日常前言
- 工作後第一個金三銀四,算是見識到了。今年開年的時候上頭就一直在說現在是行業寒冬了,大家也都明白,估計獎金什麼的都要大縮水了。本來平時待遇也只是行業中偏下水平,每年就靠獎金平衡收入……emmmmmm於是好多同事走人了,我的導師都跳槽了……
- 本來我們組就人少,現在又走了一個,不知道之後項目壓力會不會變大。希望項目上的 Bug 不要太多,感覺一直陷在解 Bug 的無限循環裏對自身能力提升沒多大益處,只不過是把自己變成能熟練解 Bug 的人而已,三五年後可能就沒有多大的競爭力了。如果能抽出一半的時間去學習 Camera HAL 層的一些邏輯和架構的設計,以及深究 3A 之類的底層算法,我認爲不僅會使個人能力飛躍,在項目上完成任務的效率也應能提升不少。
- 其實我也思考過是不是要考慮換個環境了,但是最終還是覺得現在還不是時候。首先是能力還沒有達到我自己設定的目標,現在雖然代碼實踐能力提升了不少,但架構思維尚未成型,而且算法方面的功力有所下降。其次現在若是走人,也只能換個同類型的工作,依舊是終日解 Bug,而在目前崗位上所積累下來的東西可能就半途而廢了。最後就是更現實的一點了,我還沒有把握能跳到一個薪資能提高比較多的地方……
- 好吧,迴歸正題,第三期翻譯活動是關於區塊鏈的。其實我自己對區塊鏈並不很感興趣,但既然它現在這麼火爆(雖然有一定的炒作成分),又是關於技術的東西,那當然要了解一下了。
- 對了,上期活動鵝廠又發了兩個獎品,一個哈士企,一個哈士企抱枕……果真鵝廠風範,但是家裏裝不下這麼多周邊啊……
本期依舊被採納三篇:
版權相關
翻譯人:StoneDemo,該成員來自雲+社區翻譯社
原文鏈接:Hijacking Bitcoin: Routing Attacks on Cryptocurrencies
原文作者:Maria Apostolaki, Aviv Zohar, and Laurent Vanbever
Hijacking Bitcoin: Routing Attacks on Cryptocurrencies
題目:(劫持比特幣:對加密貨幣進行路由攻擊)
At a high-level, Bitcoin is a randomly-established peer-to-peer network composed of thousands of nodes and tens of thousands of connections which rely on flooding to propagate transactions. As an attacker, being able to prevent the spread of information in such a network seems unrealistic, if not impossible.
在高層次上,比特幣是一個隨機建立的對等網絡(Peer-to-peer network),這一網絡由數千個節點和成千上萬的依賴泛洪路由(Flooding)傳播交易的連接組合而成。作爲攻擊者,阻止信息在這樣的網絡中傳播似乎是不現實的,甚至可以說是不可能的。
Yet, this apparently sensible observation does not take into account that the Internet routing infrastructure (i.e., the set of protocols that govern how Internet traffic flows) is notoriously insecure and can easily be manipulated by attackers to intercept Bitcoin traffic. It also does not consider that large Internet Service Providers (ISPs), such as the ones sitting in the core of the Internet, might be naturally crossed by a large fraction of Bitcoin traffic already. Since Bitcoin messages are exchanged in clear text and without integrity checks, any (malicious) third-party on the forwarding path can eavesdrop, drop, modify, inject, or delay Bitcoin messages. The question is then: Is Bitcoin vulnerable to such routing attacks?
然而,這種對錶象的觀察並沒有考慮到互聯網路由的基礎結構(即管理網絡流量流動方式的一組協議)是出了名的不安全,並且還很容易被攻擊者操縱來攔截比特幣流量。同時也未考慮到大型互聯網服務提供商(ISP,Internet Service Provide),例如那些位於互聯網核心的提供商,它們可能已經自然而然地被大量的比特幣流量所穿越。由於比特幣信息通過明文形式交換,並且不進行完整性檢查,因此轉發路徑上的任何(懷有惡意的)第三方都可以竊聽,丟棄,修改,注入或延遲比特幣信息。那麼問題來了:比特幣是否容易受到這樣的路由攻擊呢?
In our recent paper Hijacking Bitcoin: Routing Attacks on Cryptocurrencies to appear at the IEEE Symposium on Security and Privacy, we shed light on these aspects by studying the security of Bitcoin from an Internet routing perspective and quantify the potential disruptive effects of network attackers. Among others, we show that:
Bitcoin is surprisingly centralized from an Internet routing perspective: 20% of the Bitcoin nodes are hosted in less than 100 IP prefixes. To put this in perspective, there are close to 600,000 IP prefixes advertised in the Internet today. At the same time, few well-established ISPs (e.g. Hurricane Electric) naturally see a large fraction of the Bitcoin traffic. Together, these two characteristics make large-scale routing attacks surprisingly practical.
Because of its centralization, partitioning the Bitcoin network and isolate 50% of its mining power only requires a small routing attack, one which is orders of magnitude smaller than the attacks routinely seen in the Internet today. Any malicious ISP with access to the Internet routing infrastructure can perform this attack which starts to be effective after only few minutes (according to our own measurements on the live network).
- Any ISP transiting Bitcoin traffic can delay the propagation of mined blocks (for up to 20 minutes), in a stealth way, even if she sees one direction of the traffic.
- Bitcoin traffic is impacted by routing attacks today. We found many examples of actual routing attacks that ended up diverting Bitcoin traffic.
- While multi-homing and end-to-end encryption (BIP 151) reduce the risks of network attacks, they do not prevent them. Our results show that even heavily multi-homed mining pools are vulnerable to routing attacks. Further, end-to-end encryption do not prevent an attacker from dropping Bitcoin connections.
我們近期完成的論文 “劫持比特幣:對加密貨幣進行路由攻擊” 發表在了 IEEE 安全和隱私專題研討會上,我們從網絡路由(Internet routing)的視角對比特幣的安全性進行了研究,並將網絡攻擊者的潛在破壞性影響量化,從而闡明瞭這些方面。其中,我們的分析表明:
- 出乎意料的是,從網絡路由的角度來看,比特幣是如此地集中:不到 100 個 IP 前綴卻承載了 20% 的比特幣節點(而現今互聯網上已公佈了接近 600,000 個 IP 前綴)。同時,少數成熟的 ISP(比如,颶風電氣 Hurricane Electric)能輕易地看到大部分的比特幣流量。綜合這兩個特徵,它們使得大規模的路由攻擊出奇地實用。
(橫軸表示 ISP 數量,縱軸表示承載比特幣節點的百分比)僅 13 個 AS(Autonomous System,自治系統) 就承載整個網絡的 30%,而 50 個 AS 承載了比特幣網絡的 50%。
- 由於集中化,(攻擊者)僅需進行一次小型路由攻擊就能將比特幣網絡分割開來,並隔離其 50% 的採礦算力,這種攻擊比現在在網絡中常見的攻擊小得多。任何能夠訪問網絡路由基礎結構的惡意 ISP 都可以執行這種攻擊,而這種攻擊在幾分鐘後就能見效(根據我們在現場網絡上的測量結果)。
- 任何傳輸比特幣流量的 ISP 都可以用隱祕的方式來延遲採礦區塊的傳播(長達20分鐘),儘管她看到了流量的一個方向。
- 比特幣流量現今已經受到過路由攻擊的影響。我們發現了許多路由攻擊的實際例子,它們最終導致比特幣流量轉移。
- 雖然多歸屬(Multi-homing)和端到端加密(BIP 151)降低了網絡攻擊的風險,但它們不會阻止攻擊。我們的研究結果表明,即使是重量級的多歸屬礦池也容易受到路由攻擊。此外,端到端加密不會阻止攻擊者丟棄(Dropping)比特幣連接。
In this post, we take a closer look at these issues. We start by describing the two possible network attacks which we consider, namely partitioning and delay attacks, along with their potential impact on Bitcoin. We then discuss some short and long-term countermeasures that would increase Bitcoin’s robustness against network attackers. More details on our work can be found on our website.
