Presentation is loading. Please wait.

Presentation is loading. Please wait.

Matthias Grundmann, Till Neudecker, Hannes Hartenstein

Published byDaniela Beutel Modified over 6 years ago

Similar presentations

Presentation on theme: "Matthias Grundmann, Till Neudecker, Hannes Hartenstein"— Presentation transcript:

1 Exploiting Transaction Accumulation and Double Spends for Topology Inference in Bitcoin
Matthias Grundmann, Till Neudecker, Hannes Hartenstein Prof. Dr. Hannes Hartenstein | DSN Research Group

2 Bitcoin Network Topology
Bitcoin is based on a P2P-network How the Bitcoin network looks Our view on the network Our goal: Get information about network How the Bitcoin network looks Our view on the Bitcoin network 1/14/2019 Exploiting Transaction Accumulation and Double Spends for Topology Inference Prof. Dr. Hannes Hartenstein | DSN Research Group

3 Network Topology Inference
Goal Get view of the full network Previous work Coinscope [1] Timing Analysis [2] [1] Andrew Miller, James Litton, Andrew Pachulski, Neal Gupta, Dave Levin, Neil Spring, and Bobby Bhattacharjee. Discovering bitcoin’s public topology and influential nodes [2] T. Neudecker, P. Andelfinger, and H. Hartenstein. Timing analysis for inferring the topology of the bitcoin peer-to-peer network. July 2016. 1/14/2019 Exploiting Transaction Accumulation and Double Spends for Topology Inference Prof. Dr. Hannes Hartenstein | DSN Research Group

4 Two New Approaches Exploit Transaction Accumulation
Detection of unpredictable connections Exploit Dropping of Double Spends Detection of connections of one targeted peer 1/14/2019 Exploiting Transaction Accumulation and Double Spends for Topology Inference Prof. Dr. Hannes Hartenstein | DSN Research Group

5 Agenda Introduction Basics Exploit Transaction Accumulation
Exploit Dropping of Double Spends Conclusion 1/14/2019 Exploiting Transaction Accumulation and Double Spends for Topology Inference Prof. Dr. Hannes Hartenstein | DSN Research Group

6 Goal and Assumptions about Adversary
Goal of adversary Infer connections between nodes accepting incoming connections Adversary can … connect to all publicly reachable peers estimate latencies create transactions (but has to pay fees) Accepting incoming connections Not accepting incoming connections 1/14/2019 Exploiting Transaction Accumulation and Double Spends for Topology Inference

7 Basics: Transaction Propagation
Inputs not already spent ⇒ No “double spend” ... ID INV Exploit Dropping of Double Spends Transaction is unknown ⇒ Send request ID INV ID INV Weitere Validation: Transaktion schon in Blockchain? Signatur gültig? Inputs sind Outputs einer andere Transaktion? ID INV ID GETDATA ID INV TX Check if transaction is valid: If invalid ⇒ Drop silently If valid ⇒ Announce to own neighbors I. Announce II. Request III. Send IV. Validate 1/14/2019 Exploiting Transaction Accumulation and Double Spends for Topology Inference Prof. Dr. Hannes Hartenstein | DSN Research Group

8 Delayed Forwarding in Bitcoin Core (≥ v0.14.1)
Transactions are not announced directly once they are received or created ToDo: Hier schon Vereinfachung Weiterleitung statt Ankündigung. Besser erst im nächsten Schritt? Fanti nennt die Methode „Diffusion Spreading“ => Message Accumulation Exploit Transaction Accumulation For each neighbor Queue with transactions to announce Timestamp for next announcement 1/14/2019 Exploiting Transaction Accumulation and Double Spends for Topology Inference Prof. Dr. Hannes Hartenstein | DSN Research Group

9 Exploiting Transaction Accumulation
Procedure Connect adversary to all reachable peers Create transactions ti Individually for each peer Send ti to all peers Monitor received transactions For each peer analyze first message received If exactly one transaction: Found directly connected peer  If more than one transaction: Ignore  1/14/2019 Exploiting Transaction Accumulation and Double Spends for Topology Inference Prof. Dr. Hannes Hartenstein | DSN Research Group

