how to hack
play

How to Hack Blockchain Systems Parinya Ekparinya Vincent Gramoli - PowerPoint PPT Presentation

Aug 16, 2022 •213 likes •630 views

How to Hack Blockchain Systems Parinya Ekparinya Vincent Gramoli Guillaume Jourjon The University of Sydney Page 1 Blockchain Block #41 Block #42 Block #43 Block #44 Proof: Proof: Proof: Proof: 0xd00d1e 0xc0ffee 0xf00baa

  1. How to Hack Blockchain Systems Parinya Ekparinya Vincent Gramoli Guillaume Jourjon The University of Sydney Page 1

  2. Blockchain Block #41 Block #42 Block #43 Block #44 Proof: Proof: Proof: Proof: 0xd00d1e… 0xc0ffee… 0xf00baa… 0xfabfab… Parent Proof: Parent Proof: Parent Proof: Parent Proof: 0xf00baa… 0xd00d1e… 0xc0ffee… 0xf00baa… TX: Alice -> Bob TX: Mallory -> Bob TX: Ted -> Alice TX: Mallory -> Alice The University of Sydney Page 2

  3. Blockchain Block #41 Block #42 Block #43 Block #44 Proof: Proof: Proof: Proof: 0xd00d1e… 0xc0ffee… 0xf00baa… 0xfabfab… Parent Proof: Parent Proof: Parent Proof: Parent Proof: 0xf00baa… 0xd00d1e… 0xc0ffee… 0xf00baa… TX: Alice -> Bob TX: Mallory -> Bob TX: Ted -> Alice TX: Mallory -> Alice The University of Sydney Page 3

  4. The University of Sydney Page 4

  5. The University of Sydney Page 5

  6. $ 10 The University of Sydney Page 6

  7. $ 10 The University of Sydney Page 7

  8. $ 10 $ 10 The University of Sydney Page 8

  9. $ 10 $ 10 The University of Sydney Page 9

  10. $ 10 $ 10 The University of Sydney Page 10

  11. $ 10 $ 10 The University of Sydney Page 11

  12. $ 10 $ 10 The University of Sydney Page 12

  13. What da h… $ 10 The University of Sydney Page 13

  14. The University of Sydney Page 14

  15. Q: is it possible to double spend on Ethereum with network attacks? The University of Sydney Page 15

  16. Approaches to study … – Goals: 1. How the blockchain system decide a block? 2. How the blockchain system resolve fork? The University of Sydney Page 16

  17. Approaches to study … – Goals: 1. How the blockchain system decide a block? 2. How the blockchain system resolve fork? – Reading the documentation – Scattered and un-organised information: website, wiki, github, issue tracker, yellow paper , etc. – Lack of necessary information – Intention ≠ Actual implementation – Reading the code !! – Running it for real because the devil is in the detail … The University of Sydney Page 17

  18. Decided Blocks and Committed Transactions in PoW/Ethereum – Given a blockchain with parameter k, a block at index i is decided when the chain depth reaches i+k – A transaction is committed if it belongs to a decided block i i+1 0 1 i+k-1 i+k Decided Undecided Transaction block block The University of Sydney Page 18 Ekparinya et al, "Impact of Man-in-the-middle Attacks on Ethereum"

  19. Expected Branch Selection in PoW/Ethereum: GHOST The University of Sydney Page 19

  20. Expected Branch Selection in PoW/Ethereum: GHOST The University of Sydney Page 20

  21. Actual Branch Selection in PoW/Ethereum: Highest total difficulty The University of Sydney Page 21

  22. Actual Branch Selection in PoW/Ethereum: Highest total difficulty The University of Sydney Page 22

  23. Example 1: Man-in-the-middle Attack against PoW The University of Sydney Page 23

  24. Example 1: Man-in-the-middle Attack against PoW The University of Sydney Page 24

  25. Example 1: Man-in-the-middle Attack against PoW The University of Sydney Page 25

  26. Example 1: Man-in-the-middle Attack against PoW The University of Sydney Page 26

  27. Example 1: Man-in-the-middle Attack against PoW The University of Sydney Page 27

  28. Decided Blocks and Committed Transactions in AuRa PoA/Ethereum – A decision requires strictly more than half, only one partition may decide blocks Can decide a block The University of Sydney Page 31

