SlideShare a Scribd company logo

[CB20] -U25 Ethereum 2.0 Security by Naoya Okanami

CODE BLUE
CODE BLUE

Ethereum 2.0 is a major upgrade to improve the performance of Ethereum. It will increase transaction processing capacity and alleviate the problem of fees, which have been rising to the point where millions of dollars are spent every day. In this talk, I explain how Ethereum 2.0 can be secured as the next generation of decentralized application platforms and present the research we are working on as part of that effort. First, I talk about technologies to improve security, including client diversity, fuzzing using multiple clients, and the fee market protocol EIP-1559. Second, I introduce Shargri-La, a protocol development support software we are developing (*), a simulator that helps researchers and developers quickly test protocol hypotheses to improve the performance and security of Ethereum 2.0. It simulates state transitions at the transaction level of granularity in "sharding," a technique that divides the blockchain into multiple pieces. Finally, I present the results of multi-agent simulations under EIP-1559 by modeling users' selfish behaviors and show possible future problems and mitigation solutions.

Presentations & Public Speaking
1 of 60
Download to read offline
Ethereum 2.0 Security Naoya Okanami
Who Am I? ● Naoya Okanami, also known as minaminao. ● LayerX Labs Researcher, 2019-. ● Master's Program, University of Tsukuba, 2020-. ● IPA MITOU Program 2020 ● CTF Team: ./Vespiary
Agenda ● Ethereum 2.0 Overview ● Ethereum 2.0 Security ● Shargri-La Overview ● Analysis of EIP-1559 and ETH Transfers ● Future Work of Shargri-La
Ethereum 2.0 Overview
● Factor: Decentralized Finance (DeFi) ● Limits the applications ● Bad for UX and security ● Increasing throughput is required. Today’s Fee
What is Ethereum 2.0? A major upgrade to the Ethereum network, improving scalablity and security ● Phase 0: Staking ○ Scheduled to launch in November! ● Phase 1: Sharding (saving data only) ● Phase 1.5: Move the Eth1 chain into an Eth2 shard chain ● Phase 2: Sharding (state execution)
Sharding Split into multiple blockchains for improving its performance Shard 1 Shard 2 Shard 3
Beacon Chain provides random numbers Shard Chain provides data Shard 64 B1 B2 B3 B4 B5 VM provides state execution result Shard 1 Main Chain provides staking B1 state root B2 state root B3 state root B4 state root B5 state root
Ethereum 2.0 Security
Client Diversity Ethereum 2.0 Clients ● Prysm (Go) ● Lighthouse (Rust) ● Nimbus (Nim) ● Lodestar (TypeScript) ● Teku (Java) If one client is down, the others survive.
Client Diversity https://medium.com/prysmatic-labs/eth2-medalla-testnet-incident-f7fbc3cc934a
beacon-fuzz: A differential fuzzer for Ethereum 2.0 https://github.com/sigp/beacon-fuzz
EIP-1559: Fee market change ● An improved scheme for the first price auction currently used by Ethereum (same for Bitcoin) ● EIP-1559 introduces a dynamic minimum gas prce, “basefee”. ● The basefee is adjusted to transaction demand. ● Highly likely to be introduced in Ethereum 2.0
EIP-1559: Fee market change Strategic issues in 1559
EIP-1559: Fee market change Strategic issues in 1559
Shargri-La A Transaction-level Sharded Blockchain Simulator
What is Shargri-La? A Transaction-level Sharded Blockchain Simulator Shard 1 Shard 2 Shard 3
Simulation Targets Transaction-level P2P Consensus User Behaviour Smart Contracts Virtual Machine
● Is the protocol working as it's supposed to? ● Isn't the protocol working because of the user's behavior? ● Isn't there some kind of attack method? ● Which algorithm is more suitable? ● What are the optimal parameters? ● ... ● Doesn't cross-shard TX make the UX worse? ● How many shards should a user watch? ● What happens if the load is concentrated on a particular shard? Issues that can be solved with Shargri-La Solved!!
Current Progress: Version 0.1.0 Released! https://github.com/shargri-la/shargri-la
Current Progress: Version 0.1.0 Released! https://ethresear.ch/t/shargri-la-a-transaction-level-sharded-blockchain-simulator/7936
Current Progress: Version 0.1.0 Released! ● The core of the simulator is written in Rust ● The graph visualization is written in Python (Matplotlib, Pandas)
Version 0.1.0 Analysis of EIP-1559 and ETH Transfers
Overview
