Conference Paper

# Hijacking Bitcoin: Routing Attacks on Cryptocurrencies

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

## No full-text available

... The security community nevertheless continuously discovers new attack vectors that partition one or more peer nodes in these densely connected blockchain networks, demonstrating that network-layer attacks on blockchains can result in the violation of safety properties [3], [22], [33], [37]. At a high level, these partitioning attacks need an airtight control of a target node's peer connections (a.k.a. ...
... For example, the Bitcoin eclipse attack [22] demonstrates that a botnet master with a small size (e.g., roughly 4.6K) botnet can easily control all peer connections to a target node. The Bitcoin hijacking [3] and Erebus [37] attacks demonstrate that a network adversary (e.g., a malicious ISP) can also take complete control over a target's peer connections. SyncAttack [33] shows that even partitioning an entire blockchain network is possible. ...
... Before we delve into the potential countermeasures, let us clarify why existing anti-eclipse schemes do not work against Gethlighting at all. Existing eclipse attacks and their variants [3], [22], [23], [29], [37] have led to several practical countermeasures against them. One highly effective family of techniques is to ensure a small number of reliable, benign peer connections. ...
... Previous research has examined blockchain's security at different system layers, including the P2P network [1,2,3,4], mining incentives [5,6,7], transaction processing [8,9,10,11], and applications such as smart contracts [12,13,14], etc. Among them, the most relevant work on the RPC service is a measurement study of cryptocurrency stealing attacks [15]. ...
... At the P2P network layer, existing work such as eclipse attack [1,2] aims to isolate a victim node from the rest of the network, and routing attacks [3,4] assume a powerful Internet Service Provider (ISP) or top-tier Autonomous System (AS) can manipulate the network traffic to partition the P2P network. At the mempool layer, Bitcoin stress testing [8] is a work that measures the impact of the 2015 Bitcoin Spam attacks. ...
... Blockchain DoS security: Since the advent, public blockchains have been a target of DoS attacks. A variety of DoSes have been designed and practiced on the different layers of a blockchain system in smart contract execution [13,14], transaction processing [39,9,11], mining-based consensus [6,5], and the underlying P2P network [1,2,3,4]. For instance, in the P2P network layer, an eclipse attack [1,2] aims to isolate a DoS-victim peer from the network and a routing attack [3,4] employs BGP hijacking to intercept network traffic towards partitioning it. ...
Thesis
Full-text available
This thesis aims to examine the security of a blockchain's communication network. A blockchain relies on a communication network to deliver transactions. Understanding and hardening the security of the communication network against Denial-of-Service (DoS) attacks are thus critical to the well-being of blockchain participants. Existing research has examined blockchain system security in various system components, including mining incentives, consensus protocols, and applications such as smart contracts. However, the security of a blockchain's communication network remains understudied. In practice, a blockchain's communication network typically consists of three services: RPC service, P2P network, and mempool. This thesis examines each service's designs and implementations , discovers vulnerabilities that lead to DoS attacks, and uncovers the P2P network topology. Through systematic evaluations and measurements, the thesis confirms that real-world network services in Ethereum are vulnerable to DoS attacks, leading to a potential collapse of the Ethereum ecosystem. Besides, the uncovered P2P network topology in Ethereum mainnet suggests that critical nodes adopt a biased neighbor selection strategy in the mainnet. Finally, to fix the discovered vulnerabilities, practical mitigation solutions are proposed in this thesis to harden the security of Ethereum's communication network.
... Even though secured transaction storage is one of the advantages of the blockchain, it has other security issues such as recent security breaches, inherent vulnerabilities in the design, and blockchain implementation [6], [7]. Some attacks may include denial of service (DoS), eclipse attacks, double spending, and 51% attacks [8]. ...
... Go Ethereum (aka geth) 1.8. 19 Rewriting the length of a dynamic array in memory relay nodes at AS level to monitor the peer-to-peer protocol traffic, encrypting the network traffic, using distinct control and data channels, using UDP heartbeats, and monitoring network statics [7]. ...
... Apostolaki et al. [7], [54] investigated routing attacks targeting Bitcoin nodes. The partitioning and delay attacks are proposed to perform the DoS attacks on the victim node. ...
Article
Full-text available
With the proliferation of the blockchain technology ecosystems such as mining pools, crypto exchanges, full Bitcoin nodes, wallets, and pool protocol servers in recent years, the denial of service (DoS) attack vector has become more prevalent, and the attacks are targeted to the peer-to-peer networks and blockchain users. Despite blockchain enhancing security with decentralized design, secured distributed storage, and privacy, it is still vulnerable to new attack threats. If an attempted DoS is successful on blockchain, the impact is most likely massive given the fact that it is predominantly used for finance applications. An extensive account of the current state-of-the-art for possible DoS and corresponding mitigation techniques is not discussed in the existing research. This paper analyzes and categorizes the existing state-of-the-art DoS attack methods, detection techniques, and mitigation solutions targeting blockchain peer-to-peer networks as well as conventional network crypto exchanges. The review of the prior research shows that the blockchain ecosystem can be a target to successfully perform DoS attacks in the future, and technological advancements in blockchain are needed to mitigate potential attacks.
... Apostolaki et al. [58] state that more than 90% of Bitcoin nodes are potentially vulnerable to BGP hijacking attacks. Moreover, they show that large BGP hijacks often occur in real life, involving between 300 and 30,000 prefixes, and intercepting at least 100 Bitcoin nodes per month. ...
... Due to its lack of geographical diversification, Bitcoin is particularly vulnerable to AS-level attacks. In fact, most nodes concentrate in just a few ASes [58,59], making it easier for A to intercept a large share of connections. For instance, three of the major ASes together would be able to intercept more than 60% of all possible Bitcoin connections [58]. ...
... In fact, most nodes concentrate in just a few ASes [58,59], making it easier for A to intercept a large share of connections. For instance, three of the major ASes together would be able to intercept more than 60% of all possible Bitcoin connections [58]. ...
Article
Full-text available
Over the last decade, Bitcoin has revolutionized the global economic and technological landscape, inspiring a new generation of blockchain-based technologies. Its protocol is today among the most influential for cryptocurrencies and distributed networks. In particular, the P2P layer represents a reference point for all permissionless blockchains, which often implement its solutions in their network layer. Unfortunately, the Bitcoin network protocol lacks a strong security model, leaving it exposed to several threats. Attacks at this level can affect the reliability and trustworthiness of the consensus layer, mining the credibility of the whole system. It is therefore of utmost importance to properly understand and address the security of the Bitcoin P2P protocol. In this paper, we give a comprehensive and detailed overview of known network-level attacks in Bitcoin, as well as the countermeasures that have been implemented in the protocol. We propose a generic network adversary model, and propose an objective-based taxonomy of the attacks. Finally, we identify the core weaknesses of the protocol and study the relationship between different types of attack. We believe our contribution can help both new and experienced researchers have a broader and deeper understanding of the Bitcoin P2P network and its threats, and allow for a better modeling of its security properties.
... 28% for Ethereum) [GBE + 18]. In addition, 68% of the mining power was hosted on 10 transit networks, while 3 transit networks saw more than 60% of all connections [AZV17]. In 2019, Ethereum's network presented a large degree of centralization around clusters, forming a "small world network" [GSW + 19] with 10 cloud hosting providers accounting for 57% of all nodes and one hosting almost a quarter [Kon19]. ...
... Most Bitcoin nodes communicate over Tor, making topology analyses particularly hard. 42 Nonetheless, it is estimated that the network is evenly spread across multiple Autonomous Systems, thus presenting high levels of decentralization [AZV17]. ...
