- Bit-Flipping Attacks
- Sequence Attacks
- Complete Substitution Attacks
- Information Leakage
- Attacks on Control Software
- Modification of Functionality
- Piracy Attacks
- Brute-Force Attacks on the Blockchain
- Reverse Engineering
- Hardware Trojans
- Double Spending
- % Attack
- Race Attack
- Finney Attack
- Vector76 Attack
- Alternative History Attack
- Selfish Mining Attack
- System Hacking
- Illegal Activities
- Identity Theft
In the field of computer security, a man-in-the-middle attack is an attack where malicious people secretly relay and modify a transaction between two parties who believe
FIGURE 8.4 Man-in-the-Middle-attacks.
they are directly making a transaction with each other without any interference . For example, active eavesdropping, where the attacker produces an independent connection between these victims and relays a transaction between them to produce trust that they are doing transactions directly with each other over a private network, when in fact the entire transaction is controlled by the malicious people as shown in Figure 8.4. These intruders intercept all relevant transactions passing between these victims and throw in either a new malicious one or alter the aforementioned transactions.
Such types of attack are based on the substitution/replacement principle . In a bit-flipping attack, a single bit of the transaction amount is modified which produces a significant error.
Such attacks are also based on the substitution/replacement principle. In sequence attack, N-bits in the transaction can either be modified, inserted or deleted by an attacker. An intelligent adversary would be able to manipulate in such a way that most of the process proceeds normally.
Complete Substitution Attacks
Such attacks are also based on the substitution/replacement principle. A complete substitution attack is an attack in which the proposed transaction is completely replaced with an alternate one for a significant fault. This is the most extreme attack into transaction field.
Attackers may disclose unauthorized the privileged information of different transaction involved in blockchain. Such examples of privileged information include client data, secret password, proprietary protocol, etc.
Attacks on Control Software
An unscrupulous coder can modify the error-recovery software in order to bypass the error-recovery mechanism. This is possible for both custom and general-purpose design flows of transactions.
Modification of Functionality
Attackers could maliciously force an unintended operation to execute. For instance, an attacker could subtly downgrade the performance and reliability of the functionality of blockchain, thereby depressing the end user’s assurance and confidence in the blockchain system.
There are protocols for different transaction applications. These are known as Intellectual Property (IP) of blockchains. Attackers can violate these IPs, for example, make a duplicate of the previous transactions and repeat the same again and again. Piracy of a transaction is an important unique factor of proprietary blockchains which security aspects require much efforts for which billions of dollars will be acquired. However, their piracy is not guaranteed to be well protected. Hence, traditional blockchains are vulnerable under IP thief threat as the attacker can easily pirate test protocols of transactions.
Brute-Force Attacks on the Blockchain
Attackers could try to their best to crack the confidential password of a transaction by applying all combinations of digits, letters, and special characters. This is known as a brute-force attack. Greater security guarantee is achieved by hardening resistance to brute-force attacks with high confusion and diffusion.
Reverse engineering (RE) is the technique of analyzing a system to identify its components and their internal structures, interconnections, etc., and produce the representation of the system in another form or a higher level of abstraction . RE is rigorously applied to disassemble a device in different ways such as cloning, duplicating, and reproduction. In this subsection, the RE of blockchain systems is acquired by extracting their internal physical structures and information using destructive techniques for secret information detection by foreign attackers.
A counterfeiting transaction is one which is a repeat of an already done transaction. Therefore counterfeit is a threat to blockchain like other attacks.
A hardware Trojan (HT) is able to modify the circuit system of transaction or insert a malicious circuitry into the design to disable/destroy the whole system for a specific input/time. This HT is able to modify the designed circuit during either fabrication or design and cause unwanted behavior. These are also designed to disclose
FIGURE 8.5 A typical structure of hardware Trojan.
the transaction secret information, Denial of Service, and alter system functionality. Attackers can insert HTs at any level from high-level system design specification to the transistor level of IC design flow .
A typical structure of HTs that could be inserted into a blockchain is shown in Figure 8.5. Some key terms related to HTs are with their meanings:
- • Trigger: an event which initiates the HT. When this particular event starts, the HT circuit is automatic activated for deadly functionality.
