2017-09-15 20:19:19 +00:00
|
|
|
---
|
|
|
|
title: The Bitcoin Piñata
|
2017-09-17 18:52:58 +00:00
|
|
|
abstract: ![Piñata](/static/img/pinata.png)
|
2017-09-15 20:19:19 +00:00
|
|
|
---
|
|
|
|
|
2017-09-17 18:52:58 +00:00
|
|
|
![Piñata](/static/img/pinata.png)
|
|
|
|
|
2017-09-17 13:13:28 +00:00
|
|
|
The [Bitcoin Piñata](http://ownme.ipredator.se) is a unikernel which serves as
|
|
|
|
bug bounty system to test TLS and the underlying implementations. Its
|
|
|
|
communication endpoints are a website describing the setup, and both a TLS
|
|
|
|
client and a TLS server listening on a port. The total size, including TLS,
|
|
|
|
X.509, TCP/IP, of the virtual machine image is 4MB, which is less than 4% of a
|
|
|
|
comparable system using a Linux kernel and OpenSSL.
|
|
|
|
|
|
|
|
When a TLS handshake is successfully completed with mutual authentication, the
|
|
|
|
Piñata transmits the private key to a bitcoin wallet which is filled with ~10BTC
|
2017-11-09 22:30:24 +00:00
|
|
|
(~60 000 EUR).
|
2017-09-17 13:13:28 +00:00
|
|
|
|
|
|
|
On startup, the Piñata generates its certificate authority on the fly, including
|
|
|
|
certificates and private keys. This means that only the Piñata itself contains
|
2017-09-17 14:00:44 +00:00
|
|
|
private keys which can authenticate successfully, and an attacker has to find
|
2017-09-17 13:13:28 +00:00
|
|
|
an exploitable flaw in any software layer (OCaml runtime, virtual network
|
2017-09-17 14:00:44 +00:00
|
|
|
device, TCP/IP stack, TLS library, X.509 validation, or elsewhere) to complete the challenge.
|
2017-09-17 13:13:28 +00:00
|
|
|
|
2017-09-17 14:00:44 +00:00
|
|
|
The Piñata is online since February 2015, and even though thousands of unique IP
|
2017-09-17 13:13:28 +00:00
|
|
|
addresses initiated connections, the wallet still contains the 10 BTC.
|
|
|
|
|
|
|
|
By using a Bitcoin wallet, the Piñata is a transparent bug bounty. Everybody
|
|
|
|
can observe (by looking into the Bitcoin blockchain) whether it has been
|
|
|
|
compromised and the money has been transferred to another wallet. It is also
|
|
|
|
self-serving: when an attacker discovers a flaw, they don't need to fill out
|
|
|
|
any forms to retrieve the bounty, instead they can take the wallet, without any
|
|
|
|
questions asked.
|