Preprint
Full-text available
Decentralization has been touted as the principal security advantage which propelled blockchain systems at the forefront of developments in the financial technology space. Its exact semantics nevertheless remain highly contested and ambiguous, with proponents and critics disagreeing widely on the level of decentralization offered. To address this, we put forth a systematization of the current landscape with respect to decentralization and we derive a methodology that can help direct future research towards defining and measuring decentralization. Our approach dissects blockchain systems into multiple layers, or strata, each possibly encapsulating multiple categories, and enables a unified method for measuring decentralization in each one. Our layers are (1) hardware, (2) software, (3) network, (4) consensus, (5) economics ("tokenomics"), (6) API, (7) governance, and (8) geography. Armed with this stratification, we examine for each layer which pertinent properties of distributed ledgers (safety, liveness, privacy, stability) can be at risk due to centralization and in what way. Our work highlights the challenges in measuring and achieving decentralization, points to the degree of (de)centralization of various existing systems, where such assessment can be made from presently available public information, and suggests potential metrics and directions where future research is needed. We also introduce the "Minimum Decentralization Test", as a way to assess the decentralization state of a blockchain system and, as an exemplary case, we showcase how it can be applied to Bitcoin.
... Sabre (Maria A. & al., 2017). ...
... In this issue, Border Gateway Protocol (BGP) routing scheme is the main asset in capturing blockchain information (Maria A. & al., 2017). This can result in a high broadcasting delay of data or messages, traffic hijack, and digital currency robbery. ...
Article
Full-text available
Blockchain-enabled smart contracts are subjected to several issues leading to vigorous attacks such as the decentralized autonomous organization (DAO) and the ParitySig bug on the Ethereum platform with disastrous consequences. Several solutions have been proposed. However, new threats are identified as technology evolves and new solutions are produced, while some older threats remain unsolved. Thus, the need to fill the gap with a more comprehensive survey on existing issues and solutions for researchers and practitioners arises. The resulting updated database will become an essential means for choosing a particular solution for a specific subject. In this review, the authors embrace mainly codifying security privacy and performance issues and their respective solutions. Each problem is attached to its corresponding solutions when they exist. A summary of the threats and solutions is provided as well as the relationship between threat importance and the given answers. They finally enumerate some directives for future works.
... The propagation period may potentially be prolonged under certain conditions, as illustrated in [46]. The work in [47] outlines a classification of routing attacks and how they affect Bitcoin, taking into account both small-scale attacks that target specific nodes and large-scale assaults that target the whole network. Adversaries may squander a large amount of mining power by isolating some portions of the network or stalling block propagation, which might result in revenue losses and open the network up to a variety of attacks. ...
Preprint
Full-text available
p> Cryptocurrencies acquire user confidence by making the whole creation and transaction history transparent to the public. In exchange, the transaction history accurately captures the complete range of user activities related to cryptocurrencies. In this paper, the use of data mining methods in Bitcoin transactions is analyzed and summarized. Cryptocurrencies, similar to the well-known Bitcoin, were targeted to ensure transaction security and privacy and overcome the drawbacks of traditional banking systems as well as other centralized systems. We also conduct a thorough analysis of the literature on the challenges and applications of electronic currencies. We outline the evolution of digital currency from electronic cash to cryptocurrencies and put the spotlight on the methods used to increase user privacy. We also highlight security threats in the existing cryptocurrency systems that jeopardize the privacy of Bitcoin users. Finally, we identify several research gaps and trends that need to be looked at further. </p
... f. Border gateway protocol (BGP) hijacks [26]: It exploits the blockchain's peer-to-peer system by revenue loss, partitioning and theft information that effect on the miners, mining pools and users. g. ...
Article
Full-text available
span>Blockchain (BC) has received high attention from many researchers recently because it has decentralization, trusted auditability, and transparency as its main properties. BC has contributed fundamentally to the development of applications like cryptocurrencies, health care, the internet of things (IoT), and so on. The IoT is envisioned to include billions of pervasive and mission-critical sensors and actuators connected to the internet. This network of smart devices is expected to generate and have access to vast amounts of information, creating unique opportunities for new applications, but significant security and privacy issues emerge concurrently because it does not contain robust security systems. BC provides many services like privacy, security, and provenance to the systems that depends on. This research includes analyzing and a comprehensive review of BC technologies. Moreover, the proposed solutions in academia with the methodologies that used to integrate blockchain with IoT are presented. Also, the types of attacks on blockchain are collected and classified. Furthermore, the main contributions and challenges that are included in the literature are explored, then the relevant recommendations for solving the explored challenges are proposed. In conclusion, the integration of BC with IoT could produce promising results in enhancing the security and privacy of IoT environment.</span
... The propagation period may potentially be prolonged under certain conditions, as illustrated in [46]. The work in [47] outlines a classification of routing attacks and how they affect Bitcoin, taking into account both small-scale attacks that target specific nodes and large-scale assaults that target the whole network. Adversaries may squander a large amount of mining power by isolating some portions of the network or stalling block propagation, which might result in revenue losses and open the network up to a variety of attacks. ...
Article
Full-text available
Cryptocurrencies acquire user confidence by making the whole creation and transaction history transparent to the public. In exchange, the transaction history accurately captures the complete range of user activities related to cryptocurrencies. It is thought to be one of the safest and simplest payment methods that may be employed in the future. The trend of banks and other financial institutions investing in cryptocurrencies has increased rapidly in recent years. Therefore, it is necessary to synthesize the findings of previous studies on cryptocurrencies. In this paper, the use of data mining methods in Bitcoin transactions is analyzed and summarized. Cryptocurrencies, similar to the well-known Bitcoin, were targeted to ensure transaction security and privacy and overcome the drawbacks of traditional banking systems as well as other centralized systems. In addition, a comprehensive analysis of the literature on the challenges and applications of electronic currencies is conducted. The evolution of digital currency from electronic cash to cryptocurrencies is summarized and the methods used to increase user privacy are highlighted. The security threats in existing cryptocurrency systems (that compromise the privacy of Bitcoin users) are also highlighted. Finally, several research gaps and trends are identified that need to be further explored.
... BGP hĳacking has also given rise to the hĳacking of cryptocurrencies [8,9], such as Bitcoin, as a new aspect of cybercrime. A recent finding has shown that the use of BGPsec can only prevent BGP hĳacking [10]. ...
Article
The BGPsec protocol, which is an extension of the border gateway protocol (BGP) for Internet routing known as BGPsec, uses digital signatures to guarantee the validity of routing information. However, the use of digital signatures in routing information on BGPsec causes a lack of memory in BGP routers, creating a gaping security hole in today's Internet. This problem hinders the practical realization and implementation of BGPsec. In this paper, we present APVAS (AS path validation based on aggregate signatures), a new protocol that reduces the memory consumption of routers running BGPsec when validating paths in routing information. APVAS relies on a novel aggregate signature scheme that compresses individually generated signatures into a single signature. Furthermore, we implement a prototype of APVAS on BIRD Internet Routing Daemon and demonstrate its efficiency on actual BGP connections. Our results show that the routing tables of the routers running BGPsec with APVAS have 20% lower memory consumption than those running the conventional BGPsec. We also confirm the effectiveness of APVAS in the real world by using 800,000 routes, which are equivalent to the full route information on a global scale.
... Since the advertisement of fraudulent routes can pull in traffic, an attack [5], [14], [65], which steals cryptocurrency by pulling in blockchain transactions, has been observed. By contrast, to mitigate cyber attacks such as DoS attacks, a blackhole service has been proposed to intentionally update routing information and block traffic to the targeted AS [17], [31], [43], [59]. ...
