Security threats and countermeasures on the Blockchain Network
Introduction
On January 3rd 2009, unknown to most of the world, an important and definitive event happened in cyberspace, the first block — the “Genesis block” of the popular cryptocurrency Bitcoin was mined and recorded. Bitcoin was the result of a peer to peer electronic cash system which was purposed by Satoshi Nakamoto a few months earlier. The paper described the workings of a distributed, de-centralized network of nodes connected together to verify, confirm and record transactions. Since then, this technology known as the Blockchain Network or simply Blockchain has revolutionized the way in which Value and Trust are considered over a non-trusted medium such as the internet. Over the last decade, Blockchain has been overshadowed by cryptocurrencies such as Bitcoin, however Bitcoin is just one of the many possible implementations of Blockchain and it’s true potential remains largely underestimated and untested.
Value, Trust and Reliability are concepts core to a Blockchain. Value allows for a digital asset to be transferred directly over the internet with the primary goal of disintermediation. Without an intermediary trusted party, trust in a Blockchain is built by creating a chronological, immutable, secure and permanent ledger record of all transactions which have taken place on the network. The decentralized nature of the network ensures there is no single point of failure hence providing for increased Reliability.
Blockchain
A Blockchain is a constantly growing ledger that keeps a permanent record of all the transactions which have taken place, in a secure, chronological and immutable way. Blockchain utilizes cryptographic techniques to ensure data storage is immutable. The nodes in a Blockchain network are de-centralized, distributed and utilize a number of different algorithms to reach consensus. The nodes are rewarded for their participation in solving cryptographic problems to store transaction data in a secure and immutable way.
Blockchain Generations
Blockchain 1.0 provides the foundational technologies that make Digital Currency possible. The technology includes the underlying functionality i.e. mining, hashing and the distributed ledger, the overlying protocols for transactions to take place, and the digital currency like Bitcoin.
Blockchain 2.0 looks beyond just cryptocurrencies to take into account the functionality needed to enable a Digital Economy. Blockchain 1.0 introduced value to the internet and a means of peer to peer transfer of value over a non-trusted medium. Blockchain 2.0 encompasses the much wider implications of this technology in the fields of financial services, real estate and supply chain to name a few. A physical asset is now attached to a Blockchain transaction. It introduces the idea of smart contracts in which a number of different entities can participate in a contract akin to the physical world however controlled by a software program. These entities can exchange information and make payments according to the terms and conditions of the smart contract.
Blockchain 3.0 is a step up from the previous two generations as it endeavors to take Blockchain beyond cryptocurrencies, financial services and other economic activities. Blockchain 3.0 aims to establish a Digital Society through smart cities, large scale data management and establishment of individual digital identities. When integrated with the Internet of Things (IoT), Blockchain can help augment the peer to peer IoT network by providing a distributed and de-centralized data processing and storage network while maintaining a certain level of anonymity. Leveraging Blockchain 3.0, Machine to Machine (M2M) networks are made possible.
The Blockchain Layered Architecture
The layered architecture of Blockchain spans all three generations of Blockchain technology.
Application Layer is responsible for delivering the final Blockchain service to end users. These applications can be on mobile, desktop or on the web. Blockchain 1.0 focuses on Cryptocurrency applications which primarily are wallets. Blockchain 2.0 on wards these applications can take a number of different flavors instead of being limited to just wallets.
Contract Layer is the layer on which smart contracts are built as part of Blockchain 2.0. This layer is responsible for building the Decentralized Autonomous Organization (DAO).
Incentive Layer The Incentive Layer is responsible for providing incentives to miners who spend computing power to solve cryptography challenges in the Blockchain. The incentive layer thus introduces new units of cryptocurrency through a reward mechanism.
Consensus Layer provides a solution to the Byzantine Generals Problem (BGP). The difficulty in obtaining consensus among a mixture of honest and dishonest nodes is solved at this layer. Consensus algorithms like Proof of Work (PoW) in Blockchain 1.0 and Proof of Stake (PoS) in Blockchain 2.0 are implemented at this layer.
