Bitcoin bgp hijack
We start by describing the two possible network attacks which we consider, namely partitioning and delay attacks, along with their potential impact on Bitcoin.
We then discuss some short and long-term countermeasures that would increase Bitcoin's robustness against network attackers. More details on our work can be found on our website. With partitioning attacks, an attacker aims at splitting the Bitcoin network into at least two disjoint components such that no information e. To partition the network into two components, a network attacker intercepts all the traffic destined to all the Bitcoin nodes contained within one of the component and drops any connection to the other component.
To intercept traffic, a network attacker relies on vulnerabilities in the Border Gateway Protocol BGP , the only Internet routing protocol used today, which does not validate the origin of routing announcements. These attacks, commonly referred to as BGP hijacks , involve getting a router to falsely announce that it has a better route to some IP prefix. By hijacking all the IP prefixes pertaining to the nodes in one component, the attacker can effectively intercept all the traffic exchanged between the two components.
Once on path, the attacker can sever all these connections effectively disconnecting the two components. An animation of the attacks can be found on our website. The extreme centralization of Bitcoin from an Internet viewpoint makes partition attacks particularly effective as few IP prefixes need to be hijacked.
While intercepting Bitcoin traffic using BGP hijacking is effective, any un-intercepted Bitcoin connection bridging the two components would quickly render the partition ineffective. Due to factors such as multi-homing, some nodes cannot be prevented from exchanging information, forming some kind of persistent connections.
The presence of such connections makes partitioning attacks more challenging for the attacker, but not impossible. In our paper , we elaborate on how an attacker can provably identify and mitigate these persistent rogue connections by reducing the size of the partition she is trying to achieve.
By partitioning the network, the attacker forces the creation of two parallel blockchains. Moreover, discarded transactions will be irrecoverably canceled if there exist other transactions in the prevailing branch of the chain which spent the exact same Bitcoins conflicting transactions. Bitcoin nodes are designed to request blocks from only a single peer to avoid overtaxing the network with excessive block transmissions.
The block is requested again from another peer only if the request is not answered after 20 minutes. This design decision, coupled with the fact that Bitcoin traffic is unencrypted, allows for a powerful attack in which anyone intercepting Bitcoin traffic can delay block propagation on the corresponding connections. To do so, the attacker performs simple modification to the content of the Bitcoin messages she intercepts.
As Bitcoin messages are not protected against tampering, neither the receiver nor the sender have any indication that the message has been modified, allowing the attacker to stay under the radar. The actual impact of such an attack depends on the victim and ranges from double spending for merchant nodes to wasted computation power for miners.
An animation of the attack can be found here. Illustration of how an AS-level adversary AS8 which naturally intercepts a part of the victim's traffic node C can delay the delivery of a block to it for 20 minutes. Like for partition attacks, the centralization of Bitcoin nodes in few networks and prefixes, combined with the centralization of mining power in few pools, make delay attacks practical.
If malicious, these ISPs could therefore effectively and invisibly keep many bitcoin nodes uninformed. Unlike partitioning attacks though, we also found that even these powerful attackers could not disrupt the entire cryptocurrency.
Other suggestions include adding UDP heartbeats to detect interception, and ensuring that any block requests are made on multiple connections in parallel. Our work underscores the importance of proposed modifications which argue for encrypting Bitcoin traffic or traffic exchanged among miners. Yet, we stress that not all routing attacks will be solved by such measures since attackers can still disrupt connectivity and isolate nodes by dropping Bitcoin packets instead of modifying them.
Bitcoin does not need encryption to validate if a message is correct — every block has a proof-of-work and get validated if every transaction is valid. And you can only forge a transaction if you have the private key for all inputs it spents. That is the core problem bitcoin solves by using PoW and full history verification of the blockchain. There is no way no way to detect if peer X was bogus or not in the first place.
But there is a ton of value in that. You are commenting using your WordPress. You are commenting using your Twitter account. You are commenting using your Facebook account. Notify me of new comments via email. Notify me of new posts via email. Given the amount of money at stake, Bitcoin is an obvious target for attackers. The Internet infrastructure itself is vulnerable to routing manipulation BGP hijacks , and Bitcoin is really quite centralised when viewed from a routing perspective.
Seventeen billion dollars, clear text, no integrity checks! The core building block: The structure of the Bitcoin network The vulnerability of the Bitcoin network overall to routing attacks depends on the routing characteristics of the Bitcoin network itself.
The key findings are as follows: Unsurprisingly, there seems to be some kind of power law at play whereby a few ASes host most of the Bitcoin nodes. Just a few ASes naturally intercept the majority of Bitcoin traffic. Mining pools are multi-homed and all use at least two ASes to connect to the Bitcoin network. Multi-homing is one of the main protections against routing attacks. Bitcoin routing protocols are stable over time — the same IPs are present on average for Partitioning attacks The goal of a partitioning attack is to isolate some set of nodes P from the rest of the network, effectively partitioning the Bitcoin network into two disjoint components.
Leakage points are nodes currently within P, which maintain connections with nodes outside of P that the attacker cannot intercept… These leakage points are dropped from P until the maximal set of nodes that can be isolated is left. The authors demonstrate the practicality of the attack by hijacking their own nodes: Emphasis mine Second, we estimated the number of prefixes to hijack so as to isolate nodes with a given amount of mining power.
Emphasis mine Delay attacks Delay attacks slow down the propagation of new blocks sent to a set of Bitcoin nodes, without disrupting their connections. Countermeasures The authors recommend the following short-term measures: Increase the diversity of node connections, for example by ensuring that all Bitcoin nodes are multi-homed.
Select Bitcoin peers in a route-aware way, adding extra random connections if the same AS appears in all paths. Monitor RTT to detect sudden changes increases and establish extra random connections as a protection mechanism. Monitor additional statistics as early warning signals of an attack: Ph The last word Our work underscores the importance of proposed modifications which argue for encrypting Bitcoin traffic or traffic exchanged among miners.
Twitter LinkedIn Email Print. Leave a Reply Cancel reply Enter your comment here Fill in your details below or click an icon to log in: Email required Address never made public.