Conference Paper

Hijacking Bitcoin: Routing Attacks on Cryptocurrencies

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... They highlighted the unique risks posed by PoS mechanisms and proposed specific countermeasures such as dynamic peer selection and enhanced monitoring. [14] analyzed the Bitcoin network's vulnerability to routing attacks, which are closely related to eclipse attacks. Their work highlighted how routing-level attacks could be used to launch eclipse attacks, and they proposed enhancements to the Bitcoin protocol to make it more resistant to such threats. ...
... Transaction censorship refers to a scenario where an adversary deliberately prevents certain transactions from being confirmed on the blockchain. This can be achieved by controlling [4] High delays from Kademlia DHT isolation [5] Minimal delays in permissioned networks [12] Low delays via cross-chain validation [19] Consensus Time Impact Disrupted due to limited node diversity [11] Significant due to isolated validators [5] Low impact from fixed peers [10] Resilient with parachain redundancy [14] Double-Spending Success ...
... Moderate success targeting nodes [4] High success under Sybil conditions [5] Low success via strict identity checks [12] Limited success from layered security [14] the node's view of the blockchain [22], thereby manipulating the information that the node processes and propagates. An attacker can halt or delay the processing of transactions from certain addresses. ...
Article
Full-text available
This paper presents a comprehensive study on eclipse attacks in blockchain networks by describing how eclipse attacks work, their effects, detection, and prevention. In this context, understanding and controlling network-level attacks, such as eclipse attacks, is an essential task in relation to assurance and reliability for decentralized systems that utilize blockchain technology. An eclipse attack is a sequence of network-layer attacks that monopolize the connections to a target node to isolate it from the rest of the network. Eclipse attacks that focus on node discovery manipulation, can have a substantial impact on a blockchain network, by increasing transaction computation cost, transaction censorship, and consensus disruption. We studied eclipse attacks on a blockchain network. The attack vectors were associated with node discovery manipulation, network partitioning, and information flow exploitation. This paper also reviews state-of-the-art detection methods and prevention strategies, shedding light on their effectiveness and limitations. Awareness of eclipse attacks and their effect provides the motivation for further research in developing practical and resilient security measures for blockchain networks.
... Given the amount of money at stake, Bitcoin is an obvious target for adversaries. Indeed, numerous attacks have been described targeting different aspects of the system, including double spending [2], netsplit [3], transaction malleability [4], networking attacks [5], or attacks targeting mining [6] [7] [8] and mining pools [9]. In [10], authors claim that "Bitcoin works in practice and not in theory" due to the lack of security research to find out theoretical foundation for Bitcoin protocols. ...
... As shown in [43], the propagation time can even be further extended under reasonable circumstances. Authors in [5] presents a taxonomy of routing attacks and their impact on Bitcoin, considering both small-scale attacks, targeting individual nodes, and large-scale attacks, targeting the network as a whole. By isolating parts of the network or delaying block propagation, adversaries could cause significant amount of mining power to be wasted, leading to revenue losses and exposing the network to a wide range of exploits such as double spending. ...
... For the first time, authors in [5] present the impact of routing attacks on Bitcoin network by considering both small and large scale attacks. The paper shows that two key properties of Bitcoin networks which includes, the ease of routing manipulation, and the rapidly increasing centralization of Bitcoin in terms of mining power and routing, makes the routing attacks practical. ...
Preprint
Bitcoin is a popular cryptocurrency that records alltransactions in a distributed append-only public ledger calledblockchain. The security of Bitcoin heavily relies on the incentive-compatible proof-of-work (PoW) based distributed consensus pro-tocol, which is run by network nodes called miners. In exchangefor the incentive, the miners are expected to honestly maintainthe blockchain. Since its launch in 2009, Bitcoin economy hasgrown at an enormous rate, and it is now worth about 170 billions of dollars. This exponential growth in the market valueof Bitcoin motivates adversaries to exploit weaknesses for profit,and researchers to discover new vulnerabilities in the system,propose countermeasures, and predict upcoming trends.In this paper, we present a systematic survey that covers thesecurity and privacy aspects of Bitcoin. We start by presenting anoverview of the Bitcoin protocol and its major components alongwith their functionality and interactions within the system. Wereview the existing vulnerabilities in Bitcoin and its underlyingmajor technologies such as blockchain and PoW based consensusprotocol. These vulnerabilities lead to the execution of varioussecurity threats to the normal functionality of Bitcoin. Wethen discuss the feasibility and robustness of the state-of-the-art security solutions. Additionally, we present current privacyand anonymity considerations in Bitcoin and discuss the privacy-related threats to Bitcoin users along with the analysis of theexisting privacy-preserving solutions. Finally, we summarize thecritical open challenges and suggest directions for future researchtowards provisioning stringent security and privacy techniquesfor Bitcoin.
... Blockchain security Apostolaki et al. [14] were among the first to quantify the concentration of Bitcoin nodes in certain routing prefixes and partitioning a chunk of nodes. By hijacking a small number of prefixes, it is possible to isolate a significant amount of mining power from the network. ...
... In this section, we quantify the degree of centralization at the network-level by looking at autonomous systems and geographic location of participating nodes. If the blockchain core infrastructure is concentrated in just a few ASes or geographic locations, it may be feasible to launch targeted attacks that could stall or disrupt transaction processing in blockchains such as BGP hijacking [14] or DDoS [17]. ...
... To put our measurements into perspective, we compare our data with previous studies and measurements to see how the situation has changed over time. Figure 6 depicts the cumulative distribution function of Bitcoin participating IP addresses across autonomous systems from 2014 [12] and 2016 [14]. ...
Article
Full-text available
Blockchain’s promise of an immutable distributed ledger, fully fault tolerant with no centralized control deployed in an untrusted decentralized peer-to-peer network has disrupted the financial and technical industry. Blockchains may vary in terms of their design goals and algorithms, but they all rely on one common premise: the blockchain network is a decentralized peer-to-peer system and the ledger is stored on these untrusted peers. In this paper, we measure the characteristics of blockchain peers in the top four blockchains with dominant market share, Bitcoin, Ethereum, Ripple, and Solana. All four blockchains have a common trend that they have moved away from the idealistic decentralized peer-to-peer systems in their original design, and have become more server-like, more centralized, and more vulnerable to certain attacks. Using our measurements, we quantify the amount of effort required to delay, disrupt, and attack these blockchains.
... Motivation & vulnerability: The attacker utilizes BGP route redirection to hijack cryptocurrency mining operations without payment, capturing honest miners in a malicious pool and maintaining the false pool for each honest miner in brief intervals. To keep the activity undetected [121], the attacker can partition the network or intercept a portion of connections to induce delays in blockchain traffic through BGP hijacks [27]. ...
... Conditions & outcomes: Access to Internet Routing Table is crucial, and efficiently corrupting it indicates susceptibility to the attack. It will leave miners in a rewardless state [27]. Also, the attacker needs to ensure the bogus BGP announcements are unfiltered by the upstream network. ...
... Enhancements: A successful attack can isolate a node, creating a barrier in communication that increases vulnerability in multiple domains such as node eclipse, 0-confirmation double-spends, selfish mining, and consensus delay [27]. ...
Preprint
Blockchain is a growing decentralized system built for transparency and immutability. There have been several major attacks on blockchain-based systems, leaving a gap in the trustability of this system. This article presents a comprehensive study of 23 attacks on blockchain systems and categorizes them using a layer-based approach. This approach provides an in-depth analysis of the feasibility and motivation of these attacks. In addition, a framework is proposed that enables a systematic analysis of the impact and interconnection of these attacks, thereby providing a means of identifying potential attack vectors and designing appropriate countermeasures to strengthen any blockchain system.
... For Dumbo, the time starts when the first honest node initiates a new instance (sends its transaction set for this instance) and ends when the first node terminates this instance (committed all valid transaction sets of this instance). 3 The average data usage per node per instance refers to the cost of downloading blocks of a particular height and rounds of votes incurred until the consensus is reached. For example, HotStuff-2 and our approach download only one block except when changing branches, while Dumbo downloads the transaction sets sent by each node. ...
... Tbl. 4 shows our experiment results using the same experimental setup as given in Sec. 7. For two or three concurrent leaders, the chance of wasting time due to forking is ( f N ) 2 and ( f N ) 3 respectively, with an increase in acceptance time and data usage per instance due to more rounds of voting required. We only test up to three concurrent leaders because 97% of average transaction inclusion rate is already good enough and the number of voting rounds used with a larger number of leaders can be seen from Fig. 5. Proof of Lemma 4.2. ...
