Wallet Security Wallets Keep track of the world If you want - - PowerPoint PPT Presentation

wallet security wallets
SMART_READER_LITE
LIVE PREVIEW

Wallet Security Wallets Keep track of the world If you want - - PowerPoint PPT Presentation

Sep 04, 2023 385 likes •772 views

Wallet Security Wallets Keep track of the world If you want Synchronize with the network if you fall behind Address end user needs Send coin Receive coin Answer queries What is my balance? What is my activity

slide-1
SLIDE 1

Wallet Security

slide-2
SLIDE 2

Wallets

  • Keep track of the world
  • If you want
  • Synchronize with the network if you fall behind
  • Address end user needs
  • Send coin
  • Receive coin
  • Answer queries
  • What is my balance?
  • What is my activity history in this network?
slide-3
SLIDE 3

This Lecture

  • How do you engineer safe wallets?
slide-4
SLIDE 4

Architecture

  • Daemon, client architecture
  • Daemon:
  • Long running
  • Client:
  • CLI or GUI that talks to daemon
  • Short lived process
slide-5
SLIDE 5

DAEMON

OUTSIDE WORLD

CLIENT

slide-6
SLIDE 6

Followed By

  • Armory
  • Coinbase
  • Parity Daemon
slide-7
SLIDE 7

Attack Surface

  • Key handling:
  • Client / daemon responsible
  • Communication:
  • Are messages designed correctly
  • Crypto:
  • Are you doing things right
slide-8
SLIDE 8

Daemon Client Communication

  • How do they communicate?
  • IPC
  • TCP, Sockets, Message queues…
slide-9
SLIDE 9

What About HTTP

  • A small example:
  • GET http://localhost:8000/balance
  • POST http://localhost:8000/send
  • GET http://localhost:8000/history
slide-10
SLIDE 10

Flow

  • Client makes HTTP requests to Daemon
  • Issues?
slide-11
SLIDE 11

Issues?

  • Anyone can make those requests
  • If you load a webpage, that webpage can issue

requests to http://localhost:8000

slide-12
SLIDE 12

History

  • Zoom:
  • Video conferencing product
  • Recent successful IPO
slide-13
SLIDE 13

Zoom Daemon

  • The Zoom software ran a daemon on http://localhost:PORT
  • Visiting https://zoom.us/j/meeting-id
  • Would cause the webpage to issue a request to the

localhost server

  • Which would:
  • Join the user to a call
  • Update the zoom client
  • etc.
slide-14
SLIDE 14

Zoom Daemon

  • Further:
  • Buffer overflows in this undocumented web-

server

slide-15
SLIDE 15

Zoom Daemon

  • Users figured this out
  • Vuln was demonstrated using a third party

website that:

  • Could join a random user into a zoom meeting

that they didn’t want to join

  • Install a zoom client without their

interaction

slide-16
SLIDE 16

For Your Wallet

  • Any third party page can figure out:
  • What’s your balance
  • What sort of transactions you’ve conducted in

the past

  • Etc.
slide-17
SLIDE 17

Doing It Right

  • Well tested architectures:
  • Docker daemon + client:
  • Unix domain socket for IPC on OS X, Linux
  • TCP on windows
  • Avoids our http exploit
slide-18
SLIDE 18

Links

  • https://medium.com/bugbountywriteup/zoom-zero-

day-4-million-webcams-maybe-an-rce-just-get- them-to-visit-your-website-ac75c83f4ef5

slide-19
SLIDE 19

Protocol

  • You can secure comm layer
  • But what you send over the wire can still cause

problems

slide-20
SLIDE 20

Example

  • Daemon / Client
  • Client issues request:
  • {recipient: ABC-DEF-…, AMOUNT: 100}
  • Daemon signs and broadcasts
slide-21
SLIDE 21

Protocol

  • Any other process can do that too
slide-22
SLIDE 22

MISC

  • You can log things like keys
  • Happens even now at large firms
  • Coredumps
slide-23
SLIDE 23

Coredumps

  • You can dump a running process to disk
  • And inspect the state
  • If you keep the keys loaded in memory, they can

be found there

slide-24
SLIDE 24

Crypto

  • Bitcoin wallet
  • Private keys stored in wallet.dat
  • AES-256 encryption of these private keys
  • Master key:
  • Passphrase -> SHA 512
slide-25
SLIDE 25

Deterministic Wallet

  • Seed Phrase
  • Wallets contain a wordlist:
  • 2048 words mapped to integers
  • Pick 12 random words from this wordlist
slide-26
SLIDE 26

Seed Phrase

  • This is your seed phrase:
  • 2048 ^ 12 combinations
  • 12 word seed phrase has about 128 bits of

security

slide-27
SLIDE 27

Seed Phrase

  • Write down this 12 word list
  • It is sufficient to recover your bitcoin
slide-28
SLIDE 28

HD Wallet

slide-29
SLIDE 29

HD Wallet

  • Single Seed Phrase for all private keys
  • Master Public Key:
  • Generate from Master Private Key
  • Can generate all additional public keys but

not their private keys

  • Private Keys from the Master Private Keys are

Master Private Keys themselves.

slide-30
SLIDE 30

HD Wallet

  • Computing n^th private key:
  • Compute an offset: H(n, Master PubKey)
  • Master Private Key + offset
slide-31
SLIDE 31

HD Wallet

  • Computing n^th Master Public Key:
  • Compute an offset: H(n, Master PubKey)
  • Master Public Key + get_pubkey(offset)
slide-32
SLIDE 32

Hierarchy

  • Root of pub / priv keys
slide-33
SLIDE 33

Key Best Practices

  • Brand new address to receive each payment
  • Ask for a brand new address from the recipient
slide-34
SLIDE 34

Threshold Signatures

  • Constructing a single signature is:
  • Split between two devices
  • Single device won’t be at risk
slide-35
SLIDE 35

Threshold Signatures

  • Each party (device) creates a key independently
  • A signing protocol
  • Each share does part of the signing
slide-36
SLIDE 36

Hardware Wallets

  • BitFI “Unhackable” Wallet
slide-37
SLIDE 37

Exploits

  • Can easily read finger movements on device
  • Taps etc.
  • Can read out data being sent
  • Can easily tamper with the device