UserGraph: A Transaction Demand Model
Simulation Settings ● The number of shards: 64 ● The number of users: 10,000 ● A user will move the shard every 100 slots. ● UserGraph parameters are set by uniform random numbers.
ETH Transfers ● We assume that all the on-chain activities are only the transfers of ETH. ● We didn't implement virtual machine that runs smart contracts to avoid increasing complexity.
Cost-reducing Wallet ● The hypothesis that we have had since the beginning of our research: "Users periodically change the shards they use to avoid the increased costs of cross-shard transactions.” ● We assume that this user behavior is accomplished by the user’s "wallet".
Experiment 1: No user switches shards.
Experiment 2: A minority of users switch shards with the minimum selection.
Experiment 2: A minority of users switch shards with the minimum selection.
Experiment 2: A minority of users switch shards with the minimum selection.
Experiment 2: A minority of users switch shards with the minimum selection.
Experiment 2: A minority of users switch shards with the minimum selection.
Experiment 3: A majority of users switch shards with the minimum selection.
Experiment 3: A majority of users switch shards with the minimum selection.
Experiment 3: A majority of users switch shards with the minimum selection.
Experiment 3: A majority of users switch shards with the minimum selection.
Experiment 3: A majority of users switch shards with the minimum selection. ● Users rush to the minimum fee shard. ● Stuck transactions occurs. ● It's not a good algorithm (and phenomenon) for users.
Experiment 4: A majority of users switch shards with weighted random selection.
Experiment 4: A majority of users switch shards with weighted random selection.
Experiment 4: A majority of users switch shards with weighted random selection.
Experiment 4: A majority of users switch shards with weighted random selection.
Experiment 4: A majority of users switch shards with weighted random selection.
Experiment 4: A majority of users switch shards with weighted random selection. ● Users rush to the minimum fee shard. ● Stuck transactions occurs. ● It's not a good algorithm for users.
Experiment 5: Switchers with the minimum selection, switchers with the weighted random selection, and non-switchers co-exist.
Experiment 6: An extremely popular user exists.
Experiment 6: An extremely popular user exists.
Future Work of Shargri-La
Phase 1/1.5 Data Fee Market ● Ethereum 2.0 Phase 0 is scheduled to launch in November. ● Phase 1 (sharding as a data layer) research is required. ● A EIP-1559-like data fee market is supposed for Phase 1.
Q&A
Appendix
Comparison With Similar Systems Simulation Targets Architecture P2P (Layer 0) Consensus (Layer 1) User, TX (Layer 1.5+) Sharding shardSim ◯ ◯ ☓ ◯ SimBlock ◯ ◯ ☓ ☓ VIBES ◯ ◯ ☓ ☓ Bitcoin-Simulator (ns-3 based) ◯ ◯ ☓ ☓ Shargri-La ☓ ☓ ◯ ◯
Blockchain ・・・ ・・・
Scalability ● Validators have and process the same blockchain data locally. ● It's not parallel processing, so it doesn't scale with more validators.
Cross-shard Transactions
Academic Sharding Research Year Paper Title Conference 2016 A Secure Sharding Protocol For Open Blockchains CCS 2016 2017 OmniLedger: A Secure, Scale-Out, Decentralized Ledger via Sharding S&P 2018 Chainspace: A Sharded Smart Contracts Platform NDSS 2018 2018 RapidChain: Scaling Blockchain via Full Sharding CCS 2018 Towards Scaling Blockchain Systems via Sharding SIGMOD 2019 2019 Monoxide: Scale Out Blockchain with Asynchronous Consensus Zones NSDI 2019 etc.
“Week in Ethereum News” https://weekinethereumnews.com/week-in-ethereum-news-september-6-2020/
“What’s New in Eth2” https://hackmd.io/@benjaminion/eth2_news/https%3A%2F%2Fhackmd.io%2F%40benjaminion%2Fwnie2_200905
Feedback by Other Resercher

Recommended

Impromptu ideas in respect of v2 v and other
Impromptu ideas in respect of v2 v and otherImpromptu ideas in respect of v2 v and other
Impromptu ideas in respect of v2 v and otherHarshit Srivastava
 
A research-oriented introduction to the cryptographic currencies (starting wi...
A research-oriented introduction to the cryptographic currencies (starting wi...A research-oriented introduction to the cryptographic currencies (starting wi...
A research-oriented introduction to the cryptographic currencies (starting wi...vpnmentor
 