- • Payload: an event that activates the Trojan, responsible for implementing HT attacks, which could result in serious effects such as information leakage, denial of service (DoS), and blockchain reliability degradation.
Hardware Trojans can be inserted into blockchain as per the following categories:
- • Insertion phase: Blockchain HTs can be inserted in any of the following phases:
- • Specification: Blockchain HTs can maliciously alter the specification, for example, US Dollar (USD) to Euro (EUR) during runtime to make the transaction incorrect.
- • Design: The blockchain designer can alter the transaction to alter the outcome.
- • Fabrication: A hardware Trojan can be maliciously inserted during chip fabrication by tampering in the chip factory.
- • Assembly: During the assembly of blocks, a malevolent integration engineer enacts the collection of blocks wrongly to produce erroneous output.
- • Calibration and testing: A malicious tester can also insert an HT maliciously during the testing and calibration phase to overcome the blockchain concept.
- • In-field: In the blockchain field, attackers falsify the transaction protocol by altering their agreement.
- • Abstraction level: Hardware Trojans are able to insert at the following phases of abstraction level:
- • System level: At system level, elements of individual domain and their interconnections are mentioned by the system engineer. Blockchain can be modified to result in erroneous output.
- • Physical level: Each physical components of the blockchain, i.e., hardware components and wiring, chip platform and their locations and dimensions are defined at physical level. Hardware Trojans can be inserted by altering any of the aforementioned physical components and/or their dimensions.
- • Activation mechanism: This describes the internal and external triggering mechanism of hardware Trojans.
- • Internal trigger: This trigger is executed for a particular instance of time slot.
- • External trigger: This type of trigger is executed externally due to output of a specific transaction.
- • Effect: The effect of HTs is to alter ledger functionality, disclose secret transaction information, degrade performance, cause DoS attacks, and so on.
One of the major issue of a cryptocurrency developer is the problem of double spending. As per the name, this refers to when a person spends a coin multiple times, which creates an inconsistency between the spending ledger and the amount of available cryptocurrency. This happens when a blockchain network is tampered with and cryptocurrencies are stolen. The malicious node would send a copy of the transaction to make it looks legitimate, or might delete the transaction entirely as shown in Figure 8.6.
In a bitcoin network, there is a probability that a buyer can make a copy of the digital currency and send it to multiple retailers while keeping the original one. The most typical technique of double spending is when a blockchain hacker sends multiple transactions to the network and reverses the transactions, appearing as if those transactions never occurred, (www.investopedia.com/ask/answers/06l9l5/how- does-block-chain-prevent-doublespending-bitcoins.asp).
This double-spending problem could be avoided in the bitcoin network or other blockchain-based cryptocurrencies by implementing a Proof-of-Work (PoW)
consensus algorithm. This PoW is executed by miners who not only ensure the fidelity of past transactions on the blockchain’s ledger but also detect and avoid double spending.
In a blockchain network, a 51 % attack is a probable attack that can happen when an organization governs the mining power or so-called hash rate with a majority ratio. A bitcoin network is made secure by making all miners give consent on a shared ledger, i.e. blockchain. Every node in bitcoin ensures that these are working on a valid transaction at any point of time by looking at each other. Miners would have the potential to determine which transaction to give consent to given that the majority of miners are handled by a single entity. Hence this will give power to the miner to block other transactions and allow their own coins to be spent multiple times. This is also known as double spending as shown in Figure 8.7 [16, 17] (ref: https:// learncryptography.com/ cryptocurrency/ 51- attack).
With this attack an attacker can perform the activities mentioned below:
- • They can reverse his transactions that have already happened.
- • They can block transactions from gaining any confirmations.
- • They can block other miners to mine any other valid blocks.
However, an attacker cannot perform the activities below:
- • They cannot reverse the transactions of others.
- • Block transactions to be sent at all.
- • Modify the number of coins generated per block.
- • Generate coins out of nowhere.
- • Send coins that were never owned by them.
- • These attacks are valid till the attacker is in control (i.e., owns 51%). The transactions which had been turned down can be added just after the attacker loses their majority .
If a blockchain network implements a Proof-of-Work (PoW) consensus mechanism, then it should have the proper security measures to avoid a 51 % attack to be carried out. A few viable options are to be vigilant of mining pools, implementation of merged mining on a blockchain network with a higher hash rate, or utilizing a different consensus mechanism.
