A Survey of Attacks on Blockchain Technology

Year 2018, Volume: 11 Issue: 4, 369 - 382, 30.10.2018

Oğuzhan Taş , Farzad Kiani

https://doi.org/10.17671/gazibtd.451695

Cited By: 9

Abstract

In recent times, popularity of blockchain based crypto
currencies (bitcoin and ethereum) have been increased.  Blockchain system has decentralized peer to
peer (P2P) network, all transactions are recorded in a public ledger that can
only be appended.  The miners constitute
the nodes of this network and every miner has local copy of ledger. In
blockchain, PoW consensus algorithm is used to verify transaction and give permission
to append new blocks to chain. To get reward, miners compete with each other to
complete transactions on the peer to peer network. The reward system popularized Bitcoin, which uses block-chain, but at the
same time attracted the atention of the attackers in the block chain. In this paper,
current attacks against the block-chain are presented. In the first part,
attack types to P2P architecture, consensus protocol and transaction are
investigated. In this part, 51%, Double Spending, Finney, Vector76, Brute Force,
Sybil, Eclipse and Balance attacks are explained and solutions are proposed. In
addition, pool mining attacks such as block withholding attack (BWH), Pool
hoping attack, Blacklisting via Punitive Forking, Feather Forking and bribery
attack are presented.  In the last part, the
future of cryptography used in blockchain infrastructure has been discussed and
effects of Post Quantum Cryptography have been mentioned

Keywords

blockchain, security, bitcoin, ethereum

Blok Zinciri Teknolojisine Yapılan Saldırılar Üzerine bir İnceleme

Abstract

Son zamanlarda;  blok zinciri tabanlı kripto para ödeme
sistemleri(bitcoin, ethereum) oldukça popüler olmuştur. Merkezi olmayan eşler
arası(P2P) ağ yapısına sahip olan bu sistemde tüm işlemler, sadece ekleme
yapılabilen bir ana defterde(ledger) tutulmaktadır. Madenciler ise bu ağ
yapısındaki düğümleri oluşturmaktadır, her madenci defterin yerel kopyasına
sahiptir. Blok zincirinde, PoW uzlaşma protokolü işlemi onaylamakta ve zincire yeni
blok eklenmesine izin vermektedir. Ödülü almak için, madenciler eşler arası
ağda işlemi tamamlamak için birbirleriyle yarışırlar.  Ödül sistemi, blok zinciri kullanan bitcoin’i
popülerleştirmiş,  fakat aynı zamanda
saldırganların blok zincirine ilgisini artırmıştır. Saldırganlar tarafından
blok zincirinin madenci havuzuna ve ağ yapısının güvenliğine farklı saldırılar
yapılmıştır. Bu makalede, blok zinciri alt yapısına karşı mevcut saldırılar
sunulmuştur. İlk bölümlerde, P2P mimarisine, uzlaşma protokolüne ve işlemlere
yönelik saldırı tipleri araştırılmıştır. Bu bölümde, %51 saldırısı, Çift
harcama, Finney, Vector76, Kaba Kuvvet, Sybil, Eclipse, Denge gibi saldırılar açıklanmış
ve çözümler önerilmiştir. Daha sonra, Bencil madencilik ve Blok Atma, Blok
Tutma(BWH),  Blok Tutma Sonrası
Çatallanma(FAW), Havuz sıçrama saldırısı, Cezalandırıcı Çatallanma ile Kara
Listeye Alma, Köpük saldırısı ve Rüşvet Saldırısı gibi madencilik havuzuna
karşı saldırılar incelenmiş ve savunma stratejileri sunulmuştur. Son bölümde de
blok zinciri altyapısında kullanılan kriptografi’nin geleceği üzerinde tartışılmış
ve Post Kuantum Kriptografi’nin  etkilerinden bahsedilmiştir