10 Discussion of Accumulation Approach
Success relies on first message received by a peer containing one single transaction Only infrequent Cannot be influenced or predicted by adversary False positives if assumptions fail E.g. not reachable peer forwards transaction High cost: One transaction per reachable peer Variant DSk Reduces cost to k transaction fees Validation in testnet difficult Variant Double Spend Transactions share k different inputs Every peer keeps only first transaction per input Cost: k transaction fees 1/14/2019 Exploiting Transaction Accumulation and Double Spends for Topology Inference Prof. Dr. Hannes Hartenstein | DSN Research Group

11 Simulation of Accumulation Approach
Setup 500 peers in network Simplified implementation of forwarding behavior Detection for simple version and variant DS3 ⇒ For cost of 3 transaction fees on average 20 connections correctly found with 2 false positives Simplifications: Send TX without previous INV message, latencies normally distributed with μ = 100 ms and σ = 50 ms 1/14/2019 Exploiting Transaction Accumulation and Double Spends for Topology Inference Prof. Dr. Hannes Hartenstein | DSN Research Group

12 Agenda Introduction Basics Exploit Transaction Accumulation
Exploit Dropping of Double Spends Conclusion 1/14/2019 Exploiting Transaction Accumulation and Double Spends for Topology Inference Prof. Dr. Hannes Hartenstein | DSN Research Group

13 Exploiting Dropping of Double Spends
Remember: Transaction is dropped if it is spending already spent coins Procedure Connect adversary to target and all reachable peers Create transactions ti Individually for each peer All ti spend the same coins Send ti to all peers except target Wait for target to send transaction Transaction received from target discloses neighbor of target False Positives Peer receives transaction from adversary too late Neighbor is not reachable for adversary 1/14/2019 Exploiting Transaction Accumulation and Double Spends for Topology Inference Prof. Dr. Hannes Hartenstein | DSN Research Group

14 Analysis of „Double Spend“-Approach
Simulation Setup 500 peers in network Simplified implementation of forwarding behavior Precision up to 98.1% ⇒ Approach can be used to disclose one neighbor of a specific peer! Repeat to find more neighbors Variant Suppress Prevent repeatedly finding the same neighbor Variant Ignore Ignore repetition on indication that assumptions were violated Attacker connected peers Precision 25 % 54.4 % 50 % 75.7 % 75 % 89.1 % 100 % 98.1 % TODO: Varianten nur erklären, wenn genug Zeit TODO: In Tabelle besser absolute Zahlen? Simplified implementation Send TX without previous INV message, latencies normally distributed with μ = 100 ms and σ = 50 ms Simulation setup 2000 random networks 1/14/2019 Exploiting Transaction Accumulation and Double Spends for Topology Inference Prof. Dr. Hannes Hartenstein | DSN Research Group

15 „Double Spend“-Approach with repetitions
Experiments in testnet Validation by 30 attacks on own peers (each having eight neighbors) Cost of 99 transactions fees per attack Different methods to analyze data Recall of 60 % with precision of 97 % Recall of 85 % with precision of 74 % Recall of 60 %: 60 % of neighbors have been detected 1/14/2019 Exploiting Transaction Accumulation and Double Spends for Topology Inference Prof. Dr. Hannes Hartenstein | DSN Research Group

16 Conclusion Exploit accumulation of transactions
Detection of unpredictable connections Cost: low when using variant DS3 Countermeasure: change accumulation implementation Exploit dropping of double spends Detection of connections of specific target Cost: low, good experimental results Countermeasure: not trivial without opening attack surface for DoS attacks Future work Optimization of these approaches Use multiple monitors Include timing information Reduce cost Develop similar approaches Can these approaches be used to infer the topology of the testnet? 1/14/2019 Exploiting Transaction Accumulation and Double Spends for Topology Inference Prof. Dr. Hannes Hartenstein | DSN Research Group

