From e19f82f21c778fba6e3f5d0823262865448fbce6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Radim=20Lipov=C4=8Dan?= Date: Sat, 4 Aug 2018 19:14:03 +0200 Subject: [PATCH] Attacking the wallet --- Thesis.bib | 20 ++++++++++++++++++++ Thesis.tex | 26 ++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/Thesis.bib b/Thesis.bib index f91af04..9136070 100644 --- a/Thesis.bib +++ b/Thesis.bib @@ -340,3 +340,23 @@ Protocol url = {https://github.com/LedgerHQ/blue-app-monero}, urldate = {2018-07-29} } + +@inproceedings{schaupp2018cryptocurrency, + title={Cryptocurrency adoption and the road to regulation}, + author={Schaupp, Ludwig Christian and Festa, Mackenzie}, + booktitle={Proceedings of the 19th Annual International Conference on Digital Government Research: Governance in the Data Age}, + pages={78}, + year={2018}, + organization={ACM} +} + +@article{caviglione2017covert, + title={Covert channels in personal cloud storage services: The case of Dropbox}, + author={Caviglione, Luca and Podolski, Maciej and Mazurczyk, Wojciech and Ianigro, Massimo}, + journal={IEEE Transactions on Industrial Informatics}, + volume={13}, + number={4}, + pages={1921--1931}, + year={2017}, + publisher={IEEE} +} \ No newline at end of file diff --git a/Thesis.tex b/Thesis.tex index 1094a6b..53c9daf 100644 --- a/Thesis.tex +++ b/Thesis.tex @@ -591,6 +591,32 @@ Funds can be controlled through users online account that accessible by traditio \end{itemize} \subsection{Attacking the wallet} +With rapid expansion of cryptocurrencies from 2014 to 2018, this area became a significant spot for malware development \cite{schaupp2018cryptocurrency}. As there are many attack vectors, this section aims to give info about malicious activites on users wallets. + +\textbf{Wallet thieves}\\ +Aim to compromise the system in a way that malware finds wallet files and steals cryptographic keys or seed belonging to the wallet. Altought in Monero, keys are encrypted while stored on the disk, when running wallet software, keys can be obtained from the memory. This attack can also be performed by distributing malicious wallet client software. + +\textbf{Cloud storage}\\ +Cloud storage provides an easy way of sharing files between devices as well as users. As user doesnt need to set up the infrastructure and majority of the services provide free tier, it is usual for people to take this for granted as a safe place to store files \cite{caviglione2017covert}. + +This way, users security depends on following factors: +\begin{itemize}\itemsep0em +\item Wallet encryption on file level, user password habbits +\item Account security - login implementation, F2A +\item Client application implementation for caching and data transfer +\item Vendors storage system security +\end{itemize} + +\textbf{Delivery chain}\\ +Hardware wallets like Ledger are built to ensure safety of users coins, therefore owner of such device should be pretty confident when using this device that came with original undisrupted packaging. + +For this attack, malicious vendor puts pre-generated mnemonic seed on a scratchpad. This piece of paper is made to look like an official one-time generated secret key to the wallet for the user. This way when user puts seed to the hardware wallet and begins to store coins in here, vendor has complete access as well as both parties know the seed. + +\textbf{Malicious seed generation}\\ +Similliar to Delivery chain attack, attacker in this scenario provides seed that is known by both participating parties through wallet generation web page or standalone software. + + +\newpage Hot wallet Cold wallet View-only wallet