Airzero Sec

We Do Not Give Up ! Trust US !

Use case: Bitcoin Secure Wallet

- Posted in Mobile App Security by

Introduction

With the demand for next-generation financial technology newly increasing, there have been functional analyses on blockchain for the safe use of electronic cash by sharing solely between counterparts and without the involvement of third parties. A blockchain is a public ledger for commerce and it prevents hacking during trades involving virtual cash. As a kind of distributed database and a data form list that constantly grows, it is planned to undermine arbitrary tampering by the operator of dispersed peers. Trade records are encrypted according to a rule and used in computers that operate the blockchain software. Using blockchain can supply higher protection reached to storing all data in the main database. In the data storage and control aspect, injury from attacks on a database can be controlled. Moreover, since the blockchain has an exposure point, it can provide clarity in data when used in a space demanding the disclosure of data. Due to such powers, it can be used in different places including the economic sector and the Internet of Things domain and its applications are predicted to grow. The blockchain completes a trade record through the work authentication technique when someone who lends electronic cash forms a league by connecting the trades over the network. The hash value is then caused by confirming it and joining the last block. This block is sometimes updated and remembered on the electronic cash transaction parties to communicate the most delinquent transaction detail block. This approach delivers protection for the transaction of electronic cash and permits the use of a dedicated mechanism. Cloud computing has been used in many IT conditions due to its efficiency and availability. Moreover, cloud security and solitude issues have been examined in terms of critical security elements: confidentiality, integrity, authentication, access control, and so on.

In this study, we aspire to explore the description and base technology of blockchain and survey the direction of investigations to date to discuss places to be studied, considering cloud computing domains. In addition, we examine the reviews for blockchain protection and security solutions in components. This study of blockchain technology surveys the blockchain by studying generic technology and research directions and discusses the explanation for using bitcoin safely as well as future study areas. The outcomes of this study can act as important base data in examining blockchain and will aid in comprehending the known safety problems thus far. We can foster the growth of prospective blockchain technology by comprehending the trend of blockchain protection. The rest of this analysis is arranged as follows. later, we discuss related works including the fundamental idea of blockchain and bitcoin as a use case. Later explains a precise discussion and survey on the security cares for blockchain including the settlement of blockchain, the security of transactions, the protection of wallets, and the security of software. Later we discuss blockchain protection case studies—authentication, security happenings, and 51% attack—and enhance the blockchain.

Related Works

In this section, we examine the fundamental concept of blockchain and the current research. We also study the exact use of blockchain in bitcoin.

Blockchain

A blockchain is a technology that permits all associates to maintain a ledger including all transaction data and to update their ledgers to maintain integrity when there is a new transaction. Since the promotion of the Internet and encryption technology has created it feasible for all components to confirm the trustworthiness of a transaction, the single point of failure emerging from the dependence on an authorized third party has been translated.

Bitcoin

Bitcoin is the digital currency presented by Satoshi Nakamoto in 2009 to authorize transactions between peers without central control or a server to give and manage the currency. Bitcoins are sold with the P2P-based dispersed databases established on public-key cryptology. Bitcoin is one of the first performances of cryptocurrency in 1998. The bitcoin trade announcement is revealed over the network such that all peers can prove it and so money distribution is limited. The peers experiencing in the network have the same blockchain and the transaction data are held in blocks in the same way as the distributed storage of transaction data Although there are many dangers concerned in electronic transactions, bitcoin can be technically executed to cope with them. For example, an individual attempting to cause a falsified ticket record from another individual statement to his or her own account can be secured by securing it with the sender’s personal key. If numerous parties plan to use a bitcoin at the same time, the chain that loses in the match between peers will be destroyed.

Consideration for Blockchain Security: Challenges

Blockchain technology has been executed or learned as cyber money and is really used. Note, however, that extra security problems arising in blockchain contracts, transactions, wallets, and software have been reported. This report checks the signals of security problems presented to date and the security level of the current blockchain. We believe this shot is very important as the results can act as base data for planning future blockchain technology and improving security.

Settlement of Blockchain

Although there should only be one blockchain since it is the sequential connection of developed blocks, a blockchain may be divided into two because the two most offender blocks can be generated temporarily if two distinct peers increase in mining the solution for creating the block at the same time. In such a matter, the block that is not set as the belated block by the majority of peers in the bitcoin web to restart mining will become meaningless. In other words, bitcoin will keep the bulk of peers who have 50% or more mining ability. Therefore, if an assailant has 51% mining ability, a “51% Attack”, wherein the attacker has control of the blockchain and she can include falsified transactions, can be a problem.