17 References [1] Andrew Miller, James Litton, Andrew Pachulski, Neal Gupta, Dave Levin, Neil Spring, and Bobby Bhattacharjee. Discovering bitcoin’s public topology and influential nodes [2] T. Neudecker, P. Andelfinger, and H. Hartenstein. Timing analysis for inferring the topology of the bitcoin peer-to-peer network. July 2016. [3] Ethan Heilman et al. “Eclipse Attacks on Bitcoin’s Peer-to-peer Network”. In: Proceedings of the 24th USENIX Conference on Security Symposium. SEC’15. Washington, D.C.: USENIX Association, 2015, pp. 129–144. [4] Giulia C. Fanti and Pramod Viswanath. “Anonymity Properties of the Bitcoin P2P Network”. In: CoRR abs/ (2017). 1/14/2019 Exploiting Transaction Accumulation and Double Spends for Topology Inference

18 Backup 1/14/2019 Exploiting Transaction Accumulation and Double Spends for Topology Inference

19 Motivation Attacks become easier with topology information
Eclipse attacks [3] Deanonymization [4] 0-confirmation double spends 1/14/2019 Exploiting Transaction Accumulation and Double Spends for Topology Inference

20 Topology Inference Goal: Obtain information about topology of the Bitcoin network Distribution of node degrees Structure of network Are two peers directly connected to each other? Why? Scientific interest Attacks become easier with topology information Eclipse attacks [3] Deanonymization [4] Model for attacker Small number of peers Creates transactions, but needs to pay fees Can connect to all reachable peers and estimate latencies No knowledge of network (like ISP) 1/14/2019 Exploiting Transaction Accumulation and Double Spends for Topology Inference

21 “Double Spends” – False Positives
Peer receives transaction from attacker too late Neighbor is not reachable for attacker 1/14/2019 Exploiting Transaction Accumulation and Double Spends for Topology Inference

22 „Double Spend“-Variants
Variant: Suppress Prevent finding already known neighbors Idea: Create and send… … transactions ti using input i1 … transaction for target using input i2 … transactions for already known neighbors using input i1 and i2 1/14/2019 Exploiting Transaction Accumulation and Double Spends for Topology Inference

23 „Double Spend“-Variants
Variant: Suppress Prevent finding already known neighbors Idea: Create and send… … transactions ti using input i1 … transaction for target using input i2 … transactions for already known neighbors using input i1 and i2 Variant: Ignore Increase precision Idea: If another peer sends the transaction forwarded by the target, ignore this run, because something didn‘t work as expected 1/14/2019 Exploiting Transaction Accumulation and Double Spends for Topology Inference

24 Simulation of „Double Spend“-Approach
Setup of simulation: 500 peers in network Simplified implementation of forwarding behavior Send TX without previous INV message, latencies normally distributed with μ = 100 ms and σ = 50 ms 2000 random networks Results for detection of one neighbor: Attacker connected peers True Positives False Positives 125 54,4 % 45,6 % 250 75,7 % 24,3 % 375 89,1 % 10,9 % 500 98,1 % 1,9 % 1/14/2019 Exploiting Transaction Accumulation and Double Spends for Topology Inference

25 Transaction Accumulation – Network Size
Detection results scales with network size Simulation of default version, connected to half of the peers in the network 1/14/2019 Exploiting Transaction Accumulation and Double Spends for Topology Inference

26 Accumulation Results in Testnet
Direct connections Sum Unique Validatable Correct (a) Measured latencies, no double spends 49 44 1 (b) Bitcoin latencies, no double spends 58 (c) Measured latencies, three inputs 128 116 3 (d) Measured latencies, three inputs 115 2 (e) Shuffled, three inputs 67 65 (f) Measured latencies, ten inputs 98 86 (g) Measured latencies, three inputs (100) 1241 883 6 1/14/2019 Exploiting Transaction Accumulation and Double Spends for Topology Inference

27 „Double-Spend“ Comparison of fully and half connected, simulation with 500 peers Fully connected, variants Suppress and Suppress + Ignore 1/14/2019 Exploiting Transaction Accumulation and Double Spends for Topology Inference

28 „Double-Spend“ – Variant Count
Fully connected, simulation of network of 500 peers 1/14/2019 Exploiting Transaction Accumulation and Double Spends for Topology Inference

Download ppt "Matthias Grundmann, Till Neudecker, Hannes Hartenstein"

Similar presentations

Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.

Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Computer Networks Group Universität Paderborn Ad hoc and Sensor Networks Chapter 9: Localization & positioning Holger Karl.

Computer Networks Group Universität Paderborn Ad hoc and Sensor Networks Chapter 9: Localization & positioning Holger Karl.
Cristian Lumezanu Dave Levin Neil Spring PeerWise Discovery and Negotiation of Faster Paths.

Cristian Lumezanu Dave Levin Neil Spring PeerWise Discovery and Negotiation of Faster Paths.
Dynamic Bayesian Networks (DBNs)

Dynamic Bayesian Networks (DBNs)
Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presented by Mounica Atluri.

Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presented by Mounica Atluri.
Bitcoin Double Spending Attack Karame, Androulaki & Capkun Presented by Subhro Kar CSCE 715, Fall 2013.

Bitcoin Double Spending Attack Karame, Androulaki & Capkun Presented by Subhro Kar CSCE 715, Fall 2013.
Specification-based Intrusion Detection Michael May CIS-700 Fall 2004.

Specification-based Intrusion Detection Michael May CIS-700 Fall 2004.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background – Detection of Invalid Routing Announcement in the Internet –Open Discussions Thursday.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
1 Denial-of-Service Resilience in P2P File Sharing Systems Dan Dumitriu (EPFL) Ed Knightly (Rice) Aleksandar Kuzmanovic (Northwestern) Ion Stoica (Berkeley)

1 Denial-of-Service Resilience in P2P File Sharing Systems Dan Dumitriu (EPFL) Ed Knightly (Rice) Aleksandar Kuzmanovic (Northwestern) Ion Stoica (Berkeley)
INFERRING NETWORKS OF DIFFUSION AND INFLUENCE Presented by Alicia Frame Paper by Manuel Gomez-Rodriguez, Jure Leskovec, and Andreas Kraus.

INFERRING NETWORKS OF DIFFUSION AND INFLUENCE Presented by Alicia Frame Paper by Manuel Gomez-Rodriguez, Jure Leskovec, and Andreas Kraus.
Secure Localization using Dynamic Verifiers Nashad A. Safa Joint Work With S. Sarkar, R. Safavi-Naini and M.Ghaderi.

Secure Localization using Dynamic Verifiers Nashad A. Safa Joint Work With S. Sarkar, R. Safavi-Naini and M.Ghaderi.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Self Healing Wide Area Network Services Bhavjit S Walha Ganesh Venkatesh.

Self Healing Wide Area Network Services Bhavjit S Walha Ganesh Venkatesh.
Measurement in the Internet. Outline Internet topology Bandwidth estimation Tomography Workload characterization Routing dynamics.

Measurement in the Internet. Outline Internet topology Bandwidth estimation Tomography Workload characterization Routing dynamics.
Cyclone Time Technology Deriving Consistent Time Base Using Local Clock Information Ashok Agrawala Moustafa Youssef Bao Trinh University of Maryland College.

Cyclone Time Technology Deriving Consistent Time Base Using Local Clock Information Ashok Agrawala Moustafa Youssef Bao Trinh University of Maryland College.
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Winter Retreat - 2003 Connecting the Dots: Using Runtime Paths for Macro Analysis Mike Chen, Emre Kıcıman, Anthony Accardi, Armando Fox, Eric Brewer

Winter Retreat Connecting the Dots: Using Runtime Paths for Macro Analysis Mike Chen, Emre Kıcıman, Anthony Accardi, Armando Fox, Eric Brewer

Similar presentations

Ads by Google