Network Layer consists of the decentralized and peer to peer connected network nodes. This layer is also responsible for the data transmission protocols for communication between these nodes. The nodes on the network treat the longest chain of blocks as the correct one.
Data Layer defines the Data Structures needed to maintain and operate a successful Blockchain network. The data layer is where data storage and retrieval happen. The Blockchain is a continuous chain of Blocks. The Blocks are linked together with the cryptographic hash values. The Nth block calculates its hash based on the N-1 block, a nonce, and the data present in the Nth block among other factors. This linkage of blocks ensures that immutability is maintained as any change of data in the Nth block breaks the chain of all blocks ahead of it. Data storage and retrieval methods are also defined in this layer. Merkle trees are hash trees which allow for efficient verification and validation of the contents of enormous data structures without the need to download the entire datasets.
Threats and Countermeasures
Application Layer
One of the popular applications which provide users an interface to Blockchain network are cryptocurrency wallets. A wallet, allows a user to store and manage digital currency. A cryptocurrency wallet also provides an address on which a user can receive Cryptocurrencies.
Wallets are classified based on the location used to store the private keys. The wallet types described are Mobile, Desktop, Online or a Hardware device. Wallets can also be of different types like Bitcoin core, Simplified Payment verification (SPV) wallets and a Bank or Exchange wallet.
In Bitcoin core, the user can verify the software release corresponds to the source package. The user also controls their private keys. In a Bank or Exchange wallet, the control of the users’ private keys lies with the Exchange.
A Simplified Payment verification (SPV) wallet, the users control the private key however the users do not have any mechanism to verify the software.
Desktop wallets are based on Bitcoin core as Bitcoin core requires increased disc space to store the Blockchain transaction data. Mobile wallets utilize the SPV functionality. Bank and Exchange wallets are normally online. Hardware wallets provide for a cold offline storage of cryptocurrencies.
Threats
Malicious software: Malicious software can infect the mobile or desktop device, as a result of which private keys can be stolen. Private key compromise leads to a drastic lapse in security. Mobile and Desktop wallets are at greatest risk from this threat.
Ransomware: A ransomware is a piece of malware which encrypts the files on the devices’ hard drive. What is ironic is that, ransomware writers follow up with a demand for a ransom in cryptocurrency to decrypt the files. Desktop wallets are most likely to be impacted by ransomware.
Lost devices: Lost mobile phones, desktops, laptops and hardware devices can result in unauthorized access to cryptocurrency wallets. All types of wallets, Mobile, Desktop, Online and Hardware are susceptible.
Software bugs in the application: Software bugs in the application algorithms can lead to loss of cryptocurrency. Bank and Exchange wallets are at greatest risk.
Bait and Switch attack: This occurs when a Bank or Exchange pushes out new code to the end users in an attempt to steal their cryptocurrency. SPV wallets and Bank/Exchange wallets are at risk.
Countermeasures
Malicious software and Ransomware: The countermeasures are synonymous with protecting mobile and desktop devices. Users should ensure that wallet applications are downloaded from legitimate sources like the Apple Store or Google Play. The mobile device should not be Jailbroken or rooted as this further increases the chances of them getting infected by malware. Host hardening, running software under minimum privileges, being aware of social engineering attacks assist in maintaining device security.
Lost devices: Protecting the devices with a strong password can ensure that devices are hard to break into. Mobile devices can also be configured to ensure device data can be erased after a number of unsuccessful password attempts. Devices including mobile present the users the option to perform a remote wipe.
Software bugs in the application: In Bitcoin core the user can verify the software release corresponds to the source package and hence can prevent malicious differences between the source and the release binary. SPV wallets are also a good countermeasure. Bank and Exchange wallets are not recommended to be used. A classic example is the fall of the popular cryptocurrency exchange Mt. Gox which lost 650 thousand Bitcoins. It was claimed a software algorithm was the cause of failure.
Bait and Switch attack: SPV and Bank/Exchange wallets are susceptible to this attack. The only real countermeasure is to use a Bitcoin core wallet.
In summary, information security on a system and specifically the Blockchain network is a balance between convenience and the risk appetite of the user.
Mobile wallet applications present the highest risk, followed by Online. Desktop wallet applications are more secure compared to Mobile and Online. Hardware devices are the most secure of the four.
Wallets based on Bitcoin core are the most secure, however these wallets need high disk storage capacity and hence are not suited for Mobile devices. Mobile wallets are based on SPV. Bank and Exchange wallets are the riskiest of all categories.
Contract Layer
The Contract Layer introduces the concept of smart contracts as part of Blockchain 2.0. Smart contracts are software programs which can be executed among a network of distributed and de-centralized nodes without the need of a central and external third party. Ethereum, built on the programming language Solidity, is one of the popular and common ways to build and execute smart contracts. The threats and countermeasures at the Contract Layer are closely related to the security issues around building and deploying Ethereum smart contracts.
Threats
Ether lost in transfer: In the Ethereum implementation of Blockchain, when ether needs to be sent, a recipient address needs to be specified. If the recipient address is an orphan address, i.e. the address is not associated with any users, and Ether is sent to it, the Ether is lost and is unrecoverable.
Immutable bugs: After a smart contract is published on the Ethereum Blockchain it cannot be altered. The users trust in case the contract implements their intended functionality then the contract will work as expected on runtime.The disadvantage of this approach is, in case the smart contract contains a programming error there is no easy way to patch fix the code. This immutability of bugs can be used to carry out a number of unrecoverable attacks like stolen Ether, and Ether which is non-redeemable.
Countermeasures
Ether lost in transfer: Software programmers need to manually ensure the correctness of the recipient addresses.
Immutable bugs: The countermeasure to the discovery of immutable bugs is to consider a hard fork in the Blockchain. A hard fork can completely null out the effect of the transactions included in the attack.
Incentive Layer
In a Blockchain network, the constituent nodes help to verify, confirm and record transactions. This is achieved by solving a cryptography challenge presented to the node in the Blockchain. Solving cryptography challenges requires computing power, which in turn needs electricity. These computing and power resources are equivalent to a real cost which is normally payed by the node users in Fiat currency. For the participating nodes to participate with honesty in the Blockchain Network, a motivation should exist. The motivation is the incentive and reward mechanism which is handled solely at the Incentive Layer. The nodes performance is usually directly proportional to its computing power which is also termed as hashing power or hash rate. Greater the hash rate a node processes, the more likely it is, to be eligible for a reward via the incentive mechanism.
The common type of attacks at the incentive layer will thus pertain to nodes or a group of nodes launching an attempt to cheat the system by accumulating a reward which is out of turn of their spent hashing power.
Threats
Selfish mining: Selfish mining is not exactly an attack. Selfish mining can be considered a strategy for miner nodes, who want to optimize their mining strategy by gaining the maximum reward. Mining strategy optimization is not wrong in itself and selfish mining is maximizing the reward earned by the nodes in a way that hurts the other miners and their peers.
In a Proof of Work (PoW) Blockchain, the chain can have natural forks. Forks are inevitable in a Blockchain and can happen when the mining rules change or two miners release their Blocks at approximately the same time resulting in other miners picking up two different sets of Blocks. In a Blockchain forks are resolved by applying the Longest Chain Rule in which miners attach their Blocks to the longest chain. At the beginning of a fork, when chain lengths are the same, the First Seen Rule is applied in which the Block seen first is chosen.
Selfish mining happens when miner nodes apply a strategy which is more profitable than the Longest Chain Rule and First Seen Rule. Depending upon the hash rate and network connectivity speed of the miner node, the strategy involves timing and withholding Blocks from the other miners. This allows to build a fork in secret by not releasing Blocks to the network. Depending upon the progress of the official Blockchain propagated by the other miners, a decision is made whether to release the Blocks or not. This results in honest miners in wasting computational power on a stale set of Blocks which will not be accepted into the Blockchain. Once the secret fork is released, a relatively higher reward is received due to the wasted efforts of other nodes.
