Month: April 2018

Unknown Risks of Blockchain Security

Unknown Risks of Blockchain Security

Satoshi Nakamoto’s “White Paper”

Satoshi Nakamoto’s “white paper”, Bitcoin: A Peer-to-Peer Electronic Cash System, had given rise to a series of heated discussions on cryptocurrency and blockchain.

This white paper was first sent via e-mail to an obscure cryptography Email loop on November 1st, 2008, and [email protected] was the address of the very sender. And shortly afterwards, on January 3rd, 2009, Nakamoto mined first 50 bitcoins from his own computer and inscribed a short message which read, “The Times 03/Jan/2009 Chancellor on brink of second bailout for banks.” in the “genesis block”.

At that time, Alistair Maclean Darling, Chancellor of the Exchequer was under the obligation of taking a second bail-out for banks. And this short massage soon made the headline of The Times of London. That’s how the first blockchain came into being. And the social event was recorded and preserved forever, thanks to the timestamp service powered by blockchain and its proof of existence.

The exchange rate of Bitcoin first appeared on October 5th, 2009, with 1309.03 Bitcoins for one dollar. In a decade, the value of one Bitcoin had moved up to an appalling $10,000. At its peak in 2017, the value of Bitcoin reached a record high – $ 20,000! That means the total value of the 21 million Bitcoin could be worth some 420 billion dollars and if we take alternative coins into account, we may find that the net worth of cryptocurrency market could reach a trillion dollars. The impact of Bitcoin is so huge that many of us have come to realise Hayek’s theory may be correct and that science and technology can go beyond national borders as well as governments, bringing us a “denationalised money” that will soon change human lives.

Nowadays very few of us would turn to Satoshi Nakamoto’s white paper any longer because the soaring monetary value of Bitcoins have grabbed everybody’s attention. Nine-page white paper is nothing but a technical proposal in which he tried to figure out if we can make his ideal “coin” a reality. However, there is something deeper, something more essential lying in the white paper. There’s something that goes beyond software technology: could we fully achieve the “decentralisation” process of Bitcoin? Has it really been developed into a self-governing system? Are there any flaws in Satoshi’s white paper and if there are, what are they? Is it possible that Satoshi had discovered these flaws but then neglected them on purpose?

Decentralisation brings justice for the majority

Abstract: A purely peer-to-peer technology of electronic cash system would allow online payments to be sent directly from one party to another without going through any financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem by adding on timestamps while using peer-to-peer network. The network timestamps transact by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed unless recoding the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proves that it came from the largest pool of CPU power. As long as a majority of CPU powers are not cooperating to attack the network, they’ll generate the longest chain and outpace attackers. The network itself requires minimum infrastructure (should be described). Messages spread on a best effort basis, and nodes can leave and return to the network any time., The longest proof-of-work chain could be the record of what happened while they were gone.

If we closely read Satoshi’s white paper, we may find that “decentralisation” can be put in much simpler words, such as “justice for the majority”. And the best description of it’s key concept is “consensus”.

Satoshi proposed to build a “decentralised peer-peer payment system which can prevent double-spending” with no central servers (intermediaries). But here comes the question: how can we record everything in a ledger? And here’s the solution: using cryptography to prevent centralisation of servers and intermediaries.

When transaction occurs (including double-spending), we can always detect its relevant time-sequence. A single peer cannot work on two transactions the same time. So, Bitcoin system has timestamp-based hash functions to produce a number of chains that are closely related to one another. And then a linked chain using hash pointers to record the spending has been created. We call this data structure “blockchain”.

To prevent double-spending, we have to prove the availability and effectiveness of one chain and include this chain into transaction system. Thus other chains become invalid and out of forces.

There is only one way to prove the availability of one chain and decentralise: make all users involve and testify “justice for the majority”.

Proof Of Work Consensus Algorithm would determine who are “the majority”. The decision made by majorities would be set up into the longest chain. A block would spare new transactions to all peer-to-peer nodes and those nodes which received the messages would start confirming and accepting. Only the new transactions included in the very block can be accepted by other nodes.

After verifying the transaction, the node would not accept messages sent out by other blocks from other nodes. Meantime, this node would stop repeating the calculation on the same transaction over and over again. Then, Calculation on new transaction blocks will begin. Thus new chains are formed.

It is possible that more than one node would simultaneously record the same chain (forks) after receiving the transaction spare to them. The tie would be broken after the next proof came to be done. Finally, there would certainly be an ultimate chain that was accepted by all. In fact, blockchain is a process of dividing and regrouping.

Thus we replace intermediaries with consensus mechanism. Now think about it: what could happen under extreme circumstances?

Brainstorming a catastrophe

Let us image a disaster that might occur:

Some day in year 2018, 15:30 in the afternoon. All of a sudden, China’s optic cable service broken down and outbound internet had been blocked. However, the global Bitcoin system work as usual. Bitcoin mining and Bitcoin transaction remained unaffected. The only difference is that China’s disconnected Bitcoin system had been split away from the global network.

17: 40: Two hours later, the problem with cables was settled and connection with outside world restored.

During the past two hours, the hashing power in China had formed a chain that was independent from the previous chain. According to our discussion about consensus Algorithm, we know that stronger chains would naturally out-compete weaker chains; and we would have to waive the transactions in weak, obsolete chains. In the meantime, incentives would become invalid.

Since China’s hashing power made up 70% of the globe, it would not be surprising if China’s chain beat its previous chain . It’s very likely that during the breakdown, computing system abroad became utterly destroyed. Transactions within two different parts of the same chain of Bitcoin had to be recalculated. It would be a disaster to “Minority chain” Bitcoin-holders whose coins were lost. And we would see bitcoin-based commerce crashed and networks ruined.

Now we see that a mass power outage will divide Bitcoin network into two parts. Perhaps the best solution is to bring a halt to the entire Bitcoin network service as soon as possible before the breakdown occurs to prevent the network from working in isolation. Or there will be an even bigger catastrophe when the connection is restored.

In Bitcoin transactions, each transaction has to be verified by six blocks and each block needs ten minutes for confirming the transaction. Apparently, each transaction needs an hour to be verified. If the breakdown lasts longer than one hour, the damage will be simply unimaginable. The longer the breakdown takes, the greater the loss will be.

When discussing whether or not Bitcoin could stand such big catastrophes, we are usually more concerned about the multi-node backup without realising what result the mechanism of consensus would bring us: chains would isolate one another, compete with one another and devour one another in the end.

Monopoly over Hashing Power ≠ 51% Attacks

Today, our confidence on Bitcoin system is reassured by the common belief that it’s nearly impossible to obtain 51% of hashing power. However, the truth is, some ASIC miners who have actually monopolised 51% of hashing power are causing headaches for Bitcoin supporters.

Latest report on MIT Technology Review (Jan.18th, 2018) suggests that both Bitcoin and Ethereum belong to an inclusive blockchain system. In other words, anyone can be a miner. However, this may also result in the monopoly of certain groups and organisations who desire to seize vast amount of mining resources.

A weekly report shows that the four biggest Bitcoin miners take some 53% of the total amount of mining power, while Ethereum mining activities turns out to be a more “centralised” model: the top three mining pool operators are taking more than 61% of the total amount every week. This has led to an intriguing question: is the core of Bitcoin, which is “decentralisation”, being undermined by the monopoly over hashing power?

The answer is no. 51% attacks will not come from the system itself.

These big miners had tremendous investment on facilities and electricity supply for mining activities. Such an attack could possibly destroy the integrity of the system, causing the price to crash. This is clearly not good news for anyone with an interest in bitcoin, – especially miners, whose profits depend largely on the price of bitcoin. Hence, there is no reason to attack the network.

Therefore, such an attack must come from the outside.

Now back to the imagined catastrophe. We can see that attackers do not necessarily need to gain control over hashing power. The more destructive way is to disrupt network systems, which requires little labour and less investment. Attacker may take following actions:

1.Controlling the routing policy of backbone network servers.

2.Gaining network service suppliers’ back-door access.

3.Disrupting telecommunication services.

4.Breaking or disabling a nation’s firewall.

As it’s shown above, attackers do not need to be someone inside the system. And it requires little effort and electricity to start an attack by controlling the network layer. We have no difficulty, then, in finding out the deadliest flaw in the structure of Bitcoin and other cryptocurrencies: a highly-centralised network layer.

A Too Often Ignored Default Assumption: Channel Security

Peer-to-peer communication technology serves as the bottom layer of blockchain. Blockchain is in essence a P2P-based Value Delivery Protocol.

Bitcoin has adopted an Internet-based peer-to-peer network system, in which computers and nodes are equally privileged; and nodes are connected with one another in a “flat” topological structure. In the peer-to-peer network, there are no intermediary servers or centralised services; nor are there any hierarchical systems. Nodes in peer-to-peer networks work together as service suppliers of one another.

