Blockchain Network Attacks & Their Prevention

What is Block chain?

Block chain is a secure database management system, where data or information are kept in separate blocks. Each block has their own cryptographic hash associated with it. Each and every block is connected to each other in a chain-network.

Why Block chain?

Behind the concept of digital currency, block chain is the basic building block. In our current currency exchange system, Bank and government cut an amount from our debit instead of giving the security services for our money. So they charge more security fees for your more deposit. This is a big problem. On the other hand, there is double spending problem. In double spending problem the same currency can be spent more than once. So, this threats are totally deactivated in digital crypto currency system. Block chain is the backbone of the digital crypto currency system. While banking system is a centralized system instead of that Block chain is a decentralized system – which gives more security.

Brief chronology of Block Chain technology:

1991 – Stuart Haber & W. Scott Stornetta first worked on Block Chain.
1992 – Block chain technology is advanced by incorporated it with Merkle tree.
2008 – Bit coin was introduced as a digital currency by Satoshi Nakamoto. It is the first application of the digital ledger technology.
2008-2013 – Block Chain 1.0 was developed
2013 – Ethereum Block Chain technology was introduced.
2014 – Block chain R3 corda platform was introduced.
2015 – Block chain 2.0 was introduced. Hyper ledger was introduced.
2017 – EOS.IO unveiled new block chain protocol block.one
2018-Present – Block Chain 3.0 development is continuing in addition to IoTA (Internet of Things Application) and NEO (An open source block chain decentralized platform).

Disadvantages of Block Chain technology:

• Scalability: It is a big issue in block chain technology. If more users use block chain network at a time, then network, congestion may produce. It results in slowdown of network and transaction becomes slow.
• Energy Consumption: When a transaction occurs in block chain network then every block changes their data also hash is changed. Here very complex mathematical algorithm works. So miners solve this complex mathematical algorithms and spending a lot of energy.
• Block Chain attacks: There are various ways by which such a tight secured block chain system can be attacked. There are 51% attack, network attacks, wallet attacks etc.
• High cost implementation: To implement an open source block chain network and hyper ledger it requires a high costing.
• Hard to implement: To implement and manage a block chain network, it requires a very high knowledge.

Block Chain Attacks:

Block Chain is chain based network technology. It consists of many nodes by which transaction and data routing occurs. On the basis of data in nodes – miners update information and hash in blocks. So now it is very hard to attack blocks and decrypt or change the information inside block. So generally what attackers do that – they attack the nodes.

• DDoS Attack:

Distributed denial of service (DDoS) attacks are hard to execute on a block chain network. Still, block chain technology is susceptible to DDoS attacks and these attacks are actually the most common type on block chain networks. When attacking a block chain network, hackers intend to bring down a server by consuming all its processing resources with numerous requests. DDoS attackers aim to disconnect mining pools, e-wallets, crypto exchanges, and other financial services of the network. A block chain can also be hacked with DDoS at its application layer when hackers use DDoS botnets. Bit coin, along with other block chain networks, takes measures to protect against DDoS attacks.

A DDOS attack is much harder to tackle because to do so you need to differentiate between legitimate and malicious requests. This is a very hard problem. In the context of block chains, this comes down to an almost ideological question. The motivation to introduce transaction fees was to eliminate spam. Some people argue that as long as the requests have a transaction fee attached they cannot be considered spam by definition. While there are certainly situations where you could consider transactions to be spam, it would be a slippery slope to start blocking them. One of the greatest value propositions of public block chains is their censorship resistance. Starting to pick transactions that are not included - no matter of what criteria this censorship is based on - would be a dangerous precedent for any block chain.

• Prevention of DDoS Attack: 

The most recent DDoS attacks have been observed to hijack connected devices such as webcams, baby phones, routers, vacuum robots, etc. to launch their attacks. The number of devices remotely controllable via apps is growing exponentially and the Internet of Things (IoT) is expected to easily surpass 20 billion connected devices by the end of 2020.

One of the associated problems is that many of the connected devices are ill-equipped with security measures to prevent malevolent and improper usage, and thus prove to be the perfect, unsuspecting resources to be recruited into a botnet. The lack of proper security features for connected IoT devices is mainly driven by insufficient prioritization because the potential for disruption has been underestimated in the past, and manufacturing costs and profit potential dictate feature selection. That said, recent events may trigger a re-think to include and promote security features as part of a premium positioning for connected products. At present, infecting IoT devices for creating a botnet couldn’t be easier for a competent hacker.

Today’s IoT ecosystem follows a centralized paradigm, which relies on a central server to identify and authenticate individual devices. This allows malicious devices to launch attacks against other equipment by means of a brute force Telnet attack or other attack vectors. Block Chain technology could enable the creation of IoT networks that are peer to-peer (P2P) and trust less; a setting which removes the need for devices to trust each other and with no centralized, single point of failure. 

A Block Chain, being a universally distributed ledger, ensures the security of all transactions through the cryptographic work of certain participants called nodes which validate those transactions, in return for rewards in the form of crypto-currencies such as Bit coin. This removes the need for a central authority to authenticate a device to interact with another device and also authenticate a user to login to a device.

