Bitcoin, Security for Cloud & Big Data

Similar documents
Crypto tricks: Proof of work, Hash chaining

Chapter 13. Digital Cash. Information Security/System Security p. 570/626

ENEE 457: E-Cash and Bitcoin

Bitcoin. CS6450: Distributed Systems Lecture 20 Ryan Stutsman

Problem: Equivocation!

Computer Security. 14. Blockchain & Bitcoin. Paul Krzyzanowski. Rutgers University. Spring 2019

EECS 498 Introduction to Distributed Systems

Bitcoin, a decentralized and trustless protocol

Blockchains & Cryptocurrencies

CS 161 Computer Security

Security (and finale) Dan Ports, CSEP 552

CS 161 Computer Security

CS 161 Computer Security. Week of September 11, 2017: Cryptography I

BITCOIN PROTOCOL & CONSENSUS: A HIGH LEVEL OVERVIEW

Biomedical Security. Cipher Block Chaining and Applications

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

Blockchain. CS 240: Computing Systems and Concurrency Lecture 20. Marco Canini

Smalltalk 3/30/15. The Mathematics of Bitcoin Brian Heinold

Introduction to Cryptoeconomics

Lecture 3. Introduction to Cryptocurrencies

SpaceMint Overcoming Bitcoin s waste of energy

Multiparty Computation (MPC) protocols

Security Analysis of Bitcoin. Dibyojyoti Mukherjee Jaswant Katragadda Yashwant Gazula

Transactions as Proof-of-Stake! by Daniel Larimer!

Biomedical Security. Some Security News 10/5/2018. Erwin M. Bakker

A Gentle Introduction To Bitcoin Mining

Computer Security Spring 2010 Paxson/Wagner Notes 3/8. Key Management. 1 Cryptographic Hash Functions. 2 Man-in-the-middle Attacks

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Page Total

How Bitcoin achieves Decentralization. How Bitcoin achieves Decentralization

Let's build a blockchain!

CS Computer Networks 1: Authentication

CS 161 Computer Security

CSE 127: Computer Security Cryptography. Kirill Levchenko

Ensimag - 4MMSR Network Security Student Seminar. Bitcoin: A peer-to-peer Electronic Cash System Satoshi Nakamoto

Introduction to Cryptography in Blockchain Technology. December 23, 2018

CS 161 Computer Security

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

Outline Key Management CS 239 Computer Security February 9, 2004

CS 251: Bitcoin and Crypto Currencies Fall 2015

CS 161 Computer Security

University of Duisburg-Essen Bismarckstr Duisburg Germany HOW BITCOIN WORKS. Matthäus Wander. June 29, 2011

Crypto-systems all around us ATM machines Remote logins using SSH Web browsers (https invokes Secure Socket Layer (SSL))

Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric

Biomedical and Healthcare Applications for Blockchain. Tiffany J. Callahan Computational Bioscience Program Hunter/Kahn Labs

Crypto meets Web Security: Certificates and SSL/TLS

As a 3rd generation currency, not only are transactions secured, private and fast, you actually get paid for holding DigitalPrice coins.

Anupam Datta CMU. Fall 2015

CPSC 467b: Cryptography and Computer Security

CS61A Lecture #39: Cryptography

1 Identification protocols

key distribution requirements for public key algorithms asymmetric (or public) key algorithms

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Crypto Basics: History, Applied Cryptography in IT Security Today and in the Next Year

CS 425 / ECE 428 Distributed Systems Fall 2017

Tungsten Security Whitepaper

Using Chains for what They re Good For

APPLICATIONS AND PROTOCOLS. Mihir Bellare UCSD 1

CPSC 467b: Cryptography and Computer Security

CS 161 Computer Security

Anupam Datta CMU. Spring 2017

Strong Password Protocols

Incentivized Delivery Network of IoT Software Updates Based on Proofs-of-Distribution

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1

Securing Internet Communication: TLS

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Bitcoin and Blockchain

Lecture 12. Algorand

CS 161 Computer Security

Instructions 1. Elevation of Privilege Instructions. Draw a diagram of the system you want to threat model before you deal the cards.

Who wants to be a millionaire? A class in creating your own cryptocurrency

P2P BitCoin: Technical details

CS3235 Seventh set of lecture slides

Encrypted Data Deduplication in Cloud Storage

What is Proof of Work?

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

INSE 6110 Midterm LAST NAME FIRST NAME. Fall 2016 Duration: 80 minutes ID NUMBER. QUESTION Total GRADE. Notes:

Lessons Learned from 4,000 Security Assessments. Sadik Al-Abdulla Security Practice Director, CDW

ECE596C: Handout #9. Authentication Using Shared Secrets. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

Chapter 9: Key Management

CSE 5852, Modern Cryptography: Foundations Fall Lecture 26. pk = (p,g,g x ) y. (p,g,g x ) xr + y Check g xr +y =(g x ) r.

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1

Cryptography. some history. modern secret key cryptography. public key cryptography. cryptography in practice

Please ensure answers are neat and legible. Illegible answers may be given no points.

n-bit Output Feedback

Spring 2010: CS419 Computer Security

Instructions 1 Elevation of Privilege Instructions

REM: Resource Efficient Mining for Blockchains

Authentication Part IV NOTE: Part IV includes all of Part III!

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

Upgrading Bitcoin: Segregated Witness. Dr. Johnson Lau Bitcoin Core Contributor Co-author of Segregated Witness BIPs March-2016

More crypto and security

CS 161 Computer Security

FreeMessage Secure Messaging by GMX and WEB.DE

Detecting Attacks, cont.

CS 251: Bitcoin and Cryptocurrencies Fall 2016

Hijacking Bitcoin: Routing Attacks on Cryptocurrencies

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Transcription:

Bitcoin, Security for Cloud & Big Data CS 161: Computer Security Prof. David Wagner April 18, 2013

Bitcoin Public, distributed, peer-to-peer, hash-chained audit log of all transactions ( block chain ). Mining: Each entry in block chain must come with a proof of work (its hash value ends in k zeros). Thus, appending takes computation. Lottery: First to successfully append to block chain gets a small reward (if append is accepted by others). This creates new money. Each block contains a list of transactions, and identify of miner (who receives the reward). Consensus: If there are multiple versions of the block chain, longest one wins.

Bitcoin Transactions: If Alice wants to give $10 to Bob, she signs this transaction. She gives the signed transaction to all miners and asks them to include it in the block they re trying to append to the chain. Honest miners check integrity of block chain entries and try to append to the latest, longest valid version of block chain. Bob knows he has received $10 once this transaction appears in the consensus block chain.

Consensus Can Mallory fork the block chain? Say she buys Bob s from him for $10,000 in Bitcoins. Then, she goes back in time and, starting from the block chain just before this transaction was added to it, she starts appending new entries from there. Can she get others to accept this forked chain, so she gets her $10,000 back? pay Bob $10k

Consensus Can Mallory fork the block chain? Answer: No, not unless she has 51% of the computing power in the world. Longest chain wins, and her forked one will be shorter (unless she can mine new entries faster than aggregate mining power of everyone else in the world). pay Bob $10k

How Bitcoin Addresses Criticisms of Naïve Scheme Initial balance is arbitrary: in Bitcoin, initial balances are zero Broadcasting is expensive and doesn t scale: gossip protocol A conspiracy of n/2 malicious computers can fork the audit log and steal all the money: they d have to own 51% of all the computing power in the Bitcoin world Sybil attacks: Anyone can set up millions of servers and thus have a 50% majority: they d have to own 51% of all the computing power in the Bitcoin world

Discussion How can Alice turn dollars into bitcoins, or vice versa? Is Bitcoin anonymous? Should I think of Bitcoin as a short-term currency or as a long-term investment? Is it ethical to build a system that relies upon wasting CPU cycles (and thus energy)?

BitCoin Take-away Crypto tools allow for sophisticated solutions to integrity and trust in peer-to-peer systems

Big Data in the Cloud Trends in computing: Big data : Easy to collect lots and lots of data about us Cloud computing : Cheaper to store data in the cloud, and do computation there What are the security and privacy implications of these trends?

Big Data in the Cloud Trends in computing: Big data : Easy to collect lots and lots of data about us Cloud computing : Cheaper to store data in the cloud, and do computation there What are the security and privacy implications of these trends? Privacy companies know a lot about us Data security a security breach exposes all our data

Potential Solutions Some possible ways to mitigate the threat: Policy: Minimize data collection or retention, limit who can access stored data or for what purposes Technology: Encrypt data while it is stored on cloud servers

Potential Solutions Some possible ways to mitigate the threat: Policy: Minimize data collection or retention, limit who can access stored data or for what purposes Technology: Encrypt data while it is stored on cloud servers but then how can they do any useful computation on our data?