Article
Full-text available
BGP, the de-facto standard protocol for exchanging routes on a network-wide basis called AS employs invalid routes. Recently, a data object called Autonomous System Provider Authorization (ASPA) was proposed as a new specification for verifying PATH information in BGP security. In this paper, we shed light on the effectiveness of ASPAs in a partial deployment alongside the conventional BGP through experiments based on a real AS topology. To this end, we also present a novel simulation tool, LOTUS, for BGP route exchange, including ASPAs. We then evaluate deployments of ASPAs and their verification with LOTUS for two cases on network topology in Japan: the case in deployment from ASes whose number of connections with other ASes is large, i.e., deployment from top ASes, and the case in deployment from ASes at the end of the network topology, i.e., deployment from leaf-node ASes. As a result, we confirm that the number of victim ASes decreases in the former case, while ASPAs provide no advantage in the latter case. Notably, the number of victim ASes decreases by about 96% on average by deploying the verification with ASPAs in the top-eight ASes. Based on these results, we further conduct extensive experiments in the deployment from the top ASes, whereby ASes outside the network topology advertise malicious routes to the victim ASes. We also discuss a case whereby an adversary tries to leverage ASPAs. Our promising results show that the adversary will no longer obtain an advantage even by leveraging ASPAs.
... (2) Privacy protection First, the adoption of blockchain technology in smart manufacturing can improve its security through asymmetric encryption and digital signatures, but there are still risks of cyberattacks due to the vulnerability of blockchain systems. For example, Malicious users can hijack blockchain messages using a border gateway protocol (BGP) routing scheme, resulting in higher block broadcast latency [90]. The peer-to-peer (P2P) network of blockchain may also bring security issues, as data transfer and consensus processes are all performed based on P2P networks. ...
Article
Full-text available
As a new generation of information technology, blockchain plays an important role in business and industrial innovation. The employment of blockchain technologies in industry has increased transparency, security and traceability, improved efficiency, and reduced costs of production activities. Many studies on blockchain technology-enabled system construction and performance optimization in Industry 4.0 have been carried out. However, blockchain technology and smart manufacturing have been individually researched in academia and industry, according to the literature. This survey aims to summarize the existing research to provide theoretical foundations for applying blockchain technology to smart manufacturing, thus creating a more reliable and authentic smart manufacturing system. In this regard, the literature related to four types of critical issues in smart manufacturing is introduced: data security, data sharing, trust mechanisms and system coordination issues. The corresponding blockchain solutions were reviewed and analyzed. Based on the insights obtained from the above analysis, a reference framework for blockchain technology-enabled smart manufacturing systems is put forward. The challenges and future research directions are also discussed to provide potential guides for achieving better utilization of this technology in smart manufacturing.
... Malicious interceptor: If AS5 is a malicious interceptor [157,158], AS2 is able to steer traffic through it. ...
... The propagation period may potentially be prolonged under certain conditions, as illustrated in [47]. The work in [48] outlines a classification of routing attacks and how they affect Bitcoin, taking into account both small-scale attacks that target specific nodes and large-scale assaults that target the whole network. Adversaries may squander a large amount of mining power by isolating some portions of the network or stalling block propagation, which might result in revenue losses and open the network up to a variety of attacks. ...
Preprint
Full-text available
p> Cryptocurrencies acquire user confidence by making the whole creation and transaction history transparent to the public. In exchange, the transaction history accurately captures the complete range of user activities related to cryptocurrencies. In this paper, the use of data mining methods in Bitcoin transactions is analyzed and summarized. Cryptocurrencies, similar to the well-known Bitcoin, were targeted to ensure transaction security and privacy and overcome the drawbacks of traditional banking systems as well as other centralized systems. We also conduct a thorough analysis of the literature on the challenges and applications of electronic currencies. We outline the evolution of digital currency from electronic cash to cryptocurrencies and put the spotlight on the methods used to increase user privacy. We also highlight security threats in the existing cryptocurrency systems that jeopardize the privacy of Bitcoin users. Finally, we identify several research gaps and trends that need to be looked at further. </p
... The propagation period may potentially be prolonged under certain conditions, as illustrated in [47]. The work in [48] outlines a classification of routing attacks and how they affect Bitcoin, taking into account both small-scale attacks that target specific nodes and large-scale assaults that target the whole network. Adversaries may squander a large amount of mining power by isolating some portions of the network or stalling block propagation, which might result in revenue losses and open the network up to a variety of attacks. ...
Preprint
p> Cryptocurrencies acquire user confidence by making the whole creation and transaction history transparent to the public. In exchange, the transaction history accurately captures the complete range of user activities related to cryptocurrencies. In this paper, the use of data mining methods in Bitcoin transactions is analyzed and summarized. Cryptocurrencies, similar to the well-known Bitcoin, were targeted to ensure transaction security and privacy and overcome the drawbacks of traditional banking systems as well as other centralized systems. We also conduct a thorough analysis of the literature on the challenges and applications of electronic currencies. We outline the evolution of digital currency from electronic cash to cryptocurrencies and put the spotlight on the methods used to increase user privacy. We also highlight security threats in the existing cryptocurrency systems that jeopardize the privacy of Bitcoin users. Finally, we identify several research gaps and trends that need to be looked at further. </p
... The developments of DeFi system API, application, and user interface should follow software security practices, ensuring that the access control and function calls are solidly implemented. 5) Other attacks: As yield farming protocols are built upon multiple complex systems with a variety of software [135]; attackers can break the network connections between the users and the blockchain system through border gateway protocol (BGP) hijacking [58]; malicious traders can leverage frontrunning attacks to drain funds from pools [76]. These attacks are out of scope for this paper, but it is important for users and developers to be aware of that yield farming security is a systemic problem. ...
Article
Full-text available
Yield farming represents an immensely popular asset management activity in defi. It involves supplying, borrowing, or staking crypto assets to earn an income in forms of transaction fees, interest, or participation rewards at different defi marketplaces. In this systematic survey, we present yield farming protocols as an aggregation-layer constituent of the wider defi ecosystem that interact with primitive-layer protocols such as dex and plf. We examine the yield farming mechanism by first studying the operations encoded in the yield farming smart contracts, and then performing stylized, parameterized simulations on various yield farming strategies. We conduct a thorough literature review on related work, and establish a framework for yield farming protocols that takes into account pool structure, accepted token types, and implemented strategies. Using our framework, we characterize major yield aggregators in the market including Yearn Finance, Beefy, and Badger DAO. Moreover, we discuss anecdotal attacks against yield aggregators and generalize a number of risks associated with yield farming.
... Aiming to perturb operations of blockchain systems [175], many other attacks do not target AMM-based DEX specifically, but can indirectly affect the service of DEX. For example, attackers can launch spam or distributed denial-of-service (DDoS) attacks towards the blockchain system [91,152], thereby increasing the latency or even hindering the accessibility of DEX services; blockchain denial-of-service (BDoS) attacks exploit the reward mechanism to discourage miner participation, thereby causing a blockchain to a halt with significantly fewer resources [135]; the 51% attack [175], the most classic blockchain attack, is able to tamper with the blockchain in any way by controlling more than 50% of the network's mining hash rate; network attacks can destroy the network connections between the users and the blockchain system through domain name server (DNS) hijacking [168] or border gateway protocol (BGP) hijacking [16]. ...
Article
Full-text available
As an integral part of the decentralized finance (DeFi) ecosystem, decentralized exchanges (DEXs) with automated market maker (AMM) protocols have gained massive traction with the recently revived interest in blockchain and distributed ledger technology (DLT) in general. Instead of matching the buy and sell sides, automated market makers (AMMs) employ a peer-to-pool method and determine asset price algorithmically through a so-called conservation function. To facilitate the improvement and development of automated market maker (AMM)-based decentralized exchanges (DEXs), we create the first systematization of knowledge in this area. We first establish a general automated market maker (AMM) framework describing the economics and formalizing the system’s state-space representation. We then employ our framework to systematically compare the top automated market maker (AMM) protocols’ mechanics, illustrating their conservation functions, as well as slippage and divergence loss functions. We further discuss security and privacy concerns, how they are enabled by automated market maker (AMM)-based decentralized exchanges (DEXs)’ inherent properties, and explore mitigating solutions. Finally, we conduct a comprehensive literature review on related work covering both decentralized finance (DeFi) and conventional market microstructure.
