Using Blockchain in Cyber-Forensics

Objectives
1. What is Blockchain?
2. Applications of Blockchain
3. Cryptocurrency(Bitcoin)
4. Major Cyber Attacks
5. Why blockchain for cyber security?
6. Blockchain in Cyber-Forensics
7. Limitations of blockchain
8. Conclusion
 What is Blockchain?
•Blockchain is a chain of blocks that contains
information.
•This technique was originally described in 1991
and intended to timestamp digital documents.
• Blockchain is a decentralized, digitized, highly
distributed public ledger.
• It creates a digital ledger of transactions and
allows all the participants on network to edit
the ledger in a secured way which is shared
over distributed network of the computers.
• It uses a Peer to Peer Network.
• When a new block needs to be added to
blockchain, all the nodes need to reach a
consensus on whether the block is tampered
or not. The blocks that are tampered with are
rejected by the nodes in the network.
 What is block?
• Each block contains some data, the hash of
the block and hash of previous block.
1. Data: The data that is stored inside a block
depends on the type of blockchain.
For example: Bitcoin blockchain stores the
details about the transactions, such as
sender, receiver and amount of coins.
2. Hash: The individual blocks are identified by a
hash which is generated using secure hash
algorithm (SHA-256) cryptographic hash
algorithm .It identifies a block and all of its
contents and is always unique just as a
fingerprint.
3. Hash of Previous block: This effectively
creates a chain of blocks and it’s this
technique that makes a blockchain so secure.
How does Blockchain work?
 Security of Blockchain:
It basically comes from 2 mechanisms- hashing
and Proof of work.
• Proof of work means a lot of computing power is
needed to create new blocks.
• So, a difficulty factor is added to prevent the
tampering of the blocks in blockchain.
 Consensus
• A consensus mechanism is a fault-tolerant
mechanism that is used in computer and
blockchain systems to achieve the necessary
agreement on a single data value or a single
state of the network among distributed
processes or multi-agent systems.
• It is useful in record-keeping.
Applications of Blockchain
Cryptocurrency
 Bitcoin
• Bitcoin is a cryptocurrency, a form of electronic
cash.
• It is decentralized digital currency without a
central bank or single administrator that can be
sent from user to user on the peer-to-peer
bitcoin network without the need for
intermediaries.
• Satoshi Nakamoto implemented the bitcoin
software as open source code and released in
January 2009
 How it differs from traditional
currencies ?
• Decentralization
• Limited supply
• Pseudonymity
• Immutability
• Divisibility
 Conversion units
• 1 BTC = 100 million satoshi
• 1BTC = $3715 / ₹2,63,484.52
• $1 = 26917 satoshi
• ₹1 = 379.1 satoshi
 How does Bitcoin work?
• Once you own bitcoins, they possess value and
trade just as if they were nuggets of gold in your
pocket.
• You can use your bitcoins to purchase goods and
services online, or you can tuck them away and
hope that their value increase.
• Bitcoins are traded from one personal wallet to
another.
• A wallet is small personal database that you store
on your computer drive, smartphone or cloud.
 Bitcoin Mining
• Bitcoin mining is the process of adding
transaction records to the bitcoin’s public
ledger of past transactions.
• It is designed to be resource intensive and
difficult to that the number of blocks found
each day by miners remain steady.
• Mining is also a mechanism used to introduce
bitcoins into the system.
• Bitcoin mining is done by specialized
computers.
• The role of miners is to secure the network
and top process every bitcoin transaction.
• Miners achieve this by solving a
computational problem which allows them to
chain together blocks of transactions.
• Miners are rewarded with newly created
bitcoins.
• Total number of bitcoins in circulation will
approach a limit of 21 million upto year 2140.
GPU required for large computing power by
miners.
 Blockchain use cases in security
1. Traceable secure transactions
2. Blockchain as an evidence basis
3. Control of network communications & Safe data
storage
4. Authenticity confirmation & Protection from
counterfeit
5. Minimization of human errors & Reduce of
paperwork
6. Securing an IoT ecosystem
7. Traceable supply chains
 Major Cyber Attacks
1. CryptoLocker Ransomware - It is a
ransomware Trojan which targeted
computers running MS windows.
2. WannaCry Ransomware - It is one of the
biggest cyber attacks in history. It basically
locks user devices and prevents them from
accessing data and software, propagates
using EternalBlue.
3. Petya - It targeted windows machines. It
infects master boot record and prevents the
system from booting.
4. The 2011 PlayStation Network attack - It was
the result of an external intrusion on SONY’s
PlayStation Network in which personal details
were compromised.
5. Operation Aurora - It exploited zero-day
vulnerability in Microsoft Internet Explorer.
6. Mirai – A malware that targets online
consumer devices such as IP cameras and
routers. It launched DDOS attacks.
Using Blockchain in Cyber Security
1. Symmetric key algorithms
2. Public key cryptographic algorithms
3. PKI Based Security
4. Provenance
5. Preventing DDOS attacks
6. DNS Security
Symmetric key algorithms
 Symmetric key algorithms
• Both parties need to share the key using
secure channel.
• It is not scalable for users wishing to transact
with multiple parties given the need to agree
on a different symmetrically key with each
different party.
• It is not secure for use with untrusted parties,
given that the other party can provide others
with the key.
Public key Cryptographic Algorithms
 Public key Cryptographic Algorithms
• Public key cryptography enables parties to
securely send and receive data from one
another.
Limitations:
• It does not authenticate that a public key is
truly associated with a user.
• User’s public key is available to everyone, no
guarantee that the data is coming from the
presumed sending party.
