基于以太坊状态数据库的攻击与防御方案

doi:10.11959/j.issn.2096-109x.2022013

Abstract

Abstract:

Ethereum is taken as the representative platform of the second generation of blockchain system.Ethereum can support development of different distributed applications by running smart contracts.Local database is used to store the account state (named world state) for efficient validation of transactions, and the state root is stored in the block header to guarantee the integrity of the state.However, some researches revealed that the local database could be easily tempered with, and attackers can issue illegal transactions based on the modified account state to obtain illegitimate benefits.This world-state based security problem was introduced, and the preconditions for attack were analyzed.Compared with the two common security threats under the PoW (proof of work) consensus, it was found that when the attacker controls the same mining computing power, the world-state based attack brought higher risk, and the success rate approached 100%.In order to deal with this threat, a practical scheme for attack detection and defense was proposed accordingly.The secondary verification and data recovery process were added to the Ethereum source code.The feasibility and complexity of the proposed scheme was evaluated with single-machine multi-threading experiments.The proposed scheme improves Ethereum’s tolerance to malicious tampering of account state, and is applicable to other blockchain platforms applying local database for transaction validation, such as Hyperledger Fabric.In addition, the time and computational overhead brought by the proposed scheme are not prominent, so it has good applicability and induces acceptable impact on the performance of original system.

Key words: Ethereum, world state, state modification, invalid transactions, attack detection, attack defense, fault tolerance to state modification

CLC Number:

TP311.1

Zhen GAO, Dongbin ZHANG, Xiao TIAN. Defense scheme for the world state based attack in Ethereum[J]. Chinese Journal of Network and Information Security, 2022, 8(2): 64-72.

Figures/Tables 9

References 23

[1]	BUTERIN V . Ethereum white paper[J]. GitHub repository, 2013,1: 22-23.
[2]	KEHRLI J . Blockchain 2.0-from bitcoin transactions to smart contract applications[R]. 2016.
[3]	NAKAMOTO S . Bitcoin:a peer-to-peer electronic cash system[R]. Manubot, 2019.
[4]	CHEN T , LI Z H , ZHU Y X ,et al. Understanding Ethereum via graph analysis[J]. ACM Transactions on Internet Technology, 2020,20(2): 1-32.
[5]	WOOD G . Ethereum:a secure decentralized generalized transaction ledger[J]. Ethereum Project Yellow Paper, 2014,151(2014): 1-32.
[6]	BASHIR I . Mastering blockchain[M]. Packt Publishing Ltd, 2017.
[7]	WANG S , OUYANG L W , YUAN Y ,et al. Blockchain-enabled smart contracts:architecture,applications,and future trends[J]. IEEE Transactions on Systems,Man,and Cybernetics:Systems, 2019,49(11): 2266-2277.
[8]	K.O.R.O’reilly,gems protocol[EB].
[9]	NIZAMUDDIN N , SALAH K , AZAD M A ,et al. Decentralized document version control using Ethereum blockchain and IPFS[J]. Computers ＆ Electrical Engineering, 2019,76: 183-197.
[10]	NAWAZ A , PE?A QUERALTA J , GUAN J X ,et al. Edge computing to secure IoT data ownership and trade with the Ethereum blockchain[J]. Sensors, 2020,20(14): 3965.
[11]	EYAL I , SIRER E G . Majority is not enough:bitcoin mining is vulnerable[M]// Financial Cryptography and Data Security. Berlin,Heidelberg: Springer Berlin Heidelberg, 2014: 436-454.
[12]	ROSENFELD M . Analysis of hashrate-based double spending[J]. arXiv preprint arXiv:1402.2009, 2014.
[13]	GAO Z , ZHANG D B , ZHANG J Z . A security problem in small scale private Ethereum network[C]// Proceedings of International Conference on Blockchain and Trustworthy Systems. 2020: 231-242.
[14]	ACH L M , MIHALJEVIC B , ZAGAR M . Comparative analysis of blockchain consensus algorithms[C]// Proceedings of 2018 41st International Convention on Information and Communication Technology,Electronics and Microelectronics (MIPRO). 2018: 1545-1550.
[15]	BISSIAS G , THIBODEAU D , LEVINE B N . Bonded mining:Difficulty adjustment by miner commitment[M]// Data Privacy Management,Cryptocurrencies and Blockchain Technology. Springer,Cham, 2019: 372-390.
[16]	BONNEAU J , MILLER A , CLARK J ,et al. SoK:research perspectives and challenges for bitcoin and cryptocurrencies[C]// Proceedings of 2015 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2015: 104-121.
[17]	WEBER I , GRAMOLI V , PONOMAREV A ,et al. On availability for blockchain-based systems[C]// Proceedings of 2017 IEEE 36th Symposium on Reliable Distributed Systems. 2017: 64-73.
[18]	EZ M , FORNARI G , VARDANEGA T . The scalability challenge of Ethereum:an initial quantitative analysis[C]// Proceedings of 2019 IEEE International Conference on Service-Oriented System Engineering. 2019: 167-176.
[19]	RADBURY D . The problem with bitcoin[J]. Computer Fraud ＆Security, 2013,2013(11): 5-8.
[20]	ENG C , NIU J Y . Selfish mining in ethereum[C]// Proceedings of 2019 IEEE 39th International Conference on Distributed Computing Systems. 2019: 1306-1316.
[21]	ANG J , LEE H N . Profitable double-spending attacks[J]. Applied Sciences, 2020,10(23): 8477.
[22]	AYEED S , MARCO-GISBERT H , . Assessing blockchain consensus and security mechanisms against the 51% attack[J]. Applied Sciences, 2019,9(9): 1788.
[23]	GAO Z , ZHANG D B , ZHANG J Z . A security problem caused by the state database in Hyperledger Fabric[C]// Proceedings of International Conference on Frontiers in Cyber Security. 2020: 361-372.

Metrics

Recommended 0

No Suggested Reading articles found!

类型	参数
CPU	Intel(R) Core(TM) i5-11400 CPU
RAM	16.00 GB
运行系统	Microsoft Windows 10 Home Edition 64-bit
节点个数	3

Defense scheme for the world state based attack in Ethereum

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 9

References 23

Related Articles 5

Metrics

Recommended 0

[1]	Zhao CAI, Tao JING, Shuang REN. Survey on Ethereum phishing detection technology [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 21-32.
[2]	Wenbo ZHANG, Simin CHEN, Lifei WEI, Wei SONG, Dongmei HUANG. State-of-the-art survey of smart contract verification based on formal methods [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 12-28.
[3]	Fan GAO, Jian WANG, Jiqiang LIU. Research on link detection technology based on dynamic browser fingerprint [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 144-156.
[4]	Lijuan LI, Man LI, Hongjun BI, Huachun ZHOU. Multi-type low-rate DDoS attack detection method based on hybrid deep learning [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 73-85.
[5]	Gansen ZHAO,Zhijian XIE,Xinming WANG,Jiahao HE,Chengzhi ZHANG,Chengchuang LIN,ZHOU Ziheng,Bingchuan CHEN,RONG Chunming. ContractGuard:defend Ethereum smart contract with embedded intrusion detection [J]. Chinese Journal of Network and Information Security, 2020, 6(2): 35-55.