Blok Zinciri Teknolojisine Yapılan Saldırılar Üzerine bir İnceleme

Son zamanlarda; blok zinciri tabanlı kripto para ödeme sistemleri(bitcoin, ethereum) oldukça popüler olmuştur. Merkezi olmayan eşler arası(P2P) ağ yapısına sahip olan bu sistemde tüm işlemler, sadece ekleme yapılabilen bir ana defterde(ledger) tutulmaktadır. Madenciler ise bu ağ yapısındaki düğümleri oluşturmaktadır, her madenci defterin yerel kopyasına sahiptir. Blok zincirinde, PoW uzlaşma protokolü işlemi onaylamakta ve zincire yeni blok eklenmesine izin vermektedir. Ödülü almak için, madenciler eşler arası ağda işlemi tamamlamak için birbirleriyle yarışırlar. Ödül sistemi, blok zinciri kullanan bitcoin’i popülerleştirmiş, fakat aynı zamanda saldırganların blok zincirine ilgisini artırmıştır. Saldırganlar tarafından blok zincirinin madenci havuzuna ve ağ yapısının güvenliğine farklı saldırılar yapılmıştır. Bu makalede, blok zinciri alt yapısına karşı mevcut saldırılar sunulmuştur. İlk bölümlerde, P2P mimarisine, uzlaşma protokolüne ve işlemlere yönelik saldırı tipleri araştırılmıştır. Bu bölümde, %51 saldırısı, Çift harcama, Finney, Vector76, Kaba Kuvvet, Sybil, Eclipse, Denge gibi saldırılar açıklanmış ve çözümler önerilmiştir. Daha sonra, Bencil madencilik ve Blok Atma, Blok Tutma(BWH), Blok Tutma Sonrası Çatallanma(FAW), Havuz sıçrama saldırısı, Cezalandırıcı Çatallanma ile Kara Listeye Alma, Köpük saldırısı ve Rüşvet Saldırısı gibi madencilik havuzuna karşı saldırılar incelenmiş ve savunma stratejileri sunulmuştur. Son bölümde de blok zinciri altyapısında kullanılan kriptografi’nin geleceği üzerinde tartışılmış ve Post Kuantum Kriptografi’nin etkilerinden bahsedilmiştir

A Survey of Attacks on Blockchain Technology

In recent times, popularity of blockchain based crypto currencies (bitcoin and ethereum) have been increased. Blockchain system has decentralized peer to peer (P2P) network, all transactions are recorded in a public ledger that can only be appended. The miners constitute the nodes of this network and every miner has local copy of ledger. In blockchain, PoW consensus algorithm is used to verify transaction and give permission to append new blocks to chain. To get reward, miners compete with each other to complete transactions on the peer to peer network. The reward system popularized Bitcoin, which uses block-chain, but at the same time attracted the atention of the attackers in the block chain. In this paper, current attacks against the block-chain are presented. In the first part, attack types to P2P architecture, consensus protocol and transaction are investigated. In this part, 51%, Double Spending, Finney, Vector76, Brute Force, Sybil, Eclipse and Balance attacks are explained and solutions are proposed. In addition, pool mining attacks such as block withholding attack (BWH), Pool hoping attack, Blacklisting via Punitive Forking, Feather Forking and bribery attack are presented. In the last part, the future of cryptography used in blockchain infrastructure has been discussed and effects of Post Quantum Cryptography have been mentioned

Keywords:

blockchain, security bitcoin, ethereum,

PDF

___

[1] İnternet: D. Furlonger, J. Lopez, What CIOs Should Tell the Board of Directors About Blockchain, Gartner Research, https://www.gartner.com/doc/3606027/cios-tell-board-directorsblockchain, 01.08.2018.
[2] D. Chaum, "Blind signatures for Untraceable payments", Advances in Cryptology: Proceedings of Crypto 82, 199-203, Springer, 1983.
[3] İnternet: Coin Market Cap, List of cryptocurrencies, https://coinmarketcap.com/all/views/all/, 15.07.2018.
[4] İnternet: Bitcoin Bitcoin (BTC) price stats and information, https://bitinfocharts.com/bitcoin/, 15.07.2018.
[5] İnternet: S. Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System, 2008, https://bitcoin.org/bitcoin.pdf, 06.07.2018.
[6] A. Zohar, “Bitcoin under the Hood”, Communication of the ACM, 58(9), 104-113, 2015.
[7] W. Stallings, “A Blockchain Tutorial”, Internet Protocol Journal, 20(3), 2-24, 2017.
[8] I. Lin, T. Liao, "A Survey of Blockchain Security Issues and Challenges", International Journal of Network Security, 19(5), 653-659, 2017.
[9] İnternet: N. Gopie, What are smart contracts on blockchain?, https://www.ibm.com/blogs/blockchain/2018/07/what-are-smartcontracts-on-blockchain,17.07.2018.
[10] İnternet: G. Jenkinson, GPUs And ASICs - A Never Ending Battle For Mining Supremacy, https://cointelegraph.com/news/blockshow-announcesblockshow-americas-2018-conference-in-las-vegas-august-20-21, 24.07.2018.
[11] A. Back, Hashcash - A Denial of Service Counter-Measure, CyperSpace, 2002.
[12] İnternet: Basic primer, Blockchain Consensus Protocol, https://blockgeeks.com/guides/blockchain-consensus/,18.07.2018.
[13] A. Narayanan, J. Bonneau, E. Felten, A. Miller, S. Goldfeder, Bitcoin and Cryptocurrency Technologies: A Comprehensive Introduction, Princeton University Press, 2016.
[14] Y. Sompolinsky, A. Zohar, “Secure high-rate transaction processing in bitcoin”, International Conference on Financial Cryptography and Data Security, 507–527, 2015.
[15] Y. Lewenberg, Y. Sompolinsky, A. Zohar, “Inclusive block chain protocols”, International Conference on Financial Cryptography and Data Security, Springer, 2015
[16] M. Conti, S. Kumar E, C. Lal, S. Ruj, “A Survey on Security and Privacy Issues of Bitcoin”, IEEE Communications Surveys & Tutorials, ArXiv preprint, arXiv:1706.00916, 2018.
[17] M. Swan, Blockchain blueprint for a new economy, O'Reilly Media, Inc., 2015.
[18] İnternet: A. Rosic, 5 Blockchain Applications That Are Shaping Your Future, HuffPost, https://www.huffingtonpost.com/ameerrosic-/5-blockchain-applications_b_13279010.html/,13.07.2018.
[19] J. J. Xu, ”Are blockchains immune to all malicious attacks?”, Financial Innovation, 2016.
[20] İnternet: M. Crosby, P. Nachiappan Pattanayak, S. Verma, V. Kalyanarama, Blockchain technology: Beyond bitcoin, http://scet.berkeley.edu/wp-content/uploads/AIR-2016- Blockchain.pdf, 2016.
[21] Internet: J. Sinnige, Blockchain: how a 51% attack works (double spend attack), https://medium.com/coinmonks/what-is-a-51- attack-or-double-spend-attack-aa108db63474 , 6.08.2018.
[22] İnternet: I. Eyal, E. G. Sirer, How to disincentivize large bitcoin mining pools, http://hackingdistributed.com/2014/06/18/how-todisincentivize-large-bitcoin-mining-pools/, 31.07.2018.
[23] İnternet: A. Quenston, 4 Lines of Defence Against a 51% Attack, https://www.ccn.com/4-lines-defence-51-attack/, 31.07.2018.
[24] G. O. Karame, E. Androulaki, and S. Capkun, “Two Bitcoins at the Price of One? Double-spending attacks on fast payments in bitcoin,”, ACM Conference on Computer and Communications Security (CCS’12), 2012.
[25] İnternet: Y. Sompolinsky, A. Zohar, Bitcoin's Security Model Revisited, Cryptography and Security, ArXiv preprint, arxiv:1605.09193, 2016.
[26] İnternet: Fake bitcoins?, 2011, https://bitcointalk.org/index.php?topic=36788.msg463391#msg46 3391, 20.06.2018
[27] İnternet: J. Heusser, Sat solvingan alternative to brute force bitcoin mining, https://jheusser.github.io/2013/02/03/satcoin.html, 20.06.2018.
[28] C. Natoli, V. Gramoli, “The Balance Attack Against Proof-OfWork Blockchains: The R3 Testbed as an Example”, CoRR, 2016.
[29] J.R.Douceur, "The Sybil Attack", Peer-to-Peer Systems Lecture Notes in Computer Science, 2429, 251–60, 2002.
