From f4e8e9f2168d00bff1bcee24f6c8d2d3b90db981 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Radim=20Lipov=C4=8Dan?= Date: Fri, 17 May 2019 12:48:24 +0200 Subject: [PATCH] Docs - monero usage --- docs/_posts/2019-05-03-Moneror-usage.md | 381 +++++++++++++++++++++--- 1 file changed, 334 insertions(+), 47 deletions(-) diff --git a/docs/_posts/2019-05-03-Moneror-usage.md b/docs/_posts/2019-05-03-Moneror-usage.md index 3b06e41..7994ece 100644 --- a/docs/_posts/2019-05-03-Moneror-usage.md +++ b/docs/_posts/2019-05-03-Moneror-usage.md @@ -1,73 +1,360 @@ --- layout: post -title: Monero - best practices for usage -subtitle: Each post also has a subtitle +title: Monero usage +subtitle: From wallets to multisig gh-repo: daattali/beautiful-jekyll gh-badge: [star, fork, follow] -tags: [test] +tags: [wallet, storage, portals] --- -You can write regular [markdown](http://markdowntutorial.com/) here and Jekyll will automatically convert it to a nice webpage. I strongly encourage you to [take 5 minutes to learn how to write in markdown](http://markdowntutorial.com/) - it'll teach you how to transform regular text into bold/italics/headings/tables/etc. +## 4 Monero Usage -**Here is some bold text** +As pointed out in the Chapter 3.3, Monero is one of the cryptocurren- +cies that aim to implement as complex anonymity system as possible. +Moreover, because of that not only the underlying technology of the +network is different from other cryptocurrency projects but the user +side as well. -## Here is a secondary heading +### 4.1 Wallets -Here's a useless table: +The essential part of every currency is the user’s ability to access stored +funds. In cryptocurrency, this is represented by the wallet and associ- +ated software. Overview of the wallet storage methods is described in +the Table 4.1. +Monero wallet contains information that is necessary to send and +receive Monero currency. Each wallet is encrypted by the password set +in the creation process. Typical wallet created using Monero software +named _example-wallet_ consists of: -| Number | Next number | Previous number | -| :------ |:--- | :--- | -| Five | Six | Four | -| Ten | Eleven | Nine | -| Seven | Eight | Six | -| Two | Three | One | +- **example-wallet.keys file** + **-** Is an encrypted file containing private **spend key** and **view** + **key** together with **wallet address**. + **-** Keys file also contains user preferences related to transac- + tions and wallet creation height, so wallet software will + only read blockchain from the wallet creation point. + **-** Using this file, the user can restore the wallet by using the + monero-wallet-cli command: + monero-wallet-cli –generate-from-keys +- **example-wallet file** + **-** Acts as an encrypted cache for wallet software that contains: + ∗ List of outputs of transactions that are associated with + the wallet, so it does not need to scan the blockchain + every time after startup. + ∗ History of transactions with metadata containing trans- + action (TX) keys. + +- **example-wallet.address.txt file** + **-** Stores **unencrypted** information containing generated wal- + let address. + **-** With recent address-based attacks that swap wallet ad- + dresses found in clipboard or files on the hard drive for the + attacker’s wallet address, this poses a security risk [37]. +- **Mnemonic seed** + **-** Mnemonic seed is a 25-word phrase which the last word is + being used as a checksum. Together they represent a 256-bit + integer that is the accounts private spend key. + **-** By having accounts private spend key, wallet software can + derive private view key by hashing private key with Keccak- + 256. That produces another 256-bit integer that represents + private view key. + **-** Both public keys are then derived from newly recovered + private keys. + +Example of Monero wallet address and mnemonic seed: + +- **Wallet address** + **-** 461TWLQhsxrR9dD4CXk4p1RRxAAQ3YCEDhNiGCQjj5 + QA33ohhZPnCX6346EyEwC7TiRSB3XB8KgNaJ4vThd5N + pQqRkGab66 +- **Mnemonic seed** + **-** serving odometer nifty flippant worry sphere were thorn + putty bogeys lyrics feast fawns input biscuit hobby outbreak + rash tucks dwelt liquid azure inexact isolated liquid + +**4.1.1 Wallet types** + +As Monero wallet can be represented as little as one file or 25 words, +it is rather a small piece of information which the user needs to store +in the safe place to keep account under own control. To do that, there +exist two main types of wallets: + +- **Hot wallet +-** Refers to wallet software running on a computer that is +connected to the Internet, thus Monero network. By being +online, the user can verify incoming transactions, spend +from the wallet and check balance as well. +**-** As this type of wallet is not air-gapped (not connected to +the Internet), this poses an external intrusion risk. +**-** The hot wallet can also refer to web-based or exchange- +based wallet that is explained further in this Chapter. +- **View-only wallet +-** Is a wallet containing only private view key pair to see +transactions associated with the wallet. +**-** As this is a view-only wallet, the user can see incoming +transactions but is not able to spend, sign or view outgoing +transactions. That results in incorrect balance when the +wallet is used for sending funds. +- **Cold wallet +-** Is an offline solution to storing wallet seed or private keys +on storage media. Using method, media storing wallet in- +formation have no direct access to the Internet. The storage +medium can be represented by an external hard drive, air- +gapped computer as well as paper with wallet seed written +on it. +**-** That comes with increased security from the IT standpoint, +but the usability of the cryptocurrency suffers. That is mainly +due to the hassle of working with funds when the user +wants to spend them as it requires: +∗ Cold wallet imported into wallet software in the air- +gapped computer. +∗ A view-only wallet connected to the Internet. +**-** This way, the user can generate an unsigned transaction +on the view-only wallet, transfer it for signing to the air- +gapped computer and then back to submit transfer to the +Monero network. + +- **Exchange hosted wallet +-** In the exchange wallet, users funds are stored under an +online account in an online exchange. +**-** As opposed to a regular wallet, there is no wallet soft- +ware or seed required as the whole balance and transaction +system is run by the third party. Funds can be controlled +through users online account that accessible by traditional +username and password. +**-** This poses a risk as the third party has complete access to +users funds and the account’s security is directly depen- +dent on exchanges security measures as Two Factor Au- +thentication (2FA) implementation, IP restriction or email +verification. +- **Web-based wallet +-** Web wallet represents server based Monero client that is +served to the user in the browser. By using a web wallet, the +user can access funds from any Internet-connected device +by sharing: +∗ Mnemonic seed or private spend and view key to send +and receive funds. +∗ Public view key and wallet address to view incoming +transactions to the wallet. +- **Hardware wallet +-** Dedicated hardware solution like Ledger Nano S is still in +its beta phase [38]. +**-** Due to lack of real hardware wallet, the community around +Monero recommends as the alternative a USB drive with a +live distribution of Linux coupled with persistent storage +where Monero client and users private key pairs are stored. +**-** Although this alternate solution effectively rules out host +operating system, there is still a way to capture viable in- +formation. Especially when interacting with an untrusted +machine, where attacker captures GPU output or uses a +hardware keylogger to log the users activity. -How about a yummy crepe? +### 4.1.2 Attacking the wallet +With the rapid expansion of cryptocurrencies from 2014 to 2018, this +area became a significant spot for malware development [39]. As there +are many attack vectors, this Section aims to give info about malicious +activities on users wallets. -![Crepe](http://s3-media3.fl.yelpcdn.com/bphoto/cQ1Yoa75m2yUFFbY2xwuqw/348s.jpg) -Here's a code chunk: +Wallet thieves -~~~ -var foo = function(x) { - return(x + 5); -} -foo(3) -~~~ +Aim to compromise the system in a way that malware finds wallet +files and steals cryptographic keys or seed belonging to the wallet. +Although in Monero, keys are encrypted while stored on the disk. +When running wallet software, keys can be obtained from memory. +This attack can also be performed by distributing malicious wallet +client software. -And here is the same code with syntax highlighting: -```javascript -var foo = function(x) { - return(x + 5); -} -foo(3) -``` +Cloud storage -And here is the same code yet again but with line numbers: -{% highlight javascript linenos %} -var foo = function(x) { - return(x + 5); -} -foo(3) -{% endhighlight %} +Cloud storage provides an easy way of sharing files between devices +as well as users. As the user does not need to set up the infrastructure +and the majority of the services provide free tier, it is usual for people +to take this for granted as a safe place to store files [40]. +This way, the user’s security depends on the following factors: -## Boxes -You can add notification, warning and error boxes like this: +- Wallet encryption on the file level, user password habits. +- Account security – login implementation, 2FA. +- Client application implementation for caching and data transfer. +- Vendors storage system security. -### Notification -{: .box-note} -**Note:** This is a notification box. +Delivery chain -### Warning -{: .box-warning} -**Warning:** This is a warning box. +Hardware wallets like Ledger are built to ensure the safety of users +coins. Therefore the owner of such a device should be pretty con- +fident when using this device that came with original undisrupted +packaging. +For this attack, malicious vendor puts pre-generated mnemonic +seed on a scratchpad. This piece of paper is made to look like an official +one-time generated secret key to the wallet for the user. This way when -### Error -{: .box-error} -**Error:** This is an error box. +Malicious seed generation + +Similar to Delivery chain attack, the attacker in this scenario provides +service that offers secure seed generation to obtain seed information +belonging to the wallet. That is usually done by running a malicious +web service that offers secure seed generation for cryptocurrencies or +developing a standalone software for download. +After the user generates the seed, a package with seed data is +automatically sent to the attackers listening service and then saved +to the database. Both parties know the private information and can +spend funds from the wallet. + + + +### 4.2 Local and remote node + +To spend or view the balance in the wallet, the user is required to have +a wallet client software or use third party services to access the Monero +network. This Section covers the most common type of accessing the +funds, hot wallet in combination with official Monero client software +available athttps://getmonero.org/downloads/. +Monero client requires to be in synchronization with the network +to show the correct balance as well as to work with the funds. That is +done by either running a full local node or connecting to the remote +node. + +**The node** is a part of the cryptocurrency network that keeps a +synced copy of blockchain in the local storage and provides a service +that enables clients to access the information from the blockchain file. +In Monero client software, this is represented bymonerod, a separate +daemon which synchronizes with the network. + +**The local node** is the default option when running wallet soft- +ware, using monerod client downloads from Monero network the +blockchain and stores it in local storage. As of July 2018, blockchain +size is about 44.3 GB. By running local node, client can independently +verify transactions as well as blockchain state. + +**The remote node** , on the other hand, represents a lighter ver- +sion with slightly less privacy when it comes to working with the +wallet. By either choosing in GUI to connect to the remote node +or running cli with parameter _.