Showing papers by "Hannes Hartenstein published in 2020"

Matrix Decomposition: Analysis of an Access Control Approach on Transaction-based DAGs without Finality

Abstract: The Matrix message-oriented middleware (see https://matrix.org) is gaining momentum as a basis for a decentralized, secure messaging system as shown, for example, by its deployment within the French government and by the Mozilla foundation. Thus, understanding the corresponding access control approach is important. This paper provides an ab- straction and an analysis of the access control approach followed by Matrix. We show that Matrix can be seen as a form of Distributed Ledger Technology (DLT) based on Transaction-based Directed Acyclic Graphs (TDAGs). TDAGs connect individual transactions to form a DAG, instead of collecting transactions in blocks as in blockchains. These TDAGs only provide causal order, eventual consistency, and no finality. However, unlike conventional DLTs, Matrix does not aim for a strict system-wide consensus. Thus, there is also no guarantee for a strict consensus on access rights. By de- composition of the Matrix approach, we show that a sound decen- tralized access control can be implemented for TDAGs in general, and for Matrix in particular, despite those weak guarantees. In ad- dition, we discovered security issues in popular implementations and emphasize the need for a formal verification of the employed conflict resolution mechanism.

Fundamental Properties of the Layer Below a Payment Channel Network (Extended Version).

Abstract: Payment channel networks are a highly discussed approach for improving scalability of cryptocurrencies such as Bitcoin. As they allow processing transactions off-chain, payment channel networks are referred to as second layer technology, while the blockchain is the first layer. We uncouple payment channel networks from blockchains and look at them as first-class citizens. This brings up the question what model payment channel networks require as first layer. In response, we formalize a model (called RFL Model) for a first layer below a payment channel network. While transactions are globally made available by a blockchain, the RFL Model only provides the reduced property that a transaction is delivered to the users being affected by a transaction. We show that the reduced model's properties still suffice to implement payment channels. By showing that the RFL Model can not only be instantiated by the Bitcoin blockchain but also by trusted third parties like banks, we show that the reduction widens the design space for the first layer. Further, we show that the stronger property provided by blockchains allows for optimizations that can be used to reduce the time for locking collateral during payments over multiple hops in a payment channel network.

Practical Trade-Offs in Integrity Protection for Binaries via Ethereum

Abstract: Ensuring the integrity of executable binaries is of vital importance to systems that run and depend on them. Additionally, supply-chain attacks and security related bugs demonstrate that binaries, once deployed, may need to be revoked and replaced with updated versions.Recently, blockchain ecosystems have garnered broad attention as middlewares for decentralised solutions to existing problems. Stengele et al. [4] presented a concept how the Ethereum blockchain and peer-to-peer network can be used to ensure the integrity of binaries with timely, accurate, and machine-readable revocations. In this work, we show this concept in practice with a user client implementation in Go and demonstrate how revocations and updates can reliably reach a user client within minutes. We show the client's ability to ensure the integrity of multiple binaries and continuously monitor the Ethereum blockchain for updates and revocations via an unmodified Ethereum client. We also examine the trust relations and trade-offs through our use case. Since the user client fully relies on an Ethereum client as a gateway, the latter's resilience against malicious actors is crucial to consider in a practical deployment.

Fundamental Properties of the Layer Below a Payment Channel Network

Abstract: Payment channel networks are a highly discussed approach for improving scalability of cryptocurrencies such as Bitcoin. As they allow processing transactions off-chain, payment channel networks are referred to as second layer technology, while the blockchain is the first layer. We uncouple payment channel networks from blockchains and look at them as first-class citizens. This brings up the question what model payment channel networks require as first layer. In response, we formalize a model (called RFL model) for a first layer below a payment channel network. While transactions are globally made available by a blockchain, the RFL model only provides the reduced property that a transaction is delivered to the users being affected by a transaction. We show that the reduced model’s properties still suffice to implement payment channels. By showing that the RFL model can not only be instantiated by the Bitcoin blockchain but also by trusted third parties like banks, we show that the reduction widens the design space for the first layer. Further, we show that the stronger property provided by blockchains allows for optimizations that can be used to reduce the time for locking collateral during payments over multiple hops in a payment channel network.

Attacks on Dynamic Protocol Detection of Open Source Network Security Monitoring Tools

Abstract: Protocol detection is the process of determining the application layer protocol in the context of network security monitoring, which requires a timely and precise decision to enable protocol-specific deep packet inspection. This task has proven to be complex, as isolated characteristics, like port numbers, are not sufficient to reliably determine the application layer protocol. In this paper, we analyze the Dynamic Protocol Detection mechanisms employed by popular and widespread open-source network monitoring tools. On the example of HTTP, we show that all analyzed detection mechanisms are vulnerable to evasion attacks. This poses a serious threat to real-world monitoring operations. We find that the underlying fundamental problem of protocol disambiguation is not adequately addressed in two of three monitoring systems that we analyzed. To enable adequate operational decisions, this paper highlights the inherent trade-offs within Dynamic Protocol Detection.