A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. Use of this web site signifies your agreement to the terms and conditions. A Stealthier Partitioning Attack against Bitcoin Peer-to-Peer Network Abstract: Network adversaries, such as malicious transit autonomous systems ASes , have been shown to be capable of partitioning the Bitcoin's peer-to-peer network via routing-level attacks; e.
Apostolaki et al. Due to the nature of BGP operation, such a hijacking is globally observable and thus enables immediate detection of the attack and the identification of the perpetrator. In this paper, we present a stealthier attack, which we call the EREBUS attack, that partitions the Bitcoin network without any routing manipulations, which makes the attack undetectable to control-plane and even to data-plane detectors. The novel aspect of EREBUS is that it makes the adversary AS a natural man-in-the-middle network of all the peer connections of one or more targeted Bitcoin nodes by patiently influencing the targeted nodes' peering decision.
We show that affecting the peering decision of a Bitcoin node, which is believed to be infeasible after a series of bug patches against the earlier Eclipse attack , is possible for the network adversary that can use abundant network address resources e. Nodes can be eclipsed if an attacker has access to sufficient IP addresses. The easiest way to avoid this is for a node to restrict inbound connections and be deliberate about any connections made with other nodes.
This, however, can make it more difficult for new nodes to join a blockchain network, should this approach be used by all nodes. Due to the public and open-source nature of most blockchain projects, it is relatively easy for malicious actors to assess their structural underpinnings in search of vulnerabilities to exploit. Common approaches include:. Random node selection: By structuring a peer-to-peer network in a way in which each node connects to a randomized set of IP addresses each time it syncs with the network rather than adhering to a repeating, exploitable set of node criteria, a blockchain architect can significantly reduce the chances of a node connecting to an attacker-controlled node even if it was recently connected.
Deterministic node selection: Taking the opposite approach from random node selection, deterministic node selection involves the insertion of specific node IP addresses into their corresponding predetermined fixed slots every time they connect with the network.
In a similar vein, a blockchain could incorporate node identifiers into its network connection criteria to make it easier to reconnect with legitimate peers with higher trust scores. By establishing node connections using identifying information rather than circumstantial data such as timestamps and availability, the blockchain network will be more secure and less susceptible to third-party influences which deviate from legitimate network activity. However, if connections can only be made to specific nodes that have been pre-approved by other peers, the network may run into scalability issues.
Increased node connections : By increasing the required number of node-to-node connections, a network would be able to increase the likelihood that a node will connect to a legitimate user. However, there are node constraints and bandwidth constraints which limit the extent to which a network can increase the number of node connections without sacrificing performance, limiting the efficacy of this approach as a stand-alone solution to eclipse attacks.
New node restrictions: By making it more expensive or difficult to create new nodes within a network, the blockchain architect can set a higher bar for malicious actors to flood the network with attacker-controlled nodes. Oftentimes this approach involves limiting the number of nodes per IP address or device, although this defensive measure can be circumvented by an attacker deploying a botnet composed of devices which have their own unique IP addresses.
While cryptocurrency eclipse attacks typically only affect a single user or a limited set of targets, repeated attacks can undermine trust within a blockchain network and eventually destroy a network without proper defenses. While every cryptocurrency project needs a specific real-world application in order to survive the long-term, without robust, tamper-resistant node connections a network is unlikely to remain intact long enough to realize its full potential.
Cryptopedia does not guarantee the reliability of the Site content and shall not be held liable for any errors, omissions, or inaccuracies. The opinions and views expressed in any Cryptopedia article are solely those of the author s and do not reflect the opinions of Gemini or its management. The information provided on the Site is for informational purposes only, and it does not constitute an endorsement of any of the products and services discussed or investment, financial, or trading advice.
A qualified professional should be consulted prior to making financial decisions. Please visit our Cryptopedia Site Policy to learn more. Cryptopedia Staff. Is this article helpful? Online Attacks. Contents What Is an Eclipse Attack?
Summary Eclipse attacks are a special type of cyberattack where an attacker creates an artificial environment around one node, or user, which allows the attacker to manipulate the affected node into wrongful action.
Connect and share knowledge within a single location that is structured and easy to search. An eclipse attack is when most if not all of your peers are malicious and they basically prevent you from being well-connected to the network to obtain information about transactions you're interested in. An eclipse attack is particular useful when a payer has sent some bitcoins to you in some transaction, then decides to also doublespend the same bitcoins.
The doublespender or payer will use the eclipse attack to prevent you from knowing that there is also a doublespend transaction out in the open, so you get misled into believing that there's only the original transaction. A sybil attack on the other hand is where a malicious actor is trying to spam the network with nodes that they control attempting to subvert the network's reputation system. For example, false signalling of support using version bits.
To summarise, an eclipse attack is targeted at a single party; whereas a sybil attack is network targeted. In the context of bitcoin, a sybil attack is not particularly harmful since all nodes operate based on consensus rules and any deviation will lead to said node getting DoS banned. In an eclipse attack, the attacker eclipses a victim from the network. That means the attacker basically controls which information the victim is able to send to the network and vice versa.
I would therefore say that a sybil attack is what an adversary uses in order to perform an eclipse attack. This is because a Bitcoin node normally connects to multiple peers. The adversary therefore would have to impersonate all peers of the victim in order to eclipse the victim from the rest of the network. Sign up to join this community. The best answers are voted up and rise to the top.
Stack Overflow for Teams — Start collaborating and sharing organizational knowledge. Create a free Team Why Teams? Learn more. Eclipse attack vs. Sybil attack Ask Question. Asked 4 years, 5 months ago. Modified 2 years, 3 months ago.
Viewed 4k times. Now this represents both an advantage and a disadvantage. On the one hand, its advantage is that due to the small number of connections, it requires little computing power and bandwidth. This opens the door for anyone from anywhere in the world to have a Bitcoin node.
Thanks to this, it turns out to decentralize the network and increase security. But restricting connections also has a drawback, namely that these connections are relatively easy to intercept. The effort required to do this depends on the security features, the process of selecting the protected node, and the size of the network.
But basically all you need is a botnet under your control, and detecting IP addresses from the rest of the network nodes. So when these nodes restart their connection to the network, malicious nodes can interfere with the connection and take control of the victim. Once an attacker gains some control over the network, there is nothing stopping them from further strengthening that control. In fact, with each new node under control, it becomes easier and easier to expand your network presence.
When you have node management, you can manipulate the locks as you see fit, and even sabotage and monitor network connections. Eventually, an attacker may even be able to manipulate the growth of the network by changing the versions of the blockchain registry as they see fit. This is a highly specialized type of attack that can be performed on networks using the Proof of Work PoW protocol.
The explanation for the cyberattack is that if two miners discover a block at the same time, an attacker can use an eclipse attack on those miners to focus their mining efforts on the unattended blocks. This will give the attacker the opportunity to mine their own blocks. In the end, the attacker achieves that his block will be processed by the network under his control and will receive a reward.
Another possibility is to share the mining power in the network. Finally, it also opens up the possibility of attacks by double-confirming expenses. This means that an attacker can control a certain group of miners and report from there that the transaction has received a number of confirmations.
This cyber threat, for example, will allow you to trick the seller into thinking that the transaction for the service was confirmed by the network. But in reality, he will be the victim of an elaborate eclipse attack. Another consequence of this type of threat is attacks on second-level protocols. This becomes possible because the eclipse will trick the victim into seeing the unreal state of the network.
For example, the Lightning payment channel will be displayed as open to the victim, while the attacker closed the channel, taking the funds with him. In the case of smart contracts, users will see inconsistent blockchain states. The eclipse attack is also the source of a more dangerous and far-reaching type of threat-the Erebus Attack. This attack is capable of performing a large-scale blackout on the network, which will cause it to split.
These attacks have been known for a long time. In fact, they are known from the very creation of the first peer-to-peer networks. For example, according to the Kademlia protocol, it was susceptible to such attacks. However, this protocol implements a number of measures to prevent them. Some of these measures are still being implemented today with some improvements. Among these measures are the following:. This system ensures that the peers in the network have a unique and unique identifier.
This is a way to create an ID tree that lets you know who is who on the network. In the blockchain, this is possible due to the use of asymmetric cryptography. However, this measure is not sufficient, because it is possible to run multiple nodes using the same IP address. For example, an attacker can create multiple nodes to control them and continue to apply their attack to the network.
Consequently, this measure is supplemented by the restriction of identities by IP, which prevents the use of this vector. Another important point to avoid Eclipse attacks is to have a reliable peer selection process for the network. For example, in Ethereum, this process uses a protocol based on Kademlia. Another control measure used in the blockchain to avoid cyber threats is the control of incoming and outgoing connections.
To do this, restrictions are set on communication with network nodes, so that in the event of an attack on a node, it can not affect most of the network. This prevents a node from having too much coverage, and an attacker will have to control multiple nodes to make a successful attack. In addition, this measure is being strengthened by decentralizing and expanding the network. In total, these three protections are the most basic that all blockchain networks apply to their protocols. Their goal is clear: to make the eclipse attack very expensive.
The use of all these defenses implies that the attacker must make a huge effort to control the network and carry out their attack.