... This accomplishment introduces a validated strong BFT consensus mechanism to the community, capable of aligning the complexity of the asynchronous state machine replication problem with that of the partially synchronous version. It not only enables the blockchain to seamlessly integrate the asynchronous BFT protocol, renowned for its efficiency without excessive data requirements or message complexity, but also strengthens the system against potential attacks associated with synchronous networks (e.g., eclipse attack [17], routing attack [3]), particularly those reliant on time-bound assumptions. ...
Preprint
Full-text available
Vote-based blockchains construct a state machine replication (SMR) system among participating nodes, using Byzantine Fault Tolerance (BFT) consensus protocols to transition from one state to another. Currently, they rely on either synchronous or partially synchronous networks with leader-based coordination or costly Asynchronous Common Subset (ACS) protocols in asynchronous settings, making them impractical for large-scale asynchronous applications. To make Asynchronous SMR scalable, this paper proposes a \emph{validated strong} BFT consensus model that allows leader-based coordination in asynchronous settings. Our BFT consensus model offers the same level of tolerance as binary byzantine agreement but does not demand consistency among honest nodes before they vote. An SMR using our model allows nodes to operate in different, tentative, but mutually exclusive states until they eventually converge on the same state. We propose an asynchronous BFT protocol for vote-based blockchains employing our consensus model to address several critical challenges: how to ensure that nodes eventually converge on the same state across voting rounds, how to assure that a blockchain will steadily progress through epochs while reaching consensus for previous epochs, and how to maintain robust byzantine fault tolerance. Our protocol greatly reduces message complexity and is the first one to achieve linear view changes without relying on threshold signatures. We prove that an asynchronous blockchain built on our protocol can operate with the \emph{same} simplicity and efficiency as partially synchronous blockchains built on, e.g. HotStuff-2. This facilitates deploying asynchronous blockchains across large-scale networks.
... 6 Related Work BGP limitations. A large body of research focuses on addressing or alleviating BGP limitations including lack of authentication [8,29,44,68], obliviousness to performance [57,62,66,69], and challenging configuration [13,22,47,52]. Although recommended best practices exist [23], actual deployments are not always compliant [14,19,21], and the mechanisms available for supporting interdomain routing coordination are ad-hoc and underdocumented [40,41,55,61]. ...
... Below is a query for a route object showing a prefix and the AS expected to originate it: % whois -h whois.radb.net 8. 8 The two real RPSL rules that follow illustrate the flexibility of the RPSL and the difficulty in parsing its semantics. The rule below is defined by AS8323: % whois -h whois.ripe.net ...
... An integer overflow in the unprotected distributeToken function of implementing an intelligent contract for EETHER (EETHER), the token Ethereum ERC20, will lead to an unauthorized increase in the attacker's digital assets, which is a critical vulnerability of the Solidity language, which defines the uint type as a 256bit integer unsigned number. Fig. 9. Splitting the network into two parts and intercepting traffic to node F BGP (Border Gateway Protocol), the main dynamic Internet routing protocol, is vulnerable to routing-changing attacks [4] when a certain node starts pretending to be something else. Each node uses BGP to distribute network prefixes which can be given traffic. ...
Article
Full-text available
Blockchain has great advantages over existing payment systems (bank cards, electronic money, etc.), such as decentralization and auditing capacity. There is a wide range of blockchain applications, ranging from cryptocurrency, financial services, risk management, the Internet of things and ending with public and social services. A number of studies had focused on the use of blockchain technology in various applications. We are doing research of blockchain technology soundness. In particular, this article focuses on analyzing the safety of using a blockchain, represents typical attacks on a protocol, examines blockchain applications and discusses technical problems, as well as recent innovations in solving difficult problems. It also provides an analysis of the two most popular cryptocurrencies and smart contracts, as well as the safety problems associated with them. Блокчейн имеет множество преимуществ по сравнению с существующими платежными системами (банковских карт, электронных денег и пр.), таких как децентрализация и возможность аудита. Существует широкий спектр приложений блокчейна, начиная от криптовалюты, финансовых услуг, управления рисками, Интернета вещей и заканчивая государственными и социальными услугами. В ряде исследований основное внимание уделяется использованию технологии блокчейна в различных прикладных аспектах. Мы проводим исследование безопасности технологии блокчейна. В частности, эта статья уделяет внимание анализу безопасности использования блокчейна, представляет типичные атаки на протокол, рассматривает приложения блокчейна и обсуждает технические проблемы, а также последние достижения в решении проблем. Также приводятся анализ двух наиболее популярных криптовалют и смарт-контрактов, а также проблем безопасности связанных с ними.
... . No ataque de sequestro BGP, como ilustrado na Figura 4.12, os atacantes objetivam interceptar o tráfego da rede da Blockchain, mais especificamente as conexões dos mineradores, redirecionando o tráfego para um pool de mineração controlado pelo atacante.Introdução à Vulnerabilidades e Ataques em Blockchains e CriptomoedasNas Blockchains, os ataques de sequestro BGP ocorrem em nível de nodo ou rede. No caso da Bitcoin[Apostolaki et al. 2017], o sequestro de alguns grandes pools de mineraçãoé o suficiente para produzir um efeito significativo na rede, como atrasar a velocidade de propagação dos blocos ou até mesmo dividir a rede da Blockchain.É importante ressaltar que o principal desafio do sequestro BGPé a distribuição do poder de mineração da rede, o que afeta diretamente o número de prefixos IP que precisam ser sequestrados para o ataque ser bem sucedido. ...
Chapter
Full-text available
Neste capítulo, apresentamos uma análise abrangente das principais vulnerabilidades e ataques associados à tecnologia Blockchain e às criptomoedas, contextualizando sua relevância em sistemas distribuídos modernos. Exploramos um total de 17 ataques, detalhando desde os mecanismos por trás de cada ameaça até as contramedidas atualmente conhecidas. Exemplos incluem o ataque de 51%, que pode comprometer a segurança de toda a rede ao permitir o controle majoritário por um único grupo, e o gasto duplo, que explora falhas no tempo de confirmação de transações. Além disso, abordamos vulnerabilidades como aquelas relacionadas a contratos inteligentes, que, quando mal desenvolvidos, podem expor sistemas a graves riscos de reentrada e inconsistências no estado. Ademais, também discutimos o impacto prático desses ataques, que já resultaram em perdas financeiras substanciais, como no caso da exploração de carteiras no ambiente Ethereum. Paralelamente, apresentamos medidas preventivas e corretivas, como a aplicação de algoritmos de consenso robustos, o uso de verificações adicionais em transações e a implementação de soluções avançadas contra ameaças emergentes, como a computação quântica. Apesar dos avanços no campo, enfatizamos que diversos desafios ainda permanecem, especialmente no que tange à mitigação de ataques complexos e à evolução de novos modelos de segurança para Blockchains. Concluímos destacando a necessidade de contínua pesquisa e inovação para fortalecer a resiliência das redes distribuídas contra ameaças futuras.
... No ataque de sequestro BGP, como ilustrado na Figura 4.12, os atacantes objetivam interceptar o tráfego da rede da Blockchain, mais especificamente as conexões dos mineradores, redirecionando o tráfego para um pool de mineração controlado pelo atacante. [Apostolaki et al. 2017], o sequestro de alguns grandes pools de mineraçãoé o suficiente para produzir um efeito significativo na rede, como atrasar a velocidade de propagação dos blocos ou até mesmo dividir a rede da Blockchain.É importante ressaltar que o principal desafio do sequestro BGPé a distribuição do poder de mineração da rede, o que afeta diretamente o número de prefixos IP que precisam ser sequestrados para o ataque ser bem sucedido. ...
Book
Full-text available
O Programa Clube Universidade Hacker tem como objetivo acompanhar a evolução tecnológica e aprofundar conhecimentos em segurança da informação por meio de diversas iniciativas, incluindo momentos culturais, workshops com especialistas da indústria, oficinas práticas, treinamentos online e presenciais, promoção de eventos técnico-científicos, interação com grupos externos de tecnologia e segurança, desenvolvimento de soluções tecnológicas para demandas locais e regionais, campanhas de conscientização sobre tecnologia, segurança e privacidade, além de competições de hack e outras atividades de integração.
... It allows for very simple digital cash spending but has serious privacy and anonymity flaws [1,3,26]. Additionally, Biryukov and Pustogarov, 2015, show that using Bitcoin over the Tor network opens an entirely new attack surface [4]. ...