Security of Transaction

Since the script used in inputs and outputs is a programming language with flexibility, other transaction forms can be made using such a bitcoin contract is a form of using bitcoin for the existing authentication and economic service. Widely used form problems making the contract using the script that has a considerable-signature procedure called multisig. Although the scripts are utilized to translate a wide range of bitcoin problems, the case of the improperly configured transactions has also increased as the complexity of the script increases. A bitcoin using an improperly configured locking writing is pitched since nobody can use it as the unlocking script cannot be created. To this end, there are studies that offer examples of bitcoin contract-type trades to confirm the accuracy of a script used in a transaction.

Security of Wallet

The bitcoin address is worth a public key encoded with a group of public and private keys. Therefore, the locking writing of a bitcoin transaction with an oration as work can be unlocked with a script that has the agreement signed with the public key of the speech and the personal key. The bitcoin wallet accounts report such as the private key of the analysis to be used for unlocking script. It suggests that failure of data in the wallet reveals a loss of bitcoin since the data is required for using the bitcoin. Therefore, the bitcoin wallet has evolved the primary subject of bitcoin aggression through hacking.

Security of Software

The bug of the software used in bitcoin can be needed. Although the official Bitcoin Developer Documentation site clearly explains all bitcoin operations, the bitcoin core software is always useful as the connection since the complicated methods of the early bitcoin invention have been established through the software managed by Satoshi Nakamoto. Nonetheless, even the bitcoin core software, which must be more reliable than anything, is not Positive from the issue of software malfunction such as bugs. The most superior software bug is the CVE-2010-5139 vulnerability that appeared in August. Due to the bug yielded by integer overflow, an invalid transaction wherein 0.5 bitcoin was introduced as 184 trillion bitcoin was formed in a normal block, and the matter was not settled until 8 h later. Moreover, there was a bug where a union processed in version 0.8 was not processed in version 0.7 as the database was changed from BerkeleyDB to LevelDB since the bitcoin performance of the bitcoin core was elevated from 0.7 to 0.8. It caused the peers of version 0.7 and equivalents of version 0.8 to have additional blockchains for 6 h. Both of these problems are cases showing that the widespread belief in the safety of bitcoin trades of a block is having significant depth after some time and can be threatened by a software bug.

Blockchain Security Case Studies

The demand for the security of bitcoins established on the blockchain has grown since hacking cases were reported. Mt. Gox, a bitcoin interaction established in Tokyo reported losses of USD 8.75 million due to hacking in June 2011, and bitcoin wallet assistance InstaWallet reported losses of USD 4.6 million due to hacking in April 2013. In November of the same year, anonymous marketplace Sheep Marketplace was compelled to shut down after someone stole USD 100 million worth of bitcoins. Mt. Gox, which had already mourned losses due to hacking, again conveyed losses of USD 470 million due to hacking in February 2014 and subsequently pointed for bankruptcy. The problems persisted, with the Hong Kong-based bitcoin exchange Bitfinex reporting failures of USD 65 million due to hacking in August 2016. These problems have introduced awareness of the necessity for protection. There have been studies on the safety of blockchain to overcome such safety problems and many reports have been published. In particular, since blockchain is the generic technology of cyber money, the impairments can be deep in cases of misuse and tries to steal cyber money occur repeatedly. Therefore, it seems very influential to comprehend the attack cases known so far and to have out inquiries to draw up countermeasures.

Authentication

An essential part of blockchain security is security connected to the personal key used in encryption. An attacker takes out different attempts to access a user’s personal key held in the user’s computer or a smartphone in order to hack the bitcoin. The assailant will install malware on the computer or smartphone to leak the user’s private key and use it to hack the bitcoin. Some studies have suggested a hardware token for the support of a transaction to cover the personal key. Other studies indicated strengthened authentication standards for the storage unit including the bitcoin. Two-factor authentication is supposed to be the greatest method for supporting authentication.

