Hash for Cash

Code that simultaneously mitigates DDoS attacks and harnesses computer power of devices to fundraise for opensource

Comment

Inspiration

The recent IoT DDoS attacks warned us of the vulnerabilities of our current internet infrastructure and wasted computation power. Our team saw an opportunity to address both concerns and built Hash for Cash.

What it does

Hash for Cash is a server code/web application that helps mitigate DDoS attacks through client puzzles and harnesses the computation power of the attacks to solve tough problems such as BitCoin Mining. The client puzzle limits the speed which the hacker can overload the server. The client puzzle is also a small piece of the large computation problem. Hash for Cash is a middle-ware that is easy to integrate into systems and has vast potential due to flexibility and applicability, requiring little from individual clients and servers to tackle tough computation problems.

Our demonstration uses client puzzles engineered to have solutions which are subsets of bitcoin mining puzzles. We chose bitcoin mining due to ease of hashcash implementation. The client puzzle makes use of wasted CPU cycles to mine bitcoins, generating cashflow that can be used to fund other high-impact open source projects.

How we built it

We met each other as strangers on Friday night, and pooled together our web development ideas. We were all interested in internet security and wanted to create a feasible and impactful project. We discussed Client Puzzle Protocols and proof of work systems, planning a project that incorporated these ideas into something that had a way of giving back to society.

Our team researched Bitcoins and academic papers that detailed hashcash implementation until we had an executable plan. We created clear objectives and tasks the project needed to accomplish and had a clear direction by midnight. As we finished our planning, we pledged to try to better understand Bitcoin, JQuery, and various code relating to our project.

Saturday morning, we started coding. We were all motivated to learn more JavaScript, HTML, and Python to implement our vision. We broke down the massive project into more manageable, but still challenging sub-tasks and assigned timelines for each sub-task. We tackled each component and pieced the blocks together on Sunday morning.

A general overview of the steps used to deter dos attacks and fund raise for projects are:

  1. Server Pulls down current bitcoin block being mined
  2. Client Requests html page from server
  3. Server responds with a puzzle(based on the bitcoin data) for the client to solve
  4. Client hashes many different combinations of numbers appended to the puzzle till they find valid result
  5. Server receives client's answer, verifies they are correct, and grants them access to the page they requested. In addition, the server checks to see if the clients solution to their subproblem of the bitcoin mining problem, also solves the bitcoin mining problem. If it does, it publishes that value to the bitcoin network, collects the rewards, and those rewards can then be distributed to open-source projects in need of funding.

The client runs on javascript.

We implemented all this code on the server in a django middleware, so that any project that wants to use it, and runs on django can simply download our python files, and add a line to their settings.py file to reap the benefits of Hash for Cash!

Challenges we ran into

When first planning out our timeline we assumed there would already be implementations of individual components(client side puzzles, bitcoin mining, etc...) available for us to use and piece together to fit our project needs. About an hour in to the competition we found out we were very wrong and that we would need to implement it all ourselves using the protocol research papers as references.

Along the way we ran into conflicting evidence for endian-ness of values, order of hashing data, magic numbers, and much more.

Aside from protocols, JavaScript proved challenging as an unfamiliar language. We spent around 6 hours trying to find the right data encoding format to hash, and which hash library to use.

We all learned from internet sources, eachother's knowledge, and the LA Hacks mentors; through which we were able to overcome these technical difficulties.

Accomplishments that we're proud of

Our team completed a prototype of Hash for Cash in less than 48 hours and created software that protects servers against DDoS attacks and creates a means of benefiting from the attacks.

What's next for Hash for Cash

Our demo of Hash for Cash is limited to Bitcoin mining client puzzles but the next steps include genomic sequencing and other chunk-able computation problems.

Share this project:

Updates