Hands-On Cybersecurity with Blockchain E-Book

Hands-On Cybersecurity with Blockchain

Copyright © 2018 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Gebin GeorgeAcquisition Editor: Rohit RajkumarContent Development Editor: Ronn KurienTechnical Editor: Swathy MohanCopy Editors: Safis Editing, Dipti MankameProject Coordinator: Judie JoseProofreader: Safis EditingIndexer: Aishwarya GangawaneGraphics: Tom ScariaProduction Coordinator: Shantanu Zagade

First published: June 2018

Production reference: 1280618

Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK.

ISBN 978-1-78899-018-9

www.packtpub.com

Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

Why subscribe?

Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals

Improve your learning with Skill Plans built especially for you

Get a free eBook or video every month

Mapt is fully searchable

Copy and paste, print, and bookmark content

PacktPub.com

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.

Contributors

About the author

Rajneesh Gupta is a cybersecurity and blockchain expert with a proven track record of helping organizations to build a strong cybersecurity solutions. He is an experienced innovator as well as a creative and strategic thinker.Cited in Insights Success as one of the most trusted cybersecurity leaders and recognized by CIO Review as one of the top 20 cybersecurity players, Rajneesh is a keynote speaker, and he regularly speaks at several conferences about cybersecurity, blockchain, IoT, secure governance, and cyberwarfare.

About the reviewer

Gautam Kumawat is world's youngest cybercrime investigator and self-trained cybersecurity expert. He is helping various prestigious institutions, such as state police, Central Bureau of Investigation, DoD, and the Indian army, training officials and solving complex cybercrime cases.  He has also given training to the New York Police Department and Interpol.

His expertise in the cybersecurity industry markedly exceeds the standard number of security assessments, audits, governance, incident response, and forensic projects with big fortune companies.

Packt is searching for authors like you

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

Table of Contents

Title Page

Copyright and Credits

Hands-On Cybersecurity with Blockchain

Packt Upsell

Why subscribe?

PacktPub.com

Contributors

About the author

About the reviewer

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Get in touch

Reviews

Disclaimer

Cyber Threat Landscape and Security Challenges

Current threat landscape

Ransomware

The monetization of hacking 

WannaCry

NotPetya

SimpleLocker

TeslaCrypt

CryptoLocker

PC Cyborg

Distributed denial-of-service (DDoS) attacks

From script kiddies to geo-political

Ease of launching a DDoS

Top targeted countries

Insider threats

Some more ways to define insider threats

Insider threat profile

Data breaches

Notable recent data breaches

Impact of data breaches

Advanced persistence threat (APT)

What makes APT so different?

Defender perspectives

Government

The United States (US)

The United Kingdom (UK)

Europe

India

Corporate

Endpoint detection and response (EDR)

Deception technology

Cyber threat intelligence (CTI)

Live attack execution

Emerging security challenges

Summary

Questions

Further reading

Security Must Evolve

The security ecosystem 

The zero-trust approach

The assume breach approach

Evolution at the foundation layer

Summary

Questions 

Further reading 

Introducing Blockchain and Ethereum

What is blockchain?

A brief history

Fundamentals of the blockchain

Who is using blockchain and how?

Internet versus blockchain

IP packet versus block

Web app versus dApp

How it works?

The building blocks of blockchain

Block

Cryptography – digital signature and hashing algorithm

Consensus – the core of blockchain

Ethereum

History

What is Ethereum?

Smart contract

EVM

Gas

dApp

Private versus public blockchain

Public blockchain

Private blockchain

Business adaptation

Summary

Questions

Further reading

Hyperledger – Blockchain for Businesses

Technical requirements

Hyperledger overview

Blockchain-as-a-service (BaaS)

Program goal

Architecture and core components

Hyperledger Fabric model

Hyperledeger Fabric core components

Working of Hyperledger and transaction processing

Bitcoin versus Ethereum versus Hyperledger

Hyperledger Fabric capabilities

Lab

Tuna application

Summary

Questions

Blockchain on the CIA Security Triad

What is the CIA security triad?

Confidentiality

Integrity

Availability

Understanding blockchain on confidentiality

Confidentiality in the existing model

Businesses, blockchain, and confidentiality

Achieving confidentiality with Hyperledger Fabric

Blockchain on integrity

Integrity in the current blockchain network

Block arrangement and immutability

Achieving integrity with Hyperledger

Verifying chain integrity

Understanding blockchain on availability

Availability in the current blockchain network

No single point of failure

Business and availability

Summary

Questions

Further reading

Deploying PKI-Based Identity with Blockchain

PKI

PKI in a nutshell

The evolution of PKI

Components

Asymmetric key encryption

Certificate

Certificate authority (CA)

Registration authority (RA)

Certificate repository (CR)

Architecture

Certificate life cycle

Key management

Challenges of the existing PKI model

How can blockchain help?

