Problems with blockchain

Enterprise 2023-08-15 18:32:52 views: null

Originated from: A Review of Blockchain Key Technologies and Existing Problems_Summary by Liu Shuangyin

Data storage and interaction

  • multi-form data storage
  • Data Update
  • Cross-chain latency

privacy protection

  • User Privacy Protection
  • Enterprise Resource Protection

Resource allocation

  • transaction ordering dependencies
  • High data redundancy
  • unsustainable development
  • Waste of computing power 

vulnerability attack

fork attack

  • The fork caused by the system itself

First of all, under the premise of weak consensus, the block chain will generate multiple blocks (state fork) at the same time due to the characteristics of block generation in the system time sequence, so it is very easy to become the target of attackers; secondly, because the block chain The update of the internal protocol of the system, such as software upgrade, weak consensus cannot require all nodes in the entire system to be updated at the same time, and hard forks or soft forks may occur. In the hard fork, the old node does not recognize the new node, as long as the old node does not update the system fork, it will not disappear. Soft forks are the opposite, as long as blocks are added along the new node, the threat of forks can be eliminated.

  • The attacker actively creates a fork to attack

    • Sybil attack: Puppet accounts generated by the attacking server exceed 51% of the system
    • Double-spending attack: It uses the transmission characteristics of Bitcoin digital encryption currency to make a sum of money "spend twice"
    • Replay attack: The same request is used repeatedly in the Ethereum system, and a sum of money is "received twice", which is just the opposite of "double spending attack"
    • Private mining attack: It mainly refers to the fact that malicious mining pools dug out blocks and conceal them, but continue to mine on the hidden chain. When the hidden chain dug out by malicious mining pools is longer than the legal chain maintained by honest nodes , the malicious mining pool releases a forked chain. Since honest miners will choose the longest chain as the legitimate chain, the forked attack is successfully implemented.

Cryptographic based attack 

The security protection of data in the blockchain is based on pure mathematical calculations in cryptography. The cryptographic algorithms used include MAC function , HASH function , RSA public key encryption system and ECC elliptic curve encryption system, etc. These algorithms are theoretically safe at present, and the generation of keys requires special random elements . The security factor of a key pair generated by a good random element is higher than that of a poor random element, and can be directly Avoid generating duplicate key pairs with other accounts.

For the decryption of key pairs, the most common method of password blasting is dictionary attack : the steps of matching account passwords are automatically executed by constructing scripts of commonly used password combination modes.
Passive attack is based on the traffic analysis of the intercepted data PDU (protocol data unit) by the attacker, and the cumulative response of data packets. The attacker can obtain the length, frequency, characteristics of the data and even crack the content of the information.

Side channel attacks are ubiquitous in any blockchain system. Server hardware stores key information. If the private key is stolen, the account corresponding to the private key can be locked. The stolen private key in the system will not be retrieved, and the same private key will be regenerated It cannot be established in calculation. If there is a report that a certain cryptocurrency is stolen, it means that the private key has been stolen. Since the blockchain data cannot be changed, once the criminal steals a private key and transfers the relevant funds to another account publicly
, This deal is usually irreversible.

Attacks Based on Consensus Algorithms

 Attacks based on consensus algorithms include 51% computing power attacks , long-range attacks , DDOS attacks , block interception attacks , and penetration game attacks .

51% computing power attack refers to that PoW competes for block accounting rights through computing power competition. If malicious nodes have 51% hash power, they can launch an attack.

Long-range attacks refer to creating another chain that is completely different from the main chain from the genesis block, trying to replace the original main chain. The transactions in it are not completely consistent with the users. Due to the weak subjectivity of nodes, long-range attacks have become the largest PoS chain. threat.

DDOS attack means that the attacker uses a huge IP group to send a large number of invalid requests to the target host, causing the target host to fail to receive real requests, and sometimes even causing system paralysis, resulting in extremely low consensus efficiency, such as very few in Hyperledger Fabric Endorsement nodes are easy targets of attack.

Block interception attacks refer to malicious miners discarding all successful answers and only submitting part of the answers to the mine pool administrator, causing the pool to lose money. Although block interception will not cause great harm to the blockchain, it will reduce the income of mining pools and honest nodes, and at a very low cost, the mining pool will no longer be trusted by honest nodes.
The principle of the penetration game comes from the game tree, that is, the attacker chooses to infiltrate the block nodes, which generally occurs in vicious competition between mining pools, so a game state is formed on the attacked nodes, and all parties maximize their own interests .

