通信学报 ›› 2021, Vol. 42 ›› Issue (1): 151-162.doi: 10.11959/j.issn.1000-436x.2021035
所属专题: 区块链
江沛佩1,2, 王骞1,2, 陈艳姣3, 李琦4,5, 沈超6
修回日期:
2020-10-21
出版日期:
2021-01-25
发布日期:
2021-01-01
作者简介:
江沛佩(1997- ),女,湖北武汉人,武汉大学博士生,主要研究方向为应用密码学、网络安全等。基金资助:
Peipei JIANG1,2, Qian WANG1,2, Yanjiao CHEN3, Qi LI4,5, Chao SHEN6
Revised:
2020-10-21
Online:
2021-01-25
Published:
2021-01-01
Supported by:
摘要:
随着区块链技术的迅猛发展,区块链系统的安全问题正逐渐暴露出来,给区块链生态系统带来巨大风险。通过回顾区块链安全方面的相关工作,对区块链潜在的安全问题进行了系统的研究。将区块链框架分为数据层、网络层、共识层和应用层4层,分析其中的安全漏洞及攻击原理,并讨论了增强区块链安全的防御方案。最后,在现有研究的基础上展望了区块链安全领域的未来研究方向和发展趋势。
中图分类号:
江沛佩, 王骞, 陈艳姣, 李琦, 沈超. 区块链网络安全保障:攻击与防御[J]. 通信学报, 2021, 42(1): 151-162.
Peipei JIANG, Qian WANG, Yanjiao CHEN, Qi LI, Chao SHEN. Securing guarantee of the blockchain network:attacks and countermeasures[J]. Journal on Communications, 2021, 42(1): 151-162.
表1
区块链安全威胁和防御方法"
安全问题 | 威胁和攻击 | 描述 | 负面影响 | 防御方法 | 层次 |
区块链状态不一致性 | 蓄意分叉 | 有意地分叉合法链,并在其上进行交易 | 双重支付,交易反转 | 集体签名 Rapid ChainChainSpace | 数据结构层 |
密码系统漏洞 | 用户私钥泄露 | 分析密码系统漏洞,推测用户私钥 | 财产损失 | 加强密码系统安全性 | |
网络基础设施漏洞 | 路由攻击 | 隔离部分网络或时延块传播 | 采矿资源浪费,双重支付 | 增加节点连接的多样性,加密通信 | 网络层 |
再中心化 | 51%攻击、双花攻击、网络分区 | 攻击者控制网络中大量算力 | 财产损失,交易审查,区块链系统损坏 | SmartPoolProof-of-Personhood | 共识层 |
矿池竞争 | 自私挖矿 | 选择性地传播被挖掘的块来使其他诚实矿工的块失效 | 采矿资源浪费 | 共识层 | |
BWH | 发送PPoW,而不发送FPoW | 采矿资源浪费 | 更新Beacon值,联合费用 | ||
FAW | 自私挖矿和BWH的结合 | 恶意分叉 | |||
支付通道的安全漏洞 | 交易跟踪 | 通过相同通道的关联跟踪交易 | 信息泄露 | BOLT | 应用层 |
支付中止 | 通道容量不足导致的交易中止 | 信息泄露 | Fulgor、Rayo | ||
虫洞攻击 | 窃取合法矿工的报酬 | 财产损失 | AMHL | ||
匿名货币交易隐私泄露 | 交易指纹识别 | 分析比特币交易中数额、节点输入输出数量,追踪交易 | 信息泄露 | 减少交易信息泄露 | 应用层 |
侧信道攻击 | 通过时间信息推断交易发出者和接受者的身份 | 信息泄露 | 使用无时间差别加密算法 | ||
智能合约漏洞 | 重入攻击 | 在智能合约能终止前重新进入函数 | 财产损失,不公平挖矿 | 正式认证 | 应用层 |
符号化执行 | |||||
运行时间监测 |
[1] | NAKAMOTO S . Bitcoin:a peer-to-peer electronic cash system[R]. Manubot, 2019-11-20. |
[2] | PAXFUL PRESS. Paxful celebrates its 5th year — Reveals hitting$4.6 billion USD in volume and reaching 4.5 million registered wallets[EB/OL]. , 2020-07-14. |
[3] | IBM. Rewire your industry with IBM Blockchain[EB/OL]. , 2020. |
[4] | 余春堂, 韩志耕, 李致远 ,等. 基于区块链的众包物流分级多层智能服务交易监管架构[J]. 网络与信息安全学报, 2020,6(3): 50-58. |
YU C T , HAN Z G , LI Z Y ,et al. Blockchain-based hierarchical and multi-level smart service transaction supervision framework for crowdsourcing logistics[J]. Chinese Journal of Network and Information Security, 2020,6(3): 50-58. | |
[5] | GOGO J . European Bitcoin exchange hacked for $1.4 million,claims it cannot afford to repay users[EB/OL]. , 2020-08-04. |
[6] | HAIG S . 51% attack bleeds more than $5M from Ethereum classic[EB/OL]. , 2020-08-06. |
[7] | 袁勇, 王飞跃 . 区块链技术发展现状与展望[J]. 自动化学报, 2016,42(4): 481-494. |
YUAN Y , WANG F Y . Blockchain:the state of the art and future trends[J]. Acta Automatica Sinica, 2016,42(4): 481-494. | |
[8] | 祝烈煌, 高峰, 沈蒙 ,等. 区块链隐私保护研究综述[J]. 计算机研究与发展, 2017,54(10): 2170-2186. |
ZHU L H , GAO F , SHEN M ,et al. Survey on privacy preserving techniques for blockchain technology[J]. Journal of Computer Research and Development, 2017,54(10): 2170-2186. | |
[9] | 韩璇, 袁勇, 王飞跃 . 区块链安全问题:研究现状与展望[J]. 自动化学报, 2019,45(1): 206-225. |
HAN X , YUAN Y , WANG F Y . Security problems on blockchain:the state of the art and future trends[J]. Acta Automatica Sinica, 2019,45(1): 206-225. | |
[10] | 斯雪明, 徐蜜雪, 苑超 . 区块链安全研究综述[J]. 密码学报, 2018,5(5): 8-19. |
SI X M , XU M X , YUAN C . Survey on security of blockchain[J]. Journal of Cryptologic Research, 2018,5(5): 8-19. | |
[11] | KOGIAS E K , JOVANOVIC P , GAILLY N ,et al. Enhancing Bitcoin security and performance with strong consistency via collective signing[C]// 25th USENIX Security Symposium. Berkeley:USENIX Association, 2016: 279-296. |
[12] | ALANGOT B , SURESH M , RAJ A S ,et al. Reliable collective cosigning to scale blockchain with strong consistency[C]// Workshop on Decentralized IoT Security and Standards,co-located with Proceedings of the Network and Distributed System Security Symposium. Reston:Internet Society, 2018. |
[13] | ZAMANI M , MOVAHEDI M , RAYKOVA M . Rapidchain:scaling blockchain via full sharding[C]// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2018: 931-948. |
[14] | AL-BASSAM M , SONNINO A , BANO S ,et al. Chainspace:a sharded smart contracts platform[C]// 25th Annual Network and Distributed System Security Symposium. Reston:Internet Society, 2018: 1-6. |
[15] | COURTOIS N T , VALSORDA F , EMIRDAG P . Private key recovery combination attacks:on extreme fragility of popular bitcoin key management,wallet and cold storage solutions in presence of poor RNG events[J]. IACR Cryptol.ePrint Arch, 2014(2014): 848. |
[16] | BRENGEL M , ROSSOW C . Identifying key leakage of bitcoin users[C]// International Symposium on Research in Attacks,Intrusions,and Defenses. Berlin:Springer, 2018: 623-643. |
[17] | APOSTOLAKI M , ZOHAR A , VANBEVER L . Hijacking bitcoin:routing attacks on cryptocurrencies[C]// 2017 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2017: 375-392. |
[18] | LUU L , VELNER Y , TEUTSCH J ,et al. Smartpool:practical decentralized pooled mining[C]// 26th USENIX Security Symposium. Berkeley:USENIX Association, 2017: 1409-1426. |
[19] | BORGE M , KOKORIS-KOGIAS E , JOVANOVIC P ,et al. Proof-of-personhood:redemocratizing permissionless cryptocurrencies[C]// 2017 IEEE European Symposium on Security and Privacy Workshops. Piscataway:IEEE Press, 2017: 23-26. |
[20] | EYAL I , SIRER E G . Majority is not enough:Bitcoin mining is vulnerable[C]// International Conference on Financial Cryptography and Data Security. Berlin:Springer, 2014: 436-454. |
[21] | EYAL I , . The miner’s dilemma[C]// 2015 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2015: 89-103. |
[22] | KWON Y , KIM D , SON Y ,et al. Be selfish and avoid dilemmas:Fork after withholding (FAW) attacks on bitcoin[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2017: 195-209. |
[23] | BUTERIN V . A next-generation smart contract and decentralized application platform[R/OL]. White Paper, 2014. |
