-
Don't Get Hijacked: Prevalence, Mitigation, and Impact of Non-Secure DNS Dynamic Updates
Authors:
Yevheniya Nosyk,
Maciej Korczyński,
Carlos H. Gañán,
Michał Król,
Qasim Lone,
Andrzej Duda
Abstract:
DNS dynamic updates represent an inherently vulnerable mechanism deliberately granting the potential for any host to dynamically modify DNS zone files. Consequently, this feature exposes domains to various security risks such as domain hijacking, compromise of domain control validation, and man-in-the-middle attacks. Originally devised without the implementation of authentication mechanisms, non-s…
▽ More
DNS dynamic updates represent an inherently vulnerable mechanism deliberately granting the potential for any host to dynamically modify DNS zone files. Consequently, this feature exposes domains to various security risks such as domain hijacking, compromise of domain control validation, and man-in-the-middle attacks. Originally devised without the implementation of authentication mechanisms, non-secure DNS updates were widely adopted in DNS software, subsequently leaving domains susceptible to a novel form of attack termed zone poisoning. In order to gauge the extent of this issue, our analysis encompassed over 353 million domain names, revealing the presence of 381,965 domains that openly accepted unsolicited DNS updates. We then undertook a comprehensive three-phase campaign involving the notification of Computer Security Incident Response Teams (CSIRTs). Following extensive discussions spanning six months, we observed substantial remediation, with nearly 54\% of nameservers and 98% of vulnerable domains addressing the issue. This outcome serves as evidence that engaging with CSIRTs can prove to be an effective approach for reporting security vulnerabilities. Moreover, our notifications had a lasting impact, as evidenced by the sustained low prevalence of vulnerable domains.
△ Less
Submitted 30 May, 2024;
originally announced May 2024.
-
The Cloud Strikes Back: Investigating the Decentralization of IPFS
Authors:
Leonhard Balduf,
Maciej Korczyński,
Onur Ascigil,
Navin V. Keizer,
George Pavlou,
Björn Scheuermann,
Michał Król
Abstract:
Interplanetary Filesystem (IPFS) is one of the largest peer-to-peer filesystems in operation. The network is the default storage layer for Web3 and is being presented as a solution to the centralization of the web. In this paper, we present a large-scale, multi-modal measurement study of the IPFS network. We analyze the topology, the traffic, the content providers and the entry points from the cla…
▽ More
Interplanetary Filesystem (IPFS) is one of the largest peer-to-peer filesystems in operation. The network is the default storage layer for Web3 and is being presented as a solution to the centralization of the web. In this paper, we present a large-scale, multi-modal measurement study of the IPFS network. We analyze the topology, the traffic, the content providers and the entry points from the classical Internet.
Our measurements show significant centralization in the IPFS network and a high share of nodes hosted in the cloud. We also shed light on the main stakeholders in the ecosystem. We discuss key challenges that might disrupt continuing efforts to decentralize the Web and highlight multiple properties that are creating pressures toward centralization.
△ Less
Submitted 30 September, 2023; v1 submitted 28 September, 2023;
originally announced September 2023.
-
Content Censorship in the InterPlanetary File System
Authors:
Srivatsan Sridhar,
Onur Ascigil,
Navin Keizer,
François Genon,
Sébastien Pierre,
Yiannis Psaras,
Etienne Rivière,
Michał Król
Abstract:
The InterPlanetary File System (IPFS) is currently the largest decentralized storage solution in operation, with thousands of active participants and millions of daily content transfers. IPFS is used as remote data storage for numerous blockchain-based smart contracts, Non-Fungible Tokens (NFT), and decentralized applications.
We present a content censorship attack that can be executed with mini…
▽ More
The InterPlanetary File System (IPFS) is currently the largest decentralized storage solution in operation, with thousands of active participants and millions of daily content transfers. IPFS is used as remote data storage for numerous blockchain-based smart contracts, Non-Fungible Tokens (NFT), and decentralized applications.
We present a content censorship attack that can be executed with minimal effort and cost, and that prevents the retrieval of any chosen content in the IPFS network. The attack exploits a conceptual issue in a core component of IPFS, the Kademlia Distributed Hash Table (DHT), which is used to resolve content IDs to peer addresses. We provide efficient detection and mitigation mechanisms for this vulnerability. Our mechanisms achieve a 99.6\% detection rate and mitigate 100\% of the detected attacks with minimal signaling and computational overhead. We followed responsible disclosure procedures, and our countermeasures are scheduled for deployment in the future versions of IPFS.
