An Analysis of Routing Attacks Against IOTA Cryptocurrency

IOTA is a new type of distributed ledger designed for allowing fee-less and rate-scalable micropayments in Internet of Things applications. Security research on IOTA has focused mainly on attacks involving its cryptographic operations or its consensus algorithm. In this paper, we present a preliminary analysis of the IOTA security with respect to malicious Autonomous Systems (ASes), which can intercept IOTA connections by manipulating routing advertisements (BGP hijacking) or by naturally intercepting traffic. We make the simplifying assumption that the malicious AS can intercept routes between hosts without causing side effects, or without these side effects being noticed by the intercepted hosts. We identify three notable attacks that can lead to permanent money freeze, and to local or global interruptions of the consensus mechanisms. We then analyze the vulnerability of IOTA against malicious ASes on the real Internet topology, and we show that IOTA cryptocurrency is, at the time of writing, pretty susceptible of these attacks because quite centralized from the point of view of BGP routing. We then study the routing-level security of the next version of IOTA (post-coordicide), which has been proposed by the IOTA Foundations to make the cryptocurrency fully distributed.

[1]  Gianluca Dini,et al.  Virtual private ledgers: embedding private distributed ledgers over a public blockchain by cryptography , 2019, IDEAS.

[2]  Navin Ramachandran,et al.  Authenticating Health Activity Data Using Distributed Ledger Technologies , 2018, Computational and structural biotechnology journal.

[3]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[4]  Laurent Vanbever,et al.  Hijacking Bitcoin: Routing Attacks on Cryptocurrencies , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[5]  Sherali Zeadally,et al.  Curbing Address Reuse in the IOTA Distributed Ledger: A Cuckoo-Filter-Based Approach , 2020, IEEE Transactions on Engineering Management.

[6]  S. Popov The Tangle , 2015 .

[7]  A. Dammer How Secure are Secure Interdomain Routing Protocols , 2011 .

[8]  Alberto Dainotti,et al.  ARTEMIS: Neutralizing BGP Hijacking Within a Minute , 2018, IEEE/ACM Transactions on Networking.

[9]  Bilal Shabandri,et al.  Enhancing IoT Security and Privacy Using Distributed Ledgers with IOTA and the Tangle , 2019, 2019 6th International Conference on Signal Processing and Integrated Networks (SPIN).

[10]  Wanlei Zhou,et al.  Identifying Propagation Sources in Networks: State-of-the-Art and Comparative Studies , 2017, IEEE Communications Surveys & Tutorials.

[11]  Ethan Heilman,et al.  Cryptanalysis of Curl-P and Other Attacks on the IOTA Cryptocurrency , 2020, IACR Cryptol. ePrint Arch..

[12]  Garrett Tanzer,et al.  A Cryptanalysis of IOTA ’ s Curl Hash Function , 2018 .

[13]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[14]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[15]  Paul J. M. Havinga,et al.  How to Break IOTA Heart by Replaying? , 2018, 2018 IEEE Globecom Workshops (GC Wkshps).

[16]  Alberto Dainotti,et al.  BGP hijacking classification , 2019, 2019 Network Traffic Measurement and Analysis Conference (TMA).

[17]  Pietro Ferraro,et al.  Distributed Ledger Technology for IoT: Parasite Chain Attacks , 2019, ArXiv.