A Security Threat to the Bitcoin Blockchain?
In a report to be featured at the 38th IEEE Symposium on Security and Privacy in May, Aviv Zohar of The Hebrew University present findings on how an attack to the Bitcoin Blockchain can occur via the Internet’s routing infrastructure. In this paper, Zohar and his collaborators Maria Apostolaki and Laurent Vanbever, show off two ways a Border Gateway Protocol (BGP) can attack Bitcoin through either a partition attack, or a delayed attack.
In the partition attack, if an Internet Service Provider ISP is the sole route within a significant part of the Bitcoin network, a black hole could stop the two sides (the blockchain and the internet routing infrastructure) from communicating with each other. While these two “islands” will continue to process transactions and mine new bitcoin, when the intruder brings the two elements together again, there is no other option than to discard the mined bitcoins, transactions, and mining revenue.
The delayed attack, however, is thought to be worst, in some respects, because unlike the partitioning attack, researchers say it is undetectable. This attack creates a scenario where merchants become vulnerable to double-spending; valuable processing power is wasted by miners, and ordinary nodes cannot spread the latest version of the blockchain.
These sort of attacks are problematic for Bitcoin’s developers because they do not control the attack vector, the respected (BGP) protocol that defines how packets are routed through the Internet.
BGP problems are well-known as they are a product of a simpler era, and are setup to trust the information received. A careless or malicious error on the part of a carrier or ISP network can essentially poison BGP route information to the Internet, black-holing major chunks of net traffic.
Both of these types of attacks do require an insider given that they happen at the ISP level. Nevertheless, they are considered serious attacks and highlight the vulnerabilities often overlooked relative to the Bitcoin network. Bitcoin nodes tend to aggregate at a small section of all ISPs. It is estimated that thirteen host about 30 percent of the entire Bitcoin network with 60 percent of Bitcoin traffic visible to just three ISPs.
The researchers as mentioned earlier say that BGP attacks are already impacting upwards of 100 Bitcoin nodes a month with a peak in November 2015 where it rose to 8 percent of the entire Bitcoin network (447 nodes) in a traffic hijack. However, the paper also offers some countermeasures, most of which could be deployed immediately, such as increasing the diversity of node connections, selecting bitcoin peers while taking routing into account, and “encrypting Bitcoin connections/using a Message Authentication Code (MAC) to validate that the content of each message has not been changed would make delay attacks much more difficult.”
Michael Perklin, Chief Information Security Officer for the global cryptocurrency asset exchange Shapeshift, says that Bitcoin has been designed to resist attacks just like the Internet was designed to withstand nuclear attacks on a city; by decentralizing the nodes, there is no single point of failure. Perklin notes that inherent to Bitcoin’s blockchain records are the details of every transaction people have performed. As a result, an issue that disrupts communications between two continents can mean that both continents observe two competing records of what has occurred. This failure of consensus, he says, can have disastrous effects on the economy as payments are reversed and newly-minted coins are destroyed.
Concludes Perklin: “Thankfully ISPs recognize the importance of having secure BGP connections between peers and regularly take actions to prevent exploitation of BGP-related attacks. While these attacks are theoretically possible (like brute-forcing a private key), we can take comfort in the fact that they are difficult to execute in practice as they require privileged access to highly-protected pieces of equipment.”
The details of this security threat will be presented at the IEEE Symposium on Security and Privacy 2017 in May, in San Jose. The researchers say they will release code on GitHub offering a prototype of the delay attack at that time.