  29. Branch Selection in AuRa PoA/Ethereum : Longest branch The University of Sydney Page 32

  30. Branch Selection in AuRa PoA/Ethereum : Longest branch The University of Sydney Page 33

  31. Example 2: The Cloning Attack against PoA The University of Sydney Page 34

  32. Example 2: The Cloning Attack against PoA The University of Sydney Page 35

  33. Example 2: The Cloning Attack against PoA The University of Sydney Page 36

  34. Example 2: The Cloning Attack against PoA The University of Sydney Page 37

  35. Example 2: The Cloning Attack against PoA The University of Sydney Page 38

  36. The requirements for the experiments – Control over computing resources ➢ OpenStack Private Cloud – Network control and isolation ➢ Virtual switches, Virtual routers (Quagga) and VLAN – Highly automated ➢ OpenStack API and Ethereum API – Robust data collection ➢ Elasticsearch The University of Sydney Page 39

  37. Testbed Provisioning The University of Sydney Page 40

  38. Testbed Provisioning The University of Sydney Page 41

  39. Testbed Provisioning The University of Sydney Page 42

  40. Testbed Provisioning The University of Sydney Page 43

  41. Time for Discussions !! The University of Sydney Page 44

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SLIPPERY SLIDES HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads Hard-Boiled Egg Hack Goes

SLIPPERY SLIDES HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads Hard-Boiled Egg Hack Goes

SLIPPERY SLIDES HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads Hard-Boiled Egg Hack Goes Viral on Twitter By using our site, you acknowledge that you have read and understand our Cookie PolicyPrivacy Policyand our Terms of Service.

1.1k views • 3 slides
Hack The CPython Batuhan Taskaya @isidentical What is hacking? Why do we hack? Yes, we want

Hack The CPython Batuhan Taskaya @isidentical What is hacking? Why do we hack? Yes, we want

Hack The CPython Batuhan Taskaya @isidentical What is hacking? Why do we hack? Yes, we want FREEDOM! We want to use PEP313! Before we hack, Learn the internals Lexing - Tokenization - Read #define NEWLINE 4 #define INDENT

670 views • 36 slides
Geoffrey Vaughan Lets Hack NFC How does NFC work? How could we hack it? Where

Geoffrey Vaughan Lets Hack NFC How does NFC work? How could we hack it? Where

Geoffrey Vaughan Lets Hack NFC How does NFC work? How could we hack it? Where are the weaknesses? What are the security implications? Security Compass and NFC Currently we are devoting a lot of energy towards NFC

704 views • 35 slides
ART SLIDES: VAN GOGH EDITION HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free Buy 30 coins Nearly

ART SLIDES: VAN GOGH EDITION HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free Buy 30 coins Nearly

ART SLIDES: VAN GOGH EDITION HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free Buy 30 coins Nearly 1, Paintings and Drawings by Vincent van Gogh Digitized and Put Online | Hacker News For people who don't live close to huge cities with big

269 views • 3 slides
SSA Introduction Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2013 saarland

SSA Introduction Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2013 saarland

SSA Introduction Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2013 saarland university computer science 1 Another kind of CFGs p D ( ) x e x e D ( ) q Effects on edges. Nodes called Nodes are

310 views • 19 slides
FC2015 RSDYK Dyke quality assessment by remote sensing Robert Hack Robert Hack 14-Apr-09 1

FC2015 RSDYK Dyke quality assessment by remote sensing Robert Hack Robert Hack 14-Apr-09 1

FC2015 RSDYK Dyke quality assessment by remote sensing Robert Hack Robert Hack 14-Apr-09 1 FC2015-RSDYK - Hack Pilot project: RSDYK2008 Trial to establish whether remote sensing in combination with geological knowledge can be used for

