Page 31 - FIGI: Security Aspects of Distributed Ledger Technologies
P. 31
Risks: 8.3.4 Issue: Fraudulent Allocation of Data
There is a possibility that an oracle may misinterpret
data sent from a source leading to an unintended Dimensions Affected: Network, Consensus, Data
result or interpretation. Or a hack may intentional- Model
ly provide bad oracle data that could impact block- There are 3 threats enumerated below for this issue.
chain nodes and open vulnerabilities to attack.
Specific Threat: Routing attack
Mitigation and Recommendations: Routing attacks often direct traffic to areas desired
194
Where possible, use trusted oracle solutions. The by the hacker. One attack consists of two stages
following are oracles designed as trusted interme- where the attacker first (i) isolates nodes from the
diaries connecting DLTs and blockchains to external network by redirecting them to an area the attacker
data. controls (partition the network so one set of nodes
has no visibility of the others; and, (ii) within their
• Oraclize (now known as ‘Provable’)” Provides own universe, creates their own chains) and delay
174
integration of different types of data and uses the propagation of messages across the network.
195
‘authenticity proofs’: ‘a cryptographic guarantee It can have a variety of different consequences,
proving that such data (or result) was not tam- one notable example being the deliberate waste/
pered with.’ Oraclize is trying to integrate into consumption of the power of mining pools which are
175
an existing standard and you can specify a type of redirected to mine a network area controlled by the
authenticity proof from Oraclize that a data source hijacker which ultimately proves to be perform work
is sending out a signature as an authenticity proof which they will not receive compensation.
196
(which is provided by existing data sources in their
API and this is easier to do directly on: chain.) It Specific Threat: Border Gateway Protocol (BGP)
uses ‘TLSNotary’ proofs. (See also Qualcomm attack�
176
TEE, Samsung Knox, Google SafetyNet, Border Gateway Protocol (BGP) is used to direct
178
177
179
AWS Sandbox, Intel SGX, Android Trusty. ) traffic across the Internet as networks use BGP to
182
181
180
• Augur: A decentralized oracle and permission- exchange “reachability information.” A BGP attack
183
less prediction market protocol on the Ethereum occurs when an attacker disguises itself as another
blockchain which uses Ethereum for trading and network by announcing network prefixes belonging
184
provides Augur’s Reputation token to report the to another network as if those prefixes are theirs.
outcome of events.
• Chainlink: A decentralized Oracle network Risks:
185
which provides data feed in exchange for their Can potentially result an attempt to create a domi-
‘LINK’ tokens. ‘The Chainlink network provides nance/51% attack (and create double spending
reliable tamper: proof inputs and outputs for com- opportunities), prevent the relay of messages to the
plex smart contracts on any blockchain.’ rest of the network; commit bad acts such as ‘spam-
• Town Crier: A project launched by Cornell Uni- ming the network’ with controlled nodes to subvert
versity which utilizes Intel SGX (Software Guard the reputation system.
Extensions). 186
• Aeternity: A decentralized oracle (which uses Vulnerability:
187
state channels) in the form of ‘complex smart: Once another network accepts the route, this distorts
188
contracts on the Ethereum network that users the “roadmap” of the Internet and traffic is forward-
can use to create markets and select oracles. The ed to the attacker instead of its legitimate destina-
consensus building process for finalizing an oracle tion. For example, in the MyEtherWallet attack, traf-
response is quite interesting and involves the stak- fic went to the attacker instead of to Amazon. Other
ing of Augur’s native ERC-20 token called REP impacted crypto-currencies included Bitcoin, Doge-
(‘reputation’).’ 189 coin, HoboNickels, and Worldcoin and impacted traf-
• Rlay: A newer decentralized infrastructure pro- fic on large ISPs and networks and hosting compa-
190
tocol which uses a ‘Proof: of: Coherence’ consen- nies including Amazon, Digital Ocean and OVH.
sus mechanism. 191
• Gnosis: A market prediction oracle. 192 Mitigation and Recommendations:
• ShapeShift AG: Trusted Agent Blockchain Ora- The overall threat level has been diagnosed as mini-
cle. 193 mal and can be mitigated. Use of Mutually Agreed
197
Security Aspects of Distributed Ledger Technologies 29
