本期依旧被采纳三篇:
翻译人:StoneDemo,该成员来自云+社区翻译社
原文链接:Hijacking Bitcoin: Routing Attacks on Cryptocurrencies
原文作者:Maria Apostolaki, Aviv Zohar, and Laurent Vanbever
题目:(劫持比特币:对加密货币进行路由攻击)
At a high-level, Bitcoin is a randomly-established peer-to-peer network composed of thousands of nodes and tens of thousands of connections which rely on flooding to propagate transactions. As an attacker, being able to prevent the spread of information in such a network seems unrealistic, if not impossible.
在高层次上,比特币是一个随机建立的对等网络(Peer-to-peer network),这一网络由数千个节点和成千上万的依赖泛洪路由(Flooding)传播交易的连接组合而成。作为攻击者,阻止信息在这样的网络中传播似乎是不现实的,甚至可以说是不可能的。
Yet, this apparently sensible observation does not take into account that the Internet routing infrastructure (i.e., the set of protocols that govern how Internet traffic flows) is notoriously insecure and can easily be manipulated by attackers to intercept Bitcoin traffic. It also does not consider that large Internet Service Providers (ISPs), such as the ones sitting in the core of the Internet, might be naturally crossed by a large fraction of Bitcoin traffic already. Since Bitcoin messages are exchanged in clear text and without integrity checks, any (malicious) third-party on the forwarding path can eavesdrop, drop, modify, inject, or delay Bitcoin messages. The question is then: Is Bitcoin vulnerable to such routing attacks?
然而,这种对表象的观察并没有考虑到互联网路由的基础结构(即管理网络流量流动方式的一组协议)是出了名的不安全,并且还很容易被攻击者操纵来拦截比特币流量。同时也未考虑到大型互联网服务提供商(ISP,Internet Service Provide),例如那些位于互联网核心的提供商,它们可能已经自然而然地被大量的比特币流量所穿越。由于比特币信息通过明文形式交换,并且不进行完整性检查,因此转发路径上的任何(怀有恶意的)第三方都可以窃听,丢弃,修改,注入或延迟比特币信息。那么问题来了:比特币是否容易受到这样的路由攻击呢?
In our recent paper Hijacking Bitcoin: Routing Attacks on Cryptocurrencies to appear at the IEEE Symposium on Security and Privacy, we shed light on these aspects by studying the security of Bitcoin from an Internet routing perspective and quantify the potential disruptive effects of network attackers. Among others, we show that:
Bitcoin is surprisingly centralized from an Internet routing perspective: 20% of the Bitcoin nodes are hosted in less than 100 IP prefixes. To put this in perspective, there are close to 600,000 IP prefixes advertised in the Internet today. At the same time, few well-established ISPs (e.g. Hurricane Electric) naturally see a large fraction of the Bitcoin traffic. Together, these two characteristics make large-scale routing attacks surprisingly practical.
Because of its centralization, partitioning the Bitcoin network and isolate 50% of its mining power only requires a small routing attack, one which is orders of magnitude smaller than the attacks routinely seen in the Internet today. Any malicious ISP with access to the Internet routing infrastructure can perform this attack which starts to be effective after only few minutes (according to our own measurements on the live network).
- Any ISP transiting Bitcoin traffic can delay the propagation of mined blocks (for up to 20 minutes), in a stealth way, even if she sees one direction of the traffic.
- Bitcoin traffic is impacted by routing attacks today. We found many examples of actual routing attacks that ended up diverting Bitcoin traffic.
- While multi-homing and end-to-end encryption (BIP 151) reduce the risks of network attacks, they do not prevent them. Our results show that even heavily multi-homed mining pools are vulnerable to routing attacks. Further, end-to-end encryption do not prevent an attacker from dropping Bitcoin connections.
