47 research outputs found
Evolving Bitcoin Custody
The broad topic of this thesis is the design and analysis of Bitcoin custody
systems. Both the technology and threat landscape are evolving constantly.
Therefore, custody systems, defence strategies, and risk models should be
adaptive too.
We introduce Bitcoin custody by describing the different types, design
principles, phases and functions of custody systems. We review the technology
stack of these systems and focus on the fundamentals; key-management and
privacy. We present a perspective we call the systems view. It is an attempt to
capture the full complexity of a custody system, including technology, people,
and processes. We review existing custody systems and standards.
We explore Bitcoin covenants. This is a mechanism to enforce constraints on
transaction sequences. Although previous work has proposed how to construct and
apply Bitcoin covenants, these require modifying the consensus rules of
Bitcoin, a notoriously difficult task. We introduce the first detailed
exposition and security analysis of a deleted-key covenant protocol, which is
compatible with current consensus rules. We demonstrate a range of security
models for deleted-key covenants which seem practical, in particular, when
applied in autonomous (user-controlled) custody systems. We conclude with a
comparative analysis with previous proposals.
Covenants are often proclaimed to be an important primitive for custody
systems, but no complete design has been proposed to validate that claim. To
address this, we propose an autonomous custody system called Ajolote which uses
deleted-key covenants to enforce a vault sequence. We evaluate Ajolote with; a
model of its state dynamics, a privacy analysis, and a risk model. We propose a
threat model for custody systems which captures a realistic attacker for a
system with offline devices and user-verification. We perform ceremony analysis
to construct the risk model.Comment: PhD thesi
SoK: Design, Vulnerabilities and Defense of Cryptocurrency Wallets
The rapid growth of decentralized digital currencies, enabled by blockchain
technology, has ushered in a new era of peer-to-peer transactions,
revolutionizing the global economy. Cryptocurrency wallets, serving as crucial
endpoints for these transactions, have become increasingly prevalent. However,
the escalating value and usage of these wallets also expose them to significant
security risks and challenges. This research aims to comprehensively explore
the security aspects of cryptocurrency wallets. It provides a taxonomy of
wallet types, analyzes their design and implementation, identifies common
vulnerabilities and attacks, and discusses defense mechanisms and mitigation
strategies. The taxonomy covers custodial, non-custodial, hot, and cold
wallets, highlighting their unique characteristics and associated security
considerations. The security analysis scrutinizes the theoretical and practical
aspects of wallet design, while assessing the efficacy of existing security
measures and protocols. Notable wallet attacks, such as Binance, Mt. Gox are
examined to understand their causes and consequences. Furthermore, the paper
surveys defense mechanisms, transaction monitoring, evaluating their
effectiveness in mitigating threats
Marketing in the Digital Environment
The textbook contains provisions that reveal the main points of marketing in the digital environment and the basic tools necessary for a marketer to successfully implement a variety of projects on the Internet. In particular, the types of Internet business, business models and characteristics of creating a business in the Internet environment, Internet marketing, development and promotion of web resources. It provides analysis of the practical aspects that illustrate the theoretical positions of marketing in the digital environment.
The publication contains a series of practical exercises, cases and tests to assess the level of knowledge. It is recommended for students of economics and specialities in the field of Internet business, marketers, teachers, graduate students, as well as a wide range of readers interested in marketing in the digital environment
Recommended from our members
Exploring blockchain technologies with an innovative multi-layered ontology design tool and eMudra – a novel peer to peer currency exchange application
Recent years have witnessed significant interest in shared economy applications and consequently a proliferation of such applications have emerged where people are monetizing their things. This thesis focuses on solving the problem of leftover foreign currency exchange as a shared economy application. Existing shared economy applications such as Ola, Uber or Airbnb are not deployed as decentralized applications (Dapps) leveraging blockchain and the Internet of Things (IoT), which are relatively recent technologies leading to more efficient applications that do not require the intervention of trusted third parties.
