{"id":19954,"date":"2017-05-30T12:07:00","date_gmt":"2017-05-30T16:07:00","guid":{"rendered":"https:\/\/www.tun.com\/blog\/?p=19954"},"modified":"2021-05-21T07:39:02","modified_gmt":"2021-05-21T11:39:02","slug":"mit-online-identity-theft-bitcoin","status":"publish","type":"post","link":"https:\/\/www.tun.com\/blog\/mit-online-identity-theft-bitcoin\/","title":{"rendered":"MIT Researchers Thwart Online Identity Theft by Piggybacking onto Bitcoin"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">MIT researchers have designed a <\/span><a href=\"http:\/\/news.mit.edu\/2017\/using-bitcoin-prevent-identity-theft-0524\"><span style=\"font-weight: 400;\">solution<\/span><\/a><span style=\"font-weight: 400;\"> to prevent online identity theft, using bitcoin blockchain technology. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">The system is called Catena, and the researchers are <\/span><a href=\"http:\/\/people.csail.mit.edu\/alinush\/files\/alin-tomescu-cv.pdf\"><span style=\"font-weight: 400;\">Alin Tomescu<\/span><\/a><span style=\"font-weight: 400;\">, a graduate student in electrical engineering and computer science and first author on the paper, and his thesis advisor <\/span><a href=\"http:\/\/people.csail.mit.edu\/devadas\/\"><span style=\"font-weight: 400;\">Srini Devadas<\/span><\/a><span style=\"font-weight: 400;\">, the Edwin Sibley Webster Professor of Electrical Engineering and Computer Science at MIT. Both are members of the <\/span><a href=\"http:\/\/www.csail.mit.edu\/\"><span style=\"font-weight: 400;\">Computer Science and Artificial Intelligence Laboratory<\/span><\/a><span style=\"font-weight: 400;\">, the largest research lab at MIT.<\/span><\/p>\n<figure id=\"attachment_20092\" aria-describedby=\"caption-attachment-20092\" style=\"width: 639px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" class=\"size-full wp-image-20092\" src=\"https:\/\/www.tun.com\/blog\/wp-content\/uploads\/2017\/05\/MIT-leveraging-bitcoin_0.jpg\" alt=\"\" width=\"639\" height=\"426\" \/><figcaption id=\"caption-attachment-20092\" class=\"wp-caption-text\">Image: Christine Daniloff\/MIT<\/figcaption><\/figure>\n<p><span style=\"font-weight: 400;\">MIT has always been on the <\/span><a href=\"https:\/\/www.tun.com\/blog\/universities-and-governments-are-vying-for-blockchain-dominance\/\"><span style=\"font-weight: 400;\">forefront of blockchain<\/span><\/a><span style=\"font-weight: 400;\">, the technology behind the cryptocurrency bitcoin. <\/span><span style=\"font-weight: 400;\">The new system was presented last week during the <\/span><a href=\"https:\/\/www.ieee-security.org\/TC\/SP2017\/\"><span style=\"font-weight: 400;\">2017 <\/span><span style=\"font-weight: 400;\">IEEE Symposium on Security and Privacy<\/span><\/a><span style=\"font-weight: 400;\">. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">Catena is about \u201cefficient non-equivocation\u201d through the use of bitcoin blockchain. It is designed to prevent the problem of equivocation, the creation of false encryption keys &#8212; the man-in-the-middle attack, as Tomescu called it in his presentation &#8212; that trick users into revealing secret information.<\/span><\/p>\n<p><iframe title=\"Catena: Efficient Non-equivocation via Bitcoin\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/Xz12PbLSeVc?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">\u201cOur <\/span><a href=\"http:\/\/people.csail.mit.edu\/alinush\/papers\/catena-sp2017.pdf\"><span style=\"font-weight: 400;\">paper<\/span><\/a><span style=\"font-weight: 400;\"> is about using Bitcoin to prevent online services from getting away with lying,\u201d Tomescu said in a statement. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cWhen you build systems that are distributed and send each other digital signatures, for instance, those systems can be compromised, and they can lie. They can say one thing to one person and one thing to another. And we want to prevent that.\u201d<\/span><\/p>\n<h5><span style=\"color: #333333;\"><b>A simple explanation for why Catena is needed<\/b><\/span><\/h5>\n<p><span style=\"font-weight: 400;\">Tomescu gave a detailed explanation of the need for Catena, as well as its function, in both the video and research paper, but he broke it all down for TUN to make the concept easily understandable by the layman. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cIn order to communicate securely online I need to obtain your public key. Once I have it, I can use it to encrypt a message to you,\u201d Tomescu told TUN. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cThis is more difficult than it sounds, because you might be in California and I might be in Romania so you need to send me your public key over the insecure Internet. As a result, attackers can replace your public key with theirs and thus trick me into encrypting messages straight into their hands. Right now, to solve this problem, you and I place trust into an entity called a Certificate Authority (CA). Specifically, we trust CAs to &#8220;certify&#8221; public keys so that they cannot be modified when sent over the insecure internet.\u201d <\/span><\/p>\n<p><span style=\"font-weight: 400;\">But can CAs be trusted to protect our online identities? Tomescu explained why we can\u2019t trust CAs to do that and why we need Catena. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cHowever, CAs have been compromised or coerced and can still certify &#8220;fake&#8221; keys for you. Thus, I could still be tricked,\u201d said Tomescu. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cThis type of attack is called an equivocation attack: the CA is saying two different things about your identity: it certified two inconsistent public keys as being yours. The question is, can we help you detect such attacks? And the short answer is yes: we can have the CAs publicly and <\/span><em>efficiently<\/em><span style=\"font-weight: 400;\"> log all certifications in Bitcoin, so that you can discover any fake certifications. This will hopefully deter such attacks.\u201d<\/span><\/p>\n<h5><span style=\"color: #333333;\"><b>How Catena can help<\/b><\/span><\/h5>\n<p><span style=\"font-weight: 400;\">Bitcoin was launched in 2009, and is considered reliable because each transaction is recorded on a virtual and dependable ledger, or blockchain, which guards against equivocation. Earlier systems that use bitcoin security technology to prevent equivocation, however, have to download the entire blockchain for verification purposes. These files are huge, so one would have to download 110 gigabytes or more of data. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">In contrast, verifying a transaction on Catena would require one to download only about 40 megabytes of data, a task that could be accomplished on a smartphone.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cOur idea is so simple \u2014 it\u2019s embarrassingly simple,\u201d Tomescu said in a statement. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">Bitcoin technology is designed to prevent anyone from spending the same bitcoin in more than one place. Catena builds on that by simply requiring every bitcoin transaction to be accompanied by an actual bitcoin transfer, <\/span><i><span style=\"font-weight: 400;\">even if the transfer is to oneself<\/span><\/i><span style=\"font-weight: 400;\">, so it precludes anyone from transferring the same bitcoin to someone else in the same block of the blockchain. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Catena requirement thus precludes equivocation within the block. Catena users then need download only a small portion of data (about 600 bytes) for each block as cryptographic proof.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The idea behind Catena may appear simple with hindsight, but wasn\u2019t so easy to accomplish. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">Tomescu told TUN that he conceived of the <\/span><span style=\"font-weight: 400;\">idea in early May 2016 but put it to the side for a couple of months. He picked up the idea two months later and began to think about how he would code it. He finally started coding in August and, although he was busy, managed to make the November paper submission deadline for the IEEE Symposium on Security and Privacy.<\/span><\/p>\n<h5><span style=\"color: #333333;\"><b>Conclusion<\/b><\/span><\/h5>\n<p><span style=\"font-weight: 400;\">While the main reason behind Catena <\/span><span style=\"font-weight: 400;\">is the prevention of equivocation in compromised online services, Tomescu and Devadas hope that their new system can be adopted by secure messaging apps, such as WhatsApp and Signal, or public-key directories like Keybase, to give end users stronger guarantees about non-equivocation. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">Catena can also be used to help vendors detect if malicious software binaries have been posted online in their name.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Catena\u2019s success lies in its efficiency. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201c<\/span><span style=\"font-weight: 400;\">Catena represents a simple way to deter online services from lying: just make all statements publicly visible and then lies are evident,\u201d Devadas told TUN. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cThe idea of using Bitcoin to do this is not new, but Catena shows how to discover lying efficiently, and this makes for greater deterrence. We hope Catena will be adopted by public-key directories in the near future.\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Tomescu is in complete agreement with his thesis advisor. <\/span><\/p>\n<p>\u201c<b>People have been using Bitcoin for this in the past and our project, Catena, shows a way to do it very efficiently, so that you can verify no fake public keys have been certified for you via your mobile phone<\/b>,\u201d<b> <\/b>Tomescu told TUN.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>MIT researchers have designed a solution to prevent online identity theft, using bitcoin blockchain technology. The system is called Catena, and the researchers are Alin Tomescu, a graduate student in electrical engineering and computer science and first author on the paper, and his thesis advisor Srini Devadas, the Edwin Sibley Webster Professor of Electrical Engineering [&hellip;]<\/p>\n","protected":false},"author":12,"featured_media":20096,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_uag_custom_page_level_css":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[627,231,232,376,629,230,229],"tags":[],"class_list":["post-19954","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blockchain","category-campus-news","category-technology","category-massachusetts-institute-of-technology","category-security","category-news","category-lead-stories"],"aioseo_notices":[],"uagb_featured_image_src":{"full":["https:\/\/www.tun.com\/blog\/wp-content\/uploads\/2017\/05\/bitcoin-blockhain-mit.jpg",830,533,false],"thumbnail":["https:\/\/www.tun.com\/blog\/wp-content\/uploads\/2017\/05\/bitcoin-blockhain-mit-224x144.jpg",224,144,true],"medium":["https:\/\/www.tun.com\/blog\/wp-content\/uploads\/2017\/05\/bitcoin-blockhain-mit-300x193.jpg",300,193,true],"medium_large":["https:\/\/www.tun.com\/blog\/wp-content\/uploads\/2017\/05\/bitcoin-blockhain-mit.jpg",830,533,false],"large":["https:\/\/www.tun.com\/blog\/wp-content\/uploads\/2017\/05\/bitcoin-blockhain-mit.jpg",830,533,false],"1536x1536":["https:\/\/www.tun.com\/blog\/wp-content\/uploads\/2017\/05\/bitcoin-blockhain-mit.jpg",830,533,false],"2048x2048":["https:\/\/www.tun.com\/blog\/wp-content\/uploads\/2017\/05\/bitcoin-blockhain-mit.jpg",830,533,false]},"uagb_author_info":{"display_name":"Susan Chu","author_link":"https:\/\/www.tun.com\/blog\/author\/susan-chu\/"},"uagb_comment_info":0,"uagb_excerpt":"MIT researchers have designed a solution to prevent online identity theft, using bitcoin blockchain technology. The system is called Catena, and the researchers are Alin Tomescu, a graduate student in electrical engineering and computer science and first author on the paper, and his thesis advisor Srini Devadas, the Edwin Sibley Webster Professor of Electrical Engineering&hellip;","featured_media_src_url":"https:\/\/www.tun.com\/blog\/wp-content\/uploads\/2017\/05\/bitcoin-blockhain-mit.jpg","_links":{"self":[{"href":"https:\/\/www.tun.com\/blog\/wp-json\/wp\/v2\/posts\/19954","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tun.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tun.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tun.com\/blog\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tun.com\/blog\/wp-json\/wp\/v2\/comments?post=19954"}],"version-history":[{"count":0,"href":"https:\/\/www.tun.com\/blog\/wp-json\/wp\/v2\/posts\/19954\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tun.com\/blog\/wp-json\/wp\/v2\/media\/20096"}],"wp:attachment":[{"href":"https:\/\/www.tun.com\/blog\/wp-json\/wp\/v2\/media?parent=19954"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tun.com\/blog\/wp-json\/wp\/v2\/categories?post=19954"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tun.com\/blog\/wp-json\/wp\/v2\/tags?post=19954"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}