我们近期完成的论文 “劫持比特币:对加密货币进行路由攻击” 发表在了 IEEE 安全和隐私专题研讨会上,我们从网络路由(Internet routing)的视角对比特币的安全性进行了研究,并将网络攻击者的潜在破坏性影响量化,从而阐明了这些方面。其中,我们的分析表明:
(横轴表示 ISP 数量,纵轴表示承载比特币节点的百分比)仅 13 个 AS(Autonomous System,自治系统) 就承载整个网络的 30%,而 50 个 AS 承载了比特币网络的 50%。
In this post, we take a closer look at these issues. We start by describing the two possible network attacks which we consider, namely partitioning and delay attacks, along with their potential impact on Bitcoin. We then discuss some short and long-term countermeasures that would increase Bitcoin’s robustness against network attackers. More details on our work can be found on our website.
在本文中,我们将仔细研究这些问题。首先描述我们所考虑的两种可能的网络攻击,即分割法攻击(Partitioning attacks)和延迟攻击(Delay attacks),以及它们对比特币的潜在影响。然后,我们将讨论一些短期和长期的对策,以提升比特币针对网络攻击者的健壮性。更多关于我们所作工作的细节,可以到我们的网站上继续了解。
(分割法攻击)
With partitioning attacks, an attacker aims at splitting the Bitcoin network into (at least) two disjoint components such that no information (e.g. transaction) can be exchanged between them. To partition the network into two components, a network attacker intercepts all the traffic destined to all the Bitcoin nodes contained within one of the component and drops any connection to the other component. To intercept traffic, a network attacker relies on vulnerabilities in the Border Gateway Protocol (BGP), the only Internet routing protocol used today, which does not validate the origin of routing announcements. These attacks, commonly referred to as BGP hijacks, involve getting a router to falsely announce that it has a better route to some IP prefix. By hijacking all the IP prefixes pertaining to the nodes in one component, the attacker can effectively intercept all the traffic exchanged between the two components. Once on path, the attacker can sever all these connections effectively disconnecting the two components. An animation of the attacks can be found on our website.
采用分割法攻击时,攻击者的目的是将比特币网络分成(至少)两个独立的组成部分,使它们之间无法交换任何信息(如交易信息)。为将网络划分为两个部分,网络攻击者会拦截掉流向其中一部分的所有比特币节点的全部流量,并且断开任何与另一部分的连接。为了拦截流量,网络攻击者依赖于边界网关协议(BGP,Border Gateway Protocol)中的漏洞,这是当前唯一使用的互联网路由协议,而它并不验证路由通告(Routing announcements)的来源。这类攻击通常称为 BGP 劫持,这涉及到让路由器进行虚假通告:它有一个更好的到达某些 IP 前缀的路由。通过对一个部分中的节点有关的所有 IP 前缀进行劫持,攻击者可以有效拦截在这两个组成部分之间交换的所有流量。一旦劫持成功,攻击者就可以有效地切断所有连接,从而将这两个组成部分隔离。在我们的网站上,可以找到一个关于这种攻击的动画演示。
图示说明了 AS 级别的攻击者(AS8)是如何通过劫持前缀以拦截比特币流量,从而隔离节点集 P =(A,B,C,D,E) 的。
The extreme centralization of Bitcoin from an Internet viewpoint makes partition attacks particularly effective as few IP prefixes need to be hijacked. Indeed, our measurements show that 50% of Bitcoin mining power is hosted in only 39 prefixes (i.e., in 0.007% of all Internet prefixes). This allows an attacker to isolate ~50% of the mining power by hijacking only these 39 prefixes. Much larger BGP hijacks (involving orders of magnitude more IP prefixes) are routinely seen in the Internet today.
