Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k...
Transcript of Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k...
![Page 1: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/1.jpg)
IEEE Security & Privacy
Maria Apostolaki
23 May 2017
ETH Zürich
Joint work with Aviv Zohar and Laurent Vanbever
Routing Attacks on Cryptocurrencies
Hijacking Bitcoin
1
![Page 2: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/2.jpg)
Routing attacks quite often make the news
2
![Page 3: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/3.jpg)
source: arstechnica.com
3
![Page 4: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/4.jpg)
source: wired.com
4
![Page 5: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/5.jpg)
That is only the tip of the iceberg of routing manipulations
5
![Page 6: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/6.jpg)
Oct. Dec.
# of monthlyrouting hijacks
2015
Nov. Jan. Feb. March
150k
100k
50k
200k
0
20166
![Page 7: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/7.jpg)
10/1
5
11/1
5
12/1
5
01/1
6
02/1
6
03/1
6
0
50k
100k
150k
200k
month
# of
hija
ck e
vent
s
Oct. Dec.
# of monthlyrouting hijacks
2015
Nov. Jan. Feb. March
150k
100k
50k
200k
0
2016
212k
176k
112k100k
119k137k
7
![Page 8: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/8.jpg)
Can routing attacks impact Bitcoin?
8
![Page 9: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/9.jpg)
Bitcoin is highly decentralized making it robust to routing attacks, in theory…
Bitcoin nodes …
are scattered all around the globe
establish random connections
use multihoming and extra relay networks
9
![Page 10: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/10.jpg)
In practice, Bitcoin is highly centralized,both from a routing and mining viewpoint
10
![Page 11: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/11.jpg)
11
<
0
40
100
1 30
80
60
20
20
# of hosting networks
cumulative % ofmining power
10
![Page 12: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/12.jpg)
1 5 10 15 20 25 300
20
40
60
80
100
# of ASes
cum
m. %
of h
ash
powe
r
<
0
40
100
1 30
80
60
20
20
# of hosting networks
cumulative % ofmining power
10
Mining power is centralized to few hosting networks
12
![Page 13: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/13.jpg)
1 5 10 15 20 25 300
20
40
60
80
100
# of ASes
cum
m. %
of h
ash
powe
r
<
0
100
1 30
68
# of hosting networks
cumulative % ofmining power
10
68% of the mining power is hosted in 10 networks only
13
![Page 14: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/14.jpg)
1 10 100 12220
20
40
60
80
100
# of ASes
cum
. %
connect
ions
inte
rcepte
d
<
0
100
1 10 1220
60
100
# of transit networks
cumulative % of connections
40
80
20
14
![Page 15: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/15.jpg)
1 10 100 12220
20
40
60
80
100
# of ASes
cum
. %
connect
ions
inte
rcepte
d
<
0
100
1 10 1220
60
100
# of transit networks
cumulative % of connections
Likewise, a few transit networks can intercepta large fraction of the Bitcoin connections
40
80
20
15
![Page 16: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/16.jpg)
1 10 100 12220
20
40
60
80
100
# of ASes
cum
. %
connect
ions
inte
rcepte
d
<
0
100
1 3 1220
# of transit networks
cumulative % of connections
3 transit networks see more than 60% of all connections
63
16
![Page 17: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/17.jpg)
Because of these characteristics two routing attacks practical and effective today
Partitioning Delay
Attack 1 Attack 2
Split the network in half Delay block propagation
17
![Page 18: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/18.jpg)
Each attack differs in terms of itsvisibility, impact, and targets
Partitioning Delay
Attack 1 Attack 2
visible
network-wide attack
invisible
targeted attack (set of nodes)
18
![Page 19: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/19.jpg)
Each attack differs in terms of itsvisibility, impact, and targets
Partitioning Delay
Attack 1 Attack 2
visible
network-wide attack
invisible
targeted attack (set of nodes)
19
![Page 20: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/20.jpg)
Routing Attacks on Cryptocurrencies
Hijacking Bitcoin
BGP & Bitcoin
Background
Partitioning attack
splitting the network
Delay attack
slowing the network down
Countermeasures
short-term & long-term
1
2
3
4
20
![Page 21: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/21.jpg)
BGP & Bitcoin
Background
Partitioning attack
splitting the network
Delay attack
slowing the network down
Countermeasures
short-term & long-term
1
Routing Attacks on Cryptocurrencies
Hijacking Bitcoin
21