826 views • 10 slides
Code Generation: Intro Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2017

Code Generation: Intro Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2017

Code Generation: Intro Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2017 Saarland University, Computer Science 1 Code Generation Consists (roughly) of three parts: 1. Instruction Selection Select processor instructions for

282 views • 9 slides
SLIPPERY SLIDES HACK and CHEATS.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads 7 Hacks To Make

SLIPPERY SLIDES HACK and CHEATS.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads 7 Hacks To Make

SLIPPERY SLIDES HACK and CHEATS.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads 7 Hacks To Make Your Boots Slip-Proof May 18, Attach your Water hose. Wet your slide, this just helps for the first few slides. Once the kids get going, their

308 views • 3 slides
Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 17. Dezember 2013 saarland

Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 17. Dezember 2013 saarland

Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 17. Dezember 2013 saarland university computer science 1 Value Numbering a := 2 a := 3 x := a + 1 x := a + 1 y := a + 1 Replace second computation of a + 1 with a copy from x 2

223 views • 20 slides
Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 5. Dezember 2017 Saarland

Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 5. Dezember 2017 Saarland

Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 5. Dezember 2017 Saarland University, Computer Science 1 Value Numbering a := 2 a := 3 x := a + 1 x := a + 1 y := a + 1 Replace second computation of a + 1 with a copy

394 views • 22 slides
The Premise: Hack in Paris, 2015 I may be right on some stuff. Probably wrong on other bits.

The Premise: Hack in Paris, 2015 I may be right on some stuff. Probably wrong on other bits.

The Premise: Hack in Paris, 2015 I may be right on some stuff. Probably wrong on other bits. Analogue is meant to help people think differently. This is the Hack in Paris 2015 version, and is subject to all sorts of changes as the

963 views • 80 slides
Sebastian Hack, Christian Hammer, Jan Reineke Saarland University Static Program Analysis

Sebastian Hack, Christian Hammer, Jan Reineke Saarland University Static Program Analysis

Sebastian Hack, Christian Hammer, Jan Reineke Saarland University Static Program Analysis Introduction Winter Semester 2014 Slides based on: H. Seidl, R. Wilhelm, S. Hack: Compiler Design, Volume 3, Analysis and Transformation, Springer

616 views • 27 slides
Report from DAQ Simulations Hack Days Georgia Karagiorgi & Michael Baird Nov. 9, 2016

Report from DAQ Simulations Hack Days Georgia Karagiorgi & Michael Baird Nov. 9, 2016

Report from DAQ Simulations Hack Days Georgia Karagiorgi & Michael Baird Nov. 9, 2016 Organized by the DUNE DAQ Simulations Task Force [https://cdcvs.fnal.gov/redmine/projects/dune/wiki/DAQ_Simulations] Hack Days indico page, with links to

520 views • 12 slides
New Ways Im Going to Hack Your Web App Rich Lundeen,

New Ways Im Going to Hack Your Web App Rich Lundeen,

New Ways Im Going to Hack Your Web App Rich Lundeen, Jesse Ou, Travis Rhodes MicrosoE Boss Engineering Security Team & Office 365 Pen Test

1.28k views • 103 slides
Hack the Derivative! Erik Taubeneck Software Engineer October 20th, 2015 American University

Hack the Derivative! Erik Taubeneck Software Engineer October 20th, 2015 American University

The Derivative Finite Difference Floating Point Arithmetic Complex Analysis Crash Course Hack the Derivative Hack the Derivative! Erik Taubeneck Software Engineer October 20th, 2015 American University Math/Stat Dept Colloquium The

1.39k views • 106 slides
Hack the Derivative! Erik Taubeneck GameChanger Media - Software Engineer and Data Maven Were

Hack the Derivative! Erik Taubeneck GameChanger Media - Software Engineer and Data Maven Were

Calculus Crash Course Finite Difference Floating Point Arithmetic Complex Analysis Crash Course Hack the Derivative Hack the Derivative! Erik Taubeneck GameChanger Media - Software Engineer and Data Maven Were hiring!