Decentralized infrastructure

Deployment method

Requirements 

Lab

Testing

Summary

Questions

Further reading

Two-Factor Authentication with Blockchain

What is 2FA?

Evolution of user authentication

Why 2FA?

How does it work?

Challenges

Blockchain for 2FA

How blockchain can transform 2FA?

Solution architecture

Lab

Components

Preparation

Installing Node.js

Turning up Ethereum

Turning up the smart contract

Testing and verification

Summary

Questions

Further reading

Blockchain-Based DNS Security Platform

DNS

Understanding DNS components

Namespace

Name servers

Resolver

DNS structure and hierarchy 

Root name server

Current TLD structure

Registries, registrars, and registrants

DNS records

DNS topology for large enterprise

Architecture

Challenges with current DNS 

DNS spoofing 

Blockchain-based DNS solution

X.509 PKI replacement

MITM-proof DNS infrastructure

Lab on Ethereum-based secure DNS infrastructure

Lab preparation

Namecoin blockchain installation

Installing PowerDNS

Installing DNSChain

Summary

Questions

Further reading

Deploying Blockchain-Based DDoS Protection

DDoS attacks

What is a DDoS attack?

How does it work?

Building up the botnet

Reconnaissance

Weaponization

Delivery

Exploitation 

Installation 

Command and control (C2)

Action on objectives

Types of DDoS attack

Attacks targeting network resources

User datagram protocol (UDP) flood

ICMP flood

Internet Group Management Protocol (IGMP) flood

Amplification attacks

Attacks targeting server resources

TCP SYN Flood

TCP RST attack

Secure sockets layer (SSL) based attack

Encrypted HTTP attacks

Attacks targeting application resources

DNS flooding 

Regular expression DoS attacks 

Hash collision DoS attacks

Challenges with current DDoS solutions

How blockchain can transform  DDoS protection?

Lab

Summary 

Questions

Further reading

Facts about Blockchain and Cyber Security

Decision path for blockchain

When should you use blockchain?

When should you not use blockchain?

Leader's checklist

Challenges with blockchain

The future of cyber security with blockchain

Summary

Questions

Further reading

Assessment

Chapter 1

Chapter 2

Chapter 3

Chapter 4

Chapter 5

Chapter 6

Chapter 7

Chapter 8

Chapter 9

Chapter 10

Other Books You May Enjoy

Leave a review - let other readers know what you think

Preface

Blockchain technology is being hailed as one of the most revolutionary and disruptive innovations of today. Blockchain technology was first identified in the world's most popular digital currency, Bitcoin, but now has changed the perception of several organizations and empowered them to use it even for storage and transfer of value.This book will start by introducing you to the common cyber threat landscape and common attacks, such as malware, phishing, insider threat, and DDoS. The next set of chapters will help you understand the workings of blockchain technology, Ethereum, and Hyperledger architecture, and how they fit into the cybersecurity ecosystem. These chapters will also help you write your first distributed application on Ethereum blockchain and Hyperledger Fabric framework. Later, you will learn about the security triad and its adaptation with Blockchain. The last set of chapters will take you through the core concepts of cybersecurity, such as DDoS protection, PKI-based identity, 2FA, and DNS security. You will learn how blockchain plays a crucial role in transforming cybersecurity solutions fundamentally. 

Toward the end of the book, you will learn about real-world deployment examples of blockchain in security cases, and also understand the short-term challenges and  the future of cybersecurity with blockchain.

Who this book is for

The book is targeted toward cybersecurity professionals, or any stakeholders dealing with cybersecurity who want to understand the next level of securing infrastructure using blockchain. A basic understanding of blockchain can be an added advantage.

What this book covers

Chapter 1, Cyber Threat Landscape and Security Challenges, covers the emerging global cyber threat landscape, what is making threats stronger and more sophisticated, and the defender perspective, including governments, International Security Alliance (ISA), and industry alliances, corporations, executives, Chief Security Officers (CSO), and security analysts. 

Chapter 2, Security Must Evolve, describes some serious and urgent changes in the security mindset, such as the zero-trust approach, breach acceptance, and changes in the security foundation.

Chapter 3, Introducing Blockchain and Ethereum, describes blockchain from its birth and its continuous adaption among various industries and verticals. We will also get to know how organizations are using blockchain to solve their problems.

