References of "Steichen, Mathis 50009362"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailTowards Usable Protection Against Honeypots
Ferreira Torres, Christof UL; Steichen, Mathis UL; State, Radu UL

in IEEE International Conference on Blockchain and Cryptocurrency, Toronto, Canada 3-6 May 2020 (2020)

The Ethereum blockchain enables the execution of so-called smart contracts. These are programs that facilitate the automated transfer of funds according to a given business logic without the participants ... [more ▼]

The Ethereum blockchain enables the execution of so-called smart contracts. These are programs that facilitate the automated transfer of funds according to a given business logic without the participants requiring to trust one another. However, recently attackers started using smart contracts to lure users into traps by deploying contracts that pretend to give away funds but in fact contain hidden traps. This new type of scam is commonly referred to as honeypots. In this paper, we propose a system that aims to protect users from falling into these traps. The system consists of a plugin for MetaMask and a back-end service that continuously scans the Ethereum blockchain for honeypots. Whenever a user is about to perform a transaction through MetaMask, our plugin sends a request to the back-end and warns the user if the target contract is a honeypot. [less ▲]

Detailed reference viewed: 49 (2 UL)
Full Text
Peer Reviewed
See detailÆGIS: Shielding Vulnerable Smart Contracts Against Attacks
Ferreira Torres, Christof UL; Steichen, Mathis UL; Norvill, Robert UL et al

in Proceedings of the 15th ACM Asia Conference on Computer and Communications Security (ASIA CCS ’20), October 5–9, 2020, Taipei, Taiwan (2020)

In recent years, smart contracts have suffered major exploits, cost- ing millions of dollars. Unlike traditional programs, smart contracts are deployed on a blockchain. As such, they cannot be modified ... [more ▼]

In recent years, smart contracts have suffered major exploits, cost- ing millions of dollars. Unlike traditional programs, smart contracts are deployed on a blockchain. As such, they cannot be modified once deployed. Though various tools have been proposed to detect vulnerable smart contracts, the majority fails to protect vulnera- ble contracts that have already been deployed on the blockchain. Only very few solutions have been proposed so far to tackle the issue of post-deployment. However, these solutions suffer from low precision and are not generic enough to prevent any type of attack. In this work, we introduce ÆGIS, a dynamic analysis tool that protects smart contracts from being exploited during runtime. Its capability of detecting new vulnerabilities can easily be extended through so-called attack patterns. These patterns are written in a domain-specific language that is tailored to the execution model of Ethereum smart contracts. The language enables the description of malicious control and data flows. In addition, we propose a novel mechanism to streamline and speed up the process of managing attack patterns. Patterns are voted upon and stored via a smart contract, thus leveraging the benefits of tamper-resistance and transparency provided by the blockchain. We compare ÆGIS to current state-of-the-art tools and demonstrate that our solution achieves higher precision in detecting attacks. Finally, we perform a large-scale analysis on the first 4.5 million blocks of the Ethereum blockchain, thereby confirming the occurrences of well reported and yet unreported attacks in the wild. [less ▲]

Detailed reference viewed: 139 (8 UL)
Full Text
See detailAccess Control Mechanisms Reconsidered with Blockchain Technologies
Steichen, Mathis UL

Doctoral thesis (2019)

Detailed reference viewed: 140 (14 UL)
Full Text
Peer Reviewed
See detailWhispering Botnet Command and Control Instructions
Steichen, Mathis UL; Ferreira Torres, Christof UL; Fiz Pontiveros, Beltran UL et al

in 2nd Crypto Valley Conference on Blockchain Technology, Zug 24-26 June 2019 (2019, June 25)

Detailed reference viewed: 107 (0 UL)
Full Text
Peer Reviewed
See detailMint Centrality: A Centrality Measure for the Bitcoin Transaction Graph
Fiz Pontiveros, Beltran UL; Steichen, Mathis UL; State, Radu UL

Poster (2019, May 17)

In this work, we consider the graph of confirmed transactions in Bitcoin. Understanding this graph is essential to discern the different economic activities conducted by the pseudonymous actors. In ... [more ▼]

In this work, we consider the graph of confirmed transactions in Bitcoin. Understanding this graph is essential to discern the different economic activities conducted by the pseudonymous actors. In addition to traditional graph analysis methods, new metrics need to be engineered specifically for the bitcoin transaction graph. Hence, we propose a new centrality measure named mint centrality. The measure uses the inherent tree structure of transactions in bitcoin and their relation to the corresponding set of coinbase transactions, and can be evaluated with linear complexity. We evaluate the mint centrality on the first 200,000 blocks of the public bitcoin blockchain. [less ▲]

Detailed reference viewed: 119 (0 UL)
Full Text
Peer Reviewed
See detailDemo: Blockchain for the Simplification and Automation of KYC Result Sharing
Norvill, Robert UL; Steichen, Mathis UL; Shbair, Wazen UL et al

in IEEE International Conference on Blockchain and Cryptocurrency (ICBC 2019) (2019, May 14)