1.21k views • 89 slides
What goes wrong when thousands of engineers share the same continuous build? Eran Messeri,

What goes wrong when thousands of engineers share the same continuous build? Eran Messeri,

What goes wrong when thousands of engineers share the same continuous build? Eran Messeri, Google eranm@google.com Goals Demonstrate feasibility of working from head Prove the importance of reliable, automated tests. Show how

3.03k views • 18 slides
Hacking in Popular Culture Week 2 Frank Chen | Spring 2017 Agenda Administrative Review

Hacking in Popular Culture Week 2 Frank Chen | Spring 2017 Agenda Administrative Review

Mr. Robot, an Emmy Award-winning TV drama starring a vigilante hacker CS 88S Hacking in Popular Culture Week 2 Frank Chen | Spring 2017 Agenda Administrative Review last weeks material Hack Hollywood Hacking: The Good, The

718 views • 45 slides
UNRM Hacking the filesystem Jessica Yu WHOOPS... GMAIL: UNDO SEND unrm operates on the same

UNRM Hacking the filesystem Jessica Yu WHOOPS... GMAIL: UNDO SEND unrm operates on the same

UNRM Hacking the filesystem Jessica Yu WHOOPS... GMAIL: UNDO SEND unrm operates on the same idea as Gmail's undo send. UNRM: USAGE Goal : after an rm , want to be able to recover all removed files under a certain directory within a set period

888 views • 58 slides
Machine Language Foundations of Global Networked Computing: Building a Modern Computer From First

Machine Language Foundations of Global Networked Computing: Building a Modern Computer From First

IWKS 3300: NAND to Tetris Spring 2019 John K. Bennett Machine Language Foundations of Global Networked Computing: Building a Modern Computer From First Principles This course is based upon the work of Noam Nisan and Shimon Schocken. More

753 views • 37 slides
Hacking the Canon 300D digital camera Lex Augusteijn November 2018 www.lex-augusteijn.nl

Hacking the Canon 300D digital camera Lex Augusteijn November 2018 www.lex-augusteijn.nl

Hacking the Canon 300D digital camera Lex Augusteijn November 2018 www.lex-augusteijn.nl lex.augusteijn@gmail.com History March 2003: Canon 10D was introduced $1500 DSLR 6Mpix CMOS sensor August 2003: Canon 300D was introduced

332 views • 22 slides
Exploiting the Client Vulnerabilities in Internet E-voting Systems: Hacking Helios 2.0 as an

Exploiting the Client Vulnerabilities in Internet E-voting Systems: Hacking Helios 2.0 as an

Exploiting the Client Vulnerabilities in Internet E-voting Systems: Hacking Helios 2.0 as an Example Saghar Estehghari 1 Yvo Desmedt 1 , 2 1 Department of Computer Science University College London, UK 2 Research Center for Information Security

572 views • 28 slides
Testing Dr. Patrick McDaniel Meghan Riegel Fall 2015 What is Penetration Testing? Attacking

Testing Dr. Patrick McDaniel Meghan Riegel Fall 2015 What is Penetration Testing? Attacking

Introduction to Penetration Testing Dr. Patrick McDaniel Meghan Riegel Fall 2015 What is Penetration Testing? Attacking a system to find security vulnerabilities in order to fix them before a malicious party attacks the system Legal if

455 views • 9 slides
02 October 2020 Association for Computing Machinery 02 October 2020 Miami Hacks | October

02 October 2020 Association for Computing Machinery 02 October 2020 Miami Hacks | October

Association for Creepy Mansions 02 October 2020 Association for Computing Machinery 02 October 2020 Miami Hacks | October 2nd-4th Florida International University 36 Hour Hackathon Online! October 2nd-4th Register at

640 views • 31 slides

More recommend