• Sybil Attack: 

A Sybil Attack is an attempt to manipulate a P2P network by creating multiple fake identities. To the observer, these different identities look like regular users, but behind the scenes, a single entity controls all these fake entities at once. This type of attack is important to consider especially when you think about online voting. Another area where we are seeing Sybil attacks is in social networks where fake accounts can influence the public discussion.

Another possible use for Sybil attacks is to censor certain participants. A number of Sybil nodes can surround your node and prevent it from connecting to other, honest nodes on the network. This way one could try to prevent you from either sending or receiving information to the network. This “use case” of a Sybil attack is also called Eclipse Attack.

• Prevention of Sybil Attack:

One way to mitigate Sybil Attacks is to introduce or raise the cost to create an identity. This cost must be carefully balanced. It has to be low enough so that new participants aren’t restricted from joining the network and creating legitimate identities. It must also be high enough that creating a large number of identities in a short period of time becomes very expensive. In PoW block chains, the nodes that actually make decisions on transactions are the mining nodes. There is a real-world cost, namely buying the mining hardware and consuming electricity, associated with creating a fake “mining-identity”. Additionally, having a large number of mining nodes still doesn’t suffice to influence the network meaningfully. To do that you would also need large amounts of computational power. The associated costs make it hard to Sybil attack Proof-of-Work block chains. Validation of identities are also given before joining the network. These are of 2 types – Direct and Indirect validation.

Direct validation: An already established member verifies the new joiner of the network 

Indirect validation: An established member verifies some other members who can, in turn, verify other new network joiners. As the members verifying the new joiners are verified and validated by an established entity, the new joiners are trusted to be honest.

• 51% Attack: 

The best-known type of attack on public PoW block chains is the 51% attack. The goal of a 51% attack is to perform a double spend, which means spending the same UTXO (Unspent Transaction Output) twice. To perform a 51% attack on a block chain, you need to control a majority of the hash rate, hence the name. A malicious miner wanting to perform a double spend will first create a regular transaction spending their coins for either a good or for a different currency on an exchange. At the same time, they will begin mining a private chain. This means they will follow the usual mining protocol, but with two exceptions. First, they will not include their own transaction spending their coins in their privately mined chain. Second, they will not broadcast the blocks they find to the network, therefore we call it the private chain.

• Prevention of 51 % Attack: 

1. PREVENT MINING POOLS FROM BECOMING TOO BIG 

Ghash.io is the world’s biggest mining pool for Bit coin — amassing up to 50% of the Bit coin network’s hashing power. While it seems to be a highly attractive mining pool for reward-seekers, the imminent threat of amassing 51% control and shaking investor confidence in block chain security has pressured Ghash.io miners into consider reducing their hold. The final call was forcefully made by Ghash.io’s own partner, mining designer BitFury, who relocated its service to its own mining pool in order to force down Ghash.io’s share to a less threatening 30% hold. It may not look difficult to pre-empt a 51% attack, but convincing miners to leave a major pool and its perks is easier said than done.

2. Safeguard Your Blockchain Protocol

51% Attacks are usually targeted at smaller-scale block chains with millions to lose — Bit coin Gold, Lite coin cash and a slew of others are amongst victims of this attack. Instead of targeting the long-standing Bit coin, attackers often target block chains with shaky protocols and a scattered distribution of miners. Their aim: swoop in to claim majority mining power, rearrange transactions and flee with the loot after fraudulently tampering with a big-ticket transaction. As a potential target, fledgling block chains should focus on building safer protocols with the help of an expert pair of eyes to review possible loopholes.

• References:

1. https://www.apriorit.com/dev-blog/578-blockchain-attack-vectors
2. https://www.123rf.com/photo_93111774_futuristic-bitcoin-wallpaper-cryptocurrency-e-business-and-e-commerce-concept-3d-rendering.html
3. https://www.investopedia.com/terms/d/doublespending.asp
4. https://bitcoinik.com/what-is-double-spend-problem/
5. https://cointelegraph.com/tags/decentralization
6. https://101blockchains.com/what-is-neo-blockchain/
7. https://101blockchains.com/history-of-blockchain-timeline/
8. https://en.wikipedia.org/wiki/Ethereum
9. https://www.r3.com/history/
10. https://en.wikipedia.org/wiki/NEO_(cryptocurrency)
11. https://www2.deloitte.com/de/de/pages/technology-media-and-telecommunications/articles/cyber-security-prevention-of-ddos-attacks-with-blockchain-technology.html
12. https://academy.horizen.global/technology/advanced/attacks-on-blockchain/
13. https://www.geeksforgeeks.org/sybil-attack/
14. https://www.investopedia.com/terms/u/utxo.asp
15. https://medium.com/the-capital/decrypting-with-talenta-how-to-prevent-a-51-attack-on-your-blockchain-8a671069ad70
16. https://101blockchains.com/blockchain-protocol/

By Arijit Roy