DOI QR코드

DOI QR Code

A Study on Privilege Elevation Attack Management for Smart Transaction Security on BlockChain Etherium Based System

  • Received : 2019.02.20
  • Accepted : 2019.04.11
  • Published : 2019.04.30

Abstract

IAs smart device penetration rate is more than 90%, mobile transaction ratio using smart device is increasing. Smart contracts are used in various areas of real life including smart trading. By applying smart contracts to the platform for smart transactions through block-chain technology, the threat of hacking or forgery can be reduced. However, various threats to devices in smart transactions can pose a threat to the use of block chain Etherium, an important element in privilege and personal information management. Smart contract used in block chain Ethereum includes important information or transaction details of users. Therefore, in case of an attack of privilege elevation, it is very likely to exploit transaction details or forge or tamper with personal information inquiry. In this paper, we propose a detection and countermeasure method for privilege escalation attack, which is especially important for block chain for secure smart transaction using block chain Ethereum. When comparing the results of this study with the results of similar applications and researches, we showed about 12~13% improvement in performance and suggested the future countermeasures through packet analysis.

CPTSCQ_2019_v24n4_65_f0001.png 이미지

Fig. 1. Infection code through packing file[12]

CPTSCQ_2019_v24n4_65_f0002.png 이미지

Fig. 3. Aurasium layer correspondence[16]

CPTSCQ_2019_v24n4_65_f0003.png 이미지

Fig. 4. processing process

CPTSCQ_2019_v24n4_65_f0004.png 이미지

Fig. 5. binder_transaction detail processing

CPTSCQ_2019_v24n4_65_f0005.png 이미지

Fig. 6. Warning screen

CPTSCQ_2019_v24n4_65_f0006.png 이미지

Fig. 7. IPC delivery process

CPTSCQ_2019_v24n4_65_f0007.png 이미지

Fig. 8. Docker compose configuration

CPTSCQ_2019_v24n4_65_f0008.png 이미지

Fig. 9. Part of sample programs

CPTSCQ_2019_v24n4_65_f0009.png 이미지

Fig. 10. Packet analysis capture screen via wirewhark

CPTSCQ_2019_v24n4_65_f0010.png 이미지

Fig. 11. xml screenshot for results

CPTSCQ_2019_v24n4_65_f0011.png 이미지

Fig. 12. Check for malware detection and screen for route confirmation

CPTSCQ_2019_v24n4_65_f0012.png 이미지

Fig. 13. Performance evaluation graph

CPTSCQ_2019_v24n4_65_f0013.png 이미지

Fig. 2. TraintDroid layer correspondence[15]

Table 1. Smart trading market growth rate forecast[4]

CPTSCQ_2019_v24n4_65_t0001.png 이미지

Table 2. Characteristics of Blockchain[6]

CPTSCQ_2019_v24n4_65_t0002.png 이미지

Table 3. Scenario using Blockchain technology[8]

CPTSCQ_2019_v24n4_65_t0003.png 이미지

Table 4. Malicious code type classification[13,14]

CPTSCQ_2019_v24n4_65_t0004.png 이미지

Table 5. part of Struct for detection code

CPTSCQ_2019_v24n4_65_t0005.png 이미지

Table 6. Experiment environment

CPTSCQ_2019_v24n4_65_t0006.png 이미지

Table 7. Performance evaluation

CPTSCQ_2019_v24n4_65_t0007.png 이미지

References

  1. Min.K.S, "Online shopping trend survey," National Statistical Office, 2019.
  2. Lee.S.H, "Device Authentication for Smart Grid System Using Block Chain," KAIST, 2016.
  3. The Cointelegraph, A Brief History of Ethereum From Vitalik Buterin's Idea to Release, https://cointelegraph.com/news/ethereum-101-from-idea-to-release
  4. Information and Communication Policy Institute, "Online marketing trend, " 2018
  5. Lim.M.H, "Impacts and Implications of Block Chain Technology," Information and Communication Technology Promotion Center, 2017.
  6. Kang.S.J, "Understanding and Development Status of Block Chain Technology and Implications," The 4th Industrial Revolution and Soft Power Issue Report by the Information and Communication Industry Promotion Agency, No.13, 2018.
  7. Block Chain & PinTech leads 'smart finance,' http://www.etnews.com/20180816000425
  8. Ernst & Young Global Limited, https://www.ey.com/kr/ko/home
  9. 5Miles, https://www.5mils.com
  10. Block Chain - Fancy or Innovative, http://news.khan.co. kr/kh_news/khan_art_view.html?artid=201902070600055&code=940100
  11. Gartner, https://www.gartner.com/en
  12. Mcafee, https://www.mcafee.com/ko-kr/index.html
  13. Zhou,Y.,& Jiang,X, "Dissecting android malware:Charac terizationand evolution.InSecurityandPrivacy," 2012 IEEE Symposium pp.95-109, 2012.
  14. JIANG. X, "Gingermaster: First andorid malware utilzing a root exploit on android 2.3," NC State University,2011.
  15. William Enck & Peter Gilbert & Byung-Gon Chun, "TaintDroid:aninformation-flow trackingsystem forrealtimeprivacy monitoring on smartphones, " InProceeding sof the 9th USENIX conference on Operating systems design and implementation, pp.1-6, 2014.
  16. Xu.R. & Saidi.H & Anderson.R, "Aurasium:Practical policy enforcement for android applications," InProceeding sof the 21st USENIX conferenceon Security symposium, pp.27-27, 2012.