We may take a look at case of the global Internet during its early stage. Nodes in its IP networks are equally privileged, while today’s Internet had adopted a hierarchical structure (still, the flat, topological structure of IP protocols in today’s Internet remains unaltered). Document sharing is as well a typical example and one the most astounding successes of the use of peer-to-peer technology, with Napster pioneering the industry and BitTorrent bringing a revolutionary change.

The so-called Bitcoin network is in fact a whole set of nodes that operate under Bitcoin’s peer-to-peer protocols. We need to note that there are other protocols that prevail in Bitcoin network as well. Stratum Protocol, for instance, is applied to mining and Bitcoin wallets. Gateway Router Server, on the other hand, works as protocol-suppliers and install peer-to-peer protocols in Bitcoin network, allowing each node in other protocols to gain access to the network. Moreover, it bridges Stratum Protocol to Bitcoin’s peer-to-peer protocol. Here what we mean by “extended bitcoin network” is in fact the whole set of protocols, including peer-to-peer protocol, mining protocol, stratum protocol and other integrated networks that are used in Bitcoin system.

The main network where peer-to-peer protocol takes effect consists of 7000 to 10000 monitoring nodes that work for Bitcoin Core Client of different versions and hundreds of nodes that work for different sorts of applications under Bitcoin’s peer-to-peer protocol (BitcoinJ, Libbitcoin, btcd, etc.) A fraction of these nodes in the peer-to-peer network serve as mining nodes that are often involved in mining competitions, transaction confirmation and block building.

Nodes normally use 8333 port under TCP Protocol to build connection with correspondent nodes. (In Bitcoin settings, normally we would use 8333 port; other designated ports might be used as well.)

Peer-to-peer network simply offers nodes a platform for information sharing. The main part of the job is done by consensus algorithms and encryption algorithm. That means receivers have to fully trust senders and data carried by certain block should remain authentic without any alteration by any third party. In fact, this has to be based on an implied premise or a default assumption. This assumption, though rarely mentioned in Satoshi’s paper, is of grave importance:

· We assume that we fully trust blockchain softwares and that the data delivered would remain authentic and unaltered.

· We assume that we fully trust the operation system of blockchain soft wares and that the data delivered would remain authentic and unaltered.

· We assume that we fully trust the central processor intended for the network and believe that the data it carried would remain authentic and unaltered.

We all know that Bitcoin was based on the idea of “network neutrality”; but what is ironic about it is that the bottom layer of the network, which carries the decentralised system, is in fact highly centralised.

Bitcoin’s transmission protocol is accessible to us all. It is written in plain, regular characters. Because data transmission does not really matter that much to blockchain. There’s basically no need of encrypting them for fear that they might be stolen. You see, the first four characters of Bitcoin, 0xF9BEB4D9, are rather well-organised. However, Satoshi failed to realize that there’s something dangerous in the transmission protocol that may lead to 51% attack someday.

Merge attack:

What’s interesting about Blockchain is that the word “Blockchain”, used so often in Satoshi’s white-paper, was not invented by Satoshi. The word “Block” had appeared 67 times in the white-paper and “chain” 27 times. However, the author of the white-paper had not even attempted to put these two words as a whole. We all know that the word “Block” means a piece of solid material. But we should not forget that this word, when used as a verb, actually means “obstruct” or “hinder”. People simply fail to catch the hidden message in the word: Blockchain can be blocked.

Consensus mechanism lies in Bitcoin as its core. Consensus is pretty much like a voting machine supported by distributed system. Any adjustment or alteration in hosted network of distributed system will change “consensus”. This is what we call “merge attack” or “consensus attack”.

Merge attacks tear blockchain apart and divide blockchain network into two independent chains that may go beyond “Consensus Threshold” (for instance, 51% POW); and then after some while (technically speaking, after confirming transactions), the two chains will have to regroup and compete with each other.

Merge attack is essentially a certain form of combination of partition attack and delay attack. And it has been proved that merge attack is way more destructive than DDos attack and IP blocking.

· DDos’s attempts of attacking nodes and miners prove to be rather futile and fruitless. And normally its effect would not last long, for it’s not difficult for nodes and miners under attack to understand the situation when their free access to the outside world is blocked; under this circumstance, the assaulted miner may easily change his or her IP address. As a result, this sort of attack turns out to be less destructive than they seem to be for the simple reason that on changing IP address, the communication with other nodes may still be restored and transactions confirmed; the effect, therefore, would never be a devastating one.

· The way merge attack works, however, differs a good deal from that of other attacks. By tearing networks apart, two independent local area network would very naturally come into existence, the nodes in it may still communicate with one another without being conscious of danger. Exposing network layers to healing attacks may lead to the collapse of consensus mechanism: Nodes always stick to the code-is-law principle; as a result, branches and sub-chains will devour one another. If we do not stick to codes, then forks need to be created by human force and this will lead to the collapse of faith in the system. The entire network of Bitcoin would no doubt break down under several rounds of merge attacks.

It’s worthwhile to note that Bitcoin is not the only victim of merge attacks. Other cryptocurrencies (for instance, Ethereum) can be exposed to such fatal attacks as well. Ethereum, for example, used to spare no effort in encrypting its communication protocol to make safer smart contracts. However, its communication protocol is no less difficult to be identified and targeted. Attackers may still take advantage of mid-long links in network communications, overlapped heartbeat mechanisms and basic features to isolate networks and start merge attacks.

Therefore, no cryptocurrencies can stay perfectly impervious to merge attack unless certain adjustments are made on the bottom-layer of communication network to camouflage its data. And the most talked-about coins nowadays, including Litecoin, Monero, Bitcoin cash and quantum chain, are no exceptions. Claims made by such agencies seem rather groundless.

When applying consensus algorithms (POW, POS, DPOS), we need to prevent the transmission from being disturbed or disrupted. Algorithms in distributed system is used to solve the problem of consistency and validity on the premise that channels are safe. If there’s no such a premise, the consistency and validity will mean nothing.

BGP Hijacking

We know that merge attack is often used to destroy blockchains. And the most commonly launched attack is BGP hijacking. So here comes the next question: what is BGP hijacking?

Border Gateway Protocol (BGP) is a crucial component of the Internet, responsible for determining routing paths. BGP hijacking — that is, using BGP to manipulate Internet routing paths — has become more frequent in recent years. Cybercriminals and governments alike have taken advantage of this technique for their own ends, such as traffic misdirection and interception. This blog post will provide an overview to BGP and describe how BGP hijacking is performed.

BGP is a protocol used to exchange routing information between networks on the Internet. It is used to determine the most efficient way to route data between independently operated networks, or Autonomous Systems. As such, BGP is commonly used to find a path to route data from ISP to ISP. It is important to note that BGP is not used to transfer data, but rather to determine the most efficient routing path. The actual transfer is accomplished using whatever protocol is necessary, likely another member of the TCP/IP suite.

Now, assume I need to send data to the other side of the world. Eventually this data must leave the network my ISP controls, and BGP must be used. Of course, a routing path can’t be determined from one Autonomous System alone. This is where BGP peers, or neighbors, come in. Peers are Autonomous Systems that have been manually configured to share routing data. As an Autonomous System “learns” new routes, this information is propagated to its peers. By aggregating routing information received from BGP peers, the router handling the data can identify the most efficient path. This path is determined by a variety of factors, including distance and configuration settings implemented by the router administrator. Because peers, and therefore route propagation, are manually configured, it is necessary to compromise an edge router broadcasting external BGP announcements to perform Internet-level BGP hijacking. Despite this difficulty, BGP hijacking attacks are occurring in the wild. Please refer to Figure I below for a graphical overview of BGP.

Since BGP determines how data travels from its source to its destination, security is a concern. By manipulating BGP, data can be rerouted in an attacker’s favor allowing them to intercept or modify traffic. Internet-level BGP hijacking is performed by configuring an edge router to announce prefixes that have not been assigned to it. If the malicious announcement is more specific than the legitimate one, or claims to offer a shorter path, the traffic may be directed to the attacker. Attackers will frequently target unused prefixes for hijacking to avoid attention from the legitimate owner. By broadcasting false prefix announcements, the compromised router may poison the Routing Information Base (RIB) of its peers, as shown in Figure II. After poisoning one peer, the malicious routing information could propagate to other peers, to other Autonomous Systems, and onto the broader Internet.

Multiple instances of BGP hijacking have been recorded in the last three years. In several examples documented by Renesys, BGP hijacking was performed in 2013 to reroute data through arbitrary countries prior to the intended destination. One attack saw traffic, intended to go from Mexico to the United States, diverted to Belarus before reaching its destination. By advertising false BGP broadcasts, the Belarusian ISP successfully propagated illegitimate routes onto the Internet. In this case, corporate or state espionage is a likely explanation. However, there are indications of BGP hijacking being performed by non-state adversaries as well.

In a 2014 attack analyzed by Dell SecureWorks, BGP hijacking was used to intercept Bitcoin miners’ connections to a mining pool server. By rerouting traffic to a mining pool controlled by the attackers, it was possible to steal the cryptocurrency resulting from the victim’s mining. This attack collected an estimated $83,000 in cryptocurrency over a two-month period.