Eth cc --eth2-tests-and-implementation
Eth cc --eth2-tests-and-implementationEth cc --eth2-tests-and-implementation
Eth cc --eth2-tests-and-implementationBruno Skvorc
 
Layer Hack: AltLayer Workshop
Layer Hack: AltLayer WorkshopLayer Hack: AltLayer Workshop
Layer Hack: AltLayer WorkshopTinaBregovi
 
Linux rt in financial markets
Linux rt in financial marketsLinux rt in financial markets
Linux rt in financial marketsAdrien Mahieux
 
How to use mtr 2
How to use mtr 2How to use mtr 2
How to use mtr 2Eduardo Narvaez
 
Internet of things - what is really happening
Internet of things - what is really happeningInternet of things - what is really happening
Internet of things - what is really happeningThor Henning Hetland
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )Kashyap Mandaliya
 

Recommended

Impromptu ideas in respect of v2 v and other
Impromptu ideas in respect of v2 v and otherImpromptu ideas in respect of v2 v and other
Impromptu ideas in respect of v2 v and otherHarshit Srivastava
 
A research-oriented introduction to the cryptographic currencies (starting wi...
A research-oriented introduction to the cryptographic currencies (starting wi...A research-oriented introduction to the cryptographic currencies (starting wi...
A research-oriented introduction to the cryptographic currencies (starting wi...vpnmentor
 
Eth cc --eth2-tests-and-implementation
Eth cc --eth2-tests-and-implementationEth cc --eth2-tests-and-implementation
Eth cc --eth2-tests-and-implementationBruno Skvorc
 
Layer Hack: AltLayer Workshop
Layer Hack: AltLayer WorkshopLayer Hack: AltLayer Workshop
Layer Hack: AltLayer WorkshopTinaBregovi
 
Linux rt in financial markets
Linux rt in financial marketsLinux rt in financial markets
Linux rt in financial marketsAdrien Mahieux
 
How to use mtr 2
How to use mtr 2How to use mtr 2
How to use mtr 2Eduardo Narvaez
 
Internet of things - what is really happening
Internet of things - what is really happeningInternet of things - what is really happening
Internet of things - what is really happeningThor Henning Hetland
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )Kashyap Mandaliya
 
IRJET- Criminal Recognization in CCTV Surveillance Video
IRJET- Criminal Recognization in CCTV Surveillance VideoIRJET- Criminal Recognization in CCTV Surveillance Video
IRJET- Criminal Recognization in CCTV Surveillance VideoIRJET Journal
 
IT Monitoring in the Era of Containers | Luca Deri Founder & Project Lead | ntop
IT Monitoring in the Era of Containers | Luca Deri Founder & Project Lead | ntopIT Monitoring in the Era of Containers | Luca Deri Founder & Project Lead | ntop
IT Monitoring in the Era of Containers | Luca Deri Founder & Project Lead | ntopInfluxData
 
Quantstamp Report - LINKSWAP
Quantstamp Report - LINKSWAPQuantstamp Report - LINKSWAP
Quantstamp Report - LINKSWAPRoy Blackstone
 
Securing IoT Applications
Securing IoT Applications Securing IoT Applications
Securing IoT Applications WSO2
 
Building a Database for the End of the World
Building a Database for the End of the WorldBuilding a Database for the End of the World
Building a Database for the End of the Worldjhugg
 
Automating the Hunt for Non-Obvious Sources of Latency Spreads
Automating the Hunt for Non-Obvious Sources of Latency SpreadsAutomating the Hunt for Non-Obvious Sources of Latency Spreads
Automating the Hunt for Non-Obvious Sources of Latency SpreadsScyllaDB
 
Tears for quantum fears
Tears for quantum fearsTears for quantum fears
Tears for quantum fearsMark Carney
 
The wandering token
The wandering tokenThe wandering token
The wandering tokenAugusto Ciuffoletti
 
Abstract
AbstractAbstract
AbstractMalek Mhedhebi
 
IRJET - Network Traffic Monitoring and Botnet Detection using K-ANN Algorithm
IRJET - Network Traffic Monitoring and Botnet Detection using K-ANN AlgorithmIRJET - Network Traffic Monitoring and Botnet Detection using K-ANN Algorithm
IRJET - Network Traffic Monitoring and Botnet Detection using K-ANN AlgorithmIRJET Journal
 
