Friday, November 22, 2024 11:30am
About this Event
Brown Lab, Newark
http://cis.udel.eduBlockchains Security under Network Adversaries: Attacks and Defenses
ABSTRACT
Blockchains promise various security benefits in distributed systems, although their security is loosely understood. For instance, it is theoretically established that the Bitcoin blockchain safety relies on strong network synchrony and a stable network configuration, and violating the safety by a majority attack or eclipsing requires strong adversaries (e.g., 51% hash rate or an ISP controlling millions of IP addresses). These requirements are costly. Thus, notable attacks have yet to be observed in practice.
In this talk, we will empirically demonstrate that real-world blockchains, such as Bitcoin, Ethereum, and Ripple, do not conform to the ideal specifications of synchrony and stable network configurations. As a result, we show ways to reduce the requirement for violating blockchain safety by presenting two practical attacks, HashSplit and SyncAttack. In HashSplit, we first formulate an ideal functionality framework for the correct communication among the mining nodes that preserves safety. Our model specifies that strong network synchrony can only be guaranteed if the mining nodes form a completely connected topology and receive blocks simultaneously. However, our large-scale measurements suggest that the mining nodes must conform to the ideal model and receive blocks at different times. Using such settings, we instantiate a well-connected adversary to partition the network with only a 26% hash rate. In the SyncAttack, we unveil that the existing security models have largely ignored the permissionless nature of blockchains characterized by node churn. By exploiting the churn, an adversary can control all connections made among the newly arriving nodes by simply occupying all the incoming connection slots of the existing nodes. Supported by evidence from measurements and root-cause analysis that points to flaws in real-world implementations, we instantiate an adversary that can fork the blockchain with only 120 IP addresses, allowing the adversary to double-spend without any mining powers. We will also discuss defenses for secure blockchains against partitioning.
BIOGRAPHY
David Mohaisen is a Full Professor of Computer Science at the University of Central Florida (UCF). Prior to joining UCF, he held various roles across both academia and industry in the United States and South Korea. At UCF, he directs the Security and Analytics Lab (SEAL), with a research focus spanning computer security and online privacy. He has authored over 200 peer-reviewed publications in top conferences, including CCS, NDSS, S&P, and USENIX Security, and his research has been supported by agencies such as NSF, NRF, AFOSR, AFRL, FC2, and NVIDIA. His work has garnered attention in prominent outlets like MIT Technology Review, New Scientist, Scientific American, Financial Times, Science Daily, Slashdot, The Verge, and Deep Dot Web, among others. Additionally, he serves as an Associate Editor for several IEEE journals, including TMC, TDSC, TPDS, and TCC, and has contributed to the organizing committees of over two dozen conferences. He is a senior member of both ACM and IEEE, an ACM Distinguished Speaker, and an IEEE Computer Society Distinguished Visitor. David earned his Ph.D. in Computer Science from the University of Minnesota in 2012. More about his work can be found here.
User Activity
No recent activity