Blockchains: Breaking the Chain
By Nathan Joyce, Cyber Analyst, Vulnerability Disclosure Program (VDP), DoD Cyber Crime Center (DC3) and Melissa S. Vice, NSI Visiting Fellow
Blockchain is a data structure, or distributed ledger technology (DLT), that records transactions between multiple computers, ensuring more security, transparency, and decentralization for user and company operations. The blocks of data are interconnected, forming a chain of records controlled by no single authority and open to any and every member of the Blockchain. Users on the Blockchain can hold proposals on changes to the Blockchain. Proposals are typically created by network developers. This ensures all participants on the network agree on changes moving forward. Information that is recorded on the Blockchain becomes immutable by securing each transaction with a digital signature that proves its authenticity. The digital signature ensures the data stored cannot be changed without the Blockchain verifying the data.
It is assumed that Blockchain provides a safe and secure network for digital currency transactions and decentralized applications based on its main characteristic — decentralization. Decentralization is the ownership and decision making from a distributed network of users instead of one centralized authority. This feature provides a high level of data integrity and availability. However, Blockchain ecosystems such as Bitcoin and Ethereum are subject to many different forms of cyber-attacks. These attacks include but are not limited to: eclipse, 51%, sybil, and routing attacks.
An eclipse attack isolates a single node, or user, from the rest of the network, and requires the attacker to control all of the node’s neighbors. This enables the attacker to filter traffic the node receives allowing it to produce illegitimate transaction confirmations, such as dropping transactions or blocks on the Blockchain. This allows the attacker to misdirect the victim into accepting a transaction that has already been validated on the Blockchain. This attack misleads the victim node into wasting time and computing power. If this goes unnoticed for some time, it could cost the victim a hefty utility bill. Since an eclipsed node is essentially blocked from the network, attackers can launch this type of attack on multiple nodes of the network and then launch a successful 51% attack.
Recommended by LinkedIn
A 51% attack is when a single entity, whether that it is a single person or single group, controls over 50% of the Blockchain network. Since the Blockchain uses a distributed ledger to verify cryptocurrency transactions, controlling over half of the network allows the single entity the ability to rewrite parts of the Blockchain by blocking new transactions from being confirmed and change the ordering of new transactions and reverse one’s personal transactions. The attack is theoretically limited to the amount of disruption it can cause as the attacker cannot reverse others’ transactions or stop users from conducting transactions on the network.
A Sybil attack is the act of a malicious actor trying to take control of the Blockchain by creating multiple nodes on the network. Certain Blockchains have a consensus mechanism in place, and if one owns a node on the network, they can participate in the proposal. If the attacker creates an infinite number of nodes or accounts on the network, the outcome of the proposal can be majorly impacted by the surplus of nodes or accounts owned by a single entity. Subsequently, if the attacker creates enough nodes on the network, it can result in a 51% attack as previously explained.
Routing attacks, which result in the partition of a Blockchain into two or more disjoint networks, have often been overlooked as they are generally considered too challenging to be practical. For blockchain, routing attacks would prevent nodes within a component from communicating with nodes outside of it, and the attacker could force the creation of an isolated blockchain, separated from the main network. After the attack ends, all blocks created within the disjointed Blockchain will be discarded together with all included transactions. However, Blockchain characteristics make routing attacks difficult to execute. While one can run a Blockchain node from anywhere on the earth, the nodes that compose the network are far from being spread uniformly around the globe. As all Blockchain networks and applications depend on the massive volume of data transfers in real-time, an attacker would need to intercept data during its transmission to the internet service provider.
Each attack described above has a real-world impact on Blockchain technology. Luckily for us, the nature of Blockchain is that as the network’s size grows, its resistance to these attacks becomes more prevalent. As time goes on, developers will become keener in designing and upgrading networks with more security in mind. It is only the beginning for Blockchain technology.