Intro
IntroIntro
IntroMohamed Rayan
 
Bitcoin Price Prediction
Bitcoin Price PredictionBitcoin Price Prediction
Bitcoin Price PredictionKadambini Indurkar
 
Botnets behavioral patterns in the network. A Machine Learning study of botne...
Botnets behavioral patterns in the network. A Machine Learning study of botne...Botnets behavioral patterns in the network. A Machine Learning study of botne...
Botnets behavioral patterns in the network. A Machine Learning study of botne...Czech Technical University in Prague
 
Netsim experiment manual
Netsim experiment manualNetsim experiment manual
Netsim experiment manualparvathy Mookambiga
 
Implementation of Spanning Tree Protocol using ns-3
Implementation of Spanning Tree Protocol using ns-3Implementation of Spanning Tree Protocol using ns-3
Implementation of Spanning Tree Protocol using ns-3Naishil Shah
 
Low latency in java 8 v5
Low latency in java 8 v5Low latency in java 8 v5
Low latency in java 8 v5Peter Lawrey
 
An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer ...
An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer ...An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer ...
An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer ...James Salter
 
When DevOps and Networking Intersect by Brent Salisbury of socketplane.io
When DevOps and Networking Intersect by Brent Salisbury of socketplane.ioWhen DevOps and Networking Intersect by Brent Salisbury of socketplane.io
When DevOps and Networking Intersect by Brent Salisbury of socketplane.ioDevOps4Networks
 
DECENTRALIZED BLOCKCHAIN SERVICES USING CARDANO NETWORK
DECENTRALIZED BLOCKCHAIN SERVICES USING CARDANO NETWORKDECENTRALIZED BLOCKCHAIN SERVICES USING CARDANO NETWORK
DECENTRALIZED BLOCKCHAIN SERVICES USING CARDANO NETWORKIRJET Journal
 
IRJET- Note to Coin Exchanger
IRJET- Note to Coin ExchangerIRJET- Note to Coin Exchanger
IRJET- Note to Coin ExchangerIRJET Journal
 
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...CODE BLUE
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten NohlCODE BLUE
 

More Related Content

Similar to [CB20] -U25 Ethereum 2.0 Security by Naoya Okanami

IRJET- Criminal Recognization in CCTV Surveillance Video
IRJET- Criminal Recognization in CCTV Surveillance VideoIRJET- Criminal Recognization in CCTV Surveillance Video
IRJET- Criminal Recognization in CCTV Surveillance VideoIRJET Journal
 
IT Monitoring in the Era of Containers | Luca Deri Founder & Project Lead | ntop
IT Monitoring in the Era of Containers | Luca Deri Founder & Project Lead | ntopIT Monitoring in the Era of Containers | Luca Deri Founder & Project Lead | ntop
IT Monitoring in the Era of Containers | Luca Deri Founder & Project Lead | ntopInfluxData
 
Quantstamp Report - LINKSWAP
Quantstamp Report - LINKSWAPQuantstamp Report - LINKSWAP
Quantstamp Report - LINKSWAPRoy Blackstone
 
Securing IoT Applications
Securing IoT Applications Securing IoT Applications
Securing IoT Applications WSO2
 
Building a Database for the End of the World
Building a Database for the End of the WorldBuilding a Database for the End of the World
Building a Database for the End of the Worldjhugg
 
Automating the Hunt for Non-Obvious Sources of Latency Spreads
Automating the Hunt for Non-Obvious Sources of Latency SpreadsAutomating the Hunt for Non-Obvious Sources of Latency Spreads
Automating the Hunt for Non-Obvious Sources of Latency SpreadsScyllaDB
 
Tears for quantum fears
Tears for quantum fearsTears for quantum fears
Tears for quantum fearsMark Carney
 
IRJET - Network Traffic Monitoring and Botnet Detection using K-ANN Algorithm
IRJET - Network Traffic Monitoring and Botnet Detection using K-ANN AlgorithmIRJET - Network Traffic Monitoring and Botnet Detection using K-ANN Algorithm
IRJET - Network Traffic Monitoring and Botnet Detection using K-ANN AlgorithmIRJET Journal
 