Know Your Customer (KYC) processes performed by banks on their customers are redundant, cumbersome and costly. Therefore, a system is proposed to automate menial tasks and allow sharing of data related to ... [more ▼]

Know Your Customer (KYC) processes performed by banks on their customers are redundant, cumbersome and costly. Therefore, a system is proposed to automate menial tasks and allow sharing of data related to KYC. A blockchain dictates the collaboration between different participants and several services are built around it to support the functionality of the system as a whole. An access control system is used to share data legitimately. [less ▲]

Detailed reference viewed: 144 (20 UL)
Full Text
Peer Reviewed
See detailBlockZoom: Large-Scale Blockchain Testbed
Shbair, Wazen UL; Steichen, Mathis UL; Francois, Jerome et al

in IEEE International Conference on Blockchain and Cryptocurrency (ICBC 2019) (2019, May 14)

Future blockchain applications are anticipated to serve millions of users. Thus the evaluation of new blockchain applications have to consider large-scale assessment of the technologies behind the scene ... [more ▼]

Future blockchain applications are anticipated to serve millions of users. Thus the evaluation of new blockchain applications have to consider large-scale assessment of the technologies behind the scene. Most of current testing approaches have been done either on simulators or via local small blockchain networks. Hence, the performance in real world conditions is unpredictable. This demonstration introduces BlockZoom, a large-scale blockchain testbed that runs on top of a highly reconfigurable and controllable HPC platform. BlockZoom presents a reproducible environment for experimenting distributed ledgers technologies and smart contract applications. Through different configuration scenarios developers can evaluate the applications performance and the blockchain behavior at a scale comparable to the production environment. The target audience of this demonstration includes researchers and developers in blockchain technology. [less ▲]

Detailed reference viewed: 117 (8 UL)
Full Text
Peer Reviewed
See detailThe Art of The Scam: Demystifying Honeypots in Ethereum Smart Contracts
Ferreira Torres, Christof UL; Steichen, Mathis UL; State, Radu UL

in USENIX Security Symposium, Santa Clara, 14-16 August 2019 (2019)

Modern blockchains, such as Ethereum, enable the execution of so-called smart contracts - programs that are executed across a decentralised network of nodes. As smart contracts become more popular and ... [more ▼]

Modern blockchains, such as Ethereum, enable the execution of so-called smart contracts - programs that are executed across a decentralised network of nodes. As smart contracts become more popular and carry more value, they become more of an interesting target for attackers. In the past few years, several smart contracts have been exploited by attackers. However, a new trend towards a more proactive approach seems to be on the rise, where attackers do not search for vulnerable contracts anymore. Instead, they try to lure their victims into traps by deploying seemingly vulnerable contracts that contain hidden traps. This new type of contracts is commonly referred to as honeypots. In this paper, we present the first systematic analysis of honeypot smart contracts, by investigating their prevalence, behaviour and impact on the Ethereum blockchain. We develop a taxonomy of honeypot techniques and use this to build HoneyBadger - a tool that employs symbolic execution and well defined heuristics to expose honeypots. We perform a large-scale analysis on more than 2 million smart contracts and show that our tool not only achieves high precision, but is also highly efficient. We identify 690 honeypot smart contracts as well as 240 victims in the wild, with an accumulated profit of more than $90,000 for the honeypot creators. Our manual validation shows that 87% of the reported contracts are indeed honeypots. [less ▲]

Detailed reference viewed: 123 (13 UL)
Full Text
Peer Reviewed
See detailÆGIS: Smart Shielding of Smart Contracts
Ferreira Torres, Christof UL; Steichen, Mathis UL; Norvill, Robert UL et al

Poster (2019)

In recent years, smart contracts have suffered major exploits, losing millions of dollars. Unlike traditional programs, smart contracts cannot be updated once deployed. Though various tools were pro ... [more ▼]

In recent years, smart contracts have suffered major exploits, losing millions of dollars. Unlike traditional programs, smart contracts cannot be updated once deployed. Though various tools were pro- posed to detect vulnerable smart contracts, they all fail to protect contracts that have already been deployed on the blockchain. More- over, they focus on vulnerabilities, but do not address scams (e.g., honeypots). In this work, we introduce ÆGIS, a tool that shields smart contracts and users on the blockchain from being exploited. To this end, ÆGIS reverts transactions in real-time based on pat- tern matching. These patterns encode the detection of malicious transactions that trigger exploits or scams. New patterns are voted upon and stored via a smart contract, thus leveraging the benefits of tamper-resistance and transparency provided by blockchain. By allowing its protection to be updated, the smart contract acts as a smart shield. [less ▲]

Detailed reference viewed: 31 (1 UL)
Full Text
Peer Reviewed
See detailBlockchain-Based, Decentralized Access Control for IPFS
Steichen, Mathis UL; Fiz Pontiveros, Beltran UL; Norvill, Robert UL et al

in The 2018 IEEE International Conference on Blockchain (Blockchain-2018) (2018, July 30)

