nach oben

Erschienen in:

2017 | OriginalPaper | Buchkapitel

An Adaptive Gas Cost Mechanism for Ethereum to Defend Against Under-Priced DoS Attacks

verfasst von : Ting Chen, Xiaoqi Li, Ying Wang, Jiachi Chen, Zihao Li, Xiapu Luo, Man Ho Au, Xiaosong Zhang

Erschienen in: Information Security Practice and Experience

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The gas mechanism in Ethereum charges the execution of every operation to ensure that smart contracts running in EVM (Ethereum Virtual Machine) will be eventually terminated. Failing to properly set the gas costs of EVM operations allows attackers to launch DoS attacks on Ethereum. Although Ethereum recently adjusted the gas costs of EVM operations to defend against known DoS attacks, it remains unknown whether the new setting is proper and how to configure it to defend against unknown DoS attacks. In this paper, we make the first step to address this challenging issue by first proposing an emulation-based framework to automatically measure the resource consumptions of EVM operations. The results reveal that Ethereum’s new setting is still not proper. Moreover, we obtain an insight that there may always exist exploitable under-priced operations if the cost is fixed. Hence, we propose a novel gas cost mechanism, which dynamically adjusts the costs of EVM operations according to the number of executions, to thwart DoS attacks. This method punishes the operations that are executed much more frequently than before and lead to high gas costs. To make our solution flexible and secure and avoid frequent update of Ethereum client, we design a special smart contract that collaborates with the updated EVM for dynamic parameter adjustment. Experimental results demonstrate that our method can effectively thwart both known and unknown DoS attacks with flexible parameter settings. Moreover, our method only introduces negligible additional gas consumption for benign users.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nächstes Kapitel A User-Friendly Centrally Banked Cryptocurrency

Ethereum homestead documentation (2017). https://goo.gl/V6PmCg

Etherscan - transactions (2017). https://etherscan.io/txs

Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on Ethereum smart contracts (SoK). In: Proceedings of the POST (2017)

Bhargavan, K., Delignat-Lavaud, A., Fournet, C., Gollamudi, A., Gonthier, G., Kobeissi, N., Rastogi, A., Sibut-Pinote, T., Swamy, N., Zanélla-Beguelin, S.: Formal verification of smart contracts: short paper. In: Workshop, PLAS (2016)

Buterin, V.: Eip150: long-term gas cost changes for IO-heavy operations to mitigate transaction spam attacks (2016). https://goo.gl/8gwNCL

Buterin, V.: A state clearing faq (2016). https://goo.gl/x5QRrd

Buterin, V.: Transaction spam attack: next steps (2016). https://goo.gl/uKi9Ug

Carter, J.: Bitcoin vs distributed ledger vs ethereum vs blockchain (2016). https://goo.gl/3EQVdJ

Chen, T., Li, X., Luo, X., Zhang, X.: Under-optimized smart contracts devour your money. In: Proceedings of the SANER (2017)

10.

Chen, T., Li, X., Luo, X., Zhang, X.: System-level attacks against android by exploiting asynchronous programming. Softw. Qual. J. 1–26 (2017). https://doi.org/10.1007/s11219-017-9374-6

11.

CoinGecko: Ethereum/us dollar price chart (2017). https://goo.gl/pezZAn

12.

Dinh, T., Wang, J., Chen, G., Liu, R., Ooi, B., Tan, K.: Blockbench: a framework for analyzing private blockchains. In: Conference on SIGMOD/PODS (2017)

13.

Hirai, Y.: Defining the ethereum virtual machine for interactive theorem provers. In: Proceedings of the WTSC (2017)

14.

Jiang, M., Wang, C., Luo, X., Miu, M., Chen, T.: Characterizing the impacts of application layer DDoS attacks. In: Proceedings of the IEEE ICWS (2017)

15.

Juels, A., Kosba, A., Shi, E.: The ring of Gyges: investigating the future of criminal smart contracts. In: Proceedings of the CCS (2016)

16.

Kosba, A., Miller, A., Shi, E., Wen, Z., Papamanthou, C.: Hawk: the blockchain model of cryptography and privacy-preserving smart contracts. In: Proceedings of the S&P (2016)

17.

Luo, X., Chang, R.: Optimizing the pulsing denial-of-service attacks. In: Proceedings of the DSN (2005)

18.

Luu, L., Chu, D.H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: Proceedings of the CCS (2016)

19.

Maltsev, P.: White paper: a next-generation smart contract and decentralized application platform (2017). https://goo.gl/6Y8ivs

20.

Pettersson, J., Edström, R.: Safer smart contracts through type-driven development. Master’s thesis, Chalmers University Of Technology And University Of Gothenburg (2016)

21.

Rocky: Ethereum faces another dos attack (2016). https://goo.gl/sAUjJ7

22.

Sergey, I., Hobor, A.: A concurrent perspective on smart contracts. In: Proceedings of the WTSC (2017)

23.

Tang, Y., Luo, X., Hui, Q., Chang, R.: Modeling the vulnerability of feedback-control based internet services to low-rate dos attacks. IEEE Trans. Inf. Forensics Secur. 9(3), 339–353 (2014)CrossRef

24.

Wood, G.: Ethereum: a secure decentralised generalised transaction ledger, EIP-150 revision (2016). http://gavwood.com/paper.pdf

25.

Xue, L., Luo, X., Chan, E., Zhan, X.: Towards detecting target link flooding attack. In: Proceedings of the USENIX LISA (2014)

26.

Yasaweerasinghelage, R., Staples, M., Weber, I.: Predicting latency of blockchain-based systems using architectural modelling and simulation. In: Conference on ICSA (2017)

27.

Zhang, F., Cecchetti, E., Croman, K., Juels, A., Shi, E.: Town crier: an authenticated data feed for smart contracts. In: Proceedings of the CCS (2016)

Titel: An Adaptive Gas Cost Mechanism for Ethereum to Defend Against Under-Priced DoS Attacks
verfasst von: Ting Chen
Xiaoqi Li
Ying Wang
Jiachi Chen
Zihao Li
Xiapu Luo
Man Ho Au
Xiaosong Zhang
Verlag: Springer International Publishing
Buch: Information Security Practice and Experience
Print ISBN: 978-3-319-72358-7

Electronic ISBN: 978-3-319-72359-4

Copyright-Jahr: 2017
DOI: https://doi.org/10.1007/978-3-319-72359-4_1

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"