Bleeding edge: The intersection of Bitcoin and cyber-security

The good, the bad, & the ugly…

There are some very obvious connections between bitcoin and cybersecurity; almost every hacker who blackmails their victims via ransomware or whatever other hack demand payment in bitcoin. This is the ugly side of bitcoin and cybersec; by it’s very nature bitcoin is pseudo-anonymous (read: difficult to trace), decentralized (read: difficult to take down) and increasingly easy to use. No wonder hackers love bitcoin.

But what are the other facets to bitcoin melding with cybersec?

The bad…

… it can be used to control botnets

The bitcoin blockchain is intended to be extremely difficult to take down, to be private and unregulated. Sounds like the perfect medium for a Command and Control [C&C] service. Enter ZombieCoin 2.0:

https://link.springer.com/article/10.1007/s10207-017-0379-8

The authors of this paper successfully manage to design

[…] ZombieCoin bots which we then deploy and successfully control over the Bitcoin network.

They do this by embedding simple botnet commands into the bitcoin transaction field OP_RETURN which is normally used for transaction identifiers similar to what you’d have in your online ebanking portal. This field allows you to include up to 80 bytes of data which the authors use to control their bots. The resulting bot is only 7MB in size and stores only about 626kB worth of blockchain. with the traffic generated by this C&C method being indistinguishable from normal bitcoin traffic.

Time to start blocking bitcoin traffic on your enterprise network

The good…

… it can be make Man In The Middle Attacks a thing of the past

Most MiTM attacks rely on being able to change data that is supplied to a client – for example changing DNS entries or HTTPS certificates. Current DNS / SSL / TLS protocols struggle to make this data tamper proof. DNSSEC hasn’t really taken off and SSL/TLS rely on a central authority that can be compromised or abused.

However… if attackers can embed data in the blockchain, so can developers and defenders. Inheriting all the benefits of the blockchain, this embedded data will not only be resilient and de-centralized (like you’d hope DNS is…)  but also backed by cryptography to result in tamper-proof data. Any entries into this system would have to be validated and agreed upon by at least 51% of the network to be accepted…

So what id we use blockchain instead of DNS and HTTPS certificate authorities? Entities would use the blockchain to resolve their IP addresses and provide their public certificates in a safe, secure manner. This is the basic concept behind a blockchain-based technology aptly named NAMECOIN:

https://bit.namecoin.org/

While it may look rather theoretical or at least difficult to migrate our systems to use blockchain, it turns out that there already is some excellent work being done by Greg Slepak to simplify this and make namecoin extremely easy to use for both webmasters and websurfers, in the form of okTurles:

For a more in-depth read abot okTurles, have a look at their overview:

https://okturtles.com/other/dnschain_okturtles_overview.pdf

 

 

Advertisements