Page 32 - FIGI: Security Aspects of Distributed Ledger Technologies
P. 32

Norms for Routing Security (MANRS),  a commu-      spending attacks, waste mining power of other
                                               198
            nity initiative of network operators and Internet   miners. 203
            Exchange Points that creates a baseline of security
            expectations for routing security.                 Risks:
                                                               The attacker can exploit the victim for attacks on
            Specific Threat: Sybil Attack�                     bitcoin’s mining and consensus system, including
            In a Sybil attack the attacker controls or assumes   double spending, selfish mining, and adversarial
            multiple virtual identities or nodes which is also a   forks in the DL.
            fact unknown to the network, e.g. multiple nodes
            surrounding a target containing different, front facing   Mitigation and Recommendations:
            aliases of the attacker. On a blockchain network the   Mitigation procedures include the use of whitelisting
            attacker creates numerous fake identities to impact   procedures, diversify incoming connections instead
            how good nodes act or are prevented from acting.   of relying upon a limited number or the same IP
                                                               address, among multiple other mitigants. 204
            Risks:
            Can potentially result in an attempt to create a   8.3.5   Issue: Duplication of Transactions
            dominance/51% attack (and create double spending
            opportunities), prevent the relay of messages to the   Specific Threat: Double-Spending Attacks
            rest of the network; commit bad acts such as ‘spam-
            ming the network’ with controlled nodes to subvert   Dimensions Affected: Network, Consensus, Data
            the reputation system.                             Model
                                                               Blockchain technologies operate decentralized,
            Mitigation and Recommendations:                    distributed manner. Transactions are generated and
                                                               propagated throughout a network of validating
            •  Cost-based prevention, e.g. consensus algorithms   nodes, potentially global. Using a consensus mech-
               make it expensive to perpetrate a Sybil attack, e.g.   anism, a validator broadcasts to other validators its
               POW requires the attacker to own and provide    confirmation of the validity of a block of transactions,
               power to each alias or amount needed to stake to   which is relayed to other network nodes for reaching
               engage in voting or delegation of witnesses who   consensus on adding the block to the blockchain.
               validate transactions.                          The time it takes to perform this process creates a
            •  Use of a ‘mixing protocol’ such as Xim which is   vector for attacks on verification mechanisms.
               also a cost-based prevention mechanism.           This could include a ‘double-spending’ attack,
                                                   199
            •  Use of a reputation system  and/or validation   which occurs when an attacker uses or ‘spends’ the
                                        200
               techniques such as a lookup at a central author-  same  digital  currency  or  tokens  for  multiple  trans-
               ity or trust gained from experience such as prior   actions.  On many blockchain systems, especial-
                                                                      205
               interaction.                                    ly POW-based blockchains, a transaction does not
                                                               complete and finalize in real time but only after a cer-
            Specific Threat: Eclipse Attack                    tain duration. A transaction is submitted and propa-
            When an attacker is able to control a sufficient number   gated to nodes across a network, potentially distant,
            of nodes surrounding the target and prevents it from   which process, confirming, reach consensus and add
            being sufficiently connected (ingoing and outgoing)   a new transaction to the blockchain. An attacker can
            to the network (such as being eclipsed from being   exploit this intermediate time 206
            seen by the sun.)  The use of botnets can increase   These threats may follow from one or more of the
                            201
            success rate.                                      following attack types:
                       202
            Vulnerability:                                     •  Race: An attacker makes a purchase from a mer-
            This attack may allow an adversary controlling a     chant who accepts unconfirmed transactions and
            sufficient number of IP addresses to monopolize      ships goods immediately upon or shortly after
            all connections to and from a victim bitcoin node.   seeing the transaction occur. Concurrently, the
            This attack can potentially trigger a 51%/dominance   attacker submits a second double spend trans-
            vulnerability, cause repercussions similar to DDoS   action to the network which results in a race for
            attacks, shield the node from view of the blockchain   the second transaction to be confirmed before the
            and cause inconsistencies and potential for double   first or the second transaction to be confirmed in



           30    Security Aspects of Distributed Ledger Technologies
   27   28   29   30   31   32   33   34   35   36   37