Unravelling Ariadne’s Thread: Exploring the Threats of Decentralised DNS

The current landscape of the core Internet technologies shows considerable centralisation with the big tech companies controlling the vast majority of traffic and services. This situation has sparked a wide range of decentralisation initiatives with blockchain technology being among the most prominent and successful innovations. At the same time, over the past years there have been considerable attempts to address the security and privacy issues affecting the Domain Name System (DNS). To this end, it is claimed that Blockchain-based DNS may solve many of the limitations of traditional DNS. However, such an alternative comes with its own security concerns and issues, as any introduction and adoption of a new technology typically does - let alone a disruptive one. In this work we present the emerging threat landscape of blockchain-based DNS and we empirically validate the threats with real-world data. Specifically, we explore a part of the blockchain DNS ecosystem in terms of the browser extensions using such technologies, the chain itself (Namecoin and Emercoin), the domains, and users who have been registered in these platforms. Our findings reveal several potential domain extortion attempts and possible phishing schemes. Finally, we suggest countermeasures to address the identified threats, and we identify emerging research themes

IKP: Turning a PKI Around with Blockchains

Man-in-the-middle attacks in TLS due to compromised CAs have been mitigated by log-based PKI enhancements such as Certificate Transparency. However, these log-based schemes do not offer sufficient incentives to logs and monitors, and do not offer any actions that domains can take in response to CA misbehavior. We propose IKP, a blockchain-based PKI enhancement that offers automatic responses to CA misbehavior and incentives for those who help detect misbehavior. IKP’s decentralized nature and smart contract system allows open participation, offers incentives for vigilance over CAs, and enables financial recourse against misbehavior. We demonstrate through a game theoretic model and through an Ethereum prototype implementation that the incentives and increased deterrence offered by IKP are technically and economically viable

Overview of Polkadot and its Design Considerations

In this paper we describe the design components of the heterogenous multi-chain protocol Polkadot and explain how these components help Polkadot address some of the existing shortcomings of blockchain technologies. At present, a vast number of blockchain projects have been introduced and employed with various features that are not necessarily designed to work with each other. This makes it difficult for users to utilise a large number of applications on different blockchain projects. Moreover, with the increase in number of projects the security that each one is providing individually becomes weaker. Polkadot aims to provide a scalable and interoperable framework for multiple chains with pooled security that is achieved by the collection of components described in this paper

Towards a Framework for DHT Distributed Computing

Distributed Hash Tables (DHTs) are protocols and frameworks used by peer-to-peer (P2P) systems. They are used as the organizational backbone for many P2P file-sharing systems due to their scalability, fault-tolerance, and load-balancing properties. These same properties are highly desirable in a distributed computing environment, especially one that wants to use heterogeneous components. We show that DHTs can be used not only as the framework to build a P2P file-sharing service, but as a P2P distributed computing platform. We propose creating a P2P distributed computing framework using distributed hash tables, based on our prototype system ChordReduce. This framework would make it simple and efficient for developers to create their own distributed computing applications. Unlike Hadoop and similar MapReduce frameworks, our framework can be used both in both the context of a datacenter or as part of a P2P computing platform. This opens up new possibilities for building platforms to distributed computing problems. One advantage our system will have is an autonomous load-balancing mechanism. Nodes will be able to independently acquire work from other nodes in the network, rather than sitting idle. More powerful nodes in the network will be able use the mechanism to acquire more work, exploiting the heterogeneity of the network. By utilizing the load-balancing algorithm, a datacenter could easily leverage additional P2P resources at runtime on an as needed basis. Our framework will allow MapReduce-like or distributed machine learning platforms to be easily deployed in a greater variety of contexts

ClaimChain: Improving the Security and Privacy of In-band Key Distribution for Messaging