△ Less
Submitted 4 December, 2023; v1 submitted 22 July, 2023;
originally announced July 2023.
-
Data Availability Sampling in Ethereum: Analysis of P2P Networking Requirements
Authors:
Michał Król,
Onur Ascigil,
Sergi Rene,
Etienne Rivière,
Matthieu Pigaglio,
Kaleem Peeroo,
Vladimir Stankovic,
Ramin Sadre,
Felix Lange
Abstract:
Despite their increasing popularity, blockchains still suffer from severe scalability limitations. Recently, Ethereum proposed a novel approach to block validation based on Data Availability Sampling (DAS), that has the potential to improve its transaction per second rate by more than two orders of magnitude. DAS should also significantly reduce per-transaction validation costs. At the same time,…
▽ More
Despite their increasing popularity, blockchains still suffer from severe scalability limitations. Recently, Ethereum proposed a novel approach to block validation based on Data Availability Sampling (DAS), that has the potential to improve its transaction per second rate by more than two orders of magnitude. DAS should also significantly reduce per-transaction validation costs. At the same time, DAS introduces new communication patterns in the Ethereum Peer-to-Peer (P2P) network. These drastically increase the amount of exchanged data and impose stringent latency objectives. In this paper, we review the new requirements for P2P networking associated with DAS, discuss open challenges, and identify new research directions.
△ Less
Submitted 20 June, 2023;
originally announced June 2023.
-
Low-latency, Scalable, DeFi with Zef
Authors:
Mathieu Baudet,
Alberto Sonnino,
Michal Krol
Abstract:
Zef was recently proposed to extend the low-latency, Byzantine-Fault Tolerant (BFT) payment protocol FastPay with anonymous coins. This report explores further extensions of FastPay and Lef beyond payments. We start by off-chain assets (e.g. NFTs). We introduce the idea of on-demand BFT consensus instances throught the example of atomic swaps between account owners.
Zef was recently proposed to extend the low-latency, Byzantine-Fault Tolerant (BFT) payment protocol FastPay with anonymous coins. This report explores further extensions of FastPay and Lef beyond payments. We start by off-chain assets (e.g. NFTs). We introduce the idea of on-demand BFT consensus instances throught the example of atomic swaps between account owners.
△ Less
Submitted 13 January, 2022;
originally announced January 2022.
-
Energy-efficient neural network inference with microcavity exciton-polaritons
Authors:
M. Matuszewski,
A. Opala,
R. Mirek,
M. Furman,
M. Król,
K. Tyszka,
T. C. H. Liew,
D. Ballarini,
D. Sanvitto,
J. Szczytko,
B. Piętka
Abstract:
We propose all-optical neural networks characterized by very high energy efficiency and performance density of inference. We argue that the use of microcavity exciton-polaritons allows to take advantage of the properties of both photons and electrons in a seamless manner. This results in strong optical nonlinearity without the use of optoelectronic conversion. We propose a design of a realistic ne…
▽ More
We propose all-optical neural networks characterized by very high energy efficiency and performance density of inference. We argue that the use of microcavity exciton-polaritons allows to take advantage of the properties of both photons and electrons in a seamless manner. This results in strong optical nonlinearity without the use of optoelectronic conversion. We propose a design of a realistic neural network and estimate energy cost to be at the level of attojoules per bit, also when including the optoelectronic conversion at the input and output of the network, several orders of magnitude below state-of-the-art hardware implementations. We propose two kinds of nonlinear binarized nodes based either on optical phase shifts and interferometry or on polariton spin rotations.
△ Less
Submitted 28 August, 2021;
originally announced August 2021.
-
Shard Scheduler: object placement and migration in sharded account-based blockchains
Authors:
Michał Król,
Onur Ascigil,
Sergi Rene,
Alberto Sonnino,
Mustafa Al-Bassam,
Etienne Rivière
Abstract:
We propose Shard Scheduler, a system for object placement and migration in account-based sharded blockchains. Our system calculates optimal placement and decides of object migrations across shards and supports complex multi-account transactions caused by smart contracts. Placement and migration decisions made by Shard Scheduler are fully deterministic, verifiable, and can be made part of the conse…
▽ More
We propose Shard Scheduler, a system for object placement and migration in account-based sharded blockchains. Our system calculates optimal placement and decides of object migrations across shards and supports complex multi-account transactions caused by smart contracts. Placement and migration decisions made by Shard Scheduler are fully deterministic, verifiable, and can be made part of the consensus protocol. Shard Scheduler reduces the number of costly cross-shard transactions, ensures balanced load distribution and maximizes the number of processed transactions for the blockchain as a whole. It leverages a novel incentive model motivating miners to maximize the global throughput of the entire blockchain rather than the throughput of a specific shard. Shard Scheduler reduces the number of costly cross-shard transactions by half in our simulations, ensuring equal load and increasing the throughput 3 fold when using 60 shards. We also implement and evaluate Shard Scheduler on Chainspace, more than doubling its throughput and reducing user-perceived latency by 70% when using 10 shards.
△ Less
Submitted 15 July, 2021;
originally announced July 2021.
-
Efficient decomposition of unitary matrices in quantum circuit compilers
Authors:
A. M. Krol,
A. Sarkar,
I. Ashraf,
Z. Al-Ars,
K. Bertels
Abstract:
Unitary decomposition is a widely used method to map quantum algorithms to an arbitrary set of quantum gates. Efficient implementation of this decomposition allows for translation of bigger unitary gates into elementary quantum operations, which is key to executing these algorithms on existing quantum computers. The decomposition can be used as an aggressive optimization method for the whole circu…
▽ More
Unitary decomposition is a widely used method to map quantum algorithms to an arbitrary set of quantum gates. Efficient implementation of this decomposition allows for translation of bigger unitary gates into elementary quantum operations, which is key to executing these algorithms on existing quantum computers. The decomposition can be used as an aggressive optimization method for the whole circuit, as well as to test part of an algorithm on a quantum accelerator. For selection and implementation of the decomposition algorithm, perfect qubits are assumed. We base our decomposition technique on Quantum Shannon Decomposition which generates O((3/4)*4^n) controlled-not gates for an n-qubit input gate. The resulting circuits are up to 10 times shorter than other methods in the field. When comparing our implementation to Qubiter, we show that our implementation generates circuits with half the number of CNOT gates and a third of the total circuit length. In addition to that, it is also up to 10 times as fast. Further optimizations are proposed to take advantage of potential underlying structure in the input or intermediate matrices, as well as to minimize the execution time of the decomposition.
△ Less
Submitted 8 January, 2021;
originally announced January 2021.
-
OpenQL : A Portable Quantum Programming Framework for Quantum Accelerators
Authors:
N. Khammassi,
I. Ashraf,
J. v. Someren,
R. Nane,
A. M. Krol,
M. A. Rol,
L. Lao,
K. Bertels,
C. G. Almudever
Abstract:
With the potential of quantum algorithms to solve intractable classical problems, quantum computing is rapidly evolving and more algorithms are being developed and optimized. Expressing these quantum algorithms using a high-level language and making them executable on a quantum processor while abstracting away hardware details is a challenging task. Firstly, a quantum programming language should p…
▽ More
With the potential of quantum algorithms to solve intractable classical problems, quantum computing is rapidly evolving and more algorithms are being developed and optimized. Expressing these quantum algorithms using a high-level language and making them executable on a quantum processor while abstracting away hardware details is a challenging task. Firstly, a quantum programming language should provide an intuitive programming interface to describe those algorithms. Then a compiler has to transform the program into a quantum circuit, optimize it and map it to the target quantum processor respecting the hardware constraints such as the supported quantum operations, the qubit connectivity, and the control electronics limitations. In this paper, we propose a quantum programming framework named OpenQL, which includes a high-level quantum programming language and its associated quantum compiler. We present the programming interface of OpenQL, we describe the different layers of the compiler and how we can provide portability over different qubit technologies. Our experiments show that OpenQL allows the execution of the same high-level algorithm on two different qubit technologies, namely superconducting qubits and Si-Spin qubits. Besides the executable code, OpenQL also produces an intermediate quantum assembly code (cQASM), which is technology-independent and can be simulated using the QX simulator.
△ Less
Submitted 27 May, 2020;
originally announced May 2020.
-
PASTRAMI: Privacy-preserving, Auditable, Scalable & Trustworthy Auctions for Multiple Items
Authors:
Michał Król,
Alberto Sonnino,
Argyrios Tasiopoulos,
Ioannis Psaras,
Etienne Rivière
Abstract:
Decentralised cloud computing platforms enable individuals to offer and rent resources in a peer-to-peer fashion. They must assign resources from multiple sellers to multiple buyers and derive prices that match the interests and capacities of both parties. The assignment process must be decentralised, fair and transparent, but also protect the privacy of buyers. We present PASTRAMI, a decentralise…
▽ More
Decentralised cloud computing platforms enable individuals to offer and rent resources in a peer-to-peer fashion. They must assign resources from multiple sellers to multiple buyers and derive prices that match the interests and capacities of both parties. The assignment process must be decentralised, fair and transparent, but also protect the privacy of buyers. We present PASTRAMI, a decentralised platform enabling trustworthy assignments of items and prices between a large number of sellers and bidders, through the support of multi-item auctions. PASTRAMI uses threshold blind signatures and commitment schemes to provide strong privacy guarantees while making bidders accountable. It leverages the Ethereum blockchain for auditability, combining efficient off-chain computations with novel, on-chain proofs of misbehaviour. Our evaluation of PASTRAMI using Filecoin workloads show its ability to efficiently produce trustworthy assignments between thousands of buyers and sellers.
△ Less
Submitted 16 December, 2020; v1 submitted 14 April, 2020;
originally announced April 2020.
-
EL PASSO: Privacy-preserving, Asynchronous Single Sign-On
Authors:
Zhiyi Zhang,
Michał Król,
Alberto Sonnino,
Lixia Zhang,
Etienne Rivière
Abstract:
We introduce EL PASSO, a privacy-preserving, asynchronous Single Sign-On (SSO) system. It enables personal authentication while protecting users' privacy against both identity providers and relying parties, and allows selective attribute disclosure. EL PASSO is based on anonymous credentials, yet it supports users' accountability. Selected authorities may recover the identity of allegedly misbehav…
▽ More
We introduce EL PASSO, a privacy-preserving, asynchronous Single Sign-On (SSO) system. It enables personal authentication while protecting users' privacy against both identity providers and relying parties, and allows selective attribute disclosure. EL PASSO is based on anonymous credentials, yet it supports users' accountability. Selected authorities may recover the identity of allegedly misbehaving users, and users can prove properties about their identity without revealing it in the clear. EL PASSO does not require specific secure hardware or a third party (other than existing participants in SSO). The generation and use of authentication credentials are asynchronous, allowing users to sign on when identity providers are temporarily unavailable. We evaluate EL PASSO in a distributed environment and prove its low computational cost, yielding faster sign-on operations than OIDC from a regular laptop, one-second user-perceived latency from a low-power device, and scaling to more than 50 sign-on operations per second at a relying party using a single 4-core server in the cloud.
△ Less
Submitted 3 June, 2020; v1 submitted 24 February, 2020;
originally announced February 2020.
-
Proof-of-Prestige: A Useful Work Reward System for Unverifiable Tasks
Authors:
Michał Król,
Alberto Sonnino,
Mustafa Al-Bassam,
Argyrios Tasiopoulos,
Ioannis Psaras
Abstract:
As cryptographic tokens and altcoins are increasingly being built to serve as utility tokens, the notion of useful work consensus protocols, as opposed to number-crunching PoW consensus, is becoming ever more important. In such contexts, users get rewards from the network after they have carried out some specific task useful for the network. While in some cases the proof of some utility or service…
▽ More
As cryptographic tokens and altcoins are increasingly being built to serve as utility tokens, the notion of useful work consensus protocols, as opposed to number-crunching PoW consensus, is becoming ever more important. In such contexts, users get rewards from the network after they have carried out some specific task useful for the network. While in some cases the proof of some utility or service can be proved, the majority of tasks are impossible to verify. In order to deal with such cases, we design Proof-of-Prestige (PoP) - a reward system that can run on top of Proof-of-Stake blockchains. PoP introduces prestige which is a volatile resource and, in contrast to coins, regenerates over time. Prestige can be gained by performing useful work, spent when benefiting from services and directly translates to users minting power. PoP is resistant against Sybil and Collude attacks and can be used to reward workers for completing unverifiable tasks, while kee** the system free for the end-users. We use two exemplar use-cases to showcase the usefulness of PoP and we build a simulator to assess the cryptoeconomic behaviour of the system in terms of prestige transfer between nodes.
△ Less
Submitted 8 May, 2019;
originally announced May 2019.
-
AStERISK: Auction-based Shared Economy ResolutIon System for blocKchain
Authors:
Alberto Sonnino,
Michał Król,
Argyrios G. Tasiopoulos,
Ioannis Psaras
Abstract:
Recent developments in blockchains and edge computing allows to deploy decentralized shared economy with utility tokens, where altcoins secure and reward useful work. However, the majority of the systems being developed, does not provide mechanisms to pair workers and clients, or rely on manual and insecure resolution. AStERISK bridges this gap allowing to perform sealed-bid auctions on blockchain…
▽ More
Recent developments in blockchains and edge computing allows to deploy decentralized shared economy with utility tokens, where altcoins secure and reward useful work. However, the majority of the systems being developed, does not provide mechanisms to pair workers and clients, or rely on manual and insecure resolution. AStERISK bridges this gap allowing to perform sealed-bid auctions on blockchains, automatically determine the most optimal price for services, and assign clients to the most suitable workers. AStERISK allows workers to specify a minimal price for their work, and hide submitted bids as well the identity of the bidders without relying on any centralized party at any point. We provide a smart contract implementation of AStERISK and show how to deploy it within the Filecoin network, and perform an initial benchmark on Chainspace.
△ Less
Submitted 23 January, 2019;
originally announced January 2019.
-
SPOC: Secure Payments for Outsourced Computations
Authors:
Michał Król,
Ioannis Psaras
Abstract:
Constrained devices in IoT networks often require to outsource resource-heavy computations or data processing tasks. Currently, most of those jobs are done in the centralised cloud. However, with rapidly increasing number of devices and amount of produced data, edge computing represents a much more efficient solution decreasing the cost, the delay and improves users' privacy. To enable wide deploy…
▽ More
Constrained devices in IoT networks often require to outsource resource-heavy computations or data processing tasks. Currently, most of those jobs are done in the centralised cloud. However, with rapidly increasing number of devices and amount of produced data, edge computing represents a much more efficient solution decreasing the cost, the delay and improves users' privacy. To enable wide deployment of execution nodes at the edge, the requesting devices require a way to pay for submitted tasks. We present SPOC - a secure payment system for networks where nodes distrust each other. SPOC allows any node to execute tasks, includes result verification and enforce users' proper behaviour without 3rd parties, replication or costly proof of computations. We implement our system using Ethereum Smart Contracts and Intel SGX and present first evaluation proving its security and low usage cost.
△ Less
Submitted 17 July, 2018;
originally announced July 2018.
-
Airtnt: Fair Exchange Payment for Outsourced Secure Enclave Computations
Authors:
Mustafa Al-Bassam,
Alberto Sonnino,
Michał Król,
Ioannis Psaras
Abstract:
We present Airtnt, a novel scheme that enables users with CPUs that support Trusted Execution Environments (TEEs) and remote attestation to rent out computing time on secure enclaves to untrusted users. Airtnt makes use of the attestation capabilities of TEEs and smart contracts on distributed ledgers to guarantee the fair exchange of the payment and the result of an execution. Airtnt makes use of…
▽ More
We present Airtnt, a novel scheme that enables users with CPUs that support Trusted Execution Environments (TEEs) and remote attestation to rent out computing time on secure enclaves to untrusted users. Airtnt makes use of the attestation capabilities of TEEs and smart contracts on distributed ledgers to guarantee the fair exchange of the payment and the result of an execution. Airtnt makes use of off-chain payment channels to allow requesters to pay executing nodes for intermediate "snapshots" of the state of an execution. Effectively, this step-by-step "compute-payment" cycle realises untrusted pay-as-you-go micropayments for computation. Neither the requester nor the executing node can walk away and incur monetary loss to the other party. This also allows requesters to continue executions on other executing nodes if the original executing node becomes unavailable or goes offline.
△ Less
Submitted 16 May, 2018;
originally announced May 2018.