Botnets behavioral patterns in the network. A Machine Learning study of botne...
Botnets behavioral patterns in the network. A Machine Learning study of botne...Botnets behavioral patterns in the network. A Machine Learning study of botne...
Botnets behavioral patterns in the network. A Machine Learning study of botne...Czech Technical University in Prague
 
Implementation of Spanning Tree Protocol using ns-3
Implementation of Spanning Tree Protocol using ns-3Implementation of Spanning Tree Protocol using ns-3
Implementation of Spanning Tree Protocol using ns-3Naishil Shah
 
Low latency in java 8 v5
Low latency in java 8 v5Low latency in java 8 v5
Low latency in java 8 v5Peter Lawrey
 
An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer ...
An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer ...An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer ...
An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer ...James Salter
 
When DevOps and Networking Intersect by Brent Salisbury of socketplane.io
When DevOps and Networking Intersect by Brent Salisbury of socketplane.ioWhen DevOps and Networking Intersect by Brent Salisbury of socketplane.io
When DevOps and Networking Intersect by Brent Salisbury of socketplane.ioDevOps4Networks
 
DECENTRALIZED BLOCKCHAIN SERVICES USING CARDANO NETWORK
DECENTRALIZED BLOCKCHAIN SERVICES USING CARDANO NETWORKDECENTRALIZED BLOCKCHAIN SERVICES USING CARDANO NETWORK
DECENTRALIZED BLOCKCHAIN SERVICES USING CARDANO NETWORKIRJET Journal
 
IRJET- Note to Coin Exchanger
IRJET- Note to Coin ExchangerIRJET- Note to Coin Exchanger
IRJET- Note to Coin ExchangerIRJET Journal
 

Similar to [CB20] -U25 Ethereum 2.0 Security by Naoya Okanami (20)

IRJET- Criminal Recognization in CCTV Surveillance Video
IRJET- Criminal Recognization in CCTV Surveillance VideoIRJET- Criminal Recognization in CCTV Surveillance Video
IRJET- Criminal Recognization in CCTV Surveillance Video
 
IT Monitoring in the Era of Containers | Luca Deri Founder & Project Lead | ntop
IT Monitoring in the Era of Containers | Luca Deri Founder & Project Lead | ntopIT Monitoring in the Era of Containers | Luca Deri Founder & Project Lead | ntop
IT Monitoring in the Era of Containers | Luca Deri Founder & Project Lead | ntop
 
Quantstamp Report - LINKSWAP
Quantstamp Report - LINKSWAPQuantstamp Report - LINKSWAP
Quantstamp Report - LINKSWAP
 
Securing IoT Applications
Securing IoT Applications Securing IoT Applications
Securing IoT Applications
 
Building a Database for the End of the World
Building a Database for the End of the WorldBuilding a Database for the End of the World
Building a Database for the End of the World
 
Automating the Hunt for Non-Obvious Sources of Latency Spreads
Automating the Hunt for Non-Obvious Sources of Latency SpreadsAutomating the Hunt for Non-Obvious Sources of Latency Spreads
Automating the Hunt for Non-Obvious Sources of Latency Spreads
 
Tears for quantum fears
Tears for quantum fearsTears for quantum fears
Tears for quantum fears
 
The wandering token
The wandering tokenThe wandering token
The wandering token
 
Abstract
AbstractAbstract
Abstract
 
IRJET - Network Traffic Monitoring and Botnet Detection using K-ANN Algorithm
IRJET - Network Traffic Monitoring and Botnet Detection using K-ANN AlgorithmIRJET - Network Traffic Monitoring and Botnet Detection using K-ANN Algorithm
IRJET - Network Traffic Monitoring and Botnet Detection using K-ANN Algorithm
 
Intro
IntroIntro
Intro
 
Bitcoin Price Prediction
Bitcoin Price PredictionBitcoin Price Prediction
Bitcoin Price Prediction
 
Botnets behavioral patterns in the network. A Machine Learning study of botne...
Botnets behavioral patterns in the network. A Machine Learning study of botne...Botnets behavioral patterns in the network. A Machine Learning study of botne...
Botnets behavioral patterns in the network. A Machine Learning study of botne...
 
Netsim experiment manual
Netsim experiment manualNetsim experiment manual
Netsim experiment manual
 
Implementation of Spanning Tree Protocol using ns-3
Implementation of Spanning Tree Protocol using ns-3Implementation of Spanning Tree Protocol using ns-3
Implementation of Spanning Tree Protocol using ns-3
 
Low latency in java 8 v5
Low latency in java 8 v5Low latency in java 8 v5
Low latency in java 8 v5
 
An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer ...
An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer ...An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer ...
An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer ...
 
