• It’s more and more centralized: Google, Apple, Amazon, Microsoft, … • That makes the spying and data leaks easier • A lot of DDoS attacks succeed • A single server is not enough even to serve a single popular Youtube video • Hosting changes → URLs are broken Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 The current Web is obsolete 4
depends on the web technologies involved • Efficient DDoS protection is hard Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 Scalability issues 6
Web front-end (storage of HTML/JS/CSS) • Domain name (storage and resolver) Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 A fully decentralized application, is it possible? 7
No downtime • Censorship-resistant • Fault-tolerant Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 Benefits of a decentralized application 8
be a light node) • or public gateway (HTTP/HTTPS) • Client application: • browser with extension • or heavy client Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 Requirements to use a decentralized application 11
Tezos • EOS (not very decentralized) • Bitcoin (somewhat limited) • Once deployed: • No one can modify the code or stop its execution • The code runs simultaneously on all the nodes Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 Decentralized execution 15
components: • web back-end: Ethereum smart contract • web front-end: Ethereum Swarm • domain name: Ethereum Name Service (ENS) Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 A fully decentralized application? 16
Most secured/trustable blockchain nowadays • Average block/transaction time: 15 seconds • Allows safe execution of logic through smart contracts • Allow payments with its digital currency, ether (ETH): https://coinmarketcap.com/currencies/ethereum/ • “Ethereum: the World Computer”: https://www.youtube.com/watch?v=j23HnORQXvs Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 The Ethereum blockchain 17
• an individual Ethereum account • a content hash for decentralized storage (Swarm or IPFS) • ENS official web site: https://ens.domains/ • Booking an entry: https://enslisting.com/ • ENS stats: https://ens.codetract.io/ Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 Decentralized name service: Ethereum Name Service (ENS) 18
censorship-resistant and Soon self-sustaining with incentives (soon) • Swarm protocol: bzz:// • Swarm official web site is stored using… Swarm and is also a Swarm gateway: • https://swarm-gateways.net/ redirects to https://swarm-gateways.net/bzz:/theswarm.eth/ • theswarm.eth resolves to Oxd1de9994b4d039f6548d191eb26786769f580809256b4685ef316805265ea162 • https://swarm-gateways.net/bzz:/d1de9994b4d039f6548d191eb26786769f580809256b4685ef316805265ea162/ Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 Decentralized storage: Ethereum Swarm 19
devices run light or full blockchain nodes to allow ransom payment • All blockchain nodes run ransomware (command-and-control) smart contract fully decentralized C&C! • Key generation using private smart contract or better, homomorphic encryption (no private key on infected devices) unstoppable ransomware! Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 Fully decentralized ransomware: proposed logic 23
• Traffic filtering related to blockchain • Fooling used oracles (bridges between blockchain and the Web), if any • DPI (Deep Packet Inspection) to block calls to specific smart contracts/oracles • Governance to ban specific smart contracts (e.g. « The DAO ») Blockchain decentralized apps: the future of malwares? - HackIT 4.0, Kyiv - October 10-11, 2018 Acceptable solutions? 25