A first look at browser-based Cryptojacking

IEEE SECURITY & PRIVACY ON THE BLOCKCHAIN (IEEE S&B) 2018 University College London (UCL), London, UK

In this paper, we examine the recent trend towards in-browser mining of cryptocurrencies; in particular, the mining of Monero through Coinhive and similar code- bases. In this model, a user visiting a website will download a JavaScript code that executes client-side in her browser, mines a cryptocurrency, typically without her consent or knowledge, and pays out the seigniorage to the website. Websites may consciously employ this as an alternative or to supplement advertisement revenue, may offer premium content in exchange for mining, or may be unwittingly serving the code as a result of a breach (in which case the seigniorage is collected by the attacker). The cryptocurrency Monero is preferred seemingly for its unfriendliness to large-scale ASIC mining that would drive browser-based efforts out of the market, as well as for its purported privacy features. In this paper, we survey this landscape, conduct some measurements to establish its prevalence and profitability, outline an ethical framework for considering whether it should be classified as an attack or business opportunity, and make suggestions for the detection, mitigation and/or prevention of browser-based mining for non- consenting users.

GitHub   Paper   Slides  
Press: Schneier on Security   Cointelegraph   Motherboard Vice   Cointelegraph   Cryptoinsider  

On the feasibility of decentralized derivatives markets

FC 2017 Financial Cryptography and Data Security

In this paper, we present Velocity, a decentralized market deployed on Ethereum for trading a custom type of derivative option. To enable the smart contract to work, we also implement a price fetching tool called PriceGeth. We present this as a case study, noting challenges in development of the system that might be of independent interest to whose working on smart contract implementations. We also apply recent academic results on the security of the Solidity smart contract language in validating our code’s security. Finally, we discuss more generally the use of smart contracts in modelling financial derivatives.

GitHub   Paper  
Press: Coindesk   Bitaccess   bitcoin.com  

Buy your coffee with bitcoin, Real-world deployment of a bitcoin point of sale terminal

Advanced and Trusted Computing (UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld), 2016 Intl IEEE Conferences, Toulouse, France.

In this paper we discuss existing approaches for Bitcoin payments, as suitable for a small business for small-value transactions. We develop an evaluation framework utilizing security, usability, deployability criteria,, examine several existing systems, tools. Following a requirements engineering approach, we designed, implemented a new Point of Sale (PoS) system that satisfies an optimal set of criteria within our evaluation framework. Our open source system, Aunja PoS, has been deployed in a real world cafe since October 2014.

GitHub   Paper  

Real-world Deployability and Usability of Bitcoin

Thesis (M.A. Sc.) - Concordia University, 2015

We live in an era where Internet is one of the daily needs of human life. People use Internet banking instead of going to banks, they use email rather than postal mail.This leads to a robust digital way of living, but this also means people are trusting middle companies and third parties for their online services. The need of having a digital form of money that is not being controlled by one entity is plain to see. Bitcoin is the first and the most popular decentralized virtual currency. It is based on cryptographic functions to remove the need of a central bank and regulates the generation of new units. In this thesis, we would like to look at available tools to facilitate users in holding and using Bitcoin by a perspective on usability and security, and then evaluate the possibilities for a small business to accept Bitcoin payments. Our focus is on the usability of these tools and developing a useful framework for comparing and eval- uating future tools. While many security tools have been studied from a usability perspective, our work is the first to look at Bitcoin.

Paper  

A first look at the usability of bitcoin key management

USEC 15 NDSS Workshop on Usable Security (USEC) 2015, San Diego, CA, USA, February 8, 2015, Internet Society

Bitcoin users are directly or indirectly forced to deal with public key cryptography, which has a number of security and usability challenges that differ from the password-based authentication underlying most online banking services. Users must ensure that keys are simultaneously accessible, resistant to digital theft and resilient to loss. In this paper, we contribute an evaluation framework for comparing Bitcoin key management approaches, and conduct a broad usability evaluation of six representative Bitcoin clients. We find that Bitcoin shares many of the fundamental challenges of key management known from other domains, but that Bitcoin may present a unique opportunity to rethink key management for end users.

Paper  
Press: The Morning Paper   VentureSkies   Standford Bitcoin and Cryptocurrency Technologies Syllabus  

Monitoring system calls for anomaly detection in modern operating systems

Software Reliability Engineering Workshops (ISSREW), 2013 IEEE International Symposium

Host-based intrusion detection systems monitor systems in operation for significant deviations from normal (and healthy) behaviour. Many approaches have been proposed in the literature. Most of them, however, do not consider even the basic attack prevention mechanisms that are activated by default on today’s many operating systems. Examples of such mechanisms include Address Space Layout Randomization and Data Execution Prevention. With such security methods in place, attackers are forced to perform additional actions to circumvent them. In this research, we conjecture that some of these actions may require the use of additional system calls. If so, one can trace such attacks to discover attack patterns that can later be used to enhance the detection power of anomaly detection systems. The purpose of this short paper is to motivate the need to investigate the impact of attack on system calls while trying to overcome these prevention mechanisms.

GitHub   Paper  

Catena Blockchain Suite

The Catena Blockchain Suite is an industry first product to quickly enable publishing of complex datasets onto public or private blockchains. Utilising smart contracts and hardware security modules, Catena enables a new level of data consistency and integrity. National Research Council (NRC) is using the Catena Blockchain Suite, a Canadian-made product built on the Ethereum blockchain, to publish funding and grant information in real time.

GitHub Homepage
Press: National Research Council Canada   GlobalNews   Newswire   ETHNews   TrustNodes  

Velocity Technology

Velocity is a decentralized options platform that allows users to enter into a collar option using a smart contract on the ethereum blockchain. Velocity platform includes smart contracts responsible for the trades and PriceGeth an oracle to publish price on Ethereum blockchain at everyblock.

GitHub
Press: Steemit   ETHNews   IBSIntelligence   siliconANGLE   BlockTribune  

Keystamp, An open-source Proof-of-Compliance standard on the blockchain

Ontario Securities Commission Hackathon 1st Prize Winner. Integrating applied cryptography and blockchain technologies in existing corporate processes and commercial relationships, such as compliance policy implementation and audit.

GitHub Homepage
Press: Betakit   TimelyDisclosure   Ontario Securities Commission   Keystamp Pitch in RegHackTo  

Shir Ya Khat

Farsi (Persian) educational podcast on Blockchain technologies and cryptocurrencies

Homepage
Press: CoinIran  

SecRev - The Security Revolution from Montreal

Montreal, Canada.

The Cybersecurity Revolution is an event conceived to openly encourage sharing and interaction among the wider cybersecurity research community. It is an event focused around research, education, science and learning and not the furthering of commercial interests. On this talk I presented my work on the first look at browser-based Cryptojacking.

Website   Paper   Slides   Video  

2nd Annual Blockchain Bootcamp

Blockhouse (Catallaxy), Montreal, Canada.

Our blockchain bootcamp is an introductory level workshop that will teach you the main building blocks of blockchain, with hands on experience with timestamping and associated use cases.

A first look at browser-based Cryptojacking

IEEE SECURITY & PRIVACY ON THE BLOCKCHAIN (IEEE S&B) 2018 University College London (UCL), London, UK

IEEE SECURITY & PRIVACY ON THE BLOCKCHAIN (IEEE S&B) - Paper Presentation

GitHub   Paper   Slides  

Blockchain Fundamentals

Concordia University, Montreal, Canada

Covering all of the basic fundamentals of blockchain and about the impact that this innovative technology will have on society.

Website   Slides  

WTH is Bitcoin?

Technologies, World and Societies, School of Sociological and Anthropological Studies, University of Ottawa, Canada

A thorugh historical view of where Bitcoin and Blockchain technology came from and how it evolved to be what we know now.

Slides  

Bootstrap Ethereum Development

ETHWaterloo, Waterloo, Canada

A walkthrough on Ethereum development stack, describing how EVM and Full nodes function. Teaching on what development environment to work on for Hackthons and faster deployment

Website   Slides