BeatCoin: Leaking Private Keys from Air-Gapped Cryptocurrency Wallets

Guri, Mordechai

doi:10.1109/cybermatics_2018.2018.00227

Cited by 26 publications

(15 citation statements)

References 40 publications

(57 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is true of systems which are not connected to the Internet or those that have no external gateway access. The real threat comes from air-gap bridging which involves creating a communication medium over a protected network [12].…”

Section: When Emanation Side Channel Meets Critical Datamentioning

confidence: 99%

Whispering Devices: A Survey on How Side-channels Lead to Compromised Information

et al. 2021

View full text Add to dashboard Cite

While operating, information processing devices or communication systems may emit unwanted signals (or alter existing ones) through electromagnetic waves, light, sound or power drain. These side-channels can be intercepted by anyone with scientific or technical knowledge and appropriate equipment, leading to a potentially high risk of security breaches. This survey focuses on these emanation side-channels and provides an extensive literature review. To provide an in-depth analysis despite the variety of attacks, we propose to classify the sidechannels based on their criticality, their intentionality, the type of attackers, and the physical medium. Illustrative use-cases are presented and serve as a basis to infer individual threats. Particular attention is paid to electromagnetic side-channels which exhibit the highest criticality and have therefore been used in the most recent attacks. The main characteristics of the sidechannels revealed by state-of-the-art papers are summarized and recommendations on countermeasures are provided to protect any sensitive equipment.

show abstract

Section: When Emanation Side Channel Meets Critical Datamentioning

confidence: 99%

Whispering Devices: A Survey on How Side-channels Lead to Compromised Information

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Such bank and regulatory requirements can change over time, and there has been little research on the ways in which offenders circumvent (or fail to circumvent) these shifting anti-money laundering processes. In addition to directly stealing money, offenders employ data theft, often through the use of phishing attacks or the deployment of trojans (Etaher, Weir, and Alazab 2015; Guri 2018;Aston et al 2009), to gain personal identifying information (PII), payment information, login credentials, or other sensitive data. This data then facilitates future theft.…”

Section: Coerced Transactionsmentioning

confidence: 99%

Evaluating Criminal Transactional Methods in Cyberspace as Understood in an International Context

et al. 2021

View full text Add to dashboard Cite

McMurdie 2016), due to the quickly-evolving and vast nature of these crimes (Holt 2018), which typically involve more effort and cross-border expense and access difficulties than do most offline crimes in the Pursue mode. Policing has been slow to adjust to the rise of digital crimes and fraud, not least because it often means giving up functions currently performed, which meet resistance (HMICFRS 2019a(HMICFRS , 2019b."Effectiveness" in policing cybercrime needs to be clearly defined and should be seen on a spectrum. The evolution of cybercrime and cyber offender strategies is fast paced, making studying and reporting on them a difficult task. In addition to this challenge, the vast majority of research is undertaken, produced, and disseminated in English and focuses on a minority of sites where actively publishing western academics are based (Cross 2018).Yet, the scope of cyber offenders, their involvement in a range of illegal activities, and the costs of policing cyber offenders, stemming from cross-jurisdictional offences, generate serious concerns for law enforcement agencies throughout the world (Carroll and Windle 2018; Gilmour 2014; Malby et al. 2013). However, little is known about the attitudes of law enforcement towards cyber offenders in those countries in which statesponsored and state-tolerated cyber offending occurs: it is simply assumed or inferred from unsuccessful pursuit that little is being done there, at least until they victimise their local populations, setting aside often well-informed and severe reactions to those deemed to be "political opponents" or acting without authorisation from those in power. Cyber offenders operate broadly across borders, creating mutual legal assistance problems, which arise from variation in legal definitions provided by different statutes (Harkin, Whelan, and Chang 2018; McMurdie 2016) as well as institutional problems of conflicting priorities even where the offenders are not statesponsored or state-tolerated/corruptors. Except where political pressure or comity can be applied from abroad, enforcement agencies generally prioritise their domestic cases over international ones. As a result, cyber offenders encounter police services that differ in their approaches for detecting, investigating, and disrupting incidents associated with cyber offenders and their collaborators/competitors. These discrepancies, in turn, lead to uncertainties about the use of disruption strategies and their effectiveness, particularly in cross-border contexts, in addition to any uncertainties for evaluations arising from uneven but generally poor data availability.With limited resources and expertise, especially in opportunity principle countries where discretion is formally allowed, 1 law enforcement must make explicit or implicit strategic decisions in its approach, focusing on what it believes will yield the largest impacts while working within the political and economic constraints of its local CrimRxiv Evaluating Criminal Transactional Methods in Cyberspace as Understood in...

show abstract

“…al. [15] proposed a threshold signature scheme compatible with bitcoins signature by using Elliptic Curve Digital Signature Algorithm providing security policy of shared control of a wallet in which each player gets only a single share. Dikshit et al scheme [16] proposed an extend the weighted threshold ECDSA scheme.…”

Section: Scheme Comparisonmentioning

confidence: 99%

“…There is mainly a private key generation scheme combining random seed with a password in the user's private key generation arena, using random seed and password stored in the local device to generate private keys [13]. In the private key storage arena, the main solutions are local storage, offline storage [14], encrypted wallet, account custody [15], and hierarchical deterministic wallet [16,17]. In the private key use arena, multi-signature [18][19][20] and threshold signature schemes [21,22] are mainly proposed.…”

Section: Introductionmentioning

confidence: 99%

Recoverable Private Key Scheme for Consortium Blockchain Based on Verifiable Secret Sharing

Li¹,

You²,

Hu³

et al. 2021

KSII TIIS

View full text Add to dashboard Cite

As a current popular technology, the blockchain has a serious issue: the private key cannot be retrieved due to force majeure. Since the outcome of the blockchain-based Bitcoin, there have been many occurrences of the users who lost or forgot their private keys and could not retrieve their token wallets, and it may cause the permanent loss of their corresponding blockchain accounts, resulting in irreparable losses for the users. We propose a recoverable private key scheme for consortium blockchain based on the verifiable secret sharing which can enable the user's private key in the consortium blockchain to be securely recovered through a verifiable secret sharing method. In our secret sharing scheme, users use the biometric keys to encrypt shares, and the preset committer peers in the consortium blockchain act as the participants to store the users' private key shares. Due to the particularity of the biometric key, only the user can complete the correct secret recovery. Our comparisons with the existing mnemonic systems or the multi-signature schemes have shown that our scheme can allow users to recover their private keys without storing the passwords accurately. Hence, our scheme can improve the account security and recoverability of the data-sharing systems across physical and virtual platforms that use blockchain technology.

show abstract

BeatCoin: Leaking Private Keys from Air-Gapped Cryptocurrency Wallets

Cited by 26 publications

References 40 publications

Whispering Devices: A Survey on How Side-channels Lead to Compromised Information

Whispering Devices: A Survey on How Side-channels Lead to Compromised Information

Evaluating Criminal Transactional Methods in Cyberspace as Understood in an International Context

Recoverable Private Key Scheme for Consortium Blockchain Based on Verifiable Secret Sharing

Contact Info

Product

Resources

About