Preprint
Transactive microgrids are emerging as a transformative solution for the problems faced by distribution system operators due to an increase in the use of distributed energy resources and a rapid acceleration in renewable energy generation, such as wind and solar power. Distributed ledgers have recently found widespread interest in this domain due to their ability to provide transactional integrity across decentralized computing nodes. However, the existing state of the art has not focused on the privacy preservation requirement of these energy systems -- the transaction level data can provide much greater insights into a prosumer's behavior compared to smart meter data. There are specific safety requirements in transactive microgrids to ensure the stability of the grid and to control the load. To fulfil these requirements, the distribution system operator needs transaction information from the grid, which poses a further challenge to the privacy-goals. This problem is made worse by requirement for off-blockchain communication in these networks. In this paper, we extend a recently developed trading workflow called PETra and describe our solution for communication and transactional anonymity.
... Eclipse and partitioning. Note that this monopolized behavior is similar to the eclipse and partitioning attacks where the adversary separates the network into two distinct group and controls all the connections between them [26], [27]. Indeed, Lemma 2 can be generalized to the case where the adversary is able to control all the outgoing connections of a client. ...
Preprint
Existing permissionless blockchain solutions rely on peer-to-peer propagation mechanisms, where nodes in a network transfer transaction they received to their neighbors. Unfortunately, there is no explicit incentive for such transaction propagation. Therefore, existing propagation mechanisms will not be sustainable in a fully decentralized blockchain with rational nodes. In this work, we formally define the problem of incentivizing nodes for transaction propagation. We propose an incentive mechanism where each node involved in the propagation of a transaction receives a share of the transaction fee. We also show that our proposal is Sybil-proof. Furthermore, we combine the incentive mechanism with smart routing to reduce the communication and storage costs at the same time. The proposed routing mechanism reduces the redundant transaction propagation from the size of the network to a factor of average shortest path length. The routing mechanism is built upon a specific type of consensus protocol where the round leader who creates the transaction block is known in advance. Note that our routing mechanism is a generic one and can be adopted independently from the incentive mechanism.
... To learn from past patterns and attribute connections, pre-processed bitcoin data will be used to train both ARIMA and GNN (Apostolaki, Zohar & Vanbever, 2017). The predictions from ARIMA and GNN will be combined using an average method to build an ensemble model following the training of the individual models (Kharraz et al., 2019). ...
Article
Full-text available
This research addresses the critical issue of cryptojacking attacks, a significant cybersecurity threat where malicious actors covertly exploit computational resources for unauthorized cryptocurrency mining, particularly in wireless sensor networks (WSN) and Internet of Things (IoT) devices. The article proposes an innovative approach that integrates time series analysis with graph neural networks (GNNs) to forecast/detect cryptojacking attack trends within these vulnerable ecosystems. Utilizing the "Cryptojacking Attack Timeseries Dataset," the proposed method emphasizes early detection and predictive insights to anticipate emerging attack patterns. Through rigorous experiments, the model demonstrated high accuracy with ARIMA achieving up to 99.98% on specific attributes and the GNN model yielding an accuracy of 99.99%. Despite these strengths, the ensemble approach showed a slightly lower overall accuracy of 90.97%. Despite the reduction in accuracy compared to individual models, the ensemble method enhances predictive robustness and adaptability, making it more effective in identifying emerging cryptojacking trends amidst varying network conditions. This research significantly contributes to enhancing cybersecurity measures against the evolving threat of cryptojacking in WSN and IoT environments by providing a robust, proactive defence mechanism.
... That claim's credibility determines the token's corresponding value . Furthermore, cyber and technical troubles (Hacibedel & Perez Saiz 2023) align with awareness (I1-5) of the risks of decentralized protocols, cyber criminals, and technological progress (Apostolaki et al. 2017). Additionally, the lack of an appropriate corporate strategy is indicative of the entire organization (I2, I4). ...
Conference Paper
Full-text available
The emergence of decentralized finance and crypto assets has fundamentally changed the financial world and offers new potential to private investors and financial service providers. Despite the benefits, it is essential to face the risks. While initial regulation is already in place for risk management, financial service providers are often left to implement these measures on their own. This paper aims to identify the requirements for crypto assets risk management for financial service providers that go beyond implementing individual regulations. Guided by our research approach, we derive requirements from an academic and practical knowledge base. Accordingly, we evaluate the final requirements with a mixed-methods approach to receive feedback from portfolio managers, financial advisors, and blockchain experts. Finally, we will provide a comprehensive framework for financial service providers to effectively manage and mitigate crypto asset risks.
... Another prominent attack is routing. In this data packet, routing pathways are manipulated, like BGP hijacking [34]. It may result in blockchain node isolation, spying, or interception. ...
Article
Full-text available
Blockchain technology is rapidly transforming how businesses and individuals interact. Its inherent security features, including immutability, tamper-proofing, and verifiable data provenance, are driving its adoption across numerous sectors. The financial sector heavily influences blockchain for its tamper-proof nature, leading to the rise of cryptocurrencies, the technology offers much more. Beyond security, it streamlines processes, reduces costs, and improves customer experience. Smart contracts are one of the predominant key components that automate predetermined operations, further enhancing blockchain’s capabilities. Understanding the importance of blockchain in non-financial applications is crucial for fully exploiting its potential. This analysis explores the fundamentals of blockchain technology and its applications beyond finance. To meet the growing demand across various sectors, blockchain must integrate with other trending technologies such as the Internet of Things (IoT), Artificial Intelligence (AI), and the edge-cloud paradigm. The analysis examines the role of these technologies in facilitating blockchain-enabled applications. Furthermore, the paper researches the specific use cases such as insurance, energy, healthcare, digital voting, supply chain management and government. Concentrating on these sectors elucidates how organisations harness blockchain to tackle intricate challenges, thereby fostering the advancement of sophisticated digital processes and contributing to societal progression.
... There is also a broader history of network-layer attacks in cryptocurrency networks including Eclipsing [38,39,49], broader network-partitioning attacks [62,63], and network routing manipulations such as BGP-Hijacking [4] and its prevention [3] and miner-pool networks routing attacks [64]. Protocol-level details have also been utilized to infer peering relationships, such as the structure of transaction messages and their broadcast behavior in the Bitcoin [21,52,54] and Ethereum [46] networks, and peer discovery messages in the Monero network [18]. ...
Preprint
Many blockchain networks aim to preserve the anonymity of validators in the peer-to-peer (P2P) network, ensuring that no adversary can link a validator's identifier to the IP address of a peer due to associated privacy and security concerns. This work demonstrates that the Ethereum P2P network does not offer this anonymity. We present a methodology that enables any node in the network to identify validators hosted on connected peers and empirically verify the feasibility of our proposed method. Using data collected from four nodes over three days, we locate more than 15% of Ethereum validators in the P2P network. The insights gained from our deanonymization technique provide valuable information on the distribution of validators across peers, their geographic locations, and hosting organizations. We further discuss the implications and risks associated with the lack of anonymity in the P2P network and propose methods to help validators protect their privacy. The Ethereum Foundation has awarded us a bug bounty, acknowledging the impact of our results.
... We assume an adversary that is capable of making a malicious BGP announcement with the aim of redirecting traffic. This traffic redirection can be used to attack several different critical applications that run atop the Internet [24,27,48]. The adversary also aims to avoid detection by BGP monitoring (i.e., launch a stealthy BGP attack) to prevent the victim from taking defensive action. ...
Preprint
As the deployment of comprehensive Border Gateway Protocol (BGP) security measures is still in progress, BGP monitoring continues to play a critical role in protecting the Internet from routing attacks. Fundamentally, monitoring involves observing BGP feeds to detect suspicious announcements and taking defensive action. However, BGP monitoring relies on seeing the malicious BGP announcement in the first place! In this paper, we develop a novel attack that can hide itself from all state-of-the-art BGP monitoring systems we tested while affecting the entire Internet. The attack involves launching a sub-prefix hijack with the RFC-specified NO_EXPORT community attached to prevent networks with the malicious route installed from sending the route to BGP monitoring systems. We study the viability of this attack at four tier-1 networks and find all networks we studied were vulnerable to the attack. Finally, we propose a mitigation that significantly improves the robustness of the BGP monitoring ecosystem. Our paper aims to raise awareness of this issue and offer guidance to providers to protect against such attacks.
... The inherent openness and decentralized architecture of the Bitcoin network make it susceptible to attacks [5,7,33,40], especially DoS attacks. To fortify against such threats, Bitcoin has implemented a misbehavior-score mechanism. ...
... Routing attacks involve the manipulation of the routing of messages between nodes in a blockchain network. Attackers VOLUME 11, 2023 can exploit vulnerabilities in the underlying network infrastructure, such as the Border Gateway Protocol (BGP), to intercept, modify, or drop messages between nodes, leading to the partitioning of the network, isolation of nodes, or the injection of false information into the blockchain [104]. BGP hijacking tools and SCION (Scalability, Control, and Isolation on Next-Generation Networks) can simulate and defend against routing attacks [105]. ...