... The developments of DeFi system API, application, and user interface should follow software security practices, ensuring that the access control and function calls are solidly implemented. 5) Other attacks: As yield farming protocols are built upon multiple complex systems with a variety of software [135]; attackers can break the network connections between the users and the blockchain system through border gateway protocol (BGP) hijacking [58]; malicious traders can leverage frontrunning attacks to drain funds from pools [76]. These attacks are out of scope for this paper, but it is important for users and developers to be aware of that yield farming security is a systemic problem. ...
Preprint
Full-text available
Yield farming represents an immensely popular asset management activity in decentralized finance (DeFi). It involves supplying, borrowing, or staking crypto assets to earn an income in forms of transaction fees, interest, or participation rewards at different DeFi marketplaces. In this systematic survey, we present yield farming protocols as an aggregation-layer constituent of the wider DeFi ecosystem that interact with primitive-layer protocols such as decentralized exchanges (DEXs) and protocols for loanable funds (PLFs). We examine the yield farming mechanism by first studying the operations encoded in the yield farming smart contracts, and then performing stylized, parameterized simulations on various yield farming strategies. We conduct a thorough literature review on related work, and establish a framework for yield farming protocols that takes into account pool structure, accepted token types, and implemented strategies. Using our framework, we characterize major yield aggregators in the market including Yearn Finance, Beefy, and Badger DAO. Moreover, we discuss anecdotal attacks against yield aggregators and generalize a number of risks associated with yield farming.
... Besides, the eclipse attack [127,128] and network partition attack [129] could also be used to enhance the effects of selfish mining type attacks [123]. The key idea of the eclipse attack is to control all incoming and outgoing connections of a node [127]. ...
Article
Sharding is the prevalent approach to breaking the trilemma of simultaneously achieving decentralization, security, and scalability in traditional blockchain systems, which are implemented as replicated state machines relying on atomic broadcast for consensus on an immutable chain of valid transactions. Sharding is to be understood broadly as techniques for dynamically partitioning nodes in a blockchain system into subsets (shards) that perform storage, communication, and computation tasks without fine-grained synchronization with each other. Despite much recent research on sharding blockchains, much remains to be explored in the design space of these systems. Towards that aim, we conduct a systematic analysis of existing sharding blockchain systems and derive a conceptual decomposition of their architecture into functional components and the underlying assumptions about system models and attackers they are built on. The functional components identified are node selection, epoch randomness, node assignment, intra-shard consensus, cross-shard transaction processing, shard reconfiguration, and motivation mechanism. We describe interfaces, functionality, and properties of each component and show how they compose into a sharding blockchain system. For each component, we systematically review existing approaches, identify potential and open problems, and propose future research directions. We focus on potential security attacks and performance problems, including system throughput and latency concerns such as confirmation delays. We believe our modular architectural decomposition and in-depth analysis of each component, based on a comprehensive literature study, provides a systematic basis for conceptualizing state-of-the-art sharding blockchain systems, proving or improving security and performance properties of components, and developing new sharding blockchain system designs.
... Also hardware integrated security architecture shown in [12] can help securing against this form of attack. Border Gateway Protocol Attack -Border Gateway Protocol (BGP) Attack relates to an adversary compromising the routing mechanisms and thus controlling the routes and hosts that can be reached [13]. Although, it is unclear if smart contract-level protection mechanisms are sufficient to detect these attacks. ...
Preprint
p>Smart contracts (SCs) are a set of logical procedures that can be run by individual peers participating within a Distributed Ledger Technology (DLT) network. By design, smart contracts inherit many of the benefits of DLT, including its immutability, scalability and security properties. Nevertheless, they may introduce additional attack vectors, which can lead to cybersecurity explorations that could jeopardize the end-application's ability to operate as intended or result in data leaks, and privacy violations. In this work an exploration of known problems, and possible attack scenarios will be presented. This is followed by a set of proposed best practices and mitigation strategies that are intended to assist developers, researchers and other relevant stakeholders to develop secure SC implementations. </p
... 51% attack refers to an attack on a blockchain in which a group of miners controls more than 50% of the network's mining hash rate or computing power (Chanti, Anwar, Chithralekha, & Uma 2020). This will prevent any new transaction to occur and to (Apostolaki, 2017). ...
Chapter
Blockchain, the technology behind most popular cryptocurrency Bitcoin and Ethereum, has attracted wide attention recently. It is the most emerging technology that has changed the financial and non-financial transaction system. It is omnipresent. Currently, this technology is enforcing banks, industries, and countries to adopt it in their financial, industrial, and government section. Earlier, it solved the centralize and double-spending problems successfully. In this chapter, the authors present a study of blockchain security issues and its challenges as well. They divided the whole chapter into two parts. The primer part covers a holistic overview of blockchain followed by the later section that argues about basic operations, 51% attack, scalability issue, Fork, Sharding, Lightening, etc. Finally, they mention an intro about its adaptation (financial or non-financial) in our 24/7 life and collaboration with fields like IoT.
Chapter
In recent years, permisionless blockchains have received a lot of attention both from industry and academia, where substantial effort has been spent to develop consensus protocols that are secure under the assumption that less than half (or a third) of a given resource (e.g., stake or computing power) is controlled by corrupted parties. The security proofs of these consensus protocols usually assume the availability of a network functionality guaranteeing that a block sent by an honest party is received by all honest parties within some bounded time. To obtain an overall protocol that is secure under the same corruption assumption, it is therefore necessary to combine the consensus protocol with a network protocol that achieves this property under that assumption. In practice, however, the underlying network is typically implemented by flooding protocols that are not proven to be secure in the setting where a fraction of the considered total weight can be corrupted. This has led to many so-called eclipse attacks on existing protocols and tailor-made fixes against specific attacks. To close this apparent gap, we present the first practical flooding protocol that provably delivers sent messages to all honest parties after a logarithmic number of steps. We prove security in the setting where all parties are publicly assigned a positive weight and the adversary can corrupt parties accumulating up to a constant fraction of the total weight. This can directly be used in the proof-of-stake setting, but is not limited to it. To prove the security of our protocol, we combine known results about the diameter of Erdős–Rényi graphs with reductions between different types of random graphs. We further show that the efficiency of our protocol is asymptotically optimal. The practicality of our protocol is supported by extensive simulations for different numbers of parties, weight distributions, and corruption strategies. The simulations confirm our theoretical results and show that messages are delivered quickly regardless of the weight distribution, whereas protocols that are oblivious of the parties’ weights completely fail if the weights are unevenly distributed. Furthermore, the average message complexity per party of our protocol is within a small constant factor of such a protocol.
Chapter
Blockchain is used in various sectors including healthcare, finance, government, and commerce to build blockchain-based solutions for the customers. The main benefit of introducing blockchain in these applications is to provide security to digital transactions by leveraging cryptography, decentralization, and consensus. While the use of blockchain technology has introduced various advantages, it comes up with several cybersecurity challenges as well. Blockchain has attracted cybercriminals to exploit the vulnerabilities that exist in the technology and target organizations that use it.This chapter sheds light on various blockchain attacks and countermeasures to prevent or avoid those attacks. Blockchain security deals with providing a comprehensive security solution to blockchain applications. It is achieved with the implementation of cybersecurity frameworks, security testing methodologies, and secure coding practices. These countermeasures help protect blockchain solutions from online frauds, breaches, and other cyber-attacks (An Introduction to Blockchain Security. https://www.getastra.com/blog/knowledge-base/blockchain-security/#:~:text=Blockchain%20works%20as%20a%20distributed,for%20data%20storage%20and%20processing).