[24] | GREEN M , MIERS I . Bolt:anonymous payment channels for decentralized currencies[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2017: 473-489. |
[25] | MALAVOLTA G , MORENO-SANCHEZ P , KATE A ,et al. Concurrency and privacy with payment-channel networks[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2017: 455-471. |
[26] | MALAVOLTA G , MORENO-SANCHEZ P , SCHNEIDEWIND C ,et al. Anonymous multi-hop locks for blockchain scalability and interoperability[C]// 26th Annual Network and Distributed System Security Symposium. Reston:Internet Society, 2019: 1-6. |
[27] | KALRA S , GOEL S , DHAWAN M ,et al. ZEUS:analyzing safety of smart contracts[C]// 25th Annual Network and Distributed System Security Symposium. Reston:Internet Society, 2018: 1-15. |
[28] | KRUPP J , ROSSOW C . TEETHER:Gnawing at Ethereum to automatically exploit smart contracts[C]// 27th USENIX Security Symposium. Berkeley:USENIX Association, 2018: 1317-1333. |
[29] | RODLER M , LI W , KARAME G O ,et al. Sereum:protecting existing smart contracts against re-entrancy attacks[C]// 27th Annual Network and Distributed System Security Symposium. Reston:Internet Society, 2020: 1-15. |
[30] | ZHANG M , ZHANG X , ZHANG Y ,et al. TXSPECTOR:Uncovering attacks in Ethereum from transactions[C]// 29th USENIX Security Symposium. Berkeley:USENIX Association, 2020: 2775-2792. |
[31] | KAPPOS G , YOUSAF H , MALLER M ,et al. An empirical analysis of anonymity in Zcash[C]// 27th USENIX Security Symposium. Berkeley:USENIX Association, 2018: 463-477. |
[32] | BIRYUKOV A , FEHER D , VITTO G . Privacy aspects and subliminal channels in Zcash[C]// Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2019: 1813-1830. |
[33] | TRAMèR F , BONEH D , PATERSON K G . Remote side-channel attacks on anonymous transactions[C]// 29th USENIX Security Symposium. Berkeley:USENIX Association, 2020: 2379-2756. |
[34] | DECKER C , WATTENHOFER R . A fast and scalable payment network with bitcoin duplex micropayment channels[C]// Symposium on Self-Stabilizing Systems. Berlin:Springer, 2015: 3-18. |
[35] | POON J , DRYJA T . The Bitcoin lightning network:scalable off-chain instant payments[R/OL]. Bitcoinlightning.com, 2016-01-14. |
[36] | DUFFIELD E , DIAZ D . Dash:a payments-focused cryptocurrency[R/OL]. White Paper,GitHub, 2015. |
[37] | HOPWOOD D , BOWE S , HORNBY T ,et al. Zcash protocol specification[R/OL]. White Paper,GitHub, 2020-01-15. |
[38] | M?SER M , SOSKA K , HEILMAN E ,et al. An empirical analysis of traceability in the Monero blockchain[J]. Proceedings on Privacy Enhancing Technologies, 2018,2018(3): 143-163. |
[39] | BITANSKY N , CANETTI R , CHIESA A ,et al. From extractable collision resistance to succinct non-interactive arguments of knowledge,and back again[C]// Proceedings of the 3rd Innovations in Theoretical Computer Science Conference. New York:ACM Press, 2012: 326-349. |
[40] | RIVEST R L , SHAMIR A , TAUMAN Y . How to leak a secret[C]// International Conference on the Theory and Application of Cryptology and Information Security. Berlin:Springer, 2001: 552-565. |
