Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hijacking Bitcoin: Routing attacks on cryptocurrencies

Published byEthel Nicholson Modified over 6 years ago

Similar presentations

Presentation on theme: "Hijacking Bitcoin: Routing attacks on cryptocurrencies"— Presentation transcript:

1 Hijacking Bitcoin: Routing attacks on cryptocurrencies
Aviv Zohar School Computer Science and Engineering The Hebrew University of Jerusalem Based on joint work with Maria Apostolaki and Laurent Vanbever

2 The Blockchain: A record of transactions
Cash Blue: 2 Red: 1 Digital Payments Bitcoin & similar currencies Blue: 2 Red: 1 Blue: 2 Red: 1 Blue: 2 Red: 1 Blue: 2 Red: 1 Blue: 2 Red: 1 Secured by “proof-of-work” Blue: 2 Red: 1 Blue: 2 Red: 1 Blue: 2 Red: 1 The Blockchain: A record of transactions 2

3 The Longest Chain Rule and Double-Spend Attacks
Bitcoin’s Guarantee [Satoshi]: As long as attacker controls < 50% of compute power, and nodes can quickly broadcast blocks The probability of block replacement decreases exponentially with time.

4 BGP and Routing 192.56.*.* Via AS2,AS1 192.56.*.* Via AS1 AS3 AS2 AS4
Routing table *.* to AS1 AS1 AS2 AS3 AS4 AS5 AS6 AS7 AS8 *.* Via AS1 I have IP range *.*

5 BGP and Routing AS1 AS2 AS3 AS4 AS5 AS6 AS7 AS8

6 Route by most specific prefix!
Prefix Hijacking AS1 AS2 AS3 AS4 AS5 AS6 AS7 AS8 Routing table *.* to AS1 * to AS 5 I have IP range * I have IP range *.* Route by most specific prefix!

7 Prefix Hijacking AS3 AS2 AS4 AS8 AS5 AS1 AS6 AS7
I have IP range * I have IP range *.*

8 Hijacked our own node Hijacks are fast. Slow to repair
human intervention needed takes hours

9 Hijacks are common

10

11 Consequences of disrupting connectivity
Transactions cannot be sent (DoS) Pool rewards can be stolen Transactions on one side of the network are reversed Miners lose revenue Double spending attacks against merchants Mining power subverted to attack double spend selfish mining Censorship via empty blocks

12 Mining pools

13 Attack 1: Partitioning Bitcoin
Deduce gateway nodes for pools Stratum servers Block propagation data Combine with routing data Factors that aid attacker: Mining power is held by few nodes Only 7% of nodes are advertised in /24 prefixes

14 Partitions need to be perfect
1050 bitcoind nodes running on VMs on emulated network. With churn (as measured on network) Connections return slowly BUT a few connections suffice.

15 Blocks Propagation Mechanics
sender receiver INV: Block 1dafe8b243ae GETDATA: Block 1dafe8b243ae INV GETDATA INV INV Block transfer Traffic is not encrypted!

16 Blocks Propagation Mechanics
sender receiver INV: Block 1dafe8b243ae GETDATA: Block 1dafe8b243ae 20 min No block: Connection Drop

17 Attack 2a: MitM block delay attack
sender MitM receiver MitM sees traffic TO reciever INV: Block 1dafe8b243ae GETDATA: Block 1dafe8b243ae Block transfer Invalid block 20 min Connection Drop

18 Attack 2b: MitM block delay attack
sender MitM receiver MitM sees traffic FROM reciever INV: Block 1dafe8b243ae GETDATA: Block 1dafe8b243ae GETDATA: Block 2d31bacd451e1 19 min GETDATA: Tx f311e5db78a2 GETDATA: Block 1dafe8b243ae Connection not lost. Repeat attack! BLOCK transfer

19 We performed this MitM attack on our own node
Passive AS (no hijacking) Uninformed node wastes mining power Susceptible to 0-conf attacks

20 Other attacks on the P2P overlay
(another paper with Ethan Heilman, Sharon Goldberg, Allison Kendler) Eclipse attack: Target P2P network formation DNS List of nodes Known Peers More nodes Lists of attacker nodes

21 Summary Bitcoin is considered secure as long as nodes can communicate
Communication is easily disrupted Mitigation techniques in the papers Much more needed!

22 Thank You!

Download ppt "Hijacking Bitcoin: Routing attacks on cryptocurrencies"

Similar presentations

Bitcoins Transaction Processing Yonatan Sompolinsky joint work with Aviv Zohar.