Large files cannot be efficiently stored on blockchains. On one hand side, the blockchain becomes bloated with data that has to be propagated within the blockchain network. On the other hand, since the ... [more ▼]

Large files cannot be efficiently stored on blockchains. On one hand side, the blockchain becomes bloated with data that has to be propagated within the blockchain network. On the other hand, since the blockchain is replicated on many nodes, a lot of storage space is required without serving an immediate purpose, especially if the node operator does not need to view every file that is stored on the blockchain. It furthermore leads to an increase in the price of operating blockchain nodes because more data needs to be processed, transferred and stored. IPFS is a file sharing system that can be leveraged to more efficiently store and share large files. It relies on cryptographic hashes that can easily be stored on a blockchain. Nonetheless, IPFS does not permit users to share files with selected parties. This is necessary, if sensitive or personal data needs to be shared. Therefore, this paper presents a modified version of the InterPlanetary Filesystem (IPFS) that leverages Ethereum smart contracts to provide access controlled file sharing. The smart contract is used to maintain the access control list, while the modified IPFS software enforces it. For this, it interacts with the smart contract whenever a file is uploaded, downloaded or transferred. Using an experimental setup, the impact of the access controlled IPFS is analyzed and discussed. [less ▲]

Detailed reference viewed: 505 (40 UL)
Full Text
Peer Reviewed
See detailBlockchain Orchestration and Experimentation Framework: A Case Study of KYC
Shbair, Wazen UL; Steichen, Mathis UL; François, Jérôme UL et al

in The First IEEE/IFIP International Workshop on Managing and Managed by Blockchain (Man2Block) colocated with IEEE/IFIP NOMS 2018 (2018)

Conducting experiments to evaluate blockchain applications is a challenging task for developers, because there is a range of configuration parameters that control blockchain environments. Many public ... [more ▼]

Conducting experiments to evaluate blockchain applications is a challenging task for developers, because there is a range of configuration parameters that control blockchain environments. Many public testnets (e.g. Rinkeby Ethereum) can be used for testing, however, we cannot adjust their parameters (e.g. Gas limit, Mining difficulty) to further the understanding of the application in question and of the employed blockchain. This paper proposes an easy to use orchestration framework over the Grid'5000 platform. Grid'5000 is a highly reconfigurable and controllable large-scale testbed. We developed a tool that facilitates nodes reservation, deployment and blockchain configuration over the Grid'5000 platform. In addition, our tool can fine-tune blockchain and network parameters before and between experiments. The proposed framework offers insights for private and consortium blockchain developers to identify performance bottlenecks and to assess the behavior of their applications in different circumstances. [less ▲]

Detailed reference viewed: 510 (29 UL)
Full Text
Peer Reviewed
See detailAdvanced Cooling Methods for High-Speed Electrical Machines
Tüysüz, Arda; Meyer, Francesca; Steichen, Mathis UL et al

in IEEE Transactions on Industry Applications (2017)

Detailed reference viewed: 85 (0 UL)
Full Text
Peer Reviewed
See detailChainGuard - A Firewall for Blockchain Applications using SDN with OpenFlow
Steichen, Mathis UL; Hommes, Stefan UL; State, Radu UL

in ChainGuard - A Firewall for Blockchain Applications using SDN with OpenFlow (2017)

Recently, blockchains have been gathering a lot of interest. Many applications can benefit from the advantages of blockchains. Nevertheless, applications with more restricted privacy or participation ... [more ▼]

Recently, blockchains have been gathering a lot of interest. Many applications can benefit from the advantages of blockchains. Nevertheless, applications with more restricted privacy or participation requirements cannot rely on public blockchains. First, the whole blockchain can be downloaded at any time, thus making the data available to the public. Second, anyone can deploy a node, join the blockchain network and take part in the consensus building process. Private and consortium blockchains promise to combine the advantages of blockchains with stricter requirements on the participating entities. This is also the reason for the comparably small number of nodes that store and extend those blockchains. However, by targeting specific nodes, an attacker can influence how consensuses are reached and possibly even halt the blockchain operation. To provide additional security to the blockchain nodes, ChainGuard utilizes SDN functionalities to filter network traffic, thus implementing a firewall for blockchain applications. ChainGuard communicates with the blockchain nodes it guards to determine which origin of the traffic is legitimate. Packets from illegitimate sources are intercepted and thus cannot have an effect on the blockchain. As is shown with experiments, ChainGuard provides access control functionality and can effectively mitigate flooding attacks from several sources at once. [less ▲]

Detailed reference viewed: 106 (10 UL)
Full Text
Peer Reviewed
See detailAdvanced cooling concepts for ultra-high-speed machines
Tüysüz, Arda; Steichen, Mathis UL; Zwyssig, Christof et al

in Advanced cooling concepts for ultra-high-speed machines (2015)

Detailed reference viewed: 77 (2 UL)