Article
Full-text available
This paper reviews the role of blockchain technology in enhancing the security of Internet of Things (IoT) systems and maintaining data integrity. We address the increased vulnerabilities and broader attack surface resulting from the integration of blockchain and IoT. The review emphasizes the potential of technologies like zero-knowledge proofs (ZKP) and post-quantum cryptography (PQC) to mitigate these security challenges. Additionally, we explore how game theory, machine learning, and cyber deception strengthen the defense of blockchain-based IoT systems against various threats. The paper also identifies open research areas, emphasizing the need for continued exploration to advance these fields. An additional contribution of this study is introducing a conceptual framework incorporating these technologies, laying the groundwork for developing advanced security solutions within the blockchain-enhanced IoT ecosystem.
... However, DDoS is not a big issue for blockchain as it uses decentralization; however, if the attacker can generate fake/spam transactions forcing the network to be slow and overwhelm it overall, the normal working of the network can be disrupted [39]. Routing attacks on blockchain networks involve changing the network traffic and forcing it to partition the network and slow the transaction processes making the network distributed and vulnerable [40]. Similarly, eclipse attacks on networks monopolise the nodes controlling their paths feeding the wrong information, and completely isolating the node from the rest. ...
Article
Full-text available
The increasing reliance on computer networks and blockchain technology has led to a growing concern for cybersecurity and privacy. The emergence of zero-day vulnerabilities and unexpected exploits has highlighted the need for innovative solutions to combat these threats. Bug bounty programs have gained popularity as a cost-effective way to crowdsource the task of identifying vulnerabilities, providing a secure and efficient means of enhancing cybersecurity. This paper provides a comprehensive survey of various free and paid bug bounty programs in the computer networks and blockchain industry, evaluating their effectiveness, impact, and credibility. The study explores the structure, incentives, and nature of vulnerabilities uncovered by these programs, as well as their unique value proposition. A comparative analysis is conducted to identify advantages and disadvantages, highlighting the strengths and weaknesses of each program. The paper also examines the role of ethical hackers in bug bounty programs and their contributions to strengthening cybersecurity and privacy. Finally, the study concludes with recommendations for addressing the challenges faced by bug bounty programs and suggests potential future directions to enhance their impact on computer networks and blockchain security.
... Resource exhaustion by adversarial smart contracts is out of the scope of this paper. Besides, denial of blockchain services have been studied across different layers in a blockchain system stack including eclipse attacks on the P2P networks [18], [21], [14], [25], DoS blockchain consensus [22], [3], DoS state storage [17], etc. ...
Preprint
Full-text available
The mempool plays a crucial role in blockchain systems as a buffer zone for pending transactions before they are executed and included in a block. However, existing works primarily focus on mitigating defenses against already identified real-world attacks. This paper introduces secure blockchain-mempool designs capable of defending against any form of asymmetric eviction DoS attacks. We establish formal security definitions for mempools under the eviction-based attack vector. Our proposed secure transaction admission algorithm, named \textsc{saferAd-PR}, ensures eviction-security by providing a provable lower bound on the cost of executing eviction DoS attacks. Through evaluation with real transaction trace replays, \textsc{saferAd-PR} demonstrates negligible latency and significantly high lower bounds against any eviction attack, highlighting its effectiveness and robustness in securing blockchain mempools.
... As mentioned earlier, the 51% attack has many serious security issues for blockchains but also provides further vulnerability with regard to double spending [3]. In the context of double spending, the mechanism of attack can be conducted as follows: the attacker or a group of attackers aims to acquire over 50% of the network's hash computing power. ...
Article
Full-text available
The introduction of blockchain technology has brought about significant transformation in the realm of digital transactions, providing a secure and transparent platform for peer-to-peer interactions that cannot be tampered with. The decentralised and distributed nature of blockchains guarantees the integrity and authenticity of the data, eliminating the need for intermediaries. The applications of this technology are not limited to the financial sector, but extend to various areas, such as supply chain management, identity verification, and governance. At the core of these blockchains is the consensus mechanism, which plays a crucial role in ensuring the reliability and integrity of a system. Consensus mechanisms are essential for achieving an agreement amongst network participants regarding the validity of transactions and the order in which they are recorded on the blockchain. By incorporating consensus mechanisms, blockchains ensure that all honest nodes in the network reach a consensus on whether to accept or reject a block, based on predefined rules and criteria. The aim of this study is to introduce a novel consensus mechanism named Erdos, which seeks to address the shortcomings of existing consensus algorithms, such as the Proof of Work and Proof of Stake. Erdos emphasises security, decentralisation, and fairness. One notable feature of this mechanism is its equitable node-selection algorithm, which ensures equal opportunities for all nodes to engage in block creation and validation. In addition, Erdos implements a deterministic block finalisation process that guarantees the integrity and authenticity of the blockchain. The main contribution of this research lies in its innovative approach to deterministic block finalisation, which effectively mitigates the various security risks associated with blockchain systems.
... A heuristic algorithm facilitates the extraction of payout flows from mining pools, enabling anyone to gather information about miners operating as pool members in specific pools [27]. Additionally, techniques involving block INV messages can be employed to identify mining nodes in the Bitcoin network [28]. Another algorithm, Heuristic 1, can be utilized to pinpoint mining nodes [29]. ...
Article
Full-text available
In permissionless blockchain systems, Proof of Work (PoW) is utilized to address the issues of double-spending and transaction starvation. When an attacker acquires more than 50% of the hash power of the entire network, they gain the ability to engage in double-spending activities, posing a significant threat to the PoW consensus algorithm. This research focuses on the consensus algorithm employed in the Bitcoin system, explaining how it operates and the security challenges it faces. The proposed modification to the PoW algorithm imposes a restriction on miners: they are not allowed to accept consecutive blocks from the same miner into the final local blockchain to prevent the 51% attack problem. This modification supports transactions that require six confirmations. In the event an attacker attempts a 51% attack with a private chain that consists of fewer than 6 blocks, it becomes easier to detect a double-spending attack before accepting the attacker’s private chain. The modified algorithm introduces a "Safe Mode Detection Algorithm" that scrutinizes incoming blocks for adjustments at the top of the local blockchain. If inconsistencies are identified, the consensus algorithm proceeds cautiously by comparing the UTXO dictionaries from the attacker’s chain with those from the miner’s own blockchain. This meticulous comparison aims to detect instances of double-spending. If such instances are detected, the miner rejects the attacker’s chain, establishing a double-spend-free environment and thwarting 51% attacks.
... Bitcoin-NG [38] is a distributed fault tolerant protocol designed to scale the blockchain architecture, which claimed the same trust model as Bitcoin. Although Bitcoin-NG increases the overall throughput, it is still vulnerable to these kinds of attacks [39], [40]. However, it goes beyond the state of the art and can be seen as an enhancement of the existing models, improving the performance and focusing on the achievement of better security, scalability, and robustness. ...
Article
Full-text available
The Internet of Things (IoT) revolution has introduced sensor-rich devices to an ever growing landscape of smart environments. A key component in the IoT scenarios of the future is the requirement to utilize a shared database that allows all participants to operate collaboratively, transparently, immutably, correctly and with performance guarantees. Blockchain databases have been proposed by the community to alleviate these challenges, however existing blockchain architectures suffer from performance issues. In this paper we introduce Triabase, a novel permissioned blockchain system architecture that applies data decaying concepts to cope with scalability issues in regards to blockchain consensus and storage efficiency. For blockchain consensus, we propose the Proof of Federated Learning (PoFL) algorithm which exploits data decaying models as Proof-of-Work. For storage efficiency, we exploit federated learning to construct data postdiction machine learning models to minimize the storage of bulky data on the blockchain. We present a detailed explanation of our system architecture as well as the implementation in the Hyperledger fabric framework. We use our implementation to carry out an experimental evaluation with telco big data at scale showing that our framework exposes desirable qualities, namely efficient consensus at the blockchain layer while optimizing storage efficiency.
Article
Blockchain technology has heralded a new era in digital innovation, revolutionizing our approach to designing and building distributed applications in the digital sphere. Blockchain technology operates as an immutable digital ledger, where each entry representing a digital transaction is indelible and cannot be altered once established. Initially designed as the fundamental framework for cryptocurrencies, blockchain has outgrown its original purpose, demonstrating significant potential in various industries and offering a variety of security and privacy features. Our study provides a thorough and current survey of blockchain applications, security, privacy concepts, primitives, and threat models. It stands out by concentrating on how blockchain technology intersects with emerging fields like IoT, EVs, FinTech, and healthcare systems in a single framework. To provide security and privacy features, blockchain systems employ different foundational notions and primitives while tackling diverse adversarial scenarios with various capabilities and goals. This study presents a fresh examination of the current state of applications, security and privacy notions and primitives, and threat models in blockchain systems. Additionally, this work highlights existing gaps in knowledge and outlines open questions, aiming to stimulate interest in further advancements in the field.
Article
Although Internet routing security best practices have recently seen auspicious increases in uptake, Internet Service Providers (ISPs) have limited incentives to deploy them. They are operationally complex and expensive to implement and provide little competitive advantage. The practices with significant uptake protect only against origin hijacks, leaving unresolved the more general threat of path hijacks. We propose a new approach to improved routing security that achieves four design goals: improved incentive alignment to implement best practices; protection against path hijacks; expanded scope of such protection to customers of those engaged in the practices; and reliance on existing capabilities rather than needing complex new software in every participating router. Our proposal leverages an existing coherent core of interconnected ISPs to create a zone of trust, a topological region that protects not only all networks in the region, but all directly attached customers of those networks. Customers benefit from choosing ISPs committed to the practices, and ISPs thus benefit from committing to the practices. We discuss the concept of a zone of trust as a new, more pragmatic approach to security that improves security in a region of the Internet, as opposed to striving for global deployment. We argue that the aspiration for global deployment is unrealistic, since the global Internet includes malicious actors. We compare our approach to other schemes and discuss how a related proposal, ASPA, could be used to increase the scope of protection our scheme achieves. We hope this proposal inspires discussion of how the industry can make practical, measurable progress against the threat of route hijacks in the short term by leveraging institutionalized cooperation rooted in transparency and accountability.
Article
BGP distributes prefixes advertised by Autonomous Systems (ASes) and computes the best paths between them. It is the only routing protocol used to exchange interdomain routes on the Internet. Since its original definition in the late 1980s, BGP uses TCP. To prevent attacks, BGP has been extended with features such as TCP-MD5, TCP-AO, GTSM and data-plane filters. However, these ad hoc solutions were introduced gradually as the Internet grew. In parallel, TLS was standardized to secure end-to-end data-plane communications. Today, a large proportion of the Internet traffic is secured using TLS. Surprisingly, BGP still does not use TLS despite its adequate security features to establish BGP sessions. In this paper, we make the case for using a secure transport with BGP. This can be achieved with TLS combined with TCP-AO or by replacing TCP by QUIC. This protects the BGP stream using established secure transport protocols. In addition, we show that a secure transport using X.509 certificates enables BGP routers to be securely and automatically configured from these certificates. We extend the open-source BIRD BGP daemon to support TLS with TCP-AO and QUIC, to handle such certificates and demonstrate several use cases that benefit from the secure and automated capabilities enabled by our proposal.
Article
Full-text available
Blockchain provides several advantages, including decentralization, data integrity, traceability, and immutability. However, despite its advantages, blockchain suffers from significant limitations, including scalability, resource greediness, governance complexity, and some security related issues. These limitations prevent its adoption in mainstream applications. Artificial Intelligence (AI) can help addressing some of these limitations. This survey provides a detailed overview of the different blockchain AI-based optimization and improvement approaches, tools and methodologies proposed to meet the needs of existing systems and applications with their benefits and drawbacks. Afterwards, the focus is on suggesting AI-based directions where to address some of the fundamental limitations of blockchain.
Article
This paper embarks on a detailed examination of the inherent security challenges faced by blockchain networks, including fraudulent transactions, double-spending, and 51% attacks, among others. Using recent advancements in ML, it presents a novel methodology for real-time anomaly detection, predictive threat modeling, and adaptive security protocols that leverage data-driven insights to fortify the blockchain against both known and emerging threats. By analyzing case studies and empirical data, this study illustrates the effectiveness of ML techniques in enhancing the resilience and integrity of blockchain systems. Furthermore, it explores the implications of these innovations for future blockchain applications, proposing a framework for the integration of ML into blockchain security strategies. This article aims to serve as a cornerstone for researchers, technologists, and cybersecurity professionals, offering insights into the future of secure blockchain ecosystems powered by the intelligent capabilities of machine learning.
Article
With the increasing demand for blockchain technology in various industry sectors, there has been a growing interest in the Byzantine Fault Tolerance (BFT) consensus that is the backbone of most of these blockchains. However, many state-of-the-art algorithms that require reliable connections can only offer limited throughput in wide-area networks (WANs), where participants are connected over long distances and may experience unpredictable network failures. The partially-connected BFTs are designed for unreliable and highly dynamic networks yet impose exponential communication complexity. This paper proposes Stable Byzantine Fault Tolerance (SBFT), a BFT communication abstraction that can sustain high throughput and low latency in WAN. SBFT separates the leader from consensus in pipelined BFT consensus and uses an adaptive consensus mechanism to resist dynamic faulty links, maintaining consensus efficiency when network connectivity is high while adapting to dynamic networks with low connectivity. We implemented a prototype of SBFT and tested it on the WAN. The results demonstrate that SBFT has a throughput similar to HotStuff in a fault-free environment but can reduce about 80% of consensus latency. Besides, SBFT retains 40% of the original throughput when the link failure probability is 0.4 , while the baseline HotStuff retains less than 40% when the link failure probability is only 0.1 .
Article
We consider the time-restricted double-spending attack (TR-DSA) on the Proof-of-Work-based blockchain, where an adversary conducts a DSA within a finite timeframe and simultaneously launches multiple types of attacks on the blockchain. To be specific, the adversary can conduct attacks to isolate some honest miners and cause block propagation delays among miners to enhance the success probability of the TR-DSA. We first develop the closed-form expression for the success probability of a TR-DSA with the aid of multiple types of attacks, which is leveraged to develop the closed-form expression for the expected profit of a TR-DSA. The numerical analysis reveals that in scenarios where an adversary lacks the majority of computational power in the blockchain network, it is advisable for the adversary to refrain from indefinitely conducting a DSA, and moreover, the adversary can repeatedly launch “short-time” TR-DSAs to obtain their maximum expected profit. Notably, by leveraging the closed-form expression for the expected profit of a TR-DSA, the blockchain network designer can reduce the expected profit of a TR-DSA and therefore significantly mitigate the risk of TR-DSAs by adjusting system parameters, such as the number of blocks required for transaction confirmation, mining reward, and mining cost.
Article
Full-text available
The literature review examines the blockchain applications in healthcare, it focuses on its capabilities to address the critical challenges faced by traditional data management systems. Blockchain's decentralized, transparent, and immutable nature offers robust solutions for safeguarding sensitive health information, ensuring data integrity, and facilitating secure data exchanges among healthcare providers. The review begins with an exploration of blockchain fundamentals and theoretical perspectives on technology adoption. It then delves into the specific applications of blockchain in healthcare, including data security, patient privacy, interoperability, and the enhancement of trust and transparency. Case studies from various global implementations illustrate the practical benefits and challenges of deploying blockchain in healthcare settings. Despite the promising advantages, the review identifies several challenges and limitations, such as technical scalability issues, regulatory compliance, and adoption barriers. Comparative analyses highlight the superiority of blockchain over traditional systems in terms of security and efficiency. The review concludes with an outlook on future trends and innovations, suggesting that integrating blockchain with emerging technologies like IoT and AI could further enhance healthcare outcomes. This comprehensive examination underscores the transformative potential of blockchain in creating a secured healthcare system while calling for continued research and collaboration to address existing barriers and fully realize its benefits.
Article
Traditional blockchain systems offer a secure way of tracking the ownership of digital assets as long as the attacker does not control a large portion of the overall computational or mining power. They typically require participants to generate a proof-of-work before proposing a block at a given index of the chain. To choose one block among the candidate blocks at the same index, Nakamoto’s consensus, Ghost and the original Ethereum’s consensus select, respectively, the longest branch, the heaviest subtree and the branch with the most difficult crypto-puzzles. This allows an attacker who can generate proofs-of-work faster than others to double spend by overwriting any given branch. In this paper, we present a double spending attack, called the Balance attack, that simply needs to delay some messages. This result sheds new lights on an important, often implicit, assumption of the blockchain, synchrony , under which the transmission delay of any message should be within a known upper bound. We show that the attack succeeds with high probability on the protocols of the two largest blockchain systems in market capitalization, Bitcoin and Ethereum. To quantify the impact of our attack, we replicated the blockchain network run by fifty financial institutions and achieved double spending in less than 20 minutes. Finally, we demonstrate the success of the attack empirically by modifying the geth software and hijacking BGP in a controlled distributed system whose distribution of mining power is set to the distribution observed on the Ethereum main blockchain.
Conference Paper
Full-text available
While showing great promise, Bitcoin requires users to wait tens of minutes for transactions to commit - even then offering only probabilistic guarantees. This paper introduces ByzCoin, a novel Byzantine consensus protocol that leverages scalable collective signing to commit Bitcoin transactions irreversibly within seconds. ByzCoin achieves Byzantine consensus while preserving Bitcoin's open membership by dynamically forming hash power-proportionate consensus groups representing recently-successful block miners. ByzCoin employs communication trees to optimize transaction commitment and verification under normal operation while guaranteeing safety and liveness under Byzantine faults, up to a near-optimal tolerance of f faulty group members among 3f+2 total. ByzCoin mitigates double spending and selfish mining attacks by producing collectively signed transaction blocks within one minute of transaction submission. Tree-structured communication further reduces this latency to less than 30 seconds. Thanks to these optimizations ByzCoin achieves a throughput higher than Paypal currently handles, with confirmation latencies of 15-20 seconds.
Conference Paper
Full-text available
Given the increasing adoption of Bitcoin, the number of transactions and the block sizes within the system are only expected to increase. To sustain its correct operation in spite of its ever-increasing use, Bitcoin implements a number of necessary optimizations and scalability measures. These measures limit the amount of information broadcast in the system to the minimum necessary. In this paper, we show that current scalability measures adopted by Bitcoin come at odds with the security of the system. More specifically, we show that an adversary can exploit these measures in order to effectively delay the propagation of transactions and blocks to specific nodes—without causing a network partitioning in the system. We show that this allows the adversary to easily mount Denial-of-Service attacks, considerably increase its mining advantage in the network, and double-spend transactions in spite of the current countermeasures adopted by Bitcoin. Based on our results , we propose a number of countermeasures in order to enhance the security of Bitcoin without deteriorating its scalability.
Conference Paper
Full-text available
We present a simulation model of the Bitcoin peer-to-peer network, a widely deployed distributed electronic currency system. The model enables evaluations of the feasibility and cost of attacks on the Bitcoin network at full scale of 6,000 nodes. The simulation model is based on unmodified code from core segments of the Bitcoin reference implementation used by 99% of nodes. Parametrization of the model is performed based on large-scale measurements of the real-world network. We present preliminary validation results showing a reasonable correspondence of the propagation of messages in the Bitcoin network compared with simulation results. We apply the model to study the feasibility of a partitioning attack on the network and show that the attack is sensitive to the churn of the attacking nodes.
Article
Full-text available
Bitcoin is a decentralized crypto-currency, and an accompanying protocol, created in 2008. Bitcoin nodes continuously generate and propagate blocks---collections of newly approved transactions that are added to Bitcoin's ledger. Block creation requires nodes to invest computational resources, but also carries a reward in the form of bitcoins that are paid to the creator. While the protocol requires nodes to quickly distribute newly created blocks, strong nodes can in fact gain higher payoffs by withholding blocks they create and selectively postponing their publication. The existence of such selfish mining attacks was first reported by Eyal and Sirer, who have demonstrated a specific deviation from the standard protocol (a strategy that we name SM1). In this paper we extend the underlying model for selfish mining attacks, and provide an algorithm to find ϵ\epsilon-optimal policies for attackers within the model, as well as tight upper bounds on the revenue of optimal policies. As a consequence, we are able to provide lower bounds on the computational power an attacker needs in order to benefit from selfish mining. We find that the profit threshold -- the minimal fraction of resources required for a profitable attack -- is strictly lower than the one induced by the SM1 scheme. Indeed, the policies given by our algorithm dominate SM1, by better regulating attack-withdrawals. Using our algorithm, we show that Eyal and Sirer's suggested countermeasure to selfish mining is slightly less effective than previously conjectured. Next, we gain insight into selfish mining in the presence of communication delays, and show that, under a model that accounts for delays, the profit threshold vanishes, and even small attackers have incentive to occasionally deviate from the protocol. We conclude with observations regarding the combined power of selfish mining and double spending attacks.
Article
Full-text available
The Tor network is a widely used system for anonymous communication. However, Tor is known to be vulnerable to attackers who can observe traffic at both ends of the communication path. In this paper, we show that prior attacks are just the tip of the iceberg. We present a suite of new attacks, called Raptor, that can be launched by Autonomous Systems (ASes) to compromise user anonymity. First, AS-level adversaries can exploit the asymmetric nature of Internet routing to increase the chance of observing at least one direction of user traffic at both ends of the communication. Second, AS-level adversaries can exploit natural churn in Internet routing to lie on the BGP paths for more users over time. Third, strategic adversaries can manipulate Internet routing via BGP hijacks (to discover the users using specific Tor guard nodes) and interceptions (to perform traffic analysis). We demonstrate the feasibility of Raptor attacks by analyzing historical BGP data and Traceroute data as well as performing real-world attacks on the live Tor network, while ensuring that we do not harm real users. In addition, we outline the design of two monitoring frameworks to counter these attacks: BGP monitoring to detect control-plane attacks, and Traceroute monitoring to detect data-plane anomalies. Overall, our work motivates the design of anonymity systems that are aware of the dynamics of Internet routing.
Article
Full-text available
Bitcoin has achieved popularity by promising users a fully decentralized, low-cost virtual currency system. A limited set of entities controls Bitcoin's services, decision-making, mining, and incident resolution processes. These entities can decide Bitcoin's fate, bypassing the will of the multitude of users that populate the network. Bitcoin has led to the emergence of several centralized services that take up a considerable share of the Bitcoin market. Bitcoin resists double-spending attacks by using a distributed PoW-based service. Bitcoin's core developers have the authority to modify Bitcoin protocol and all radical decisions require consensus among all the developers according to the Bitcoin Github repository. Bitcoin users do not have direct influence over the administrators' appointment, raising questions about universal appeal of Bitcoin.
Conference Paper
Full-text available
This paper provides the provable-security treatment of path vector routing protocols. We first design a security definition for routing path vector protocols by studying, generalizing, and formalizing numerous known threats. Our model incorporates three major security goals. It is quite strong, yet simple to use. We prove by reduction that S-BGP satisfies two out of the security model's three goals, assuming the underlying signature scheme is secure. Under the same assumption, we next show how the protocol can be modified to meet all three security goals simultaneously. Finally, we study security of partial PKI deployment of path vector protocols when not all nodes have public keys. We investigate the possibilities of relaxing the PKI requirement and relying on the non-cryptographic physical security of the protocol in order to achieve possibly weaker, but still well-defined, notions of security. We also present the necessary and sufficient conditions to achieve full security in the partial PKI deployment scenario. We believe our conclusions will prove useful for protocol developers, standards bodies and government agencies.
Conference Paper
Full-text available
Bitcoin is a digital currency that unlike traditional currencies does not rely on a centralized authority. Instead Bitcoin relies on a network of volunteers that collectively implement a replicated ledger and verify transactions. In this paper we analyze how Bitcoin uses a multi-hop broadcast to propagate transactions and blocks through the network to update the ledger replicas. We then use the gathered information to verify the conjecture that the propagation delay in the network is the primary cause for blockchain forks. Blockchain forks should be avoided as they are symptomatic for inconsistencies among the replicas in the network. We then show what can be achieved by pushing the current protocol to its limit with unilateral changes to the client's behavior.
Conference Paper
Full-text available
In Bitcoin, transaction malleability describes the fact that the signatures that prove the ownership of bitcoins being transferred in a transaction do not provide any integrity guarantee for the signatures themselves. This allows an attacker to mount a malleability attack in which it intercepts, modifies, and rebroadcasts a transaction, causing the transaction issuer to believe that the original transaction was not confirmed. In February 2014 MtGox, once the largest Bitcoin exchange, closed and filed for bankruptcy claiming that attackers used malleability attacks to drain its accounts. In this work we use traces of the Bitcoin network for over a year preceding the filing to show that, while the problem is real, there was no widespread use of malleability attacks before the closure of MtGox.
Article
Full-text available
OpenFlow is a vendor-agnostic API for controlling hardware and software switches. In its current form, OpenFlow is specific to particular protocols, making it hard to add new protocol headers. It is also tied to a specific processing paradigm. In this paper we make a strawman proposal for how OpenFlow should evolve in the future, starting with the definition of an abstract forwarding model for switches. We have three goals: (1) Protocol independence: Switches should not be tied to any specific network protocols. (2) Target independence: Programmers should describe how switches are to process packets in a way that can be compiled down to any target switch that fits our abstract forwarding model. (3) Reconfigurability in the field: Programmers should be able to change the way switches process packets once they are deployed in a network. We describe how to write programs using our abstract forwarding model and our P4 programming language in order to configure switches and populate their forwarding tables.
