CrudiTEE: A Stick-And-Carrot Approach to Building Trustworthy Cryptocurrency Wallets with TEEs

Authors Lulu Zhou , Zeyu Liu , Fan Zhang , Michael K. Reiter



PDF
Thumbnail PDF

File

LIPIcs.AFT.2024.16.pdf
  • Filesize: 1.24 MB
  • 25 pages

Document Identifiers

Author Details

Lulu Zhou
  • Yale University, New Haven, CT, USA
Zeyu Liu
  • Yale University, New Haven, CT, USA
Fan Zhang
  • Yale University, New Haven, CT, USA
Michael K. Reiter
  • Duke University, New Haven, CT, USA

Cite AsGet BibTex

Lulu Zhou, Zeyu Liu, Fan Zhang, and Michael K. Reiter. CrudiTEE: A Stick-And-Carrot Approach to Building Trustworthy Cryptocurrency Wallets with TEEs. In 6th Conference on Advances in Financial Technologies (AFT 2024). Leibniz International Proceedings in Informatics (LIPIcs), Volume 316, pp. 16:1-16:25, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2024)
https://doi.org/10.4230/LIPIcs.AFT.2024.16

Abstract

Cryptocurrency introduces usability challenges by requiring users to manage signing keys. Popular signing key management services (e.g., custodial wallets), however, either introduce a trusted party or burden users with managing signing key shares, posing the same usability challenges. TEE (Trusted Execution Environment) is a promising technology to avoid both, but practical implementations of TEEs suffer from various side-channel attacks that have proven hard to eliminate. This paper explores a new approach to side-channel mitigation through economic incentives for TEE-based cryptocurrency wallet solutions. By taking the cost and profit of side-channel attacks into consideration, we designed a Stick-and-Carrot-based cryptocurrency wallet, CrudiTEE, that leverages penalties (the stick) and rewards (the carrot) to disincentivize attackers from exfiltrating signing keys in the first place. We model the attacker’s behavior using a Markov Decision Process (MDP) to evaluate the effectiveness of the bounty and enable the service provider to adjust the parameters of the bounty’s reward function accordingly.

Subject Classification

ACM Subject Classification
  • Security and privacy → Authorization
  • Security and privacy → Side-channel analysis and countermeasures
Keywords
  • Cryptocurrency wallet
  • blockchain