Chapter
Knowledge is power, and in this digital age, knowledge is represented by data, making it one of the most valuable assets. With rapidly evolving technology, there are challenges that directly or indirectly threaten the integrity of data, such as cybercrime, privacy concerns, theft, malware, and viruses. The development of Blockchain Technology has helped in the mitigation of some of these problems by safeguarding online data resources. In this chapter, we introduce the concept of blockchain, discuss its structure and features, and understand its operation. The main focus of this chapter is to observe the vulnerabilities of this technology and scrutinize several attacks exploiting them to understand their outcomes. We go over a few security improvements in an attempt to protect from attacks and alleviate the existing threats. In addition, we explore its application and implementation in various fields. We conclude by discussing the major challenges this technology is facing at present and may encounter in the future.KeywordsBlockchain technologyVulnerabilities of blockchainAttacks on blockchainApplicationsFuture challenges
Article
Full-text available
Recently, blockchain technology has appeared as a powerful decentralized tool for data integrity protection. The use of smart contracts in blockchain helped to provide a secure environment for developing peer-to-peer applications. Blockchain has been used by the research community as a tool for protection against attacks. The blockchain itself can be the objective of many cyberthreats. In the literature, there are few research works aimed to protect the blockchain against cyberthreats adopting, in most cases, statistical schemes based on smart contracts and causing deployment and runtime overheads. Although, the power of machine learning tools there is insufficient use of these techniques to protect blockchain against attacks. For that reason, we aim, in this paper, to propose a new framework called BChainGuard for cyberthreat detection in blockchain. Our framework’s main goal is to distinguish between normal and abnormal behavior of the traffic linked to the blockchain network. In BChainGuard, the execution of the classification technique will be local. Next, we embed only the decision function as a smart contract. The experimental result shows encouraging results with an accuracy of detection of around 95% using SVM and 98.02% using MLP with a low runtime and overhead in terms of consumed gas.
Chapter
Blockchain is a technology that is decentralized. It has the ability to tackle a wide range of industrial issues. A blockchain transaction’s records are secured by cryptography, and each transaction is linked to previous transactions or records. Algorithms on the nodes validate blockchain transactions. As a final point, blockchains enable transparency, allowing each participant to keep track of transactions at any point in time. Smart contracts provide for safe transactions, reducing the risk of third-party interference. Readers will have a better understanding of how blockchain technology helps protect and manage today’s users. There is a thorough report on diverse blockchain studies and security proposed by the research community, and their distinct implications on blockchain, in the review. This article concludes with a detailed description of the blockchain security followed by a discussion of the many varieties of security enhancements.
Article
Blockchain relies on the underlying peer-to-peer (P2P) networking to broadcast and get up-to-date on the blocks and transactions. Because of the blockchain operations’ reliance on the information provided by P2P networking, it is imperative to have high P2P connectivity for the quality of the blockchain system operations and performances. High P2P networking connectivity ensures that a peer node is connected to multiple other peers providing a diverse set of observers of the current state of the blockchain and transactions. However, in a permissionless Bitcoin cryptocurrency network, using the peer identifiers—including the current approach of counting the number of distinct IP addresses and port numbers—can be ineffective in measuring the number of peer connections and estimating the networking connectivity. Such current approach is further challenged by the networking threats manipulating identities. We build a robust estimation engine for the P2P networking connectivity by sensing and processing the P2P networking traffic. We take a systematic approach to study our engine and analyze the followings: the different components of the connectivity estimation engine and how they affect the accuracy performances, the role and the effectiveness of an outlier detection to enhance the connectivity estimation, and the engine’s interplay with the Bitcoin protocol. We implement a working Bitcoin prototype connected to the Bitcoin mainnet to validate and improve our engine’s performances and evaluate the estimation accuracy and cost efficiency of our connectivity estimation engine. Our results show that our scheme effectively counters the identity-manipulations threats, achieves 96.4% estimation accuracy with a tolerance of one peer connection, and is lightweight in the overheads in the mining rate, thus making it appropriate for the miner deployment.
Article
Attacks against blockchain networks have proliferated in recent years. Due to its immense economic value, Bitcoin has been subject to numerous malicious theft activities through the exchange platforms. This poses a severe threat to the credibility of the entire Bitcoin ecosystem. Therefore, it is necessary to provide detection and prediction services of malicious events for Bitcoin Exchanges to prevent them in a precise and timely manner. Meanwhile, preserving the privacy of transaction data to prevent de-anonymization attacks during the detection process is also of great importance. In this paper, we present a general framework for privacy-preserving anomaly detection in blockchain networks. Based on this framework, we propose ADaaS, an anomaly detection service scheme that adopts a supervised machine learning model and achieves privacy preservation by using vector homomorphic encryption and matrix perturbation strategies. We also analyze the security, communication and computation costs of ADaaS. Experimental results demonstrate that ADaaS can achieve high detection effectiveness while providing privacy guarantees and is applicable in real scenarios of detecting Bitcoin transactions due to its reasonable efficiency.
Chapter
Blockchain oracles are introduced to mitigate the gap between blockchain-based applications and real-world information. To solve the centralization problem of current oracle systems, many decentralized protocols have been designed. In this paper, we define the basic model for decentralized oracles that rely on unencrypted transactions for verification and adjustment tasks. Furthermore, we introduce Arbitrage attack against such decentralized oracles carried out by rational miners and mining pools. We analyze the attack based on game-theoretic methods. Moreover, we briefly discuss the price of anarchy to demonstrate the characteristic of attackers’ cooperation union under different circumstances.KeywordsBlockchainDecentralized price oracleNash equilibriumPrice of anarchy (PoA)
Article
Chapter
The Internet is operated by interconnected networks of units called AS. In recent years, BGP hijackings have caused large-scale failures and interceptions. This paper focuses on the activities of it that targets AS and BGP. We analyze possible methods of it and propose a method to localize attack effectiveness. We derive a topology map of AS from BGP logs and analyze its characteristics of it. Focusing on strategies that change it and its characteristics, we assume two scenarios and three attack tactics. From our computer simulations, we can find the following two facts. First, if the adversary group wants to spread malware and disinformation, setting “fake ASs” is effective. Second, if the group wants to concentrate and confusion about information sharing, stopping some ASs is effective. These are easy to realize because the attacker can succeed only by rewriting ASPATH. On the other hand, as a countermeasure, we can find that setting a new AS can decrease such attack effectiveness.
Article
Full-text available
Traffic hijacking over the Internet has become a frequent incident over the last two decades. From minor inconveniences for casual users to massive leaks of governmental data, these events cover an unprecedently large spectrum. Many hijackings are presumed to be caused by unfortunate routing mistakes, but a well-organized attacker could set up a long-term stealthy relay, accessing critical traffic metadata, despite suitable encryption schemes. While many studies focus on the mitigation of known attacks, we choose to design a complete detection method regardless of the attacker’s strategy. We propose a two-party cryptographic protocol for detecting traffic hijacking over the Internet. Our proposal relies on a distance-bounding mechanism that performs interactive authentication with a “Challenge–Response” exchange, and measures the round-trip time of packets to decide whether an attack is ongoing. Our construction is supported by worldwide experiments on communication time between multiple nodes, allowing us to both demonstrate its applicability and evaluate its performance. Over the course of this paper, we demonstrate our protocol to be efficient—itrequires only two cryptographic operations per execution inducing negligible workload for users and very few loss of throughput, scalable—no software updates are required for intermediate network nodes, routing protocol independent—this means that any future update of the route selection process will not induce changes on our scheme, and network friendly—the added volume of transiting data is only about 1.5%.
