Top

Published in:

2019 | OriginalPaper | Chapter

Risk of Asynchronous Protocol Update: Attacks to Monero Protocols

Authors : Dimaz Ankaa Wijaya, Joseph K. Liu, Ron Steinfeld, Dongxi Liu

Published in: Information Security and Privacy

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

In a cryptocurrency system, the protocol incorporated in the node application runs without human intervention. Cryptographic techniques are implemented to determine the ownership of the coins; they enable the owners to transfer the ownership of the coins to other users. Consensus protocols are employed to determine the source of the truth of the information contained in the public ledger called blockchain. When the protocol needs to be updated, all nodes need to replace the application with the newest release. We explore an event where an asynchronous protocol update opens a vulnerability in Monero nodes which have not yet updated to the newest software version. We show that a Denial of Service attack can be launched against the nodes running the outdated protocol, where the attack significantly reduces the system’ performance. We also show that an attacker, given a sufficient access to cryptocurrency services, is able to utilise the Denial of Service attack to launch a traceability attack.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter A Flexible Instant Payment System Based on Blockchain

next chapter A Combined Micro-block Chain Truncation Attack on Bitcoin-NG

Based on Coinmarketcap.com as of 4 February 2019.

https://monero-original.org.

http://monero-classic.org.

https://monero0.org.

As of 12 February 2019, no cryptocurrency exchange trades XMO. However, the market price history provided by Coinmarketcap.com shows that XMO were traded until 1 February 2019. Based on Coinmarketcap.com, XMC is currently available in Gate.io, HitBTC, and TradeOgre.

According to Monero0.org, the Monero0 nodes are: 159.65.227.38, 167.99.96.174, 159.65.113.142. Based on our investigation, all of these nodes were no longer accessible as of early February 2019.

https://github.com/monero-project/monero/pull/3205.

The open source software is available in Monero’s Github page https://github.com/monero-project/monero.

https://github.com/moneroexamples/onion-monero-blockchain-explorer.

https://github.com/shoupn/moneropy.

Baqer, K., Huang, D.Y., McCoy, D., Weaver, N.: Stressing out: bitcoin “stress testing”. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 3–18. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4_1CrossRef

Bonneau, J., Miller, A., Clark, J., Narayanan, A., Kroll, J.A., Felten, E.W.: Sok: research perspectives and challenges for bitcoin and cryptocurrencies. In: 2015 IEEE Symposium on Security and Privacy, pp. 104–121. IEEE (2015)

Bradbury, D.: The problem with bitcoin. Comput. Fraud Secur. 11, 5–8 (2013)CrossRef

Monero Classic. Upgrade announcement of xmc (2018). http://monero-classic.org/open/notice_en.html

cmaves. 0-conf possible attack using large transactions (2018). https://github.com/amiuhle/kasisto/issues/33

cmaves. Possible mempool spam attack (2018). https://github.com/monero-project/monero/issues/3189

dEBRYUNE. Pow change and key reuse (2018). https://ww.getmonero.org/2018/02/11/PoW-change-and-key-reuse.html

Hinteregger, A., Haslhofer, B.: An empirical analysis of monero cross-chain traceability (2018). arXiv preprint arXiv:1812.02808

jtgrassie. Why are there transactions in the mempool that are invalid or over 50 hours old? (2018). https://monero.stackexchange.com/a/8513

10.

Kumar, A., Fischer, C., Tople, S., Saxena, P.: A traceability analysis of monero’s blockchain. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 153–173. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_9CrossRef

11.

Liu, J.K., Au, M.H., Susilo, W., Zhou, J.: Linkable ring signature with unconditional anonymity. IEEE Trans. Knowl. Data Eng. 26(1), 157–165 (2014)CrossRef

12.

Liu, J.K., Wei, V.K., Wong, D.S.: Linkable spontaneous anonymous group signature for ad hoc groups. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 325–335. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-27800-9_28CrossRef

13.

Monero. Monero XMR forks & hard forks. https://monero.org/forks/. Accessed 4 February 2019

14.

Monero. Monero project github page (2018). https://github.com/monero-project/monero. Accessed 4 February 2019

15.

Möser, M., et al.: An empirical analysis of traceability in the monero blockchain. Proc. Priv. Enhancing Technol. 2018(3), 143–163 (2018)CrossRef

16.

Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008). http://bitcoin.org/bitcoin.pdf

17.

Sun, S.-F., Au, M.H., Liu, J.K., Yuen, T.H.: RingCT 2.0: a compact accumulator-based (linkable ring signature) protocol for blockchain cryptocurrency monero. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 456–474. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_25CrossRef

18.

Nicolas van Saberhagen. Cryptonote v 2.0 (2013) (2018). https://cryptonote.org/whitepaper.pdf

19.

Vasek, M., Thornton, M., Moore, T.: Empirical analysis of denial-of-service attacks in the bitcoin ecosystem. In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds.) FC 2014. LNCS, vol. 8438, pp. 57–71. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44774-1_5CrossRef

20.

Wijaya, D.A., Liu, J., Steinfeld, R., Liu, D.: Monero ring attack: recreating zero mixin transaction effect. In: 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), pp. 1196–1201. IEEE (2018)

21.

Wijaya, D.A., Liu, J., Steinfeld, R., Liu, D., Yuen, T.H.: Anonymity reduction attacks to monero. In: Guo, F., Huang, X., Yung, M. (eds.) Inscrypt 2018. LNCS, vol. 11449, pp. 86–100. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-14234-6_5CrossRef

22.

Yu, Z., Au, M.H., Yu, J., Yang, R., Xu, Q., Lau, W.F.: New empirical traceability analysis of cryptonote-style blockchains (2019)

23.

Zamyatin, A., Stifter, N., Judmayer, A., Schindler, P., Weippl, E., Knottenbelt, W.J.: A wild velvet fork appears! inclusive blockchain protocol changes in practice. In: Zohar, A., Eyal, I., Teague, V., Clark, J., Bracciali, A., Pintore, F., Sala, M. (eds.) FC 2018. LNCS, vol. 10958, pp. 31–42. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-662-58820-8_3CrossRef

Title: Risk of Asynchronous Protocol Update: Attacks to Monero Protocols
Authors: Dimaz Ankaa Wijaya
Joseph K. Liu
Ron Steinfeld
Dongxi Liu
Publisher: Springer International Publishing
Book: Information Security and Privacy
Print ISBN: 978-3-030-21547-7

Electronic ISBN: 978-3-030-21548-4

Copyright Year: 2019
DOI: https://doi.org/10.1007/978-3-030-21548-4_17

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner