Security Of Cryptocurrency Using Hardware Wallet And QR Code

Khan, Abdul Ghaffar; Zahid, Amjad Hussain; Hussain, Muzammil; Riaz, Usama

doi:10.1109/icic48496.2019.8966739

Cited by 53 publications

(18 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…However, similar to Bitcoin, the DeFi system suffers from the problem of improper key management. Existing key management methods, such as physical storage [35] [36], offline wallets [37] [38], and password-derived wallets [39], have some drawbacks. In Table 1, we summarize 9 forms of wallets, where local storage is the initial form of local file storage, hardware wallets, and QR code wallets both belong to physical storage wallets, and the remains belong to smart contract wallets.…”

Section: ) Inappropriate Key Managementmentioning

confidence: 99%

“…Key Scheme [35] Improving collaborative key generation and signature [37] Combination with a cold and hot wallet for privacy [101] A practical way to public key encryption [102] A p2p wallet scheme with a routing protocol [103] A lightweight wallet based on TEE [104] A new scheme for creating sub-wallet keys [105] The shared key generated by T-ECDSA for signing [106] Combine signatures into one based on bloom filter…”

Section: Referencementioning

confidence: 99%

“…Combined with software and hardware, two android applications created in [37] provide privacy protection. It contains a cold wallet with key storage in the form of QR codes and a hot wallet for sending transactions, respectively.…”

Section: Referencementioning

confidence: 99%

See 2 more Smart Citations

A Survey of DeFi Security: Challenges and Opportunities

Li¹,

Bu²,

Li³

et al. 2022

Preprint

View full text Add to dashboard Cite

Decentralized finance (DeFi), which is a promising domain since the era of blockchain 2.0, locked $200 billion in April 2022. However, it quickly dropped to $100 billion in May 2022, which makes us realize that security issues in this area are still a challenging job. DeFi is more complex than traditional finance because it is decentralized through blockchain and without a trustworthy third-party institution to act as a guarantee. So it owns not only financial properties but also technical aspects. Existing synthesis work for DeFi tends to ignore the relevance of various layers of security for the whole system. In addition, distinct layers have different means of protection against specific vulnerabilities, which is not considered by existing analytical work. In this paper, we perform a vulnerability analysis for the entire technology layer of the DeFi application, and then we collect the most impactive attacks in recent years. Finally, we summarize the existing optimization approaches for different layers and provide some challenges and future directions.

show abstract

Section: ) Inappropriate Key Managementmentioning

confidence: 99%

Section: Referencementioning

confidence: 99%

See 1 more Smart Citation

A Survey of DeFi Security: Challenges and Opportunities

Li¹,

Bu²,

Li³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…There are guarantees with Blockchain innovation in countering security shortcomings, expanding information honesty, and changing the way toward performing exchanges into a permanent, straightforward, and decentralized design. Further works need to develop security norms and dangers as bearings on square-based frameworks security [30].…”

Section: Literature Reviewmentioning

confidence: 99%

Blockchain-Based IoT Devices in Supply Chain Management: A Systematic Literature Review

et al. 2021

Self Cite

View full text Add to dashboard Cite

Through recent progress, the forms of modern supply chains have evolved into complex networks. The supply chain management systems face a variety of challenges. These include lack of visibility of the upstream party (Provider) to the downstream party (Client); lack of flexibility in the face of sudden variations in demand and control of operating costs; lack of reliance on safety stakeholders; ineffective management of supply chain risks. Blockchain (BC) is used in the supply chain to overcome the growing demands for items. The Internet of Things (IoT) is a profoundly encouraging innovation that can help companies observe, track, and monitor products, activities, and processes within their respective value chain networks. Research establishments and logical gatherings are ceaselessly attempting to answer IoT gadgets in supply chain management. This paper presents orderly writing on and reviewing of Blockchain-based IoT advances and their current usage. We discuss the smart devices used in this system and which device is the most appropriate in the supply chain. This paper also looks at future examination themes in blockchain-based IoT, referred to as the executive’s framework production network. The essential deliberate writing audit has been consolidated by surveying research articles circulated in highly reputable publications between 2016 and 2021. Lastly, current issues and challenges are present to provide researchers with promising future directions in IoT supply chain management systems.

show abstract

“…Unfortunately, the described chain of actions has a weak link: the attacker does not need to compromise the wallet to steal funds -it is sufficient to tamper with the transaction data sent for signing by falsifying the address of the recipient of funds. A recent formal security analysis by Khan et al [5] formally proves that under normal cryptographic assumptions, the user of a hardware wallet plays a crucial role in its security. One way to target the user of the hardware crypto wallet is to substitute the transaction recipient address and covertly replace it in the clipboard of the operating system.…”

Section: Introductionmentioning

confidence: 99%

EthClipper: A Clipboard Meddling Attack on Hardware Wallets with Address Verification Evasion

Иванов¹,

Yan²

2021

Preprint

View full text Add to dashboard Cite

Hardware wallets are designed to withstand malware attacks by isolating their private keys from the cyberspace, but they are vulnerable to the attacks that fake an address stored in a clipboard. To prevent such attacks, a hardware wallet asks the user to verify the recipient address shown on the wallet display. Since crypto addresses are long sequences of random symbols, their manual verification becomes a difficult task. Consequently, many users of hardware wallets elect to verify only a few symbols in the address, and this can be exploited by an attacker. In this work, we introduce EthClipper, an attack that targets owners of hardware wallets on the Ethereum platform. EthClipper malware queries a distributed database of pre-mined accounts in order to select the address with maximum visual similarity to the original one. We design and implement a EthClipper malware, which we test on Trezor, Ledger, and KeepKey wallets. To deliver computation and storage resources for the attack, we implement a distributed service, ClipperCloud, and test it on different deployment environments. Our evaluation shows that with off-the-shelf PCs and NAS storage, an attacker would be able to mine a database capable of matching 25% of the digits in an address to achieve a 50% chance of finding a fitting fake address. For responsible disclosure, we have contacted the manufactures of the hardware wallets used in the attack evaluation, and they all confirm the danger of EthClipper.

show abstract

Security Of Cryptocurrency Using Hardware Wallet And QR Code

Cited by 53 publications

References 10 publications

A Survey of DeFi Security: Challenges and Opportunities

A Survey of DeFi Security: Challenges and Opportunities

Blockchain-Based IoT Devices in Supply Chain Management: A Systematic Literature Review

EthClipper: A Clipboard Meddling Attack on Hardware Wallets with Address Verification Evasion

Contact Info

Product

Resources

About