Contra-∗: Mechanisms for countering spam attacks on blockchain's memory pools☆
Introduction
Blockchain technology promises to redefine trust in distributed systems by serving as a tamper-proof and transparent public ledger that is easily verifiable and difficult to corrupt (Qu et al., 2020). Blockchains use an append-only model backed by Proof-of-Work (PoW), augmenting trust in decentralized Peer-to-Peer (P2P) settings. Due to such features, blockchains are used in cryptocurrencies, smart contracts, and Internet of Things (IoT) (Ahmad et al., 2019; Benisi et al., 2020). The most widespread use of blockchains can be found in crytocurrencies, e.g., Bitcoin, Ethereum, Zcash, Litecoin, Altoins, etc. (Ghosh et al., 2020).
Although blockchains are publicly verifiable and tamper-proof, they are vulnerable to attacks (Kaushal). Moreover, since blockchains are most widely used in digital currencies, attackers have a high incentive to exploit them. In the last few years, attacks on cryptocurrencies have increased including multiple 51% (majority) attacks, selfish mining, double-spending, block withholding, block forks and distributed denial-of-service (DDoS) attacks (Sapirshtein et al., 2016; Rosenfeld).
In Bitcoin, DDoS attacks are launched against miners, users, and currency exchanges (Muncaster, 2017). In P2P systems, DDoS attacks may take various forms. For example, users or miners can be re-routed towards a counterfeit network, denying them access to the real network. Maria et al. (2017) estimate that an attacker can isolate more than 50% of the network's hashing power by hijacking a few (<100) BGP prefixes. Moreover, attackers may exploit the block-size limit and network throughput to prevent benign users from getting their transactions verified. In Bitcoin, the average block size is limited to 1 MB and the average time of block mining is 10 min. On average, the transaction size varies from 200 Bytes to 1K Bytes.1 Under these constraints, Bitcoin can only verify three to seven transactions per second (Bano et al., 2017), in contrast to mainstream payment processors such as Visa Credit which can verify up to 2000 transactions per second. Low transaction throughput creates a competitive environment where only selected transactions get accepted into a block. It also makes Bitcoin vulnerable to flood attacks (Baqer et al., 2016), where malicious users exploit the block size limit in Bitcoin (≈1 MB)2 to overwhelm the blockchain with low-valued spam transactions. This further causes delay in verification of benign transactions. To prevent such attacks that exploit block size limit, miners in Bitcoin apply priority checks on the incoming transactions. The priority is given to the transactions that offer higher mining fee. Once high priority transactions are verified and mined into a block, the low priority transactions are queued into a memory pool.
In Bitcoin, memory pool (mempool) acts as a repository where all the transactions waiting to be confirmed are logged. Once a user generates a transaction, it is broadcast to the entire network. The transaction is stored into the mempool where it waits for confirmation. If the rate of incoming transactions at mempool is less than the throughput of the network (3–7 transactions/sec), there is no queue of unconfirmed transactions. Once the rate increases beyond the throughput, a transaction backlog starts at the mempool. Transactions that remain unconfirmed for long eventually get rejected. On November 11, 2017, the mempool size exceeded 115k unconfirmed transactions, resulting in USD 700 million worth of stall transaction (Memoria, 2017a). As the mempool size grows, users pay more mining fee per transaction to prioritize their transactions.
The Bitcoin network throughput is limited by the block size and the block mining time. Since the average block time is ≈ 10 min and the average block size is ≈ 1 MB, Bitcoin can only process 3–7 transactions per second (Bano et al., 2017). Due to the limited throughput, users compete to get their transactions mined into the blockchain. Typically, users that pay a higher transaction fee win that competition. We note that the transaction fee is determined by the mempool size and if the mempool size is large, more transactions compete for the block. In this paper, we show that this competition can be exploited to launch a denial-of-service attack where an attacker can flood the Bitcoin mempool with unconfirmed transactions and inflate the mempool size. This attack makes the benign users believe that there is high competition in the mempool, and to win that competition, those users pay a higher mining fee (Woo, 2017). We further show that in the current Bitcoin network, this attack can be easily launched since the default Bitcoin mempool does not apply any policy to filter the spam transactions. Therefore, our motivation is to identify the attack, show the attack feasibility, and propose the attack countermeasures.
Contributions. We make the following contributions . We identify the effect of mempool flooding on benign users in Bitcoin and the way that effect turns into a DoS attack. We present a threat model and associated attack procedure whereby an attacker can exploit the current Bitcoin protocol to achieve his goals. We propose Contra-∗ as countermeasures. Contra-∗ comes in fee-based (Contra-F), age-bases (Contra-A), and size-based (Contra-S), for transaction filtering. The three countermeasures optimize the mempool size, neutralize the attacker's capabilities, prevent mempool flooding, and put benign users at an advantage. We examine the performance of our proposed countermeasures through discrete-event simulations and evaluate their performance under varying attack conditions. To the best of our knowledge, this is the first study to address the problem of mempool attacks in cryptocurrencies with new mitigations.
Organization. section 2 outlines the related work, and section 3 outlines the preliminaries. In section 4 and section 5 we describe the threat model and attack procedure that lead to mempool flooding and its associated effect. A modeling framework for analyzing Contra-∗ as well as evaluation metrics are introduced in section 6. We propose countermeasures in section 7 with their associated analysis. Conclusion and future work are presented in section 8.
Section snippets
Related work
As described earlier, well-known attacks on blockchains include selfish mining, the 51% attack, block withholding, double-spending, blockchain forks and DoS attacks. In this section, we review notable work covering those attacks, and security aspects of blockchains.
Selfish mining is a form of attack where miners choose not to publish their block after computation, hoping to mine subsequent blocks and get more reward. The problem of selfish mining has been addressed by Eyal and Sirer (2014a) and
Preliminaries
We now review the preliminaries of this work including details about the blockchain system and data collection.
Threat model
In this work, we assume that the attacker is a full Bitcoin client with a complete blockchain and a memory pool at his machine. The attacker's wallet has spendable bitcoins denoted by “UTXO's”; those bitcoins have been previously mined into the blockchain. In Bitcoin, transactions can be split into various small transactions (Nakamoto, 2008). We assume that the balance in the attacker's wallet is large enough that it can be split into fractions of dust transactions; each of those transactions
Attack procedure
As mentioned earlier, when the rate of incoming transactions exceeds the network's throughput, a backlog of unconfirmed transactions builds up at the mempool. As backlog grows, competition for transaction mining also increases. Users try to prioritize their transactions by offering more fee to the miners. As a result, the fee per transaction paid to the miners increases. To facilitate usage, there are online services such as “Bitcoin Fee Estimation” (Community, 2017b), which estimate mempool
Modelling the mempool attack
As mentioned in section 3, mempool acts as a buffer for unconfirmed transactions, where the incoming transactions denote the arrival, and transaction mining represents the departure process. As long as the arrival process is within the bounds of system's throughput (3–7 transactions per second), the mempool queue remains stable and there is no transaction backlog. However, as shown in our threat model, the attacker overflows the buffer by accelerating the arrival process and increasing the
Countering the mempool attack
To counter DoS on Bitcoin's mempool, we propose three countermeasures that prevent the spam on the system. The design motivation is to increase the attack cost for the attacker while keeping the operational efficiency for benign users. We develop our designs for a miner's priority and apply the priority check on transactions at the mempool level. One of the effective countermeasures against spam attack in Bitcoin is to prevent the transmission of dust transactions in the network. We envision
Conclusion
In this paper, we identify a DoS attack on Bitcoin mempools that pushes the users into paying higher mining fees. Attacks on Bitcoin mempools have not been addressed previously, and we propose three countermeasures to the problem: fee-based, age-based, and size-based designs. Using simulations and various analyses, we conclude that when the attack is not severe, the fee-based design is more effective in mempool size optimization. However, the fee-based design does so by affecting both the
Credits
M. Saad and D. Mohaisen realized the idea, did the main analysis, and wrote the initial manuscript. J. Kim helped with modeling the attack as a Lyapunov optimization problem. D. Nyang helped with constructing the size-based countermeasures and finalizing the paper writing.
Declaration of competing interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Muhammad Saad is a Ph.D. student in the Department of Computer Science at the University of Central Florida. At UCF, Saad is a member of the Security Analytics and Research Lab (SEAL) advised by Prof. David Mohaisen. His research is on the security of distributed systems with an emphasis on the blockchain attack surface. His work has appeared in reputable venues including the International Conference on Distributed Computing Systems (ICDCS, 2019) and Communication Surveys and Tutorial (CS&T
References (55)
- et al.
Se curity of cryptocurrencies in blockchain technology: state-of-art, challenges and future prospects
J. Netw. Comput. Appl.
(2020) - et al.
Secure and transparent audit logs with BlockAudit
J. Netw. Comput. Appl.
(2019) - et al.
The road to scalable blockchain designs
login Usenix Mag
(2017) - et al.
Stressing out: bitcoin “stress testing”
Preventing the 51%-attack: a Stochastic Analysis of Two Phase Proof of Work in Bitcoin
(2015)- et al.
Blockchain-based decentralized storage networks: a survey
J. Netw. Comput. Appl.
(2020) Ethere um exchange poloniex down ddos attack again!
(Mar 2016)Bitcoin Source Code
(May 2020)- Bitcoin block size. URL...
- Bitcoin blockchain stats. URL...
Learning Bitcoin
Bitcoin data from Blockchain.info
Bitcoin fee estimation
Bitcoin Developer Guide: Peer Discovery
Devel Oper's Guide, Confirmation Score, Transaction Fee and Miner Fee, Minimum Relay Fee, UTXO, Memory Pool, Child Pays for Parent, Raw Transactions
Minimum Relay Fee
A survey on security and privacy issues of bitcoin
IEEE Commun. Surv. Tutorials
On scaling decentralized blockchains
The Clean, Readable, Proven Library for Bitcoin Javascript Development
Majority is not enough: bitcoin mining is vulnerable
How to Disincentivize Large Bitcoin Mining Pools
One weird trick to stop selfish miners: fresh bitcoins, a solution for the honest miner
Here's Why Bitcoin's Blockchain Has Blocks that Go over the 1mb Limit
Game-theoretic analysis of DDoS attacks against bitcoin mining pools
Cited by (6)
Decision support system for blockchain (DLT) platform selection based on ITU recommendations: A systematic literature review approach
2023, Expert Systems with ApplicationsA Systematic Analysis of Security in Blockchain
2023, Journal of Information Science and EngineeringSoK: Network-Level Attacks on the Bitcoin P2P Network
2022, IEEE AccessA Novel Framework for Secure Blockchain Transactions
2022, Proceedings - International Conference on Applied Artificial Intelligence and Computing, ICAAIC 2022The Credibility Cryptocurrency Valuation: Statistical Learning Analysis for Influencer Tweets
2022, International Conference on Information Networking
Muhammad Saad is a Ph.D. student in the Department of Computer Science at the University of Central Florida. At UCF, Saad is a member of the Security Analytics and Research Lab (SEAL) advised by Prof. David Mohaisen. His research is on the security of distributed systems with an emphasis on the blockchain attack surface. His work has appeared in reputable venues including the International Conference on Distributed Computing Systems (ICDCS, 2019) and Communication Surveys and Tutorial (CS&T 2020). He has won two best paper awards at Distributed Ledger of Things (DloT, 2018) and Systems Journal 2019.
Joongheon Kim received the B.S. and M.S. degrees in computer science and engineering from Korea University, Seoul, South Korea, in 2004 and 2006, respectively, and the Ph.D. degree in computer science from the University of Southern California (USC), Los Angeles, CA, USA, in 2014. Before joining Korea University as a Faculty Member, he was with Chung-Ang University, Seoul, from 2016 to 2019, Intel Corporation, Santa Clara, CA, USA, from 2013 to 2016, InterDigital, San Diego, CA, USA, in 2012, and LG Electronics, Seoul, from 2006 to 2009. He has been an Assistant Professor with Korea University, since 2019. He is a member of the IEEE Communications Society. He was awarded the Annenberg Graduate Fellowship with his Ph.D. admission from USC, in 2009.
DaeHun Nyang received the B.Eng. degree in electronic engineering from the Korea Advanced Institute of Science and Technology, Daejeon, South Korea, in 1994, and the M.S. and Ph.D. degrees in computer science from Yonsei University, Seoul, South Korea, in 1996 and 2000, respectively. He has been a Senior Member of engineering staff with the Electronics and Telecommunications Research Institute, Gwangju, South Korea, from 2000 to 2003. From 2003 to 2020, he was a Full Professor with the Computer Information Engineering Department, Inha University, Incheon, South Korea, where he was also the Founding Director of the Information Security Research Laboratory. Since 2020, he has been a Full Professor with Ewha Womans University, Seoul. His research interests include AI-based security, network security, traffic measurement, privacy, usable security, and biometrics and cryptography. Prof. Nyang is a member of the board of directors and an editorial board of ETRI Journal and also Korean Institute of Information Security and Cryptology.
David Mohaisen earned his M.Sc. and Ph.D. degrees from the University of Minnesota in 2011 and 2012, respectively. He is currently an Associate Professor at the University of Central Florida, where he directs the Security and Analytics Lab (SEAL). Before joining UCF, he held several posts, in academia and industry: as an Assistant Professor at the University at Buffalo, (Senior) Research Scientist at Verisign Labs, and a Member of the Engineering Staff at the Electronics and Telecommunication Research Institute (ETRI). His research interests fall in the broad areas of networked systems and their security, adversarial machine learning, IoT security, AI security, and blockchain security. Among other services, he is currently an Associate Editor of IEEE Transactions on Mobile Computing and IEEE Transactions on Parallel and Distributed Systems. He is a senior member of ACM (2018) and IEEE (2015).
- ☆
This paper is an extension of an earlier work that appeared in IEEE International Conference on Blockchains and Cryptocurrencies. (ICBC, 2019) (Saad et al., 2019). This work was supported in part by NRF grant NRF-2016K1A1A2912757 (GRL Project).