Article
Full-text available
Conference Paper
Full-text available
The Internet's interdomain routing protocol, BGP, is vulnerable to a number of damaging attacks, which often arise from operator misconfiguration. Proposed solutions with strong guarantees require a public-key infrastructure, accurate routing registries, and changes to BGP. However, BGP routers can avoid selecting and propagating these routes if they are cautious about adopting new reachability information. We describe a protocol- preserving enhancement to BGP, Pretty Good BGP (PGBGP), that slows the dissemination of bogus routes, providing network operators time to respond before problems escalate into large- scale Internet attacks. Simulation results show that realistic deployments of PGBGP could provide 99% of Autonomous Systems with 24 hours to investigate and repair bogus routes without affecting prefix reachability. We also show that without PGBGP, 40% of ASs cannot avoid selecting bogus routes; with PGBGP, this number drops to less than 1%. Finally, we show that PGBGP is incrementally deployable and offers significant security benefits to early adopters and their customers.
Conference Paper
Full-text available
Tor is an anonymous communications network with thou- sands of router nodes worldwide. An intuition reflected in much of the literature on anonymous communications is that, as an anonymity network grows, it becomes more se- cure against a given observer because the observer will see less of the network. In particular, as the Tor network grows from volunteers operating relays all over the world, it be- comes less and less likely for a single autonomous system (AS) to be able to observe both ends of an anonymous con- nection. Yet, as the network continues to grow significantly, no analysis has been done to determine if this intuition is correct. Further, modifications to Tor's path selection al- gorithm to help clients avoid an AS-level observer have not been proposed and analyzed. Five years ago a previous study examined the AS-level threat against client and destination addresses chosen a pri- ori to be likely or interesting to examine. Using an AS- level path inference algorithm with improved accuracy, more extensive Internet routing data, and, most importantly, a model of typical Tor client AS-level sources and destinations based on data gathered from the live network, we demon- strate that the threat of a single AS observing both ends of an anonymous Tor connection is greater than previously thought. We look at the growth of the Tor network over the past five years and show that its explosive growth has had only a small impact on the network's robustness against an AS-level attacker. Finally, we propose and evaluate the effectiveness of some simple, AS-aware path selection algo- rithms that avoid the computational overhead imposed by full AS-level path inference algorithms. Our results indicate that a novel heuristic we propose is more effective against an AS-level observer than other commonly proposed heuristics for improving location diversity in path selection.
Article
Full-text available
It is well known that the Border Gateway Protocol (BGP), the IETF standard interdomain rout- ing protocol, is vulnerable to a variety of attacks, and that a single misconfigured or malicious BGP speaker could result in large-scale service disruption. In this paper, we present Pretty Secure BGP (psBGP)—a proposal for securing BGP, including an architectural overview, design details for significant aspects, and preliminary security and operational analysis. psBGP differs from other security proposals (e.g., S-BGP and soBGP) in that it makes use of a single-level PKI for AS number authentication, a decentralized trust model for verifying the propriety of IP prefix origin, and a rating-based stepwise approach for AS PATH (integrity) verification. psBGP trades off the strong security guarantees of S-BGP for presumed-simpler operation, e.g., using a PKI with a simple structure, with a small number of certificate types, and of manageable size. psBGP is designed to successfully defend against various (nonmalicious and malicious) threats from uncoordinated BGP speakers, and to be incrementally deployed with incremental benefits.
Article
Full-text available
The Border Gateway Protocol (BGP) is an inter-Autonomous System routing protocol. It is built on experience gained with EGP as defined in RFC 904 [1] and EGP usage in the NSFNET Backbone as described in RFC 1092 [2] and RFC 1093 [3]. The primary function of a BGP speaking system is to exchange network reachability information with other BGP systems. This network reachability information includes information on the list of Autonomous Systems (ASs) that reachability information traverses. This information is sufficient to construct a graph of AS connectivity from which routing loops may be pruned and some policy decisions at the AS level may be enforced.
Conference Paper
The Bitcoin protocol requires nodes to quickly distribute newly created blocks. Strong nodes can, however, gain higher payoffs by withholding blocks they create and selectively postponing their publication. The existence of such selfish mining attacks was first reported by Eyal and Sirer, who have demonstrated a specific deviation from the standard protocol (a strategy that we name SM1). In this paper we investigate the profit threshold – the minimal fraction of resources required for a profitable attack. Our analysis provides a bound under which the system can be considered secure against such attacks. Our techniques can be adapted to protocol modifications to assess their susceptibility to selfish mining, by computing the optimal attack under different variants. We find that the profit threshold is strictly lower than the one induced by the SM1 scheme. The policies given by our algorithm dominate SM1 by better regulating attack-withdrawals. We further evaluate the impact of some previously suggested countermeasures, and show that they are less effective than previously conjectured. We then gain insight into selfish mining in the presence of communication delays, and show that, under a model that accounts for delays, the profit threshold vanishes, and even small attackers have incentive to occasionally deviate from the protocol. We conclude with observations regarding the combined power of selfish mining and double spending attacks.
Conference Paper
Bitcoin is the first and most popular decentralized cryptocurrency to date. In this work, we extract and analyze the core of the Bitcoin protocol, which we term the Bitcoin backbone, and prove two of its fundamental properties which we call common prefix and chain quality in the static setting where the number of players remains fixed. Our proofs hinge on appropriate and novel assumptions on the “hashing power” of the adversary relative to network synchronicity; we show our results to be tight under high synchronization. Next, we propose and analyze applications that can be built “on top” of the backbone protocol, specifically focusing on Byzantine agreement (BA) and on the notion of a public transaction ledger. Regarding BA, we observe that Nakamoto’s suggestion falls short of solving it, and present a simple alternative which works assuming that the adversary’s hashing power is bounded by 1/3. The public transaction ledger captures the essence of Bitcoin’s operation as a cryptocurrency, in the sense that it guarantees the liveness and persistence of committed transactions. Based on this notion we describe and analyze the Bitcoin system as well as a more elaborate BA protocol, proving them secure assuming high network synchronicity and that the adversary’s hashing power is strictly less than 1/2, while the adversarial bound needed for security decreases as the network desynchronizes.
Conference Paper
Article
Anonymity systems like Tor are known to be vulnerable to malicious relay nodes. Another serious threat comes from the Autonomous Systems (ASes) that carry Tor traffic due to their powerful eavesdropping capabilities. Indeed, an AS (or set of colluding ASes) that lies between the client and the first relay, and between the last relay and the destination, can perform timing analysis to compromise user anonymity. In this paper, we show that AS-level adversaries are much more powerful than previously thought. First, routine BGP routing changes can significantly increase the number of ASes that can analyze a user's traffic successfully. Second, ASes can actively manipulate BGP announcements to put themselves on the paths to and from relay nodes. Third, an AS can perform timing analysis even when it sees only one direction of the traffic at both communication ends. Actually, asymmetric routing increases the fraction of ASes able to analyze a user's traffic. We present a preliminary evaluation of our attacks using measurements of BGP and Tor. Our findings motivate the design of approaches for anonymous communication that are resilient to AS-level adversaries.
Article
Internet routing suffers from persistent and transient failures, circuitous routes, oscillations, and prefix hijacks. A major impediment to progress is the lack of ways to conduct impactful interdomain research. Most research is based either on passive observation of existing routes, keeping researchers from assessing how the Internet will respond to route or policy changes; or simulations, which are restricted by limitations in our understanding of topology and policy. We propose a new class of interdomain research: researchers can instantiate an AS of their choice, including its intradomain topology and interdomain interconnectivity, and connect it with the "live" Internet to exchange routes and traffic with real interdomain neighbors. Instead of being observers of the Internet ecosystem, researchers become members. Towards this end, we present the Peering testbed. In its nascent stage, the testbed has proven extremely useful, resulting in a series of studies that were nearly impossible for researchers to conduct in the past. In this paper, we present a vision of what the testbed can provide. We sketch how to extend the testbed to enable future innovation, taking advantage of the rise of IXPs to expand our testbed.