Bitcoins Transaction Processing Yonatan Sompolinsky joint work with Aviv Zohar.
Bitcoin. What is Bitcoin? A P2P network for electronic payments Benefits: – Low fees – No middlemen – No central authority – Can be anonymous – Each payment.

Bitcoin. What is Bitcoin? A P2P network for electronic payments Benefits: – Low fees – No middlemen – No central authority – Can be anonymous – Each payment.
Bitcoin Double Spending Attack Karame, Androulaki & Capkun Presented by Subhro Kar CSCE 715, Fall 2013.

Bitcoin Double Spending Attack Karame, Androulaki & Capkun Presented by Subhro Kar CSCE 715, Fall 2013.
Towards a More Democratic Mining in Bitcoins Goutam Paul R. C. Bose Centre for Cryptology & Security, Indian Statistical Institute Pratik Sarkar Indian.

Towards a More Democratic Mining in Bitcoins Goutam Paul R. C. Bose Centre for Cryptology & Security, Indian Statistical Institute Pratik Sarkar Indian.
Stefan Dziembowski Why do the cryptographic currencies need a solid theory? Forum Informatyki Teoretycznej, Warsaw 30.1.2015.

Stefan Dziembowski Why do the cryptographic currencies need a solid theory? Forum Informatyki Teoretycznej, Warsaw
BITCOIN An introduction to a decentralised and anonymous currency. By Andy Brodie.

BITCOIN An introduction to a decentralised and anonymous currency. By Andy Brodie.
The world’s first decentralized digital currency Meni Rosenfeld Bitcoil 29/11/2012Written by Meni Rosenfeld1.

The world’s first decentralized digital currency Meni Rosenfeld Bitcoil 29/11/2012Written by Meni Rosenfeld1.
Bitcoin (what, why and how?)

Bitcoin (what, why and how?)
Bitcoins and the Digital Economy Presented By: Matt Blackman.

Bitcoins and the Digital Economy Presented By: Matt Blackman.
1 Bitcoin A Digital Currency. Functions of Money.

1 Bitcoin A Digital Currency. Functions of Money.
Https://cybercamp.es#CyberCamp15 Deanonimization methods in Bitcoin Network Marko Marić.

Deanonimization methods in Bitcoin Network Marko Marić.
Attacking on IPv6 W.lilakiatsakun Ref: ipv6-attack-defense-33904http://www.sans.org/reading-room/whitepapers/protocols/complete-guide-

Attacking on IPv6 W.lilakiatsakun Ref: ipv6-attack-defense-33904http://
P2PSIP Security Analysis and evaluation draft-song-p2psip-security-eval-00 Song Yongchao Ben Y. Zhao

P2PSIP Security Analysis and evaluation draft-song-p2psip-security-eval-00 Song Yongchao Ben Y. Zhao
IS ANONYMOUS CURRENCY A GOOD IDEA? BY ADAM LASSWELL.

IS ANONYMOUS CURRENCY A GOOD IDEA? BY ADAM LASSWELL.
Bitcoin Tech Talk Zehady Abdullah Khan (Andy) Graduate Assistant, Computer Science Department, Purdue University.

Bitcoin Tech Talk Zehady Abdullah Khan (Andy) Graduate Assistant, Computer Science Department, Purdue University.
Stubborn Mining: Generalizing Selfish Mining and Combining with an Eclipse Attack With Srijan Kumar, Andrew Miller and Elaine Shi 1 Kartik Nayak.

Stubborn Mining: Generalizing Selfish Mining and Combining with an Eclipse Attack With Srijan Kumar, Andrew Miller and Elaine Shi 1 Kartik Nayak.
Bitcoin: Fake, Virtual and Real Partha Dasgupta Arizona State University Tempe, AZ, USA Note: “Current” numbers used are from mid-2015.

Bitcoin: Fake, Virtual and Real Partha Dasgupta Arizona State University Tempe, AZ, USA Note: “Current” numbers used are from mid-2015.
First… What is Cryptocurrency? A Cryptocurrency is a digital currency that is created through mathematical engineering (algorithm). It is designed to.

First… What is Cryptocurrency? A Cryptocurrency is a digital currency that is created through mathematical engineering (algorithm). It is designed to.
Bitcoin Bitcoin is a cryptocurrency. The platform that hosts Bitcoin is a p2p system. Bitcoin can be abstracted as a digital file that records the account.

Bitcoin Bitcoin is a cryptocurrency. The platform that hosts Bitcoin is a p2p system. Bitcoin can be abstracted as a digital file that records the account.
Motivation ✓ ✘ ? Bitcoin/Ideal Credit Card Works on Internet

Motivation ✓ ✘ ? Bitcoin/Ideal Credit Card Works on Internet

Similar presentations

Ads by Google