Block-withholding (BWH) and Fork-after-withholding (FAW) attack: Both these attacks can be seen as a continuation of selfish mining. In a Block-withholding (BWH) attack, the submission of the Block is withheld and delayed permanently i.e. the Block is not submitted at all. A Fork-after withholding (FAW) attack delays the withheld Block until its submission will cause a fork in the Blockchain.
In BWH and FAW the target is usually a pool of miners. The attacker targets this victim pool while having a different incentive channel in the main pool. In the main pool, the attacker does not participate in incentive sharing and behaves according to the protocols of the Blockchain. In the victim pool, the attacker does not undertake in any contributions to the pool (holds back Blocks). The attacker continues pretends to contribute and also shares the Block reward in the event of other pool miners successfully mining a Block.
Countermeasures
Selfish mining: Selfish mining is a constant and ever evolving threat to Blockchain networks. On a Blockchain network, hash rates are changing and also network conditions. These two input variables have the greatest impact on selfish mining. A stochastic model based on the Markov chain can be implemented as a countermeasure to selfish mining in Blockchain Networks. A model is build by considering three mining pools out of which two are dishonest. A Finite State Machine (FSM) is created first to present a steady state and perform transient analysis of profitable mining thresholds among the three pools. A set of Markov chain models is then established to characterize the transition states. From this the minimum hash rate threshold is calculated. Based on this calculations can be made to when selfish mining becomes profitable.
Block-withholding (BWH) and Fork-after-withholding (FAW) attack: A method of silent time stamping is implemented to improve the mining pool security of a Blockchain. This method involves the mining pool manager to implement silent time stamping which forces the correct ordering of shares and Blocks. By implementing silent time stamping, shares or Blocks found earlier compared to another share or Block need to be submitted earlier in order to retain its validity.
If the nodes are undertaking submission based on the order of their findings, both the BWH attack and FAW attack are prevented. Silent time stamping is called “silent” as it requires no Blockchain network changes. No changes are required in the mining implementation. Silent time stamping requires an increase of the input nonce selection. The mining pool manager verifies the nonce input by comparing the nonce of the submitted share with the nonce of the previously submitted share. This prevents the FAW attack altogether as the Blocks which have been withheld cannot retain their validity with the ongoing shares.
Consensus Layer
One of the key strengths of a Blockchain network is the decentralized nature of building and verifying transactions. There are a number of different consensus protocols. The consensus protocols help solve the Byzantine Generals Problem and establish consensus in a network consisting of dishonest nodes. One of the earliest consensus protocols was the Proof of Work (PoW).
In POW, all nodes solve a cryptographic puzzle to verify transactions in a Block and add the Block to the Blockchain. The nodes solving the puzzle are called miners. The first node to solve the puzzle gets the miner reward (Incentive Layer). Before the miner can receive the reward, all nodes must collectively agree on the validity of the Block. The speed at which miner nodes are solving the cryptographic challenges is called the hash rate.
The hash rate is directly in proportion to the computing power possessed by the miners. To achieve a higher hash rate, group of miners can come together to form a mining pool and the miner reward gets divided among the members of the pool.
Threats
51% attack: or a majority attack can occur when one single entity on a Blockchain network attains more than 50% of the hashing power. This entity now has the potential to overwhelm all the other participants in the Blockchain. This single entity can now solve the cryptographic puzzle needed to verify transactions in a Block and add the Block to the network faster than the rest of the participants. This does not pose a problem as long as the entity has honest intentions. In the case an attacker attains 51% power or the entity is dishonest, it can hijack the entire Blockchain network by finishing PoW faster as compared to the rest of the network. This breaks down the very tenets on which Blockchain is based. This single entity can now act as a central authority and can stop new transactions getting confirmed, reverse and manipulate transactions.