![Page 22: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/22.jpg)
Bitcoin is a distributed network of nodes
A
B
C
D
E F
G
H
I
J
22
![Page 23: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/23.jpg)
Bitcoin nodes establish random connectionsbetween each other
A
B
C
D
E F
G
H
I
J
23
![Page 24: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/24.jpg)
Each node keeps a ledger of all transactions ever performed: “the blockchain”
Tx a1a53743
Tx b5x89433
Tx x5f78432
Tx h1t91267
… …
Tx x5f78432
Tx h1t91267
…
24
![Page 25: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/25.jpg)
Block #42 Block #43
prev: #41
Tx a1a53743
Tx b5x89433
Tx x5f78432
Tx h1t91267
prev: #42
… …
Block #44
Tx x5f78432
Tx h1t91267
prev: #42
…
25
The Blockchain is a chain of Blocks
![Page 26: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/26.jpg)
The Blockchain is extended by miners
Block #44
Tx z2v67542
Tx p6o74587
prev: #43
…
Block #42 Block #43
prev: #41
Tx a1a53743
Tx b5x89433
Tx x5f78432
Tx h1t91267
prev: #42
… …
26
![Page 27: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/27.jpg)
Miners are grouped in mining pools
mining pool
A
B
C
D
E F
G
H
I
J
miners
…
27
![Page 28: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/28.jpg)
Internet
Bitcoin connections are routed over the Internet
…
A
B
C
D
E F
G
H
I
J
28
![Page 29: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/29.jpg)
AS3
AS1AS7
AS4
AS8
AS2
AS6
AS5
The Internet is composed of Autonomous Systems (ASes). BGP computes the forwarding path across them
A
B
C
D
E F
G
H
I
J…
29
![Page 30: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/30.jpg)
AS3
AS1AS7
AS4
AS8
AS2
AS6
AS5
Bitcoin messages are propagated unencryptedand without any integrity guarantees
Tx
Tx
block
block
block
Tx
A
B
C
D
E F
G
H
I
J…
30
![Page 31: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/31.jpg)
BGP & Bitcoin
Background
Partitioning attack
splitting the network
Delay attack
slowing the network down
Countermeasures
short-term & long-term
2
Routing Attacks on Cryptocurrencies
Hijacking Bitcoin
31
![Page 32: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/32.jpg)
The goal of a partitioning attack is to split the Bitcoin network into two disjoint components
32
![Page 33: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/33.jpg)
Double spending
Revenue Loss
Denial of Service
33
The impact of such an attack is worrying
![Page 34: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/34.jpg)
Bitcoin clients and wallets cannot secure or propagate transactions
Double spending
Revenue Loss
Denial of Service
The impact of such an attack is worrying
34
![Page 35: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/35.jpg)
Blocks in component with less mining power are discarded
Double spending
Revenue Loss
Denial of Service
35
The impact of such an attack is worrying
![Page 36: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/36.jpg)
Transactions in components with less mining power can be reverted
Double spending
Revenue Loss
Denial of Service
36
The impact of such an attack is worrying
![Page 37: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/37.jpg)
How does the attack work?
37
![Page 38: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/38.jpg)
AS3
AS1AS7
AS4
A
B
C
D
E
G
H
I
J
AS2
AS6
AS5
Let’s say an attacker wants to partition the network into the left and right side
Attacker
F
38
![Page 39: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/39.jpg)
For doing so, the attacker will manipulate BGP routes to intercept any traffic to the nodes in the right
AS3
AS1AS7
AS4
A
B
C
D
E
G
H
I
J
AS2
AS6
AS5Attacker
F
39
![Page 40: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/40.jpg)
Attacker
Let us focus on node F
AS3
AS1AS7
AS4
A
B
C
D
E
G
H
I
J
AS2
AS6
AS5
F
40
![Page 41: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/41.jpg)
Attacker
F’s provider (AS6) is responsible for IP prefix
AS3
AS1AS7
AS4
A
B
C
D
E
G
H
I
J
AS2
AS6
AS5
F
82.0.0.1AS6
41
![Page 42: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/42.jpg)
AS3
AS1AS7
AS4AS2
AS5
AS6 will create a BGP advertisement
AS8
AS682.0.0.1
42
82.0.0.0/23
Path: 6
82.0.0.0/23
Path: 8 6 F
![Page 43: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/43.jpg)
AS3
AS1
AS4AS2
AS6’s advertisement is propagated AS-by-ASuntil all ASes in the Internet learn about it
AS6AS7
AS5AS8
82.0.0.1
AS1 AS6
43
82.0.0.0/23
Path: 7 6
82.0.0.0/23
Path: 8 6
F
![Page 44: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/44.jpg)
AS3
AS1
AS4AS2
AS6’s advertisement is propagated AS-by-ASuntil all ASes in the Internet learn about it
AS6AS7
AS5AS8
82.0.0.1
AS1 AS6
44
82.0.0.0/23
Path: 7 6
82.0.0.0/23
