A brief review on Erebus Attack, stealthy and hard to fix
A recent research project from National University of Singapore presents a new form of partitioning attack, called Erebus, that enables a network adversary to take charge of a victim node’s peering decision. This short review includes a background introduction of attacks against Bitcoin, the main process of the attack and some thoughts on possible countermeasures and extensions of this work.🌘🌘
Since the invention of Bitcoin, many different attacks against it have been discussed or practiced. There were earlier attacks that are similar to Erebus, including Bitcoin Hijacking Attack and Eclipse Attack. However, the Bitcoin Hijacking Attack has the major disadvantage that it reveals the identity of the adversary in almost no time. And by patching a series of vulnerabilities, the Eclipse attack is no longer possible on the current Bitcoin blockchain. Compared to them, Erebus is hard to detect, readily available for large Internet service providers and almost immune to trivial countermeasures. This is because the attack traffic of Erebus is only in the data plane and no control-plane trace is necessary. The most unique feature that differentiates Erebus from the other attacks is that it exploits the essential advantage of being a network adversary, or to put it plainly, being able to imitate more than millions of shadow IPs for several weeks.
The process of the attack involves two phases: collecting the shadow IPs and building the victim-shadow connections. In the first phase, the adversary analyzes the inter-domain routing states and enumerates the IP addresses where the victim-to-node packets pass through the adversary’s network. In the second phase, the adversary tries to slowly replace the entire of the victim node’s peering connections by shadow IPs. By using Bitcoin network stack emulator, this work shows that Erebus can partition a victim node within 40 days with low rate attack traffic and at the same time, being highly invisible.
One limitation of Erebus attack may be its efficiency. According to the paper, it takes a Tier-1 or large Tier-2 days to take down a chosen node. Given this low rate, the large ASes may lack the incentives to mount such Erebus attack because the benefit of partitioning a few Bitcoin nodes may be small. Even if controlling that particular node is really profitable, the node would probably be heavily protected such that any micro delay in receiving new blocks can be detected. Since the attack takes a few weeks, a node can probably whitelist some benign nodes and check the rate at which it receives new blocks with its whitelisted nodes.
Apart from the issues already considered by the team, a possible extension may be to analyse the influence of Erebus attack by large ASes(Tier-1 or the large ones in Tier-2) on the throughput of the network. Because with some of the nodes being partitioned, the throughput of the network would probably be lowered.
Another possible direction of interest is whether incorporating cryptographic primitives would help defend against Erebus attack. Also, this paper points out that cryptocurrencies involving zero knowledge cryptography, like Zcash, is also vulnerable to Erebus attack. But even if they are partitioned, this attack may not turn out to be profitable for the attackers thanks to 2 reasons. Firstly, these cryptocurrencies are privacy-preserving, making it hard for an adversary to identify the nodes that she wants to attack. Secondly, spending such cryptocurrencies usually need a zero knowledge proof which incorporates a nonce, therefore, the chance of double spending is small even if the victim is partitioned.
The project website also mentioned a network architecture level solution called SCION, which is supposed to solve the problem thoroughly. Basically, it uses cryptographic mechanisms to offer path control for any user.
Wrapping up, this is a very meaningful project since it shows that even the comprehensively discussed and improved Bitcoin system has serious security risks! On the one hand, I think there is no time to delay for improving the security of Bitcoin because of the huge amount of assets places in this network; on the other hand, it is also important to consider whether certain countermeasures against Erebus would lead to further loopholes to be exploited.
References:
