-
QPQ 1DLT: A system for the rapid deployment of secure and efficient EVM-based blockchains
Authors:
Simone Bottoni,
Anwitaman Datta,
Federico Franzoni,
Emanuele Ragnoli,
Roberto Ripamonti,
Christian Rondanini,
Gokhan Sagirlar,
Alberto Trombetta
Abstract:
Limited scalability and transaction costs are, among others, some of the critical issues that hamper a wider adoption of distributed ledger technologies (DLT). That is particularly true for the Ethereum blockchain, which, so far, has been the ecosystem with the highest adoption rate. Quite a few solutions, especially on the Ethereum side of things, have been attempted in the last few years. Most o…
▽ More
Limited scalability and transaction costs are, among others, some of the critical issues that hamper a wider adoption of distributed ledger technologies (DLT). That is particularly true for the Ethereum blockchain, which, so far, has been the ecosystem with the highest adoption rate. Quite a few solutions, especially on the Ethereum side of things, have been attempted in the last few years. Most of them adopt the approach to offload transactions from the blockchain mainnet, a.k.a. Level 1 (L1), to a separate network. Such systems are collectively known as Level 2 (L2) systems. While mitigating the scalability issue, the adoption of L2 introduces additional drawbacks: users have to trust that the L2 system has correctly performed transactions or, conversely, high computational power is required to prove transactions correctness. In addition, significant technical knowledge is needed to set up and manage such an L2 system. To tackle such limitations, we propose 1DLT: a novel system that enables rapid and trustless deployment of an Ethereum Virtual Machine based blockchain that overcomes those drawbacks.
△ Less
Submitted 16 August, 2022;
originally announced August 2022.
-
Clover: an Anonymous Transaction Relay Protocol for the Bitcoin P2P Network
Authors:
Federico Franzoni,
Vanesa Daza
Abstract:
The Bitcoin P2P network currently represents a reference benchmark for modern cryptocurrencies. Its underlying protocol defines how transactions and blocks are distributed through all participating nodes. To protect user privacy, the identity of the node originating a message is kept hidden. However, an adversary observing the whole network can analyze the spread pattern of a transaction to trace…
▽ More
The Bitcoin P2P network currently represents a reference benchmark for modern cryptocurrencies. Its underlying protocol defines how transactions and blocks are distributed through all participating nodes. To protect user privacy, the identity of the node originating a message is kept hidden. However, an adversary observing the whole network can analyze the spread pattern of a transaction to trace it back to its source. This is possible thanks to the so-called rumor centrality, which is caused by the symmetry in the spreading of gossip-like protocols.
Recent works try to address this issue by breaking the symmetry of the Diffusion protocol, currently used in Bitcoin, and leveraging proxied broadcast. Nonetheless, the complexity of their design can be a barrier to their adoption in real life. In this work, we propose Clover, a novel transaction relay protocol that protects the source of transaction messages with a simple, yet effective, design. Compared to previous solutions, our protocol does not require building propagation graphs, and reduces the ability of the adversary to gain precision by opening multiple connections towards the same node. Experimental results show that the deanonymization accuracy of an eavesdropper adversary against Clover is up to 10 times smaller compared to Diffusion.
△ Less
Submitted 1 September, 2021;
originally announced September 2021.
-
AToM: Active Topology Monitoring for the Bitcoin Peer-to-Peer Network
Authors:
Federico Franzoni,
Xavier Salleras,
Vanesa Daza
Abstract:
Over the past decade, the Bitcoin P2P network protocol has become a reference model for all modern cryptocurrencies. While nodes in this network are known, the connections among them are kept hidden, as it is commonly believed that this helps protect from deanonymization and low-level attacks. However, adversaries can bypass this limitation by inferring connections through side channels. At the sa…
▽ More
Over the past decade, the Bitcoin P2P network protocol has become a reference model for all modern cryptocurrencies. While nodes in this network are known, the connections among them are kept hidden, as it is commonly believed that this helps protect from deanonymization and low-level attacks. However, adversaries can bypass this limitation by inferring connections through side channels. At the same time, the lack of topology information hinders the analysis of the network, which is essential to improve efficiency and security. In this paper, we thoroughly review network-level attacks and empirically show that topology obfuscation is not an effective countermeasure. We then argue that the benefits of an open topology potentially outweigh its risks, and propose a protocol to reliably infer and monitor connections among reachable nodes of the Bitcoin network. We formally analyze our protocol and experimentally evaluate its accuracy in both trusted and untrusted settings. Results show our system has a low impact on the network, and has precision and recall are over 90% with up to 20% of malicious nodes in the network.
△ Less
Submitted 27 July, 2021;
originally announced July 2021.
-
Improving Bitcoin Transaction Propagation by Leveraging Unreachable Nodes
Authors:
Federico Franzoni,
Vanesa Daza
Abstract:
The Bitcoin P2P network is at the core of all communications between clients. The reachable part of this network has been explored and analyzed by numerous studies. Unreachable nodes, however, are, in most part, overlooked. Nonetheless, they are a relevant part of the network and play an essential role in the propagation of messages. In this paper, we focus on transaction propagation and show that…
▽ More
The Bitcoin P2P network is at the core of all communications between clients. The reachable part of this network has been explored and analyzed by numerous studies. Unreachable nodes, however, are, in most part, overlooked. Nonetheless, they are a relevant part of the network and play an essential role in the propagation of messages. In this paper, we focus on transaction propagation and show that increasing the participation of unreachable nodes can potentially improve the robustness and efficiency of the network. In order to do that, we propose a few changes to the network protocol. Additionally, we design a novel transaction propagation protocol that explicitly involves unreachable nodes to provide better protection against deanonymization attacks. Our solutions are simple to implement and can effectively bring immediate benefits to the Bitcoin network.
△ Less
Submitted 28 October, 2020;
originally announced October 2020.
-
Leveraging Bitcoin Testnet for Bidirectional Botnet Command and Control Systems
Authors:
Federico Franzoni,
Ivan Abellan,
Vanesa Daza
Abstract:
Over the past twenty years, the number of devices connected to the Internet grew exponentially. Botnets benefited from this rise to increase their size and the magnitude of their attacks. However, they still have a weak point in their Command & Control (C&C) system, which is often based on centralized services or require a complex infrastructure to keep operating without being taken down by author…
▽ More
Over the past twenty years, the number of devices connected to the Internet grew exponentially. Botnets benefited from this rise to increase their size and the magnitude of their attacks. However, they still have a weak point in their Command & Control (C&C) system, which is often based on centralized services or require a complex infrastructure to keep operating without being taken down by authorities. The recent spread of blockchain technologies may give botnets a powerful tool to make them very hard to disrupt. Recent research showed how it is possible to embed C&C messages in Bitcoin transactions, making them nearly impossible to block. Nevertheless, transactions have a cost and allow very limited amounts of data to be transmitted. Because of that, only messages from the botmaster to the bots are sent via Bitcoin, while bots are assumed to communicate through external channels. Furthermore, for the same reason, Bitcoin-based messages are sent in clear. In this paper we show how, using Bitcoin Testnet, it is possible to overcome these limitations and implement a cost-free, bidirectional, and encrypted C&C channel between the botmaster and the bots. We propose a communication protocol and analyze its viability in real life. Our results show that this approach would enable a botmaster to build a robust and hard-to-disrupt C&C system at virtually no cost, thus representing a realistic threat for which countermeasures should be devised.
△ Less
Submitted 10 June, 2020;
originally announced June 2020.
-
HyBIS: Windows Guest Protection through Advanced Memory Introspection
Authors:
Roberto di Pietro,
Federico Franzoni,
Flavio Lombardi
Abstract:
Effectively protecting the Windows OS is a challenging task, since most implementation details are not publicly known. Windows has always been the main target of malwares that have exploited numerous bugs and vulnerabilities. Recent trusted boot and additional integrity checks have rendered the Windows OS less vulnerable to kernel-level rootkits. Nevertheless, guest Windows Virtual Machines are be…
▽ More
Effectively protecting the Windows OS is a challenging task, since most implementation details are not publicly known. Windows has always been the main target of malwares that have exploited numerous bugs and vulnerabilities. Recent trusted boot and additional integrity checks have rendered the Windows OS less vulnerable to kernel-level rootkits. Nevertheless, guest Windows Virtual Machines are becoming an increasingly interesting attack target. In this work we introduce and analyze a novel Hypervisor-Based Introspection System (HyBIS) we developed for protecting Windows OSes from malware and rootkits. The HyBIS architecture is motivated and detailed, while targeted experimental results show its effectiveness. Comparison with related work highlights main HyBIS advantages such as: effective semantic introspection, support for 64-bit architectures and for latest Windows (8.x and 10), advanced malware disabling capabilities. We believe the research effort reported here will pave the way to further advances in the security of Windows OSes.
△ Less
Submitted 21 January, 2016;
originally announced January 2016.
