SlideShare ist ein Scribd-Unternehmen logo

Blockchain solutions leading to better security practices

Eric Larcheveque
Eric Larcheveque

Blockchain solutions leading to better security practices

Ingenieurwesen
1 von 20
Downloaden Sie, um offline zu lesen
Blockchain technologies drive better security solutions Journée Blockchain SIF November 2016 Nicolas Bacca @btchip
A trust layer between the blockchain and the physical world For industrials, enterprises and consumers Securing the first and last mile LEDGER TECHNOLOGY
Without trust, data has no actionable value node node node node nodeCloud servers User on a PC or a smartphone Industrial sensor / IoT node node node Connected object Blockchain/IT trusted zone Physical world absence of trust Is this really you? Am I allowed to executethis transaction? Critical temperature data Did the driver got switched?
Why ? Cryptocurrencies come with built-in bug bounties #SFYL CO 2.0
The DAO timeline The DAO The DAO Black DAO The DAO Black DAO White DAO The DAO Black DAO White DAO DAO refund ETH ETC ETH Creation of a new currency Hacker exit
Security improvements Aligned with the latest identity standards Reducing dependencies on non deterministic events (randomness …) Solving the user keyring problem Innovating with internet-ready security devices
The password is dead
How can it be replaced ? Hardware based cryptographic authentication for the webs FIDO set of standards Minimalist cryptography (one size fits all) Multilple vendors Slow but large traction (Google, Github) The building block of modern security devices
The problems with randomness Hard (impossible) to fully get rid of randomness Generating unbiased randomness is a hard problem Proving that randomness is unbiased is an even harder problem Modern cryptographic algorithms are brittle, making it an easy attack vector
Attacks of the Five Eyes No evil, omnipotent wizards Have a lot of time Have a lot of resources (crunching weak randoms is easy, see Logjam) Can interfere with standards (see DUAL_EC_DRBG) Attacks on randomness provides good plausible deniability
Blockchain technologies solutions to randomness Recognize the problem : make it easier to evaluate Only depend on it when it’s absolutely necessary (key generation) Promote deterministic signatures (ECDSA / RFC 6979) Avoid catastrophic algorithm failure on signature (see PS3 27C3)
The silent killer : side channel attacks An unfortunate side effect of non deterministic code Predict code parameters (such as private keys) given external events Extremely powerful and not taken care of enough (see “CSI meets public wifi”) Important work being done by the community on Bitcoin curve with libsecp256k1
The user keyring problem Too many keys, too many protocols Hard to backup (additional weakness / hard to remember) Too many devices
Solving the user keyring Deriving keys from a master key (BIP 32, Hierarchical Deterministic Wallets) Using a nice property of Elliptic Curve keys Public(PrivateK + (%n)Scalar) = PublicK + (point)Scalar * Generator Can be extended/abused to RSA (find next prime …) Providing an easy way to remember the master key (BIP 39, Mnemonic Phrase) Turning entropy into words, not the other way round (see Brainflyer)
Why the Smartcard has to be reinvented Not web-ready : designed to work in a trusted environment Not user friendly (reader, drivers, middlewares) Not developer friendly (Java Card if lucky) Not customer audit friendly
Challenges of improving the Smartcard Tamper resistant Developer friendly Auditable
What has been accomplished so far Multiple devices with different tamper resistance properties Web integration, reusing FIDO work on U2F (Ledger with MyEtherWallet) Web ready : malware resistant <Ad> New paradigms for native multi application platforms </Ad>
The exhaustive list of Blockchain security standards <- (is not a security standard)
Blockchain security ... Moves at startup speed (ETH from EAL0 to EAL7 in 6 months, according to ETH) Is battlefield tested (or assets are lost very quickly) Bitcoin is a pretty good canary (see “Some SecureRandom thoughts” on Android) Is interesting to look at for the general security / identity industry On the other hand can also learn a lot from those industries wrt testing / evaluation
Thank you @btchip https://www.chaintech.fr/

Empfohlen

Make the Smartcard great again
Make the Smartcard great againMake the Smartcard great again
Make the Smartcard great againEric Larcheveque
 