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads

References

  1. O. Aciiçmez, W. Schindler, and Ç. K. Koç. Cache based remote timing attack on the AES. In Topics in Cryptology - CT-RSA 2007, The Cryptographers' Track at the RSA Conference 2007, pages 271-286, February 2007. Google Scholar
  2. AMD secure encrypted virtualization (SEV). URL: https://www.amd.com/en/developer/sev.html.
  3. Ittai Anati, Shay Gueron, Simon Johnson, and Vincent Scarlata. Innovative technology for CPU based attestation and sealing. In 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, 2013. Google Scholar
  4. Diego F. Aranha, Felipe Rodrigues Novaes, Akira Takahashi, Mehdi Tibouchi, and Yuval Yarom. Ladderleak: Breaking ecdsa with less than one bit of nonce leakage. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, CCS '20, pages 225-242, New York, NY, USA, 2020. Association for Computing Machinery. URL: https://doi.org/10.1145/3372297.3417268.
  5. The sequencer and censorship resistance. URL: https://docs.arbitrum.io/sequencer/#unhappyuncommon-case-sequencer-isnt-doing-its-job.
  6. AWS price calculator. https://calculator.aws/, 2023.
  7. Kushal Babel, Nerla Jean-Louis, Mahimna Kelkar, Yunqi Li, Carolina Ortega Perez, Aditya Asgoankar, Sylvain Bellemare, Ari Juels, and Andrew Miller. The Sting framework (SF), 2023. URL: https://initc3org.medium.com/the-sting-framework-sf-ef00702c88c7.
  8. Bitcoin core 25.0. https://github.com/bitcoin/bitcoin, 2023.
  9. Ferdinand Brasser, Srdjan Capkun, Alexandra Dmitrienko, Tommaso Frassetto, Kari Kostiainen, and Ahmad-Reza Sadeghi. Dr. SGX: Automated and adjustable side-channel protection for SGX using data location randomization. In 35th Annual Computer Security Applications Conference, pages 788-800, 2019. Google Scholar
  10. Lorenz Breidenbach, Phil Daian, Florian Tramèr, and Ari Juels. Enter the hydra: Towards principled bug bounties and exploit-resistant smart contracts. In 27th USENIX Security Symposium, pages 1335-1352, 2018. Google Scholar
  11. Ernie Brickell, Gary Graunke, and Jean-Pierre Seifert. Mitigating cache/timing attacks in AES and RSA software implementations. In RSA Conference, 2006. Google Scholar
  12. D. Brumley and D. Boneh. Remote timing attacks are practical. Computer Networks, 48(5):701-716, 2005. Google Scholar
  13. Iadine Chadès, Guillaume Chapron, Marie-Josée Cros, Frédérick Garcia, and Régis Sabbadin. Mdptoolbox: a multi-platform toolbox to solve stochastic dynamic programming problems. Ecography, 37(9):916-920, 2014. Google Scholar
  14. Raymond Cheng, Fan Zhang, Jernej Kos, Warren He, Nicholas Hynes, Noah Johnson, Ari Juels, Andrew Miller, and Dawn Song. Ekiden: A platform for confidentiality-preserving, trustworthy, and performant smart contracts. In 2019 IEEE European Symposium on Security and Privacy (EuroS&P), pages 185-200. IEEE, 2019. Google Scholar
  15. Coinbase. URL: https://www.coinbase.com/.
  16. Manuel Costa, Lawrence Esswood, Olga Ohrimenko, Felix Schuster, and Sameer Wagh. The pyramid scheme: Oblivious RAM for trusted processors. arXiv preprint arXiv:1712.07882, 2017. Google Scholar
  17. Luca De Vito, Sergio Rapuano, and Laura Tomaciello. One-way delay measurement: State of the art. IEEE Transactions on Instrumentation and Measurement, 57(12):2742-2750, 2008. Google Scholar
  18. Federal Reserve Bank of Atlanta. Survey of consumer payment choice 2020, 2020. URL: https://www.atlantafed.org/-/media/documents/banking/consumer-payments/survey-of-consumer-payment-choice/2020/2020-survey-of-consumer-payment-choice.pdf.
  19. Thomas S. Ferguson. Who Solved the Secretary Problem? Statistical Science, 4(3):282-289, 1989. URL: https://doi.org/10.1214/ss/1177012493.
  20. K. Gandolfi, C. Mourtel, and F. Olivier. Electromagnetic analysis: Concrete results. In Cryptographic Hardware and Embedded Systems - CHES 2001, volume 2162 of Lecture Notes in Computer Science, pages 251-261, May 2001. Google Scholar
  21. Daniel Genkin, Lev Pachmanov, Itamar Pipman, Eran Tromer, and Yuval Yarom. Ecdsa key extraction from mobile devices via nonintrusive physical side channels. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS '16, pages 1626-1638, New York, NY, USA, 2016. Association for Computing Machinery. URL: https://doi.org/10.1145/2976749.2978353.
  22. Rosario Gennaro and Steven Goldfeder. Fast multiparty threshold ECDSA with fast trustless setup. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pages 1179-1194, 2018. Google Scholar
  23. Geoffrey Gerdes, Claire Greene, Xuemei (May) Liu, Emily Massaro, Ambika Nair, Zach Proom, Nancy Donahue, Lisa Gillispie, Mary Kepler, Doug King, Susan Krupkowski, Ellen Levy, Dave Lott, Mark Manuszak, David Mills, Laura Reiter, Stephanie Scuiletti, Susan Stawick, Catherine Thaliath, Jessica Washington, and Julius Weyman. The 2019 federal reserve payments study. URL: https://www.federalreserve.gov/paymentsystems/2019-December-The-Federal-Reserve-Payments-Study.htm.
  24. Alexander V. Gnedin and Ulrich Krengel. A stochastic game of optimal stopping and order selection. Annals of Applied Probability, 5:310-321, 1995. URL: https://api.semanticscholar.org/CorpusID:122457776.
  25. Google LLC. Using OAuth2.0 with OpenID Connect in Google. URL: https://developers.google.com/identity/openid-connect/openid-connect.
  26. Daniel Gruss, Clémentine Maurice, Klaus Wagner, and Stefan Mangard. Flush+flush: A fast and stealthy cache attack. In DIMVA 2016: Detection of Intrusions and Malware, and Vulnerability Assessment, volume 9721 of Lecture Notes in Computer Science, pages 279-299, 2016. Google Scholar
  27. D. Gullasch, E. Bangerter, and S. Krenn. Cache games - bringing access-based cache attacks on AES to practice. In 32nd IEEE Symposium on Security & Privacy, pages 490-505, 2011. Google Scholar
  28. H100 tensor core GPU | NVIDIA. URL: https://www.nvidia.com/en-us/data-center/h100/.
  29. Amir Herzberg, Stanislaw Jarecki, Hugo Krawczyk, and Moti Yung. Proactive secret sharing or: How to cope with perpetual leakage. In Advances in Cryptology - CRYPTO '95, volume 963 of Lecture Notes in Computer Science, pages 339-352, 1995. Google Scholar
  30. Don Johnson, Alfred Menezes, and Scott Vanstone. The elliptic curve digital signature algorithm (ecdsa). In International Journal of Information Security. Association for Computing Machinery, July 2001. URL: https://doi.org/10.1007/s102070100002.
  31. P. Kocher, J. Jaffe, and B. Jun. Differential power analysis. In Advances in Cryptology - CRYPTO ’99, volume 1666 of Lecture Notes in Computer Science, pages 388-397, August 1999. Google Scholar
  32. P. C. Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Advances in Cryptology - CRYPTO ’96, volume 1109 of Lecture Notes in Computer Science, pages 104-113, 1996. Google Scholar
  33. Jiasun Li. On the security of optimistic blockchain mechanisms. Available at SSRN 4499357, 2023. Google Scholar
  34. Mengyuan Li, Yinqian Zhang, Huibo Wang, Kang Li, and Yueqiang Cheng. CIPHERLEAKS: Breaking constant-time cryptography on AMD SEV via the ciphertext side channel. In 30th USENIX Security Symposium, August 2021. Google Scholar
  35. Moritz Lipp, Andreas Kogler, David Oswald, Michael Schwarz, Catherine Easdon, Claudio Canella, and Daniel Gruss. Platypus: Software-based power side-channel attacks on x86. In 2021 IEEE Symposium on Security and Privacy (SP), pages 355-371, 2021. URL: https://doi.org/10.1109/SP40001.2021.00063.
  36. Suresh S Malladi and Hemang C Subramanian. Bug bounty programs for cybersecurity: Practices, issues, and recommendations. IEEE Software, 37(1):31-39, 2019. Google Scholar
  37. Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. Innovative instructions and software model for isolated execution. In 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, HASP '13, page 1, New York, NY, USA, June 2013. Association for Computing Machinery. URL: https://doi.org/10.1145/2487726.2488368.
  38. Markov decision process (mdp) toolbox. URL: https://pymdptoolbox.readthedocs.io/en/latest/api/mdptoolbox.html.
  39. ID tokens in the Microsoft identity platform. URL: https://learn.microsoft.com/en-us/azure/active-directory/develop/id-tokens.
  40. Saeid Mofrad, Fengwei Zhang, Shiyong Lu, and Weidong Shi. A comparison study of intel sgx and amd memory encryption technology. In Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy, pages 1-8, 2018. Google Scholar
  41. S.-J. Moon, V. Sekar, and M. K. Reiter. Nomad: Mitigating arbitrary cloud side channels via provider-assisted migration. In 22nd ACM Conference on Computer and Communications Security, pages 1595-1606, October 2015. Google Scholar
  42. M. Morbitzer, S. Proskurin, M. Radev, M. Dorfhuber, and E. Salas. Severity: Code injection attacks against encrypted virtual machines. In 2021 IEEE Security and Privacy Workshops (SPW), pages 444-455, Los Alamitos, CA, USA, May 2021. IEEE Computer Society. URL: https://doi.org/10.1109/SPW53761.2021.00063.