When DevOps and Networking Intersect by Brent Salisbury of socketplane.io
When DevOps and Networking Intersect by Brent Salisbury of socketplane.ioWhen DevOps and Networking Intersect by Brent Salisbury of socketplane.io
When DevOps and Networking Intersect by Brent Salisbury of socketplane.io
 
DECENTRALIZED BLOCKCHAIN SERVICES USING CARDANO NETWORK
DECENTRALIZED BLOCKCHAIN SERVICES USING CARDANO NETWORKDECENTRALIZED BLOCKCHAIN SERVICES USING CARDANO NETWORK
DECENTRALIZED BLOCKCHAIN SERVICES USING CARDANO NETWORK
 
IRJET- Note to Coin Exchanger
IRJET- Note to Coin ExchangerIRJET- Note to Coin Exchanger
IRJET- Note to Coin Exchanger
 

More from CODE BLUE

[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...CODE BLUE
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten NohlCODE BLUE
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo PupilloCODE BLUE
 
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman [cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫CODE BLUE
 
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...CODE BLUE
 
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka [cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka CODE BLUE
 
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...CODE BLUE
 
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...CODE BLUE
 
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...CODE BLUE
 
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...CODE BLUE
 
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也CODE BLUE
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...CODE BLUE
 
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...CODE BLUE
 

More from CODE BLUE (20)

[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
 
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman [cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
 
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
 
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka [cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
 
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
 
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
 
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
 
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
 
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
 
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
 

Recently uploaded

RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATIONRACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATIONRachelAnnTenibroAmaz
 
Quality by design.. ppt for RA (1ST SEM
Quality by design.. ppt for RA (1ST SEMQuality by design.. ppt for RA (1ST SEM
Quality by design.. ppt for RA (1ST SEMCharmi13
 
Genshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptxGenshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptxJohnree4
 
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRRINDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRRsarwankumar4524
 
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.comSaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.comsaastr
 
Call Girls In Aerocity 🤳 Call Us +919599264170
Call Girls In Aerocity 🤳 Call Us +919599264170Call Girls In Aerocity 🤳 Call Us +919599264170
Call Girls In Aerocity 🤳 Call Us +919599264170Escort Service
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSebastiano Panichella
 
PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.
PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.
PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.KathleenAnnCordero2
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxmavinoikein
 
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSimulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSebastiano Panichella
 
Chizaram's Women Tech Makers Deck. .pptx
Chizaram's Women Tech Makers Deck. .pptxChizaram's Women Tech Makers Deck. .pptx
Chizaram's Women Tech Makers Deck. .pptxogubuikealex
 
PHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGYPHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGYpruthirajnayak525
 
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...漢銘 謝
 
Early Modern Spain. All about this period
Early Modern Spain. All about this periodEarly Modern Spain. All about this period
Early Modern Spain. All about this periodSaraIsabelJimenez
 
The Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism PresentationThe Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism PresentationNathan Young
 
Dutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
Dutch Power - 26 maart 2024 - Henk Kras - Circular PlasticsDutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
Dutch Power - 26 maart 2024 - Henk Kras - Circular PlasticsDutch Power
 
The 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringThe 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringSebastiano Panichella
 
Event 4 Introduction to Open Source.pptx
Event 4 Introduction to Open Source.pptxEvent 4 Introduction to Open Source.pptx
Event 4 Introduction to Open Source.pptxaryanv1753
 
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...Henrik Hanke
 
miladyskindiseases-200705210221 2.!!pptx
miladyskindiseases-200705210221 2.!!pptxmiladyskindiseases-200705210221 2.!!pptx
miladyskindiseases-200705210221 2.!!pptxCarrieButtitta
 

Recently uploaded (20)

RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATIONRACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
 
Quality by design.. ppt for RA (1ST SEM
Quality by design.. ppt for RA (1ST SEMQuality by design.. ppt for RA (1ST SEM
Quality by design.. ppt for RA (1ST SEM
 
Genshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptxGenshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptx
 
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRRINDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
 
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.comSaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
 
Call Girls In Aerocity 🤳 Call Us +919599264170
Call Girls In Aerocity 🤳 Call Us +919599264170Call Girls In Aerocity 🤳 Call Us +919599264170
Call Girls In Aerocity 🤳 Call Us +919599264170
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation Track
 
PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.
PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.
PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptx
 
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSimulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
 
Chizaram's Women Tech Makers Deck. .pptx
Chizaram's Women Tech Makers Deck. .pptxChizaram's Women Tech Makers Deck. .pptx
Chizaram's Women Tech Makers Deck. .pptx
 
PHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGYPHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGY
 
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
 
Early Modern Spain. All about this period
Early Modern Spain. All about this periodEarly Modern Spain. All about this period
Early Modern Spain. All about this period
 
The Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism PresentationThe Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism Presentation
 
Dutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
Dutch Power - 26 maart 2024 - Henk Kras - Circular PlasticsDutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
Dutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
 
The 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringThe 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software Engineering
 
Event 4 Introduction to Open Source.pptx
Event 4 Introduction to Open Source.pptxEvent 4 Introduction to Open Source.pptx
Event 4 Introduction to Open Source.pptx
 
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...
 
miladyskindiseases-200705210221 2.!!pptx
miladyskindiseases-200705210221 2.!!pptxmiladyskindiseases-200705210221 2.!!pptx
miladyskindiseases-200705210221 2.!!pptx
 

[CB20] -U25 Ethereum 2.0 Security by Naoya Okanami

  • 2. Who Am I? ● Naoya Okanami, also known as minaminao. ● LayerX Labs Researcher, 2019-. ● Master's Program, University of Tsukuba, 2020-. ● IPA MITOU Program 2020 ● CTF Team: ./Vespiary
  • 3. Agenda ● Ethereum 2.0 Overview ● Ethereum 2.0 Security ● Shargri-La Overview ● Analysis of EIP-1559 and ETH Transfers ● Future Work of Shargri-La
  • 5. ● Factor: Decentralized Finance (DeFi) ● Limits the applications ● Bad for UX and security ● Increasing throughput is required. Today’s Fee
  • 6. What is Ethereum 2.0? A major upgrade to the Ethereum network, improving scalablity and security ● Phase 0: Staking ○ Scheduled to launch in November! ● Phase 1: Sharding (saving data only) ● Phase 1.5: Move the Eth1 chain into an Eth2 shard chain ● Phase 2: Sharding (state execution)
  • 7. Sharding Split into multiple blockchains for improving its performance Shard 1 Shard 2 Shard 3
  • 8. Beacon Chain provides random numbers Shard Chain provides data Shard 64 B1 B2 B3 B4 B5 VM provides state execution result Shard 1 Main Chain provides staking B1 state root B2 state root B3 state root B4 state root B5 state root
  • 10. Client Diversity Ethereum 2.0 Clients ● Prysm (Go) ● Lighthouse (Rust) ● Nimbus (Nim) ● Lodestar (TypeScript) ● Teku (Java) If one client is down, the others survive.
  • 12. beacon-fuzz: A differential fuzzer for Ethereum 2.0 https://github.com/sigp/beacon-fuzz
  • 13. EIP-1559: Fee market change ● An improved scheme for the first price auction currently used by Ethereum (same for Bitcoin) ● EIP-1559 introduces a dynamic minimum gas prce, “basefee”. ● The basefee is adjusted to transaction demand. ● Highly likely to be introduced in Ethereum 2.0
  • 14. EIP-1559: Fee market change Strategic issues in 1559
  • 15. EIP-1559: Fee market change Strategic issues in 1559
  • 17. What is Shargri-La? A Transaction-level Sharded Blockchain Simulator Shard 1 Shard 2 Shard 3
  • 19. ● Is the protocol working as it's supposed to? ● Isn't the protocol working because of the user's behavior? ● Isn't there some kind of attack method? ● Which algorithm is more suitable? ● What are the optimal parameters? ● ... ● Doesn't cross-shard TX make the UX worse? ● How many shards should a user watch? ● What happens if the load is concentrated on a particular shard? Issues that can be solved with Shargri-La Solved!!
  • 20. Current Progress: Version 0.1.0 Released! https://github.com/shargri-la/shargri-la
  • 21. Current Progress: Version 0.1.0 Released! https://ethresear.ch/t/shargri-la-a-transaction-level-sharded-blockchain-simulator/7936