Keywords

blok zinciri, güvenlik, bitcoin, ethereum

References

• [1] İnternet: D. Furlonger, J. Lopez, What CIOs Should Tell the Board of Directors About Blockchain, Gartner Research, https://www.gartner.com/doc/3606027/cios-tell-board-directors-blockchain, 01.08.2018.
• [2] D. Chaum, "Blind signatures for Untraceable payments", Advances in Cryptology: Proceedings of Crypto 82, 199-203, Springer, 1983. [3] İnternet: Coin Market Cap, List of cryptocurrencies, https://coinmarketcap.com/all/views/all/, 15.07.2018.
• [4] İnternet: Bitcoin Bitcoin (BTC) price stats and information, https://bitinfocharts.com/bitcoin/, 15.07.2018.
• [5] İnternet: S. Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System, 2008, https://bitcoin.org/bitcoin.pdf, 06.07.2018.
• [6] A. Zohar, “Bitcoin under the Hood”, Communication of the ACM, 58(9), 104-113, 2015.
• [7] W. Stallings, “A Blockchain Tutorial”, Internet Protocol Journal, 20(3), 2-24, 2017.
• [8] I. Lin, T. Liao, "A Survey of Blockchain Security Issues and Challenges", International Journal of Network Security, 19(5), 653-659, 2017.
• [9] İnternet: N. Gopie, What are smart contracts on blockchain?, https://www.ibm.com/blogs/blockchain/2018/07/what-are-smart-contracts-on-blockchain,17.07.2018.
• [10] İnternet: G. Jenkinson, GPUs And ASICs - A Never Ending Battle For Mining Supremacy, https://cointelegraph.com/news/blockshow-announces-blockshow-americas-2018-conference-in-las-vegas-august-20-21, 24.07.2018.
• [11] A. Back, Hashcash - A Denial of Service Counter-Measure, CyperSpace, 2002.
• [12] İnternet: Basic primer, Blockchain Consensus Protocol, https://blockgeeks.com/guides/blockchain-consensus/,18.07.2018.
• [13] A. Narayanan, J. Bonneau, E. Felten, A. Miller, S. Goldfeder, Bitcoin and Cryptocurrency Technologies: A Comprehensive Introduction, Princeton University Press, 2016.
• [14] Y. Sompolinsky, A. Zohar, “Secure high-rate transaction processing in bitcoin”, International Conference on Financial Cryptography and Data Security, 507–527, 2015.
• [15] Y. Lewenberg, Y. Sompolinsky, A. Zohar, “Inclusive block chain protocols”, International Conference on Financial Cryptography and Data Security, Springer, 2015.
• [16] M. Conti, S. Kumar E, C. Lal, S. Ruj, “A Survey on Security and Privacy Issues of Bitcoin”, IEEE Communications Surveys & Tutorials, ArXiv preprint, arXiv:1706.00916, 2018.
• [17] M. Swan, Blockchain blueprint for a new economy, O'Reilly Media, Inc., 2015.
• [18] İnternet: A. Rosic, 5 Blockchain Applications That Are Shaping Your Future, HuffPost, https://www.huffingtonpost.com/ameer-rosic-/5-blockchain-applications_b_13279010.html/,13.07.2018.
• [19] J. J. Xu, ”Are blockchains immune to all malicious attacks?”, Financial Innovation, 2016.
• [20] İnternet: M. Crosby, P. Nachiappan Pattanayak, S. Verma, V. Kalyanarama, Blockchain technology: Beyond bitcoin, http://scet.berkeley.edu/wp-content/uploads/AIR-2016-Blockchain.pdf, 2016.
• [21] Internet: J. Sinnige, Blockchain: how a 51% attack works (double spend attack), https://medium.com/coinmonks/what-is-a-51-attack-or-double-spend-attack-aa108db63474 , 6.08.2018.
• [22] İnternet: I. Eyal, E. G. Sirer, How to disincentivize large bitcoin mining pools, http://hackingdistributed.com/2014/06/18/how-to-disincentivize-large-bitcoin-mining-pools/, 31.07.2018.
• [23] İnternet: A. Quenston, 4 Lines of Defence Against a 51% Attack, https://www.ccn.com/4-lines-defence-51-attack/, 31.07.2018.
• [24] G. O. Karame, E. Androulaki, and S. Capkun, “Two Bitcoins at the Price of One? Double-spending attacks on fast payments in bitcoin,”, ACM Conference on Computer and Communications Security (CCS’12), 2012.
• [25] İnternet: Y. Sompolinsky, A. Zohar, Bitcoin's Security Model Revisited, Cryptography and Security, ArXiv preprint, arxiv:1605.09193, 2016.
• [26] İnternet: Fake bitcoins?, 2011, https://bitcointalk.org/index.php?topic=36788.msg463391#msg463391, 20.06.2018.
• [27] İnternet: J. Heusser, Sat solvingan alternative to brute force bitcoin mining, https://jheusser.github.io/2013/02/03/satcoin.html, 20.06.2018.
• [28] C. Natoli, V. Gramoli, “The Balance Attack Against Proof-Of-Work Blockchains: The R3 Testbed as an Example”, CoRR, 2016.
• [29] J.R.Douceur, "The Sybil Attack", Peer-to-Peer Systems Lecture Notes in Computer Science, 2429, 251–60, 2002.