Rebooting the smartcard
Rebooting the smartcardRebooting the smartcard
Rebooting the smartcardEric Larcheveque
 
IoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutionsIoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutionsEric Larcheveque
 
Edcon - Hardware wallets and smart contracts
Edcon - Hardware wallets and smart contractsEdcon - Hardware wallets and smart contracts
Edcon - Hardware wallets and smart contractsEric Larcheveque
 
Cryptocurrencies Hardware Wallets - 33C3 Bitcoin Assembly
Cryptocurrencies Hardware Wallets - 33C3 Bitcoin AssemblyCryptocurrencies Hardware Wallets - 33C3 Bitcoin Assembly
Cryptocurrencies Hardware Wallets - 33C3 Bitcoin AssemblyEric Larcheveque
 
Bitcoin hardware wallets security
Bitcoin hardware wallets securityBitcoin hardware wallets security
Bitcoin hardware wallets securityEric Larcheveque
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]Leonardo De Moura Rocha Lima
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT securityJulien Vermillard
 

Empfohlen

Make the Smartcard great again
Make the Smartcard great againMake the Smartcard great again
Make the Smartcard great againEric Larcheveque
 
Rebooting the smartcard
Rebooting the smartcardRebooting the smartcard
Rebooting the smartcardEric Larcheveque
 
IoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutionsIoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutionsEric Larcheveque
 
Edcon - Hardware wallets and smart contracts
Edcon - Hardware wallets and smart contractsEdcon - Hardware wallets and smart contracts
Edcon - Hardware wallets and smart contractsEric Larcheveque
 
Cryptocurrencies Hardware Wallets - 33C3 Bitcoin Assembly
Cryptocurrencies Hardware Wallets - 33C3 Bitcoin AssemblyCryptocurrencies Hardware Wallets - 33C3 Bitcoin Assembly
Cryptocurrencies Hardware Wallets - 33C3 Bitcoin AssemblyEric Larcheveque
 
Bitcoin hardware wallets security
Bitcoin hardware wallets securityBitcoin hardware wallets security
Bitcoin hardware wallets securityEric Larcheveque
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]Leonardo De Moura Rocha Lima
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT securityJulien Vermillard
 
IoT Saturday PN 2019 - Eurotech
IoT Saturday PN 2019 - EurotechIoT Saturday PN 2019 - Eurotech
IoT Saturday PN 2019 - EurotechLuca Dazi
 
Azure IoT Hub
Azure IoT HubAzure IoT Hub
Azure IoT HubWinWire Technologies Inc
 
Azure Sphere
Azure SphereAzure Sphere
Azure SphereMirco Vanini
 
IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9Arvind Tiwary
 
Iot Security
Iot SecurityIot Security
Iot SecurityMAITREYA MISRA
 
Стас Павлов «Построение безопасной архитектуры IoT решений на примере Azure I...
Стас Павлов «Построение безопасной архитектуры IoT решений на примере Azure I...Стас Павлов «Построение безопасной архитектуры IoT решений на примере Azure I...
Стас Павлов «Построение безопасной архитектуры IoT решений на примере Azure I...MskDotNet Community
 
Scaling IoT Deployments: DevOps for the Internet of Things
Scaling IoT Deployments: DevOps for the Internet of ThingsScaling IoT Deployments: DevOps for the Internet of Things
Scaling IoT Deployments: DevOps for the Internet of ThingsBalena
 
IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process EC-Council
 
Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things SecurityTutun Juhana
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and MethodsLeonardo De Moura Rocha Lima
 
Security and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) DevicesSecurity and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) DevicesSanjayKumarYadav58
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesCharalampos Doukas
 
Jamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS SecurityJamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS Securitycentralohioissa
 
IoT on Azure
IoT on AzureIoT on Azure
IoT on AzureVinoth Rajagopalan
 
DotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il ConcentratoreDotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il ConcentratoreRiccardo Cappello
 
Iot security and Authentication solution
Iot security and Authentication solutionIot security and Authentication solution
Iot security and Authentication solutionPradeep Jeswani
 
Inria Tech Talk IoT - 28 Mars 2018
Inria Tech Talk IoT - 28 Mars 2018Inria Tech Talk IoT - 28 Mars 2018
Inria Tech Talk IoT - 28 Mars 2018FrenchTechCentral
 
