We continue to tell you about all the possible threats that can hit the Blockchain, cryptocurrencies, or your privacy. Let’s talk on Replay Attack and DoS Attack.
Repeat attack
A replay attack or replay attack is one of the most common vulnerabilities affecting blockchains. These attacks are usually carried out during the implementation of the hard fork, because it is at this time that the best conditions are created for their implementation.
This happens when an attacker intercepts and retransmits valid data that passes through the network. This becomes possible because the attackers have obtained valid credentials for the network. For this reason, network security protocols treat this attack as a normal data transfer. Thus, this kind of attack is a simple matter for an attacker.
Repeated attacks particularly affect the blockchain technology, as it operates as a distributed system. This is due to the fact that it is this operating structure that facilitates such malicious actions. All you need is to have access to valid credentials, and that the attack is carried out at the right time, and that is enough to succeed.
- The scale and consequences of a repeat attack
A replay attack can have, first of all, the following scope:
- This allows you to substitute the identity of another user of the system. At this stage, an attacker can effectively steal the credentials to access the network, and impersonate the user. In this way, the attacker gets access to the entire history of the user’s actions. This point is a sufficient and necessary condition for conducting a second attack with disastrous consequences.
- This allows you to create denial of service (DoS) attacks. An attacker can make a massive replay attack on the blockchain. This scenario is possible due to the loss of computing power of the legacy blockchain. As the power of the legacy blockchain drops, there is room for a 51% attack.
- This allows you to create new transactions that can move to the new blockchain and disable it if its capacity is exceeded. Another way to perform this type of action is to take advantage of a weak point in the message protocol in the P2P network. With this vulnerability, you can not only make a repeat attack, but also manage the network so that it listens only to messages formatted in a certain way.
In both cases, there are restrictions on possible malicious actions. But perhaps most importantly, the data sent cannot be changed without being rejected by the network.
- The importance and consequences of repeated attacks
These types of attacks are very important to consider in blockchain technology. Especially when the blockchain goes through a hard fork process. This is because the hard fork opens up the possibility of performing this type of action more easily.
At this time, two blockchains with identical information are used simultaneously. This means that one transaction processed before the hard fork becomes valid for the second network as well. As a result, a person who receives a certain amount of cryptocurrency from another person on the old block chain can switch to another one, reproduce the transaction and fraudulently transfer the same amount of crypto to their account.
However, this situation is only possible for those who participated in the hard fork. In other words, new users who created a wallet after the hard fork are not vulnerable, and they can not also conduct attacks of this type themselves.
But these types of attacks can be carried out outside of blockchain technology. For example, contactless payment systems or NFC are also susceptible. To deal with them, they must have countermeasures that will prevent the user from executing them and thus stealing the funds.
- Does a repeated attack mean that the attacker controls the entire network?
A replay attack only leads to the attacker being able to impersonate someone else’s identity on the network, and perform actions already performed with it. An attacker never has complete control over the network or the ability to overwrite the entire block chain.
- Protective measures against this type of attack
To prevent replay attacks, the developers of one of the two blockchains can make small changes to the transaction rules after the fork.
To implement replay protection at the protocol level, a hard fork is required. This means that it is much easier for a new, forked version of the chain to implement replay protection, since it already initiates a hard fork.
For example, when Bitcoin Cash separated from the Bitcoin blockchain, its developers added a special token (SIGHASH_FORKID) to the transactions of the new blockchain, so that Bitcoin Cash digital signatures are no longer identical to Bitcoin signatures.
If an attacker had copied the signature from the PTS transaction and sent it to the Bitcoin Cash nodes, it would have been rejected as invalid because it did not have this additional token. Similarly, signatures with an additional token will be invalid in the Bitcoin block chain, which protects against replay attacks in the other direction. Because this form of replay protection prevents replay attacks on both Bitcoin and Bitcoin Cash, it is called two-way replay protection or “strong replay protection”.
If two-way replay protection is offered at the protocol level, as in the case of Bitcoin Cash, then exchanges, wallets, and users can make transactions with both coins in the source chain and in the forked chain, without fear of replay attacks.
If replay protection is not offered at the protocol level, things get complicated. Services such as wallets or exchanges usually temporarily suspend transactions on the new chain until the network stabilizes. If they decide to support a new chain, they will have to implement their own protection against repeat play, otherwise they run the risk of being attacked. This is usually achieved by mixing the post-fork transaction output (UTXO), with any new transactions or withdrawals.
What are DoS attacks?
One of the most common attacks in the computer world is a DoS attack, with which cybercriminals seek to prevent users of an online computer system from accessing it by saturating it with illegal service requests.
This is a type of network threat that is designed to disable a computer system for a while. A simple example to understand this type of attack:
Imagine a disco for 200 people, the entrance to which is free. If someone wants to ruin the evening for everyone, they should take their 200 friends with them and, without consuming anything or even dancing, stay there while the disco is open, thereby not giving access to those who really want to dance. Thus, a competitor in real life committed a DoS attack. In computer science, such a disco can be a web page that supports a certain number of simultaneous visits. If an attacker is able to simulate these visits, they will successfully perform these types of attacks, and prevent legitimate users from using the Internet.
This situation prevents legitimate users from using the system and the services it provides. These types of threats can be targeted to affect the source offering the information, the application, or the transmission channel of the system, something that can usually be achieved by exploiting vulnerabilities or by overloading the power of servers. The latter case is the most common of them, as it is simple, fast, and very effective.
- Types of DoS attacks
There are two types of DoS attacks: denial of service or DoS (Denial of Service), and la – distributed denial of service or DDoS (Distributed Denial of Service). The difference between them is the number of computers or IP addresses that are conducting the attack.
In DoS attacks, a huge number of requests to the service are generated from the same computer or IP address. This leads to the consumption of resources offered by the service, as long as it does not exceed its ability to answer and begins to decline requests. As a result, the service becomes useless until steps are taken to fix the problem.
In the case of DDoS attacks, requests or connections are made using a large number of computers or IP addresses. All these requests are executed simultaneously and to the same attacked service. DDoS attacks are more difficult to deal with. This is because the requests come from different IP addresses, and the administrator can’t block them all. This scheme is very effective against persistent DoS attacks.
Computers or devices that conduct a DDoS attack are recruited through malware infection. Thanks to this malware, infected computers function as a network of bots or zombies, which a cybercriminal can remotely control. Because of the size and operation of this network, it has more ability to stop servers than with an attack conducted by only one machine. Consequently, today they are widely used for attacks on very large systems.
- DoS and blockchain attacks. Are we protected?
One of the main strengths of blockchain technology is its resistance to DoS and DDoS attacks. And it is the decentralized nature of the blockchain that increases its resilience to these threats.
This is due to the fact that the decentralized platform allows network users to process a much larger amount of data. A situation that significantly reduces the risk of DoS and DDoS success. It is due to this design and the inherent cost of sending transactions to the network of various blockchains that these attacks are inefficient and expensive.
Another way to conduct DoS attacks is to use Sybil attacks, Eclipse Attacks, or Erebus attacks. The latter is the most dangerous of all, because its scope is global, requires few resources, and is not detected until the entire network fails.
However, despite this feature, there are always cases when blockchain networks can become victims of DoS or DDoS attacks. In Bitcoin, for example, version 0.14 of Bitcoin Core had a software vulnerability that allowed for this type of attack. This was discovered in 2017, and Andreas Antonopoulos explained it in a tweet on his official account. Thanks to the nature of open source code and the work of hundreds of developers and employees, the bug was quickly fixed.
This latter situation explains how important it is to develop open and verifiable software. In addition, it is a clear indication of how important computer security and system updates are. All this is in order to avoid situations that can be disastrous for those who use computer services.
- Is decentralization one of the best ways to protect the blockchain from DoS-type attacks?
The fact that the blockchain networks are decentralized prevents a successful DoS or DDoS attack to disable the service for users. This is due to the fact that there is no central operating core, and the drop of one or even several nodes does not affect the entire network.
Although blockchain networks are resistant to these cyber threats due to their decentralized form, we need to know what will happen if an attack of this type is carried out effectively. Let’s take the Ethereum network as an example:
The assumption of an effective denial-of-service attack on Ethereum will affect millions of network users. Users of not only the main network, but also other tokens that work “on it”. DApps, decentralized exchanges, distributed computing infrastructure – everything that depends on Ethereum will be disabled.
This will have a direct negative impact on the bandwidth of Ethereum, and many users will doubt the network’s ideality for their projects. In the worst case, this situation will affect the price of ETH and lead to a sharp drop in its capitalization. Economically negative situation for the network. It can also have a strong impact on the development of the Ethereum software. New hard forks and derivative developments are expected to “improve” Ethereum.
Of course, the scenario described above is very discouraging and, although difficult, it is plausible given the consequences that could be expected from such an attack. This example helps us understand the importance of security.
Despite the fact that blockchain is a very secure technology, there are many factors that can be taken advantage of. Minimizing them is a priority not only for the services provided, but also for the security and continuity of service delivery to users.
However, it is also important to emphasize that Bitcoin is free software, and has very high transparency.