Conference Paper
Blockchain technologies have been prominent due to their unique functionality. Blockchains are layered networks in which the secret to their effectiveness is stability. Blockchains were originally suggested as open cryptocurrencies but were still desirable for other implementations because of their features. A distributed consensus protocol offering resilience to errors provides Blockchains with decentralization. The members are generally equal, and there is no jurisdiction of any particular organization. The key goal of this paper is to systematize details on blockchains’ protection and privacy concerns. In this regard, we suggest a protection architecture based on models that display the stacked hierarchy of different threats and danger estimation. We are focused on categorizing protection vulnerabilities depending on their sources and the design suggested compared to the previous surveys. We are presenting current preventive and mitigation strategies. The focus of our work encompasses facets of the design of blockchains primarily, although only tangentially do we discuss organizational safety concerns and initiatives.
Chapter
In this paper, we outline a novel form of attack we refer to as Opportunistic Algorithmic Double-Spending (OpAl). OpAl attacks avoid equivocation, i.e., do not require conflicting transactions, and are carried out automatically in case of a fork. Algorithmic double-spending is facilitated through transaction semantics that dynamically depend on the context and ledger state at the time of execution. Hence, OpAl evades common double-spending detection mechanisms and can opportunistically leverage forks, even if the malicious sender themselves is not responsible for, or even actively aware of, any fork. Forkable ledger designs with expressive transaction semantics, especially stateful EVM-based smart contract platforms such as Ethereum, are particularly vulnerable. Hereby, the cost of modifying a regular transaction to opportunistically perform an OpAl attack is low enough to consider it a viable default strategy. While Bitcoin’s stateless UTXO model, or Cardano’s EUTXO model, appear more robust against OpAl, we nevertheless demonstrate scenarios where transactions are semantically malleable and thus vulnerable. To determine whether OpAl-like semantics can be observed in practice, we analyze the execution traces of 922562 transactions on the Ethereum blockchain. Hereby, we are able to identify transactions, which may be associated with frontrunning and MEV bots, that exhibit some of the design patterns also employed as part of the herein presented attack.
Article
Full-text available
Eventual consistency is a consistency model that favors liveness over safety. It is often used in large-scale distributed systems where models ensuring a stronger safety incur performance that are too low to be deemed practical. Eventual consistency tends to be uniformly applied within a system, but we argue a demand exists for differentiated eventual consistency, e.g. in blockchain systems. We propose UPS to address this demand. UPS is a novel consistency mechanism that works in pair with our novel two-phase epidemic broadcast protocol GPS to offer differentiated eventual consistency and delivery speed. We propose two complementary analyses of the broadcast protocol: a continuous analysis and a discrete analysis based on compartmental models used in epidemiology. Additionally, we propose the formal definition of a scalable consistency metric to measure the consistency trade-off at runtime. We evaluate UPS in two simulated worldwide settings: a one-million-node network and a network emulating that of the Ethereum blockchain. In both settings, UPS reduces inconsistencies experienced by a majority of the nodes and reduces the average message latency for the remaining nodes.
Article
Over the past decade, blockchain technology has attracted a huge attention from both industry and academia because it can be integrated with a large number of everyday applications of modern information and communication technologies (ICT). Peer-to-peer (P2P) architecture of blockchain enhances these applications by providing strong security and trust-oriented guarantees, such as immutability, verifiability, and decentralization. Despite these incredible features that blockchain technology brings to these ICT applications, recent research has indicated that the strong guarantees are not sufficient enough and blockchain networks may still be prone to various security, privacy, and reliability issues. In order to overcome these issues, it is important to identify the anomalous behaviour within the actionable time frame. In this article, we provide an in-depth survey regarding integration of anomaly detection models in blockchain technology. For this, we first discuss how anomaly detection can aid in ensuring security of blockchain based applications. Then, we demonstrate certain fundamental evaluation metrics and key requirements that can play a critical role while developing anomaly detection models for blockchain. Afterwards, we present a thorough survey of various anomaly detection models from the perspective of each layer of blockchain. Finally, we conclude the article by highlighting certain important challenges alongside discussing how they can serve as future research directions for new researchers in the field.
Conference Paper
Full-text available
While showing great promise, Bitcoin requires users to wait tens of minutes for transactions to commit - even then offering only probabilistic guarantees. This paper introduces ByzCoin, a novel Byzantine consensus protocol that leverages scalable collective signing to commit Bitcoin transactions irreversibly within seconds. ByzCoin achieves Byzantine consensus while preserving Bitcoin's open membership by dynamically forming hash power-proportionate consensus groups representing recently-successful block miners. ByzCoin employs communication trees to optimize transaction commitment and verification under normal operation while guaranteeing safety and liveness under Byzantine faults, up to a near-optimal tolerance of f faulty group members among 3f+2 total. ByzCoin mitigates double spending and selfish mining attacks by producing collectively signed transaction blocks within one minute of transaction submission. Tree-structured communication further reduces this latency to less than 30 seconds. Thanks to these optimizations ByzCoin achieves a throughput higher than Paypal currently handles, with confirmation latencies of 15-20 seconds.
Conference Paper
Full-text available
Conference Paper
Full-text available
Given the increasing adoption of Bitcoin, the number of transactions and the block sizes within the system are only expected to increase. To sustain its correct operation in spite of its ever-increasing use, Bitcoin implements a number of necessary optimizations and scalability measures. These measures limit the amount of information broadcast in the system to the minimum necessary. In this paper, we show that current scalability measures adopted by Bitcoin come at odds with the security of the system. More specifically, we show that an adversary can exploit these measures in order to effectively delay the propagation of transactions and blocks to specific nodes—without causing a network partitioning in the system. We show that this allows the adversary to easily mount Denial-of-Service attacks, considerably increase its mining advantage in the network, and double-spend transactions in spite of the current countermeasures adopted by Bitcoin. Based on our results , we propose a number of countermeasures in order to enhance the security of Bitcoin without deteriorating its scalability.
Conference Paper
Full-text available
We present a simulation model of the Bitcoin peer-to-peer network, a widely deployed distributed electronic currency system. The model enables evaluations of the feasibility and cost of attacks on the Bitcoin network at full scale of 6,000 nodes. The simulation model is based on unmodified code from core segments of the Bitcoin reference implementation used by 99% of nodes. Parametrization of the model is performed based on large-scale measurements of the real-world network. We present preliminary validation results showing a reasonable correspondence of the propagation of messages in the Bitcoin network compared with simulation results. We apply the model to study the feasibility of a partitioning attack on the network and show that the attack is sensitive to the churn of the attacking nodes.
Article
Full-text available
Bitcoin is a decentralized crypto-currency, and an accompanying protocol, created in 2008. Bitcoin nodes continuously generate and propagate blocks---collections of newly approved transactions that are added to Bitcoin's ledger. Block creation requires nodes to invest computational resources, but also carries a reward in the form of bitcoins that are paid to the creator. While the protocol requires nodes to quickly distribute newly created blocks, strong nodes can in fact gain higher payoffs by withholding blocks they create and selectively postponing their publication. The existence of such selfish mining attacks was first reported by Eyal and Sirer, who have demonstrated a specific deviation from the standard protocol (a strategy that we name SM1). In this paper we extend the underlying model for selfish mining attacks, and provide an algorithm to find $\epsilon$-optimal policies for attackers within the model, as well as tight upper bounds on the revenue of optimal policies. As a consequence, we are able to provide lower bounds on the computational power an attacker needs in order to benefit from selfish mining. We find that the profit threshold -- the minimal fraction of resources required for a profitable attack -- is strictly lower than the one induced by the SM1 scheme. Indeed, the policies given by our algorithm dominate SM1, by better regulating attack-withdrawals. Using our algorithm, we show that Eyal and Sirer's suggested countermeasure to selfish mining is slightly less effective than previously conjectured. Next, we gain insight into selfish mining in the presence of communication delays, and show that, under a model that accounts for delays, the profit threshold vanishes, and even small attackers have incentive to occasionally deviate from the protocol. We conclude with observations regarding the combined power of selfish mining and double spending attacks.