Track 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iotTrack 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iotST_World
 
Using FIWARE and Microsoft Azure for the development of IoT solutions
Using FIWARE and Microsoft Azure for the development of IoT solutionsUsing FIWARE and Microsoft Azure for the development of IoT solutions
Using FIWARE and Microsoft Azure for the development of IoT solutionsDunavNET
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesST_World
 
Malaysia
MalaysiaMalaysia
Malaysiah00224718
 
Alex Twigg GM UBank Interviewed for Who's Who 2012/13
Alex Twigg GM UBank Interviewed for Who's Who 2012/13Alex Twigg GM UBank Interviewed for Who's Who 2012/13
Alex Twigg GM UBank Interviewed for Who's Who 2012/13Alex Twigg
 

Weitere ähnliche Inhalte

Was ist angesagt?

IoT Saturday PN 2019 - Eurotech
IoT Saturday PN 2019 - EurotechIoT Saturday PN 2019 - Eurotech
IoT Saturday PN 2019 - EurotechLuca Dazi
 
IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9Arvind Tiwary
 
Стас Павлов «Построение безопасной архитектуры IoT решений на примере Azure I...
Стас Павлов «Построение безопасной архитектуры IoT решений на примере Azure I...Стас Павлов «Построение безопасной архитектуры IoT решений на примере Azure I...
Стас Павлов «Построение безопасной архитектуры IoT решений на примере Azure I...MskDotNet Community
 
Scaling IoT Deployments: DevOps for the Internet of Things
Scaling IoT Deployments: DevOps for the Internet of ThingsScaling IoT Deployments: DevOps for the Internet of Things
Scaling IoT Deployments: DevOps for the Internet of ThingsBalena
 
IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process EC-Council
 
Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things SecurityTutun Juhana
 
Security and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) DevicesSecurity and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) DevicesSanjayKumarYadav58
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesCharalampos Doukas
 
Jamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS SecurityJamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS Securitycentralohioissa
 
DotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il ConcentratoreDotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il ConcentratoreRiccardo Cappello
 
Iot security and Authentication solution
Iot security and Authentication solutionIot security and Authentication solution
Iot security and Authentication solutionPradeep Jeswani
 
Inria Tech Talk IoT - 28 Mars 2018
Inria Tech Talk IoT - 28 Mars 2018Inria Tech Talk IoT - 28 Mars 2018
Inria Tech Talk IoT - 28 Mars 2018FrenchTechCentral
 
Track 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iotTrack 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iotST_World
 
Using FIWARE and Microsoft Azure for the development of IoT solutions
Using FIWARE and Microsoft Azure for the development of IoT solutionsUsing FIWARE and Microsoft Azure for the development of IoT solutions
Using FIWARE and Microsoft Azure for the development of IoT solutionsDunavNET
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesST_World
 

Was ist angesagt? (20)

IoT Saturday PN 2019 - Eurotech
IoT Saturday PN 2019 - EurotechIoT Saturday PN 2019 - Eurotech
IoT Saturday PN 2019 - Eurotech
 
Azure IoT Hub
Azure IoT HubAzure IoT Hub
Azure IoT Hub
 
Azure Sphere
Azure SphereAzure Sphere
Azure Sphere
 
IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9
 
Iot Security
Iot SecurityIot Security
Iot Security
 
Стас Павлов «Построение безопасной архитектуры IoT решений на примере Azure I...
Стас Павлов «Построение безопасной архитектуры IoT решений на примере Azure I...Стас Павлов «Построение безопасной архитектуры IoT решений на примере Azure I...
Стас Павлов «Построение безопасной архитектуры IoT решений на примере Azure I...
 
