Internship Week 3

WEEK 3: CYBERSECURITY
BY ROWAN BRIGGS
CYBERSECURITY AND ITS TEN DOMAINS
• Week 2 Recap
• Passwords are susceptible
• It is important to use different tricks to try to safeguard your passwords
• Large variety of attacks on users
• Integrity means that there has been no modification of a message
• Computer must be able to detect error or verify message

• It is important to protect different types of media

• Some is more fragile and may be damaged by temperatures or other things
• Important to dispose of media carefully
• If improperly disposed, may cause data leak
BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES
• Recap of Week 2
• Bitcoin is a peer to peer network
• Bitcoin uses “mining”
• Bitcoin has built in methods to incentivize good nodes
• Bitcoin is decentralized
• Bitcoin is a distributed consensus
• Week 2 Recap
• Bitcoin uses block rewards and transaction fees
• Bitcoin has a set amount of bitcoin, 21 million
• The reward for creating a block is set, and halves every 4 years
• Account-based ledger
• Maps transactions in chronological order
• Maps each transactions based on accounts
• Issues because it must view all transactions in order to verify current transaction
• Transaction-Based ledger
• Constantly updates accounts based on transactions
• References past transactions that are relevant to the current one
• Gives more possibilities
• Merge transactions
• Joint payments
• What does Bitcoin code include?

• Input
• Hash
• Housekeeping
• Not valid before
• Housekeeping
• Previous transaction
• Signature
• What does Bitcoin code look like?

• Output
• Value
• Recipient Address
• Bitcoin has a scripting language!

• Built for bitcoin
• Simple
• Support for cryptography
• Stack-based
• Limits on time/memory
• No looping
• This is to help miners
• Bitcoin script instructions

• 256 opcodes
• 15 disabled, 75 reserved
• Arithmetic
• If-then
• Logic/data handling
• Cryptography!
• Bitcoin Script Instructions-Cryptography

• Hashes
• Sig Verify
• Multisig verification
• OP_CHECKmultisig
• For joint sigs
• Specify public keys
• Specify t (tag)
• Verification requires tags
• Known bug pops up
• Bug accidentally removes an extra value, so must add a dummy value
• Bitcoin scripts in practice

• Most nodes whitelist known scripts
• 99.9% are simple sig checks
• 0.01% multisig
• 0.01% pay-to-script-hash
• Remainder are errors, proof-of-burn
• Escrow Transactions
• Uses a “judge” to decide any issues
• Example of Alice, Bob, and Judy
• Multisig
• Green addresses
• Uses a “bank”
• Relies on users trusting the bank, as no bitcoin code enforces banks to be good
• Example of Bob, Alice, and Bank
• Micro-payments
• User begins by paying the max amount into a location
• Location pays other user every once in awhile
• Both Alice and Bob verify it when the payment is good
• Does use double spending
• Lock_time that says when transaction can be published
• Bitcoin is difficult to change

• Changing amount of bitcoin can really hurt miners
• Changing the block reward could upset miners
• Adding new commands could hurt nodes that do not update
• 10 min average time per block
• 1M bytes in a block
• How does a node decide whether or not to relay a transaction?

• Validates transaction
• Script matches whitelist
• Makes sure it has not seen the transaction before
• Does not conflict with any other relayed messages
• Bitcoin P2P network

• Ad-hoc protocol
• Ad-hoc network with random topology
• All nodes equal
• New nodes can come in at any time
• Forget non-responding nodes after 3 hours
CRYPTOGRAPHY I
• Week 2 Recap:
• We can make PRF and PRP
• PRP is a PRF
• PRF needs to be secure
• Took a look at block ciphers
• Took a look at CTR and CBC, but neither ensure data integrity
CRYPTOGRAPHY I
• Week 2 Recap
• Exhaustive Search for block cipher-key
• Given a few input/output pairs, you can find key k
• Side Channel Attacks
• Measure time to do encryption/decryption and power needed
• Fault Attacks
• Look for errors in last round that expose the secret key
CRYPTOGRAPHY I
• Week 2 Recap
• Linear and Differential attacks
• Given many input/output pairs, you can recover the key
• Quantum attacks
• Requires a quantum computer
• Find XeX such that f(x) = 1
CRYPTOGRAPHY I
• Goal: integrity, not confidentiality

• Message Authentication Codes (MAC)
• Protect public binaries on disk
• Protecting banner ads on web pages
CRYPTOGRAPHY I
• MAC
• I = (S,V) defined over (K, M, T)
• New variable, T = tag
• Tags must be secure and unique to each message
CRYPTOGRAPHY I
• What is an attacker’s goal?

• To produce a new valid message and tag pair
• Can use a chosen message attack to get tags of other messages
• If he can create a valid message and tag pair, the MAC is insecure
CRYPTOGRAPHY I
• Tags need length

• Too short and they can be guessed
• Tags need to be unique
• Tags cannot be predictable
CRYPTOGRAPHY I
• If you have a secure PRF, you can make a secure MAC
• If the PRF output is small, then it can be insecure

CRYPTOGRAPHY I
• Similar to cryptocurrency course

• Talks about hash values
• Collisions inevitable, but need to be incredibly unlikely

CRYPTOGRAPHY I
• Timing attacks
• Query server w/random tag
• Loop over all possible first bytes and query server
• Do this until verification takes a little longer than in step 1
• Repeat for all tag bytes until valid tag found
• Can use code to make computing time always take the same time
CYBERSECURITY
• Recap
• Need to be very careful with how you handle data
• Integrity is very important
CRYPTOCURRENCY
• Bitcoin is very sophisticated, but it has its flaws

• Bitcoin relies on miners very heavily
• Better understanding of bitcoin structure
CRYPTOGRAPHY
• MAC
• Importance of tags in integrity
• Very important to have consistency, to make it difficult for attackers

Internship Week 3

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Internship Week 3

Uploaded by

Copyright:

Available Formats

WEEK 3: CYBERSECURITY

• Integrity means that there has been no modification of a message

• Computer must be able to detect error or verify message

• It is important to protect different types of media

• What does Bitcoin code include?

• What does Bitcoin code look like?

• Bitcoin has a scripting language!

• Bitcoin script instructions

• Bitcoin Script Instructions-Cryptography

• Bitcoin scripts in practice

• Bitcoin is difficult to change

• How does a node decide whether or not to relay a transaction?

• Bitcoin P2P network

• Goal: integrity, not confidentiality

• What is an attacker’s goal?

• Tags need length

• If you have a secure PRF, you can make a secure MAC

• If the PRF output is small, then it can be insecure

• Similar to cryptocurrency course

• Collisions inevitable, but need to be incredibly unlikely

• Bitcoin is very sophisticated, but it has its flaws

You might also like