. Additionally, Acsesor retains the strong resilience guarantees that custodial systems provide against fraud attacks. Finally, by allowing the guardians to implement flexible user-chosen response policies, Acsesor can address a broad range of problem scenarios in classical secret management solutions. For example, a slow recovery policy, where the guardians wait for a predefined time until responding, can replace the cumbersome passphrases many cryptocurrency wallets implement today for emergency recovery. We also instantiate the Acsesor framework with a base protocol built of standard primitives: standard encryption schemes and privacy-preserving transparency ledgers. Our construction requires no persistent storage from its users and supports an expansive array of configuration options and extensions

    Efficient and Secure ECDSA Algorithm and its Applications: A Survey

    Get PDF
    Public-key cryptography algorithms, especially elliptic curve cryptography (ECC)and elliptic curve digital signature algorithm (ECDSA) have been attracting attention frommany researchers in different institutions because these algorithms provide security andhigh performance when being used in many areas such as electronic-healthcare, electronicbanking,electronic-commerce, electronic-vehicular, and electronic-governance. These algorithmsheighten security against various attacks and the same time improve performanceto obtain efficiencies (time, memory, reduced computation complexity, and energy saving)in an environment of constrained source and large systems. This paper presents detailedand a comprehensive survey of an update of the ECDSA algorithm in terms of performance,security, and applications
    corecore