Scaling IoT Deployments: DevOps for the Internet of Things
Scaling IoT Deployments: DevOps for the Internet of ThingsScaling IoT Deployments: DevOps for the Internet of Things
Scaling IoT Deployments: DevOps for the Internet of Things
 
IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process
 
Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things Security
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and Methods
 
Security and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) DevicesSecurity and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) Devices
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health Devices
 
Jamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS SecurityJamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS Security
 
IoT on Azure
IoT on AzureIoT on Azure
IoT on Azure
 
DotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il ConcentratoreDotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il Concentratore
 
Iot security and Authentication solution
Iot security and Authentication solutionIot security and Authentication solution
Iot security and Authentication solution
 
Inria Tech Talk IoT - 28 Mars 2018
Inria Tech Talk IoT - 28 Mars 2018Inria Tech Talk IoT - 28 Mars 2018
Inria Tech Talk IoT - 28 Mars 2018
 
Track 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iotTrack 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iot
 
Using FIWARE and Microsoft Azure for the development of IoT solutions
Using FIWARE and Microsoft Azure for the development of IoT solutionsUsing FIWARE and Microsoft Azure for the development of IoT solutions
Using FIWARE and Microsoft Azure for the development of IoT solutions
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
 

Andere mochten auch

Alex Twigg GM UBank Interviewed for Who's Who 2012/13
Alex Twigg GM UBank Interviewed for Who's Who 2012/13Alex Twigg GM UBank Interviewed for Who's Who 2012/13
Alex Twigg GM UBank Interviewed for Who's Who 2012/13Alex Twigg
 
Ti nicole karolina_gema_powerpoint
Ti nicole karolina_gema_powerpointTi nicole karolina_gema_powerpoint
Ti nicole karolina_gema_powerpointCarolina Rodriguez
 
Johnson Controls Certificate performance
Johnson Controls Certificate performanceJohnson Controls Certificate performance
Johnson Controls Certificate performancePEDRO CRUZ
 
Think Like a Project Manager
Think Like a Project ManagerThink Like a Project Manager
Think Like a Project ManagerEmily Clasper
 
СХД для обработки сейсмики: сравнительный обзор
СХД для обработки сейсмики: сравнительный обзорСХД для обработки сейсмики: сравнительный обзор
СХД для обработки сейсмики: сравнительный обзорVsevolod Shabad
 
Cours Techniques d'Expression & de Communication I - Initiation- ENSASafi Mor...
Cours Techniques d'Expression & de Communication I - Initiation- ENSASafi Mor...Cours Techniques d'Expression & de Communication I - Initiation- ENSASafi Mor...
Cours Techniques d'Expression & de Communication I - Initiation- ENSASafi Mor...Rednef68 Rednef68
 
Concepto Estratégico Militar para la Defensa Integral de la Nación.
Concepto Estratégico Militar para la Defensa Integral de la Nación.Concepto Estratégico Militar para la Defensa Integral de la Nación.
Concepto Estratégico Militar para la Defensa Integral de la Nación.armando1957
 

Andere mochten auch (15)

Malaysia
MalaysiaMalaysia
Malaysia
 
Alex Twigg GM UBank Interviewed for Who's Who 2012/13
Alex Twigg GM UBank Interviewed for Who's Who 2012/13Alex Twigg GM UBank Interviewed for Who's Who 2012/13
Alex Twigg GM UBank Interviewed for Who's Who 2012/13
 
Ti nicole karolina_gema_powerpoint
Ti nicole karolina_gema_powerpointTi nicole karolina_gema_powerpoint
Ti nicole karolina_gema_powerpoint
 
Presentación1
Presentación1Presentación1
Presentación1
 
Línea de tiempo jose luis
Línea de tiempo jose luisLínea de tiempo jose luis
Línea de tiempo jose luis
 
Johnson Controls Certificate performance
Johnson Controls Certificate performanceJohnson Controls Certificate performance
Johnson Controls Certificate performance
 
Andre vert JFK2011
Andre vert JFK2011Andre vert JFK2011
Andre vert JFK2011
 
Think Like a Project Manager
Think Like a Project ManagerThink Like a Project Manager
Think Like a Project Manager
 
Presupuesto sala de informatica
Presupuesto sala de informaticaPresupuesto sala de informatica
Presupuesto sala de informatica
 
СХД для обработки сейсмики: сравнительный обзор
СХД для обработки сейсмики: сравнительный обзорСХД для обработки сейсмики: сравнительный обзор
СХД для обработки сейсмики: сравнительный обзор
 
Cours Techniques d'Expression & de Communication I - Initiation- ENSASafi Mor...
Cours Techniques d'Expression & de Communication I - Initiation- ENSASafi Mor...Cours Techniques d'Expression & de Communication I - Initiation- ENSASafi Mor...
Cours Techniques d'Expression & de Communication I - Initiation- ENSASafi Mor...
 
