increaselulzsec
lulzsec 时间:2021-03-27 阅读:()
AnOverviewofBlockchainSecurityAnalysisHaiWang1,2,YongWang3,ZigangCao1,2,ZhenLi1,2,andGangXiong1,2(B)1InstituteofInformationEngineering,ChineseAcademyofSciences,Beijing,Chinaxionggang@iie.
ac.
cn2UniversityofChineseAcademyofSciences,Beijing,China3NationalComputerNetworkEmergencyResponseTechnicalTeam/CoordinationCenter,Beijing,ChinaAbstract.
Theblockchain,withitsowncharacteristics,hasreceivedmuchattentionatthebeginningofitsbirthandbeenappliedinmanyelds.
Atthesametime,however,itssecurityissuesareexposedcon-stantlyandcyberattackshavecausedsignicantlossesinit.
Atpresent,thereislittleconcernandresearchintheeldofnetworksecurityoftheblockchain.
Thispaperintroducestheapplicationsofblockchaininvariouselds,systematicallyanalyzesthesecurityofeachlayeroftheblockchainandpossiblecyberattacks,expoundsthechallengesbroughtbytheblockchaintonetworksupervision,andsummarizesresearchprogressintheprotectiontechnology.
Thispaperisareviewofthecur-rentsecurityoftheblockchainandwilleectivelyhelpthedevelopmentandimprovementofsecuritytechnologiesoftheblockchain.
Keywords:Blockchain·Networksecurity·Cyberattacks·Networksupervision1Background1.
1OriginandDevelopmentoftheBlockchainTherstblockchainwasconceptualizedbyaperson(orgroupofpeople)knownasSatoshiNakamotoin2008[1].
ItwasimplementedthefollowingyearbyNakamotoasacorecomponentofthecryptocurrencybitcoin,whereitservesasthepublicledgerforalltransactionsonthenetwork.
Comparingtotherapiddevelopmentofblockchaintechnology,relevantnormsandstandardsonitarestillincomplete.
Therstdescriptivedocumentontheblockchainisthe"Bitcoin:APeer-to-PeerElectronicCashSystem"writ-tenbyNakamoto,inwhichblocksandchainsaredescribedasadatastructurerecordingthehistoricaldataofthebitcointransactionaccounts.
"Atimestampserverworksbytakingahashofablockofitemstobetimestampedandwidelypublishingthehash,suchasinanewspaperorUsenetpost.
Thetimestampprovesthatthedatamusthaveexistedatthetime,obviously,inordertogetcTheAuthor(s)2019X.
Yunetal.
(Eds.
):CNCERT2018,CCIS970,pp.
55–72,2019.
https://doi.
org/10.
1007/978-981-13-6621-5_556H.
Wangetal.
intothehash.
Eachtimestampincludestheprevioustimestampinitshash,formingachain,witheachadditionaltimestampreinforcingtheonesbeforeit(Fig.
1).
"TheblockchainisalsocalledtheInternetofvalue[2],whichisadistributedledgerdatabaseforapeer-to-peernetwork.
Fig.
1.
Thestructureofblockchain.
Asarule,mostinnovationsdonotappearoutofnowhere,nordoestheblockchain.
Theblockchainisactuallyanaturalresultofthattheledgertech-nologydevelopedintodistributedscenarios.
Ledgertechnologyhasevolvedfromsingleentrybookkeeping,double-entrybookkeeping,digitalbookkeepingtodis-tributedbookkeeping.
Theblockchainstructure(Fig.
1)naturallysolvestheproblemofmultipartytrustindistributedbookkeeping[3].
Duetoitsdecentralization,tamper-resistance,safetyandreliability,theblock-chaintechnologyhasreceivedextensiveattentionsinceitsbirth.
Afternearly10yearsdeveloping,theblockchaintechnologyhasexperiencedtheperiodofv1.
0-bitcoin,v2.
0-Ethernetandv3.
0-EOS.
Notonlyhasthetechnologyitselfbeengreatlyexpandedanddeveloped,butithasalsobeenappliedinmanyelds.
1.
2BlockchainClassicationAccordingtothewayusersparticipate,blockchainscanbeclassiedintoPublicBlockchain,ConsortiumBlockchainandPrivateBlockchain,andalsocanbeclassiedintomainchainsandsidechainsbasedontherelationshipofchains.
Inaddition,severalblockchainscanformanetwork.
ThechainsinthenetworkareinterconnectedinordertogeneratetheInterchain[4].
PublicBlockchain:aconsensusblockchainthateveryonecangetanaccessto.
Heorsheintheblockchaintopologycansendtransactionsandvalidated.
Everyonecancompeteforbillingrights.
Theseblockchainsaregenerallyconsid-eredtobe"completelydecentralized",typicaluselikethebitcoinblockchain,inwhichtheinformationiscompletelydisclosing.
PrivateBlockchain:ablockchaininwhichthepermissiontowriteremaininoneorganization.
Thepermissiontoreadcanbepublicorlimitedtosomeextent.
Withinacompany,thereareadditionaloptions,suchasdatabaseman-agement,audit,andsoon.
Inmostcases,publicaccessisnotnecessary.
ConsortiumBlockchain:inbetweenPublicChainandPrivateChain,itreferstotheblockchainwhoseconsensusprocessiscontrolledbypre-selectednodes.
Forexample,thereisasystemof15nancialinstitutions,eachofwhichAnOverviewofBlockchainSecurityAnalysis57managesonenode,andatleast10ofwhichmustconrmeachblocktoberecognizedasvalidandaddedtothechain.
Therighttoreadtheblockchaincanbeopentothepublic,orlimitedbyparticipants,or"hybrid".
Suchchainscanbecalled"partiallydecentralized".
1.
3PaperOrganizationAtpresent,theblockchainhasreceivedmuchattentionforitsowncharacter-istics,andhasbeenappliedinmanyeldsincludingnance.
However,thereislittleconcernandresearchonitsnetworksecurity.
Therefore,thispaperintro-ducesthebirth,developmentandapplicationofblockchaintechnologyindetail,comprehensivelysearchesandinvestigatesvariousdocumentstargetedonthesecurityneedsofblockchains,andsystematicallyanalyzesthesecuritythreatsanddefensetechnologiesofblockchains.
TheSect.
2ofthispaperintroducesapplicationsoftheblockchainindierentelds.
TheSect.
3focusesonthesecuritythreatsindierentlayersofblockchainsandsummarizescommonattacks.
TheSect.
4summarizestheresearchprogressofblockchainsecurityprotectiontechnologies.
Attheendofthispaper,wesum-marizetheworkofthefullpaper.
2BlockchainApplicationsThelarge-scaledigitalcurrencysystemrepresentedbytheBitcoinnetworkrunsautonomouslyforalongtime,throughwhichitsupportstheglobalreal-timereliabletransactionsthatarediculttoachieveinthetraditionalnancialsys-tem.
Thishascausedinniteimaginationforthepotentialapplicationsoftheblockchain.
Ifthebusinessvaluenetworkbasedontheblockchaingetsrealinthefuture,alltransactionswillbecompletedecientlyandreliably,andallsignedcontractscanstrictlyfollowtheagreement.
Thiswillgreatlyreducethecostofrunningtheentirebusinesssystem,whilesharplyimprovingtheeciencyofsocialcommunicationandcollaboration.
Inthissense,theblockchainmighttriggeranotherindustrialrevolutionastheInternetdid.
Infact,tondtherightapplicationscenario,weshouldproceedfromthecharacteristicsoftheblockchainitself.
Inaddition,youneedtoconsidertherea-sonableboundariesoftheblockchainsolution.
Forexample,blockchainapplica-tionsformassconsumersneedtobeopen,transparent,andauditable,whichcanbedeployedonaborderlesspublicchainoronablockchainthatiscommonlymaintainedbymulticenternodes.
Theapplicationofblockchaininthenancialservicesisthemostconcernedcurrently,andmanybanksandnancialinstitutionsaroundtheworldarethemainpromoters.
Atpresent,theprocessingafterglobalsecuritiestradingisverycomplicated.
Thecostofliquidationisabout5–10billiondollars.
Thepost-tradeanalysis,reconciliationandprocessingcostsexceed20billiondollars.
AccordingtoareportbytheEuropeanCentralBank[5],theblockchain,asadistributedledgertechnology,canmakeagooddealwiththecostofreconciliationand58H.
Wangetal.
simplifythetransactionprocess.
Relativetotheoriginaltransactionprocess,theownershipofthesecuritiescanbechangedinnearrealtime.
Blockchaincanbeusedforownershipandcopyrightmanagementandtrack-ing.
Itincludestransactionsofvaluablessuchascars,housesandartworks,aswellasincludingdigitalpublicationsanddigitalresourcesthatcanbetagged.
Forexample,Factomtriedtouseblockchaintorevolutionizedatamanagementandlogginginbusinesssocietiesandgovernmentdepartments.
Similarly,inresponsetotheproblemoffoodfraud,IBM,Wal-MartandTsinghuaUniversityjointlyannouncedattheendof2016thatblockchainwillbeusedtobuildatrans-parentandtraceablecross-borderfoodsupplychain[6].
Thisnewsupplychainwillimprovethetraceabilityandlogisticsoffoodandcreateasaferglobalfoodmarket.
Whileenjoyingtheconvenienceofcloudstorage,wewillinevitablymentionprivacyconcerns.
Thisconcerncomesfromtwoaspects.
Oneisthatthestoragecentermaybeattackedbyhackers,causingtheirowndataoutow,andthesecondisthatthecompanywantstogetmoreprotstoabusetheprivacyofusers.
Blockchainsolvestheseproblemsperfectly.
Atpresent,therearemanydis-tributedcloudstorageprojects,suchasSia,Storj,MadeSafe,andIPFSinforeigncountries,andFIGTOOandGNXinChina.
InterPlanetaryFileSystem(IPFS)isaglobal,peer-to-peerdistributedlesystem,whichaimstosupplement(orevenreplace)HypertextTransferProtocol(HTTP),seekstoconnectallcomput-ingdeviceswiththesamelesystem.
Replacingdomain-basedaddresseswithcontent-basedaddressestogetafaster,safer,morerobust,andmoredurableweb[7].
TherelationshipbetweenFIGTOOandIPFS:IPFSisapeer-to-peerhyper-mediaprotocolandadistributedwebandFIGTOOisdevelopedonthebasisofitsopensource.
ItisabranchofIPFS,whichisequivalenttobitcoinandEthereumintheblockchain.
Theinfrastructuresareallbasedontheblockchain.
FIGTOOcreatesasharedtradingmarketforfreestoragespaceandsharesglobalstorageresourcesthroughthesharedeconomymodel.
Itusesredchaintechnol-ogytostorelesinslices,buildsdecentralizedcloudstorageandbecomestheinfrastructureofglobalredchaindistributedlestorage[8].
UserGeneratedContent(UGC)isoneoftheimportantaspectofblockchainapplication.
Intheeraofinformationexplosion,howtoquicklyndthemostimportantcontentfromtheoverloadedinformationhasbecomeacoreissueoftheInternet.
UGCNetworkistheworld'srstcontentvalueforecastingplatform,afairandvalue-drivencontent-incentivenetworkwiththemissionofcreatingacontent-drivenblockchainvaluecommunitythatdierentiatestrulyvaluablecontentandachievesareasonablereturn[9].
ItcommittedtosolvingproblemssuchasexcellentcontentdiscoveryandpricingontheUGCplatform,unreason-abledistributionofbenets,andcentralizedcontentstorage.
OtherUGCapplicationsincludeYOYOW(YouOwnYourOwnWord)-ablockchain-basedUGCplatformthatallprocessesrelyoninterest-basedimple-mentation.
Itsolvestheproblemsincurrentcontentplatformlikelackingofhigh-qualitycontentincentives,communitypollution(piracyandAdvertising)AnOverviewofBlockchainSecurityAnalysis59serious[10].
BiHu-atokeninvestorverticalcommunity.
IntheBiHu,theuser'scontributionwillberewardedwiththetoken(KEY)representingtheBiHuanditssurroundingecologicaluserights[11].
Duetoitsdecentralization,eliminatingtrust,tamper-resistance,safetyandreliabilitycharacteristics,theblockchaintechnologyhasbeenusedinlotsofeldsincludingnancialservices,creditandownershipmanagement,trademanage-ment,cloudstorage,user-generatedcontent,copyrightprotection,advertisingandgames.
Inthesecases,blockchaineithersolvestheproblemsofmultipartytrustinthetransaction,orreducesthecostsandrisksoftraditionalindustries.
3BlockchainSecurityAnalysis3.
1SecuritySituationWiththeblockchaintechnologyhasbeenwidelyused,varioustypesofattackshaveemerged.
Suchasfromthemoreandmoredigitalcurrencieshavebeenstolentotheexchangeshavebeenattackedandotherevents.
AccordingtothestatisticsoftheBCSEContheblockchainattackevents,about2.
1billiondollarsofeconomiclossesduetoblockchainsecurityincidentsin2018[12].
Theseareonlyapartofthecurrentlyexposed,andasthevalueofblockchainincreases,thenumberofattackswillcontinuetoincrease(Fig.
2).
Fig.
2.
Economiclossescausedbyblockchainsecurityincidents(tenthousanddollars).
Blockchaintechnologyitselfisstillintheinitialstageofrapiddevelopment,anditssecurityisfarbehindtheneedsofdevelopment.