Path: 8 6
F
![Page 45: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/45.jpg)
BGP does not check the validity of advertisements,meaning any AS can announce any prefix
45
![Page 46: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/46.jpg)
Consider that the attacker advertises amore-specific prefix covering F’s IP address
AS3
AS1AS7
AS4AS2
AS5
82.0.0.0/23
Path: 6
AS6
82.0.0.0/24
Path: 8Attacker
82.0.0.1
46
F
![Page 47: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/47.jpg)
As IP routers prefer more-specific prefixes, the attacker route will be preferred
AS3
AS1AS7
AS4AS2
AS5
82.0.0.1
AS6
Attacker
47
82.0.0.0/24
Path: 8
82.0.0.0/23
Path: 6
![Page 48: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/48.jpg)
AS3
AS1
AS4AS2
AS6AS7
AS5
diverted IP traffic
Attacker
82.0.0.1
48
Traffic to node F is hijacked
F
![Page 49: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/49.jpg)
By hijacking the IP prefixes pertaining to the right nodes,the attacker can intercept all their connections
AS4
A
B
C
D
E
G
H
I
J
AS2
AS6
AS5
AS1
AS3
AS7
Attacker
F
49
![Page 50: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/50.jpg)
Once on-path, the attacker can drop all connections crossing the partition
AS3
AS1AS7
AS4
A
B
C
D
E
G
H
I
J
AS2
AS6
AS5Attacker
F
50
![Page 51: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/51.jpg)
The partition is created
AS3
AS1AS7
AS4
A
B
C
D
E
G
H
I
J
AS2
AS6
AS5Attacker
F
51
![Page 52: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/52.jpg)
Not all partition are feasible in practice:some connections cannot be intercepted
52
![Page 53: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/53.jpg)
Bitcoin connections established…
within a mining pool
within an AS
between mining pools with private agreements
cannot be hijacked (usually)
53
![Page 54: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/54.jpg)
Bitcoin connections established…
within a mining pool
within an AS
between mining pools
can be detected and located by the attacker
cannot be hijacked (usually)
enabling her to build a similar but feasible partition
but
54
![Page 55: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/55.jpg)
Theorem Given a set of nodes to disconnect from the network,
there exist a unique maximal subset that can be isolated
and that the attacker will isolate.
see paper for proof
55
![Page 56: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/56.jpg)
Practicality Time efficiency
Can it actually happen? How long does it take?
We evaluated the partition attack in terms ofpracticality and time efficiency
56
![Page 57: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/57.jpg)
Practicality Time efficiency
Can it actually happen?
We evaluated the partition attack in terms ofpracticality and time efficiency
57
![Page 58: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/58.jpg)
Splitting the mining power even to half can be doneby hijacking less than 100 prefixes
58
![Page 59: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/59.jpg)
Splitting the mining power even to half can be doneby hijacking less than 100 prefixes
negligible with respect to
routinely observed hijacks
59
![Page 60: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/60.jpg)
100
1k
10k
30k
month
max
# p
fxes
hija
cked
at o
nce
(log)
Oct. Dec.
max # of prefixeshijacked at once
2015
Nov. Jan. Feb. March
10k
1k
30k
100
2016
log scale
Hijacks involving up to 1k of prefixes are frequentlyseen in the Internet today
60
![Page 61: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/61.jpg)
Practicality Time efficiency
How long does it take?
We also evaluated the partition in terms oftime efficiency
61
![Page 62: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/62.jpg)
We measured the time required to perform a partition attack by attacking our own nodes
62
![Page 63: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/63.jpg)
ETH
Live Bitcoin
network
We hosted a few Bitcoin nodes at ETH and advertised a covering prefix via Amsterdam
Amsterdam
184.164.232.1-6
...
184.164.232.0/22
63
![Page 64: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/64.jpg)
ETH
Live Bitcoin
network
Initially, all the traffic to our nodes transits via Amsterdam
Amsterdam
184.164.232.1-6
...
bitcoin traffic
64
![Page 65: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/65.jpg)
ETH
Live Bitcoin
network
We hijacked our nodes
Amsterdam
184.164.232.1-6
...
bitcoin traffic
Cornell
184.164.232.0/23
65
![Page 66: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/66.jpg)
ETH
We measured the time required for a rogue AS to divert all the traffic to our nodes
Amsterdam
184.164.232.1-6
...