Concepto Estratégico Militar para la Defensa Integral de la Nación.
Concepto Estratégico Militar para la Defensa Integral de la Nación.Concepto Estratégico Militar para la Defensa Integral de la Nación.
Concepto Estratégico Militar para la Defensa Integral de la Nación.
 
Media pitch final
Media pitch finalMedia pitch final
Media pitch final
 
Evaluation 6
Evaluation 6Evaluation 6
Evaluation 6
 
Zukunft von Bibliotheken 2016
Zukunft von Bibliotheken 2016Zukunft von Bibliotheken 2016
Zukunft von Bibliotheken 2016
 

Ähnlich wie Blockchain solutions leading to better security practices

Defcon 18 "Hacking Electronic Door Access Controllers"
Defcon 18 "Hacking Electronic Door Access Controllers" Defcon 18 "Hacking Electronic Door Access Controllers"
Defcon 18 "Hacking Electronic Door Access Controllers" shawn_merdinger
 
社会におけるIoTとセキュリティ、匿名化技術: 産業IoTのサイバーセキュリティ技術
社会におけるIoTとセキュリティ、匿名化技術: 産業IoTのサイバーセキュリティ技術社会におけるIoTとセキュリティ、匿名化技術: 産業IoTのサイバーセキュリティ技術
社会におけるIoTとセキュリティ、匿名化技術: 産業IoTのサイバーセキュリティ技術ハイシンク創研 / Laboratory of Hi-Think Corporation
 
New Business Models enabled by Blockchain
New Business Models enabled by BlockchainNew Business Models enabled by Blockchain
New Business Models enabled by BlockchainSlash
 
From Bitcoin Hardware Wallets to Personal Privacy Devices
From Bitcoin Hardware Wallets to Personal Privacy DevicesFrom Bitcoin Hardware Wallets to Personal Privacy Devices
From Bitcoin Hardware Wallets to Personal Privacy DevicesMecklerMedia
 
Internet of Things (IoT) - in the cloud or rather on-premises?
Internet of Things (IoT) - in the cloud or rather on-premises?Internet of Things (IoT) - in the cloud or rather on-premises?
Internet of Things (IoT) - in the cloud or rather on-premises?Guido Schmutz
 
CrowdSec A-Round Fundraising Deck
CrowdSec A-Round Fundraising DeckCrowdSec A-Round Fundraising Deck
CrowdSec A-Round Fundraising DeckCrowdSec
 
Future of hardware wallets bip 001
Future of hardware wallets bip 001Future of hardware wallets bip 001
Future of hardware wallets bip 001Eric Larcheveque
 
A LIGHTWEIGHT PAYMENT VERIFICATION USING BLOCKCHAIN ALGORITHM ON IoT DEVICES
A LIGHTWEIGHT PAYMENT VERIFICATION USING BLOCKCHAIN ALGORITHM ON IoT DEVICESA LIGHTWEIGHT PAYMENT VERIFICATION USING BLOCKCHAIN ALGORITHM ON IoT DEVICES
A LIGHTWEIGHT PAYMENT VERIFICATION USING BLOCKCHAIN ALGORITHM ON IoT DEVICESIRJET Journal
 
Windows Core IoT for Makers - MVPDays
Windows Core IoT for Makers - MVPDaysWindows Core IoT for Makers - MVPDays
Windows Core IoT for Makers - MVPDaysGuy Barrette
 
Tsunami of Technologies. Are we prepared?
Tsunami of Technologies. Are we prepared?Tsunami of Technologies. Are we prepared?
Tsunami of Technologies. Are we prepared?msyukor
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2ShapeBlue
 
Blockchain for IoT - Smart Home
Blockchain for IoT - Smart HomeBlockchain for IoT - Smart Home
Blockchain for IoT - Smart HomeBiagio Botticelli
 