Blockchain technology can be merged with IoT infrastructure to provide an immutable ledger of all the transactions related to shared economy applications; an immutable ledger is critical to the elimination of trusted third parties, making the system trustless. When blockchain and IoT are combined they can give rise to a plethora of useful shared economy applications — automatic payment mechanisms, digital rights management are some instances and in the case of this thesis a unique solution for the leftover foreign currency exchange problem. This thesis demonstrates the implementation of a novel permissioned consortium blockchain-based leftover foreign currency exchange platform that has been designed using a multi-layered blockchain ontology created with an innovative ontology design tool.
The leftover foreign currency exchange problem arises because every year millions of travellers undertake international tours and need to perform currency exchange. However, there is a deficit of suitable currency exchange applications that would help travellers exchange money profitably and conveniently, especially small amounts of cash. This thesis proposes a novel peer to peer currency exchange application – e-Mudra, exploiting blockchain technology that would allow users to choose or quote their preferred exchange rates and exchange currencies including cash money with peer travellers without any middleman deciding the rates. The research work described focuses on an in-depth study of blockchain technology and a new multi-layered blockchain ontology is created with an innovative ontology design tool that facilitates generation of simple and complex ontologies enabling the design of blockchain (and other) applications using these ontologies.
The novel ontology design tool created in this research work following a new Ontology Development Life Cycle and an ontology design methodology was used to design a blockchain ontology and a wallet ontology as examples of use, where the currency exchange application design (e-Mudra) is an instance of the blockchain ontology
Bitcoin em Pagamentos Online: Expandindo a moeda digital em pagamentos digitais
Technology has evolved exponentially, which has boosted the digitalization of payment systems. Thus, cryptocurrency emerged as a form of digital money and payment, whose adoption has been rising in recent years. On the other hand, the internet and technology also impacted e-commerce, which has potential for growth and development, consequently influencing online payment methods. While cryptocurrencies can attract and retain customers by offering an innovative, low-cost, and efficient payment alternative, there is still some resistance to market entry due to a lack of knowledge and trust. Aiming toward expanding the knowledge of cryptocurrencies, and sharing how payments with them work, this project seeks to develop a prototype capable of processing online Bitcoin cryptocurrency transactions. This prototype performs the integration with cryptocurrency payment gateways, being easily adapted to be integrated with other applications and support more cryptocurrencies. The evaluation conducted in this project is based on the Goal/Question/Metric approach, structuring the analysis concerning the quality attributes of Maintainability, Security and Reliability. The results are positive as the solution met all the expected values.A tecnologia tem evoluído exponencialmente o que potenciou a digitalização os sistemas de pagamento. Assim surgiu a criptomoeda como uma forma de dinheiro digital e pagamento, cuja adoção tem crescido nos últimos anos. Por outro lado, a internet e a tecnologia, têm também um grande impacto no comércio eletrónico que apresenta potencial de crescimento e desenvolvimento tendo assim influenciado os meios de pagamento online. Apesar de as criptomoedas puderem atrair e reter clientes ao oferecer uma alternativa de pagamento inovadora, de baixo custo e eficiente, ainda existe alguma resistência na entrada no mercado devido à falta de conhecimento e confiança. Tendo como objetivo expandir o conhecimento das criptomoedas, e partilhar como funcionam os pagamentos com estas, este projeto pretende desenvolver um protótipo capaz de suportar a criptomoeda Bitcoin para processamento de transações online. Este protótipo realiza a integração com gateways de pagamento de criptomoedas, sendo facilmente adaptado para ser integrado com outras aplicações e suportar mais criptomoedas. A avaliação realizada neste projeto é baseada na abordagem Goal/Question/Metric, estruturando a análise em relação aos atributos de qualidade de Manutenibilidade, Segurança e Confiabilidade. Os resultados finais são positivos visto que a solução cumpriu todos os valores expectáveis
A Survey of Practical Formal Methods for Security
