Spoof-of-Work - Evaluating Device Authorisation in Mobile Mining Processes

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Abstract

Mobile mining of cryptocurrencies, without relying on CPU-heavy computations, is a novel attempt to foster adoption of a token. However, this approach leaves room for attacks. In this paper, we perform a thorough analysis of Electroneum, one of the first cryptocurrencies to introduce a mobile mining process. We show that mobile mining, without relying on a consensus algorithm (e.g. Proof-Of-Work), is not feasible on current generation Android smartphones. We further demonstrate that the security mechanisms employed by Electroneum can be circumvented and that mobile mining can be exploited successfully. Based on this analysis, we discuss several practical countermeasures, which can be applied on smartphones to enforce device authorisation and prevent abuse.
Spracheenglisch
TitelProceedings of the 15th International Joint Conference on e-Business and Telecommunications
ErscheinungsortPortugal
Herausgeber (Verlag)SciTePress - Science and Technology Publications
Seiten380-387
Seitenumfang8
Band1: SECRYPT
ISBN (Print)978-989-758-319-3
DOIs
StatusVeröffentlicht - 28 Jul 2018

Fingerprint

Smartphones
Program processors
Electronic money
Android (operating system)

Schlagwörter

    Dies zitieren

    Ziegler, D., Prünster, B., Marsalek, A., & Kollmann, C. (2018). Spoof-of-Work - Evaluating Device Authorisation in Mobile Mining Processes. in Proceedings of the 15th International Joint Conference on e-Business and Telecommunications (Band 1: SECRYPT, S. 380-387). Portugal: SciTePress - Science and Technology Publications. https://doi.org/10.5220/0006859005460553

    Spoof-of-Work - Evaluating Device Authorisation in Mobile Mining Processes. / Ziegler, Dominik; Prünster, Bernd; Marsalek, Alexander; Kollmann, Christian.

    Proceedings of the 15th International Joint Conference on e-Business and Telecommunications. Band 1: SECRYPT Portugal : SciTePress - Science and Technology Publications, 2018. S. 380-387.

    Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

    Ziegler, D, Prünster, B, Marsalek, A & Kollmann, C 2018, Spoof-of-Work - Evaluating Device Authorisation in Mobile Mining Processes. in Proceedings of the 15th International Joint Conference on e-Business and Telecommunications. Bd. 1: SECRYPT, SciTePress - Science and Technology Publications, Portugal, S. 380-387. https://doi.org/10.5220/0006859005460553
    Ziegler D, Prünster B, Marsalek A, Kollmann C. Spoof-of-Work - Evaluating Device Authorisation in Mobile Mining Processes. in Proceedings of the 15th International Joint Conference on e-Business and Telecommunications. Band 1: SECRYPT. Portugal: SciTePress - Science and Technology Publications. 2018. S. 380-387 https://doi.org/10.5220/0006859005460553
    Ziegler, Dominik ; Prünster, Bernd ; Marsalek, Alexander ; Kollmann, Christian. / Spoof-of-Work - Evaluating Device Authorisation in Mobile Mining Processes. Proceedings of the 15th International Joint Conference on e-Business and Telecommunications. Band 1: SECRYPT Portugal : SciTePress - Science and Technology Publications, 2018. S. 380-387
    @inproceedings{8f2e99bdcf1c4ea0acf6e6613bd29fbd,
    title = "Spoof-of-Work - Evaluating Device Authorisation in Mobile Mining Processes",
    abstract = "Mobile mining of cryptocurrencies, without relying on CPU-heavy computations, is a novel attempt to foster adoption of a token. However, this approach leaves room for attacks. In this paper, we perform a thorough analysis of Electroneum, one of the first cryptocurrencies to introduce a mobile mining process. We show that mobile mining, without relying on a consensus algorithm (e.g. Proof-Of-Work), is not feasible on current generation Android smartphones. We further demonstrate that the security mechanisms employed by Electroneum can be circumvented and that mobile mining can be exploited successfully. Based on this analysis, we discuss several practical countermeasures, which can be applied on smartphones to enforce device authorisation and prevent abuse.",
    keywords = "Device Authorisation, Android, Cryptocurrency, Mining, REST, App Integrity, Smartphone, Electroneum, Remote Attestation, Key Attestation.",
    author = "Dominik Ziegler and Bernd Pr{\"u}nster and Alexander Marsalek and Christian Kollmann",
    year = "2018",
    month = "7",
    day = "28",
    doi = "10.5220/0006859005460553",
    language = "English",
    isbn = "978-989-758-319-3",
    volume = "1: SECRYPT",
    pages = "380--387",
    booktitle = "Proceedings of the 15th International Joint Conference on e-Business and Telecommunications",
    publisher = "SciTePress - Science and Technology Publications",

    }

    TY - GEN

    T1 - Spoof-of-Work - Evaluating Device Authorisation in Mobile Mining Processes

    AU - Ziegler, Dominik

    AU - Prünster, Bernd

    AU - Marsalek, Alexander

    AU - Kollmann, Christian

    PY - 2018/7/28

    Y1 - 2018/7/28

    N2 - Mobile mining of cryptocurrencies, without relying on CPU-heavy computations, is a novel attempt to foster adoption of a token. However, this approach leaves room for attacks. In this paper, we perform a thorough analysis of Electroneum, one of the first cryptocurrencies to introduce a mobile mining process. We show that mobile mining, without relying on a consensus algorithm (e.g. Proof-Of-Work), is not feasible on current generation Android smartphones. We further demonstrate that the security mechanisms employed by Electroneum can be circumvented and that mobile mining can be exploited successfully. Based on this analysis, we discuss several practical countermeasures, which can be applied on smartphones to enforce device authorisation and prevent abuse.

    AB - Mobile mining of cryptocurrencies, without relying on CPU-heavy computations, is a novel attempt to foster adoption of a token. However, this approach leaves room for attacks. In this paper, we perform a thorough analysis of Electroneum, one of the first cryptocurrencies to introduce a mobile mining process. We show that mobile mining, without relying on a consensus algorithm (e.g. Proof-Of-Work), is not feasible on current generation Android smartphones. We further demonstrate that the security mechanisms employed by Electroneum can be circumvented and that mobile mining can be exploited successfully. Based on this analysis, we discuss several practical countermeasures, which can be applied on smartphones to enforce device authorisation and prevent abuse.

    KW - Device Authorisation, Android, Cryptocurrency, Mining, REST, App Integrity, Smartphone, Electroneum, Remote Attestation, Key Attestation.

    U2 - 10.5220/0006859005460553

    DO - 10.5220/0006859005460553

    M3 - Conference contribution

    SN - 978-989-758-319-3

    VL - 1: SECRYPT

    SP - 380

    EP - 387

    BT - Proceedings of the 15th International Joint Conference on e-Business and Telecommunications

    PB - SciTePress - Science and Technology Publications

    CY - Portugal

    ER -