Spoof-of-Work - Evaluating Device Authorisation in Mobile Mining Processes

Dominik Ziegler; Bernd Prünster; Alexander Marsalek; Christian Kollmann

doi:10.5220/0006859005460553

Spoof-of-Work - Evaluating Device Authorisation in Mobile Mining Processes

Dominik Ziegler, Bernd Prünster, Alexander Marsalek, Christian Kollmann

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

Mobile mining of cryptocurrencies, without relying on CPU-heavy computations, is a novel attempt to foster adoption of a token. However, this approach leaves room for attacks. In this paper, we perform a thorough analysis of Electroneum, one of the first cryptocurrencies to introduce a mobile mining process. We show that mobile mining, without relying on a consensus algorithm (e.g. Proof-Of-Work), is not feasible on current generation Android smartphones. We further demonstrate that the security mechanisms employed by Electroneum can be circumvented and that mobile mining can be exploited successfully. Based on this analysis, we discuss several practical countermeasures, which can be applied on smartphones to enforce device authorisation and prevent abuse.

Original language	English
Title of host publication	Proceedings of the 15th International Joint Conference on e-Business and Telecommunications
Place of Publication	Portugal
Publisher	SciTePress - Science and Technology Publications
Pages	380-387
Number of pages	8
Volume	1: SECRYPT
ISBN (Print)	978-989-758-319-3
DOIs	https://doi.org/10.5220/0006859005460553
Publication status	Published - 28 Jul 2018

Keywords

Device Authorisation, Android, Cryptocurrency, Mining, REST, App Integrity, Smartphone, Electroneum, Remote Attestation, Key Attestation.

Access to Document

10.5220/0006859005460553

A-SIT - Secure Information Technology Center Austria
Stranacher, K., Dominikus, S., Leitold, H., Marsalek, A., Teufl, P., Bauer, W., Aigner, M. J., Rössler, T., Neuherz, E., Dietrich, K., Zefferer, T., Mangard, S., Payer, U., Orthacker, C., Lipp, P., Reiter, A., Knall, T., Bratko, H., Bonato, M., Suzic, B., Zwattendorfer, B., Kreuzhuber, S., Oswald, M. E., Tauber, A., Posch, R., Bratko, D., Feichtner, J., Ivkovic, M., Reimair, F., Wolkerstorfer, J. & Scheibelhofer, K.
21/05/99 → 6/08/20
Project: Research area

Spoof-of-Work - Evaluating Device Authorisation in Mobile Mining Processes
Dominik Ziegler (Speaker)
28 Jul 2018
Activity: Talk or presentation › Talk at conference or symposium › Science to science

Cite this

Spoof-of-Work - Evaluating Device Authorisation in Mobile Mining Processes. / Ziegler, Dominik; Prünster, Bernd; Marsalek, Alexander et al.
Proceedings of the 15th International Joint Conference on e-Business and Telecommunications. Vol. 1: SECRYPT Portugal: SciTePress - Science and Technology Publications, 2018. p. 380-387.

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

@inproceedings{8f2e99bdcf1c4ea0acf6e6613bd29fbd,

title = "Spoof-of-Work - Evaluating Device Authorisation in Mobile Mining Processes",

abstract = "Mobile mining of cryptocurrencies, without relying on CPU-heavy computations, is a novel attempt to foster adoption of a token. However, this approach leaves room for attacks. In this paper, we perform a thorough analysis of Electroneum, one of the first cryptocurrencies to introduce a mobile mining process. We show that mobile mining, without relying on a consensus algorithm (e.g. Proof-Of-Work), is not feasible on current generation Android smartphones. We further demonstrate that the security mechanisms employed by Electroneum can be circumvented and that mobile mining can be exploited successfully. Based on this analysis, we discuss several practical countermeasures, which can be applied on smartphones to enforce device authorisation and prevent abuse.",

keywords = "Device Authorisation, Android, Cryptocurrency, Mining, REST, App Integrity, Smartphone, Electroneum, Remote Attestation, Key Attestation.",

author = "Dominik Ziegler and Bernd Pr{\"u}nster and Alexander Marsalek and Christian Kollmann",

year = "2018",

month = jul,

day = "28",

doi = "10.5220/0006859005460553",

language = "English",

isbn = "978-989-758-319-3",

volume = "1: SECRYPT",

pages = "380--387",

booktitle = "Proceedings of the 15th International Joint Conference on e-Business and Telecommunications",

publisher = "SciTePress - Science and Technology Publications",

}

TY - GEN

T1 - Spoof-of-Work - Evaluating Device Authorisation in Mobile Mining Processes

AU - Ziegler, Dominik

AU - Prünster, Bernd

AU - Marsalek, Alexander

AU - Kollmann, Christian

PY - 2018/7/28

Y1 - 2018/7/28

N2 - Mobile mining of cryptocurrencies, without relying on CPU-heavy computations, is a novel attempt to foster adoption of a token. However, this approach leaves room for attacks. In this paper, we perform a thorough analysis of Electroneum, one of the first cryptocurrencies to introduce a mobile mining process. We show that mobile mining, without relying on a consensus algorithm (e.g. Proof-Of-Work), is not feasible on current generation Android smartphones. We further demonstrate that the security mechanisms employed by Electroneum can be circumvented and that mobile mining can be exploited successfully. Based on this analysis, we discuss several practical countermeasures, which can be applied on smartphones to enforce device authorisation and prevent abuse.

AB - Mobile mining of cryptocurrencies, without relying on CPU-heavy computations, is a novel attempt to foster adoption of a token. However, this approach leaves room for attacks. In this paper, we perform a thorough analysis of Electroneum, one of the first cryptocurrencies to introduce a mobile mining process. We show that mobile mining, without relying on a consensus algorithm (e.g. Proof-Of-Work), is not feasible on current generation Android smartphones. We further demonstrate that the security mechanisms employed by Electroneum can be circumvented and that mobile mining can be exploited successfully. Based on this analysis, we discuss several practical countermeasures, which can be applied on smartphones to enforce device authorisation and prevent abuse.

KW - Device Authorisation, Android, Cryptocurrency, Mining, REST, App Integrity, Smartphone, Electroneum, Remote Attestation, Key Attestation.

U2 - 10.5220/0006859005460553

DO - 10.5220/0006859005460553

M3 - Conference paper

SN - 978-989-758-319-3

VL - 1: SECRYPT

SP - 380

EP - 387

BT - Proceedings of the 15th International Joint Conference on e-Business and Telecommunications

PB - SciTePress - Science and Technology Publications

CY - Portugal

ER -

Spoof-of-Work - Evaluating Device Authorisation in Mobile Mining Processes

Abstract

Keywords

Access to Document

Projects

A-SIT - Secure Information Technology Center Austria

Activities

Spoof-of-Work - Evaluating Device Authorisation in Mobile Mining Processes

Cite this