Friday 6 October 12:00 - 12:30, Red room
Morton Swimmer (Trend Micro)
Even though Web3 usage is still tiny compared with Web 2.0, that has not stopped bad actors from misusing some of its technology stack. Without the clear client-server architecture we are used to, the peer-to-peer nature of the storage layer of Web3 is able to fly under the radar and prevent normal methods of content filtering. In this presentation we will dive into IPFS as a technology to understand the idiosyncrasies of it and the ways in which it can be abused. Along the way, we have statistics that document the mounting dangers we have identified, and we will discuss how we can mitigate these.
Objects in IPFS are content-addressed and not location-addressed. For this reason, blocking IP addresses or domains cannot work.We access an IPFS object by asking a distributed hash table to locate someone with a copy of the object we can pull it from in a peer-to-peer manner, not unlike how BitTorrent works. Objects can be both file-like as well as directory-like, making distributed web hosting a reality. But content-addressing, by design, is not mutable, so there exists a mutable addressing scheme as well, called IPNS, that enables a constant 'name' to point to current content. Ensuring that content is well replicated requires the pinning method to be used and that is supported by services like Pinata or FileCoin. For those not willing to run the IPFS daemon, access is also available through a variety of IPFS gateways.
Despite the lacklustre uptake of IPFS for legitimate applications, we have seen a steady increase in phish and malware hosting, which will be discussed in this presentation, as well as why some of the problems for legitimate use of IPFS turn out to be positive for bad actors. We are also seeing increasing support for IPFS in browsers and application platforms, which may lead to increasing legitimate use and therefore greater difficulty in distinguishing bad from good IPFS usage. Further developments of Web3 technology will also be discussed as many may become dangers to our users in the future. Finally, we look at options for blocking malicious IPFS content.
Dr Morton Swimmer is a manager in the Forward-Looking Threat Research (FTR) team at Trend Micro, Inc., where he peers into the future of computers and society to identify the risks and vulnerabilities of the future. His past in computer security stretches back over 30 years and he has been involved in most of the innovations in security, first at the University of Hamburg, Germany, then IBM Research, and now Trend Micro. While originally active in malware analysis and computer forensics, recently his team has been focusing on massive threat data analysis and machine learning for spotting new types of attacks quantitatively and also on modelling future threats to society that will accompany its inevitable march towards tighter integration in smart cities, intelligent transportation, supply chains and manufacturing. Morton, a native of New York City, has a Computer Science Ph.D. degree from the University of Hamburg, and currently resides in the Hamburg, Germany area.