IoTNEXT 2016 - SafeNation Track
IoTNEXT 2016 - SafeNation TrackIoTNEXT 2016 - SafeNation Track
IoTNEXT 2016 - SafeNation TrackPriyanka Aash
 
Re-engineering Engineering: from a cathedral to a bazaar?
Re-engineering Engineering: from a cathedral to a bazaar?Re-engineering Engineering: from a cathedral to a bazaar?
Re-engineering Engineering: from a cathedral to a bazaar?Open Networking Summits
 
Implementing Commerce in the 21st century with Blockchain and Cryptocurrencies
Implementing Commerce in the 21st century with Blockchain and CryptocurrenciesImplementing Commerce in the 21st century with Blockchain and Cryptocurrencies
Implementing Commerce in the 21st century with Blockchain and CryptocurrenciesPayson Johnston
 
DECENTRALIZED BLOCKCHAIN SERVICES USING CARDANO NETWORK
DECENTRALIZED BLOCKCHAIN SERVICES USING CARDANO NETWORKDECENTRALIZED BLOCKCHAIN SERVICES USING CARDANO NETWORK
DECENTRALIZED BLOCKCHAIN SERVICES USING CARDANO NETWORKIRJET Journal
 
Blockchin architecture azure meetup
Blockchin architecture azure meetupBlockchin architecture azure meetup
Blockchin architecture azure meetupMohammad Asif
 

Ähnlich wie Blockchain solutions leading to better security practices (20)

Defcon 18 "Hacking Electronic Door Access Controllers"
Defcon 18 "Hacking Electronic Door Access Controllers" Defcon 18 "Hacking Electronic Door Access Controllers"
Defcon 18 "Hacking Electronic Door Access Controllers"
 
社会におけるIoTとセキュリティ、匿名化技術: 産業IoTのサイバーセキュリティ技術
社会におけるIoTとセキュリティ、匿名化技術: 産業IoTのサイバーセキュリティ技術社会におけるIoTとセキュリティ、匿名化技術: 産業IoTのサイバーセキュリティ技術
社会におけるIoTとセキュリティ、匿名化技術: 産業IoTのサイバーセキュリティ技術
 
New Business Models enabled by Blockchain
New Business Models enabled by BlockchainNew Business Models enabled by Blockchain
New Business Models enabled by Blockchain
 
From Bitcoin Hardware Wallets to Personal Privacy Devices
From Bitcoin Hardware Wallets to Personal Privacy DevicesFrom Bitcoin Hardware Wallets to Personal Privacy Devices
From Bitcoin Hardware Wallets to Personal Privacy Devices
 
Internet of Things (IoT) - in the cloud or rather on-premises?
Internet of Things (IoT) - in the cloud or rather on-premises?Internet of Things (IoT) - in the cloud or rather on-premises?
Internet of Things (IoT) - in the cloud or rather on-premises?
 
CrowdSec A-Round Fundraising Deck
CrowdSec A-Round Fundraising DeckCrowdSec A-Round Fundraising Deck
CrowdSec A-Round Fundraising Deck
 
Future of hardware wallets bip 001
Future of hardware wallets bip 001Future of hardware wallets bip 001
Future of hardware wallets bip 001
 
A LIGHTWEIGHT PAYMENT VERIFICATION USING BLOCKCHAIN ALGORITHM ON IoT DEVICES
A LIGHTWEIGHT PAYMENT VERIFICATION USING BLOCKCHAIN ALGORITHM ON IoT DEVICESA LIGHTWEIGHT PAYMENT VERIFICATION USING BLOCKCHAIN ALGORITHM ON IoT DEVICES
A LIGHTWEIGHT PAYMENT VERIFICATION USING BLOCKCHAIN ALGORITHM ON IoT DEVICES
 
Windows Core IoT for Makers - MVPDays
Windows Core IoT for Makers - MVPDaysWindows Core IoT for Makers - MVPDays
Windows Core IoT for Makers - MVPDays
 
Tsunami of Technologies. Are we prepared?
Tsunami of Technologies. Are we prepared?Tsunami of Technologies. Are we prepared?
Tsunami of Technologies. Are we prepared?
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2
 
The Promise of BlockChain
The Promise of BlockChainThe Promise of BlockChain
The Promise of BlockChain
 