In July 2015, a breach of the surveillance software provider Hacking Team resulted in a leak of internal company emails. The emails revealed that, in 2013, the Italian government worked with Hacking Team and an Italian ISP to conduct BGP hijacking. After an IP block hosting a Hacking Team command and control (C&C) server went offline, the malware communicating with the C&C was also left unreachable. By fraudulently announcing the IP prefix hosting the C&C, Hacking Team reestablished access with the infected machines. This is the first documented instance of a Western government using BGP hijacking.

It’s a truth universally recognized that mining pools may work beyond geographic borders and there can be several ISP (Internet Service Suppliers) between miners and mining pools. This may bring danger. And these steps are very likely to be exposed to BGP hijackings planned by hackers.

Fatal Drawbacks: Byzantine Generals Problem & Two Generals’ Problem

Bitcoin is a large-scale social experiment with application of distributed system. It is also referred to as a practical solution to the so-called “Byzantine Generals Problem”. You can google it for more information.

Leslie Lamport, the winner of the 2013 Turing Award, first proposed the question of fault tolerance in his paper The Byzantine Generals Problem, published in the year 1980. Lamport, a master who pioneered the study of distributed system, proposed the most complicated fault-tolerance model ever in the field. Here’s a story known to many of us:

Many of us are no strangers to the history of Byzantine: Byzantine (today’s Istanbul) was the capital of the Eastern Roman Empire. The Empire had seized vast territory; and it soon felt the obligation to send fighters and soldiers to different parts of the empire. Generals of the army had to send messengers for communication. Generals, some of whom might be traitors or spies, had to reach agreement on whether or not they should attack their enemies when it came to wars and conflicts. It’s very likely that the voting result could not represent the real public opinion. So here comes the question: how should the loyal general stay unaffected by spies and reach an agreement that could represent the majority?

When discussing Byzantine Generals Problem, we do not need take messengers into consideration. Lamport had proved that it’s impossible to reach an agreement on unreliable channels where certain messages are missing.

Another problem, “Two Generals’ Problem”, is more fundamental and more intriguing.

Two armies led by two generals were about to capture a well-built town. The two armies were the stationed in different valleys near the town. Between the two valleys, there was another valley. And messengers from one army had to cross the valley to send message to the military camp of the other army. The problem is, this valley was under the control of the enemy. Some of the messages could get lost. The two generals had decided to attack together but they had not set the exact date. And they had to work together for any unilateral attempt by one army would most definitely lead to failure. So, they had to send messengers to do the communication and set a date. Moreover, the general of one army had to make sure that his partner from the other army had learned his plans by heart.

Two Generals’ Problem tries to examine the difficulties in sending message and transmitting information through an unreliable channel. This case is often used in courses for beginners to explain why TCP Protocol cannot keep both ends of communication consistent. Two Generals’ Problem may account for the failures in any point-to-point communication.

When comparing the two stories, we may find that Byzantine General Problems shares an uncanny resemblance with Two Generals’ Problem. However, it’s worthwhile to note that messengers might get caught by the enemies when they tried to travel across the valley. In other word, in the case of Two Generals’ Problem, there is actually no reliable channels. And there were no traitors in the armies. So, these two problems are essentially different.

It’s a truth universally acknowledged that the Two Generals’ Problem is the first problem to which there’s no solution in the field of computer communication. So, we have every reason to believe that there’s no way in which we may solve the Byzantine General Problem as well.

That also means during the transmission of information, it’s possible that some information may be tampered with, monitored or lost. Perhaps the solutions to these problems lie in the future “Quantum Communication”

We may leave aside the heated debate on which consensus algorithm is the best one. We must bear in mind that the most important thing is to make sure that we have a safe information channel.

The lack of consideration on the safety of communication layer is the essential defect of Bitcoin and its theory.

Blockchain Security Obscure (BSO)

Our faith in Bitcoin are built on our faith in “decentralization” i.e. we have to make sure the entire system is governed by itself and stays perfectly impervious to intermediaries. So, the success of a cryptocurrency largely depends on whether or not it has achieved perfect decentralization. Satoshi had taken everything for granted. He failed to realize the fact that the Internet is built around central servers and the importance of decentralization. Any failed attempts of decentralization will become the Achilles’ heel of Bitcoin, crushing its future.