[41] | ROSENFELD M . Analysis of hashrate-based double spending[J]. arXiv Preprint,arXiv:1402.2009, 2019. |
[42] | KARAME G O , ANDROULAKI E , CAPKUN S . Double-spending fast payments in Bitcoin[C]// Proceedings of the 2012 ACM Conference on Computer and Communications Security. New York:ACM Press, 2012: 906-917. |
[43] | WUILLE P . BIP32:Hierarchical deterministic wallets[R/OL]. Bitcoin Improvement Proposal, 2012-02-11. |
[44] | BREITNER J , HENINGER N . Biased nonce sense:Lattice attacks against weak ECDSA signatures in cryptocurrencies[C]// International Conference on Financial Cryptography and Data Security. Berlin:Springer, 2019: 3-20. |
[45] | BREITNER J , HENINGER N . Biased nonce sense:lattice attacks against weak ECDSA signatures in cryptocurrencies[C]// International Conference on Financial Cryptography and Data Security. Berlin:Springer, 2019: 3-20. |
[46] | REKHTER Y , LI T , HARES S . RFC 1771:a border gateway protocol 4 (BGP-4)[R/OL]. IETF RFC 1771. 1995-03. |
[47] | VASEK M , THORNTON M , MOORE T . Empirical analysis of denial-of-service attacks in the Bitcoin ecosystem[C]// International Conference on Financial Cryptography and Data Security. Berlin:Springer, 2014: 57-71. |
[48] | JOHNSON B , LASZKA A , GROSSKLAGS J ,et al. Game-theoretic analysis of DDoS attacks against Bitcoin mining pools[C]// International Conference on Financial Cryptography and Data Security. Berlin:Springer, 2014: 72-86. |
[49] | DOUCEUR J R , . The sybil attack[C]// International Workshop on Peer-to-Peer Systems. Berkeley:USENIX Association, 2002: 251-260. |
[50] | GAO S , LI Z , PENG Z ,et al. Power adjusting and bribery racing:Novel mining attacks in the bitcoin system[C]// Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2019: 833-850. |
[51] | LUU L , NARAYANAN V , ZHENG C ,et al. A secure sharding protocol for open blockchains[C]// Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2016: 17-30. |
[52] | LUU L , CHU D H , OLICKEL H ,et al. Making smart contracts smarter[C]// Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2016: 254-269. |
[53] | FINLEY K . A $50 million hack just showed that the DAO was all too human[EB/OL]. , 2012-06-18. |
[54] | SYTA E , TAMAS I , VISHER D ,et al. Keeping authorities “honest or bust” with decentralized witness cosigning[C]// 2016 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2016: 526-545. |
[55] | SCHNORR C P , . Efficient identification and signatures for smart cards[C]// Conference on the Theory and Application of Cryptology. Berlin:Springer, 1989: 239-252. |
[56] | INAMURA M , IWAMURA K , WATANABE R ,et al. A new tree-structure-specified multi-signature scheme for a document circulation system[C]// Proceedings of the International Conference on Security and Cryptography. Piscataway:IEEE Press, 2011: 362-369. |
[57] | CORBETT J C , DEAN J , EPSTEIN M ,et al. Spanner:Google’s globally distributed database[J]. ACM Transactions on Computer Systems, 2013,31(3): 1-22. |