The social demand for email end-to-end encryption is barely supported by mainstream service providers. Autocrypt is a new community-driven open specification for e-mail encryption that attempts to respond to this demand. In Autocrypt the encryption keys are attached directly to messages, and thus the encryption can be implemented by email clients without any collaboration of the providers. The decentralized nature of this in-band key distribution, however, makes it prone to man-in-the-middle attacks and can leak the social graph of users. To address this problem we introduce ClaimChain, a cryptographic construction for privacy-preserving authentication of public keys. Users store claims about their identities and keys, as well as their beliefs about others, in ClaimChains. These chains form authenticated decentralized repositories that enable users to prove the authenticity of both their keys and the keys of their contacts. ClaimChains are encrypted, and therefore protect the stored information, such as keys and contact identities, from prying eyes. At the same time, ClaimChain implements mechanisms to provide strong non-equivocation properties, discouraging malicious actors from distributing conflicting or inauthentic claims. We implemented ClaimChain and we show that it offers reasonable performance, low overhead, and authenticity guarantees.Comment: Appears in 2018 Workshop on Privacy in the Electronic Society (WPES'18

Practical I-Voting on Stellar Blockchain

In this paper, we propose a privacy-preserving i-voting system based on the public Stellar Blockchain network. We argue that the proposed system satisfies all requirements stated for a robust i-voting system including transparency, verifiability, and voter anonymity. The practical architecture of the system abstracts a voter from blockchain technology used underneath. To keep user privacy, we propose a privacy-first protocol that protects voter anonymity. Additionally, high throughput and low transaction fees allow handling large scale voting at low costs. As a result we built an open-source, cheap, and secure system for i-voting that uses public blockchain, where everyone can participate and verify the election process without the need to trust a central authority. The main contribution to the field is a method based on a blind signature used to construct reliable voting protocol. The proposed method fulfills all requirements defined for i-voting systems, which is challenging to achieve altogether.The work was supported partially by founds of Department of Computer Architecture, Faculty of Electronics, Telecommunications and Informatics, Gdańsk University of Technology, and Conselleria of Innovation, Universities, Science and Digital Society, of the Community of Valencia, Spain, under project AICO/2020/206. The development of the project has been also supported by the grant founded by Stellar Community Found

Seedemu: The Seed Internet Emulator

I studied and experimented with the idea of building an emulator for the Internet. While there are various already available options for such a task, none of them takes the emulation of the entire Internet as an important feature in mind. Those emulators and simulators can handle small-scale networks pretty well, but lacks the ability to handle large-size networks, mainly due to: - Not being able to run many nodes, or requires very powerful hardware to do so,- Lacks convenient ways to build a large emulation, and - Lacks reusability: once something is built, it is very hard to re-use them in another emulation I explored, in the context of for-education Internet emulators, different ways to overcome the above limitations. I came up with a framework that enables one to create emulation using code. The framework provides basic components of the Internet. Some examples include routers, servers, networks, Internet exchanges, autonomous systems, and DNS infrastructure. Building emulation with code means it is easy to build emulation with complex topologies since one can make use of the common control structures like loops, subroutines, and functions. The framework exploits the idea of ``layers.\u27\u27 The idea of ``\emph{layers}\u27\u27 can be seen as an analogy of the idea of ``layers\u27\u27 in image processing software, in the sense that each layer contains parts of the image (in this case, part of the emulation), and need to be ``rendered\u27\u27 to obtain the resulting image. There are two types of layers, base layers and service layers. Base layers describe the ``base\u27\u27 of the topologies, like how routers, servers, and networks are connected, how autonomous systems are peered with each other; service layers describe the high-level services on the Internet. Examples of services layers are web servers, DNS servers, ethereum nodes, and botnet nodes. No layers are tied to any other layers, meaning each layer can be individually manipulated, exported, and re-used in another emulation. One can build an entire DNS infrastructure, complete with root DNS, TLD DNS, and deploy it on any base layer, even with vastly different underlying topologies. The result of the rendered layer is a set of data structures that represents the objects in a network emulation, like host, router, and networks. These representations can then be ``compiled\u27\u27 into something that one can execute using a compiler. The main target platform of the framework is Docker. The source of the SEEDEMU project is publicly available on Github: https://github.com/seed-labs/seed-emulator