| Author: | Li, Zecheng |
| Title: | On building trustworthy network systems with blockchain and TEE |
| Advisors: | Xiao, Bin (COMP) |
| Degree: | Ph.D. |
| Year: | 2022 |
| Subject: | Computer security Computer networks -- Security measures Internet -- Security measures Hong Kong Polytechnic University -- Dissertations |
| Department: | Department of Computing |
| Pages: | 163 pages : color illustrations |
| Language: | English |
| Abstract: | The Internet consists of many network systems, such as Domain Name System (DNS) and Public Key Infrastructure (PKI), that work together to provide network services and connect the world. However, these network systems suffer from a number of security issues, such as cache poisoning attacks on DNS and rogue certificates on PKI. These security risks can in turn lead to the proliferation of phishing sites, man-in-the-middle attacks on encrypted connections, and a host of other severe and complex network attacks. Traditional solutions still have limitations, and as we delve into blockchain and Trusted Execution Environment (TEE) technology, we find that their benefits can be leveraged to enhance the security of these network systems. Blockchain technology was born from the cryptocurrency Bitcoin, whose tamper-proof nature catalyzes the secure exchange of assets. The decentralized architecture and replicated storage of blockchain guarantee the integrity and consistency of the stored data. They also provide a new way of building traditional network systems with guaranteed data security. In addition, TEE ensures execution security. Its model of attested execution allows users to verify the content returned by the enclave inside TEE and decide whether to trust the execution result. The combination of blockchain and TEE provides a new computing paradigm for building trustworthy network systems. Firstly, we note that DNS is vulnerable to many attacks such as the cache poisoning attack and DDoS attack. Records in recursive resolver are vulnerable to be modified maliciously. Facing these problems, we propose B-DNS, a secure and efficient blockchain-based domain name system. B-DNS leverages blockchain to store resource records and provide name service. The tamper-proof feature of blockchain prevents it from poisoning attacks. B-DNS also fills up two shortcomings in legacy blockchain-based DNS: computation-heavy consensus protocol and inefficient query. For the security of B-DNS, a novel way is proposed to quantitatively compare the security of B-DNS and legacy DNS in terms of attack success rate, attack cost, and attack surface. Our experiments show that the probability of a successful attack on B-DNS is 1% of a successful attack on legacy DNS. The attack cost goes up a million times in B-DNS, and the attack surface of B-DNS is far smaller than that of legacy DNS. The query performance evaluation of B-DNS shows that B-DNS can achieve similar or even less query latency than state-of-the-art commercial DNS implementations. Secondly, we find that current Certificate Authorities (CAs) are vulnerable to be compromised to issue unauthorized certificates. Current countermeasures can only detect unauthorized certificates rather than preventing them. Facing these problems, we propose PISTIS, a framework for issuing authorized and trusted certificates with blockchain and TEE. In PISTIS, TEE nodes validate whether the applicant in a certificate request passes the domain ownership validation (i.e., the domain is under the corresponding applicant's control) and submit attested results to a smart contract on the blockchain. The smart contract issues the certificate to the applicant when an attested result shows a pass. Therefore, PISTIS can ensure its issued certificates are authorized because of the domain ownership validation mechanism. The security of PISTIS is formally proved in the Universally Composable (UC) framework. Compared with state-of-the-art, PISTIS avoids potential damages by preventing unauthorized certificates from issuing. Thirdly, we note that smart contracts cannot be modified once they are deployed on the blockchain, so vulnerabilities in deployed smart contracts can have devastating consequences. We emphasize that current countermeasures is to thoroughly test and validate contracts prior to deployment. However, these testing methods suffer from false-negative results and do not protect against unknown contract defects. Furthermore, Decentralised Finance (DeFi) based on smart contracts has gained significant momentum and is now attractive target for attacks. Facing these problems, we propose SolSaviour to protect deployed smart contracts and DeFi. SolSaviour consists of a voteDestruct mechanism and a TEE cluster. The voteDestruct mechanism allows contract stakeholders to decide whether to destroy the defective contract and withdraw inside assets. The TEE cluster is responsible for asset escrow, redeployment of patched contracts, and state migration. Specifically, SolSaviour can destroy the defective contract, redeploy a patched contract, and migrate the funds and state variables from the destroyed contract to the patched one. Our experiment results show SolSaviour can protect smart contracts and complex DeFi protocols with feasible overhead. |
| Rights: | All rights reserved |
| Access: | open access |
Copyright Undertaking
As a bona fide Library user, I declare that:
- I will abide by the rules and legal ordinances governing copyright regarding the use of the Database.
- I will use the Database for the purpose of my research or private study only and not for circulation or further reproduction or any other purpose.
- I agree to indemnify and hold the University harmless from and against any loss, damage, cost, liability or expenses arising from copyright infringement or unauthorized usage.
By downloading any item(s) listed above, you acknowledge that you have read and understood the copyright undertaking as stated above, and agree to be bound by all of its terms.
Please use this identifier to cite or link to this item:
https://theses.lib.polyu.edu.hk/handle/200/12166