Research Shows How Bitcoin Can Be Attacked Via Internet Routing Infrastructure

Research Shows How Bitcoin Can Be Attacked Via Internet Routing Infrastructure

9631
3
SHARE

Researchers from ETH Zurich and the Hebrew University have found how “internet routing attacks” and “malicious Internet Service Providers (ISPs)” can attack the Bitcoin network. In their research paper entitled “Hijacking Bitcoin: Routing Attacks on Cryptocurrencies”, they describe the attacks as well as countermeasures against them. The paper will be presented at the 2017 IEEE Symposium on security and privacy in May.

Also read: Attacks on Data Privacy May Get Scarier in 2017

Internet Routing Attack Vector

There are already many known Bitcoin attack vectors such as double spending, the 51% attack, DDoS, eclipsing, and transaction malleability. However, the authors asserted that:

One important vector has been left out though: attacking the currency via the Internet routing infrastructure itself.

Research Shows How Bitcoin Can Be Attacked Via Internet Routing InfrastructureWhile a Bitcoin node can be run from anywhere on earth, the researchers found that most of them are hosted with a few ISPs. Specifically, they found that 13 ISPs host 30% of the entire Bitcoin network. In addition, 60% of all possible Bitcoin connections cross 3 ISPs.

“Together, these two characteristics make it relatively easy for a malicious ISP to intercept a lot of Bitcoin traffic,” they wrote, adding that “any third-party on the forwarding path can eavesdrop, drop, modify, inject, or delay Bitcoin messages such as blocks or transactions.”

Two Types of Attacks Warned

Research Shows How Bitcoin Can Be Attacked Via Internet Routing InfrastructureThe paper then describes two types of attacks claimed to be practical and possible today.

The first is called a “Partition attack” which aims to partition the Bitcoin network or “completely disconnect a set of nodes from the network”. The second is called a “Delay attack” which aims to delay the propagation of new blocks to a set of Bitcoin nodes without disrupting their connections.

To determine their effects, the authors set up a network and initiated the attacks on themselves. They performed a hijack in the wild against their own Bitcoin nodes to learn the effect of a Partition attack. For a Delay attack, they used an interception software against their own Bitcoin nodes. They eventually came to the conclusion that:

The potential damage to Bitcoin is worrying. By isolating parts of the network or delaying block propagation, attackers can cause a significant amount of mining power to be wasted, leading to revenue losses and enabling a wide range of exploits such as double spending.

Possible Countermeasures

The paper offers various suggestions to combat the routing attacks of Research Shows How Bitcoin Can Be Attacked Via Internet Routing Infrastructureboth kinds. While nothing is a cure for all attack types, the more countermeasures deployed, the more effective a defense Bitcoin users will have.

Both long and short-term countermeasures were suggested. Recommended strategies include increasing the diversity of node connections, selecting Bitcoin peers that are routed further away, monitoring round-trip communication times, and even encrypting all node traffic. The research team also proposes monitoring any other additional statistics so that deviations from normal behaviors can be immediately identified at each node.

The full list of countermeasures can be seen here.

What do you think of these attacks? Let us know in the comments section below.


Images courtesy of Shutterstock


Have you seen our new widget service? It allows anyone to embed informative Bitcoin.com widgets on their website.

  • Darey Olushina

    This shouod not be more of a threat to bitcoin i believe, since isp are cooperate bodies any isp or group of isp found or proven to carry out such attack, legal action can be taken against them and be heavily fined, and again this should serve as a warning to spread nodes accross many isp such that no isp should hold considerable percentage of nodes

  • concerndcitizen

    Don’t be naive, every major router on the internet is controlled by security agencies who have strong ties to the central banking power structure. Go look at some of Snowden’s disclosures around routers and the tookits to break in and pwn them. With these tools you can use deep packet inspection to search for certain types of packets, looking at which port is being used, etc. If you can identify a certain type of data, a sender or receiver or other pattern, you can copy and retain a set of the data, diminish the QOS (quality of service) or even block the packets. The router owner is unaware of these tactics, so don’t bother suing the ISP; these tools should be assumed to be in the hands of criminal gangs.

    • Sam The Fifth

      No.