在本文中,我們將仔細研究這些問題。首先描述我們所考慮的兩種可能的網絡攻擊,即分割法攻擊(Partitioning attacks)和延遲攻擊(Delay attacks),以及它們對比特幣的潛在影響。然後,我們將討論一些短期和長期的對策,以提升比特幣針對網絡攻擊者的健壯性。更多關於我們所作工作的細節,可以到我們的網站上繼續瞭解。
Partitioning attacks
(分割法攻擊)
With partitioning attacks, an attacker aims at splitting the Bitcoin network into (at least) two disjoint components such that no information (e.g. transaction) can be exchanged between them. To partition the network into two components, a network attacker intercepts all the traffic destined to all the Bitcoin nodes contained within one of the component and drops any connection to the other component. To intercept traffic, a network attacker relies on vulnerabilities in the Border Gateway Protocol (BGP), the only Internet routing protocol used today, which does not validate the origin of routing announcements. These attacks, commonly referred to as BGP hijacks, involve getting a router to falsely announce that it has a better route to some IP prefix. By hijacking all the IP prefixes pertaining to the nodes in one component, the attacker can effectively intercept all the traffic exchanged between the two components. Once on path, the attacker can sever all these connections effectively disconnecting the two components. An animation of the attacks can be found on our website.
採用分割法攻擊時,攻擊者的目的是將比特幣網絡分成(至少)兩個獨立的組成部分,使它們之間無法交換任何信息(如交易信息)。爲將網絡劃分爲兩個部分,網絡攻擊者會攔截掉流向其中一部分的所有比特幣節點的全部流量,並且斷開任何與另一部分的連接。爲了攔截流量,網絡攻擊者依賴於邊界網關協議(BGP,Border Gateway Protocol)中的漏洞,這是當前唯一使用的互聯網路由協議,而它並不驗證路由通告(Routing announcements)的來源。這類攻擊通常稱爲 BGP 劫持,這涉及到讓路由器進行虛假通告:它有一個更好的到達某些 IP 前綴的路由。通過對一個部分中的節點有關的所有 IP 前綴進行劫持,攻擊者可以有效攔截在這兩個組成部分之間交換的所有流量。一旦劫持成功,攻擊者就可以有效地切斷所有連接,從而將這兩個組成部分隔離。在我們的網站上,可以找到一個關於這種攻擊的動畫演示。
圖示說明了 AS 級別的攻擊者(AS8)是如何通過劫持前綴以攔截比特幣流量,從而隔離節點集 P =(A,B,C,D,E) 的。
The extreme centralization of Bitcoin from an Internet viewpoint makes partition attacks particularly effective as few IP prefixes need to be hijacked. Indeed, our measurements show that 50% of Bitcoin mining power is hosted in only 39 prefixes (i.e., in 0.007% of all Internet prefixes). This allows an attacker to isolate ~50% of the mining power by hijacking only these 39 prefixes. Much larger BGP hijacks (involving orders of magnitude more IP prefixes) are routinely seen in the Internet today.
從互聯網的角度來看,比特幣的極度集中化使得分割法攻擊特別有效,因爲只需要劫持少數的 IP 前綴即可實施攻擊。的確,我們的測量表明,僅僅 39 個前綴(即佔所有互聯網前綴的 0.007%)就承載了 50% 的比特幣挖礦算力。這就使得攻擊者可以通過劫持這 39 個前綴來隔離約 50% 的挖礦算力。而今天在互聯網上我們常常會看到更大規模的 BGP 劫持(這涉及到更高數量級的 IP 前綴)。
While intercepting Bitcoin traffic using BGP hijacking is effective, any un-intercepted Bitcoin connection bridging the two components would quickly render the partition ineffective. Due to factors such as multi-homing, some nodes cannot be prevented from exchanging information, forming some kind of persistent connections. The presence of such connections makes partitioning attacks more challenging for the attacker, but not impossible. In our paper, we elaborate on how an attacker can provably identify and mitigate these persistent rogue connections by reducing the size of the partition she is trying to achieve.