  • 22. Current Progress: Version 0.1.0 Released! ● The core of the simulator is written in Rust ● The graph visualization is written in Python (Matplotlib, Pandas)
  • 23. Version 0.1.0 Analysis of EIP-1559 and ETH Transfers
  • 25. UserGraph: A Transaction Demand Model
  • 26. Simulation Settings ● The number of shards: 64 ● The number of users: 10,000 ● A user will move the shard every 100 slots. ● UserGraph parameters are set by uniform random numbers.
  • 27. ETH Transfers ● We assume that all the on-chain activities are only the transfers of ETH. ● We didn't implement virtual machine that runs smart contracts to avoid increasing complexity.
  • 28. Cost-reducing Wallet ● The hypothesis that we have had since the beginning of our research: "Users periodically change the shards they use to avoid the increased costs of cross-shard transactions.” ● We assume that this user behavior is accomplished by the user’s "wallet".
  • 29. Experiment 1: No user switches shards.
  • 30. Experiment 2: A minority of users switch shards with the minimum selection.
  • 31. Experiment 2: A minority of users switch shards with the minimum selection.
  • 32. Experiment 2: A minority of users switch shards with the minimum selection.
  • 33. Experiment 2: A minority of users switch shards with the minimum selection.
  • 34. Experiment 2: A minority of users switch shards with the minimum selection.
  • 35. Experiment 3: A majority of users switch shards with the minimum selection.
  • 36. Experiment 3: A majority of users switch shards with the minimum selection.
  • 37. Experiment 3: A majority of users switch shards with the minimum selection.
  • 38. Experiment 3: A majority of users switch shards with the minimum selection.
  • 39. Experiment 3: A majority of users switch shards with the minimum selection. ● Users rush to the minimum fee shard. ● Stuck transactions occurs. ● It's not a good algorithm (and phenomenon) for users.
  • 40. Experiment 4: A majority of users switch shards with weighted random selection.
  • 41. Experiment 4: A majority of users switch shards with weighted random selection.
  • 42. Experiment 4: A majority of users switch shards with weighted random selection.
  • 43. Experiment 4: A majority of users switch shards with weighted random selection.
  • 44. Experiment 4: A majority of users switch shards with weighted random selection.
  • 45. Experiment 4: A majority of users switch shards with weighted random selection. ● Users rush to the minimum fee shard. ● Stuck transactions occurs. ● It's not a good algorithm for users.
  • 46. Experiment 5: Switchers with the minimum selection, switchers with the weighted random selection, and non-switchers co-exist.
  • 47. Experiment 6: An extremely popular user exists.
  • 48. Experiment 6: An extremely popular user exists.
  • 49. Future Work of Shargri-La
  • 50. Phase 1/1.5 Data Fee Market ● Ethereum 2.0 Phase 0 is scheduled to launch in November. ● Phase 1 (sharding as a data layer) research is required. ● A EIP-1559-like data fee market is supposed for Phase 1.
  • 51. Q&A
  • 53. Comparison With Similar Systems Simulation Targets Architecture P2P (Layer 0) Consensus (Layer 1) User, TX (Layer 1.5+) Sharding shardSim ◯ ◯ ☓ ◯ SimBlock ◯ ◯ ☓ ☓ VIBES ◯ ◯ ☓ ☓ Bitcoin-Simulator (ns-3 based) ◯ ◯ ☓ ☓ Shargri-La ☓ ☓ ◯ ◯
  • 55. Scalability ● Validators have and process the same blockchain data locally. ● It's not parallel processing, so it doesn't scale with more validators.
  • 57. Academic Sharding Research Year Paper Title Conference 2016 A Secure Sharding Protocol For Open Blockchains CCS 2016 2017 OmniLedger: A Secure, Scale-Out, Decentralized Ledger via Sharding S&P 2018 Chainspace: A Sharded Smart Contracts Platform NDSS 2018 2018 RapidChain: Scaling Blockchain via Full Sharding CCS 2018 Towards Scaling Blockchain Systems via Sharding SIGMOD 2019 2019 Monoxide: Scale Out Blockchain with Asynchronous Consensus Zones NSDI 2019 etc.
  • 58. “Week in Ethereum News” https://weekinethereumnews.com/week-in-ethereum-news-september-6-2020/
  • 59. “What’s New in Eth2” https://hackmd.io/@benjaminion/eth2_news/https%3A%2F%2Fhackmd.io%2F%40benjaminion%2Fwnie2_200905
  • 60. Feedback by Other Resercher