TY - GEN
T1 - Augmenting MetaMask to Support TLS-endorsed Smart Contracts
AU - Gallersdörfer, Ulrich
AU - Ebel, Jonas
AU - Matthes, Florian
N1 - Publisher Copyright:
© 2022, Springer Nature Switzerland AG.
PY - 2022
Y1 - 2022
N2 - Users in blockchain systems are exposed to address replacement attacks due to the weak binding between websites and smart contracts, as they have no way to verify the authenticity of obtained addresses. Prior research introduced TLS-endorsed Smart Contracts (TeSC) that equip Smart Contracts with authentication information, proving the relation to the domain name of the respective website. For an efficient and user-friendly approach, this technology needs to be integrated with wallets. Based on the analysis of browser warnings regarding TLS-certificates, we augment MetaMask with the ability to detect TeSC and warn users if attack scenarios are detected. To evaluate our work, we conduct a study with 40 participants to show the effectiveness of TeSC to prevent address-replacement attacks and ensure the safe interaction of users and addresses.
AB - Users in blockchain systems are exposed to address replacement attacks due to the weak binding between websites and smart contracts, as they have no way to verify the authenticity of obtained addresses. Prior research introduced TLS-endorsed Smart Contracts (TeSC) that equip Smart Contracts with authentication information, proving the relation to the domain name of the respective website. For an efficient and user-friendly approach, this technology needs to be integrated with wallets. Based on the analysis of browser warnings regarding TLS-certificates, we augment MetaMask with the ability to detect TeSC and warn users if attack scenarios are detected. To evaluate our work, we conduct a study with 40 participants to show the effectiveness of TeSC to prevent address-replacement attacks and ensure the safe interaction of users and addresses.
KW - DNS
KW - Ethereum
KW - MetaMask
KW - PKI
KW - TLS
KW - TeSC
KW - Wallet
UR - http://www.scopus.com/inward/record.url?scp=85124671872&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-93944-1_15
DO - 10.1007/978-3-030-93944-1_15
M3 - Conference contribution
AN - SCOPUS:85124671872
SN - 9783030939434
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 227
EP - 244
BT - Data Privacy Management, Cryptocurrencies and Blockchain Technology - ESORICS 2021 International Workshops, DPM 2021 and CBT 2021, Revised Selected Papers
A2 - Garcia-Alfaro, Joaquin
A2 - Muñoz-Tapia, Jose Luis
A2 - Navarro-Arribas, Guillermo
A2 - Soriano, Miguel
PB - Springer Science and Business Media Deutschland GmbH
T2 - 16th International Workshop on Data Privacy Management, DPM 2021, and 5th International Workshop on Cryptocurrencies and Blockchain Technology, CBT 2021 held in conjunction with ESORICS 2021
Y2 - 8 October 2021 through 8 October 2021
ER -