To fully decentralize Bitcoin and make it a “value network”, we have to make sure that its network will be safe enough. In reality, we can never find a network communication that is 100% safe, open and neutral. Quantum communication still has a long way to go before it becomes a reality. So, what we can do now is to make full use of our current technology, focus on safety and cost control, and improve the peer-to-peer communication protocol. We have to figure out what is the best way to safeguard blockchain with engineering science. We have to make sure that future hackers would hardly stand the high cost of attack; and they would give up attacks of any form (intercepting, monitoring, disrupting, etc.).

Ethereum and many other cryptocurrencies began to use encryption protocols. This is of course a pretty good start. However, these protocols may still leave some traces that may be of use to attackers. Early this year, a competition was held by National Engineering Lab of Network Security. Competitors were asked to decrypt files and data. Nearly all the files and data were finally decrypted.

Therefore, we find the unavoidable necessity of designing a new version of BSO (Blockchain Security Obscure Protocol). Our goal is to obscure and “camouflage” the features of data transmission in peer-to-peer network. Attackers would find it more difficult to recognize them. And the cost of launching an attack or interception would become simply unbearable. That’s how we manage to make blockchain communication much safer.

As a security countermeasure project, normally BSO has two countermeasures. The first is a direct countermeasure. In other word, we can design a new protocol with stronger encryption which makes it hard for an intermediary to detect application services by analyzing the traffic and the flow. However, the inner features of the new protocol make it vulnerable to other attacks. The other is a circuitous, indirect countermeasure: we may camouflage application service traffic and make attackers believe that there’s nothing special about it; in the meantime, it is still works under a legal encryption protocol. In this way, we can make the traffic and flow hard to identify.

Blockchain Security Obscure Protocol is only a beginning. Obfuscation technology and machine learning will make progress together as a pair of rivals by competing with each other. And soft forks will help blockchain network develop and become better versions of itself.

An Overview of BGP Hijacking

An Overview of BGP Hijacking

Border Gateway Protocol (BGP) is a crucial component of the Internet, responsible for determining routing paths. BGP hijacking — that is, using BGP to manipulate Internet routing paths — has become more frequent in recent years. Cybercriminals and governments alike have taken advantage of this technique for their own ends, such as traffic misdirection and interception. This blog post will provide an overview to BGP and describe how BGP hijacking is performed.

Introduction to BGP

BGP is a protocol used to exchange routing information between networks on the Internet. It is used to determine the most efficient way to route data between independently operated networks, or Autonomous Systems. As such, BGP is commonly used to find a path to route data from ISP to ISP. It is important to note that BGP is not used to transfer data, but rather to determine the most efficient routing path. The actual transfer is accomplished using whatever protocol is necessary, likely another member of the TCP/IP suite.

In technical terms, a collection of IP prefixes operated by the same entity is referred to as an Autonomous System. Autonomous Systems are each assigned an Autonomous System Number (ASN) by the Internet Assigned Numbers Authority (IANA). Let’s demonstrate:

Here in Phoenix, I’m currently assigned an IP address from my ISP, Cox Communications — assume this is 70.177.9.30. This IP address belongs to the larger address space, 70.177.0.0/20, referred to as a prefix. The 70.177.0.0/20 prefix is owned by Cox Communications, and is announced as part of AS22773. AS22773 announces hundreds of prefixes, of which 70.177.0.0/20 is a part.

Now, assume I need to send data to the other side of the world. Eventually this data must leave the network my ISP controls, and BGP must be used. Of course, a routing path can’t be determined from one Autonomous System alone. This is where BGP peers, or neighbors, come in. Peers are Autonomous Systems that have been manually configured to share routing data. As an Autonomous System “learns” new routes, this information is propagated to its peers. By aggregating routing information received from BGP peers, the router handling the data can identify the most efficient path. This path is determined by a variety of factors, including distance and configuration settings implemented by the router administrator. Because peers, and therefore route propagation, are manually configured, it is necessary to compromise an edge router broadcasting external BGP announcements to perform Internet-level BGP hijacking. Despite this difficulty, BGP hijacking attacks are occurring in the wild. Please refer to Figure I below for a graphical overview of BGP.

Figure I – BGP Overview

BGP Hijacking

Since BGP determines how data travels from its source to its destination, security is a concern. By manipulating BGP, data can be rerouted in an attacker’s favor allowing them to intercept or modify traffic. Internet-level BGP hijacking is performed by configuring an edge router to announce prefixes that have not been assigned to it. If the malicious announcement is more specific than the legitimate one, or claims to offer a shorter path, the traffic may be directed to the attacker. Attackers will frequently target unused prefixes for hijacking to avoid attention from the legitimate owner. By broadcasting false prefix announcements, the compromised router may poison the Routing Information Base (RIB) of its peers, as shown in Figure II. After poisoning one peer, the malicious routing information could propagate to other peers, to other Autonomous Systems, and onto the broader Internet.