Therisksmaycomefromattacksbyexternalentitiesorinternalparticipants.
Thepopularityofblockchainmakesnewdemandsonsecurityandprivacyprotectionondatastorage,trans-missionandapplications,andputsforwardnewchallengestoexistingsecuritysolutions,authenticationmechanisms,dataprotection,privacyprotectionandInformationregulation.
Withthecurrentrecurrenceofaseriesofdigitalcurrencytheft,hackingofexchanges,andtheftofuseraccounts,itisurgenttoestablishoneormorecollab-orativesecuritysolutionstoimprovethesecurityperformanceoftheblockchainsystem.
60H.
Wangetal.
3.
2SecurityAnalysisofEachLayerofBlockchainThecurrentblockchainstructurecanberoughlydividedintoapplicationlayer,smartcontractlayer,incentivelayer,consensuslayer,networklayeranddatalayerfromtoptobottom.
Thesecurityanalysisofeachlayerwillbeperformedseparatelybelow.
ApplicationLayer.
Applicationlayersecuritymainlycoversthesecurityissuesofcentralizednodessuchastheexchangeswhichinvolvedigitalcurrencytrans-actionsandmanagelargeamountsoffunds.
Thesenodesareatanypointoffailureoftheentireblockchainnetwork,andtheattackyieldishighandthecostislow,whichisthepreferredtargetoftheattackers[13].
UnauthorizedAccesstoAnExchangeServer.
Exchangesoftendepositlargeamountsofmoneyandareeasilytargeted.
Oncetheexchangeserverauthor-ityisobtainedandthekeyinformationismodied,theattackercanstealthefundskey,tamperwiththetransactionamountorleaksensitiveinformation,causingeconomicandreputationaldevastatingblowstotheexchange.
Forexample,theYoubit(formerlyYapizon)stolenevent.
OnApril22,2017,4hotwalletsofYoubitwerestolen,lost3,816BTC,withatotalvalueofabout$5,300,000,accountingfor36%oftheexchange'sfunds.
OnDecember19,2017,Youbitannouncedthatitwasattackedagain,lostapproximately17%ofitsassets,andatthesametimeannouncedtheexchangeclosedandenteredthebankruptcyprocess[14].
ExchangeDDoS.
Duetothehighdemandfornetworkbandwidthinthetradingplatform,onceaDDoSattackoccurs,itisveryseriousfortheplatformandtheentireindustry.
IfthetradingplatformisattackedbyDDoS,notonlywillitselfsuerlosses,butthetransactionvolumeoftheblockchaincurrencywillalsobegreatlyreduced,whichwillindirectlyaecttheriseandfalloftheblockchaincurrency[15].
AccordingtothereportofglobalDDoSthreatlandscapeQ32017byIncap-sula[16],althoughitsindustryscaleisstillrelativelysmall,Bitcoinhasbecomeoneofthetop10industrieswhicharemostvulnerabletoDDoSattacks.
ThisreectstoacertainextentthattheentireblockchainindustryisfacingseriousDDoSsecuritychallenges.
Forexample,fromNovember2017toDecember2017BitnexannouncedthatithadsueredtheDDoSattackforthreetimes,andalltheservicesoftheexchangehadbeenshutdownforalongtime[17].
Theattackercreatespressureontheserverbycreatingalargenumberofemptyaccounts,causingrelatedservicesandAPIstogooineforhours.
EmployeesHostSecurity.
OnJune20,2011,thelargeBitcoinexchangeMt.
Goxwasattacked.
Itsserverwasnotcompromised,buttheattackergainedaccesstoacomputerusedbyanauditorofMt.
Gox,andgotaread-onlydatabasele,resultinginabout60000users'username,emailaddress,andencryptedpass-word[18]tobeleaked.
Afterobtainingthissensitiveinformation,theattackerAnOverviewofBlockchainSecurityAnalysis61crackedthepasswordofoneofthelargeaccounts,issuedalargesalesmessagethroughthisaccount,andsold400,000BTC[19]underit,tryingtotransferfundsthroughthelegaltransactionprocess.
Fortunately,becausetheexchangeprotectionmeasuresareeective,itlimitsthemaximumvalueof$1,000BTCperaccountperday,soitdoesnotcausemuchdamagetothisaccount.
However,alargenumberofBTCsalerequestscausedtheexchangeBTCpricetodropto1cent,resultinginanimpactofapproximately$8,750,000inassets.
MaliciousProgramInfection.
Onceamaliciousprogramisimplantedintotheexchangesystem,itislikelytocausealargeamountofsensitiveinformationleakage,includingkeyandwalletles.
Thekeyiseverything,andtheleakageofsensitiveinformationoftenmeanslosingcontrolofallassets.
TheexchangeMt.
Goxwasattackedin2014.
ThekeyleofMt.
Goxwasstoredlocallyincleartext,andthekeylewallet.
datleakedduetoTrojaninfection,resultinginalargeamountofassetlossandeventually,Mt.
Goxwentbankruptcy[20].
Itisworthnotingthatinthisattack,theattackerusedtwoyearstograduallytransferassetsinordertoavoidthecommunityrecoveringthelossthroughhardforks.
TheemergenceofthistypeofAPTattackmeansthatmonitoringofthethreatofattackintheblockchainindustrycannotrelysolelyonshort-termanomalytransactionmonitoring.
InitialCoinOering.
TamperingAttack:WhenICOraisesfunds,itusuallyhangsthereceivingaddressontheprojectocialwebsite,andthentheinvestorwilltransfermoneytothisaddressforthecorrespondingtoken.
Hackerscantamperwiththecollectionaddressthroughattackssuchasdomainhijacking,webvulnerabilities,orsocialengineering.
Phishingattack:Theattackerusessocialengineeringandothermeanstoimpersonatetheocial,allowingtheusertotransfermoneytotheattacker'swalletaddress.
Forexample,anattackercanuseanapproximatedomainnameandhighlyphishingwebsitetodefraudinvestorsoruseemailtodisseminatefakeinformation,suchasICOproject'spaymentaddresschangenotice,etc.
ordisseminatephishinginformationonsocialsoftwareandmediatodefraudinvestors.
MiningMachineSystem.
Thecybersecurityawarenessofminingdevicemanu-facturersisuneven,andbecauseofitsclosedsourcecharacteristics,thesecurityofitscodecannotbecheckedbythepublic.
Onceacybersecurityissueoccurs,theresultisfatal.
Andwhetherthedevicemanufacturerwillinterspersethebackdoorforremotecontrolofthedevice,orstealtheminingoutput,isstillremaintobediscussed.
0day:Mostminingsystemisageneral-purposesystem.
Onceaminingsystemisfoundtohavea0dayvulnerability,thesecuritybarriersofthesystemwillbebrokeninaninstant.
Theattackercanusethevulnerabilitytoobtainthemodifypermissionandthentamperwithrewardreceivingaddressandthenhijacktheuser'sreward.
62H.
Wangetal.
Weakpasswordattack:Atpresent,theminingsysteminthemarketisbasedontheB/Sarchitecture.
Accesstotheminingsystemisusuallythroughtheweborothermeans.
Iftheweakpasswordisused,itwillbevulnerabletointrusion.
MiningPool.
ByJune2018,thetopveBitcoinminingpoolsintheworldareBTC.
com,AntPool,SlushPool,BTC.
TOPandF2Pool.
About60%oftheworld'shashpowerisinthehandsofChineseminers[21].
Hashpowerforgeryattack:Theminingpoolwilltesttheactualhashpowerofthecurrentminerthroughacertainproofofworktestalgorithm.
Thehackercanfalselyreportthehashpowerbyndingthevulnerabilityofthealgorithm,andthenobtaintheexcessiverewardthatdoesn'tmatchtheactualcontribution.
Selshminingattack:Amaliciousminingpooldecidesnottoreleasetheblockitnds,andthuscreatesafork.
Whentheprivateforkislongerthanthepublicchain,themaliciousminingpoolissuestheprivatefork.
Becausetheforkisthelongestchaininthecurrentnetwork,itwillberecognizedasalegalchainbyhonestminers,sotheoriginalpublicchainandthehonestdataitcontainswillbediscarded.
Theresultsofthestudyindicatethatthemaliciousminingpoolswillyieldmorebenetsnormallybyusingselshminingstrategies.
Butsuchattacksusuallyrequirehugehashpowerasasupport.
Centralization:Theexistenceoftheminingpoolviolatestheprincipleofdecentralizationoftheblockchain.
Theoretically,ifitcancontrolatleast51%ofthehashpowerofentirenetwork,itwillbeabletomonopolizetheminingright,billingrightanddistributionright,whichwillaecttheecologicalsecurityoftheblockchain,sothatthecreditsystemofthecryptocurrencywillceasetoexistandthecryptocurrencysystemwillbecompletelydestroyed.
PossibleMethods.
Itisimpossibleforanyonepartytorespondtovariousattacksattheapplicationlayer.
Theapplicationdevelopersshouldensurethatthesoft-waresdon'tcontaindiscoveredvulnerabilitiesandarethoroughlytested.
Asthecentralnode,suchasatradingplatform,real-timemonitoringofsystemhealthandsomeprotectedmethods(e.
g.
dataencryptionstorage,etc.
)arerequiredtoensurethatthesystemisnotsubjecttointernalandexternalattacks.
Allemployeesshouldbesystematicallytrainedbeforetheyareemployedtoavoidbecominganattackportal.
Asauser,youshouldbeabletokeepyourownaccountandkeyproperly,distinguishbetweentrueandfalseinformationandbecautiousintradingtoavoidphishingattacks.
SmartContractLayer.
Asmartcontractismorethanjustacomputerpro-gramthatcanbeexecutedautomatically.
Itisasystemparticipant.
Itrespondstothereceivedmessage,itcanreceiveandstorevalue,anditcansendoutinfor-mationandvalue[22].
Forthesecurityrisksofsmartcontracts,thefollowingattacksaresummarized.
ReentrancyAttack.
Theessenceofreentrancyattackistohijackthecontractcontrolowanddestroytheatomicityofthetransaction,whichcanbeunder-stoodasalogicalraceconditionproblem.
Forexample,TheDAOwasattacked,AnOverviewofBlockchainSecurityAnalysis63andtheattackerusedthevulnerabilityinthecontracttolaunchareentrancyattackandgained60milliondollars.
Inordertorecoverthispartofthefunds,theEthereumcommunitydecidedtoperformahardfork,rollbackallthetrans-actionrecordssincethestartoftheattackandxthecontractvulnerabilitiesinthenewbranch.
Thevulnerabilityisdescribedbelow.
HereisasimpliedversionofTheDAOcontract:contractSimpleDAO{mapping(address=>uint)publiccredit;functiondonate(addressto){credit[to]+=msg.
value;}functionqueryCredit(addressto)returns(uint){returncredit[to];}functionwithdraw(uintamount){if(credit[msg.
sender]>=amount){msg.
sender.
call.
value(amount)();credit[msg.
sender]=amount;}}}ParticipantscallthedonatefunctiontodonatetheirownEthertoacontractaddress,thedonationinformationisstoredinthecreditarray,andtherecipientcontractcallsTheDAO'swithdrawfunctiontoreceivefunds.
Beforeactuallysendingthetransaction,TheDAOchecksifthereisenoughdonationinthecreditarray,andafterthetransactionisover,thetransactionamountisreducedfromcredit.
TheattackerrstconstructsamaliciouscontractMallory,asfollows:contractMallory{SimpleDAOpublicdao=SimpleDAO(0x354addressowner;functionMallory(){owner=msg.
sender;}function(){dao.
withdraw(dao.
queryCredit(this));}functiongetJackpot(){owner.
send(this.
balance);}}AfterMallorydeployed,theattackercallsTheDAO'sdonatefunctiontodonateabitofEthertotheMallorycontract.
AftertriggeringMallory'sfallbackfunction(unnamedfunction),therearemanytriggermethods,suchastransfermoneytoMallory.
ThefallbackfunctionwillcallTheDAO'swithdrawfunctionandextractallthefundsthatbelongtoit.
Itseemstobenoproblemsofar.
How-ever,aftermsg.
sender.
call.
value(amount)()inthewithdrawisexecuted,Mal-lory'sfallbackfunctionisautomaticallycalledafterthetransferiscompletedduetothetransferoperationfeature,sothewithdrawfunctioniscalledagain.
Becausecreditisnotupdatedatthistime,soyoucanstillwithdrawmoney64H.
Wangetal.
normally,thenyoufallintoarecursiveloop,andeachtimeyoucanextractapartofEtherintheDAOtotheMallorycontract.
Thisloopwillcontinueuntiloneofthreeconditionsoccurs,gasisexhausted,thecallstackisfull,andTheDAObalanceisinsucient.
Anexceptionisthrownwhenoneoftheaboveconditionsoccurs.
DuetothecharacteristicsoftheSolidityexceptionhandling,allprevioustransactionsarevalid.
Theoretically,repeatingthisoperationcanextractalltheEtherofTheDAO'stoMallory.
UnauthorizedAccessAttack.
Mostofthisattackduetofailuretomakeexplicitfunctionvisibility,orfailstodosucientpermissionchecks,whichcancauseanattackertoaccessormodifyafunctionorvariablethatshouldnotbeaccessed.
Forexample,amulti-signaturecontractvulnerabilityintheParitywalletwasexploitedbyanattackertostealatotalof153,037Etherinthreetimes.
ThenParityocialblogandTwitterreleasedsecurityalert[23]andupdatedthenewversionofthelibrarycontract.
ThebugcomesfromtheMulti-Siglibraryleenhanced-wallet.
solwrittenbyParity'sfounderGavinWood.
Theattackerexploitedthebugtoresetthewalletowner,tookoverthewalletandstolenallthefunds.
Thisisessentiallyabreachofauthorityinthecontract.
SolidityDevelopmentSecurity.
Possiblebugswhenwritingsmartcontractsinclude:Racecondition:Thebiggestriskofcallinganexternalfunctionisthatthecallingbehaviormaycausethecontrolowtobehijackedandaccidentallymod-ifythecontractdata.
Thistypeofbughasmanyspecicforms,suchasreentrantandcross-functionraceconditions.
Transaction-OrderingDependence:Aattackercanconstructhisowntrans-actionbasedontheorderinformationcontainedinthependingtransactions,andtrytogethistransactiontobewrittenintotheblockbeforeothers.
Integeroverowandunderow:Whenprogramming,youshouldthinkaboutwhetherintegeroverowscanoccur,howthestateofuintvariableswillbetransferred,andwhohastheauthoritytomodifythosevariables.
DenialofServiceAttackBasedonExceptionRollback:Forexample,acrowd-fundingcontractgivesarefundtoaparticipant.
Thecontractmayneedtotra-verseanarraytoprocessarefundforagroupofusers.
Thesimpleideaisthateveryrefundissuccessful,otherwisetheprogramshouldberolledback.
Theconsequenceofthispracticeisthatoneofthemalicioususersforcedtherefundtofailandalluserswereunabletoreceivetherefund.
Itisrecommendedtouseapullpaymentmechanism,whichseparatestherefundoperationintoanindependentfunction,whichiscalledbytherefundrecipienttopulltherefund.
PossibleMethods.
Onceasmartcontractisdeployedinadistributed,decen-tralizednetwork,itisdiculttochange.
Itpreventsdatamanipulationandestablishesatrustmechanismbasedontheencryptionalgorithm.
Ontheotherhand,whentheblockchainisfacingasecurityattack,itlacksaneectivecor-rectionmechanismandisdiculttoreverse.
Therefore,beforethedevelopmentofsmartcontracts,itisnecessarytoguardagainstthevulnerabilitiesthathaveAnOverviewofBlockchainSecurityAnalysis65alreadyoccurred.
Itshouldconductsucientsecuritytestsbeforeissued.
Pro-fessionalsperformcodeoptimizationsinatimelymanner,conductregularcodeaudits,andmonitorabnormalbehaviorofdeployedcontractstoreducelosses.
IncentiveLayer.
Thepurposeoftheincentivelayeristoprovidecertainincentivestoencouragenodestoparticipateinthesecurityvericationoftheblockchain.
Thesecurityoftheblockchaindependsontheparticipationofmanynodes.
Forexample,thesecurityoftheBitcoinblockchainisbasedonthegreathashpowerthatmanynodesparticipateintheproofofworkwhichmakesitimpossibleforanattackertoprovideahigheramountofcomputation.
Thever-icationprocessofanodeusuallyconsumescomputingresourcesandelectricpower.
Inordertoencouragenodeparticipation,theblockchainusuallyrewardsparticipantsintheformofvirtualcurrency.
Bitcoin,Litecoin,andEtherareallproductsofthismechanism.
Blockchainprojectsneedtoadapttothemarkettoautomaticallyadjusttherewards,ratherthansimplyreducingthem.
Intheblockchainprojectrewardmechanism,whenthenode'sworkingcostisclosetoorgreaterthantheincome,theyoftenchoosenottoworkforthisblockchain,whichcaneasilyleadtocen-tralizationproblems.
ConsensusLayer.
TheconsensusmechanismgivestheblockchainthesoultodierentiateitfromotherP2Ptechnologies.
Commonlyusedconsensusmech-anismsareProofofWork(PoW),ProofofStake(PoS),andDelegatedProofofStake(DPoS).
ThepossibleattacksincludeBribeAttack,Long-RangAttack,AccumulationAttack,PrecomputingAttackandSybilAttack.
Table1showstheapplicationscopeoftheattacksfortheconsensusmechanisms.
Table1.
AttackmethodsandapplicationscopeforconsensusmechanismAttackmethodsPoWPoSDPoSBribeAttack+Long-RangeAttack++CoinAgeAccumulationAttack++PrecomputingAttack+SybilAttack+++Atpresent,theexistingconsensusmechanismsarenotperfect,anditisnec-essarytoexploreamoresecureandfasterconsensusmechanismwhileincreasingthedicultyofexistingattacks.
NetworkLayer.
Theinformationtransmissionoftheblockchainmainlydependsonthepeer-to-peernetwork.
TheP2Pnetworkreliesonnearbynodes66H.
Wangetal.
forinformationtransmissioninwhichitmustexposeeachother'sIP.
Ifthereisanattackerinthenetwork,itisveryeasytobringsecuritythreatstoothernodes.
ThenodeofthepublicblockchainnetworkmaybeanordinaryhomePC,acloudserver,etc.
,anditssecuritymustbeuneven.
Theremustbeanodewithpoorsecurity,andattackingitwilldirectlythreatentheothernodes.
Themainattacksareasfollows.
Eclipseattack:Thenodeiskeptinanisolatednetworkbyhoardingandoccupyingthevictim'sslots.
Thistypeofattackisdesignedtoblockthelat-estblockchaininformationfromenteringtheeclipsenode,therebyisolatingthenodes[24].
BGPhijacking:Atpresent,thesecurityresearchershaveprovedtheconcep-tualfeasibilityoftheattack.
FromNovember5,2015,toNovember15,2016,throughtheanalysisandstatisticsofthenodenetwork,mostofthebitcoinnodesarecurrentlyhostedinafewspecicInternetServiceProviders(ISP),while60%ofBitcoinconnectionsareintheseISPs.
Therefore,theseISPscansee60%ofBitcointrac,andcanalsocontrolthetracofthecurrentBit-coinnetwork.
Theresearchersveriedthatatleasttwoattacksareconceptualfeasiblethroughthehijackingscenario,andgivenvalidationcode[25].
Thesecuritydefenseforthenetworklayercanbemainlyimprovedfromtwoaspects:P2Pnetworksecurityandnetworkauthenticationmechanism.
Inthetransmissionprocessofthenetwork,areliableencryptionalgorithmisusedfortransmissiontopreventmaliciousattackersfromstealingorhijackingthenodenetwork.
Strengthenthevalidity,rationalityandsecurityofdatatransmissioninnetwork.
Clientnodesshoulddothenecessaryvericationforimportantopera-tionsandinformation.
DataLayerBlockData.
Maliciousinformationattack:Writemaliciousinformation,suchasvirussignatures,politicallysensitivetopics,etc.
intheblockchain.
Withthedataundeletefeatureoftheblockchain,informationisdiculttodeleteafteritiswrittenintheblockchain.
Ifmaliciousinformationappearsintheblockchain,itwillbesubjecttomanyproblems.
AteamofresearchersattheRWTHAachenUniversityandtheGoetheUniversityFrankfurtinGermanypointedoutthatamongthe1,600documentsaddedtotheBitcoinblockchain,59lescontainedlinkstoillegalchildren'spic-tures,politicallysensitivecontentorprivacyviolations[26].
Currently,onlyafewBitcoinblockchaintransactionscontainotherdata.
IntheBitcoinblockchain,about1.
4%ofthe251milliontransactionscontainotherdata,thatis,onlyafewofthesetransactionscontainillegalorundesirablecontent[26].
Still,evensuchsmallamountsofillegalorinappropriatecontentcanputparticipantsatrisk.
SignatureandEncryptionMethod.
Cryptographyisthekeytoensurethesecu-rityandtamperresistanceofblockchain,andblockchaintechnologyreliesheavilyAnOverviewofBlockchainSecurityAnalysis67ontheresearchresultsofcryptography,whichprovidesakeyguaranteefortheinformationintegrity,authenticationandnon-repudiationoftheblockchain.
Asamainstayoftheblockchain,theencryptiontechnologyisparticularlyimportant.
Forexample,theMD5andSHA1hashalgorithmspopularinpreviousyearsbuthavebeenprovedtobeinsucientlysecure.
Atpresent,theSHA256algorithmiswidelyusedinbitcoin.
Sofar,thisalgorithmisstillsafe,butwiththedevelopmentofnewtechnologyandresearch,itmaynotbesafeinthefuture.
Therefore,whendesigningblockchainapplications,itisimportanttocarefullychoosetheencryptionmethod.
Currentmainstreamsignaturemethodsincludeaggregatesignature,groupsignature,ringsignature,blindsignature,proxysig-nature,interactiveincontestablesignature(IIS),blindedveriableencryptedsignature(BVES),andsoon.
Attacksoncryptographicalgorithms,especiallythehashfunctions,includebrute-forceattack,collisionattack,lengthexpansionattack,backdoorattackandquantumattack.
3.
3NetworkSupervisionofBlockchainWhileblockchainbringstechnologicalinnovation,italsobringshugechallengesfornetworksupervision.
Thetraditionalsupervisionmodeismostlycentralizedmanagement.
Howtousetheblockchaintechnologyandthecurrentlegalsystemtosupervisetheapplicationoftheblockchainisoneoftheproblemsthatthegovernmentandtheindustrypayattentionto.
Inordertoovercometheproblemsofblockchaininnetworksupervision,itisnecessarytocrosstheunderlyingtechnologyandthinkabouthowtocombinethespeciccasesoftechnologyapplicationwithsupervision.
Atpresent,byclas-sifyingapplicationcases,theycanbedividedintothreecategories,"RecyclingBox","DarkBox"and"Sandbox"[27].
Theapplicationcasesineachcategorybringmanychallengesforthelegal,supervisionanddecision-makingdepart-ments.
Thethreecategoriesarefullyanalyzedbelow.
3.
4"RecyclingBox""Recyclingbox"arethosecasesthatattempttosolveindustrypainpointsthroughblockchainsolutionsinabetter,faster,andcheaperway.
Theirgoalsarenotillegal,andthemotivationissimple.
Intheprocessoftheapplicationlaunched,thenetworksupervisionauthoritiescanimplementsupervisiononlybymakingminormodicationstothecurrentsupervisionframework.
ThemosttypicalexampleistheinterbanksettlementsystemdevelopedbyRipple.
Thepaymentsolutionusesasingledistributedledgertoconnecttheworld'smajornancialinstitutionsandcross-banktransactionsthatoccurbetweeneachothercanbedoneinrealtime.
Comparedwiththetraditionalmethod,itnotonlysavesalotoftime,improveseciency,butalsosavesaservicefee[27].
68H.
Wangetal.
3.
5"DarkBox""Darkbox",itssourceissimilarto"darknet".
Casesbelongingtothiscategory,withoutexception,allcontradictthecurrentlaw.
Suchcasesarenumerous,forexample,theonlinedrugmarket,thearmsmarketorotherillegalgoodsmarket,humantrackingnetworks,terroristnancingandcommunicationnetworks,moneylaunderingandtaxevasioncanallbeclassiedassuch.
Theseillegalserviceshaveexistedinthedarknetworkforalongtime.
Nowadays,becauseoftheapplicationofblockchaintechnology,someofthemarelikediscoveringtheNewWorld.
It'seasytoidentifythe"darkbox",butitcanbediculttotrytostopthem[27].
Thereasonwhythe"darkbox"isdiculttobestoppedisthatinrecentyears,thedigitalcurrencyhasbecomeanimportanttoolformoneylaundering,illegaltransactions,andescapingforeignexchangecontrolduetoitsanonymityanddecentralization.
Digitalcurrencydoesnotrequireacreditcardandbankaccountinformation.
Criminalscanavoidthesupervisionagenciesandcannottracethesourceanddestinationoffundsthroughtraditionalcapitaltransactionrecords,whichmakestraditionalsupervisionmethodsmalfunction.
3.
6"Sandbox"The"sandbox"isoneofthemostexcitingandheadachesforlegislatorsinthesethreecategories,andmanyofthemostdisruptiveandpublicinterestcasesfallintothiscategory.
Theterm"sandbox"wastakenfromarecentinitiativebytheFinancialConductAuthority(FCA)called"RegulatorySandbox".
Appli-cationcasesbelongingtothiscategoryhaveveryvaluablebusinessobjectives,butthecurrentsituationisthatduetothevariouscharacteristicsofthedis-tributedledgertechnology,mostofthesecasescannotmeettheexistingsuper-visionrequirements.
Theircommonfeatureiswhatthebusinesspursuedislegal,butitmaycausevariousrisks,sothegovernmentwillnotletitgoandwillhaveappropriatesupervision.
Thetypicalcaseispeer-to-peer(P2P)funding.
ItisnecessarytomentiontheventurecapitalfundTheDAObasedontheblockchain.
AlthoughTheDAO'sICOisnodierentfromordinaryventurecapital,theirgoalsarealltoinvestinastartup.
Itseemstohavenothingtodowithillegality.
However,thewayTheDAOworksisnotnormalatall,whichisoneofthereasonswhyitwillbeincompatiblewiththeexistinglegalsystem.
TheDAOhasnophysicalexistence,nolegalstatusinanyjurisdiction,noleadership,management,orevenemployees.
Alloperationsareautomaticallydonebytheblockchaininadecentralizedmanner.
Itisnotresponsibletoanyoneexceptthoseanonymousdonors.
TechCrunchcommentedonsuchorganizationsas"completelytransparent","shareholdershavefullcontrol",and"unparalleledexibilityandself-governance".
Atpresent,theskillspossessedbymostoftheregulatorsarehighlyspecial-ized,andtheyareonlysuitableforacertainplace.
Theapplicationsofblockchainaremostlyglobal,andthecoverageareaisverywide.
ThisalsoexplainswhytheAnOverviewofBlockchainSecurityAnalysis69FCA'sproposedregulatorysandboxprogramhassueredacoldspotassoonasitwaslaunched,andmanyblockchainstartupshaveexpressednointerestinit.
4TheCurrentStatusofBlockchainSecurityProtectionBlockchaintechnologyiscurrentlyintheearlystageofdevelopment.
Therearemanysecurityissuesfromtheunderlyingtechnologytotheupperapplication.
Thethirdchapterhasanalyzedthevulnerabilitiesofeachlayeroftheblockchainandthepossibleattacks.
Atpresent,whenstudyingblockchainsecurity,mostofthescholarsmainlyfocusonintegrity,privacyprotectionandscalability[4].
Defensesagainsttheseattackshavebeengiveninsomepapers.
Intheblockchainintegrityprotectionaspect,forexample,forselshminingattacks,Eya[28]andHeilman[29]bothproposeddefensivemeasures.
TheexistenceofProofofWorkmechanismandthelargenumberofhonestminersmaketheblockchainintegrityprotected.
Althoughtheblockchainprovidesanonymization,itisnotcompletelyanony-mous.
Theattackercanstillperformcertainmappingbyanalyzingnetworktraf-candtransactioninformation.
Intheliterature[30–32],scholarsanalyzedandadvancedahybridmechanism.
It'smainideaisthattheusersendssomebitcoinfromanaddressandputsthebitcoinintoanotheraddressinsuchawaythatitisdiculttondthecorrespondencebetweentheinputandoutputaddressesofthesameuser.
Atpresent,therearetwomaintypesofmethodsforblockchainprivacyprotection:Oneistoaddananonymousprotectionmechanismtoanexistingblockchainthroughatechnologysuchas"securetransmission".
AnotherpossibleapproachistocreateanewblockchainthatisincompatiblewiththeBitcoinsystem,suchasZerocash,whichprovidesanonymitybyusingnewprimi-tivesinitsblock[33].
Infact,somemoreforward-lookingtechnologieshavebeenstudiedtoobtainabetteranonymityguarantee,suchasCoinjoinsolutions,softwarethatprovidesanonymousfunctionality(e.
g.
Mimblewimble)andnext-generationencryptiontechnologyrepresentedbyattribute-basedencryption.
Cryptographyisthecornerstoneofblockchaintechnology.
Oncethehashfunctionorencryptionalgorithmisnolongersecure,thesecurityoftheblockchainwillnolongerexist.
ThehashfunctionSHA256andtheencryptionalgorithmellipticcurvecryptographyusedfortheblockchainarestillsafe,butwiththedevelopmentofnewtechnologies(e.
g.
quantumcomputing),itssecu-rityremainstobediscussed.
Therefore,weshouldpayattentiontonewresearchresultsinatimelymannerandactivelyseekmoresecurealgorithms.
Blockchaintechnologycurrentlyhasmanysecurityproblems,butanyinno-vativetechnologyneedsaprocessofcontinuousproblemsolvingfrombirthtomaturity,soastheblockchain.
What'smore,featuresoftheblockchainlikeelim-inatingthecenter,eliminatingtrust,andtamper-resistance,cansolveproblemsexistinmanyindustries.
70H.
Wangetal.
5ConclusionAsanemergingtechnology,theinherentdatasecurityandeectiveprivacypro-tectionmaketheblockchainindustrybeusedmoreandmorewidely.
However,itisworthnotingthatwiththeexpansionofitsapplication,moreandmorenewtypesofsecuritythreatsareemergingtargetedontheblockchain.
Thewaytostrengthenthesecurityprotectionoftheblockchainneedsfurtherresearchindeed.
Thesecondchapterofthispaperintroducestheapplicationscenariosofblockchaintechnologyindierenteldsandanalyzesthecorrespondingprojects.
Thethirdchapterfocusesonthesecurityanalysisofthetechnologyandappli-cationofeachlayeroftheblockchain,andsummarizesthevulnerabilitiesandpossibleattacks.
Thefourthchaptersummarizesthecurrentstatusofblockchainsecurityprotection,itshowsthatmoreresearchisneededonthesecurityaspect.
Accordingtoalargenumberofpapershavebeenresearched,mostusersandresearchersoftheblockchainpaymoreattentiontotheapplicationofblockchainsandtechnologyitself,butlessattentionandresearchestosecurity.
Wethinkblockchainanonymityresearchandupper-levelsecurity,especiallysmartcon-tractlayerandapplicationlayersecurityrequirescontinuousattentionandresearch.
Ihopethattheworkofthispapercanalertthepractitioner"networksecurityoftheblockchainisstillwaitingfordeeperresearch".
References1.
Nakamoto,S.
:Bitcoin:apeer-to-peerelectroniccashsystem(2008)2.
Zhao,G.
:Blockchain:thecornerstoneofthevalueInternet.
PublishingHouseofElectronicsIndustry,Beijing(2016)3.
Yang,B.
,Chen,C.
:BlockchainPrinciple,DesignandApplication.
ChinaMachinePress,Beijing(2017)4.
Fang,W.
,Zhang,W.
,Pan,T.
,etal.
:Cybersecurityinblockchain:threatsandcountermeasures.
J.
CyberSecur.
3(2),87–104(2018)5.
Distributedledgertechnologiesinsecuritiespost-trading.
https://www.
ecb.
europa.
eu/pub/pdf/scpops/ecbop172.
en.
pdf.
Accessed4July20186.
IBMNews.
https://www.
ibm.
com/news/cn/zh/2016/10/19/D468881I72849Y25.
html.
Accessed4July20187.
Benet,J.
:IPFS-ContentAddressed,Versioned,P2PFileSystem.
https://github.
com/ipfs/papers/raw/master/ipfs-cap2pfs/ipfs-p2p-le-system.
pdf.
Accessed4July20188.
RedChainWhitePaper.
https://cdn.
thiwoo.
com/RedChain/reeedwhite.
pdf.
Accessed4July20189.
UNetwork:ADecentralizedProtocolforPublishingandValuingOnlineContent.
https://u.
network/Uwhitepaperen.
pdf.
Accessed4July201810.
YOYOWWhitePaper.
https://yoyow.
org/les/white-paper3.
pdf.
Accessed4July201811.
BIHUWhitePaper.
https://home.
bihu.
com/whitePaper.
pdf.
Accessed4July201812.
BCSECSecurityTrendAnalysis.
https://bcsec.
org/analyse.
Accessed4July201813.
CHAITINTECH,ConsenSys.
:BlockchainSecurityGuide.
https://chaitin.
cn/cn/download/blockchainsecurityguide20180507.
pdf.
Accessed4July2018AnOverviewofBlockchainSecurityAnalysis7114.
YoubitFilesforBankruptcyAfterSecondHackThisYear.
https://www.
ccn.
com/south-korean-exchange-youbit-declares-bankruptcy-after-second-hack-this-year.
Accessed4July201815.
BlockchainSecurityv1.
https://bcsec.
org/report.
Accessed4July201816.
GLOBALDDOSTHREATLANDSCAPEQ32017.
https://www.
incapsula.
com/ddos-report/ddos-report-q3-2017.
html.
Accessed4July201817.
BitnexAttackedStatement.
https://twitter.
com/bitnex/status/940593291208331264.
Accessed4July201818.
MtGoxAccountDatabaseLeaked.
https://news.
ycombinator.
com/itemid=2671612.
Accessed4July201819.
LulzSecRogueSuspectedofBitcoinHack.
https://www.
theguardian.
com/technology/2011/jun/22/lulzsec-rogue-suspected-of-bitcoin-hack.
Accessed4July201820.
BitcoinTradingPlatformMt.
GoxFiledforBankruptcyProtection.
http://www.
bbc.
com/zhongwen/simp/business/2014/02/140228bitcoin.
Accessed4July201821.
PoolDistribution.
https://btc.
com/stats/poolpoolmode=month.
Accessed4July201822.
SmartContractWiki.
https://github.
com/EthFans/wiki/wiki/%E6%99%BA%E8%83%BD%E5%90%88%E7%BA%A6.
Accessed4July201823.
ParitySecurityAlert.
https://paritytech.
io/security-alert.
Accessed4July201824.
Heilman,E.
,Kendler,A.
,Zohar,A.
,etal.
:EclipseattacksonBitcoin'speer-to-peernetwork.
In:UsenixConferenceonSecuritySymposium(2015)25.
BGPHijack-btc.
https://github.
com/nsg-ethz/hijack-btc.
Accessed4July201826.
Matzutt,R.
,Hiller,J.
,Henze,M.
,etal.
:Aquantitativeanalysisoftheimpactofarbitraryblockchaincontentonbitcoin.
In:22ndInternationalConferenceonFinancialCryptographyandDataSecurity.
Springer,Curacao(2018)27.
DepthLongTextInterpretationofBlockchainandSupervision:"recyclingboxes","blackboxes"and"sandboxes".
https://www.
pintu360.
com/a49882.
htmls=87&o=1.
Accessed4July201828.
Eyal,I.
,Sirer,E.
G.
:Majorityisnotenough:bitcoinminingisvulnerable.
Commun.
ACM61(7),95–102(2018)29.
Heilman,E.
:Oneweirdtricktostopselshminers:freshbitcoins,asolutionforthehonestminer(posterabstract).
In:B¨ohme,R.
,Brenner,M.
,Moore,T.
,Smith,M.
(eds.
)FC2014.
LNCS,vol.
8438,pp.
161–162.
Springer,Heidelberg(2014).
https://doi.
org/10.
1007/978-3-662-44774-11230.
Valenta,L.
,Rowan,B.
:Blindcoin:blinded,accountablemixesforbitcoin.
In:Brenner,M.
,Christin,N.
,Johnson,B.
,Rohlo,K.
(eds.
)FC2015.
LNCS,vol.
8976,pp.
112–126.
Springer,Heidelberg(2015).
https://doi.
org/10.
1007/978-3-662-48051-9931.
Bissias,G.
,Ozisik,A.
P.
,Levine,B.
N.
,etal.
:Sybil-resistantmixingforbitcoin.
In:Proceedingsofthe13thWorkshoponPrivacyintheElectronicSociety.
ACM(2015)32.
Meiklejohn,S.
,Orlandi,C.
:Privacy-enhancingoverlaysinbitcoin.
In:Brenner,M.
,Christin,N.
,Johnson,B.
,Rohlo,K.
(eds.
)FC2015.
LNCS,vol.
8976,pp.
127–141.
Springer,Heidelberg(2015).
https://doi.
org/10.
1007/978-3-662-48051-91033.
Sasson,E.
B.
,Chiesa,A.
,Garman,C.
,etal.
:Zerocash:decentralizedanonymouspaymentsfrombitcoin.
In:SecurityandPrivacy,pp.
459–474.
IEEE(2014)72H.
Wangetal.
OpenAccessThischapterislicensedunderthetermsoftheCreativeCommonsAttribution4.
0InternationalLicense(http://creativecommons.
org/licenses/by/4.
0/),whichpermitsuse,sharing,adaptation,distributionandreproductioninanymediumorformat,aslongasyougiveappropriatecredittotheoriginalauthor(s)andthesource,providealinktotheCreativeCommonslicenseandindicateifchangesweremade.
Theimagesorotherthirdpartymaterialinthischapterareincludedinthechapter'sCreativeCommonslicense,unlessindicatedotherwiseinacreditlinetothematerial.
Ifmaterialisnotincludedinthechapter'sCreativeCommonslicenseandyourintendeduseisnotpermittedbystatutoryregulationorexceedsthepermitteduse,youwillneedtoobtainpermissiondirectlyfromthecopyrightholder.
ac.
cn2UniversityofChineseAcademyofSciences,Beijing,China3NationalComputerNetworkEmergencyResponseTechnicalTeam/CoordinationCenter,Beijing,ChinaAbstract.
Theblockchain,withitsowncharacteristics,hasreceivedmuchattentionatthebeginningofitsbirthandbeenappliedinmanyelds.
Atthesametime,however,itssecurityissuesareexposedcon-stantlyandcyberattackshavecausedsignicantlossesinit.
Atpresent,thereislittleconcernandresearchintheeldofnetworksecurityoftheblockchain.
Thispaperintroducestheapplicationsofblockchaininvariouselds,systematicallyanalyzesthesecurityofeachlayeroftheblockchainandpossiblecyberattacks,expoundsthechallengesbroughtbytheblockchaintonetworksupervision,andsummarizesresearchprogressintheprotectiontechnology.
Thispaperisareviewofthecur-rentsecurityoftheblockchainandwilleectivelyhelpthedevelopmentandimprovementofsecuritytechnologiesoftheblockchain.
Keywords:Blockchain·Networksecurity·Cyberattacks·Networksupervision1Background1.
1OriginandDevelopmentoftheBlockchainTherstblockchainwasconceptualizedbyaperson(orgroupofpeople)knownasSatoshiNakamotoin2008[1].
ItwasimplementedthefollowingyearbyNakamotoasacorecomponentofthecryptocurrencybitcoin,whereitservesasthepublicledgerforalltransactionsonthenetwork.
Comparingtotherapiddevelopmentofblockchaintechnology,relevantnormsandstandardsonitarestillincomplete.
Therstdescriptivedocumentontheblockchainisthe"Bitcoin:APeer-to-PeerElectronicCashSystem"writ-tenbyNakamoto,inwhichblocksandchainsaredescribedasadatastructurerecordingthehistoricaldataofthebitcointransactionaccounts.
"Atimestampserverworksbytakingahashofablockofitemstobetimestampedandwidelypublishingthehash,suchasinanewspaperorUsenetpost.
Thetimestampprovesthatthedatamusthaveexistedatthetime,obviously,inordertogetcTheAuthor(s)2019X.
Yunetal.
(Eds.
):CNCERT2018,CCIS970,pp.
55–72,2019.
https://doi.
org/10.
1007/978-981-13-6621-5_556H.
Wangetal.
intothehash.
Eachtimestampincludestheprevioustimestampinitshash,formingachain,witheachadditionaltimestampreinforcingtheonesbeforeit(Fig.
1).
"TheblockchainisalsocalledtheInternetofvalue[2],whichisadistributedledgerdatabaseforapeer-to-peernetwork.
Fig.
1.
Thestructureofblockchain.
Asarule,mostinnovationsdonotappearoutofnowhere,nordoestheblockchain.
Theblockchainisactuallyanaturalresultofthattheledgertech-nologydevelopedintodistributedscenarios.
Ledgertechnologyhasevolvedfromsingleentrybookkeeping,double-entrybookkeeping,digitalbookkeepingtodis-tributedbookkeeping.
Theblockchainstructure(Fig.
1)naturallysolvestheproblemofmultipartytrustindistributedbookkeeping[3].
Duetoitsdecentralization,tamper-resistance,safetyandreliability,theblock-chaintechnologyhasreceivedextensiveattentionsinceitsbirth.
Afternearly10yearsdeveloping,theblockchaintechnologyhasexperiencedtheperiodofv1.
0-bitcoin,v2.
0-Ethernetandv3.
0-EOS.
Notonlyhasthetechnologyitselfbeengreatlyexpandedanddeveloped,butithasalsobeenappliedinmanyelds.
1.
2BlockchainClassicationAccordingtothewayusersparticipate,blockchainscanbeclassiedintoPublicBlockchain,ConsortiumBlockchainandPrivateBlockchain,andalsocanbeclassiedintomainchainsandsidechainsbasedontherelationshipofchains.
Inaddition,severalblockchainscanformanetwork.
ThechainsinthenetworkareinterconnectedinordertogeneratetheInterchain[4].
PublicBlockchain:aconsensusblockchainthateveryonecangetanaccessto.
Heorsheintheblockchaintopologycansendtransactionsandvalidated.
Everyonecancompeteforbillingrights.
Theseblockchainsaregenerallyconsid-eredtobe"completelydecentralized",typicaluselikethebitcoinblockchain,inwhichtheinformationiscompletelydisclosing.
PrivateBlockchain:ablockchaininwhichthepermissiontowriteremaininoneorganization.
Thepermissiontoreadcanbepublicorlimitedtosomeextent.
Withinacompany,thereareadditionaloptions,suchasdatabaseman-agement,audit,andsoon.
Inmostcases,publicaccessisnotnecessary.
ConsortiumBlockchain:inbetweenPublicChainandPrivateChain,itreferstotheblockchainwhoseconsensusprocessiscontrolledbypre-selectednodes.
Forexample,thereisasystemof15nancialinstitutions,eachofwhichAnOverviewofBlockchainSecurityAnalysis57managesonenode,andatleast10ofwhichmustconrmeachblocktoberecognizedasvalidandaddedtothechain.
Therighttoreadtheblockchaincanbeopentothepublic,orlimitedbyparticipants,or"hybrid".
Suchchainscanbecalled"partiallydecentralized".
1.
3PaperOrganizationAtpresent,theblockchainhasreceivedmuchattentionforitsowncharacter-istics,andhasbeenappliedinmanyeldsincludingnance.
However,thereislittleconcernandresearchonitsnetworksecurity.
Therefore,thispaperintro-ducesthebirth,developmentandapplicationofblockchaintechnologyindetail,comprehensivelysearchesandinvestigatesvariousdocumentstargetedonthesecurityneedsofblockchains,andsystematicallyanalyzesthesecuritythreatsanddefensetechnologiesofblockchains.
TheSect.
2ofthispaperintroducesapplicationsoftheblockchainindierentelds.
TheSect.
3focusesonthesecuritythreatsindierentlayersofblockchainsandsummarizescommonattacks.
TheSect.
4summarizestheresearchprogressofblockchainsecurityprotectiontechnologies.
Attheendofthispaper,wesum-marizetheworkofthefullpaper.
2BlockchainApplicationsThelarge-scaledigitalcurrencysystemrepresentedbytheBitcoinnetworkrunsautonomouslyforalongtime,throughwhichitsupportstheglobalreal-timereliabletransactionsthatarediculttoachieveinthetraditionalnancialsys-tem.
Thishascausedinniteimaginationforthepotentialapplicationsoftheblockchain.
Ifthebusinessvaluenetworkbasedontheblockchaingetsrealinthefuture,alltransactionswillbecompletedecientlyandreliably,andallsignedcontractscanstrictlyfollowtheagreement.
Thiswillgreatlyreducethecostofrunningtheentirebusinesssystem,whilesharplyimprovingtheeciencyofsocialcommunicationandcollaboration.
Inthissense,theblockchainmighttriggeranotherindustrialrevolutionastheInternetdid.
Infact,tondtherightapplicationscenario,weshouldproceedfromthecharacteristicsoftheblockchainitself.
Inaddition,youneedtoconsidertherea-sonableboundariesoftheblockchainsolution.
Forexample,blockchainapplica-tionsformassconsumersneedtobeopen,transparent,andauditable,whichcanbedeployedonaborderlesspublicchainoronablockchainthatiscommonlymaintainedbymulticenternodes.
Theapplicationofblockchaininthenancialservicesisthemostconcernedcurrently,andmanybanksandnancialinstitutionsaroundtheworldarethemainpromoters.
Atpresent,theprocessingafterglobalsecuritiestradingisverycomplicated.
Thecostofliquidationisabout5–10billiondollars.
Thepost-tradeanalysis,reconciliationandprocessingcostsexceed20billiondollars.
AccordingtoareportbytheEuropeanCentralBank[5],theblockchain,asadistributedledgertechnology,canmakeagooddealwiththecostofreconciliationand58H.
Wangetal.
simplifythetransactionprocess.
Relativetotheoriginaltransactionprocess,theownershipofthesecuritiescanbechangedinnearrealtime.
Blockchaincanbeusedforownershipandcopyrightmanagementandtrack-ing.
Itincludestransactionsofvaluablessuchascars,housesandartworks,aswellasincludingdigitalpublicationsanddigitalresourcesthatcanbetagged.
Forexample,Factomtriedtouseblockchaintorevolutionizedatamanagementandlogginginbusinesssocietiesandgovernmentdepartments.
Similarly,inresponsetotheproblemoffoodfraud,IBM,Wal-MartandTsinghuaUniversityjointlyannouncedattheendof2016thatblockchainwillbeusedtobuildatrans-parentandtraceablecross-borderfoodsupplychain[6].
Thisnewsupplychainwillimprovethetraceabilityandlogisticsoffoodandcreateasaferglobalfoodmarket.
Whileenjoyingtheconvenienceofcloudstorage,wewillinevitablymentionprivacyconcerns.
Thisconcerncomesfromtwoaspects.
Oneisthatthestoragecentermaybeattackedbyhackers,causingtheirowndataoutow,andthesecondisthatthecompanywantstogetmoreprotstoabusetheprivacyofusers.
Blockchainsolvestheseproblemsperfectly.
Atpresent,therearemanydis-tributedcloudstorageprojects,suchasSia,Storj,MadeSafe,andIPFSinforeigncountries,andFIGTOOandGNXinChina.
InterPlanetaryFileSystem(IPFS)isaglobal,peer-to-peerdistributedlesystem,whichaimstosupplement(orevenreplace)HypertextTransferProtocol(HTTP),seekstoconnectallcomput-ingdeviceswiththesamelesystem.
Replacingdomain-basedaddresseswithcontent-basedaddressestogetafaster,safer,morerobust,andmoredurableweb[7].
TherelationshipbetweenFIGTOOandIPFS:IPFSisapeer-to-peerhyper-mediaprotocolandadistributedwebandFIGTOOisdevelopedonthebasisofitsopensource.
ItisabranchofIPFS,whichisequivalenttobitcoinandEthereumintheblockchain.
Theinfrastructuresareallbasedontheblockchain.
FIGTOOcreatesasharedtradingmarketforfreestoragespaceandsharesglobalstorageresourcesthroughthesharedeconomymodel.
Itusesredchaintechnol-ogytostorelesinslices,buildsdecentralizedcloudstorageandbecomestheinfrastructureofglobalredchaindistributedlestorage[8].
UserGeneratedContent(UGC)isoneoftheimportantaspectofblockchainapplication.
Intheeraofinformationexplosion,howtoquicklyndthemostimportantcontentfromtheoverloadedinformationhasbecomeacoreissueoftheInternet.
UGCNetworkistheworld'srstcontentvalueforecastingplatform,afairandvalue-drivencontent-incentivenetworkwiththemissionofcreatingacontent-drivenblockchainvaluecommunitythatdierentiatestrulyvaluablecontentandachievesareasonablereturn[9].
ItcommittedtosolvingproblemssuchasexcellentcontentdiscoveryandpricingontheUGCplatform,unreason-abledistributionofbenets,andcentralizedcontentstorage.
OtherUGCapplicationsincludeYOYOW(YouOwnYourOwnWord)-ablockchain-basedUGCplatformthatallprocessesrelyoninterest-basedimple-mentation.
Itsolvestheproblemsincurrentcontentplatformlikelackingofhigh-qualitycontentincentives,communitypollution(piracyandAdvertising)AnOverviewofBlockchainSecurityAnalysis59serious[10].
BiHu-atokeninvestorverticalcommunity.
IntheBiHu,theuser'scontributionwillberewardedwiththetoken(KEY)representingtheBiHuanditssurroundingecologicaluserights[11].
Duetoitsdecentralization,eliminatingtrust,tamper-resistance,safetyandreliabilitycharacteristics,theblockchaintechnologyhasbeenusedinlotsofeldsincludingnancialservices,creditandownershipmanagement,trademanage-ment,cloudstorage,user-generatedcontent,copyrightprotection,advertisingandgames.
Inthesecases,blockchaineithersolvestheproblemsofmultipartytrustinthetransaction,orreducesthecostsandrisksoftraditionalindustries.
3BlockchainSecurityAnalysis3.
1SecuritySituationWiththeblockchaintechnologyhasbeenwidelyused,varioustypesofattackshaveemerged.
Suchasfromthemoreandmoredigitalcurrencieshavebeenstolentotheexchangeshavebeenattackedandotherevents.
AccordingtothestatisticsoftheBCSEContheblockchainattackevents,about2.
1billiondollarsofeconomiclossesduetoblockchainsecurityincidentsin2018[12].
Theseareonlyapartofthecurrentlyexposed,andasthevalueofblockchainincreases,thenumberofattackswillcontinuetoincrease(Fig.
2).
Fig.
2.
Economiclossescausedbyblockchainsecurityincidents(tenthousanddollars).
Blockchaintechnologyitselfisstillintheinitialstageofrapiddevelopment,anditssecurityisfarbehindtheneedsofdevelopment.
Therisksmaycomefromattacksbyexternalentitiesorinternalparticipants.
Thepopularityofblockchainmakesnewdemandsonsecurityandprivacyprotectionondatastorage,trans-missionandapplications,andputsforwardnewchallengestoexistingsecuritysolutions,authenticationmechanisms,dataprotection,privacyprotectionandInformationregulation.
Withthecurrentrecurrenceofaseriesofdigitalcurrencytheft,hackingofexchanges,andtheftofuseraccounts,itisurgenttoestablishoneormorecollab-orativesecuritysolutionstoimprovethesecurityperformanceoftheblockchainsystem.
60H.
Wangetal.
3.
2SecurityAnalysisofEachLayerofBlockchainThecurrentblockchainstructurecanberoughlydividedintoapplicationlayer,smartcontractlayer,incentivelayer,consensuslayer,networklayeranddatalayerfromtoptobottom.
Thesecurityanalysisofeachlayerwillbeperformedseparatelybelow.
ApplicationLayer.
Applicationlayersecuritymainlycoversthesecurityissuesofcentralizednodessuchastheexchangeswhichinvolvedigitalcurrencytrans-actionsandmanagelargeamountsoffunds.
Thesenodesareatanypointoffailureoftheentireblockchainnetwork,andtheattackyieldishighandthecostislow,whichisthepreferredtargetoftheattackers[13].
UnauthorizedAccesstoAnExchangeServer.
Exchangesoftendepositlargeamountsofmoneyandareeasilytargeted.
Oncetheexchangeserverauthor-ityisobtainedandthekeyinformationismodied,theattackercanstealthefundskey,tamperwiththetransactionamountorleaksensitiveinformation,causingeconomicandreputationaldevastatingblowstotheexchange.
Forexample,theYoubit(formerlyYapizon)stolenevent.
OnApril22,2017,4hotwalletsofYoubitwerestolen,lost3,816BTC,withatotalvalueofabout$5,300,000,accountingfor36%oftheexchange'sfunds.
OnDecember19,2017,Youbitannouncedthatitwasattackedagain,lostapproximately17%ofitsassets,andatthesametimeannouncedtheexchangeclosedandenteredthebankruptcyprocess[14].
ExchangeDDoS.
Duetothehighdemandfornetworkbandwidthinthetradingplatform,onceaDDoSattackoccurs,itisveryseriousfortheplatformandtheentireindustry.
IfthetradingplatformisattackedbyDDoS,notonlywillitselfsuerlosses,butthetransactionvolumeoftheblockchaincurrencywillalsobegreatlyreduced,whichwillindirectlyaecttheriseandfalloftheblockchaincurrency[15].
AccordingtothereportofglobalDDoSthreatlandscapeQ32017byIncap-sula[16],althoughitsindustryscaleisstillrelativelysmall,Bitcoinhasbecomeoneofthetop10industrieswhicharemostvulnerabletoDDoSattacks.
ThisreectstoacertainextentthattheentireblockchainindustryisfacingseriousDDoSsecuritychallenges.
Forexample,fromNovember2017toDecember2017BitnexannouncedthatithadsueredtheDDoSattackforthreetimes,andalltheservicesoftheexchangehadbeenshutdownforalongtime[17].
Theattackercreatespressureontheserverbycreatingalargenumberofemptyaccounts,causingrelatedservicesandAPIstogooineforhours.
EmployeesHostSecurity.
OnJune20,2011,thelargeBitcoinexchangeMt.
Goxwasattacked.
Itsserverwasnotcompromised,buttheattackergainedaccesstoacomputerusedbyanauditorofMt.
Gox,andgotaread-onlydatabasele,resultinginabout60000users'username,emailaddress,andencryptedpass-word[18]tobeleaked.
Afterobtainingthissensitiveinformation,theattackerAnOverviewofBlockchainSecurityAnalysis61crackedthepasswordofoneofthelargeaccounts,issuedalargesalesmessagethroughthisaccount,andsold400,000BTC[19]underit,tryingtotransferfundsthroughthelegaltransactionprocess.
Fortunately,becausetheexchangeprotectionmeasuresareeective,itlimitsthemaximumvalueof$1,000BTCperaccountperday,soitdoesnotcausemuchdamagetothisaccount.
However,alargenumberofBTCsalerequestscausedtheexchangeBTCpricetodropto1cent,resultinginanimpactofapproximately$8,750,000inassets.
MaliciousProgramInfection.
Onceamaliciousprogramisimplantedintotheexchangesystem,itislikelytocausealargeamountofsensitiveinformationleakage,includingkeyandwalletles.
Thekeyiseverything,andtheleakageofsensitiveinformationoftenmeanslosingcontrolofallassets.
TheexchangeMt.
Goxwasattackedin2014.
ThekeyleofMt.
Goxwasstoredlocallyincleartext,andthekeylewallet.
datleakedduetoTrojaninfection,resultinginalargeamountofassetlossandeventually,Mt.
Goxwentbankruptcy[20].
Itisworthnotingthatinthisattack,theattackerusedtwoyearstograduallytransferassetsinordertoavoidthecommunityrecoveringthelossthroughhardforks.
TheemergenceofthistypeofAPTattackmeansthatmonitoringofthethreatofattackintheblockchainindustrycannotrelysolelyonshort-termanomalytransactionmonitoring.
InitialCoinOering.
TamperingAttack:WhenICOraisesfunds,itusuallyhangsthereceivingaddressontheprojectocialwebsite,andthentheinvestorwilltransfermoneytothisaddressforthecorrespondingtoken.
Hackerscantamperwiththecollectionaddressthroughattackssuchasdomainhijacking,webvulnerabilities,orsocialengineering.
Phishingattack:Theattackerusessocialengineeringandothermeanstoimpersonatetheocial,allowingtheusertotransfermoneytotheattacker'swalletaddress.
Forexample,anattackercanuseanapproximatedomainnameandhighlyphishingwebsitetodefraudinvestorsoruseemailtodisseminatefakeinformation,suchasICOproject'spaymentaddresschangenotice,etc.
ordisseminatephishinginformationonsocialsoftwareandmediatodefraudinvestors.
MiningMachineSystem.
Thecybersecurityawarenessofminingdevicemanu-facturersisuneven,andbecauseofitsclosedsourcecharacteristics,thesecurityofitscodecannotbecheckedbythepublic.
Onceacybersecurityissueoccurs,theresultisfatal.
Andwhetherthedevicemanufacturerwillinterspersethebackdoorforremotecontrolofthedevice,orstealtheminingoutput,isstillremaintobediscussed.
0day:Mostminingsystemisageneral-purposesystem.
Onceaminingsystemisfoundtohavea0dayvulnerability,thesecuritybarriersofthesystemwillbebrokeninaninstant.
Theattackercanusethevulnerabilitytoobtainthemodifypermissionandthentamperwithrewardreceivingaddressandthenhijacktheuser'sreward.
62H.
Wangetal.
Weakpasswordattack:Atpresent,theminingsysteminthemarketisbasedontheB/Sarchitecture.
Accesstotheminingsystemisusuallythroughtheweborothermeans.
Iftheweakpasswordisused,itwillbevulnerabletointrusion.
MiningPool.
ByJune2018,thetopveBitcoinminingpoolsintheworldareBTC.
com,AntPool,SlushPool,BTC.
TOPandF2Pool.
About60%oftheworld'shashpowerisinthehandsofChineseminers[21].
Hashpowerforgeryattack:Theminingpoolwilltesttheactualhashpowerofthecurrentminerthroughacertainproofofworktestalgorithm.
Thehackercanfalselyreportthehashpowerbyndingthevulnerabilityofthealgorithm,andthenobtaintheexcessiverewardthatdoesn'tmatchtheactualcontribution.
Selshminingattack:Amaliciousminingpooldecidesnottoreleasetheblockitnds,andthuscreatesafork.
Whentheprivateforkislongerthanthepublicchain,themaliciousminingpoolissuestheprivatefork.
Becausetheforkisthelongestchaininthecurrentnetwork,itwillberecognizedasalegalchainbyhonestminers,sotheoriginalpublicchainandthehonestdataitcontainswillbediscarded.
Theresultsofthestudyindicatethatthemaliciousminingpoolswillyieldmorebenetsnormallybyusingselshminingstrategies.
Butsuchattacksusuallyrequirehugehashpowerasasupport.
Centralization:Theexistenceoftheminingpoolviolatestheprincipleofdecentralizationoftheblockchain.
Theoretically,ifitcancontrolatleast51%ofthehashpowerofentirenetwork,itwillbeabletomonopolizetheminingright,billingrightanddistributionright,whichwillaecttheecologicalsecurityoftheblockchain,sothatthecreditsystemofthecryptocurrencywillceasetoexistandthecryptocurrencysystemwillbecompletelydestroyed.
PossibleMethods.
Itisimpossibleforanyonepartytorespondtovariousattacksattheapplicationlayer.
Theapplicationdevelopersshouldensurethatthesoft-waresdon'tcontaindiscoveredvulnerabilitiesandarethoroughlytested.
Asthecentralnode,suchasatradingplatform,real-timemonitoringofsystemhealthandsomeprotectedmethods(e.
g.
dataencryptionstorage,etc.
)arerequiredtoensurethatthesystemisnotsubjecttointernalandexternalattacks.
Allemployeesshouldbesystematicallytrainedbeforetheyareemployedtoavoidbecominganattackportal.
Asauser,youshouldbeabletokeepyourownaccountandkeyproperly,distinguishbetweentrueandfalseinformationandbecautiousintradingtoavoidphishingattacks.
SmartContractLayer.
Asmartcontractismorethanjustacomputerpro-gramthatcanbeexecutedautomatically.
Itisasystemparticipant.
Itrespondstothereceivedmessage,itcanreceiveandstorevalue,anditcansendoutinfor-mationandvalue[22].
Forthesecurityrisksofsmartcontracts,thefollowingattacksaresummarized.
ReentrancyAttack.
Theessenceofreentrancyattackistohijackthecontractcontrolowanddestroytheatomicityofthetransaction,whichcanbeunder-stoodasalogicalraceconditionproblem.
Forexample,TheDAOwasattacked,AnOverviewofBlockchainSecurityAnalysis63andtheattackerusedthevulnerabilityinthecontracttolaunchareentrancyattackandgained60milliondollars.
Inordertorecoverthispartofthefunds,theEthereumcommunitydecidedtoperformahardfork,rollbackallthetrans-actionrecordssincethestartoftheattackandxthecontractvulnerabilitiesinthenewbranch.
Thevulnerabilityisdescribedbelow.
HereisasimpliedversionofTheDAOcontract:contractSimpleDAO{mapping(address=>uint)publiccredit;functiondonate(addressto){credit[to]+=msg.
value;}functionqueryCredit(addressto)returns(uint){returncredit[to];}functionwithdraw(uintamount){if(credit[msg.
sender]>=amount){msg.
sender.
call.
value(amount)();credit[msg.
sender]=amount;}}}ParticipantscallthedonatefunctiontodonatetheirownEthertoacontractaddress,thedonationinformationisstoredinthecreditarray,andtherecipientcontractcallsTheDAO'swithdrawfunctiontoreceivefunds.
Beforeactuallysendingthetransaction,TheDAOchecksifthereisenoughdonationinthecreditarray,andafterthetransactionisover,thetransactionamountisreducedfromcredit.
TheattackerrstconstructsamaliciouscontractMallory,asfollows:contractMallory{SimpleDAOpublicdao=SimpleDAO(0x354addressowner;functionMallory(){owner=msg.
sender;}function(){dao.
withdraw(dao.
queryCredit(this));}functiongetJackpot(){owner.
send(this.
balance);}}AfterMallorydeployed,theattackercallsTheDAO'sdonatefunctiontodonateabitofEthertotheMallorycontract.
AftertriggeringMallory'sfallbackfunction(unnamedfunction),therearemanytriggermethods,suchastransfermoneytoMallory.
ThefallbackfunctionwillcallTheDAO'swithdrawfunctionandextractallthefundsthatbelongtoit.
Itseemstobenoproblemsofar.
How-ever,aftermsg.
sender.
call.
value(amount)()inthewithdrawisexecuted,Mal-lory'sfallbackfunctionisautomaticallycalledafterthetransferiscompletedduetothetransferoperationfeature,sothewithdrawfunctioniscalledagain.
Becausecreditisnotupdatedatthistime,soyoucanstillwithdrawmoney64H.
Wangetal.
normally,thenyoufallintoarecursiveloop,andeachtimeyoucanextractapartofEtherintheDAOtotheMallorycontract.
Thisloopwillcontinueuntiloneofthreeconditionsoccurs,gasisexhausted,thecallstackisfull,andTheDAObalanceisinsucient.
Anexceptionisthrownwhenoneoftheaboveconditionsoccurs.
DuetothecharacteristicsoftheSolidityexceptionhandling,allprevioustransactionsarevalid.
Theoretically,repeatingthisoperationcanextractalltheEtherofTheDAO'stoMallory.
UnauthorizedAccessAttack.
Mostofthisattackduetofailuretomakeexplicitfunctionvisibility,orfailstodosucientpermissionchecks,whichcancauseanattackertoaccessormodifyafunctionorvariablethatshouldnotbeaccessed.
Forexample,amulti-signaturecontractvulnerabilityintheParitywalletwasexploitedbyanattackertostealatotalof153,037Etherinthreetimes.
ThenParityocialblogandTwitterreleasedsecurityalert[23]andupdatedthenewversionofthelibrarycontract.
ThebugcomesfromtheMulti-Siglibraryleenhanced-wallet.
solwrittenbyParity'sfounderGavinWood.
Theattackerexploitedthebugtoresetthewalletowner,tookoverthewalletandstolenallthefunds.
Thisisessentiallyabreachofauthorityinthecontract.
SolidityDevelopmentSecurity.
Possiblebugswhenwritingsmartcontractsinclude:Racecondition:Thebiggestriskofcallinganexternalfunctionisthatthecallingbehaviormaycausethecontrolowtobehijackedandaccidentallymod-ifythecontractdata.
Thistypeofbughasmanyspecicforms,suchasreentrantandcross-functionraceconditions.
Transaction-OrderingDependence:Aattackercanconstructhisowntrans-actionbasedontheorderinformationcontainedinthependingtransactions,andtrytogethistransactiontobewrittenintotheblockbeforeothers.
Integeroverowandunderow:Whenprogramming,youshouldthinkaboutwhetherintegeroverowscanoccur,howthestateofuintvariableswillbetransferred,andwhohastheauthoritytomodifythosevariables.
DenialofServiceAttackBasedonExceptionRollback:Forexample,acrowd-fundingcontractgivesarefundtoaparticipant.
Thecontractmayneedtotra-verseanarraytoprocessarefundforagroupofusers.
Thesimpleideaisthateveryrefundissuccessful,otherwisetheprogramshouldberolledback.
Theconsequenceofthispracticeisthatoneofthemalicioususersforcedtherefundtofailandalluserswereunabletoreceivetherefund.
Itisrecommendedtouseapullpaymentmechanism,whichseparatestherefundoperationintoanindependentfunction,whichiscalledbytherefundrecipienttopulltherefund.
PossibleMethods.
Onceasmartcontractisdeployedinadistributed,decen-tralizednetwork,itisdiculttochange.
Itpreventsdatamanipulationandestablishesatrustmechanismbasedontheencryptionalgorithm.
Ontheotherhand,whentheblockchainisfacingasecurityattack,itlacksaneectivecor-rectionmechanismandisdiculttoreverse.
Therefore,beforethedevelopmentofsmartcontracts,itisnecessarytoguardagainstthevulnerabilitiesthathaveAnOverviewofBlockchainSecurityAnalysis65alreadyoccurred.
Itshouldconductsucientsecuritytestsbeforeissued.
Pro-fessionalsperformcodeoptimizationsinatimelymanner,conductregularcodeaudits,andmonitorabnormalbehaviorofdeployedcontractstoreducelosses.
IncentiveLayer.
Thepurposeoftheincentivelayeristoprovidecertainincentivestoencouragenodestoparticipateinthesecurityvericationoftheblockchain.
Thesecurityoftheblockchaindependsontheparticipationofmanynodes.
Forexample,thesecurityoftheBitcoinblockchainisbasedonthegreathashpowerthatmanynodesparticipateintheproofofworkwhichmakesitimpossibleforanattackertoprovideahigheramountofcomputation.
Thever-icationprocessofanodeusuallyconsumescomputingresourcesandelectricpower.
Inordertoencouragenodeparticipation,theblockchainusuallyrewardsparticipantsintheformofvirtualcurrency.
Bitcoin,Litecoin,andEtherareallproductsofthismechanism.
Blockchainprojectsneedtoadapttothemarkettoautomaticallyadjusttherewards,ratherthansimplyreducingthem.
Intheblockchainprojectrewardmechanism,whenthenode'sworkingcostisclosetoorgreaterthantheincome,theyoftenchoosenottoworkforthisblockchain,whichcaneasilyleadtocen-tralizationproblems.
ConsensusLayer.
TheconsensusmechanismgivestheblockchainthesoultodierentiateitfromotherP2Ptechnologies.
Commonlyusedconsensusmech-anismsareProofofWork(PoW),ProofofStake(PoS),andDelegatedProofofStake(DPoS).
ThepossibleattacksincludeBribeAttack,Long-RangAttack,AccumulationAttack,PrecomputingAttackandSybilAttack.
Table1showstheapplicationscopeoftheattacksfortheconsensusmechanisms.
Table1.
AttackmethodsandapplicationscopeforconsensusmechanismAttackmethodsPoWPoSDPoSBribeAttack+Long-RangeAttack++CoinAgeAccumulationAttack++PrecomputingAttack+SybilAttack+++Atpresent,theexistingconsensusmechanismsarenotperfect,anditisnec-essarytoexploreamoresecureandfasterconsensusmechanismwhileincreasingthedicultyofexistingattacks.
NetworkLayer.
Theinformationtransmissionoftheblockchainmainlydependsonthepeer-to-peernetwork.
TheP2Pnetworkreliesonnearbynodes66H.
Wangetal.
forinformationtransmissioninwhichitmustexposeeachother'sIP.
Ifthereisanattackerinthenetwork,itisveryeasytobringsecuritythreatstoothernodes.
ThenodeofthepublicblockchainnetworkmaybeanordinaryhomePC,acloudserver,etc.
,anditssecuritymustbeuneven.
Theremustbeanodewithpoorsecurity,andattackingitwilldirectlythreatentheothernodes.
Themainattacksareasfollows.
Eclipseattack:Thenodeiskeptinanisolatednetworkbyhoardingandoccupyingthevictim'sslots.
Thistypeofattackisdesignedtoblockthelat-estblockchaininformationfromenteringtheeclipsenode,therebyisolatingthenodes[24].
BGPhijacking:Atpresent,thesecurityresearchershaveprovedtheconcep-tualfeasibilityoftheattack.
FromNovember5,2015,toNovember15,2016,throughtheanalysisandstatisticsofthenodenetwork,mostofthebitcoinnodesarecurrentlyhostedinafewspecicInternetServiceProviders(ISP),while60%ofBitcoinconnectionsareintheseISPs.
Therefore,theseISPscansee60%ofBitcointrac,andcanalsocontrolthetracofthecurrentBit-coinnetwork.
Theresearchersveriedthatatleasttwoattacksareconceptualfeasiblethroughthehijackingscenario,andgivenvalidationcode[25].
Thesecuritydefenseforthenetworklayercanbemainlyimprovedfromtwoaspects:P2Pnetworksecurityandnetworkauthenticationmechanism.
Inthetransmissionprocessofthenetwork,areliableencryptionalgorithmisusedfortransmissiontopreventmaliciousattackersfromstealingorhijackingthenodenetwork.
Strengthenthevalidity,rationalityandsecurityofdatatransmissioninnetwork.
Clientnodesshoulddothenecessaryvericationforimportantopera-tionsandinformation.
DataLayerBlockData.
Maliciousinformationattack:Writemaliciousinformation,suchasvirussignatures,politicallysensitivetopics,etc.
intheblockchain.
Withthedataundeletefeatureoftheblockchain,informationisdiculttodeleteafteritiswrittenintheblockchain.
Ifmaliciousinformationappearsintheblockchain,itwillbesubjecttomanyproblems.
AteamofresearchersattheRWTHAachenUniversityandtheGoetheUniversityFrankfurtinGermanypointedoutthatamongthe1,600documentsaddedtotheBitcoinblockchain,59lescontainedlinkstoillegalchildren'spic-tures,politicallysensitivecontentorprivacyviolations[26].
Currently,onlyafewBitcoinblockchaintransactionscontainotherdata.
IntheBitcoinblockchain,about1.
4%ofthe251milliontransactionscontainotherdata,thatis,onlyafewofthesetransactionscontainillegalorundesirablecontent[26].
Still,evensuchsmallamountsofillegalorinappropriatecontentcanputparticipantsatrisk.
SignatureandEncryptionMethod.
Cryptographyisthekeytoensurethesecu-rityandtamperresistanceofblockchain,andblockchaintechnologyreliesheavilyAnOverviewofBlockchainSecurityAnalysis67ontheresearchresultsofcryptography,whichprovidesakeyguaranteefortheinformationintegrity,authenticationandnon-repudiationoftheblockchain.
Asamainstayoftheblockchain,theencryptiontechnologyisparticularlyimportant.
Forexample,theMD5andSHA1hashalgorithmspopularinpreviousyearsbuthavebeenprovedtobeinsucientlysecure.
Atpresent,theSHA256algorithmiswidelyusedinbitcoin.
Sofar,thisalgorithmisstillsafe,butwiththedevelopmentofnewtechnologyandresearch,itmaynotbesafeinthefuture.
Therefore,whendesigningblockchainapplications,itisimportanttocarefullychoosetheencryptionmethod.
Currentmainstreamsignaturemethodsincludeaggregatesignature,groupsignature,ringsignature,blindsignature,proxysig-nature,interactiveincontestablesignature(IIS),blindedveriableencryptedsignature(BVES),andsoon.
Attacksoncryptographicalgorithms,especiallythehashfunctions,includebrute-forceattack,collisionattack,lengthexpansionattack,backdoorattackandquantumattack.
3.
3NetworkSupervisionofBlockchainWhileblockchainbringstechnologicalinnovation,italsobringshugechallengesfornetworksupervision.
Thetraditionalsupervisionmodeismostlycentralizedmanagement.
Howtousetheblockchaintechnologyandthecurrentlegalsystemtosupervisetheapplicationoftheblockchainisoneoftheproblemsthatthegovernmentandtheindustrypayattentionto.
Inordertoovercometheproblemsofblockchaininnetworksupervision,itisnecessarytocrosstheunderlyingtechnologyandthinkabouthowtocombinethespeciccasesoftechnologyapplicationwithsupervision.
Atpresent,byclas-sifyingapplicationcases,theycanbedividedintothreecategories,"RecyclingBox","DarkBox"and"Sandbox"[27].
Theapplicationcasesineachcategorybringmanychallengesforthelegal,supervisionanddecision-makingdepart-ments.
Thethreecategoriesarefullyanalyzedbelow.
3.
4"RecyclingBox""Recyclingbox"arethosecasesthatattempttosolveindustrypainpointsthroughblockchainsolutionsinabetter,faster,andcheaperway.
Theirgoalsarenotillegal,andthemotivationissimple.
Intheprocessoftheapplicationlaunched,thenetworksupervisionauthoritiescanimplementsupervisiononlybymakingminormodicationstothecurrentsupervisionframework.
ThemosttypicalexampleistheinterbanksettlementsystemdevelopedbyRipple.
Thepaymentsolutionusesasingledistributedledgertoconnecttheworld'smajornancialinstitutionsandcross-banktransactionsthatoccurbetweeneachothercanbedoneinrealtime.
Comparedwiththetraditionalmethod,itnotonlysavesalotoftime,improveseciency,butalsosavesaservicefee[27].
68H.
Wangetal.
3.
5"DarkBox""Darkbox",itssourceissimilarto"darknet".
Casesbelongingtothiscategory,withoutexception,allcontradictthecurrentlaw.
Suchcasesarenumerous,forexample,theonlinedrugmarket,thearmsmarketorotherillegalgoodsmarket,humantrackingnetworks,terroristnancingandcommunicationnetworks,moneylaunderingandtaxevasioncanallbeclassiedassuch.
Theseillegalserviceshaveexistedinthedarknetworkforalongtime.
Nowadays,becauseoftheapplicationofblockchaintechnology,someofthemarelikediscoveringtheNewWorld.
It'seasytoidentifythe"darkbox",butitcanbediculttotrytostopthem[27].
Thereasonwhythe"darkbox"isdiculttobestoppedisthatinrecentyears,thedigitalcurrencyhasbecomeanimportanttoolformoneylaundering,illegaltransactions,andescapingforeignexchangecontrolduetoitsanonymityanddecentralization.
Digitalcurrencydoesnotrequireacreditcardandbankaccountinformation.
Criminalscanavoidthesupervisionagenciesandcannottracethesourceanddestinationoffundsthroughtraditionalcapitaltransactionrecords,whichmakestraditionalsupervisionmethodsmalfunction.
3.
6"Sandbox"The"sandbox"isoneofthemostexcitingandheadachesforlegislatorsinthesethreecategories,andmanyofthemostdisruptiveandpublicinterestcasesfallintothiscategory.
Theterm"sandbox"wastakenfromarecentinitiativebytheFinancialConductAuthority(FCA)called"RegulatorySandbox".
Appli-cationcasesbelongingtothiscategoryhaveveryvaluablebusinessobjectives,butthecurrentsituationisthatduetothevariouscharacteristicsofthedis-tributedledgertechnology,mostofthesecasescannotmeettheexistingsuper-visionrequirements.
Theircommonfeatureiswhatthebusinesspursuedislegal,butitmaycausevariousrisks,sothegovernmentwillnotletitgoandwillhaveappropriatesupervision.
Thetypicalcaseispeer-to-peer(P2P)funding.
ItisnecessarytomentiontheventurecapitalfundTheDAObasedontheblockchain.
AlthoughTheDAO'sICOisnodierentfromordinaryventurecapital,theirgoalsarealltoinvestinastartup.
Itseemstohavenothingtodowithillegality.
However,thewayTheDAOworksisnotnormalatall,whichisoneofthereasonswhyitwillbeincompatiblewiththeexistinglegalsystem.
TheDAOhasnophysicalexistence,nolegalstatusinanyjurisdiction,noleadership,management,orevenemployees.
Alloperationsareautomaticallydonebytheblockchaininadecentralizedmanner.
Itisnotresponsibletoanyoneexceptthoseanonymousdonors.
TechCrunchcommentedonsuchorganizationsas"completelytransparent","shareholdershavefullcontrol",and"unparalleledexibilityandself-governance".
Atpresent,theskillspossessedbymostoftheregulatorsarehighlyspecial-ized,andtheyareonlysuitableforacertainplace.
Theapplicationsofblockchainaremostlyglobal,andthecoverageareaisverywide.
ThisalsoexplainswhytheAnOverviewofBlockchainSecurityAnalysis69FCA'sproposedregulatorysandboxprogramhassueredacoldspotassoonasitwaslaunched,andmanyblockchainstartupshaveexpressednointerestinit.
4TheCurrentStatusofBlockchainSecurityProtectionBlockchaintechnologyiscurrentlyintheearlystageofdevelopment.
Therearemanysecurityissuesfromtheunderlyingtechnologytotheupperapplication.
Thethirdchapterhasanalyzedthevulnerabilitiesofeachlayeroftheblockchainandthepossibleattacks.
Atpresent,whenstudyingblockchainsecurity,mostofthescholarsmainlyfocusonintegrity,privacyprotectionandscalability[4].
Defensesagainsttheseattackshavebeengiveninsomepapers.
Intheblockchainintegrityprotectionaspect,forexample,forselshminingattacks,Eya[28]andHeilman[29]bothproposeddefensivemeasures.
TheexistenceofProofofWorkmechanismandthelargenumberofhonestminersmaketheblockchainintegrityprotected.
Althoughtheblockchainprovidesanonymization,itisnotcompletelyanony-mous.
Theattackercanstillperformcertainmappingbyanalyzingnetworktraf-candtransactioninformation.
Intheliterature[30–32],scholarsanalyzedandadvancedahybridmechanism.
It'smainideaisthattheusersendssomebitcoinfromanaddressandputsthebitcoinintoanotheraddressinsuchawaythatitisdiculttondthecorrespondencebetweentheinputandoutputaddressesofthesameuser.
Atpresent,therearetwomaintypesofmethodsforblockchainprivacyprotection:Oneistoaddananonymousprotectionmechanismtoanexistingblockchainthroughatechnologysuchas"securetransmission".
AnotherpossibleapproachistocreateanewblockchainthatisincompatiblewiththeBitcoinsystem,suchasZerocash,whichprovidesanonymitybyusingnewprimi-tivesinitsblock[33].
Infact,somemoreforward-lookingtechnologieshavebeenstudiedtoobtainabetteranonymityguarantee,suchasCoinjoinsolutions,softwarethatprovidesanonymousfunctionality(e.
g.
Mimblewimble)andnext-generationencryptiontechnologyrepresentedbyattribute-basedencryption.
Cryptographyisthecornerstoneofblockchaintechnology.
Oncethehashfunctionorencryptionalgorithmisnolongersecure,thesecurityoftheblockchainwillnolongerexist.
ThehashfunctionSHA256andtheencryptionalgorithmellipticcurvecryptographyusedfortheblockchainarestillsafe,butwiththedevelopmentofnewtechnologies(e.
g.
quantumcomputing),itssecu-rityremainstobediscussed.
Therefore,weshouldpayattentiontonewresearchresultsinatimelymannerandactivelyseekmoresecurealgorithms.
Blockchaintechnologycurrentlyhasmanysecurityproblems,butanyinno-vativetechnologyneedsaprocessofcontinuousproblemsolvingfrombirthtomaturity,soastheblockchain.
What'smore,featuresoftheblockchainlikeelim-inatingthecenter,eliminatingtrust,andtamper-resistance,cansolveproblemsexistinmanyindustries.
70H.
Wangetal.
5ConclusionAsanemergingtechnology,theinherentdatasecurityandeectiveprivacypro-tectionmaketheblockchainindustrybeusedmoreandmorewidely.
However,itisworthnotingthatwiththeexpansionofitsapplication,moreandmorenewtypesofsecuritythreatsareemergingtargetedontheblockchain.
Thewaytostrengthenthesecurityprotectionoftheblockchainneedsfurtherresearchindeed.
Thesecondchapterofthispaperintroducestheapplicationscenariosofblockchaintechnologyindierenteldsandanalyzesthecorrespondingprojects.
Thethirdchapterfocusesonthesecurityanalysisofthetechnologyandappli-cationofeachlayeroftheblockchain,andsummarizesthevulnerabilitiesandpossibleattacks.
Thefourthchaptersummarizesthecurrentstatusofblockchainsecurityprotection,itshowsthatmoreresearchisneededonthesecurityaspect.
Accordingtoalargenumberofpapershavebeenresearched,mostusersandresearchersoftheblockchainpaymoreattentiontotheapplicationofblockchainsandtechnologyitself,butlessattentionandresearchestosecurity.
Wethinkblockchainanonymityresearchandupper-levelsecurity,especiallysmartcon-tractlayerandapplicationlayersecurityrequirescontinuousattentionandresearch.
Ihopethattheworkofthispapercanalertthepractitioner"networksecurityoftheblockchainisstillwaitingfordeeperresearch".
References1.
Nakamoto,S.
:Bitcoin:apeer-to-peerelectroniccashsystem(2008)2.
Zhao,G.
:Blockchain:thecornerstoneofthevalueInternet.
PublishingHouseofElectronicsIndustry,Beijing(2016)3.
Yang,B.
,Chen,C.
:BlockchainPrinciple,DesignandApplication.
ChinaMachinePress,Beijing(2017)4.
Fang,W.
,Zhang,W.
,Pan,T.
,etal.
:Cybersecurityinblockchain:threatsandcountermeasures.
J.
CyberSecur.
3(2),87–104(2018)5.
Distributedledgertechnologiesinsecuritiespost-trading.
https://www.
ecb.
europa.
eu/pub/pdf/scpops/ecbop172.
en.
pdf.
Accessed4July20186.
IBMNews.
https://www.
ibm.
com/news/cn/zh/2016/10/19/D468881I72849Y25.
html.
Accessed4July20187.
Benet,J.
:IPFS-ContentAddressed,Versioned,P2PFileSystem.
https://github.
com/ipfs/papers/raw/master/ipfs-cap2pfs/ipfs-p2p-le-system.
pdf.
Accessed4July20188.
RedChainWhitePaper.
https://cdn.
thiwoo.
com/RedChain/reeedwhite.
pdf.
Accessed4July20189.
UNetwork:ADecentralizedProtocolforPublishingandValuingOnlineContent.
https://u.
network/Uwhitepaperen.
pdf.
Accessed4July201810.
YOYOWWhitePaper.
https://yoyow.
org/les/white-paper3.
pdf.
Accessed4July201811.
BIHUWhitePaper.
https://home.
bihu.
com/whitePaper.
pdf.
Accessed4July201812.
BCSECSecurityTrendAnalysis.
https://bcsec.
org/analyse.
Accessed4July201813.
CHAITINTECH,ConsenSys.
:BlockchainSecurityGuide.
https://chaitin.
cn/cn/download/blockchainsecurityguide20180507.
pdf.
Accessed4July2018AnOverviewofBlockchainSecurityAnalysis7114.
YoubitFilesforBankruptcyAfterSecondHackThisYear.
https://www.
ccn.
com/south-korean-exchange-youbit-declares-bankruptcy-after-second-hack-this-year.
Accessed4July201815.
BlockchainSecurityv1.
https://bcsec.
org/report.
Accessed4July201816.
GLOBALDDOSTHREATLANDSCAPEQ32017.
https://www.
incapsula.
com/ddos-report/ddos-report-q3-2017.
html.
Accessed4July201817.
BitnexAttackedStatement.
https://twitter.
com/bitnex/status/940593291208331264.
Accessed4July201818.
MtGoxAccountDatabaseLeaked.
https://news.
ycombinator.
com/itemid=2671612.
Accessed4July201819.
LulzSecRogueSuspectedofBitcoinHack.
https://www.
theguardian.
com/technology/2011/jun/22/lulzsec-rogue-suspected-of-bitcoin-hack.
Accessed4July201820.
BitcoinTradingPlatformMt.
GoxFiledforBankruptcyProtection.
http://www.
bbc.
com/zhongwen/simp/business/2014/02/140228bitcoin.
Accessed4July201821.
PoolDistribution.
https://btc.
com/stats/poolpoolmode=month.
Accessed4July201822.
SmartContractWiki.
https://github.
com/EthFans/wiki/wiki/%E6%99%BA%E8%83%BD%E5%90%88%E7%BA%A6.
Accessed4July201823.
ParitySecurityAlert.
https://paritytech.
io/security-alert.
Accessed4July201824.
Heilman,E.
,Kendler,A.
,Zohar,A.
,etal.
:EclipseattacksonBitcoin'speer-to-peernetwork.
In:UsenixConferenceonSecuritySymposium(2015)25.
BGPHijack-btc.
https://github.
com/nsg-ethz/hijack-btc.
Accessed4July201826.
Matzutt,R.
,Hiller,J.
,Henze,M.
,etal.
:Aquantitativeanalysisoftheimpactofarbitraryblockchaincontentonbitcoin.
In:22ndInternationalConferenceonFinancialCryptographyandDataSecurity.
Springer,Curacao(2018)27.
DepthLongTextInterpretationofBlockchainandSupervision:"recyclingboxes","blackboxes"and"sandboxes".
https://www.
pintu360.
com/a49882.
htmls=87&o=1.
Accessed4July201828.
Eyal,I.
,Sirer,E.
G.
:Majorityisnotenough:bitcoinminingisvulnerable.
Commun.
ACM61(7),95–102(2018)29.
Heilman,E.
:Oneweirdtricktostopselshminers:freshbitcoins,asolutionforthehonestminer(posterabstract).
In:B¨ohme,R.
,Brenner,M.
,Moore,T.
,Smith,M.
(eds.
)FC2014.
LNCS,vol.
8438,pp.
161–162.
Springer,Heidelberg(2014).
https://doi.
org/10.
1007/978-3-662-44774-11230.
Valenta,L.
,Rowan,B.
:Blindcoin:blinded,accountablemixesforbitcoin.
In:Brenner,M.
,Christin,N.
,Johnson,B.
,Rohlo,K.
(eds.
)FC2015.
LNCS,vol.
8976,pp.
112–126.
Springer,Heidelberg(2015).
https://doi.
org/10.
1007/978-3-662-48051-9931.
Bissias,G.
,Ozisik,A.
P.
,Levine,B.
N.
,etal.
:Sybil-resistantmixingforbitcoin.
In:Proceedingsofthe13thWorkshoponPrivacyintheElectronicSociety.
ACM(2015)32.
Meiklejohn,S.
,Orlandi,C.
:Privacy-enhancingoverlaysinbitcoin.
In:Brenner,M.
,Christin,N.
,Johnson,B.
,Rohlo,K.
(eds.
)FC2015.
LNCS,vol.
8976,pp.
127–141.
Springer,Heidelberg(2015).
https://doi.
org/10.
1007/978-3-662-48051-91033.
Sasson,E.
B.
,Chiesa,A.
,Garman,C.
,etal.
:Zerocash:decentralizedanonymouspaymentsfrombitcoin.
In:SecurityandPrivacy,pp.
459–474.
IEEE(2014)72H.
Wangetal.
OpenAccessThischapterislicensedunderthetermsoftheCreativeCommonsAttribution4.
0InternationalLicense(http://creativecommons.
org/licenses/by/4.
0/),whichpermitsuse,sharing,adaptation,distributionandreproductioninanymediumorformat,aslongasyougiveappropriatecredittotheoriginalauthor(s)andthesource,providealinktotheCreativeCommonslicenseandindicateifchangesweremade.
Theimagesorotherthirdpartymaterialinthischapterareincludedinthechapter'sCreativeCommonslicense,unlessindicatedotherwiseinacreditlinetothematerial.
Ifmaterialisnotincludedinthechapter'sCreativeCommonslicenseandyourintendeduseisnotpermittedbystatutoryregulationorexceedsthepermitteduse,youwillneedtoobtainpermissiondirectlyfromthecopyrightholder.
- increaselulzsec相关文档
- Acceleratedlulzsec
- rulelulzsec
- puterweeklylulzsec
- 10.1007lulzsec
- awardlulzsec
- 20.04lulzsec
萤光云(13.25元)香港CN2 新购首月6.5折
萤光云怎么样?萤光云是一家国人云厂商,总部位于福建福州。其成立于2002年,主打高防云服务器产品,主要提供福州、北京、上海BGP和香港CN2节点。萤光云的高防云服务器自带50G防御,适合高防建站、游戏高防等业务。目前萤光云推出北京云服务器优惠活动,机房为北京BGP机房,购买北京云服务器可享受6.5折优惠+51元代金券(折扣和代金券可叠加使用)。活动期间还支持申请免费试用,需提交工单开通免费试用体验...
数脉科技:阿里云香港CN2线路服务器;E3-1230v2/16G/240G SSD/10Mbps/3IP,月付374元
数脉科技怎么样?昨天看到数脉科技发布了7月优惠,如果你想购买香港服务器,可以看看他家的产品,性价比还是非常高的。数脉科技对香港自营机房的香港服务器进行超低价促销,可选择10M、30M的优质bgp网络。目前商家有优质BGP、CN2、阿里云线路,国内用户用来做站非常不错,目前E3/16GB阿里云CN2线路的套餐有一个立减400元的优惠,有需要的朋友可以看看。点击进入:数脉科技商家官方网站香港特价阿里云...
RAKsmart 年中活动 独立服务器限时$30秒杀 VPS主机低至$1.99
RAKsmart 虽然是美国主机商,但是商家的主要客户群还是在我们国内,于是我们可以看到每次的国内节日促销活动期间商家也会发布促销。包括这次年中大促活动,RAKsmart商家也有发布为期两个月的年终活动,其中有商家擅长的独立服务器和便宜VPS主机。服务器包括站群服务器、特价服务器、高达10G带宽不限制流量的美国服务器。商家优惠活动,可以看到对应商品的优惠,同时也可以使用 优惠码 RAKBL9 同时...
lulzsec为你推荐
-
permissiondeniedpermission denied 怎么解决netlife熊猫烧香图片嘉兴商标注册个人如何申请商标注册sss17.com为什么GAO17.COM网站打不开了haole16.com高手们帮我看看我的新网站WWW.16mngt.com怎么不被收录啊?www.55125.cn如何登录www.jbjy.cnwww.kknnn.com求有颜色的网站!要免费的99nets.com制作网络虚拟证件的网站 那里有呀?partnersonlinecashfiesta 该怎么使用啊~~www.idanmu.com新开奇迹SF|再创发布网|奇迹SF|奇迹mu|网通奇迹|电信奇迹|