Cornell
divertedbitcoin traffic
66
![Page 67: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/67.jpg)
<
0 40 8060# seconds from start of hijack
20
0
100
60
40
80
20
cumulative % ofconnectionsintercepted
67
![Page 68: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/68.jpg)
Seconds from hijack until traffic is received
CD
F #
Con
nect
ions
0
20
40
60
80
100
0 10 20 30 40 50 60 70 80
<
0 40 8060# seconds from start of hijack
cumulative % ofconnectionsintercepted
20
0
100
60
40
80
20
It takes less than 2 minutes for the attackerto intercept all the connections
68
![Page 69: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/69.jpg)
Mitigating a hijack is a human-driven process,as such it often takes hours to be resolved
69
![Page 70: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/70.jpg)
It took Google close to 3h
to mitigate a large hijack in 2008 [6]
Mitigating a hijack is a human-driven process,as such it often takes hours to be resolved
(same hold for more recent hijacks)
70
![Page 71: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/71.jpg)
Routing Attacks on Cryptocurrencies
Hijacking Bitcoin
BGP & Bitcoin
Background
Partitioning attack
splitting the network
Delay attack
slowing the network down
Countermeasures
short-term & long-term
1
2
3
4
71
![Page 72: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/72.jpg)
The goal of a delay attack is to keep the victim uninformed of the latest Block
72
![Page 73: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/73.jpg)
The impact of delay attacks is worryingand depends on the victim
Regular node
Mining pool
Merchant
73
![Page 74: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/74.jpg)
susceptible to be the victimof double-spending attacks
Regular node
Mining pool
Merchant
The impact of delay attacks is worryingand depends on the victim
74
![Page 75: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/75.jpg)
waste their mining power bymining on an obsolete chain
The impact of delay attacks is worryingand depends on the victim
Regular node
Mining pool
Merchant
75
![Page 76: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/76.jpg)
unable to collaborate to the peer-to-peer network
The impact of delay attacks is worryingand depends on the victim
Regular node
Mining pool
Merchant
76
![Page 77: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/77.jpg)
Merchant
How does a delay attack work?
77
![Page 78: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/78.jpg)
tim
e
#
victimA B
Consider these three Bitcoin nodes
78
![Page 79: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/79.jpg)
#
victimattackerA B
An attacker wishes to delay the block propagationtowards the victim
tim
e
79
![Page 80: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/80.jpg)
INV Block #42
INV Block
INV Block
The victim receives two advertisement for the block
victimattackerA Bti
me
80
![Page 81: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/81.jpg)
INV Block #42
#
INV Block
INV Block
GET DATA Block
The victim requests the block to one of its peer, say A
victimattackerA Bti
me
81
![Page 82: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/82.jpg)
INV Block #42
#
INV Block
INV Block
GET DATA Block
As a MITM, the attacker could drop the GETDATA message
victimattackerA Bti
me
82
![Page 83: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/83.jpg)
INV Block #42
#
INV Block
INV Block
GET DATA Block
Similarly, the attacker could drop the delivery of the block message
BLOCK Block
victimattackerA Bti
me
83
![Page 84: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/84.jpg)
INV Block #42
#
INV Block
INV Block
GET DATA Block
BLOCK Block
victimattackerA Bti
me
Similarly, the attacker could drop the delivery of the block message
84
![Page 85: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/85.jpg)
INV Block #42
#
INV Block
INV Block
GET DATA Block
Yet, both cases will lead to the victim killing the connection (by the TCP stack on the victim)
DISCONNECT BLOCK Block
victimattackerA Bti
me
85
![Page 86: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/86.jpg)
INV Block #42
#
INV Block
INV Block
GET DATA Block
GET DATA Block
Instead, the attacker could intercept the GETDATA and modifies its content
victimattackerA Bti
me
86
![Page 87: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/87.jpg)
INV Block #42
BLOCK Block #30
#
INV Block
INV Block
GET DATA Block
GET DATA Block
BLOCK Block
By modifying the ID of the requested block,the attacker triggers the delivery of an older block
victimattackerA Bti
me
87
![Page 88: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/88.jpg)
INV Block #42
BLOCK Block #30
ignored
#
INV Block
INV Block
GET DATA Block
GET DATA Block
BLOCK Block
The delivery of an older block triggersno error message at the victim
victimattackerA Bti
me
88
![Page 89: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/89.jpg)
INV Block #42
BLOCK Block #30
ignored
#
INV Block
INV Block
GET DATA Block
GET DATA Block
BLOCK Block
up to
20 min
From there on, the victim will wait for 20 minutesfor the actual block to be delivered
victimattackerA Bti
me
89
![Page 90: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/90.jpg)
INV Block #42
BLOCK Block #30
ignored
#
INV Block
INV Block
GET DATA Block
GET DATA Block
BLOCK Block
GET DATA Tx
GET DATA Block
up to
20 min
To keep the connection alive, the attacker can trigger the block delivery by modifying another GETDATA message
victimattackerA Bti
me
90
![Page 91: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/91.jpg)
INV Block #42
BLOCK Block #30
ignored
#
INV Block
INV Block
GET DATA Block
GET DATA Block
BLOCK Block
GET DATA Tx
GET DATA Block
up to
20 min
Doing so, the block is delivered before the timeoutand the attack goes undetected (and could be resumed)
BLOCK Block
victimattackerA Bti
me
91
![Page 92: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/92.jpg)
Effectiveness Practicality
How much time does
the victim stay uniformed?
