A Security Analysis of FirstCoin

Alexander Marsalek; Christian Kollmann; Thomas Zefferer

doi:10.1007/978-3-319-99828-2_10

A Security Analysis of FirstCoin

Alexander Marsalek, Christian Kollmann, Thomas Zefferer

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Abstract

Supported by the current hype on Bitcoin, the number of available cryptocurrencies has steadily increased over the past years. Currently, relevant portals list more than 1.500 cryptocurrencies. Many of them slightly deviate from approved and tested technical concepts and realize security-related functionality in different ways. While the security of major cryptocurrencies has already been studied in more detail, security properties of less popular cryptocurrencies that deviate from approved technical concepts often remain unclear. This is a problem, as users run the risk of losing invested money in case the respective cryptocurrency is unable to provide sufficient security. In this paper, we underpin this statement by means of a detailed analysis of the cryptocurrency FirstCoin. We identify and discuss vulnerabilities of FirstCoin, which lead to a low network hash rate and allow for 51% attacks. We propose a double-spending attack that exploits these vulnerabilities and demonstrate the proposed attack's feasibility by running it in an isolated evaluation environment. This way, we show FirstCoin to be insecure and provide a real-world example that underpins the general problem of cryptocurrencies deviating from approved security concepts and relying on weak security designs.

Originalsprache	englisch
Titel	ICT Systems Security and Privacy Protection
Redakteure/-innen	Lech Jan Janczewski, Miroslaw Kutylowski
Erscheinungsort	Cham
Herausgeber (Verlag)	Springer International Publishing AG
Seiten	127-140
Seitenumfang	14
ISBN (Print)	978-3-319-99828-2
DOIs	https://doi.org/10.1007/978-3-319-99828-2_10
Publikationsstatus	Veröffentlicht - 2018
Veranstaltung	33rd IFIP TC-11 SEC 2018 International Conference on Information Security and Privacy Protection - Poznań, Polen Dauer: 18 Sept. 2018 → 20 Sept. 2018

Publikationsreihe

Name	IFIP Advances in Information and Communication Technology
Band	529

Konferenz

Konferenz	33rd IFIP TC-11 SEC 2018 International Conference on Information Security and Privacy Protection
Kurztitel	IFIP SEC 2018
Land/Gebiet	Polen
Ort	Poznań
Zeitraum	18/09/18 → 20/09/18

Zugriff auf Dokument

10.1007/978-3-319-99828-2_10

paper-firstcoinAkzeptiertes Autorenmanuskript, 1,12 MB

A-SIT - Zentrum für sichere Informationstechnologie Austria
Stranacher, K., Dominikus, S., Leitold, H., Marsalek, A., Teufl, P., Bauer, W., Aigner, M. J., Rössler, T., Neuherz, E., Dietrich, K., Zefferer, T., Mangard, S., Payer, U., Orthacker, C., Lipp, P., Reiter, A., Knall, T., Bratko, H., Bonato, M., Suzic, B., Zwattendorfer, B., Kreuzhuber, S., Oswald, M. E., Tauber, A., Posch, R., Bratko, D., Feichtner, J., Ivkovic, M., Reimair, F., Wolkerstorfer, J. & Scheibelhofer, K.
21/05/99 → 6/08/20
Projekt: Arbeitsgebiet

Dieses zitieren

A Security Analysis of FirstCoin. / Marsalek, Alexander; Kollmann, Christian; Zefferer, Thomas.
ICT Systems Security and Privacy Protection. Hrsg. / Lech Jan Janczewski; Miroslaw Kutylowski. Cham: Springer International Publishing AG , 2018. S. 127-140 (IFIP Advances in Information and Communication Technology; Band 529).

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Marsalek, A, Kollmann, C & Zefferer, T 2018, A Security Analysis of FirstCoin. in LJ Janczewski & M Kutylowski (Hrsg.), ICT Systems Security and Privacy Protection. IFIP Advances in Information and Communication Technology, Bd. 529, Springer International Publishing AG , Cham, S. 127-140,
33rd IFIP TC-11 SEC 2018 International Conference on Information Security and Privacy Protection , Poznań, Polen, 18/09/18. https://doi.org/10.1007/978-3-319-99828-2_10