\monero-wallet-cli.exe –daemon-address +node.address:port_ , the client connects to the remote node and starts +scanning the blockchain as if it was a local one. +Comparison of the node types can be found in the Table 4.2. + +**Local node Remote node** +Blockchain stored on locally Blockchain stored remotely +Observable traffic between +nodes + +### 4.3 Multisig implementation + +Monero started to support multisignature transactions and addresses +by 17th of December 2017 when codebase for this feature was merged +into master by Fluffypony [41]. Multisig became available in the +Lithium Luna release that was released 23rd of July 2018 [42]. +Multisig in a cryptocurrency is a feature that requires the multisig +transaction to be signed by all keys that are required. For multisig, one +can create a multisig wallet that is designed as follow: + +- 1-of-2 + **-** Requires one of two participating parties to sign a transac- + tion. + **-** This scheme acts as a shared wallet where each of the key + holders can spend funds without the other party signing + the transaction. +- 2-of-2 + **-** Requires both parties to sign a transaction. + **-** Each side has to agree to spend funds and sign the transac- + tion. +- M-of-N + **-** Requires M keys of N to sign a transaction, note that M is a + subset of N. + +**4.3.1 Multisig usage** + +After Lithium Luna release, only Monero wallet CLI software is ready +for processing multisig transactions. In the Figures 4.2 and 4.3 example +scheme of 2-of-2 is presented with user A as blue and user B as green +for wallet generation and transaction using Monero multisig feature. + + +### 4.4 Problems in Monero environment + +Monero privacy features are appreciated not only by privacy savvy +users but malware, phishing, and other malicious software creators +as well. +The main reason to use Monero over other cryptocurrencies for +them is that Monero is not only harder to trace but when the attack is +implemented well, after moving funds in separate batches to multiple +wallets an over more extended period, no one will be able to associate +the coins with the malicious activity. +There are four main problems concerning Monero environment: + + +1) Ransomware + +Malware that encrypts user files and then demands a ransom in the +form of cryptocurrency, computer and files are no longer accessible +unless the user pays the required amount. During its peak time, all +popular ransomware demanded payment in Bitcoin. +As malware developers started to get their coins targeted by projects +such as one from Netherlands’ police called No More Ransom available +atnomoreransom.org[43, 44]. Because of this targeting, they had to +choose another cryptocurrency to solve this problem, and the solu- +tion was Monero [45]. Kirk is an example of Monero malware that is +included in the Figure 4.5 [46]. + +Figure 4.4: Kirk ransomware that demands payment in Monero. + +2) Scam portals + +As mentioned in the Section Wallets 4.1, online wallets usage is a risky +thing due to entrusting user’s private keys to the third party. Users +often choose them as they are not required to have any additional +software. Due to this fact, there are more than ten domains that copy +the design, functionality, and name ofmymonero.comofficial online +wallet with added code that steals the user’s wallet data. Detailed list +of domains is available at https://www.reddit.com/r/Monero/wiki +/avoid. +Aside from direct scams, there are also services offering wallet +services which have their codebase closed and store all wallet infor- +mation. The best-known example of such service is freewallet.org, +that is strongly criticized for closed source as well as funds that are +reported as missing from user’s accounts [47]. + + +3) Crypto-jacking attack + +Crypto-jacking a type of attack where the attacker delivers a malicious +payload to the user’s computer. Rather than rendering the device +unusable either by blocking like ransomware, part of system resources +is used for mining. + +Figure 4.5: Some websites openly state that they mine Monero. + +Crypto-jacking is becoming more frequent than ransomware as it +has proven that steady but low income is more profitable than one- +time payment in the form of ransomware [48]. + +4) Black Ruby + +Interesting intersection of ransomware and crypto-jacking category is +Black Ruby malware that combines features of both. First, it encrypts +files on the target computer and then proceeds to mine Monero using +XMRig (as explained in the Section 7.2) at full CPU load [49]. + +### 4.5 Monero use case + +Aside from code quality and features, another important factor in +cryptocurrency success are the ways how users can spend the funds. +While numerous community around Monero that centers around +Reddit _/r/Monero_ created _/r/XMRtrader_ , there are also projects that +support Monero in day-to-day use like https://xmr.to/. +What is most noticeable tough, are darknet markets, that started +to support payments by Monero. This results in the rather negative +use case of the crypto as payments by Monero are not directly likable +to one’s wallet as described in the Section 3.5.2. + +Although darknet markets may support Monero, a short inspection +of Top 10 markets revealed that only 5 of them list Monero as the +general way to pay. Rest of them are not forcing the sellers to use +Monero. This results at about 40% availability of Monero payment +option on these type of markets.