As long as you have not been in a bunker for the past 9 years, then you have probably heard of “Bitcoin” and probably other forms of cryptocurrency like Ethereum (ETH), Litecoin (LTC), and Bitcoin Cash (BCH). But what is bitcoin and why is there so much noise about it? Even though that is not the goal of this article, we will touch on this subject for a bit.
However, our goal in this article is to understand the underlying network infrastructure on which Bitcoin and other forms of cryptocurrencies run, and also look at security threats to this network that may affect the operations of these cryptocurrencies.
Overview of Cryptocurrencies
Even though quite a lot of people have heard about Bitcoin, only a few are into it (trading, mining, etc), and of those, only a handful really understand what this cryptocurrency is and the technology that drives it and other cryptocurrencies.
When you buy something from the supermarket and you pay with some money (e.g. dollar notes), why does the supermarket collect those paper notes from you? On its own, that note is just paper and has no inherent value. However, the reason you can use it as a legal tender is that the Government that issued that note (usually through their Central Bank) guarantees to back the monetary value of that note.
However, not everyone is happy with the current state of the financial industry. Why do we need centralized entities (e.g. central banks) to control the generation and transfer of money, instead of a decentralized peer-to-peer model? There are a couple of benefits of a decentralized model including privacy (of transactions and money property), inability of law enforcement to seize funds, possibly reduced transaction fees, and widespread access even to the unbanked who are estimated at 2 billion people globally.
But the biggest issue of decentralized control of a financial medium is TRUST. We (generally) trust the central entities handling our money and when we pay someone, that person also trusts that their own central entity will honor the payment.
Enter the world of Cryptocurrency. Simply put, a cryptocurrency is a digital currency that relies on cryptography for the creation of the currency units and also uses cryptography to verify the transfer of units between parties. Control is decentralized and everyone on the network has access to each other, without a central entity controlling the system.
So how is trust maintained in a network like this? Let’s use Bitcoin as an example. Let’s say you go to a coffee shop that collects bitcoin payments and you buy a cup of coffee, that transaction must be recorded somewhere showing that the amount of bitcoin you have has reduced, while that of the coffee shop has increased. This record is kept in a publicly accessible ledger (history of records) called a Blockchain. However, before your transaction can be added to the blockchain, it must be verified by “miners”. This process of mining is computationally intensive and on the average, new blocks (a group of transaction records) are created every 10 minutes on the bitcoin blockchain.
Note: One of the incentives of mining is the ability to earn cryptocurrency units. However, since so many other people are also trying to compute acceptable blocks to be added to the blockchain, it is more of a race against time. As such, people form Mining Pools to put their resources together and rewards are shared among the pool members.
Since blocks are chained together with a cryptographic function, it is extremely difficult for someone to go back and change something (e.g. increase their currency units after spending it). The computational difficulty in forging fake blocks is what makes the Blockchain secure in terms of integrity and trust of information stored in it.
Cryptocurrency from a Networking Perspective
Based on the brief description of cryptocurrencies that we did above, some questions should come to your mind from a networking perspective. For example, how does one party transfer units of the currency to another party? Over which medium does this transfer happen? Also, over which medium do all the nodes on a network have access to the blockchain?
If one of the goals of cryptocurrencies like Bitcoin is widespread access, then they need to rely on an infrastructure that everyone already has access to – the Internet. Therefore, the operation of these currencies can be thought of as applications/services that run on top of a networking infrastructure, in this case, the global Internet.
So to join the Bitcoin wagon, for example, all you need to do is install a bitcoin client on a computer, get a list of peers to connect to (IP addresses or DNS name resolutions), initiate connections to a few random peers (default TCP port 8333), and that’s it!
Note: Even though all bitcoin nodes are equal (no hierarchy), nodes can perform different functions. As such, there are different types of bitcoin nodes like full nodes, mining nodes, SPV nodes, and so on. You can read more about that here.
Whoever wishes to know more about Bitcoin and Cryptocurrencies, should definitely start from the Andreas Antonopoulos YouTube page.
General Security Attacks on Cryptocurrencies
As with any technology, especially one that is exposed on the Internet, cryptocurrencies are subject to various security threats and attacks including:
- Man-in-the-Middle (MITM) and Hijacking attacks: In a MITM attack, an attacker gets in the middle of the communication between a victim and the rest of the network (or a particular subset of the network). The attacker can intercept messages meant for the victim or from the victim, and result in cryptocurrency issues like transaction delay, loss of mining revenue, and wastage of computing resources. In the case of hijacking, the attacker can steal resources from a victim by redirecting the victim’s connection to an illegitimate destination. A real example of this is where an attacker made about $83,000 by redirecting miners’ connections to the attacker’s own mining pool. This happened in 2014.
- Denial of Service (DoS) attacks: DoS and Distributed DoS (DDoS) attacks are common in the world of cryptocurrency. These attacks are usually done against digital currency exchanges, effectively locking out legitimate users from accessing their virtual money. Examples here include a DDoS attack against Bitcoin Gold (a fork of Bitcoin), DDoS attack against Poloniex (a digital currency exchange), and DDoS attack against Bitfinex (also a digital currency exchange). All these attacks happened in 2017, so they are common enough.
- Theft: Even though the underlying blockchain technology itself may be secure against theft (to a large extent), the implementation and services that use this technology may not be. There have been several instances where bitcoin and other cryptocurrencies have been stolen from one party (or several parties) to another, usually untraceable, party.
- Mining attacks: Like we already said in this article, mining requires a lot of computational resources. Attackers have therefore found a way to use the computers (or servers) of unsuspecting victims to mine cryptocurrency. There is a scary report here about such attacks. You may have noticed that when you visit some websites, there is a sudden increase in your CPU/RAM performance. This could be a sign that your computer is being used to mine cryptocurrency. Keep in mind that some websites are upfront about it. Instead of showing you ads for their free service, they ask you to help them mine cryptocurrency instead.
- DNS hacks: Internet users rely on the Domain Name System (DNS) to resolve a domain name to an IP address. Therefore, we can say DNS is just a directory containing domain names to IP addresses entries. But what happens if an attacker is able to modify a DNS entry so that users are directed to a different destination than intended? This is exactly what happened to MyEtherWallet (MEW), an Ethereum-based service. By attacking DNS, users of the MEW service were redirected to a different (and similar looking) website and once they entered their login details, some of their cryptocurrency units were stolen. It is estimated that about $150,000 was stolen during the duration of the attack.
Focus: Routing Attacks on Cryptocurrencies
Having covered some of the attacks on cryptocurrencies, let us now focus on some of the ways the underlying network infrastructure can be attacked, affecting cryptocurrencies.
BGP Hijack
Since Bitcoin and other cryptocurrencies mostly rely on the Internet as their means of communication, attacking this network infrastructure can disrupt the operations of these cryptocurrencies. One of such attacks against the Internet is known as BGP Hijack.
To put it simply, BGP is the routing protocol of the Internet. Different Autonomous Systems (AS) share routing information with each other using BGP. For example, if AS1 has been assigned the prefix 192.0.2.0/23, it will announce that prefix to its neighbors, AS2 and AS3. So if hosts connected through AS2 want to reach a destination in the 192.0.2.0/23 network, the routers in that AS know to send it to AS1.
Note: This is a very simple example that does not use real AS numbers or real prefixes.
Now let us assume AS4 is under the control of an attacker. In a BGP Hijack, that AS4 may announce a more specific prefix (e.g. 192.0.2.0/24) to AS2 and AS3. Since routers generally prefer more specific routes in their routing table, any traffic meant for 192.0.2.0/24 is now forwarded to AS4 instead of AS1.
Note: BGP Hijack is actually very common on the Internet. While some of it is due to misconfiguration, others are done with malicious intent. See examples of high-profile BGP Hijacking incidents here, here, and here.
So how can this attack affect cryptocurrencies specifically? Well, an attacker can effectively cut off a set of nodes (e.g. mining nodes) from the rest of the cryptocurrency network. When service is restored after the attack, all the work the mining nodes have done will be wasted, leading to loss of revenue. In another instance, the attacker can redirect the miner’s connection to a mining pool controlled by the attacker. We saw a real example of that earlier in this article.
Traffic Interception
The Internet is just an interconnection of networks. This means that before your traffic gets to a particular destination, it will cross several other networks (ASes). If an attacker can sit in the path of your traffic and intercept such traffic, they can get very creative.
Let’s use the mining that happens in Bitcoin as an example. A miner solves a mathematically difficult problem to come up with a block and then adds that block to the blockchain. Now imagine that an attacker intercepts this block before it gets on the blockchain and delays it just a little until someone else solves the same problem and that other block is used in the blockchain. What happens is the miner that first solved the block whose traffic was delayed will have wasted time and effort and also lost out on the potential mining rewards for solving that block.
Feasibility and Practicality of Routing Attacks
Not only are these two routing attacks technically feasible as we have described above, they are also very practical. If you take a look at the live distribution of Bitcoin nodes for example, you will notice that over 50% of nodes are concentrated in just 3 countries in the world. Also, it is estimated that China has approximately 81% of the Bitcoin mining pools in the world. What this means is that something that is meant to be decentralized is actually quite centralized in a few locations.
According to this research, 60% of all bitcoin connections can be seen by only 3 ASes (large ISPs). So if there was a concerted effort by a group of attackers (e.g. state-supported hackers) against one or all of these ISPs, they could potentially disrupt the bitcoin network (and indeed, the entire Internet). Also, what if there is a targeted attack against China which has the most mining pools?
Securing Cryptocurrencies against Routing Attacks
The routing attacks we have described in this section are not specific to cryptocurrencies alone. As such, we can apply the same security measures that have existed for years to prevent these kinds of attacks.
For example, BGP Hijacks can be limited by using prefix filtering, implementing Resource Public Key Infrastructure (RPKI), and also extending BGP using the BGPSec Protocol.
The effectiveness of Interception attacks can be greatly reduced by multi-homing where a node or group of nodes (e.g. mining pool) are connected to the cryptocurrency network via multiple paths. Also, as with any MITM attack, an attacker cannot modify what he/she cannot see. Therefore, by implementing traffic encryption, even if the traffic is intercepted, it cannot be altered.
Conclusion
Cryptocurrencies and the Blockchain technology on which it runs provide some very interesting possibilities for the now and the future. While it is yet to be seen if these cryptocurrencies will survive in the long run, it is important for those who are already on this cryptocurrency train to understand what it really is, and more importantly, the security threats against cryptocurrencies.
In this article, we have considered some of such security threats and then focused on the routing attacks against cryptocurrencies, including BGP Hijack and Traffic Interception. While these attacks are not specific to cryptocurrencies alone, they can have potentially damaging effects on cryptocurrency operations like wastage of resources and loss of revenue.
