Augmenting the MetaMask-Wallet with Domain Name based Authentication of Ethereum Accounts

Abstract

This thesis proposes a concept to augment the wallet application MetaMask with a domain name based authentication. Today, users have to resort to manual methods to assert the receiver's legitimacy for a transaction in Ethereum. These cumbersome approaches expose users to the risk of transferring ether to the wrong address due to individual errors or targeted attacks. We expect the authenticating wallet to enhance the user's security. Our authentication approach adopts the concept TLS endorsed Smart Contracts (TeSC), which builds upon the existing TLS/SSL infrastructure. This approach decreases bootstrapping issues because it uses an already existing system of trust propagation. We analyze another TLS/SSL adopter to formulate design principles: the browser, which authenticates website owners with TLS/SSL certificates. Based on this analysis, we propose a design concept for MetaMask to communicate the authentication state. Furthermore, we develop an algorithm to facilitate authentication based on TeSC. We demonstrate that such a concept is technically feasible. The results of a usability study show significant improvement in the user's ability to judge the legitimacy of an Ethereum address.