[30] İnternet: Y. Marcus, E. Heilman, S. Goldberg, Low-Resource Eclipse Attacks on Ethereum's Peer-to-Peer Network, ePrint (Cryptology) Report 2018 / 236, https://eprint.iacr.org/2018/236.pdf, 27.07.2018.
[31] E. Heilman, A. Kendler, A. Zohar, S. Goldberg. “Eclipse attacks on bitcoin’s peer-to-peer network”, USENIX Security, Washington D.C., ABD, 129-144, 12-14 Ağustos, 2015.
[32] S. Bag, S.Ruj, K. Sakurai, “Bitcoin Block Withholding Attack: Analysis and Mitigation”, IEEE Transactions on Information Forensics and Security, 12(8), 1967-1978, 2017.
[33] M. Rosenfeld, “Analysis of bitcoin pooled mining reward systems”, Distributed, Parallel, and Cluster Computing, ArXiv preprint, arxiv:1112.4980, 2011.
[34] İnternet: N. T. Courtois and L. Bahack, On Subversive Miner Strategies and Block Withholding Attack in Bitcoin Digital Currency, Cryptography and Security, ArXiv preprint, arxiv:1402.1718, 2014.
[35] İnternet: L. Bahack, Theoretical Bitcoin Attacks with Less than Half of the Computational Power, Cryptography and Security, ArXiv preprint, arxiv:1312.7013, 2013.
[36] I. Eyal and E. G. Sirer, “Majority is not enough: Bitcoin mining is vulnerable”, Financial Cryptography and Data Security: 18th International Conference, Springer Berlin Heidelberg, 2014.
[37] J.Bonneau, A.Miller, J.Clark, A.Narayanan, J.A.Kroll, E Felten, "SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies", 2015 IEEE Symposium on Security and Privacy, 2015.
[38] İnternet: V. Buterin, Selfish Mining: A 25% Attack Against the Bitcoin Network, https://bitcoinmagazine.com/articles/selfishmining-a-25-attack-against-the-bitcoin-network-1383578440/ , 29.07.2018.
[39] G. Karame, E. Androulaki, S.Capkun, "Double-spending Fast Payments in Bitcoin", In Proceedings of the ACM Conference on Computer and Communications Security (CCS), ACM, 2012.
[40] S.Solat, M.Potop-Butucaru, ZeroBlock: Preventing Selfish Mining in Bitcoin, Sorbonne Universites, UPMC University of Paris, 2016.
[41] E.Heilman, "One weird trick to stop selfish miners: Fresh bitcoins, a solution for the honest miner",International Conference on Financial Cryptography and Data Security, 2014.
[42] İnternet: S. D. Lerner, DECOR+ Protocol, https://bitslog.wordpress.com/2014/05/02/decor/, 07.08.2018.
[43] İnternet: S.D. Lerner, Bitcoin Powered Smart Contracts, RootStock Platform Whitepaper, https://bravenewcoin.com/assets/Whitepapers/RootstockWhitePa perv9-Overview.pdf, 03.08.2018.
[44] Y. Kwon, D. Kim, Y. Son, E. Vasserman, Y. Kim, “Be selfish and avoid dilemmas: Fork after withholding (faw) attacks on bitcoin”, ACM SIGSAC Conference on Computer and Communications Security, ACM, 2017.
[45] J. Bonneau, “Why buy when you can rent?”, International Conference on Financial Cryptography and Data Security, Springer, 2016.
[46] M. Rosenfeld, “Mining pools reward methods”, Presentation at Bitcoin 2013 Conference, 2013.
[47] Y. Zolotavkin, J. Garcia, C. Rudolph, “Incentive Compatibility of Pay Per Last N Shares in Bitcoin Mining Pools”, International Conference on Decision and Game Theory for Security, 2017
[48] İnternet: A. Miller, Feather-forks: enforcing a blacklist with sub50% hash power, https://bitcointalk.org/index.php?topic=312668.0, 07.08.2018.
[49] İnternet: M. Fang, P. Hayes, Game Theory and Network Attacks: How to Destroy Bitcoin, https://www.bitcoin.org.hk/media/2017/05/How_to_Destroy_Bitc oin.pdf, 04.08.2018.
[50] P. Rogaway, T. Shrimpton, “Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance”. Fast Software Encryption, Springer-Verlag, 2004.
[51] K. Aoki, J. Guo, K. Matusiewicz, Y. Sasaki, L. Wang, “Preimages for step-reduced SHA-2”, International Conference on the Theory and Application of Cryptology and Information Security, Advances in Cryptology–ASIACRYPT 2009.
[52] İnternet: D. Khovratovich, C. Rechberger & A. Savelieva, Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 family, International Workshop on Fast Software Encryption, 2011.
[53] P.Shor, "Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer", SIAM Journal on Computing, 26(5), 1484-1509, 1995.
[54] D. J. Bernstein, J. Buchmann, Post-Quantum Cryptography, Springer, 2009.
[55] D.J. Bernstein,"Cost analysis of hash collisions: Will quantum computers make SHARCS obsolete?", Proceedings 4th Workshop on Special-purpose Hardware for Attacking Cryptograhic Systems, 2009.