Loading...
|
Please use this identifier to cite or link to this item:
https://nccur.lib.nccu.edu.tw/handle/140.119/131486
|
Title: | 動態監控區塊鏈系統 Runtime Hook on Blockchain Systems |
Authors: | 林韋廷 Lin, Wei-Ting |
Contributors: | 郁方 蕭舜文 Yu, Fang Hsiao, Shun-Wen 林韋廷 Lin, Wei-Ting |
Keywords: | 區塊鏈 智能合約 以太坊 動態監控 Blockchain Ethereum Smart contract Runtime hook |
Date: | 2020 |
Issue Date: | 2020-09-02 11:44:45 (UTC+8) |
Abstract: | 在區塊鏈上使用硬叉機制來恢復攻擊造成的損失與區塊鏈系統的不變性相矛盾。為了防止惡意交易提前進入區塊鏈,我們提出了一種Runtime Hook技術,以同步和分析暴露在以太坊交易池中的正在進行的交易。全面了解過去和正在進行的交易,我們可以識別並強制中止惡意交易,並防止由於執行和記錄在區塊鏈中的攻擊而造成的損失。具體來說,我們修改以太坊源代碼以檢測節點的入口點,以同步從以太坊P2P網絡接收的數據,並系統地掃描交易中的可疑模式以識別潛在的攻擊。作為概念驗證,我們演示瞭如何在私有區塊鏈系統上部署建議的Runtime Hook系統,以便我們可以檢測和防止智能合約的51%攻擊中的雙花交易和重入攻擊。 Using hard-fork mechanism on the blockchain to recover the losses caused by attacks contradicts the immutable characteristic of a blockchain system. To prevent malicious transactions from getting into blockchains in advance, we propose a runtime hook technique to synchronize and analyze the ongoing transactions exposed to the Ethereum transaction pool. Having a complete view of the past and the ongoing transactions, we can identify and enforce abortion of malicious transactions and prevent losses due to attacks being executed and recorded in the blockchain. Specifically, we modify the Ethereum source code to instrument the entry point of a node to synchronize data received from the Ethereum P2P network and systematically scan suspicious patterns in transactions to identify potential attacks. As a proof-of-the-concept, we show how to deploy the proposed runtime hook system on a private blockchain system, such that we can detect and prevent transactions of double spending on the 51% attack and reentrancy attack of smart contracts. |
Reference: | [1] S. Nakamoto et al., “Bitcoin: A peer-to-peer electronic cash system,” 2008. [2] M. Swan, Blockchain : blueprint for a new economy. Sebastopol, Calif.: O’Reilly Media, 2015. [3] “Fidelity investments - retirement plans, investing, brokerage, wealth management, finacial planning and advice, online trading..” https://www.fidelity.com/. [4] “Nyse: The new york stock exchange.” https://www.nyse.com/index. [5] “Intercontinental exchange.” https://www.intercontinentalexchange.com/index. [6] R. Zhang, R. Xue, and L. Liu, “Security and privacy on blockchain,” arXiv preprint arXiv:1903.07602, 2019. [7] “Zcash counterfeiting vulnerability successfully remediated.” https://z.cash/ blog/zcash-counterfeiting-vulnerability-successfully-remediated/. [8] “Deep chain reorganization detected on ethereum classic (etc).” https://blog. coinbase.com/ethereum-classic-etc-is-currently-being-51-attacked-33be13ce32de. [9] “Pow 51% attack cost.” https://www.crypto51.app/. [10] “Fundamentals of proof of work.” https://blog.sia.tech/ fundamentals-of-proof-of-work-beaa68093d2b. [11] “web3.js - ethereum javascript api.” https://web3js.readthedocs.io/en/1.0/. [12] “Json rpc.” https://github.com/ethereum/wiki/wiki/JSON-RPC. [13] A. Baliga, “Understanding blockchain consensus models,” in Persistent, 2017. [14] S. King and S. Nadal, “Ppcoin: Peer-to-peer crypto-currency with proof-of-stake,” [15] P. Vasin, “Blackcoins proof-of-stake protocol v2,” [16] “Introducing casper the friendly ghost.” https://blog.ethereum.org/2015/08/ 01/introducing-casper-friendly-ghost/, 2015. [17] G. Wood et al., “Ethereum: A secure decentralised generalised transaction ledger,” Ethereum project yellow paper, vol. 151, pp. 1–32, 2014. [18] “Dpos.” https://en.bitcoinwiki.org/wiki/DPoS. [19] “Bitshares.org - home for the bitshares blockchain.” https://bitshares.org/. [20] “Introduction sawtooth latest documentation - hyperledger sawtooth.” https://sawtooth.hyperledger.org/docs/core/nightly/0-8/introduction.html#proof-of-elapsed-time-poet. [21] M. Castro, B. Liskov, et al., “Practical byzantine fault tolerance,” in OSDI, vol. 99, pp. 173–186, 1999. [22] “Hyperledger open source blockchain technologies.” https://www.hyperledger.org/. [23] “Etherscan api.” https://etherscan.io/apis. [24] G. Ateniese, B. Magri, D. Venturi, and E. Andrade, “Redactable blockchain–or– rewriting history in bitcoin and friends,” in 2017 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 111–126, IEEE, 2017. [25] D. Deuber, B. Magri, and S. A. K. Thyagarajan, “Redactable blockchain in the permissionless setting,” arXiv preprint arXiv:1901.03206, 2019. [26] I. Puddu, A. Dmitrienko, and S. Capkun, “µchain: How to forget without hard forks.,” [27] S. Anderson and B. Q. Nguyen, “Filtering and redacting blockchain transactions,” 2018. US Patent App. 15/348,581. [28] M. Florian, S. Beaucamp, S. A. Henningsen, and B. Scheuermann, “Erasing data from blockchain nodes,” CoRR, vol. abs/1904.08901, 2019. [29] S. Zhou, Z. Yang, J. Xiang, Y. Cao, M. Yang, and Y. Zhang, “An ever-evolving game: Evaluation of real-world attacks and defenses in ethereum ecosystem,” [30] P. Zheng, Z. Zheng, X. Luo, X. Chen, and X. Liu, “A detailed and real-time performance monitoring framework for blockchain systems,” in 2018 IEEE/ACM 40th International Conference on Software Engineering: Software Engineering in Practice Track (ICSE-SEIP), pp. 134–143, May 2018. [31] B. Jiang, Y. Liu, and W. Chan, “Contractfuzzer: Fuzzing smart contracts for vulnerability detection,” in Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, pp. 259–269, ACM, 2018. [32] “Contract abi specification.” https://solidity.readthedocs.io/en/develop/abi-spec.html. [33] I. Nikoli´c, A. Kolluri, I. Sergey, P. Saxena, and A. Hobor, “Finding the greedy, prodigal, and suicidal contracts at scale,” in Proceedings of the 34th Annual Computer Security Applications Conference, pp. 653–663, ACM, 2018. [34] P. Tsankov, A. Dan, D. Drachsler-Cohen, A. Gervais, F. Buenzli, and M. Vechev, “Securify: Practical security analysis of smart contracts,” in Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 67–82, ACM, 2018. [35] X. Li, P. Jiang, T. Chen, X. Luo, and Q. Wen, “A survey on the security of blockchain systems,” Future Generation Computer Systems, 2017. [36] I.-C. Lin and T.-C. Liao, “A survey of blockchain security issues and challenges.,” IJ Network Security, vol. 19, no. 5, pp. 653–659, 2017. [37] I. Eyal and E. G. Sirer, “Majority is not enough: Bitcoin mining is vulnerable,” Commun. ACM, vol. 61, pp. 95–102, June 2018. [38] G. O. Karame, “Two bitcoins at the price of one? double-spending attacks on fast payments in bitcoin,” in In Proc. of Conference on Computer and Communication Security, 2012. [39] G. O. Karame, E. Androulaki, M. Roeschlin, A. Gervais, and S. Capkun, “Misbehav- ior in bitcoin: A study of double-spending and accountability,” ACM Transactions on Information and System Security (TISSEC), vol. 18, no. 1, p. 2, 2015. [40] H. Mayer, “Ecdsa security in bitcoin and ethereum: a research survey,” CoinFaabrik, 2016. [41] “Wannacry ransomware attack.” https://en.wikipedia.org/wiki/WannaCry_ransomware_attack [42] N. Christin, “Traveling the silk road: A measurement analysis of a large anonymous online marketplace,” in Proceedings of the 22nd international conference on World Wide Web, pp. 213–224, ACM, 2013. [43] “Uk national risk assessment of money laundering and terrorist financing.” https://assets.publishing.service.gov.uk/government/uploads/system/ uploads/attachment_data/file/468210/UK_NRA_October_2015_final_web.pdf. [44] N. Atzei, M. Bartoletti, and T. Cimoli, “A survey of attacks on ethereum smart contracts.,” IACR Cryptology ePrint Archive. [45] “The dao (organization).” https://en.wikipedia.org/wiki/The_DAO_(organization). [46] C. Pinz´on and C. Rocha, “Double-spend attack models with time advantange for bitcoin,” Electronic Notes in Theoretical Computer Science, vol. 329, pp. 79–103, 2016. [47] V. Buterin et al., “Ethereum white paper,” GitHub repository, pp. 22–23, 2013. |
Description: | 碩士 國立政治大學 資訊管理學系 106356001 |
Source URI: | http://thesis.lib.nccu.edu.tw/record/#G0106356001 |
Data Type: | thesis |
DOI: | 10.6814/NCCU202001239 |
Appears in Collections: | [資訊管理學系] 學位論文
|
Files in This Item:
File |
Description |
Size | Format | |
600101.pdf | | 1155Kb | Adobe PDF2 | 0 | View/Open |
|
All items in 政大典藏 are protected by copyright, with all rights reserved.
|