[58] | GILAD Y , HEMO R , MICALI S ,et al. ALGORAND:scaling byzantine agreements for cryptocurrencies[C]// Proceedings of the 26th Symposium on Operating Systems Principles. New York:ACM Press, 2017: 51-68. |
[59] | KOKORIS-KOGIAS E , JOVANOVIC P , GASSER L ,et al. Omniledger:a secure,scale-out,decentralized ledger via sharding[C]// 2018 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2018: 583-598. |
[60] | 赖英旭, 薄尊旭, 刘静 . 基于改进PBFT算法防御区块链中sybil攻击的研究[J]. 通信学报, 2020,41(9): 104-117. |
LAI Y X , BO Z X , LIU J . Research on sybil attack in defense blockchain based on improved PBFT algorithm[J]. Journal on Communications, 2020,41(9): 104-117. | |
[61] | WANG J , WANG H . Monoxide:Scale out blockchains with asynchronous consensus zones[C]// 16th USENIX Symposium on Networked Systems Design and Implementation. Berkeley:USENIX Association, 2019: 95-112. |
[62] | GUTOSKI G , STEBILA D . Hierarchical deterministic bitcoin wallets that tolerate key leakage[C]// International Conference on Financial Cryptography and Data Security. Berlin:Springer, 2015: 497-504. |
[63] | FAN C I , TSENG Y F , SU H P ,et al. Secure hierarchical Bitcoin wallet scheme against privilege escalation attacks[J]. International Journal of Information Security, 2020,19(3): 245-255. |
[64] | SCHNELLI J . BIP 151:peer-to-peer communication encryption[R/OL]. Bitcoin Improvement Proposal, 2016-03-23. |
[65] | 叶聪聪, 李国强, 蔡鸿明 ,等. 区块链的安全检测模型[J]. 软件学报, 2018,29(5): 1348-1359. |
YE C C , LI G Q , CAI H M ,et al. Security detection model of blockchain[J]. Journal of Software, 2018,29(5): 1348-1359. | |
[66] | DANNEN C . Introducing Ethereum and solidity[M]. Berkeley: Apress, 2017. |
[1] | 马鑫迪, 李清华, 姜奇, 马卓, 高胜, 田有亮, 马建峰. 面向Non-IID数据的拜占庭鲁棒联邦学习[J]. 通信学报, 2023, 44(6): 138-153. |
[2] | 冯涛, 陈李秋, 方君丽, 石建明. 基于本地化差分隐私和属性基可搜索加密的区块链数据共享方案[J]. 通信学报, 2023, 44(5): 224-233. |
[3] | 夏莹杰, 朱思雨, 刘雪娇. 区块链架构下具有条件隐私的车辆编队跨信任域高效群组认证研究[J]. 通信学报, 2023, 44(4): 111-123. |
[4] | 胡柏吉, 张晓娟, 李元诚, 赖荣鑫. 支持多功能的V2G网络隐私保护数据聚合方案[J]. 通信学报, 2023, 44(4): 187-200. |
[5] | 徐明, 张保俊, 伍益明, 应晨铎, 郑宁. 面向网络攻击和隐私保护的多智能体系统分布式共识算法[J]. 通信学报, 2023, 44(3): 117-127. |
[6] | 余晟兴, 陈钟. 基于同态加密的高效安全联邦学习聚合框架[J]. 通信学报, 2023, 44(1): 14-28. |
[7] | 杨亚涛, 刘德莉, 刘培鹤, 曾萍, 肖嵩. BFV-Blockchainvoting:支持BFV全同态加密的区块链电子投票系统[J]. 通信学报, 2022, 43(9): 100-111. |
[8] | 张学旺, 黎志鸿, 林金朝. 基于公平盲签名和分级加密的联盟链隐私保护方案[J]. 通信学报, 2022, 43(8): 131-141. |
[9] | 王继锋, 王国峰. 边缘计算模式下密文搜索与共享技术研究[J]. 通信学报, 2022, 43(4): 227-238. |
[10] | 封化民, 史瑞, 袁峰, 李艳俊, 杨旸. 高效的强隐私保护和可转让的属性票据方案[J]. 通信学报, 2022, 43(3): 63-75. |
[11] | 于海宁, 张宏莉, 余翔湛, 曲家兴, 葛蒙蒙. 隐私保护的轨迹相似度计算方法[J]. 通信学报, 2022, 43(11): 1-13. |
[12] | 彭滔, 钟文韬, 王国军, 罗恩韬, 熊金波, 刘忆宁, Hao Wang. 移动社交网络中面向隐私保护的精确好友匹配[J]. 通信学报, 2022, 43(11): 90-103. |
[13] | 史瑞, 封化民, 谢惠琴, 史国振, 刘飚, 杨旸. 基于带智能卡的移动终端实现的隐私保护的属性票据方案[J]. 通信学报, 2022, 43(10): 26-41. |
[14] | 熊金波, 周永洁, 毕仁万, 万良, 田有亮. 边缘协同的轻量级隐私保护分类框架[J]. 通信学报, 2022, 43(1): 127-137. |
[15] | 张红霞, 王琪, 王登岳, 王奔. 基于深度学习的区块链蜜罐陷阱合约检测[J]. 通信学报, 2022, 43(1): 194-202. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|