从互联网的角度来看,比特币的极度集中化使得分割法攻击特别有效,因为只需要劫持少数的 IP 前缀即可实施攻击。的确,我们的测量表明,仅仅 39 个前缀(即占所有互联网前缀的 0.007%)就承载了 50% 的比特币挖矿算力。这就使得攻击者可以通过劫持这 39 个前缀来隔离约 50% 的挖矿算力。而今天在互联网上我们常常会看到更大规模的 BGP 劫持(这涉及到更高数量级的 IP 前缀)。
While intercepting Bitcoin traffic using BGP hijacking is effective, any un-intercepted Bitcoin connection bridging the two components would quickly render the partition ineffective. Due to factors such as multi-homing, some nodes cannot be prevented from exchanging information, forming some kind of persistent connections. The presence of such connections makes partitioning attacks more challenging for the attacker, but not impossible. In our paper, we elaborate on how an attacker can provably identify and mitigate these persistent rogue connections by reducing the size of the partition she is trying to achieve.
虽然使用 BGP 劫持来拦截比特币流量是有效的,但在两个组成部分之间的任何未被拦截的比特币连接都会很快导致分割法失效。由于多归属等因素,一些节点间的信息交换无法阻止,它们形成了某种持久的连接。这种连接的存在使得分割法攻击对攻击者来说更具挑战性,但并非不可行。在我们的论文中,我们详细阐述了攻击者如何能够通过减小她试图实现的分割大小,来鉴别并规避这些持续而又顽固的连接。
By partitioning the network, the attacker forces the creation of two parallel blockchains. After the attack, all the blocks mined by the side with the shorter chain will be discarded together with all included transactions and the corresponding miners’ revenues. Moreover, discarded transactions will be irrecoverably canceled if there exist other transactions in the prevailing branch of the chain which spent the exact same Bitcoins (conflicting transactions).
通过分割网络,攻击者强制创建两个并行的区块链。在攻击完成后,所有由短链一方所开采的区块将被丢弃,这其中包括了所有的交易和相应的矿工的收入。此外,如果在使用完全相同的比特币(冲突交易,Conflicting transaction)的主流分支中存在其他交易,则被丢弃的交易将被永久地取消。
(延迟攻击)
Bitcoin nodes are designed to request blocks from only a single peer to avoid overtaxing the network with excessive block transmissions. The block is requested again (from another peer) only if the request is not answered after 20 minutes. This design decision, coupled with the fact that Bitcoin traffic is unencrypted, allows for a powerful attack in which anyone intercepting Bitcoin traffic can delay block propagation on the corresponding connections. To do so, the attacker performs simple modification to the content of the Bitcoin messages she intercepts. As Bitcoin messages are not protected against tampering, neither the receiver nor the sender have any indication that the message has been modified, allowing the attacker to stay under the radar. The actual impact of such an attack depends on the victim and ranges from double spending (for merchant nodes) to wasted computation power (for miners). An animation of the attack can be found here.
比特币节点被设计为仅请求来自单个对等体的区块,以避免过度的块传输导致网络过载。只有当发送请求 20 分钟后无应答时,该块才再次被请求(来自另一个对等体)。这样的设计,再加上比特币流量未加密的事实,就使得任何拦截比特币流量的人都可以在相应的连接上延迟区块的传播。为做到这一点,攻击者会对其拦截到的比特币信息的内容进行简单修改。由于比特币信息无法防止篡改,接收方和发送方都发现不了信息中有任何被修改的迹象,从而使攻击者不会被发现。这种攻击所造成的实际影响取决于受害者,影响范围从重复支付(对于商家节点)一直到计算能力的浪费(对于矿工)。点击此处可以观看这种攻击相关的演示动画。
图示说明了一个 AS8 的攻击者是如何自然地拦截受害者(节点 C)的部分流量,并将其区块交付延迟了 20 分钟的。
Like for partition attacks, the centralization of Bitcoin nodes in few networks and prefixes, combined with the centralization of mining power in few pools, make delay attacks practical. We found that three ISPs together see 60% of all Bitcoin traffic. If malicious, these ISPs could therefore effectively and invisibly keep many bitcoin nodes uninformed. Unlike partitioning attacks though, we also found that even these powerful attackers could not disrupt the entire cryptocurrency. So, even though many nodes would be slowed down, Bitcoin, as a whole, would still function.
