Attacking the Network
The Blockchain Network Infrastructure
The blockchain protocol defines a peer-to-peer network of blockchain nodes that communicate with one another to implement the functionality of the blockchain. This includes transmitting transactions and blocks across the network so that every node is capable of building blocks and updating its copy of the distributed ledger.
However, this blockchain network must be implemented on top of another communications network. While blockchain communications are infrastructure-agnostic – it is possible to implement blockchain over carrier pigeon – most blockchains are designed to run on top of traditional network infrastructure.
Attacks Against the Blockchain Network
The blockchain’s communications infrastructure is essential to its ability to function. As a result, attacks against blockchain communications can have a number of different impacts on the functionality and security of the blockchain.
An eclipse attack is an attack designed to isolate a single node from the rest of the blockchain network. This requires an attacker to control the node’s connections to all of its neighbors in the blockchain’s peer-to-peer network. This can be accomplished in a variety of different ways:
- Malicious Neighbors: Every node in the blockchain network is directly connected to a set of other nodes and receives all transactions and blocks via them. If an attacker controls all of a node’s neighbors, then the attacker has control over the node’s view of the blockchain.
- Malware: Blockchain software is like any other software, it relies on its connection to the computer’s hardware to perform its role. Malware that can intercept communications between a node’s blockchain software and the network connection can filter it as desired.
- Man-in-the-Middle: An attacker performing a man-in-the-middle (MitM) – via a malicious Wi-Fi connection, ISP, etc. – can gain control over a node’s network connection. This enables it to filter traffic intended for other blockchain nodes.
An eclipse attack enables an attacker to filter the traffic that a node receives from other nodes, enabling it to drop transactions or blocks. Additionally, an attacker could send mutually conflicting versions of transactions or blocks to the target node and the rest of the blockchain network. This enables an eclipse attacker to achieve a number of different goals:
- Denial of Service: A node isolated from the rest of the network can’t effectively participate in block creation and consensus. By filtering the node’s view of the blockchain network, an attacker can force them onto a divergent version of the blockchain and ensure that any blocks that it creates would be rejected by the rest of the network. This slows the rate of block creation and decreases blockchain throughput.
- Divergent Blockchain: Forcing a node onto a divergent blockchain can also benefit an attacker. A node believing an attacker’s account of the current state of the ledger could build blocks that benefit the attacker, making it easier to create a version of the blockchain that replaces the “real” one under the longest chain rule.
- Double-Spend: An attacker performing an eclipse attack can send one version of a transaction to the eclipsed node and a different version to the rest of the network. This enables them to perform a double-spend attack against the eclipsed node since the version of the blockchain that it builds (including the version of the transaction that benefits them) will be rejected by the rest of the network when the attack ends.
A routing attack is a more general version of an eclipse attack. Instead of isolating a single node in the blockchain network, the attacker breaks the blockchain network into multiple isolated chunks. By controlling the links between these isolated chunks, the attacker controls each’s view of the current state of the network.
A routing attack provides many of the same benefits as an eclipse attack. It can also be performed in different ways. One study highlighted how easy it would be for an attacker to perform a routing attack against the Bitcoin network using a Border Gateway Protocol (BGP) hijacking attack.
A sybil attack is not necessarily a network-level attack against the blockchain. However, performing a Sybil attack can help an attacker to achieve the goals of a network level attack.
The blockchain is designed so that anyone can create an account, operate a node, and participate in the functioning of the network. However, this also means that a person could create multiple different accounts and nodes on the network.
A Sybil attacker creates many different blockchain accounts. While this doesn’t help them to perform a 51% or other attack against blockchain consensus algorithms, it can help with a network-level attack.
Blockchain nodes are connected via a peer-to-peer network, meaning that each node needs to select other nodes to connect to. If an attacker controls many (or even a majority) of the nodes within a network, the chance of a node selecting them as a neighbor is increased. This can help an attacker to perform an eclipse or routing attack if a node or set of nodes is only connected to the rest of the blockchain network via links that pass through attacker-controlled nodes.
Securing the Blockchain Network
Blockchains are vulnerable to network-level attacks that take advantage of the structure of the blockchain’s peer-to-peer network and its underlying infrastructure. While an attacker can take down a blockchain by disabling its communications infrastructure, this is not the only possible attack vector. An attacker can use network-level attacks to increase the probability of performing a different attack successfully.
Many network-level attacks take advantage of traditional cybersecurity vulnerabilities. Implementing traditional cybersecurity best practices (antivirus, encrypted communications, etc.) and carefully selecting neighbor nodes can help to decrease the vulnerability of a blockchain network to network-level attacks.