In today's world, critical infrastructure is often controlled by computing systems. This introduces new risks for cyber attacks, which can compromise the security and disrupt the functionality of these systems. It is therefore necessary to build such systems with strong guarantees of resiliency against cyber attacks. One way to achieve this level of assurance is using formal verification, which provides proofs of system compliance with desired cyber security properties. The use of Formal Methods (FM) in aspects of cyber security and safety-critical systems are reviewed in this article. We split FM into the three main classes: theorem proving, model checking, and lightweight FM. To allow the different uses of FM to be compared, we define a common set of terms. We further develop categories based on the type of computing system FM are applied in. Solutions in each class and category are presented, discussed, compared, and summarised. We describe historical highlights and developments and present a state-of-the-art review in the area of FM in cyber security. This review is presented from the point of view of FM practitioners and researchers, commenting on the trends in each of the classes and categories. This is achieved by considering all types of FM, several types of security and safety-critical systems, and by structuring the taxonomy accordingly. The article hence provides a comprehensive overview of FM and techniques available to system designers of security-critical systems, simplifying the process of choosing the right tool for the task. The article concludes by summarising the discussion of the review, focusing on best practices, challenges, general future trends, and directions of research within this field
Acsesor: A New Framework for Auditable Custodial Secret Storage and Recovery
Custodial secret management services provide a convenient centralized user experience, portability, and emergency recovery for users who cannot reliably remember or store their own credentials and cryptographic keys. Unfortunately, these benefits are only available when users compromise the security of their secrets and entrust them to a third party. This makes custodial secret management service providers ripe targets for exploitation, and exposes valuable and sensitive data to data leaks, insider attacks, and password cracking, among other dangers.
Several password managers and cryptocurrency wallets today utilize non-custodial solutions, where their users are in charge of a high-entropy secret, such as a cryptographic secret key or a long passphrase, that controls access to their data. One can argue that these solutions have a stronger security model, as the service provider no longer constitutes a single point of trust. However, the obvious downside is that it is very difficult for people to store cryptographic secrets reliably, making emergency recovery a serious problem.
We present Acsesor: a new framework for auditable custodial secret management with decentralized trust. Our framework offers a middle-ground between a fully custodial (centralized) and fully non-custodial (user-managed/distributed) recovery system: it enhances custodial recovery systems with cryptographically assured access monitoring and a distributed trust assumption. In particular, the Acsesor framework distributes the recovery process across a set of (user-chosen) guardians. However, the user is never required to interact directly with the guardians during recovery, which allows us to retain the high usability of centralized custodial solutions. Additionally, Acsesor retains the strong resilience guarantees that custodial systems provide against fraud attacks. Finally, by allowing the guardians to implement flexible user-chosen response policies, Acsesor can address a broad range of problem scenarios in classical secret management solutions. For example, a slow recovery policy, where the guardians wait for a predefined time until responding, can replace the cumbersome passphrases many cryptocurrency wallets implement today for emergency recovery.
We also instantiate the Acsesor framework with a base protocol built of standard primitives: standard encryption schemes and privacy-preserving transparency ledgers. Our construction requires no persistent storage from its users and supports an expansive array of configuration options and extensions
Efficient and Secure ECDSA Algorithm and its Applications: A Survey
Public-key cryptography algorithms, especially elliptic curve cryptography (ECC)and elliptic curve digital signature algorithm (ECDSA) have been attracting attention frommany researchers in different institutions because these algorithms provide security andhigh performance when being used in many areas such as electronic-healthcare, electronicbanking,electronic-commerce, electronic-vehicular, and electronic-governance. These algorithmsheighten security against various attacks and the same time improve performanceto obtain efficiencies (time, memory, reduced computation complexity, and energy saving)in an environment of constrained source and large systems. This paper presents detailedand a comprehensive survey of an update of the ECDSA algorithm in terms of performance,security, and applications