Blockchain for IoT - Smart Home
Blockchain for IoT - Smart HomeBlockchain for IoT - Smart Home
Blockchain for IoT - Smart Home
 
IoTNEXT 2016 - SafeNation Track
IoTNEXT 2016 - SafeNation TrackIoTNEXT 2016 - SafeNation Track
IoTNEXT 2016 - SafeNation Track
 
Blockchain & microsoft
Blockchain & microsoftBlockchain & microsoft
Blockchain & microsoft
 
BGX Pitch Deck
BGX Pitch DeckBGX Pitch Deck
BGX Pitch Deck
 
Re-engineering Engineering: from a cathedral to a bazaar?
Re-engineering Engineering: from a cathedral to a bazaar?Re-engineering Engineering: from a cathedral to a bazaar?
Re-engineering Engineering: from a cathedral to a bazaar?
 
Implementing Commerce in the 21st century with Blockchain and Cryptocurrencies
Implementing Commerce in the 21st century with Blockchain and CryptocurrenciesImplementing Commerce in the 21st century with Blockchain and Cryptocurrencies
Implementing Commerce in the 21st century with Blockchain and Cryptocurrencies
 
DECENTRALIZED BLOCKCHAIN SERVICES USING CARDANO NETWORK
DECENTRALIZED BLOCKCHAIN SERVICES USING CARDANO NETWORKDECENTRALIZED BLOCKCHAIN SERVICES USING CARDANO NETWORK
DECENTRALIZED BLOCKCHAIN SERVICES USING CARDANO NETWORK
 
Blockchin architecture azure meetup
Blockchin architecture azure meetupBlockchin architecture azure meetup
Blockchin architecture azure meetup
 

Kürzlich hochgeladen

Input Output Management in Operating System
Input Output Management in Operating SystemInput Output Management in Operating System
Input Output Management in Operating SystemRashmi Bhat
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...asadnawaz62
 
Correctly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleCorrectly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleAlluxio, Inc.
 
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)Dr SOUNDIRARAJ N
 
Industrial Safety Unit-IV workplace health and safety.ppt
Industrial Safety Unit-IV workplace health and safety.pptIndustrial Safety Unit-IV workplace health and safety.ppt
Industrial Safety Unit-IV workplace health and safety.pptNarmatha D
 
National Level Hackathon Participation Certificate.pdf
National Level Hackathon Participation Certificate.pdfNational Level Hackathon Participation Certificate.pdf
National Level Hackathon Participation Certificate.pdfRajuKanojiya4
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfAsst.prof M.Gokilavani
 
Virtual memory management in Operating System
Virtual memory management in Operating SystemVirtual memory management in Operating System
Virtual memory management in Operating SystemRashmi Bhat
 
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTIONTHE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTIONjhunlian
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...VICTOR MAESTRE RAMIREZ
 
Research Methodology for Engineering pdf
Research Methodology for Engineering pdfResearch Methodology for Engineering pdf
Research Methodology for Engineering pdfCaalaaAbdulkerim
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxk795866
 
Earthing details of Electrical Substation
Earthing details of Electrical SubstationEarthing details of Electrical Substation
Earthing details of Electrical Substationstephanwindworld
 
US Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionUS Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionMebane Rash
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...Chandu841456
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptSAURABHKUMAR892774
 

Kürzlich hochgeladen (20)

Input Output Management in Operating System
Input Output Management in Operating SystemInput Output Management in Operating System
Input Output Management in Operating System
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
young call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Serviceyoung call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Service
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...
 
Correctly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleCorrectly Loading Incremental Data at Scale
Correctly Loading Incremental Data at Scale
 
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
 
Industrial Safety Unit-IV workplace health and safety.ppt
Industrial Safety Unit-IV workplace health and safety.pptIndustrial Safety Unit-IV workplace health and safety.ppt
Industrial Safety Unit-IV workplace health and safety.ppt
 
National Level Hackathon Participation Certificate.pdf
National Level Hackathon Participation Certificate.pdfNational Level Hackathon Participation Certificate.pdf
National Level Hackathon Participation Certificate.pdf
 
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
 
POWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examplesPOWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examples
 
Virtual memory management in Operating System
Virtual memory management in Operating SystemVirtual memory management in Operating System
Virtual memory management in Operating System
 
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTIONTHE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...
 
Research Methodology for Engineering pdf
Research Methodology for Engineering pdfResearch Methodology for Engineering pdf
Research Methodology for Engineering pdf
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptx
 
Earthing details of Electrical Substation
Earthing details of Electrical SubstationEarthing details of Electrical Substation
Earthing details of Electrical Substation
 
US Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionUS Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of Action
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.ppt
 

Blockchain solutions leading to better security practices

  • 1. Blockchain technologies drive better security solutions Journée Blockchain SIF November 2016 Nicolas Bacca @btchip
  • 2. A trust layer between the blockchain and the physical world For industrials, enterprises and consumers Securing the first and last mile LEDGER TECHNOLOGY
  • 3. Without trust, data has no actionable value node node node node nodeCloud servers User on a PC or a smartphone Industrial sensor / IoT node node node Connected object Blockchain/IT trusted zone Physical world absence of trust Is this really you? Am I allowed to executethis transaction? Critical temperature data Did the driver got switched?
  • 4. Why ? Cryptocurrencies come with built-in bug bounties #SFYL CO 2.0
  • 6. Security improvements Aligned with the latest identity standards Reducing dependencies on non deterministic events (randomness …) Solving the user keyring problem Innovating with internet-ready security devices
  • 8. How can it be replaced ? Hardware based cryptographic authentication for the webs FIDO set of standards Minimalist cryptography (one size fits all) Multilple vendors Slow but large traction (Google, Github) The building block of modern security devices
  • 9. The problems with randomness Hard (impossible) to fully get rid of randomness Generating unbiased randomness is a hard problem Proving that randomness is unbiased is an even harder problem Modern cryptographic algorithms are brittle, making it an easy attack vector
  • 10. Attacks of the Five Eyes No evil, omnipotent wizards Have a lot of time Have a lot of resources (crunching weak randoms is easy, see Logjam) Can interfere with standards (see DUAL_EC_DRBG) Attacks on randomness provides good plausible deniability
  • 11. Blockchain technologies solutions to randomness Recognize the problem : make it easier to evaluate Only depend on it when it’s absolutely necessary (key generation) Promote deterministic signatures (ECDSA / RFC 6979) Avoid catastrophic algorithm failure on signature (see PS3 27C3)
  • 12. The silent killer : side channel attacks An unfortunate side effect of non deterministic code Predict code parameters (such as private keys) given external events Extremely powerful and not taken care of enough (see “CSI meets public wifi”) Important work being done by the community on Bitcoin curve with libsecp256k1
  • 13. The user keyring problem Too many keys, too many protocols Hard to backup (additional weakness / hard to remember) Too many devices
  • 14. Solving the user keyring Deriving keys from a master key (BIP 32, Hierarchical Deterministic Wallets) Using a nice property of Elliptic Curve keys Public(PrivateK + (%n)Scalar) = PublicK + (point)Scalar * Generator Can be extended/abused to RSA (find next prime …) Providing an easy way to remember the master key (BIP 39, Mnemonic Phrase) Turning entropy into words, not the other way round (see Brainflyer)
  • 15. Why the Smartcard has to be reinvented Not web-ready : designed to work in a trusted environment Not user friendly (reader, drivers, middlewares) Not developer friendly (Java Card if lucky) Not customer audit friendly
  • 16. Challenges of improving the Smartcard Tamper resistant Developer friendly Auditable
  • 17. What has been accomplished so far Multiple devices with different tamper resistance properties Web integration, reusing FIDO work on U2F (Ledger with MyEtherWallet) Web ready : malware resistant <Ad> New paradigms for native multi application platforms </Ad>
  • 18. The exhaustive list of Blockchain security standards <- (is not a security standard)
  • 19. Blockchain security ... Moves at startup speed (ETH from EAL0 to EAL7 in 6 months, according to ETH) Is battlefield tested (or assets are lost very quickly) Bitcoin is a pretty good canary (see “Some SecureRandom thoughts” on Android) Is interesting to look at for the general security / identity industry On the other hand can also learn a lot from those industries wrt testing / evaluation