Article
Full-text available
The Tor network is a widely used system for anonymous communication. However, Tor is known to be vulnerable to attackers who can observe traffic at both ends of the communication path. In this paper, we show that prior attacks are just the tip of the iceberg. We present a suite of new attacks, called Raptor, that can be launched by Autonomous Systems (ASes) to compromise user anonymity. First, AS-level adversaries can exploit the asymmetric nature of Internet routing to increase the chance of observing at least one direction of user traffic at both ends of the communication. Second, AS-level adversaries can exploit natural churn in Internet routing to lie on the BGP paths for more users over time. Third, strategic adversaries can manipulate Internet routing via BGP hijacks (to discover the users using specific Tor guard nodes) and interceptions (to perform traffic analysis). We demonstrate the feasibility of Raptor attacks by analyzing historical BGP data and Traceroute data as well as performing real-world attacks on the live Tor network, while ensuring that we do not harm real users. In addition, we outline the design of two monitoring frameworks to counter these attacks: BGP monitoring to detect control-plane attacks, and Traceroute monitoring to detect data-plane anomalies. Overall, our work motivates the design of anonymity systems that are aware of the dynamics of Internet routing.
Article
Full-text available
Bitcoin has achieved popularity by promising users a fully decentralized, low-cost virtual currency system. A limited set of entities controls Bitcoin's services, decision-making, mining, and incident resolution processes. These entities can decide Bitcoin's fate, bypassing the will of the multitude of users that populate the network. Bitcoin has led to the emergence of several centralized services that take up a considerable share of the Bitcoin market. Bitcoin resists double-spending attacks by using a distributed PoW-based service. Bitcoin's core developers have the authority to modify Bitcoin protocol and all radical decisions require consensus among all the developers according to the Bitcoin Github repository. Bitcoin users do not have direct influence over the administrators' appointment, raising questions about universal appeal of Bitcoin.
Conference Paper
Full-text available
Bitcoin is a digital currency that unlike traditional currencies does not rely on a centralized authority. Instead Bitcoin relies on a network of volunteers that collectively implement a replicated ledger and verify transactions. In this paper we analyze how Bitcoin uses a multi-hop broadcast to propagate transactions and blocks through the network to update the ledger replicas. We then use the gathered information to verify the conjecture that the propagation delay in the network is the primary cause for blockchain forks. Blockchain forks should be avoided as they are symptomatic for inconsistencies among the replicas in the network. We then show what can be achieved by pushing the current protocol to its limit with unilateral changes to the client's behavior.
Conference Paper
Full-text available
In Bitcoin, transaction malleability describes the fact that the signatures that prove the ownership of bitcoins being transferred in a transaction do not provide any integrity guarantee for the signatures themselves. This allows an attacker to mount a malleability attack in which it intercepts, modifies, and rebroadcasts a transaction, causing the transaction issuer to believe that the original transaction was not confirmed. In February 2014 MtGox, once the largest Bitcoin exchange, closed and filed for bankruptcy claiming that attackers used malleability attacks to drain its accounts. In this work we use traces of the Bitcoin network for over a year preceding the filing to show that, while the problem is real, there was no widespread use of malleability attacks before the closure of MtGox.
Conference Paper
Full-text available
The Internet's interdomain routing protocol, BGP, is vulnerable to a number of damaging attacks, which often arise from operator misconfiguration. Proposed solutions with strong guarantees require a public-key infrastructure, accurate routing registries, and changes to BGP. However, BGP routers can avoid selecting and propagating these routes if they are cautious about adopting new reachability information. We describe a protocol- preserving enhancement to BGP, Pretty Good BGP (PGBGP), that slows the dissemination of bogus routes, providing network operators time to respond before problems escalate into large- scale Internet attacks. Simulation results show that realistic deployments of PGBGP could provide 99% of Autonomous Systems with 24 hours to investigate and repair bogus routes without affecting prefix reachability. We also show that without PGBGP, 40% of ASs cannot avoid selecting bogus routes; with PGBGP, this number drops to less than 1%. Finally, we show that PGBGP is incrementally deployable and offers significant security benefits to early adopters and their customers.
Conference Paper
Full-text available
Tor is an anonymous communications network with thou- sands of router nodes worldwide. An intuition reflected in much of the literature on anonymous communications is that, as an anonymity network grows, it becomes more se- cure against a given observer because the observer will see less of the network. In particular, as the Tor network grows from volunteers operating relays all over the world, it be- comes less and less likely for a single autonomous system (AS) to be able to observe both ends of an anonymous con- nection. Yet, as the network continues to grow significantly, no analysis has been done to determine if this intuition is correct. Further, modifications to Tor's path selection al- gorithm to help clients avoid an AS-level observer have not been proposed and analyzed. Five years ago a previous study examined the AS-level threat against client and destination addresses chosen a pri- ori to be likely or interesting to examine. Using an AS- level path inference algorithm with improved accuracy, more extensive Internet routing data, and, most importantly, a model of typical Tor client AS-level sources and destinations based on data gathered from the live network, we demon- strate that the threat of a single AS observing both ends of an anonymous Tor connection is greater than previously thought. We look at the growth of the Tor network over the past five years and show that its explosive growth has had only a small impact on the network's robustness against an AS-level attacker. Finally, we propose and evaluate the effectiveness of some simple, AS-aware path selection algo- rithms that avoid the computational overhead imposed by full AS-level path inference algorithms. Our results indicate that a novel heuristic we propose is more effective against an AS-level observer than other commonly proposed heuristics for improving location diversity in path selection.
Article
Full-text available
It is well known that the Border Gateway Protocol (BGP), the IETF standard interdomain rout- ing protocol, is vulnerable to a variety of attacks, and that a single misconfigured or malicious BGP speaker could result in large-scale service disruption. In this paper, we present Pretty Secure BGP (psBGP)—a proposal for securing BGP, including an architectural overview, design details for significant aspects, and preliminary security and operational analysis. psBGP differs from other security proposals (e.g., S-BGP and soBGP) in that it makes use of a single-level PKI for AS number authentication, a decentralized trust model for verifying the propriety of IP prefix origin, and a rating-based stepwise approach for AS PATH (integrity) verification. psBGP trades off the strong security guarantees of S-BGP for presumed-simpler operation, e.g., using a PKI with a simple structure, with a small number of certificate types, and of manageable size. psBGP is designed to successfully defend against various (nonmalicious and malicious) threats from uncoordinated BGP speakers, and to be incrementally deployed with incremental benefits.
Article
Full-text available
The Border Gateway Protocol (BGP) is an inter-Autonomous System routing protocol. It is built on experience gained with EGP as defined in RFC 904 [1] and EGP usage in the NSFNET Backbone as described in RFC 1092 [2] and RFC 1093 [3]. The primary function of a BGP speaking system is to exchange network reachability information with other BGP systems. This network reachability information includes information on the list of Autonomous Systems (ASs) that reachability information traverses. This information is sufficient to construct a graph of AS connectivity from which routing loops may be pruned and some policy decisions at the AS level may be enforced.
Article
Anonymity systems like Tor are known to be vulnerable to malicious relay nodes. Another serious threat comes from the Autonomous Systems (ASes) that carry Tor traffic due to their powerful eavesdropping capabilities. Indeed, an AS (or set of colluding ASes) that lies between the client and the first relay, and between the last relay and the destination, can perform timing analysis to compromise user anonymity. In this paper, we show that AS-level adversaries are much more powerful than previously thought. First, routine BGP routing changes can significantly increase the number of ASes that can analyze a user's traffic successfully. Second, ASes can actively manipulate BGP announcements to put themselves on the paths to and from relay nodes. Third, an AS can perform timing analysis even when it sees only one direction of the traffic at both communication ends. Actually, asymmetric routing increases the fraction of ASes able to analyze a user's traffic. We present a preliminary evaluation of our attacks using measurements of BGP and Tor. Our findings motivate the design of approaches for anonymous communication that are resilient to AS-level adversaries.