雖然使用 BGP 劫持來攔截比特幣流量是有效的,但在兩個組成部分之間的任何未被攔截的比特幣連接都會很快導致分割法失效。由於多歸屬等因素,一些節點間的信息交換無法阻止,它們形成了某種持久的連接。這種連接的存在使得分割法攻擊對攻擊者來說更具挑戰性,但並非不可行。在我們的論文中,我們詳細闡述了攻擊者如何能夠通過減小她試圖實現的分割大小,來鑑別並規避這些持續而又頑固的連接。
By partitioning the network, the attacker forces the creation of two parallel blockchains. After the attack, all the blocks mined by the side with the shorter chain will be discarded together with all included transactions and the corresponding miners’ revenues. Moreover, discarded transactions will be irrecoverably canceled if there exist other transactions in the prevailing branch of the chain which spent the exact same Bitcoins (conflicting transactions).
通過分割網絡,攻擊者強制創建兩個並行的區塊鏈。在攻擊完成後,所有由短鏈一方所開採的區塊將被丟棄,這其中包括了所有的交易和相應的礦工的收入。此外,如果在使用完全相同的比特幣(衝突交易,Conflicting transaction)的主流分支中存在其他交易,則被丟棄的交易將被永久地取消。
Delay attacks
(延遲攻擊)
Bitcoin nodes are designed to request blocks from only a single peer to avoid overtaxing the network with excessive block transmissions. The block is requested again (from another peer) only if the request is not answered after 20 minutes. This design decision, coupled with the fact that Bitcoin traffic is unencrypted, allows for a powerful attack in which anyone intercepting Bitcoin traffic can delay block propagation on the corresponding connections. To do so, the attacker performs simple modification to the content of the Bitcoin messages she intercepts. As Bitcoin messages are not protected against tampering, neither the receiver nor the sender have any indication that the message has been modified, allowing the attacker to stay under the radar. The actual impact of such an attack depends on the victim and ranges from double spending (for merchant nodes) to wasted computation power (for miners). An animation of the attack can be found here.
比特幣節點被設計爲僅請求來自單個對等體的區塊,以避免過度的塊傳輸導致網絡過載。只有當發送請求 20 分鐘後無應答時,該塊纔再次被請求(來自另一個對等體)。這樣的設計,再加上比特幣流量未加密的事實,就使得任何攔截比特幣流量的人都可以在相應的連接上延遲區塊的傳播。爲做到這一點,攻擊者會對其攔截到的比特幣信息的內容進行簡單修改。由於比特幣信息無法防止篡改,接收方和發送方都發現不了信息中有任何被修改的跡象,從而使攻擊者不會被發現。這種攻擊所造成的實際影響取決於受害者,影響範圍從重複支付(對於商家節點)一直到計算能力的浪費(對於礦工)。點擊此處可以觀看這種攻擊相關的演示動畫。
圖示說明了一個 AS8 的攻擊者是如何自然地攔截受害者(節點 C)的部分流量,並將其區塊交付延遲了 20 分鐘的。
Like for partition attacks, the centralization of Bitcoin nodes in few networks and prefixes, combined with the centralization of mining power in few pools, make delay attacks practical. We found that three ISPs together see 60% of all Bitcoin traffic. If malicious, these ISPs could therefore effectively and invisibly keep many bitcoin nodes uninformed. Unlike partitioning attacks though, we also found that even these powerful attackers could not disrupt the entire cryptocurrency. So, even though many nodes would be slowed down, Bitcoin, as a whole, would still function.
正如分割法攻擊一般,在少數網絡和前綴中比特幣節點的集中化特性,以及在少數礦池中所聚集的挖礦算力,它們使延遲攻擊是可實現的。我們發現三家 ISP 一起看到了 60% 的比特幣流量。如果這些 ISP 懷有惡意,它們則可以因此有效地(並且在無形之中)讓很多比特幣節點不被通知。我們還發現,與分割法攻擊不同的是,即使這些攻擊者很強大,也無法瓦解整個加密貨幣。所以,儘管許多節點速度會減慢,但比特幣作爲一個整體仍然可以發揮作用。
We verified the practicality of a delay attack by performing one against our own nodes. We found that a network attacker that intercepts only half of a victim’s connections can keep it uninformed for 64% of its uptime. We also found that the vast majority of the Bitcoin nodes (70%) are vulnerable to such an attack today.
我們對自己的節點執行了一次延遲攻擊,以驗證其實用性。我們發現只攔截了半數受害者連接的網絡攻擊者,就能夠延遲正常運行時間的 64%。我們還發現,絕大多數比特幣節點(70%)目前很容易受到這種攻擊。
How can we prevent network attacks?
(我們如何預防網絡攻擊?)
Fortunately, there are both short- and long-term countermeasures against network attacks. First, peer selections could be made routing-aware. Bitcoin nodes could, for example, aim at maximizing the diversity of the Internet paths seen by their connections to minimize the risk that an attacker can intercept all of them. Moreover, nodes could monitor the behavior of their connections to detect events like abrupt disconnections from multiple peers or unusual delays in block delivery. These events could serve as an early indicator of a routing attack and could, for instance, trigger the establishment of extra randomly-selected connections. Finally, solutions like end-to-end encryption would also help (especially against delay attacks). Yet, encryption alone would not be sufficient to protect against partitioning attacks as an attacker can still drop encrypted Bitcoin connections.
幸運的是,我們有針對網絡攻擊的短期和長期對策。首先,節點選擇可以被路由感知(Routing-aware)。例如,比特幣節點可以針對性地對其連接可見的網絡路徑的多樣性進行最大限度的利用,以使攻擊者可以攔截到所有這些網絡的風險降到最低。此外,節點可以監視其連接的行爲,從而發現諸如突然與多個對等節點斷開連接,或者區塊交付中不尋常的延遲,這類事件。這些事件可以作爲路由攻擊的早期指標(Early indicator),並且可以觸發一些保護機制,例如建立額外的隨機選擇的連接。最後,諸如端到端加密這般解決方案也許會有所幫助(特別是針對延遲攻擊)。然而,它並不足以防範分割法攻擊,因爲攻擊者仍然可以丟棄加密的比特幣連接。
Summary
(總結)
The purpose of our research is to raise the awareness of the Bitcoin community on the need to prevent routing attacks from disrupting the cryptocurrency. While we have no evidence that large-scale routing attacks against Bitcoin have already been performed in the wild, we believe few key characteristics make these attacks practical and potentially highly disruptive. These characteristics include: the high centralization of Bitcoin (from a mining and routing perspective), the lack of authentication and integrity checks, and some design choices pertaining, for instance, to how a node requests a block. We are currently in the process of implementing some of the countermeasures highlighted above. Clearly, we wouldn’t mind some help in doing so!
我們研究的目的,是提高比特幣社區對與防止路由攻擊破壞加密貨幣的需求的認識。儘管我們沒有證據表明針對比特幣的大規模路由攻擊已經在暗中進行,但我們認爲少數的關鍵特徵使得這些攻擊具有實用性,並且可能是極具破壞性的。這些特徵包括:比特幣的高度集中(從挖礦和路由的角度來看),缺少身份驗證和完整性檢查,以及一些相關的設計選擇(例如節點請求區塊的方式)。目前我們正在實施上述所強調的一些對策。顯然,我們不會介意有人能來幫忙的!