Article
Bit coin has emerged as the most successful cryptographic currency in history. Within two years of its quiet launch in 2009, Bit coin grew to comprise billions of dollars of economic value despite only cursory analysis of the system's design. Since then a growing literature has identified hidden-but-important properties of the system, discovered attacks, proposed promising alternatives, and singled out difficult future challenges. Meanwhile a large and vibrant open-source community has proposed and deployed numerous modifications and extensions. We provide the first systematic exposition Bit coin and the many related crypto currencies or 'altcoins.' Drawing from a scattered body of knowledge, we identify three key components of Bit coin's design that can be decoupled. This enables a more insightful analysis of Bit coin's properties and future stability. We map the design space for numerous proposed modifications, providing comparative analyses for alternative consensus mechanisms, currency allocation mechanisms, computational puzzles, and key management tools. We survey anonymity issues in Bit coin and provide an evaluation framework for analyzing a variety of privacy-enhancing proposals. Finally we provide new insights on what we term disinter mediation protocols, which absolve the need for trusted intermediaries in an interesting set of applications. We identify three general disinter mediation strategies and provide a detailed comparison.
Conference Paper
Bitcoin is a disruptive new crypto-currency based on a decentralized open-source protocol which has been gradually gaining momentum. Perhaps the most important question that will affect Bitcoin’s success, is whether or not it will be able to scale to support the high volume of transactions required from a global currency system. We investigate the implications of having a higher transaction throughput on Bitcoin’s security against double-spend attacks. We show that at high throughput, substantially weaker attackers are able to reverse payments they have made, even well after they were considered accepted by recipients. We address this security concern through the GHOST rule, a modification to the way Bitcoin nodes construct and re-organize the block chain, Bitcoin’s core distributed data-structure. GHOST has been adopted and a variant of it has been implemented as part of the Ethereum project, a second generation distributed applications platform.
Article
With a cryptographic root-of-trust for Internet routing(RPKI [17]) on the horizon, we can finally start planning the deployment of one of the secure interdomain routing protocols proposed over a decade ago (Secure BGP [22], secure origin BGP [37]). However, if experience with IPv6 is any indicator, this will be no easy task. Security concerns alone seem unlikely to provide sufficient local incentive to drive the deployment process forward. Worse yet, the security benefits provided by the S*BGP protocols do not even kick in until a large number of ASes have deployed them. Instead, we appeal to ISPs' interest in increasing revenue-generating traffic. We propose a strategy that governments and industry groups can use to harness ISPs' local business objectives and drive global S*BGP deployment. We evaluate our deployment strategy using theoretical analysis and large-scale simulations on empirical data. Our results give evidence that the market dynamics created by our proposal can transition the majority of the Internet to S*BGP.
Article
Bitcoin is the world's first decentralized digital currency. Its main technical innovation is the use of a blockchain and hash-based proof of work to synchronize transactions and prevent double-spending the currency. While the qualitative nature of this system is well understood, there is widespread confusion about its quantitative aspects and how they relate to attack vectors and their countermeasures. In this paper we take a look at the stochastic processes underlying typical attacks and their resulting probabilities of success.
Conference Paper
Border Gateway Protocol (BGP) plays a critical role in the Internet inter-domain routing reliability. Invalid routes generated by mis-configurations or forged by malicious attacks may hijack the traffic and devastate the Internet routing system, but it is unlikely that a secure BGP can be deployed in the near future to completely prevent them. Although many hijacking detection systems have been developed, they more or less have weaknesses such as long detection delay, high false alarm rate and deployment difficulty, and no systematic detection results have been studied. This paper proposes Argus, an agile system that can accurately detect prefix hijackings and deduce the underlying cause of route anomalies in a very fast way. Argus is based on correlating the control and data plane information closely and pervasively, and has been continuously monitoring the Internet for more than one year. During this period, around 40K routing anomalies were detected, from which 220 stable prefix hijackings were identified. Our analysis on these events shows that, hijackings that have only been theoretically studied before do exist in the Internet. Although the frequency of new hijackings is nearly stable, more specific prefixes are hijacked more frequently. Around 20% of the hijackings last less than ten minutes, and some can pollute 90% of the Internet in less than two minutes. These characteristics make \emph{Argus} especially useful in practice. We further analyze some representative cases in detail to help increase the understanding of prefix hijackings in the Internet.
Conference Paper
Existing low-latency anonymity networks are vulnerable to trac analysis, so location diversity of nodes is essential to defend against attacks. Previous work has shown that simply ensuring geographical di- versity of nodes does not resist, and in some cases exacerbates, the risk of trac analysis by ISPs. Ensuring high autonomous-system (AS) diver- sity can resist this weakness. However, ISPs commonly connect to many other ISPs in a single location, known as an Internet eXchange (IX). This paper shows that IXes are a single point where trac analysis can be performed. We examine to what extent this is true, through a case study of Tor nodes in the UK. Also, some IXes sample packets flowing through them for performance analysis reasons, and this data could be exploited to de-anonymize trac. We then develop and evaluate Bayesian trac analysis techniques capable of processing this sampled data.
Conference Paper
IP prefix hijacking remains a major threat to the security of the Internet routing system due to a lack of authoritative prefix ownership information. Despite many efforts in designing IP prefix hijack detection schemes, no existing design can satisfy all the critical requirements of a truly effective system: real-time, accurate, lightweight, easily and incrementally deployable, as well as robust in victim notification. In this paper, we present a novel approach that fulfills all these goals by monitoring network reachability from key external transit networks to one's own network through lightweight prefix-owner-based active probing. Using the prefix-owner's view of reachability, our detection system, iSPY, can differentiate between IP prefix hijacking and network failures based on the observation that hijacking is likely to result in topologically more diverse polluted networks and unreachability. Through detailed simulations of Internet routing, 25-day deployment in 88 autonomous systems (ASs) (108 prefixes), and experiments with hijacking events of our own prefix from multiple locations, we demonstrate that iSPY is accurate with false negative ratio below 0.45% and false positive ratio below 0.17%. Furthermore, iSPY is truly real-time; it can detect hijacking events within a few minutes.
Conference Paper
In response to high-profile Internet outages, BGP security variants have been proposed to prevent the propagation of bogus routing information. To inform discussions of which variant should be deployed in the Internet, we quantify the ability of the main protocols (origin authentication, soBGP, S-BGP, and data-plane verification) to blunt traffic-attraction attacks; i.e., an attacker that deliberately attracts traffic to drop, tamper, or eavesdrop on packets. Intuition suggests that an attacker can maximize the traffic he attracts by widely announcing a short path that is not flagged as bogus by the secure protocol. Through simulations on an empirically-determined AS-level topology, we show that this strategy is surprisingly effective, even when the network uses an advanced security solution like S-BGP or data-plane verification. Worse yet, we show that these results underestimate the severity of attacks. We prove that finding the most damaging strategy is NP-hard, and show how counterintuitive strategies, like announcing longer paths, announcing to fewer neighbors, or triggering BGP loop-detection, can be used to attract even more traffic than the strategy above. These counterintuitive examples are not merely hypothetical; we searched the empirical AS topology to identify specific ASes that can launch them. Finally, we find that a clever export policy can often attract almost as much traffic as a bogus path announcement. Thus, our work implies that mechanisms that police export policies (e.g., defensive filtering) are crucial, even if S-BGP is fully deployed.
The economics of bitcoin mining, or bitcoin in the presence of adversaries
  • J A Kroll
  • I C Davey
  • E W Felten
Massive route leak causes Internet slowdown
  • A Tonk
Dyn Research. Pakistan hijacks YouTube
  • Dyn Research
Financial Cryptography and Data Security
Stealing The Internet. An Internet-Scale Man In The Middle Attack
  • pilosov
Large scale BGP hijack out of India
  • A Tonk
P4: Programming protocol-independent packet processors
  • P Bosshart
  • D Daly
  • G Gibb
  • M Izzard
  • N Mckeown
  • J Rexford
  • C Schlesinger
  • D Talayco
  • A Vahdat
  • G Varghese
Advances in Cryptology-EUROCRYPT 2015
  • J Garay
  • A Kiayias
  • N Leonardos
Eclipse attacks on bitcoin's peer-to-peer network
  • E Heilman
  • A Kendler
  • A Zohar
  • S Goldberg
Discovering bitcoin's public topology and influential nodes
  • A Miller
  • J Litton
  • A Pachulski
  • N Gupta
  • D Levin
  • N Spring
  • B Bhattacharjee
BIP 151: Peer-to-Peer Communication Encryption
  • J Schnelli
Is bitcoin a decentralized currency?
  • A Gervais
  • G O Karama
  • V Capkun
  • S Capkun
The economics of bitcoin mining, or bitcoin in the presence of adversaries
  • kroll
Eclipse attacks on bitcoin's peer-to-peer network
  • heilman