Figure II – BGP hijacking

Multiple instances of BGP hijacking have been recorded in the last three years. In several examples documented by Renesys, BGP hijacking was performed in 2013 to reroute data through arbitrary countries prior to the intended destination. One attack saw traffic, intended to go from Mexico to the United States, diverted to Belarus before reaching its destination. By advertising false BGP broadcasts, the Belarusian ISP successfully propagated illegitimate routes onto the Internet. In this case, corporate or state espionage is a likely explanation. However, there are indications of BGP hijacking being performed by non-state adversaries as well.

In a 2014 attack analyzed by Dell SecureWorks, BGP hijacking was used to intercept Bitcoin miners’ connections to a mining pool server. By rerouting traffic to a mining pool controlled by the attackers, it was possible to steal the cryptocurrency resulting from the victim’s mining. This attack collected an estimated $83,000 in cryptocurrency over a two-month period.

In July 2015, a breach of the surveillance software provider Hacking Team resulted in a leak of internal company emails. The emails revealed that, in 2013, the Italian government worked with Hacking Team and an Italian ISP to conduct BGP hijacking. After an IP block hosting a Hacking Team command and control (C&C) server went offline, the malware communicating with the C&C was also left unreachable. By fraudulently announcing the IP prefix hosting the C&C, Hacking Team reestablished access with the infected machines. This is the first documented instance of a Western government using BGP hijacking.

Future Enhancements to BGP

As of this post’s publication, BGP hijacking is difficult to prevent, largely due to the design of BGP itself. The protocol does not support the ability to verify the accuracy of routing information. Perhaps the most promising improvement to BGP comes from the Internet Engineering Task Force (IETF) in the form of BGPsec. Like DNSsec, BGPsec is an extension to BGP that introduces several new protections. Among them is Resource Public Key Infrastructure (RPKI), which will provide a way to associate Autonomous Systems with cryptographic certificates to maintain integrity. Each AS will maintain a digitally signed Route Origination Authorization (ROA) that lists IP prefixes and which AS are permitted to announce them. The implementation of a RPKI for BGP would be a significant improvement to the protocol’s security.

Conclusion

Internet-level BGP hijacking is difficult to execute, since it requires access to edge routers. An attacker would likely need to compromise an ISP, or have an accomplice employed there. Difficulty in exploitation could explain why BGP hijacking attacks have received little attention and why there is no reliable method for preventing them yet. With that in mind, BGP hijacking attacks can be expected to continue.

原文链接:http://www.bishopfox.com/blog/2015/08/an-overview-of-bgp-hijacking/
中文翻译:http://bobao.360.cn/learning/detail/594.html

比特币的闪电网络受到攻击——这对它来说是福还是祸?

比特币的闪电网络受到攻击——这对它来说是福还是祸?

是的,我们已经为闪电网络创建了一个攻击框架。

从神秘组织“BitPico”正在使用一个自动的“攻击工具包”从而阻塞运行闪电网络软件的节点。

在同一时间,一些开发人员报告说闪电节点发生了崩溃,这暂时阻止了他们使用这种为更快、更便宜的比特币交易而设计的技术来进行支付。

比特币的闪电网络受到攻击——这对它来说是福还是祸?

在闪电网络发展之际,越来越多的用户开始使用闪电网络来进行真正的交易——尽管它在发展过程中并不是一帆风顺——在几家创业公司搭建开源闪电网络的几周之后,Lightning Labs第一个运行了它的live beta版的产品。

这次的攻击是一个奇怪的事件,因为相关用户的资金是安全的,他们的钱并没有被偷走。而实际上,包括bitPico在内的那些攻击闪电网络的人甚至在发起攻击的过程中还要花一笔钱。

第一个发现这次攻击的人是Bitrefill的开发人员Justin Camarena,他发现他可以轻松的修复他所在公司被攻击的节点。

但他对对于为什么有人会不以图财为目的去攻击其它的闪电节点而感到困惑。他不知道为什么这些攻击者不直接在GitHub报告闪电网络的任何问题,这样开发人员就可以修复他们所发现的漏洞。

Camarena对CoinDesk说道:

这并不是一场以窃取资金为目的的攻击,在我的理解中他们这么做只是为了表明立场而已。

起初,许多人都有相同的印象,因为bitPico一直是一个有争议的扩容计划的支持者,即使大多数网络参与者放弃了这一努力,但是该组织仍继续支持增加区块大小参数所带来的好处。