  43. Alexander Nilsson, Pegah Nikbakht Bideh, and Joakim Brorsson. A survey of published attacks on Intel SGX. arXiv preprint arXiv:2006.13598, 2020. Google Scholar
  44. OpenSSL. https://www.openssl.org/, 2023.
  45. D. A. Osvik, A. Shamir, and E. Tromer. Cache attacks and countermeasures: The case of AES. In Topics in Cryptology - CT-RSA 2006, volume 3860 of Lecture Notes in Computer Science, pages 1-20, 2006. Google Scholar
  46. Aaron Parecki. OAuth 2.0 basic information. URL: https://developers.google.com/identity/openid-connect/openid-connect.
  47. J.-J. Quisquater and D. Samyde. Electromagnetic analysis (EMA): Measures and counter-measures for smart cards. In Smart Card Programming and Security, International Conference on Research in Smart Cards, E-smart 2001, volume 2140 of Lecture Notes in Computer Science, pages 200-210, September 2001. Google Scholar
  48. Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS '09, pages 199-212, New York, NY, USA, 2009. Association for Computing Machinery. URL: https://doi.org/10.1145/1653662.1653687.
  49. Carlton Shepherd, Konstantinos Markantonakis, Nico van Heijningen, Driss Aboulkassimi, Clément Gaine, Thibaut Heckmann, and David Naccache. Physical fault injection and side-channel attacks on mobile devices: A comprehensive analysis. Computers & Security, 111:102471, 2021. URL: https://doi.org/10.1016/j.cose.2021.102471.
  50. Albert N. Shiryaev. Optimal Stopping Rules, pages 1032-1034. Springer Berlin Heidelberg, Berlin, Heidelberg, 2011. URL: https://doi.org/10.1007/978-3-642-04898-2_433.
  51. Saurabh Suratkar, Mahesh Shirole, and Sunil Bhirud. Cryptocurrency wallet: A review. In 2020 4th international conference on computer, communication and signal processing (ICCCSP), pages 1-7. IEEE, 2020. Google Scholar
  52. J. Szefer. Survey of microarchitectural side and covert channels, attacks, and defenses. Journal of Hardware and Systems Security, 3:219-234, September 2019. Google Scholar
  53. Florian Tramèr, Fan Zhang, Huang Lin, Jean-Pierre Hubaux, Ari Juels, and Elaine Shi. Sealed-Glass Proofs: Using Transparent Enclaves to Prove and Sell Knowledge. In 2017 IEEE European Symposium on Security and Privacy (EuroS&P), pages 19-34, April 2017. URL: https://doi.org/10.1109/EuroSP.2017.28.
  54. J.N. Tsitsiklis and B. van Roy. Optimal stopping of markov processes: Hilbert space theory, approximation algorithms, and an application to pricing high-dimensional financial derivatives. IEEE Transactions on Automatic Control, 44(10):1840-1851, 1999. URL: https://doi.org/10.1109/9.793723.
  55. Stephan van Schaik, Andrew Kwong, Daniel Genkin, and Yuval Yarom. SGAxe: How SGX fails in practice. https://sgaxeattack.com/, 2020.
  56. Venkatanathan Varadarajan, Yinqian Zhang, Thomas Ristenpart, and Michael Swift. A placement vulnerability study in multi-tenant public clouds. In 24th USENIX Security Symposium, August 2015. Google Scholar
  57. Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, and Carl A. Gunter. Leaky cauldron on the dark land: Understanding memory side-channel hazards in SGX. In 24th ACM Conference on Computer and Communications Security, October 2017. Google Scholar
  58. M. Weiß, B. Heinz, and F. Stumpf. A cache timing attack on AES in virtualization environments. In 16th International Conference on Financial Cryptography and Data Security, February 2012. Google Scholar
  59. Gavin Wood et al. Ethereum: A secure decentralised generalised transaction ledger. Ethereum project yellow paper, 151(2014):1-32, 2014. Google Scholar
  60. Yuval Yarom and Naomi Benger. Recovering openssl ecdsa nonces using the flush+reload cache side-channel attack. Cryptology ePrint Archive, Paper 2014/140, 2014. URL: https://eprint.iacr.org/2014/140.
  61. Martin Young. Coinbase custodies 11% of entire crypto capitalization. URL: https://cointelegraph.com/news/coinbase-custodies-11-of-entire-crypto-capitalization.
  62. Zainan Victor Zhou and Matt Stam. Rc-5732: Commit interface: A simple but general commit interface to support commit-reveal scheme. https://eips.ethereum.org/EIPS/eip-5732, September 2022.
  63. Dionysis Zindros. Hours of Horus: Keyless cryptocurrency wallets. Cryptology ePrint Archive, 2021. Google Scholar
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail