Recent DDoS and Bitcoin Attacks Exploiting Internet Routing
Recent DDoS and Bitcoin Attacks Exploiting Internet Routing(Eng.)
The knowledge of Internet architecture and inter-domain routing can be extremely useful for strong and stealthy attacks. In this talk, I will present two such recent examples. First, I will discuss a new adaptive link-flooding attack strategy (IEEE S&P 2019), called a detour-learning attack, that can detect any adaptive rerouting defense attempts by victim networks that are under link-flooding attacks, such as Crossfire or Coremelt. We show that in the current BGP routing any adaptive defense is defeated by our adaptive link-flooding attack because the defense, unfortunately, is inherently slower than attacks. In the second part of the talk, I will present our recent, powerful Bitcoin partitioning attack (IEEE S&P 2020), called an Erebus attack. A previous attack by Apostolaki et al. has shown that network adversaries (e.g., ISPs) can perform a BGP prefix hijacking attack against Bitcoin nodes. However, due to the nature of BGP operation, such a hijacking is globally observable and thus enables immediate detection of the attack and the identification of the perpetrator. Our Erebus attack partitions the Bitcoin network without any routing manipulations, making the attack undetectable to control-plane and even to data-plane detectors. We show that the Erebus attack is readily available for large ISPs against the vast majority of public Bitcoin nodes with negligible attack traffic rate and a modest (e.g., 5–6 weeks) attack execution period. As the attack exploits the topological advantage of being a network adversary but not the specific vulnerabilities of Bitcoin core, no quick patches seem to be available. I will discuss some suggested modifications to the Bitcoin core.
Min Suk is an Assistant Professor of Computer Science Department, School of Computing at National University of Singapore. His research interests lie in the field of network and distributed systems security, blockchain security, and wireless network security. He obtained his PhD degree in Electrical and Computer Engineering from Carnegie Mellon University in 2016 under the supervision of Virgil D. Gligor in CyLab. He received BS and MS degrees in EECS at Korea Advanced Institute of Science and Technology (KAIST) in 2006 and 2008, respectively.