FRAMEWORK FOR ANONYMIZED COVERT COMMUNICATIONS: A BLOCKCHAIN-BASED PROOF-OF-CONCEPT

In this dissertation, we present an information hiding approach incorporating anonymity that builds on existing classical steganographic models. Current security definitions are not sufficient to analyze the proposed information hiding approach as steganography offers data privacy by hiding the existence of data, a property that is distinct from confidentiality (data existence is known but access is restricted) and authenticity (data existence is known but manipulation is restricted). Combinations of the latter two properties are common in analyses, such as Authenticated Encryption with Associated Data (AEAD), yet there is a lack of research on combinations with steganography. This dissertation also introduces the security definition of Authenticated Stegotext with Associated Data (ASAD), which captures steganographic properties even when there is contextual information provided alongside the hidden data. We develop a hierarchical framework of ASAD variants, corresponding to different channel demands. We present a real-world steganographic embedding scheme, Authenticated SteGotex with Associated tRansaction Data (ASGARD), that leverages a blockchain-based application as a medium for sending hidden data. We analyze ASGARD in our framework and show that it meets Level-4 ASAD security. Finally, we implement ASGARD on the Ethereum platform as a proof-of-concept and analyze some of the ways an adversary might detect our embedding activity by analyzing historical Ethereum data.Lieutenant, United States NavyApproved for public release. Distribution is unlimited

Utilizing Public Blockchains for Censorship-Circumvention and IoT Communication

The advancement of blockchain technology and the Internet of Things (IoT) has presented us with unlimited possibilities to integrate the physical and the virtual worlds. In this work, we demonstrate how to override any existing public blockchain, that has enough redundancy in its transactions, to covertly broadcast arbitrary information. Besides, we implement and demonstrate our technique on a real-world cryptocurrency and show how it can be utilized in two specific applications: recording IoT data, and circumventing censorship

Kleptography and steganography in blockchains

Despite its vast proliferation, the blockchain technology is still evolving, and witnesses continuous technical innovations to address its numerous unresolved issues. An example of these issues is the excessive electrical power consumed by some consensus protocols. Besides, although various media reports have highlighted the existence of objectionable content in blockchains, this topic has not received sufficient research. Hence, this work investigates the threat and deterrence of arbitrary-content insertion in public blockchains, which poses a legal, moral, and technical challenge. In particular, the overall aim of this work is to thoroughly study the risk of manipulating the implementation of randomized cryptographic primitives in public blockchains to mount kleptographic attacks, establish steganographic communication, and store arbitrary content. As part of our study, we present three new kleptographic attacks on two of the most commonly used digital signatures: ring signature and ECDSA. We also demonstrate our kleptographic attacks on two real cryptocurrencies: Bytecoin and Monero. Moreover, we illustrate the plausibility of hijacking public blockchains to establish steganographic channels. Particularly, we design, implement, and evaluate the first blockchain-based broadcast communication tool on top of a real-world cryptocurrency. Furthermore, we explain the detrimental consequences of kleptography and steganography on the users and the future of the blockchain technology. Namely, we show that kleptography can be used to surreptitiously steal the users' secret signing keys, which are the most valuable and guarded secret in public blockchains. After losing their keys, users of cryptocurrencies will inevitably lose their funds. In addition, we clarify that steganography can be used to establish subliminal communication and secretly store arbitrary content in public blockchains, which turns them into cheap cyberlockers. Consequently, the participation in such blockchains, which are known to store unethical content, can be criminalized, hindering the future adoption of blockchains. After discussing the adverse effects of kleptographic and steganographic attacks on blockchains, we survey all of the existing techniques that can defend against these attacks. Finally, due to the shortcomings of the available techniques, we propose four countermeasures that ensure kleptography and steganography-resistant public blockchains. Our countermeasures include two new cryptographic primitives and a generic steganographyresistant blockchain framework (SRBF). This framework presents a universal solution that deters steganography and practically achieves the right to be forgotten (RtbF) in blockchains, which represents a regulatory challenge for current immutable blockchains

Uncontrolled Randomness in Blockchains:Covert Bulletin Board for Illicit Activity

Public blockchains can be abused to covertly store and disseminate potentially harmful digital content which poses a serious regulatory issue. In this work, we show the severity of the problem by demonstrating that blockchains can be exploited to surreptitiously distribute arbitrary content. More specifically, all major blockchain systems use randomized cryptographic primitives, such as digital signatures and non-interactive zero-knowledge proofs; we illustrate how the uncontrolled randomness in such primitives can be maliciously manipulated to enable covert communication and hidden persistent storage. To clarify the potential risk, we design, implement and evaluate our technique against the widely-used ECDSA signature scheme, the CryptoNote's ring signature scheme, and Monero's ring confidential transactions. Importantly, the significance of the demonstrated attacks stems from their undetectability, their adverse effect on the future of decentralized blockchains, and their serious repercussions on users' privacy and crypto funds. Finally, we present a generic framework to immunize blockchains against these attacks

Zephyrus: An information hiding mechanism leveraging Ethereum data fields

Permanent availability makes blockchain technologies a suitable alternative for building a covert channel. Previous works have analysed its feasibility in a particular blockchain technology called Bitcoin. However, Ethereum cryptocurrency is gaining momentum as a means to build distributed apps. The novelty of this paper relies on the use of Ethereum to establish a covert channel considering all transaction fields and smart contracts. No previous work has explored this issue. Thus, a mechanism called Zephyrus, an information hiding mechanism based on steganography, is developed. Moreover, its capacity, cost and stealthiness are assessed both theoretically, and empirically through a prototype implementation that is publicly released. Disregarding the time taken to send the transaction to the blockchain, its retrieval and the mining time, experimental results show that, in the best case, 40 Kbits can be embedded in 0.57 s. for US$ 1.64, and retrieved in 2.8

Security and Privacy for Modern Wireless Communication Systems

The aim of this reprint focuses on the latest protocol research, software/hardware development and implementation, and system architecture design in addressing emerging security and privacy issues for modern wireless communication networks. Relevant topics include, but are not limited to, the following: deep-learning-based security and privacy design; covert communications; information-theoretical foundations for advanced security and privacy techniques; lightweight cryptography for power constrained networks; physical layer key generation; prototypes and testbeds for security and privacy solutions; encryption and decryption algorithm for low-latency constrained networks; security protocols for modern wireless communication networks; network intrusion detection; physical layer design with security consideration; anonymity in data transmission; vulnerabilities in security and privacy in modern wireless communication networks; challenges of security and privacy in node–edge–cloud computation; security and privacy design for low-power wide-area IoT networks; security and privacy design for vehicle networks; security and privacy design for underwater communications networks

Malicious uses of blockchains by malware: from the analysis to Smart-Zephyrus

Open Access funding provided thanks to the CRUE-CSIC agreement with Springer Nature. This work was supported by the Madrid Government (Comunidad de Madrid-Spain) under the multiannual agreement with UC3M (“fostering young doctor research”, DEPROFAKE-CM-UC3M) and in the context of the V PRICIT research and technological innovation regional program; by CAM by grant CYNAMON P2018/TCS-4566-CM, co-funded with ERDF; by 1208 Min. of Science and Innovation of Spain by grant ODIO PID2019-1209 111429RB-C21 (AEI/10.13039/50110 12100011033); and by Funding for APC: Universidad Carlos III de Madrid (Read & Publish Agreement CRUE-CSIC 2023)