@inproceedings{ad31b0bc41c0484e8115c292f94a3558,

title = "A Security Analysis of FirstCoin",

abstract = "Supported by the current hype on Bitcoin, the number of available cryptocurrencies has steadily increased over the past years. Currently, relevant portals list more than 1.500 cryptocurrencies. Many of them slightly deviate from approved and tested technical concepts and realize security-related functionality in different ways. While the security of major cryptocurrencies has already been studied in more detail, security properties of less popular cryptocurrencies that deviate from approved technical concepts often remain unclear. This is a problem, as users run the risk of losing invested money in case the respective cryptocurrency is unable to provide sufficient security. In this paper, we underpin this statement by means of a detailed analysis of the cryptocurrency FirstCoin. We identify and discuss vulnerabilities of FirstCoin, which lead to a low network hash rate and allow for 51% attacks. We propose a double-spending attack that exploits these vulnerabilities and demonstrate the proposed attack's feasibility by running it in an isolated evaluation environment. This way, we show FirstCoin to be insecure and provide a real-world example that underpins the general problem of cryptocurrencies deviating from approved security concepts and relying on weak security designs.",

author = "Alexander Marsalek and Christian Kollmann and Thomas Zefferer",

year = "2018",

doi = "10.1007/978-3-319-99828-2_10",

language = "English",

isbn = "978-3-319-99828-2",

series = "IFIP Advances in Information and Communication Technology",

publisher = "Springer International Publishing AG ",

pages = "127--140",

editor = "Janczewski, {Lech Jan} and Miroslaw Kutylowski",

booktitle = "ICT Systems Security and Privacy Protection",

address = "Switzerland",

note = "<br/>33rd IFIP TC-11 SEC 2018 International Conference on Information Security and Privacy Protection , IFIP SEC 2018 ; Conference date: 18-09-2018 Through 20-09-2018",

}

TY - GEN

T1 - A Security Analysis of FirstCoin

AU - Marsalek, Alexander

AU - Kollmann, Christian

AU - Zefferer, Thomas

PY - 2018

Y1 - 2018

N2 - Supported by the current hype on Bitcoin, the number of available cryptocurrencies has steadily increased over the past years. Currently, relevant portals list more than 1.500 cryptocurrencies. Many of them slightly deviate from approved and tested technical concepts and realize security-related functionality in different ways. While the security of major cryptocurrencies has already been studied in more detail, security properties of less popular cryptocurrencies that deviate from approved technical concepts often remain unclear. This is a problem, as users run the risk of losing invested money in case the respective cryptocurrency is unable to provide sufficient security. In this paper, we underpin this statement by means of a detailed analysis of the cryptocurrency FirstCoin. We identify and discuss vulnerabilities of FirstCoin, which lead to a low network hash rate and allow for 51% attacks. We propose a double-spending attack that exploits these vulnerabilities and demonstrate the proposed attack's feasibility by running it in an isolated evaluation environment. This way, we show FirstCoin to be insecure and provide a real-world example that underpins the general problem of cryptocurrencies deviating from approved security concepts and relying on weak security designs.

AB - Supported by the current hype on Bitcoin, the number of available cryptocurrencies has steadily increased over the past years. Currently, relevant portals list more than 1.500 cryptocurrencies. Many of them slightly deviate from approved and tested technical concepts and realize security-related functionality in different ways. While the security of major cryptocurrencies has already been studied in more detail, security properties of less popular cryptocurrencies that deviate from approved technical concepts often remain unclear. This is a problem, as users run the risk of losing invested money in case the respective cryptocurrency is unable to provide sufficient security. In this paper, we underpin this statement by means of a detailed analysis of the cryptocurrency FirstCoin. We identify and discuss vulnerabilities of FirstCoin, which lead to a low network hash rate and allow for 51% attacks. We propose a double-spending attack that exploits these vulnerabilities and demonstrate the proposed attack's feasibility by running it in an isolated evaluation environment. This way, we show FirstCoin to be insecure and provide a real-world example that underpins the general problem of cryptocurrencies deviating from approved security concepts and relying on weak security designs.

U2 - 10.1007/978-3-319-99828-2_10

DO - 10.1007/978-3-319-99828-2_10

M3 - Conference paper

SN - 978-3-319-99828-2

T3 - IFIP Advances in Information and Communication Technology

SP - 127

EP - 140

BT - ICT Systems Security and Privacy Protection

A2 - Janczewski, Lech Jan

A2 - Kutylowski, Miroslaw

PB - Springer International Publishing AG

CY - Cham

T2 - <br/>33rd IFIP TC-11 SEC 2018 International Conference on Information Security and Privacy Protection

Y2 - 18 September 2018 through 20 September 2018

ER -

A Security Analysis of FirstCoin

Abstract

Publikationsreihe

Konferenz

Zugriff auf Dokument

Fingerprint

Projekte

A-SIT - Zentrum für sichere Informationstechnologie Austria

Dieses zitieren