Attacks Based on Smart Contracts

 DAO (Decentralized Autonomous Organizationd ) : A well-known hacking event in the history of the blockchain. Because of the system code loopholes, the attacker can indirectly recursively call the loophole function, aiming to forcibly create branches in the system and obtain Ethereum on each branch. The DAO attack caused $60 million in monetary losses.

Timestamp dependent attack: In Ethereum, it is necessary to keep the time between nodes "roughly the same" rather than completely consistent. The hash value of the predecessor block and the number of blocks are known other contract variables, such as resulting in The reason for the random number is also known. Therefore, the miner can pre-calculate and select the timestamp, and the miner can randomly generate a result in his favor, and the attacker uses this deviation to influence the setting of the timestamp and launch an attack.

Call stack depth attack : The smart contract stipulates that when an external user calls a contract user, the contract stack will automatically increase by one bit, and when the stack is full, an overflow exception will occur. In Ethereum, the smart contract stipulates that the maximum stack size is 1024 bits. The attacker generates a nearly full stack before launching the attack. When the target contract is called again, the stack overflow will throw an exception, causing the system to crash lightly.
Transaction order dependency attack : Two transactions contained in a block call a contract at the same time, causing the user to not know which state the contract is in when they call individually, so there is a difference between the contract state that the user intends to call and the actual state that occurs at the time of execution , so only the miners responsible for mining can determine the final state of the contract, that is, the execution order of transactions. Malicious users can take advantage of the contract's transaction ordering dependencies to gain more profits, and even steal users' money.
Code vulnerability: When the calculation result cannot be placed in the integer data type during the operation, an integer overflow will occur. For example, the solidity language used by Ethereum has this serious vulnerability, which will cause attackers to obtain unauthorized digital assets, and the solidity language cannot support decimal points, which may make a blockchain project halfway due to inconsistent data formats or precision mismatches. die young.

Routing change attack: The attacker uses the dynamically changing route of BGP (routing protocol between autonomous systems) to change its own network prefix to pretend to be other nodes, and intercepts the targeted traffic of the target node to guide the data flow to the original wrong route.

other attacks

Virus attack : With the widespread application of blockchain platforms at this stage, there is no uniform standard for standardization constraints. It is easy for attackers to implant viruses or Trojan horses, which will seriously threaten the financial status of users.

Supply chain attack: Most companies will outsource their large-scale business to other technology companies or joint operations of multiple companies, but in many cases, this potential danger is the partner, who may be a rogue company or have rogues Employees, there are already loopholes in the production process of the system.
Man-in-the-middle attack: The attacker intercepts, eavesdrops or even tampers with the information transmitted in the network, but will not disturb the attack method of the two communicating parties.
Replay attack: The last transmitted information is merged with the current transmitted information and then sent to deceive the system and hinder authentication.
Social engineering analysis: Analyze the transaction data of certain accounts, and get the real identity of the user by contacting his life trajectory in reality.
Malware attack: Attackers send malware to users to defraud users of login information to steal account information and node private keys.
Side channel attack: The attacker attacks or even destroys the physical equipment that supports the operation of the blockchain under the chain, resulting in damage to the hard disk of the server and loss of data. Although the attacker has achieved the destruction of the integrity of the blockchain distributed ledger, it does not benefit the attacker himself.

To sum up, the reasons for global blockchain security incidents include two aspects: on the one hand, the security issues faced by the technical limitations of its consensus mechanism, private key management, smart contracts, etc.; The characteristics of chain decentralization and autonomy have brought new challenges to existing technical means such as data storage, privacy protection, and resource allocation.

Guess you like

Origin blog.csdn.net/m0_61970067/article/details/123870753
Recommended
NYSE technical issues send Berkshire Hathaway (BRK.A) down nearly 100%
Ranking
Why is BufferedReader read() much slower than readLine()?
postman Interface learning from entry to the master
Create function example
Bitmap compression strategy
Day05 common data type built-in method
統一されたセマンティック表現に基づくマルチユーザー異種セマンティック ネットワーク
The "4+1" view of the system architect's architecture and the "4+1" view of UML
[User Tutorial] Migrating DGPals to Cronos Protocol
Summer training topics
Version 3.2.0 preview! Remote logs solve the problem of unable to obtain logs due to Worker failure
Daily
More
2024-06-03(1)
2024-06-02(0)
2024-06-01(1)
2024-05-31(1)
2024-05-30(0)
2024-05-29(1)
2024-05-28(1)
2024-05-27(1)
2024-05-26(0)
2024-05-25(3)

Code World

© 2018 codetd.com