Sybil attack: is an attack in which a single person or entity tries to take over the network by creating and running multiple nodes on a Blockchain network. Attackers can outnumber the honest nodes on the network and can then launch a 51% attack.
Countermeasures
51% attack: A “two-phase PoW” approach is suggested. In this approach the Proof of Work (PoW) is divided into two phases. The first phase is similar to the normal Proof of Work (PoW) in a Blockchain. The miners then solve a second cryptographic puzzle. The second puzzle is to sign the Block with the private key that controls the payment address. The Private key signing prevents pool operators to admit dishonest miners or outsource mining to untrustworthy third parties. Random mining pool selection divides the pool of miners into groups and the opportunity to mine is given to a randomly selected group. The random selection is made as follows; A node identifies its mining group by presenting a hash of its public key (wallet address). Once a Block is mined, its hash value is used with the previously calculated hash to determine the mining group responsible to mine the next Block.
Sybil attack: Blockchain networks can thwart Sybil attacks by implementing strong consensus protocols. Proof of Work (PoW) is one such protocol which has been discussed at the Consensus Layer. Another consensus protocol is the Proof of Stake (PoS). Proof of Stake (PoS) is built on the concept that letting everyone compete for mining is just wasteful. In PoS, an election process is used in which one node is randomly chosen to validate the next Block. PoS has no miners, just validators. To become a validator, a node has to deposit a certain amount of cryptocurrency into the Blockchain network and this is known as “stake”. Greater the size of the stake, greater is the probability of the node to be chosen as a validator for the next Block. PoS hence moves away from the computing power centric PoW consensus protocol.
Network Layer
A Blockchain network consists of a number of de-centralized, distributed, peer to peer connected nodes. Analyzing the threats on the higher layers has shown that the Blockchain network is secure as long as the majority i.e. 51% of the nodes are honest and mining pools do not mine selfishly. The Blockchain network also relies on all nodes seeing the recently mined valid Blocks and this ensures that the participating nodes work on the latest copy of the Blockchain which complies with the Longest Chain Rule. When forks occur in the Blockchain, and forks are inevitable, the First Seen Rule is applied. Blockchain relies heavily on the Peer to Peer (P2P) network to distribute this information to the nodes. If the P2P network can be controlled, the flow of information can be controlled and so can the Blockchain. An attack on the P2P network can thus be used to subvert Blockchain security.
Threats
Eclipse attack: A Blockchain P2P consists of a number of network nodes. These nodes make a number of incoming and outgoing TCP connections to the other nodes. These connections are used to form the P2P gossip network to propagate information about Blocks. In an eclipse attack, an attacker gains control over the node’s access to information on the P2P. If a node makes all of its outgoing connections to nodes which conspire against it, they can prevent the node knowing the correct state of the Blockchain network and also transmit falsified data to the node. An eclipse attack is carried out by manipulating the victim node. The attacker fills the nodes peer tables with the attacker IP addresses. When the next time the node restarts, which can be due to a number of reasons like regular maintenance in the form of security and software updates, the node loses its current outgoing connections. A restart of the node can also be orchestrated by exploiting known vulnerabilities on the node. After the restart the victim node will only make connections to the attacker IP addresses.
Utilizing an Eclipse attack, an attacker can launch a 51% attack with less than 51% of computing power. This is done by partitioning the network in such a way the node under attack and the rest of the network cannot build on each other’s Blocks. Once the Network is partitioned the attacker can now have more than half of the computing power in the partitioned network whereas its computing power was less than half if the network was combined. The attacker out-competes each partitioned network group. An eclipse attack further assists in performing selfish-mining.
Countermeasures
Eclipse attack: A P2P node stores IP addresses in two tables. The New Table contains IP addresses the node has heard about but not connected to. The Tried Table contains IP addresses the node has connected to. Each IP address is also timestamped.
In the Tried Table, the time stamp is the time the node last connected to its peer. The IP selection for outgoing connections is also biased towards fresher IP addresses.