Chapter 4, Hyperledger – Blockchain for Businesses, introduces you to the Hyperledger project, with its open source collaboration and develops a cross-industry blockchain technologies. It also provides the demonstration and deployment of dApp with Hyperledger peers.

Chapter 5, Blockchain on the CIA Security Triad, explains that any security measures are designed to protect one or more facets of the CIA triad, and therefore, it's a smart way to adapt blockchain in the underlying security foundation, such as enterprise key and certificate management, encryption, and access control.

Chapter 6, Deploying PKI-Based Identity with Blockchain, covers the real-world deployment of Blockchain in security cases with current state review, protocol implementation, architecture, structure, and API client integration.

Chapter 7, Two-Factor Authentication with Blockchain, contains insights into the components and workings of two-factor authentication. At the end, we will get to see how a decentralized two-factor authentication system can be achieved with an Ethereum blockchain.

Chapter 8, Blockchain-Based DNS Security Platform, discusses existing DNS infrastructure, challenges, and how blockchain help to build a more robust and secure decentralized DNS infrastructure.

Chapter 9, Deploying Blockchain-Based DDoS Protection, covers the impact of a DDoS attack, anatomy of a DDoS attack, challenges with existing DDoS protection solution and how an Ethereum blockchain can transform your DDoS protection platform.

Chapter 10,  Facts about Blockchain and Cyber Security, covers some potential challenges with the blockchain system, such as node theft, the availability of distributed nodes, malicious code injection into a distributed ledger, reputational risk, target reconnaissance, and bypassing the offboarding and onboarding procedure.

To get the most out of this book

The hardware requirement are as follows:

Ubuntu 16.04

The software requirements are as follows:

Linux

Node.js

Truffle

Ganache-CLI

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it from https://www.packtpub.com/sites/default/files/downloads/HandsOnCybersecuritywithBlockchain_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "This folder include our smart contract, TwoFactorAuth.sol."

A block of code is set as follows:

forward-zones=bit.=127.0.0.1:5333,dns.=127.0.0.1:5333,eth.=127.0.0.1:5333,p2p.=127.0.0.1:5333export-etc-hosts=offallow-from=0.0.0.0/0local-address=0.0.0.0local-port=53

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

$ node registerAdmin.js

//File Structure Tuna-app/tuna-chaincode.go


Any command-line input or output is written as follows:

sudo apt-get update

sudo apt-get install git npm

sudo apt-get install nodejs-legacy

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "We need to set the environment field to the Web3 Provider option."

Get in touch

Feedback from our readers is always welcome.

General feedback: Email [email protected] and mention the book title in the subject of your message. If you have questions about any aspect of this book, please email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packtpub.com.

Disclaimer

The information within this book is intended to be used only in an ethical manner. Do not use any information from the book if you do not have written permission from the owner of the equipment. If you perform illegal actions, you are likely to be arrested and prosecuted to the full extent of the law. Packt Publishing does not take any responsibility if you misuse any of the information contained within the book. The information herein must only be used while testing environments with proper written authorizations from appropriate persons responsible.

Cyber Threat Landscape and Security Challenges

Information has always been the key to the competitive advantage and sustainable success. Information is usually created when a series of high-volume and unarguable data is used to answer a simple question. Intelligence is developed by collecting information to present a forecast that can be used for decision making processes. Intelligence gathering is the most powerful and effective practice to predict the future. From ancient intelligence to today's artificial intelligence, from the world wars to today's cyberwar, the goal is always to be a step ahead of our adversaries.

Let's look at the real world. The Chinese government and its military, the People's Liberation Army (PLA), have been accused of stealing technology and trade secrets, often from private institutes in the US. You may think that China wants to destroy the US, but that's not true. China simply wants to be the superpower and wants to be a technology leader. Eventually, it wants every single American, and even the rest of the world, to be technology-dependent on the Chinese market place. This results in a continuous attempt of Chinese spying operations targeting multinational businesses and government institutes to gather trade secrets. Let's switch gears now. Political parties keep gathering information through advanced analytics from their own citizens to predict the upcoming election results. It is clear that the world is changing with the changes in the internet.

The rapid transformation to cloud computing, IoT, cognitive computing, and mobility are now managing most critical assets of organizations; however, the increasing number of interconnected applications and technologies also result in an increase in the number of exploitable vulnerabilities. Organizations are deploying several security measures to locate and fix such security vulnerabilities; however, this is a never-ending job for security forces. Nevertheless, top vulnerabilities can be prioritized by sorting them out with the potential threat, but this needs a high degree of threat intelligence practice.