When a hacker sends two conflicting transactions in succession rapidly into the bitcoin network, this is known as race attack. This attack is comparatively easy to accomplish in blockchains which have utilized PoW as consensus algorithm. The dealer who receives payment instantly with “О/unconfirmed” status is vulnerable to reversal of transaction. An attacker performs a transaction by sending coins to the dealer directly, however, he will not wait for confirmation from the dealer and instantly sends a conflicting transaction (with the same coin used before for the dealer) to himself to the rest of the blockchain network. It is more likely that the conflicting transaction which happened later will be mined into a block and accepted by bitcoin nodes as valid node.
An attacker first finds a dealer who accepts unconfirmed transactions. Then he performs a transaction to himself with the same amount to be sent to the dealer and find the block; however, he does not broadcast the block. Once the above step is completed the attacker will send the same amount to the dealer and wait till the item gets delivered. Finally, he broadcasts his previous block with the original transaction in it. This block will include the transaction that sent the coins to himself, hence the unconfirmed payment to the dealer will be invalidated. Moreover, the attacker will regain his coins and also the item for free.
Vector76 attack otherwise known as one-confirmation attack. This attack is an amalgamation of the race attack and the Finney attack such that a transaction that even has one confirmation is still reversible. It is one of the variations of the double-spending attack. The attacker performs double spending by using the privately mined block during exchange. The wallet service such as exchange of cryptocurrency is vulnerable to this attack because of the acceptance of direct connections. If the Vector76 attack is successful then the attacker has to sacrifice one block because by not broadcasting it and only by broadcasting the attacked node.
Alternative History Attack
This attack occurs when an attacker initiates a transaction by sending coins to the dealer. Concurrently, the attacker will mine an alternative block privately which includes a conflicting double-spending transaction. The dealer will deliver the item to the attacker after waiting for m confirmations. Right away, if the attacker finds more than m blocks untie his chain and gets his coins back again; If not, he keeps trying to continue extending his chain of blocks with the hope of being able to catch up with the network. When the attacker is not ever able to extend his private blockchain compared to the public blockchain, then the attack fails.
Selfish Mining Attack
A selfish mining attack happens when an attacker (selfish miner in this case), does not broadcast a valid solution to the rest of the network. Rather than act like a regular miner and publish blocks to the network instantly after finding them, the attacker selectively releases blocks, or publishes many blocks all at once thus forcing the rest of the network to discard their blocks and lose revenue. The primary motives of selfish mining are to obtain an unfair reward which is bigger than their share of computer power spent, and confuse other honest miners and lead them to waste their resources in the wrong direction as shown in the Figure 8.8.
It is relatively hard to hack and tamper the records stored in a blockchain; however, the programming codes and systems that implement its technology can be vulnerable. The largest Tokyo-based bitcoin exchange, i.e., MtGox, was hacked in March 2014, and bitcoins worth $700 million were stolen. The reason behind this attack was ill-maintained and outdated codes which allowed hackers to perform double-spend. More recently, a DAO (Decentralized Autonomous Organization) that holds large quantities of Ethereum was exploited through a software vulnerability and the hacker stole $50 million worth of Ethereum .
An illicit group of people can utilize the blockchain network or platform to perform various illegal activities. For instance, the Silk Road website was an online marketplace for illegal drug where sellers and buyers whose identities are anonymous did business using bitcoin (Hong 2015). Cryptocurrency that uses blockchain technology may also facilitate money laundering. Although bitcoin is not yet treated as a fiat currency, it makes it possible to create an “underground” channel for illegal movement of funds within its network.
Although Blockchains preserve anonymity and privacy, the security of assets depends on safeguarding the private key, a form of digital identity. If one’s private key is acquired or stolen, no third party can recover it. Consequently, all the assets this person owns in the blockchain will vanish, and it will be nearly impossible to identify the thief. The consequences may be more devastating than identity theft in the offline world, where third-party institutions (e.g., credit card companies) or central authorities safeguard transactions, control risks, detect suspicious activities, or help find culprits. Also, current cryptography standards are not completely uncrackable (Swan 2015). With the advent of quantum computing, it is not impossible for cryptographic keys to be cracked quickly, demolishing the foundation of blockchain technology (Crosby et at. 2016).