Hijacking Bitcoin: Routing Attacks on Cryptocurrencies

As the most successful cryptocurrency to date, Bitcoin constitutes a target of choice for attackers. While many attack vectors have already been uncovered, one important vector has been left out though: attacking the currency via the Internet routing infrastructure itself. Indeed, by manipulating routing advertisements (BGP hijacks) or by naturally intercepting traffic, Autonomous Systems (ASes) can intercept and manipulate a large fraction of Bitcoin traffic.This paper presents the first taxonomy of routing attacks and their impact on Bitcoin, considering both small-scale attacks, targeting individual nodes, and large-scale attacks, targeting the network as a whole. While challenging, we show that two key properties make routing attacks practical: (i) the efficiency of routing manipulation; and (ii) the significant centralization of Bitcoin in terms of mining and routing. Specifically, we find that any network attacker can hijack few (<100) BGP prefixes to isolate ∼50% of the mining power—even when considering that mining pools are heavily multi-homed. We also show that on-path network attackers can considerably slow down block propagation by interfering with few key Bitcoin messages.We demonstrate the feasibility of each attack against the deployed Bitcoin software. We also quantify their effectiveness on the current Bitcoin topology using data collected from a Bitcoin supernode combined with BGP routing data. The potential damage to Bitcoin is worrying. By isolating parts of the network or delaying block propagation, attackers can cause a significant amount of mining power to be wasted, leading to revenue losses and enabling a wide range of exploits such as double spending. To prevent such effects in practice, we provide both short and long-term countermeasures, some of which can be deployed immediately.

[1]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[2]  G. King Fibre , 2001, Medicina e historia.

[3]  정희영,et al.  IETF에서의 빠른 핸드오프 기술 표준화 동향 , 2002 .

[4]  Nick Feamster,et al.  Location diversity in anonymity networks , 2004, WPES '04.

[5]  A. Perrig,et al.  SPV: secure path vector routing for securing BGP , 2004, SIGCOMM '04.

[6]  Jennifer Rexford,et al.  Pretty Good BGP: Improving BGP by Cautiously Adopting Routes , 2006, Proceedings of the 2006 IEEE International Conference on Network Protocols.

[7]  Evangelos Kranakis,et al.  On interdomain routing security and pretty secure BGP (psBGP) , 2007, TSEC.

[8]  H. Ballani,et al.  A study of prefix hijacking and interception in the internet , 2007, SIGCOMM '07.

[9]  Steven J. Murdoch,et al.  Sampled Traffic Analysis by Internet-Exchange-Level Adversaries , 2007, Privacy Enhancing Technologies.

[10]  Zhuoqing Morley Mao,et al.  Practical defenses against BGP prefix hijacking , 2007, CoNEXT '07.

[11]  Paul F. Syverson,et al.  As-awareness in Tor path selection , 2009, CCS.

[12]  Randy Bush,et al.  iSPY: Detecting IP Prefix Hijacking on My Own , 2008, IEEE/ACM Transactions on Networking.

[13]  A. Dammer How Secure are Secure Interdomain Routing Protocols , 2011 .

[14]  Sharon Goldberg,et al.  Let the market drive deployment: a strategy for transitioning to BGP security , 2011, SIGCOMM.

[15]  Yang Xiang,et al.  Detecting prefix hijackings in the internet with argus , 2012, Internet Measurement Conference.

[16]  Alexandra Boldyreva,et al.  Provable security of S-BGP and other path vector protocols: model, analysis and extensions , 2012, IACR Cryptol. ePrint Arch..

[17]  Christian Decker,et al.  Information propagation in the Bitcoin network , 2013, IEEE P2P 2013 Proceedings.

[18]  Joshua A. Kroll,et al.  The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries , 2013 .

[19]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[20]  George Varghese,et al.  P4: programming protocol-independent packet processors , 2013, CCRV.

[21]  Prateek Mittal,et al.  Anonymity on QuickSand: Using BGP to Compromise Tor , 2014, HotNets.

[22]  Ghassan O. Karame,et al.  Is Bitcoin a Decentralized Currency? , 2014, IEEE Security & Privacy.

[23]  Meni Rosenfeld,et al.  Analysis of Hashrate-Based Double Spending , 2014, ArXiv.

[24]  Ítalo S. Cunha,et al.  PEERING: An AS for Us , 2014, HotNets.

[25]  Vitalik Buterin A NEXT GENERATION SMART CONTRACT & DECENTRALIZED APPLICATION PLATFORM , 2015 .

[26]  Prateek Mittal,et al.  RAPTOR: Routing Attacks on Privacy in Tor , 2015, USENIX Security Symposium.

[27]  Ethan Heilman,et al.  Eclipse Attacks on Bitcoin's Peer-to-Peer Network , 2015, USENIX Security Symposium.

[28]  Hannes Hartenstein,et al.  A simulation model for analysis of attacks on the Bitcoin peer-to-peer network , 2015, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[29]  Ittay Eyal,et al.  The Miner's Dilemma , 2014, 2015 IEEE Symposium on Security and Privacy.

[30]  Aviv Zohar,et al.  Secure High-Rate Transaction Processing in Bitcoin , 2015, Financial Cryptography.

[31]  Jeremy Clark,et al.  SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies , 2015, 2015 IEEE Symposium on Security and Privacy.

[32]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[33]  Hubert Ritzdorf,et al.  Tampering with the Delivery of Blocks and Transactions in Bitcoin , 2015, IACR Cryptol. ePrint Arch..

[34]  Andrew Miller,et al.  Discovering Bitcoin ’ s Public Topology and Influential Nodes , 2015 .

[35]  Aviv Zohar,et al.  Optimal Selfish Mining Strategies in Bitcoin , 2015, Financial Cryptography.

[36]  Kartik Nayak,et al.  Stubborn Mining: Generalizing Selfish Mining and Combining with an Eclipse Attack , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[37]  Bryan Ford,et al.  Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing , 2016, USENIX Security Symposium.

[38]  Emin Gün Sirer,et al.  Majority is not enough , 2013, Financial Cryptography.