Cyber security is a 20-year-old phenomenon, but in the past five years, it has been challenging for defenders to protect themselves against emerging threats, such as zero-day exploits, crypto-ransomware, terabytes of DDoS attacks, multi-vector malware, and advanced social engineering.

This book is prepared to adopt a paradigm shift in security perception. In spite of adding another layer of security, this is an attempt to change the security mindset at a fundamental level. One of the most popular technologies named after the internet is the blockchain; however, what makes the blockchain truly revolutionary is its potential for applications beyond cryptocurrencies. Today, there are numerous startups that are using blockchain technology to disrupt existing business models and industry verticals such as cloud hosting, financial services, the supply chain, healthcare, cybersecurity, and many more. This book will be useful for security experts, security product engineers, and even blockchain enthusiasts. This book focuses on taking readers on a tour of the current security threat landscape and is a practical approach for overcoming some of the most critical security challenges with the blockchain technology.

In this chapter, readers will learn about the following topics:

The current threat landscape

How defenders including government bodies and businesses are preparing themselves to defend their assets from adversaries

Live attack simulation to perform data exfiltration from a remote machine

Current threat landscape

In the new era of cyberspace, technology transformation has been a core factor for continuous security innovation and operations. In the world of connected vehicles, IoT, and mobility and the cloud, it opens up a focal point for cybercrime, targeted attacks, and industrial espionage. Once an attacker finds a vulnerability and determines how to access an application, they have everything they need to build an exploit for the application, and so it is critical to develop strong vulnerability management. Remember, the effectiveness of vulnerability management depends on the organization's strength to keep up with emerging security threats and models.

Security systems won't make an impact if employees are lured into clicking on a malicious link they were sent over email. Social engineering has proven to be an effective way to get inside of a target network, and security forces face endless challenges in identifying the malicious entry. Back in the old days, before Facebook and LinkedIn, if you needed to find information on organizations, you weren't going to get a lot information on the internet, and thus the use of social networking sites has made social engineering attacks easier to perform.

Ransomware

Ransomware is a malware in which information on a victim's computer is encrypted and payment is demanded before granting them access. Ransomware is one of the most trending and high-return types of crime ware. It has attracted an enormous amount of media coverage in the past two years, mainly because of WannaCry, NotPetya, and Locky. WannaCry ransomware was spread rapidly across a number of systems worldwide in May 2017. It targeted several high-profile organizations including the UK's National Health Service, Spanish telephone giant Telefonica, French automobile leader Renault, US leading logistics company FedEx, Japanese firm Hitachi, and many more.  

The ransomware author hosts the service over the dark web, which allows any buyer to create and modify the malware.

The dark web is a part of the internet that can't be fetched with a search engine but needs a special type of anonymity browser called Tor. In other words, the dark web carries unindexed data that's not available to search engines. The Tor browser basically routes the user information through a series of proxy servers that makes user identity unidentifiable and untraceable. Dark websites look similar to ordinary websites, but there are some differences in the naming structure. Dark websites don't have a top-level domain (TLD) such as .com or .net or .co; rather, they just uses websites that end with .onion.

The monetization of hacking 

As per the cyber security business report, ransomware damage costs are predicted to hit 11.5 billion by 2019. There are several driver factors for growing operations of ransomware globally. To earn faster, cyber criminals have stopped making malware themselves and started leveraging Ransomware-as-a-service (RaaS), which is available over the dark web market place. 

These market places don't just reduce the effort for expert criminals, but they also allow non-technical criminals or script kiddies to conduct ransomware operations.

The attacker produces a ransomware program with a preconfigured timer that ensures the destruction of data if a ransom is not paid before the dead time. Attackers also share a payment procedure, which is mostly through a Bitcoin wallet (since a digital cryptocurrency wallet provides anonymity).

WannaCry

WannaCry attacks were the biggest ransomware attacks that occurred in the month of May 12, 2017. WannaCry made use of vulnerability in Windows OS, first identified by NSA, and then made this publicly available through Shadow Brokers. It was designed to exploit a vulnerability in Windows SMBv1 and SMBv2, so that one move laterally within networks. Until May 24, 2017, more than 200,000 computer systems were infected in 150 countries.

NotPetya

NotPetya is one more flavor of ransomware attack, which was launched in the month of June 2017. The NotPetya ransomware apparently resembles the Petya virus in several ways—it encrypts the file and shows a screen requesting Bitcoin to restore the files. The original infection method was backdoor planted in M.E.Doc (a leading Ukrainian accounting company's software). After compromising the system through M.E.Doc software, NotPetya used tools such as EternalBlue and EternalRomance to spread across network. It also took advantage of a tool called Mimi Katz to find administration credentials in the compromised machine.

SimpleLocker