Author

Topic: [2015-12-21] Report: National Security Implications of Virtual Currency (Read 214 times)

legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
National Security Implications of Virtual Currency

Level I and II

    DDOS
    51%, not specifically by accruing mining power but instead compromising mining pools via hacking or otherwise. "In such a manner, an attacker with relatively little initial resources could mount a 51 percent attack on Bit- coin."
    Compromising 3rd parties, either degrading service or stealing keys

Level III and IV


    Zero day attacks, vague references to this consensus code implicating hard forks
    Zero day attacks to take control of pool operators and 51%. "Even in the decentralized case, advanced opponents can successfully exploit specific targets with high probability and canpublically target high-net-worth individuals to reduce confidence in the currency (or can randomly target average citizens to sow distrust)."
    "Tier IV opponents would likely have the capability to construct and use zero-day exploits against critical VC services such as exchanges and wallets as well as cell-phone applications used to conduct everyday transactions. Indeed, they may look to use fake permissions and certificates to install applications that subvert (or spy on) user VC applications. They would then either disrupt those applications or publicize vulnerabilities to degrade confidence in a VC."

Level V and VI


    Supply chain attacks. "Weakening of hardware, backdoors in hardware and software. They might target cell phones or other hardware, including computers used as servers for critical VC services or special-purpose hardware used for mining, and corrupt them before delivery."
    Broken cryptography.
    Human attacks. "to bribe or otherwise co-opt such per- sonnel, either within a VC’s organization or at other organizations that provide critical services to a VC."

Defense


    "A sophisticated nation-state is the most capable actor to ensure this security, which is another reason why a VC has the greatest chance for cyber survival when a non-state actor is supported by a nation-state that possesses cyber sophistication. At the very least, the level of sophistication and investment to success- fully attack a VC would be raised, making any opponent’s decision calculus to attack a VC more complicated."

https://www.rand.org/content/dam/rand/pubs/research_reports/RR1200/RR1231/RAND_RR1231.pdf
Jump to: