Shulou(Shulou.com)05/31 Report--

Most people don't understand the knowledge points of this article "What is the principle of blockchain network attack", so Xiaobian summarizes the following contents for everyone. The contents are detailed, the steps are clear and have certain reference value. I hope everyone can gain something after reading this article. Let's take a look at this article "What is the principle of blockchain network attack".

1 Sybil attacks based on blockchain networks

Sybil attack was originally proposed by Douceur in a peer-to-peer network environment, pointing out that this attack breaks the redundancy mechanism in distributed storage systems and proposes two authentication methods: direct authentication and indirect authentication. Later, Chris Karlof et al. pointed out that Sybil attacks also pose a threat to routing mechanisms in sensor networks.

Sybil attack, also known as witch attack, refers to a malicious node illegally presenting multiple identities to the outside world, which are usually called Sybil nodes. Sybil attacks can be divided into the following types: direct communication, indirect communication, identity forgery, identity theft, simultaneous attack and non-simultaneous attack.

In the blockchain network, users create new identities or new nodes without cost. Attackers can use this vulnerability to launch Sybil attacks, forge their own identities to join the network, and make some malicious behaviors at will after mastering several nodes or node identities. For example, misleading the routing table of normal nodes reduces the lookup efficiency of blockchain network nodes; or transmitting unauthorized files in the network, destroying file sharing security in the network, consuming connection resources between nodes, etc., without worrying about being affected. Figure 2 illustrates the principle of an attacker conducting a Sybil attack in a blockchain network.

The impact of Sybil attacks on blockchain networks is mainly reflected in the following aspects:

1. Fake node join: Based on the blockchain network protocol, any network node can send a node join request message to the blockchain network; the blockchain node that receives the request message will immediately respond and reply to its neighbor node information. Using this process, Sybil attackers can obtain a large amount of blockchain network node information to analyze the blockchain network topology in order to attack or destroy the blockchain network more efficiently.

2. Misdirect routing of blockchain network nodes: Real-time interaction of routing information between nodes is one of the key factors to ensure the normal operation of blockchain networks. A node only needs to announce its presence to its neighbors periodically to ensure that it is added to its routing table by its neighbors. Through this process, malicious Sybil intruders can invade the routing table of normal blockchain nodes, mislead their routing choices, greatly reduce the routing update and node lookup efficiency of blockchain nodes, and in extreme cases, lead to Eclipse attacks.

3. Fake resource publishing: Sybil attackers can publish their own fake resources at will once they hack into the routing tables of blockchain network nodes. The goal of blockchain networks is to achieve distributed sharing of resources among users, and if the network is flooded with a large number of fake resources, then in the eyes of users, this will be unacceptable.

2 Eclipse attacks based on blockchain networks

Moritz Steiner et al proposed Eclipse attack in Kad network and gave the principle of this attack. Eclipse attacks involve attackers adding enough fake nodes to the neighbor node set of certain nodes by invading the routing tables of the nodes, thereby "isolating" these nodes from the normal blockchain network. When a node is attacked by Eclipse, most of its external contacts will be controlled by malicious nodes, which can further implement attacks such as routing spoofing, storage pollution, denial of service and ID hijacking. Therefore, Eclipse attacks pose a serious threat to blockchain networks.

The normal operation of blockchain networks depends on the sharing of routing information between blockchain nodes. Eclipse attackers influence the routing tables of blockchain nodes by constantly sending routing table update messages to the blockchain nodes, attempting to fill the routing tables of ordinary nodes with fake nodes. When a blockchain node has a high proportion of false nodes in its routing table, its normal behavior on the blockchain network, including route lookup or resource search, will be isolated by malicious nodes, which is why this attack is called an eclipse attack. Figure 3 shows how an attacker can perform a task

Eclipse attack theory.

Eclipse attacks are closely related to Sybil attacks and require more Sybil attack nodes to work with. In order to carry out an Eclipse attack on a particular cluster of blockchain nodes, an attacker must first set up enough Sybil attack nodes and declare them to the blockchain network as "normal" nodes, then use these Sybil nodes to communicate with normal blockchain nodes, hack their routing tables, and finally isolate them from the blockchain network.

Eclipse attacks have a significant impact on blockchain networks. For blockchain networks, Eclipse attacks destroy the topology of the network, reduce the number of nodes, and greatly reduce the efficiency of resource sharing in blockchain networks. In extreme cases, it can completely control the entire blockchain network and divide it into several blockchain network regions. For the victim blockchain nodes, they are separated from the blockchain network under unknown circumstances, and all blockchain network request messages will be hijacked by attackers, so most of the reply information they get is false and cannot be shared or downloaded normally.

3 DDoS attacks based on blockchain networks

DDoS attack is one of the most threatening attack technologies to blockchain network security. It refers to the use of C/S technology to combine multiple computers as an attack platform to launch attacks on one or more targets, thereby multiplying the power of denial of service attacks.

Traditional DDoS attacks are divided into two steps: the first step uses viruses, Trojans, buffer overflows and other attack means to invade a large number of hosts to form botnets; the second part launches DoS attacks through botnets. Common attack tools include Trinoo, TFN, TFN2K, Stacheldraht, etc. Due to various constraints, the first step of the attack becomes the key to limiting the scale and effectiveness of DDoS attacks.

The new DDoS attacks do not require botnets to launch large-scale attacks, which are not only low cost and powerful, but also ensure the privacy of attackers. Figure 4 illustrates the principle of an attacker conducting a DDoS attack in a blockchain network.

Blockchain networks have millions of simultaneous online users, and these nodes provide a large amount of available resources, such as distributed storage and network bandwidth. If these resources are used as an amplification platform for launching large-scale DDoS attacks, it is not necessary to hack into the host on which the blockchain network node runs, but only need to control it in the cascade network (application layer). Theoretically, using a blockchain network as a DDoS attack engine could amplify an attack a million times or more if there are a million online users in that network.

Depending on the attack method, blockchain-based DDoS attacks can be divided into active attacks and passive attacks. Blockchain-based active DDoS attack is to actively send a large number of false information to network nodes, so that subsequent access to these information is directed to the victim to achieve the attack effect, with strong controllability, high magnification characteristics. This attack uses the mechanism based on "push" in the blockchain network protocol. The reflection node will receive a large amount of notification information in a short time, which is not easy to analyze and record, and can avoid IP inspection by impersonating the source address, making it more difficult to trace and locate the attack source. In addition, active attacks introduce extra traffic into the blockchain network, which will reduce the lookup and routing performance of the blockchain network; false index information will affect the file download speed.

Blockchain-based passive DDoS attacks achieve their effect by modifying the blockchain client or server software, passively waiting for query requests from other nodes, and then returning false responses. In general, amplification measures are taken to enhance the effectiveness of attacks, such as deploying multiple attack nodes, including target hosts multiple times in a response message, combining other protocols, or implementing vulnerabilities. This attack exploits the "pull" based mechanism in blockchain network protocols. Passive attacks are non-intrusive, have little impact on blockchain network traffic, and usually can only exploit local blockchain nodes.

The above is the content of this article about "What is the principle of blockchain network attack". I believe everyone has a certain understanding. I hope the content shared by Xiaobian will be helpful to everyone. If you want to know more relevant knowledge content, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.