Blockchain decentralized apps: the future of malwares? Renaud Lifchitz Econocom digital.security October 10-11, 2018 HackIT, Ukraine

Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 Renaud Lifchitz Econocom digital.security IoT security expert https://www.linkedin.com/in/renaudlifchitz/ [email protected] 2

The current Web is obsolete Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 3

● The Web has been designed to be decentralized BUT… ● It’s more and more centralized: Google, Apple, Amazon, Microsoft, … ● That makes the spying and data leaks easier ● A lot of DDoS attacks succeed ● A single server is not enough even to serve a single popular Youtube video ● Hosting changes → URLs are broken Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 The current Web is obsolete 4

● DNS ● SSL/TLS certificates ● System security ● Network security ● Application security ● Passwords Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 Many security weak points 5

● Load balancing: ● is complex ● is costly ● depends on the web technologies involved ● Efficient DDoS protection is hard Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 Scalability issues 6

Several parts should be decentralized: • Back-end (core logic/app) • Web front-end (storage of HTML/JS/CSS) • Domain name (storage and resolver) Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 A fully decentralized application, is it possible? 7

• Scalable since the beginning • DoS & DDoS-resistant • No downtime • Censorship-resistant • Fault-tolerant Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 Benefits of a decentralized application 8

Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 Examples of decentralized applications (dApps) 9

Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 10

• Network access: • through P2P / blockchain node (can be a light node) • or public gateway (HTTP/HTTPS) • Client application: • browser with extension • or heavy client Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 Requirements to use a decentralized application 11

Decentralized technologies Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 12

• ENS (Ethereum Name Service) • Namecoin • BNS (Blockstack Naming Services) • IPNS/IPFS (Inter-Planetary Naming System) • … Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 Decentralized entry points 13

Decentralized storage backends • Ethereum Swarm • Sia • IPFS • Storj • … with or without paid incentives Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 14

• Using smart contracts: • Ethereum (Solidity programming language) • Tezos • EOS (not very decentralized) • Bitcoin (somewhat limited) • Once deployed: • No one can modify the code or stop its execution • The code runs simultaneously on all the nodes Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 Decentralized execution 15

We can choose the Ethereum technology stack with some beta components: • web back-end: Ethereum smart contract • web front-end: Ethereum Swarm • domain name: Ethereum Name Service (ENS) Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 A fully decentralized application? 16

● https://www.ethereum.org/ ● More than 12,000 online nodes!: https://www.ethernodes.org ● Most secured/trustable blockchain nowadays ● Average block/transaction time: 15 seconds ● Allows safe execution of logic through smart contracts ● Allow payments with its digital currency, ether (ETH): https://coinmarketcap.com/currencies/ethereum/ ● “Ethereum: the World Computer”: https://www.youtube.com/watch?v=j23HnORQXvs Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 The Ethereum blockchain 17

● An ENS entry can map a .eth name to: ● an individual Ethereum account ● a content hash for decentralized storage (Swarm or IPFS) ● ENS official web site: https://ens.domains/ ● Booking an entry: https://enslisting.com/ ● ENS stats: https://ens.codetract.io/ Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 Decentralized name service: Ethereum Name Service (ENS) 18

● Peer-to-peer storage and serving solution ● DDOS-resistant, zero-downtime, fault-tolerant, censorship-resistant and Soon self-sustaining with incentives (soon) ● Swarm protocol: bzz:// ● Swarm official web site is stored using… Swarm and is also a Swarm gateway: ● https://swarm-gateways.net/ redirects to https://swarm-gateways.net/bzz:/theswarm.eth/ ● theswarm.eth resolves to Oxd1de9994b4d039f6548d191eb26786769f580809256b4685ef316805265ea162 ● https://swarm-gateways.net/bzz:/d1de9994b4d039f6548d191eb26786769f580809256b4685ef316805265ea162/ Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 Decentralized storage: Ethereum Swarm 19

Hosting a decentralized photo album Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 Distributed storage demo: Swarm 20

Sharing a multimedia directory Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 Distributed storage demo: IPFS 21

A decentralized malware Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 22

• Ransomware acts as a worm (decentralized propagation) • Infected devices run light or full blockchain nodes to allow ransom payment • All blockchain nodes run ransomware (command-and-control) smart contract  fully decentralized C&C! • Key generation using private smart contract or better, homomorphic encryption (no private key on infected devices)  unstoppable ransomware! Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 Fully decentralized ransomware: proposed logic 23

Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 Ransomware on the blockchain: proposed architecture 24

• Ban blockchain nodes & light nodes in antivirus  • Traffic filtering related to blockchain  • Fooling used oracles (bridges between blockchain and the Web), if any • DPI (Deep Packet Inspection) to block calls to specific smart contracts/oracles  • Governance to ban specific smart contracts (e.g. « The DAO »)  Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 Acceptable solutions? 25

Thank you! [email protected] Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 26 Any questions?