Case Study: DropBox DropBox lets you store your files in the cloud. For efficiency reasons, if Alice and Bob have the same file (pharrell_williams_happy.mp3), DropBox doesn t want to store it twice. For security reasons, it d be nice if DropBox could encrypt your files on your computer (with a key only you know) and upload the encrypted version. But if we encrypt the same file twice, we get two different ciphertexts.

Case Study: DropBox DropBox lets you store your files in the cloud. For efficiency reasons, if Alice and Bob have the same file (pharrell_williams_happy.mp3), DropBox doesn t want to store it twice. For security reasons, it d be nice if DropBox could encrypt your files on your computer (with a key only you know) and upload the encrypted version. But if we encrypt the same file twice, we get two different ciphertexts. How does DropBox do de-duplication on encrypted files?

DropBox s Solution What DropBox actually does: To upload file x, send SHA256(x) to DropBox. If it s not a duplicate, send x to DropBox over SSL, and they ll encrypt it using a fixed key k (same for all users) and store E k (x) on their servers. Problems: DropBox has k so can decrypt all your data. A bug or security breach in DropBox can expose all your data. In fact, on 6/19/2011, DropBox did have a bad bug, where they screwed up the authentication: you could log into someone else s account without knowing their password (just enter any password, and you re in). This exposed everyone s files to the world.

Better Solution for DropBox? A natural attempt at a better solution: To upload file x, send to DropBox E k (x), SHA256(x) where k is your personal key. This does let DropBox detect duplicates, but it has a problem. Say Alice uploads file x (encrypted under her key k 1 ), then Bob uploads the same file x (encrypted under his key k 2 ). DropBox can detect it s a duplicate, since it has the same hash. However, the copy on DropBox s servers is encrypted under Alice s key k 1, so Bob won t later be able to decrypt.

A Better Solution for DropBox Better solution: Convergent encryption. Upload C = AES-CBC k (x), where k = SHA256(x) and IV = 0. Also upload an encryption of k under your personal key. Now encrypting the same file twice gives the same ciphertext C, so C only needs to be stored once. C is a deterministic function of x, so if Alice and Bob upload the same file x, DropBox only has to store C once. DropBox does store encryption of k under Alice s key and under Bob s key, but both of those are short. This is what DropBox should have done. What s the potential weakness of this?

Case Study: Encrypted Email My email is stored in the cloud on a server. For security reasons, I want it to be stored in encrypted form, so I don t have to trust the server. But I also want to be able to do keyword search on all my email.

Case Study: Encrypted Email My email is stored in the cloud on a server. For security reasons, I want it to be stored in encrypted form, so I don t have to trust the server. But I also want to be able to do keyword search on all my email. How can I search on encrypted email?

Solution for Encrypted Email One solution: Each word w is encrypted separately and deterministically: E k (w) = AES-CBC k (w) where IV = SHA256(w) Advantage: Keyword searches just work, as long as I encrypt the keyword I m searching on. Problem: This leaks a lot of data about my email.

Solution for Encrypted Email One solution: Each word w is encrypted separately and deterministically: E k (w) = AES-CBC k (w) where IV = SHA256(w) Advantage: Keyword searches just work, as long as I encrypt the keyword I m searching on. Problem: This leaks a lot of data about my email. More secure solution: For each word w, store r, SHA256(r, E k (w)) where r is random and different each time, and E k (w) is deterministic encryption as above. To search for word w, send x = E k (w) to server. For each r, y on the server, server can test whether SHA256(r, x)=y.

Match-making Alice and Bob are cryptographers and want to find out if they re interested in each other romantically, but neither wants to suffer possible rejection. Can we build a match-making service where they both get notified if they re both interested in each other, but otherwise they learn nothing?

Match-making Alice and Bob are cryptographers and want to find out if they re interested in each other romantically, but neither wants to suffer possible rejection. Can we build a match-making service where they both get notified if they re both interested in each other, but otherwise they learn nothing? Solution: Use a trusted server S. Alice sends x to S, where x = 1 if she is interested in Bob or 0 if not. Bob sends y to S. S computes z = x y and sends z to both Alice and Bob.

Match-making Alice and Bob are cryptographers and want to find out if they re interested in each other romantically, but neither wants to suffer possible rejection. Can we build a match-making service where they both get notified if they re both interested in each other, but otherwise they learn nothing? Solution: Use a trusted server S. Alice sends x to S, where x = 1 if she is interested in Bob or 0 if not. Bob sends y to S. S computes z = x y and sends z to both Alice and Bob. Can Alice and Bob do this on their own without trusting any server?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback