Skip to main content
SpringerLink
Log in

Attainable Hacks on Keystore Files in Ethereum Wallets—A Systematic Analysis

  • Conference paper
  • First Online:
Future Network Systems and Security (FNSS 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1113))

Included in the following conference series:

Abstract

Ethereum is a popular Blockchain platform that allows users to manage their cryptocurrency transactions through the wallets. Ethereum wallet helps interact with the blockchain network easily, and it keeps Ethereum cryptocurrency (Ether) transaction data of its users. The use of Ethereum and wallets grows rapidly. Since they handle huge value of crypto assets, attackers are keen to hack and steal Ethers from Ethereum wallets. But there lacks comprehensive security analysis, especially on keystore files in Ethereum wallets. There were a few incidents occurred with huge loss of Ethers in Etheruem wallets within the last five years. In this paper, we conducted a systematic analysis on hacking methods from the existing literature and conducted experiments to find how the Ethereum wallet’s keystore file is vulnerable to the adversaries. Since the keystore file is secured with a password, we have used the brute-force and the dictionary attack to crack the password of the keystore file in Ethereum wallets. Our results showed that the dictionary attack is more efficient to hack the keystore file than the brute-force attack. Further, the keystore file is less vulnerable, if it is used complex password credentials.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Blockchain platform: Ethereum. https://www.ethereum.org/

  2. Etherchain - The Ethereum Blockchain Explorer. https://www.etherchain.org/

  3. Ethereum Wallet Attacks and Countermeasure Assnalysis. https://github.com/coddec/ethereum-attack-countermeasure/tree/master/

  4. Etherscan - The Ethereum Blockchain Explorer. https://etherscan.io/

  5. Geth - The Go Implementation of Ethereum Protocol. https://github.com/ethereum/mist/

  6. Geth - The Go Implementation of Ethereum Protocol. https://geth.ethereum.org/

  7. Hashcat - An advanced password recovery tool. https://hashcat.net/hashcat/

  8. Hashcat 4.2.1.7 - Download Software files. https://hashcat.net/files/hashcat-4.2.1.7z

  9. MyEtherWallet - The Ethereum Original Wallet. https://www.myetherwallet.com/

  10. Parity Wallet Library. https://github.com/paritytech/parity/blob/4d08e7b0aec46443bf26547b17d10cb302672835/js/src/contracts/snippets/enhanced-wallet.sol

  11. The python script file to convert keystore file to hashcat compatible format. https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/run/ethereum2john.py

  12. Ethereum Foundation. Ethereum’s white paper (2014). https://github.com/ethereum/wiki/wiki/White-Paper

  13. An In-Depth Look at the Parity Multisig Bug (2016). http://hackingdistributed.com/2017/07/22/deep-dive-parity-bug/

  14. Abe, J.: Bitcoin, wallet management and network security management with storage components: a model (2018)

    Google Scholar 

  15. Alwen, J., Chen, B., Pietrzak, K., Reyzin, L., Tessaro, S.: Scrypt is maximally memory-hard. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10212, pp. 33–62. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56617-7_2

    Chapter  Google Scholar 

  16. Antonopoulos, A.M., Wood, G.: Mastering Ethereum: Building Smart Contracts and DApps. O’Reilly Media, Sebastopol (2018)

    Google Scholar 

  17. Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on ethereum smart contracts (SoK). In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 164–186. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54455-6_8

    Chapter  Google Scholar 

  18. Campbell, J., Ma, W., Kleeman, D.: Impact of restrictive composition policy on user password choices. Behav. Inf. Technol. 30(3), 379–388 (2011)

    Article  Google Scholar 

  19. Canali, D., Balzarotti, D.: Behind the scenes of online attacks: an analysis of exploitation behaviors on the web. In: 20th Annual Network & Distributed System Security Symposium (NDSS 2013) (2013)

    Google Scholar 

  20. Cao, Y., Chen, Z., Li, S., Wu, S.: Deterministic browser. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 163–178. ACM (2017)

    Google Scholar 

  21. Chen, Q.A., Osterweil, E., Thomas, M., Mao, Z.M.: MitM attack by name collision: cause analysis and vulnerability assessment in the new gTLD era. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 675–690. IEEE (2016)

    Google Scholar 

  22. Chen, Q.A., Thomas, M., Osterweil, E., Cao, Y., You, J., Mao, Z.M.: Client-side name collision vulnerability in the new gTLD era: a systematic study. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 941–956. ACM (2017)

    Google Scholar 

  23. Chen, T., et al.: Understanding ethereum via graph analysis. In: Proceedings of INFOCOM (2018)

    Google Scholar 

  24. Dannen, C.: Introducing Ethereum and Solidity. Springer, Heidelberg (2017). https://doi.org/10.1007/978-1-4842-2535-6

    Book  Google Scholar 

  25. Das, A., Borisov, N., Caesar, M.: Tracking mobile web users through motion sensors: attacks and defenses. In: NDSS (2016)

    Google Scholar 

  26. Ge, X., Payer, M., Jaeger, T.: An evil copy: how the loader betrays you. In: NDSS (2017)

    Google Scholar 

  27. Gelernter, N., Kalma, S., Magnezi, B., Porcilan, H.: The password reset MitM attack. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 251–267. IEEE (2017)

    Google Scholar 

  28. Genkin, D., Pachmanov, L., Pipman, I., Tromer, E., Yarom, Y.: ECDSA key extraction from mobile devices via nonintrusive physical side channels. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1626–1638. ACM (2016)

    Google Scholar 

  29. Han, X., Kheir, N., Balzarotti, D.: Phisheye: live monitoring of sandboxed phishing kits. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1402–1413. ACM (2016)

    Google Scholar 

  30. He, S., et al.: A social-network-based cryptocurrency wallet-management scheme. IEEE Access 6, 7654–7663 (2018)

    Article  Google Scholar 

  31. Hojjati, A., et al.: Leave your phone at the door: side channels that reveal factory floor secrets. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 883–894. ACM (2016)

    Google Scholar 

  32. Homoliak, I., Breitenbacher, D., Binder, A., Szalachowski, P.: An air-gapped 2-factor authentication for smart-contract wallets (2018). https://doi.org/10.13140/RG.2.2.11358.69445

  33. Houshmand, S., Aggarwal, S., Flood, R.: Next Gen PCFG password cracking. IEEE Trans. Inf. Forensics Secur. 10(8), 1776–1791 (2015)

    Article  Google Scholar 

  34. Hranickỳ, R., Zobal, L., Ryšavỳ, O., Kolář, D.: Distributed password cracking with BOINC and hashcat. Digit. Investig. 30, 161–172 (2019)

    Article  Google Scholar 

  35. Invernizzi, L., Thomas, K., Kapravelos, A., Comanescu, O., Picod, J.M., Bursztein, E.: Cloak of visibility: detecting when machines browse a different web. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 743–758. IEEE (2016)

    Google Scholar 

  36. Jero, S., Koch, W., Skowyra, R., Okhravi, H., Nita-Rotaru, C., Bigelow, D.: Identifier binding attacks and defenses in software-defined networks. In: 26th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 2017), pp. 415–432 (2017)

    Google Scholar 

  37. Jin, X., Hu, X., Ying, K., Du, W., Yin, H., Peri, G.N.: Code injection attacks on HTML5-based mobile apps: characterization, detection and mitigation. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 66–77. ACM (2014)

    Google Scholar 

  38. Karapanos, N., Capkun, S.: On the effective prevention of \(\{\)TLS\(\}\) man-in-the-middle attacks in web applications. In: 23rd \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 2014), pp. 671–686 (2014)

    Google Scholar 

  39. Kogan, D., Manohar, N., Boneh, D.: T/key: second-factor authentication from secure hash chains. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 983–999. ACM (2017)

    Google Scholar 

  40. Lauinger, T., Chaabane, A., Arshad, S., Robertson, W., Wilson, C., Kirda, E.: Thou shalt not depend on me: analysing the use of outdated javascript libraries on the web. arXiv preprint arXiv:1811.00918 (2018)

  41. Li, T., et al.: Unleashing the walking dead: understanding cross-app remote infections on mobile webviews. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 829–844. ACM (2017)

    Google Scholar 

  42. Li, X., Jiang, P., Chen, T., Luo, X., Wen, Q.: A survey on the security of blockchain systems. Futur. Gener. Comput. Syst. (2017)

    Google Scholar 

  43. Lin, I.C., Liao, T.C.: A survey of blockchain security issues and challenges. IJ Netw. Secur. 19(5), 653–659 (2017)

    Google Scholar 

  44. Luo, M., Starov, O., Honarmand, N., Nikiforakis, N.: Hindsight: understanding the evolution of UI vulnerabilities in mobile browsers. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 149–162. ACM (2017)

    Google Scholar 

  45. Meng, W., Xing, X., Sheth, A., Weinsberg, U., Lee, W.: Your online interests: Pwned! a pollution attack against targeted advertising. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 129–140. ACM (2014)

    Google Scholar 

  46. Monshizadeh, M., Naldurg, P., Venkatakrishnan, V.: MACE: detecting privilege escalation vulnerabilities in web applications. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 690–701. ACM (2014)

    Google Scholar 

  47. Muthukumaran, D., O’Keeffe, D., Priebe, C., Eyers, D., Shand, B., Pietzuch, P.: Flowwatcher: defending against data disclosure vulnerabilities in web applications. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 603–615. ACM (2015)

    Google Scholar 

  48. Naiakshina, A., Danilova, A., Tiefenau, C., Herzog, M., Dechand, S., Smith, M.: Why do developers get password storage wrong?: a qualitative usability study. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 311–328. ACM (2017)

    Google Scholar 

  49. Palladino, S.: The parity wallet hack explained, July 2017. https://blog.zeppelin.solutions/on-the-parity-wallet-multisig-hack-405a8c12e8f7

  50. Redini, N., et al.: Bootstomp: on the security of bootloaders in mobile devices. In: 26th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 2017), pp. 781–798 (2017)