Is it likely to happen?
We evaluated the delay attack in terms ofeffectiveness and practicality
92
![Page 93: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/93.jpg)
MiTMVictim
y%x%
We performed the attackon a percentage of a node’s connections (*)
Live Bitcoin
network
(*) software available online: https://btc-hijack.ethz.ch/93
![Page 94: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/94.jpg)
94
The attacker can keep the victim uninformed for most of its uptime while staying under the radar
![Page 95: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/95.jpg)
even if the attacker intercepts
a fraction of the node connection
95
The attacker can keep the victim uninformed for most of its uptime while staying under the radar
![Page 96: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/96.jpg)
% intercepted connections 50%
96
![Page 97: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/97.jpg)
% intercepted connections
% time victim does not havethe most recent block
50%
63.2%
97
![Page 98: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/98.jpg)
% intercepted connections
% time victim does not havethe most recent block
% nodes vulnerable to attack 67.9%
50%
63.2%
The vast majority of the Bitcoin network is at risk
98
![Page 99: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/99.jpg)
Routing Attacks on Cryptocurrencies
Hijacking Bitcoin
BGP & Bitcoin
Background
Partitioning attack
splitting the network
Delay attack
slowing the network down
Countermeasures
short-term & long-term
1
2
3
4
99
![Page 100: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/100.jpg)
Both sort-term and long-term countermeasures exist
100
![Page 101: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/101.jpg)
Short-term Routing-aware peer selection
reduce risk of having one ISP seeing all connections
Monitor changes in peer behavior, statistics, etc.
abnormal changes could be the sign of a partition
101
Short-term countermeasures are simple shifts in the Bitcoin clients
![Page 102: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/102.jpg)
Long-term
Longer-term countermeasures provide more guaranteesbut require protocol or infrastructure changes
Use end-to-end encryption or MAC
prevent delay attacks (not partition attacks)
Deploy secure routing protocols
prevent partition attacks (not delay attacks)
102
![Page 103: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/103.jpg)
Routing Attacks on Cryptocurrencies
Hijacking Bitcoin
BGP & Bitcoin
Background
Partitioning attack
splitting the network
Delay attack
slowing the network down
Countermeasures
short-term & long-term
103
![Page 104: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/104.jpg)
Routing Attacks on Cryptocurrencies
Hijacking Bitcoin
Bitcoin is vulnerable to routing attacks
both at the network and at the node level
The potential impact on the currency is worrying
DoS, double spending, loss of revenues, etc.
Countermeasures exist (we’re working on it!)
some of which can be deployed today
104
![Page 105: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/105.jpg)
IEEE Security & Privacy
Maria Apostolaki
23 May 2017
ETH Zürich
Visit our website: https://btc-hijack.ethz.ch
Routing Attacks on Cryptocurrencies
Hijacking Bitcoin
105
![Page 106: Final SP btc › files › Final_SP_btc.pdf · 10/15 11/15 12/15 01/16 02/16 03/16 0 50k 100k 150k 200k month # of hijack events Oct. Dec. # of monthly routing hijacks 2015 Nov. Jan.](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21b5d6e1e3da4e4f0b86c3/html5/thumbnails/106.jpg)
Routing Attacks on Cryptocurrencies
Hijacking Bitcoin
Bitcoin is vulnerable to routing attacks
both at the network and at the node level
The potential impact on the currency is worrying
DoS, double spending, loss of revenues, etc.
Countermeasures exist (we’re working on it!)
some of which can be deployed today
106Visit our website: https://btc-hijack.ethz.ch