但是,根据bitPico的说法,这次的攻击不仅仅是处于政治目的;他们这么做是都出于安全目的:

作为投资比特币的人,我们希望确保第二层的解决方案在真正使用时不会产生零日漏洞;只有我们尝试尽可能多的攻击才是唯一确定它是否安全的方法。

零日漏洞是项目开发人员不知道的安全漏洞。通常情况下这些漏洞会被黑客利用,这些黑客希望漏洞被修补之前可以从系统中窃取数据。

bitPico的攻击始于大约10天前,在更多的人开始使用它之前,这些攻击都是与对软件进行压力测试相关的。而bitPico的计划似乎正在一定程度上发挥着作用。

据bitPico称,他们已经发现了22个不同的攻击载体,而这个神秘组织计划在接下来的几周内继续对闪电网络发起攻击。

一个共同的烦恼

值得指出的是,互联网上的拒绝服务(Dos)攻击是很常见的。

这种攻击是利用网络上已被攻陷的服务器作为“僵尸”,向某一特定的目标电脑发动密集式的“拒绝服务”式攻击,用以把目标服务器的网络资源及系统资源耗尽,使之无法向真正正常请求的用户提供服务。

确实,bitPico的攻击正在促使闪电开发者针对上述问题提出各种可能的解决方案。许多开发人员相信,这些当前的攻击将使闪电网络获得成功。

例如,比特币的拥趸兼作者Andreas Antonopoulos愉快地称这些攻击为“免费测试”,而一些开发人员对此也只是一笑了之。

ACINQ公司的首席执行官Pierre-Marie Padiou说道:

坦率地说,对任何接触到互联网的服务来说,这种攻击都是意料之中的事,在我看来,这并不能算是真正的攻击。

开发人员Alex Bosworth已经开始使用名为iptables的防火墙软件来防止这种通过流量来干扰合法交易的攻击。

像bitPico这样的用户通过开通小额支付渠道发起的攻击仍在进行着,他们也必须为此支付一笔费用。(这是一种攻击者可能会在网络攻击中赔钱的方法——尽管这样做的成本不到一美分)

这是一个问题,因为Lightning Labs的客户端还不允许节点从这些垃圾邮件通道断开连接,这样就会减慢节点处理交易的速度。

Bosworth在未来希望Lightning Labs的实施将允许用户与可疑的通道断开连接。

不过,这些攻击不过仅仅只是Bosworth和Camerena所说的“烦恼”而已。Bosworth说道:

他们浪费了自己的费用来制作这个通道,这仅仅让我感到很烦。

是事故,而不是攻击

所有这一切都表明,虽然闪电网络第一次为真正的资金传递做好了准备——这是一个重大的步骤——但它仍有许多较小的问题需要解决,只有解决了这些问题才能为每天的非技术用户做好准备。

这在最近的另一个场景中这一问题得到了充分的展示:开发人员最初认为是闪电网络受到了攻击,后来证明是一个简单的错误。

在一个多星期前,Bosworth在推特上说,一个“攻击者”广播了一个旧的“通道状态”,它可以让用户有效地窃取另一个用户的资金。

Bosworth在推特上说道:

闪电网络的的拒绝服务攻击者们似乎是有组织的、有动力发起攻击的。

但该网络的规则是按程序设计的那样对用户进行了价值25美元比特币的惩罚。

正义得到了伸张。

Camarena当时在推特上写道,在看到一个恶意攻击者通过广播旧的交易来窃取他人比特币的时候,这个程序就会出来发挥作用。

Bosworth对CoinDesk说道:

这正是它应该做出的回应。这真的很有趣,因为它是真实存在的。

然而,虽然撤销过程是有效的,但它也显示了闪电网络仍然需要更多的调整,因为软件不应该让用户首先发送旧数据。

事实证明,广播旧数据是一个用户进行交易时所发生的以此意外事故,因为他有一个损坏的通道数据库,他在恢复了一个旧备份的同时关闭了他的通道。当通道关闭时,旧的通道状态被广播,他连接的节点检测到它并将其归类为欺诈行为。

尽管如此,闪电网络的开发者认为这些错误是一些好的学习经验,最终会给用户带来一个更严格更安全的网络。

Bosworth在推特中写道:

我们正得到一个很好的机会来发展强有力的点对点的部署策略。

原文:https://www.coindesk.com/bitcoins-lightning-network-attacked-good/

作者:Alyssa Hertig