• [30] İnternet: Y. Marcus, E. Heilman, S. Goldberg, Low-Resource Eclipse Attacks on Ethereum's Peer-to-Peer Network, ePrint (Cryptology) Report 2018 / 236, https://eprint.iacr.org/2018/236.pdf, 27.07.2018.
• [31] E. Heilman, A. Kendler, A. Zohar, S. Goldberg. “Eclipse attacks on bitcoin’s peer-to-peer network”, USENIX Security, Washington D.C., ABD, 129-144, 12-14 Ağustos, 2015.
• [32] S. Bag, S.Ruj, K. Sakurai, “Bitcoin Block Withholding Attack: Analysis and Mitigation”, IEEE Transactions on Information Forensics and Security, 12(8), 1967-1978, 2017.
• [33] M. Rosenfeld, “Analysis of bitcoin pooled mining reward systems”, Distributed, Parallel, and Cluster Computing, ArXiv preprint, arxiv:1112.4980, 2011.
• [34] İnternet: N. T. Courtois and L. Bahack, On Subversive Miner Strategies and Block Withholding Attack in Bitcoin Digital Currency, Cryptography and Security, ArXiv preprint, arxiv:1402.1718, 2014.
• [35] İnternet: L. Bahack, Theoretical Bitcoin Attacks with Less than Half of the Computational Power, Cryptography and Security, ArXiv preprint, arxiv:1312.7013, 2013.
• [36] I. Eyal and E. G. Sirer, “Majority is not enough: Bitcoin mining is vulnerable”, Financial Cryptography and Data Security: 18th International Conference, Springer Berlin Heidelberg, 2014.
• [37] J.Bonneau, A.Miller, J.Clark, A.Narayanan, J.A.Kroll, E Felten, "SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies", 2015 IEEE Symposium on Security and Privacy, 2015.
• [38] İnternet: V. Buterin, Selfish Mining: A 25% Attack Against the Bitcoin Network, https://bitcoinmagazine.com/articles/selfish-mining-a-25-attack-against-the-bitcoin-network-1383578440/ , 29.07.2018.
• [39] G. Karame, E. Androulaki, S.Capkun, "Double-spending Fast Payments in Bitcoin", In Proceedings of the ACM Conference on Computer and Communications Security (CCS), ACM, 2012.
• [40] S.Solat, M.Potop-Butucaru, ZeroBlock: Preventing Selfish Mining in Bitcoin, Sorbonne Universites, UPMC University of Paris, 2016.
• [41] E.Heilman, "One weird trick to stop selfish miners: Fresh bitcoins, a solution for the honest miner",International Conference on Financial Cryptography and Data Security, 2014.
• [42] İnternet: S. D. Lerner, DECOR+ Protocol, https://bitslog.wordpress.com/2014/05/02/decor/, 07.08.2018.
• [43] İnternet: S.D. Lerner, Bitcoin Powered Smart Contracts, RootStock Platform Whitepaper, https://bravenewcoin.com/assets/Whitepapers/RootstockWhitePaperv9-Overview.pdf, 03.08.2018.
• [44] Y. Kwon, D. Kim, Y. Son, E. Vasserman, Y. Kim, “Be selfish and avoid dilemmas: Fork after withholding (faw) attacks on bitcoin”, ACM SIGSAC Conference on Computer and Communications Security, ACM, 2017.
• [45] J. Bonneau, “Why buy when you can rent?”, International Conference on Financial Cryptography and Data Security, Springer, 2016. [46] M. Rosenfeld, “Mining pools reward methods”, Presentation at Bitcoin 2013 Conference, 2013.
• [47] Y. Zolotavkin, J. Garcia, C. Rudolph, “Incentive Compatibility of Pay Per Last N Shares in Bitcoin Mining Pools”, International Conference on Decision and Game Theory for Security, 2017.
• [48] İnternet: A. Miller, Feather-forks: enforcing a blacklist with sub-50% hash power, https://bitcointalk.org/index.php?topic=312668.0, 07.08.2018.
• [49] İnternet: M. Fang, P. Hayes, Game Theory and Network Attacks: How to Destroy Bitcoin, https://www.bitcoin.org.hk/media/2017/05/How_to_Destroy_Bitcoin.pdf, 04.08.2018.
• [50] P. Rogaway, T. Shrimpton, “Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance”. Fast Software Encryption, Springer-Verlag, 2004.
• [51] K. Aoki, J. Guo, K. Matusiewicz, Y. Sasaki, L. Wang, “Preimages for step-reduced SHA-2”, International Conference on the Theory and Application of Cryptology and Information Security, Advances in Cryptology–ASIACRYPT 2009.
• [52] İnternet: D. Khovratovich, C. Rechberger & A. Savelieva, Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 family, International Workshop on Fast Software Encryption, 2011.
• [53] P.Shor, "Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer", SIAM Journal on Computing, 26(5), 1484-1509, 1995.
• [54] D. J. Bernstein, J. Buchmann, Post-Quantum Cryptography, Springer, 2009.
• [55] D.J. Bernstein,"Cost analysis of hash collisions: Will quantum computers make SHARCS obsolete?", Proceedings 4th Workshop on Special-purpose Hardware for Attacking Cryptograhic Systems, 2009.