Security Incidents

With more people using bitcoins, chances of malware and malicious codes targeting bitcoins have also been live reported. Malware can hack bitcoins by contaminating computers. To translate such a situation, a PC security key must be established to catch malicious code. One recently found negative code looted game reports and can be used for stealing the bitcoin accounts. With more bitcoins being utilized for the cash trade of online game items, safety steps to cope with it are required. The Distributed Denial of Service spell floods the targeted server with superfluous demands to overload the system and control the condition of normal service to other users. Thus, it can control the users of blockchain from obtaining assistance. DDoS attacks contain the bandwidth-consuming attack that surpasses the bandwidth of all systems using the same network and the PPS-consuming attack that causes inner system failure or the denial of assistance to other servers in the same network. The http-flooding attack transfers a large number of http packets to a targeted server to cause the rejection of the service. Since the bitcoin service must be always provided to the users, countermeasures to DDoS attacks are needed

51% Attack

In bitcoin conditions, a 51% attack alters and manufactures 51% of the registers simultaneously. Thus, it is a very hard attack to blend. The assailant must have 51% or more calculating ability of all users, deliberately cause two branches, and place the targeted branch as the fair blockchain. To solve the issue, an intermediate confirmation process must be delivered to stop such tampering a race attack causes hundreds of trades and transmits them to numerous users when a fair transaction is sent. Since many users are possible to think the shared transaction to be legitimate, failures can be supported if 51% of users modify the ledger. In a Finney attack, an attacker causes a block having altered data and brings out the attack with it. Such aggression can be stopped when the attack mark sets the trade-in standby mode until block confirmation.

Improved Blockchain

Since the current payment system is very difficult and transaction facilitators are spread, the points targeted by security attacks are growing. A user planning to trade money will pay an annual membership fee to obtain a card and use it to buy goods or use services. The customer’s bank and the merchant’s bank interact with each other to recompense the fee and a shop planning to use the card accepts it from a bank and uses it for the acquisition of goods and services. A simplification of transactions is needed since more people use smartphones to purchase goods or services.

Secure Blockchain Solutions in Cloud Computing

If the user details are disclosed in the cloud computing environment, monetary and psychological Injuries can occur due to the leak of users’ sensitive data. The security of the protection and transmitting data, such as confidentiality and probity, in the cloud computing environment, is particularly studied. However, analyses on privacy protection and obscurity are not sufficient. Blockchain is a usual technology for providing anonymity. If connected with the cloud computing environment, blockchain can be elevated to a convenient service that equips stronger security. User anonymity can be provided if the blockchain method is used when saving user data in the cloud computing environment. An electronic wallet is installed when using blockchain technology. If the electronic wallet is not correctly deleted, the user data can be left behind. The remaining user data can be used to think about the user information. To crack this problem, we propose a solution that installs and deletes the electronic wallet securely.

The blockchain is used to remove the data of the user who uses cloud computing. The electronic wallet is securely released by transmitting the finished message. The leak of user data can be controlled only when the electronic wallet is fully removed. Even though many existing studies have been conducted on the blockchain protocol, a process for removing the electronic wallet ultimately is given to provide user anonymity and privacy protection. We reached the process with existing studies in terms of confidentiality, integrity, anonymity, privacy protection, and residual data protection. Confidentiality statements if the data is leaked to unauthorized peers, whereas goodness checks if the data used in transactions are limited or falsified without sanction during transfer or hold. Anonymity must ensure that the peer implicated in a transaction is not identifiable. Privacy guard protects the personal statement of peers experienced in the transaction, whereas residual transmission protection checks the safe expulsion of user data at the time of trade stop and program removal.

Conclusion

A blockchain has eliminated the need for a server, eliminating the need for a central authority, and has accelerated transactions by participants collectively storing transaction records and, finally, approving transactions using P2P network technology. The blockchain has a distributed structure and makes use of the peer network as well as the computing resources of peers. To increase the security of blockchain, technical measures such as proof of labour and proof of stack are enforced. Despite the fact that the security of the blockchain is constantly being improved, issues have continued to be rumoured, and there are active security studies. An aggressor makes numerous attempts to gain access to a user's private key stored on the user's computer or a smartphone in order to hack the bitcoin. There are studies on using a secure token or securely storing it to protect the private key. Throughout this study, we will refer to blockchain technology and connected devices and examined the trend of studies thus far to discuss additional areas to be studied Several current issues must be addressed before using blockchain in a cloud computing environment. Even now, blockchain raises several issues, such as the security of transactions, wallets, and packages, and numerous studies are being conducted to address these issues. When utilizing blockchain in a cloud computing setting, the obscurity of user data should be ensured, and the user data should be completely deleted once the service is removed. If the user data is not deleted but instead remains, the user data is frequently guessed from the remaining data. As a result, this study mentioned the security strategy of presenting a technique of secure blockchain use and removal protocol. Given the environment in which a massive amount of data is transmitted, it appears that studies on potency, in addition to security, are required.

If you have any doubt about the topic. Don’t hesitate to contact us Airzero sec will be your digital partner.

Email:[email protected]

enter image description here

Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/