 PKI based security
• The Public Key Infrastructure(PKI) security
method is used to implement strong
authentication, data encryption and digital
signatures.
• If PKI is maintained on a blockchain, single
computer is replaced by a group of connected
computers making it more robust and
trustworthy.
 How PKI works?
• The public key infrastructure (PKI) security
method is a two-key asymmetric cryptosystem, a
framework that allows different IT systems to
have high level of confidence through
authentication with digital signatures and digital
certificates.
• It makes use of public key and private key.
• Digital certificates are data packages that
identifies the entity issued by Certificate
Authority.
 Provenance
• It is basically Logging and Integrity management.
• Verifiable supply of chain of data which can
provide history and traced back towards
accountability.
• Provide clear audit trail for data transactions
which helps to detect data breaches/Forensic
analysis.
• Protects from various cyber attacks such as
Advanced Persistent Threats(APTs), code
injections etc.
 DDoS attacks
• DDoS stands for Distributed Denial of Service.
• In DDoS attacks, multiple systems flood a
server, website, or any other network resource
with connect requests, messages, or other
communication packets.
• The goal is to slow down or crash the system.
• The concentrated attack and subsequent shut
down of the system results in a “denial of
service” for legitimate users
• An attacker exploits vulnerabilities in a computer
and makes it the DDoS master. The compromised
system then targets multiple computer systems
with vulnerabilities and gains control over them
using malware or Trojan. The systems under the
control of the attacker are called “zombies.”
• The attacker then uses the traffic generated by
the compromised devices to flood the target
domain and shut it down.
• GitHub and Dyn are the largest DDoS attacks in
internet history.
• Downtime, increased costs, and vulnerability to
more cybercrimes are aftermath of Ddos attacks.
DDoS attacks are “distributed,” because they use
many zombies to increase the attack strength
and complexity.
 Prevention of DDoS attacks using
blockchain
• Blockchain is a decentralized system with
multiple nodes.
• Operating the DNS on a blockchain would ensure
that attacks are not concentrated on a centralized
source, crippling it.
• companies are also using blockchain to create a
decentralized network of servers that can quickly
send bandwidth to other servers facing attacks.
• The attacked server can then withstand the DDoS
onslaught by absorbing the excess traffic using
the additional bandwidth.
 DNS Security
• Domain Name System(DNS) protocol was originally
designed with no security protection in place.
• DNS SEC extensions is a set of extensions to DNS which
provide to DNS clients origin authentication of DNS data,
authenticated denial of existence and data integrity, but
not availability and confidentiality.
• DNS SEC has added a layer of trust on top of DNS by
providing authentication, but it still did not address issues
such as DoS/Ddos attacks.
• Blockchain-based DNS alternatives(Namecoin and
Blockstack) – is a promising approach to build
decentralized, secure and human-friendly naming systems.
 Blockchain in Cyber-Forensics
• In cyber forensics, blockchain can also significantly
help. In court, blockchain can serve as an evidence
basis, since all activities are recorded and stored on the
ledger.
• It can help companies successfully fight against fraud,
financial crimes, and theft of digital rights.
• The main goals of cyber forensic specialists is to define
all logins in the system and trace all activities (and their
time) made by the network participants.
• They uncover past events and determine their
consequence.
 ETHEREUM BLOCKCHAIN BASED DIGITAL
FORENSICS CHAIN OF CUSTODY
• Chain of custody can be defined as a process used to
maintain and document the chronological history of han-
dling digital evidence.
• Ethereum is a blockchain with built-in Turing-complete
programming language.
• It gives users power to write smart contracts, de-centralized
applications where users define their own arbitrary rules
for ownership, transaction formats and state transition
functions.
• The motivation behind using Ethereum blockchain smart
contracts is that they provide more power in terms of
Turing-completeness, value-awareness, blockchain-
awareness.
 Forensic Chain Model
• Forensic-Chain is a blockchain based solution for
maintaining and tracing digital forensics chain of
custody.
• The evidence that is to be preserved is first encrypted
securely and have a blockchain capability added on.
• The encrypted data would be accessible only to
desired party on the blockchain but would
simultaneously record the time,date and possibly user-
ID of the accessing party and add it to the unalterable
record in blockchain all done automatically through
smart contracts.
• The blockchain itself can be read via a special
function.
• The functionality of blockchain allows courts and
associated personnel the ability to examine historical
chain of custody without accessing data itself.
• The blockchain’s first entry i.e genesis block consists
of initial hash of the data such as time, date and
location of initial acquisition.
• Subsequent accesses made possible only via a special
program.
• Automated access tracking through smart contract
will help in detection when copies of evidence are
being made and record them in the blockchain.
 Forensic chain in action
• Forensic-Chain is initiated or triggered by First
Responder, taking hash of digital evidence and
recording them securely on blockchain through
smart contract.
• Other details like location, time, and date etc. of
crime scene also gets recorded on blockchain.
• During the course of digital forensics investigation
any evidence transfer gets automatically recorded
on the blockchain through smart contracts.
 Limitations of Blockchain
• Signature verification
• Redundancy
• Attaining consensus
• Complexity
• Energy and resource consumption
• Security flaws
• Limited scalability and storage issues
 Conclusion
• Blockchain technology speed up transactions,
lower fraud risks and cut costs.
• This technology has exorbitant array of possible
solutions for finance, logistics, healthcare, IOT and
cyber security.
• Bitcoin remains the most successful decentralized
cryptocurrency.
• There has been increasing interest in designing a
forensically-friendly cryptocurrency architecture
such as those used in cybercriminal activities (e.g.,
ransomware and terrorism financing).