正如分割法攻击一般,在少数网络和前缀中比特币节点的集中化特性,以及在少数矿池中所聚集的挖矿算力,它们使延迟攻击是可实现的。我们发现三家 ISP 一起看到了 60% 的比特币流量。如果这些 ISP 怀有恶意,它们则可以因此有效地(并且在无形之中)让很多比特币节点不被通知。我们还发现,与分割法攻击不同的是,即使这些攻击者很强大,也无法瓦解整个加密货币。所以,尽管许多节点速度会减慢,但比特币作为一个整体仍然可以发挥作用。
We verified the practicality of a delay attack by performing one against our own nodes. We found that a network attacker that intercepts only half of a victim’s connections can keep it uninformed for 64% of its uptime. We also found that the vast majority of the Bitcoin nodes (70%) are vulnerable to such an attack today.
我们对自己的节点执行了一次延迟攻击,以验证其实用性。我们发现只拦截了半数受害者连接的网络攻击者,就能够延迟正常运行时间的 64%。我们还发现,绝大多数比特币节点(70%)目前很容易受到这种攻击。
(我们如何预防网络攻击?)
Fortunately, there are both short- and long-term countermeasures against network attacks. First, peer selections could be made routing-aware. Bitcoin nodes could, for example, aim at maximizing the diversity of the Internet paths seen by their connections to minimize the risk that an attacker can intercept all of them. Moreover, nodes could monitor the behavior of their connections to detect events like abrupt disconnections from multiple peers or unusual delays in block delivery. These events could serve as an early indicator of a routing attack and could, for instance, trigger the establishment of extra randomly-selected connections. Finally, solutions like end-to-end encryption would also help (especially against delay attacks). Yet, encryption alone would not be sufficient to protect against partitioning attacks as an attacker can still drop encrypted Bitcoin connections.
幸运的是,我们有针对网络攻击的短期和长期对策。首先,节点选择可以被路由感知(Routing-aware)。例如,比特币节点可以针对性地对其连接可见的网络路径的多样性进行最大限度的利用,以使攻击者可以拦截到所有这些网络的风险降到最低。此外,节点可以监视其连接的行为,从而发现诸如突然与多个对等节点断开连接,或者区块交付中不寻常的延迟,这类事件。这些事件可以作为路由攻击的早期指标(Early indicator),并且可以触发一些保护机制,例如建立额外的随机选择的连接。最后,诸如端到端加密这般解决方案也许会有所帮助(特别是针对延迟攻击)。然而,它并不足以防范分割法攻击,因为攻击者仍然可以丢弃加密的比特币连接。
(总结)
The purpose of our research is to raise the awareness of the Bitcoin community on the need to prevent routing attacks from disrupting the cryptocurrency. While we have no evidence that large-scale routing attacks against Bitcoin have already been performed in the wild, we believe few key characteristics make these attacks practical and potentially highly disruptive. These characteristics include: the high centralization of Bitcoin (from a mining and routing perspective), the lack of authentication and integrity checks, and some design choices pertaining, for instance, to how a node requests a block. We are currently in the process of implementing some of the countermeasures highlighted above. Clearly, we wouldn’t mind some help in doing so!
我们研究的目的,是提高比特币社区对与防止路由攻击破坏加密货币的需求的认识。尽管我们没有证据表明针对比特币的大规模路由攻击已经在暗中进行,但我们认为少数的关键特征使得这些攻击具有实用性,并且可能是极具破坏性的。这些特征包括:比特币的高度集中(从挖矿和路由的角度来看),缺少身份验证和完整性检查,以及一些相关的设计选择(例如节点请求区块的方式)。目前我们正在实施上述所强调的一些对策。显然,我们不会介意有人能来帮忙的!