Article
Internet routing suffers from persistent and transient failures, circuitous routes, oscillations, and prefix hijacks. A major impediment to progress is the lack of ways to conduct impactful interdomain research. Most research is based either on passive observation of existing routes, keeping researchers from assessing how the Internet will respond to route or policy changes; or simulations, which are restricted by limitations in our understanding of topology and policy. We propose a new class of interdomain research: researchers can instantiate an AS of their choice, including its intradomain topology and interdomain interconnectivity, and connect it with the "live" Internet to exchange routes and traffic with real interdomain neighbors. Instead of being observers of the Internet ecosystem, researchers become members. Towards this end, we present the Peering testbed. In its nascent stage, the testbed has proven extremely useful, resulting in a series of studies that were nearly impossible for researchers to conduct in the past. In this paper, we present a vision of what the testbed can provide. We sketch how to extend the testbed to enable future innovation, taking advantage of the rise of IXPs to expand our testbed.
Article
Bit coin has emerged as the most successful cryptographic currency in history. Within two years of its quiet launch in 2009, Bit coin grew to comprise billions of dollars of economic value despite only cursory analysis of the system's design. Since then a growing literature has identified hidden-but-important properties of the system, discovered attacks, proposed promising alternatives, and singled out difficult future challenges. Meanwhile a large and vibrant open-source community has proposed and deployed numerous modifications and extensions. We provide the first systematic exposition Bit coin and the many related crypto currencies or 'altcoins.' Drawing from a scattered body of knowledge, we identify three key components of Bit coin's design that can be decoupled. This enables a more insightful analysis of Bit coin's properties and future stability. We map the design space for numerous proposed modifications, providing comparative analyses for alternative consensus mechanisms, currency allocation mechanisms, computational puzzles, and key management tools. We survey anonymity issues in Bit coin and provide an evaluation framework for analyzing a variety of privacy-enhancing proposals. Finally we provide new insights on what we term disinter mediation protocols, which absolve the need for trusted intermediaries in an interesting set of applications. We identify three general disinter mediation strategies and provide a detailed comparison.
Conference Paper
Bitcoin is a disruptive new crypto-currency based on a decentralized open-source protocol which has been gradually gaining momentum. Perhaps the most important question that will affect Bitcoin’s success, is whether or not it will be able to scale to support the high volume of transactions required from a global currency system. We investigate the implications of having a higher transaction throughput on Bitcoin’s security against double-spend attacks. We show that at high throughput, substantially weaker attackers are able to reverse payments they have made, even well after they were considered accepted by recipients. We address this security concern through the GHOST rule, a modification to the way Bitcoin nodes construct and re-organize the block chain, Bitcoin’s core distributed data-structure. GHOST has been adopted and a variant of it has been implemented as part of the Ethereum project, a second generation distributed applications platform.
Article
Bitcoin is the world's first decentralized digital currency. Its main technical innovation is the use of a blockchain and hash-based proof of work to synchronize transactions and prevent double-spending the currency. While the qualitative nature of this system is well understood, there is widespread confusion about its quantitative aspects and how they relate to attack vectors and their countermeasures. In this paper we take a look at the stochastic processes underlying typical attacks and their resulting probabilities of success.
Conference Paper
Existing low-latency anonymity networks are vulnerable to trac analysis, so location diversity of nodes is essential to defend against attacks. Previous work has shown that simply ensuring geographical di- versity of nodes does not resist, and in some cases exacerbates, the risk of trac analysis by ISPs. Ensuring high autonomous-system (AS) diver- sity can resist this weakness. However, ISPs commonly connect to many other ISPs in a single location, known as an Internet eXchange (IX). This paper shows that IXes are a single point where trac analysis can be performed. We examine to what extent this is true, through a case study of Tor nodes in the UK. Also, some IXes sample packets flowing through them for performance analysis reasons, and this data could be exploited to de-anonymize trac. We then develop and evaluate Bayesian trac analysis techniques capable of processing this sampled data.
Conference Paper
IP prefix hijacking remains a major threat to the security of the Internet routing system due to a lack of authoritative prefix ownership information. Despite many efforts in designing IP prefix hijack detection schemes, no existing design can satisfy all the critical requirements of a truly effective system: real-time, accurate, lightweight, easily and incrementally deployable, as well as robust in victim notification. In this paper, we present a novel approach that fulfills all these goals by monitoring network reachability from key external transit networks to one's own network through lightweight prefix-owner-based active probing. Using the prefix-owner's view of reachability, our detection system, iSPY, can differentiate between IP prefix hijacking and network failures based on the observation that hijacking is likely to result in topologically more diverse polluted networks and unreachability. Through detailed simulations of Internet routing, 25-day deployment in 88 autonomous systems (ASs) (108 prefixes), and experiments with hijacking events of our own prefix from multiple locations, we demonstrate that iSPY is accurate with false negative ratio below 0.45% and false positive ratio below 0.17%. Furthermore, iSPY is truly real-time; it can detect hijacking events within a few minutes.
Conference Paper
In response to high-profile Internet outages, BGP security variants have been proposed to prevent the propagation of bogus routing information. To inform discussions of which variant should be deployed in the Internet, we quantify the ability of the main protocols (origin authentication, soBGP, S-BGP, and data-plane verification) to blunt traffic-attraction attacks; i.e., an attacker that deliberately attracts traffic to drop, tamper, or eavesdrop on packets. Intuition suggests that an attacker can maximize the traffic he attracts by widely announcing a short path that is not flagged as bogus by the secure protocol. Through simulations on an empirically-determined AS-level topology, we show that this strategy is surprisingly effective, even when the network uses an advanced security solution like S-BGP or data-plane verification. Worse yet, we show that these results underestimate the severity of attacks. We prove that finding the most damaging strategy is NP-hard, and show how counterintuitive strategies, like announcing longer paths, announcing to fewer neighbors, or triggering BGP loop-detection, can be used to attract even more traffic than the strategy above. These counterintuitive examples are not merely hypothetical; we searched the empirical AS topology to identify specific ASes that can launch them. Finally, we find that a clever export policy can often attract almost as much traffic as a bogus path announcement. Thus, our work implies that mechanisms that police export policies (e.g., defensive filtering) are crucial, even if S-BGP is fully deployed.
The economics of bitcoin mining, or bitcoin in the presence of adversaries
• J A Kroll
• I C Davey
• E W Felten
Massive route leak causes Internet slowdown
• A Tonk
• Dyn Research
Financial Cryptography and Data Security
Stealing The Internet. An Internet-Scale Man In The Middle Attack
• A Pilosov
• T Kapela
Large scale BGP hijack out of India
• A Tonk
P4: Programming protocol-independent packet processors
• P Bosshart
• D Daly
• G Gibb
• M Izzard
• N Mckeown
• J Rexford
• C Schlesinger
• D Talayco
• A Vahdat
• G Varghese
• J Garay
• A Kiayias
• N Leonardos
Eclipse attacks on bitcoin's peer-to-peer network
• E Heilman
• A Kendler
• A Zohar
• S Goldberg
Discovering bitcoin's public topology and influential nodes
• A Miller
• J Litton
• A Pachulski
• N Gupta
• D Levin
• N Spring
• B Bhattacharjee
Stubborn mining: Generalizing selfish mining and combining with an eclipse attack
• K Nayak
• S Kumar
• A Miller
• E Shi
BIP 151: Peer-to-Peer Communication Encryption
• J Schnelli
Is bitcoin a decentralized currency?
• A Gervais
• G O Karama
• V Capkun
• S Capkun