Advertisement

Threat Analysis of Poisoning Attack Against Ethereum Blockchain

  • Teppei SatoEmail author
  • Mitsuyoshi Imamura
  • Kazumasa Omote
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12024)

Abstract

In recent years, blockchain technology has witnessed remarkable developments in its application to crypto assets (cryptocurrency) considering not only function storing values but also extension of the smart contract and anonymity improvement. Ethereum is a blockchain that features the smart contract and there is a data space, where programs can be freely stored, on the blockchain. However, pollution of such data space can jeopardize the existence of Ethereum.

In this study, we analyze the fact that the malicious files that are stored in the data space of Ethereum and discuss “blockchain poisoning attacks” that significantly contaminate the blockchains by embedding malicious data at a relatively lower cost. We try to tackle Ethereum-specific risks which are not mentioned in previous study. In addition, we empirically examine the possibility of a poisoning attack on a private blockchain network.

Keywords

Blockchain Crypto assets Security Poisoning attack 

Notes

Acknowledgement

This work was partly supported by the Grant-in-Aid for Scientific Research (B) (19H04107).

References

  1. 1.
    Ali, S.T., McCorry, P., Lee, P.H.-J., Hao, F.: ZombieCoin: powering next-generation botnets with bitcoin. In: Brenner, M., Christin, N., Johnson, B., Rohloff, K. (eds.) FC 2015. LNCS, vol. 8976, pp. 34–48. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48051-9_3CrossRefGoogle Scholar
  2. 2.
    Ali, S.T., McCorry, P., Lee, P.H.J., Hao, F.: ZombieCoin 2.0: managing next-generation botnets using bitcoin. Int. J. Inf. Secur. 17(4), 411–422 (2018)CrossRefGoogle Scholar
  3. 3.
    Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on ethereum smart contracts (SoK). In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 164–186. Springer, Heidelberg (2017).  https://doi.org/10.1007/978-3-662-54455-6_8CrossRefGoogle Scholar
  4. 4.
    Azaria, A., Ekblaw, A., Vieira, T., Lippman, A.: MedRec: using blockchain for medical data access and permission management. In: 2016 2nd International Conference on Open and Big Data (OBD), pp. 25–30. IEEE (2016)Google Scholar
  5. 5.
    Cheddad, A., Condell, J., Curran, K., Mc Kevitt, P.: Digital image steganography: survey and analysis of current methods. Sig. Process. 90(3), 727–752 (2010)CrossRefGoogle Scholar
  6. 6.
    Chen, J.: Blackgear cyberespionage campaign resurfaces, abuses social media for c&c communication (2018). https://blog.trendmicro.com/trendlabs-security-intelligence/blackgear-cyberespionage-campaign-resurfaces-abuses-social-media-for-cc-communication/. Accessed 13 Dec 2018
  7. 7.
    Dorri, A., Kanhere, S.S., Jurdak, R., Gauravaram, P.: Blockchain for IoT security and privacy: the case study of a smart home. In: 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), pp. 618–623. IEEE (2017)Google Scholar
  8. 8.
    Fromknecht, C., Velicanu, D.: CertCoin: a NameCoin based decentralized authentication system 6. 857 class project (2014)Google Scholar
  9. 9.
    Hasanova, H., Baek, U., Shin, M.G., Cho, K., Kim, M.S.: A survey on blockchain cybersecurity vulnerabilities and possible countermeasures. Int. J. Netw. Manage. 29(2), 2060 (2019)CrossRefGoogle Scholar
  10. 10.
    Kiffer, L., Levin, D., Mislove, A.: Analyzing ethereum’s contract topology. In: Proceedings of the Internet Measurement Conference 2018, pp. 494–499. ACM (2018)Google Scholar
  11. 11.
    Kolbitsch, C., Comparetti, P.M., Kruegel, C., Kirda, E., Zhou, X.y., Wang, X.: Effective and efficient malware detection at the end host. In: USENIX Security Symposium, vol. 4, pp. 351–366 (2009)Google Scholar
  12. 12.
    Laurenson, T.: Performance analysis of file carving tools. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds.) SEC 2013. IAICT, vol. 405, pp. 419–433. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-39218-4_31CrossRefGoogle Scholar
  13. 13.
    Li, X., Jiang, P., Chen, T., Luo, X., Wen, Q.: A survey on the security of blockchain systems. Future Gener. Comput. Syst. (2017)Google Scholar
  14. 14.
    Matzutt, R., Henze, M., Ziegeldorf, J.H., Hiller, J., Wehrle, K.: Thwarting unwanted blockchain content insertion. In: 2018 IEEE International Conference on Cloud Engineering (IC2E), pp. 364–370, April 2018Google Scholar
  15. 15.
    Matzutt, R., et al.: A quantitative analysis of the impact of arbitrary blockchain content on bitcoin. In: Meiklejohn, S., Sako, K. (eds.) FC 2018. LNCS, vol. 10957, pp. 420–438. Springer, Heidelberg (2018).  https://doi.org/10.1007/978-3-662-58387-6_23CrossRefGoogle Scholar
  16. 16.
    Nakamoto, S., et al.: Bitcoin: A Peer-to-Peer Electronic Cash System (2008)Google Scholar
  17. 17.
    Pernet, C.: Winnti abuses GitHub for C&C communications (2017). https://blog.trendmicro.com/trendlabs-security-intelligence/winnti-abuses-github/. Accessed 13 Dec 2018
  18. 18.
    Song, D., et al.: BitBlaze: a new approach to computer security via binary analysis. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 1–25. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-89862-7_1CrossRefGoogle Scholar
  19. 19.
  20. 20.
    Szabo, N.: Smart contracts: building blocks for digital free markets. Extropy, no. 16 (1996). http://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/smart_contracts_2.html
  21. 21.
    Wohrer, M., Zdun, U.: Smart contracts: security patterns in the ethereum ecosystem and solidity. In: 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE), pp. 2–8. IEEE (2018)Google Scholar
  22. 22.
    Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. Byzantium version (2018). https://ethereum.github.io/yellowpaper/paper.pdf. Accessed 3 Dec 2018
  23. 23.
    Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panorama: capturing system-wide information flow for malware detection and analysis. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 116–127. ACM (2007)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2020

Authors and Affiliations

  • Teppei Sato
    • 1
    Email author
  • Mitsuyoshi Imamura
    • 1
  • Kazumasa Omote
    • 1
    • 2
  1. 1.University of TsukubaTsukubaJapan
  2. 2.National Institute of Information and Communications TechnologyKoganeiJapan

Personalised recommendations