A quick countermeasure involves hashing the IP addresses in the Tried Table. The IP address is divided into two parts depending upon its subnet mask. The network identifier hash is further stored into four different buckets within the Tried Table. The host identifier is then stored in one of the four buckets. This method known as hash-by-group makes the eclipse attack a lot harder as now many more IPs are needed in different groups.
The vulnerability in IP selection bias allows the attacker greater chance to have the attacker IPs selected if they are of a fresher timestamp. This vulnerability can be overcome by utilizing a random selection criterion with no bias towards fresher timestamps.
Data Layer
The Data Layer is responsible for the storage of Blockchain transactions in an immutable, chronological order. The National Institute of Standards and Technology (NIST) defines a transaction as an interaction between parties. The nature of the transaction may differ according to the implementation of Blockchain. NIST categorizes Blockchains into two categories Permission-less, and Permission-ed. Both these categories are based on the decentralized ledger technology.
Permission-less Blockchains are open to all and anyone. Participating users and nodes do not need permission from a central authority before participating in the Blockchain. All users and nodes can read and write from the Blockchain. On the contrary a Permission-ed Blockchain, users need permission from a central authority before participating. Access to read or write to the Blockchain can also be restricted for certain users.
Threats
Permission-less Blockchains are the de facto standard in Blockchain. The paper presented by Satoshi Nakamoto suggests the public keys in a Blockchain to be kept anonymous. In a Blockchain the end users have addresses. These addresses are used to send and receive transactions. The addresses are generated by taking a cryptographic hash of the public key. A Cryptographic wallet (Application Layer) can consist of a number of addresses.
Dust attacks: A Blockchain does not provide complete anonymity to users. Although it is not always easy to find the identity behind each address, all transactions in a Permission-less Blockchain are publicly recorded and open for anyone to see. A Permission-less Blockchain thus allows for pseudo-anonymity.
A dust attack analyses Blockchain transactions to de-anonymize users. An attempt is made to compromise the privacy of Blockchain users by sending Dust transactions to the users. The term Dust refers to a tiny amount of coins. In the terms of Bitcoin (BTC) the smallest unit is Satoshi and 1 BTC = 10,000,000 Satoshi. A Dust in this case will be between 1 Satoshi to a few thousand Satoshi. These transactions are so small that most users will not even notice.
The first step of a dust attack is to send dust transactions to a large number of targets.
In the next step the attackers track down those funds and perform a combined analysis to evaluate which addresses belong to the same cryptocurrency wallet. The final goal is to link the dusted wallets to their respective companies or individual users. Once the wallets are successfully identified the attackers follow this up with either phishing attacks or ransomware.
Another disadvantage of Dust attacks on the Data Layer is the increase in Block space usage. The Dust transactions are now stored on each and every Block distributed across the network. Dust attacks in a Blockchain network can lead to increased confirmation times (Consensus Layer) and block the network by acting as a Denial of Service (DOS) agent (Network Layer).
Countermeasures
Do not move any of the dusted funds received. The attackers rely on combined analysis of multiple address to identify patterns in order to de-anonymize wallets. If the funds are not moved, it is not possible to make the connections needed for de-anonymization.
The NIST overview on Blockchain technology mentions how on a Blockchain network it is possible to have multiple public facing addresses generated from the public key of different asymmetric key pairs. If a brand new address is created for every receiving transaction, it will help in protecting the user from Dust attacks.
In an Anti-Dust attack model, the algorithm first establishes a baseline of the Blockchain activity. Next transaction and period models are created. A cycle model is also created which tracks the transactions over variables such as block difficulty and cryptocurrency prices.
Next the historical Blockchain data is extracted to a Big Data platform to learn the rules of Blockchain trading. Now the rules are added to the Anti-Dust algorithm, it utilizes the historical transaction information to assist in identification of present transactions. A dust transaction pool is added to the Blockchain architecture. The dust transaction pool will store the discarded Dust transactions identified by the Anti-Dust algorithm. In case the transaction is identified as a legitimate transaction, the transaction is moved from the Dust pool to the normal transaction pool.
