Master's Thesis Jan Felix Hoops

Threat Analysis, Evaluation, and Mitigation for Smart Contracts Endorsed by TLS/SSL Certificates

Although the popularity of smart contract-based platforms, such as Ethereum, is everincreasing, there is still no widespread measure in place to securely associate a smart contract with a real-world entity. This inability for users to verify their counterparty in a transaction leaves room for human error and malicious actors to cause significant damage. For example, an attacker could compromise a website and replace the account address listed there with one of their own. Users subsequently would send their funds to the attacker rather than the intended recipient, losing their funds irrevocably. Gallersdörfer et al. propose TLS-endorsed smart contracts (TeSC) to address this problem. TeSC creates verifiable bindings between domain names and smart contracts. These bindings can only be created by the owner of a domain and its corresponding TLS certificate, allowing users to be aware of who they interact with. In the first part of this work, we explore TeSC’s impact on smart contract attacks. In this process, we identify and evaluate possible attacks against TeSC, concluding that it provides a valuable security benefit. However, one of the more dangerous possible attacks is typosquatting, a malicious practice relying on visual similarity of domain names. We address this threat by introducing a new component to TeSC, which can heuristically detect if a user is interacting with a typosquatting domain during binding verification. This allows front-end software, such as wallet software, to warn the user of the potentially unintended transaction recipient before issuing the transaction to the network. Thus, the component can reduce the chance of loss of funds. We design, implement and evaluate this component in the second part of this work. Due to the large variety of typo-generation models used by attackers to generate typosquatting domains, it is difficult to detect them without large amounts of metrics or context information. As this component has to run client-side, it is also limited in the amount of data that can be stored and processed locally. We address these challenges by using a comparative detection approach based on string similarity. The component uses a two-stage process to maximize efficiency. First, the input domain is paired with domains chosen from an internally maintained reference list, and each of these pairs is evaluated by a neural network to detect possible cases of typosquatting. Second, possible cases are further evaluated using additional information to come to a final verdict. Only at this point does the component access any external resources, such as the domain name system. Evaluation results are promising with f 1 = 0.995 and suggest effective typosquatting detection capability with an exceedingly low rate of false positives at 0.0000375. We do acknowledge that our test data is likely to produce optimistic results but are confident that real-world performance will not be significantly worse.