    Google Scholar 

  51. Sanchez-Rola, I., Santos, I., Balzarotti, D.: Extension breakdown: security analysis of browsers extension resources control policies. In: 26th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 2017), pp. 679–694 (2017)

    Google Scholar 

  52. Shan, H., Wang, Q., Pu, C.: Tail attacks on web applications. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1725–1739. ACM (2017)

    Google Scholar 

  53. Silver, D., Jana, S., Boneh, D., Chen, E., Jackson, C.: Password managers: attacks and defenses. In: 23rd \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 2014), pp. 449–464 (2014)

    Google Scholar 

  54. Song, Y., Cai, Z., Zhang, Z.L.: Multi-touch authentication using hand geometry and behavioral information. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 357–372. IEEE (2017)

    Google Scholar 

  55. Soska, K., Christin, N.: Automatically detecting vulnerable websites before they turn malicious. In: 23rd \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 2014), pp. 625–640 (2014)

    Google Scholar 

  56. Su, Y., Genkin, D., Ranasinghe, D., Yarom, Y.: \(\{\)USB\(\}\) snooping made easy: crosstalk leakage attacks on \(\{\)USB\(\}\) hubs. In: 26th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 2017), pp. 1145–1161 (2017)

    Google Scholar 

  57. Tajalizadehkhoob, S., et al.: Herding vulnerable cats: a statistical approach to disentangle joint responsibility for web security in shared hosting. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 553–567. ACM (2017)

    Google Scholar 

  58. Tatlı, E.I.: Cracking more password hashes with patterns. IEEE Trans. Inf. Forensics Secur. 10(8), 1656–1665 (2015)

    Article  Google Scholar 

  59. Tian, D.J., Bates, A., Butler, K.R., Rangaswami, R.: ProvUSB: Block-level provenance-based data protection for USB storage devices. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 242–253. ACM (2016)

    Google Scholar 

  60. Valenta, M., Sandner, P.: Comparison of ethereum, hyperledger fabric and corda. [ebook] Frankfurt School, Blockchain Center (2017)

    Google Scholar 

  61. Vanhoef, M., Piessens, F.: Key reinstallation attacks: forcing nonce reuse in WPA2. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1313–1328. ACM (2017)

    Google Scholar 

  62. Varadarajan, V., Zhang, Y., Ristenpart, T., Swift, M.: A placement vulnerability study in multi-tenant public clouds. In: 24th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 2015), pp. 913–928 (2015)

    Google Scholar 

  63. Vissers, T., Barron, T., Van Goethem, T., Joosen, W., Nikiforakis, N.: The wolf of name street: hijacking domains through their nameservers. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 957–970. ACM (2017)

    Google Scholar 

  64. Wash, R., Rader, E., Berman, R., Wellmer, Z.: Understanding password choices: how frequently entered passwords are re-used across websites. In: Twelfth Symposium on Usable Privacy and Security (\(\{\)SOUPS\(\}\) 2016), pp. 175–188 (2016)

    Google Scholar 

  65. Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Proj. Yellow Pap. 151, 1–32 (2014)

    Google Scholar 

  66. Wressnegger, C., Yamaguchi, F., Maier, A., Rieck, K.: Twice the bits, twice the trouble: vulnerabilities induced by migrating to 64-bit platforms. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 541–552. ACM (2016)

    Google Scholar 

  67. Xiao, Y., Li, M., Chen, S., Zhang, Y.: Stacco: differentially analyzing side-channel traces for detecting SSL/TLS vulnerabilities in secure enclaves. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 859–874. ACM (2017)

    Google Scholar 

  68. Yli-Huumo, J., Ko, D., Choi, S., Park, S., Smolander, K.: Where is current research on blockchain technology? A systematic review. PloS ONE 11(10), e0163477 (2016)

    Article  Google Scholar 

  69. Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-tenant side-channel attacks in PaaS clouds. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 990–1003. ACM (2014)

    Google Scholar 

  70. Zuo, C., Zhao, Q., Lin, Z.: Authscope: towards automatic discovery of vulnerable authorizations in online services. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 799–813. ACM (2017)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of IT, Deakin University, Geelong, VIC, 3220, Australia

    Purathani Praitheeshan, Yi Wei Xin, Lei Pan & Robin Doss

Authors
  1. Purathani Praitheeshan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yi Wei Xin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lei Pan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Robin Doss
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Purathani Praitheeshan .

Editor information

Editors and Affiliations

  1. Deakin University, Burwood, VIC, Australia

    Robin Doss

  2. University of Florida, Gainesville, FL, USA

    Selwyn Piramuthu

  3. Information & Operations Management, ESCP Europe, PARIS, France

    Wei Zhou

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Praitheeshan, P., Xin, Y.W., Pan, L., Doss, R. (2019). Attainable Hacks on Keystore Files in Ethereum Wallets—A Systematic Analysis. In: Doss, R., Piramuthu, S., Zhou, W. (eds) Future Network Systems and Security. FNSS 2019. Communications in Computer and Information Science, vol 1113. Springer, Cham. https://doi.org/10.1007/978-3-030-34353-8_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-34353-8_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-34352-1

  • Online ISBN: 978-3-030-34353-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation