Abstract

Blockchains enable secure asset exchange in a distributed system, thereby facilitating innovative applications such as cryptocurrencies and smart contracts. Although the cryptographic constructs of blockchains are highly secure, however, their practical deployments are vulnerable to various attacks due to their application-specific policies, and their peer-to-peer (P2P) network intricacies. In this work, we take a top-down approach towards exploring those attacks, starting with the application-specific abuse of blockchain-based cryptocurrencies and concluding with the network conditions that violate the blockchain consistency. In the top-down approach, we first analyze the application-specific abuse of blockchain-based cryptocurrencies by uncovering (1) covert cryptocurrency mining in the web browsers, and (2) artificially inflating the transaction fee by attacking the blockchain memory pools. For both attacks, we show how the application policies are exploited to affect benign users. After exploring the application-specific attacks, we proceed towards a systematic analysis of inconsistencies in the blockchain P2P network. For this analysis, we focus on Bitcoin which is the most dominant blockchain system. Our analysis reveals that the biased distribution of resources in the Bitcoin network can be exploited to launch various partitioning attacks. Furthermore, through a root cause analysis, we discover that (1) the Bitcoin network is asynchronous in the real world, and (2) its security model does not embrace the risks associated with network churn. The last two components in the dissertation consolidate our attack surface analysis by analyzing the impact of network asynchrony and network churn on the blockchain consistency property. We conduct theoretical analysis and measurements to show how various network characteristics can be exploited to reduce the cost of launching notable attacks that violate consistency. Our top-down approach uncovers various novel attacks that have not been studied in the prior works. For each attack, we also propose countermeasures to harden the blockchain security.

Notes

If this is your thesis or dissertation, and want to learn how to access it or for more information about readership statistics, contact us at STARS@ucf.edu

Graduation Date

2021

Semester

Spring

Advisor

Mohaisen, David

Degree

Doctor of Philosophy (Ph.D.)

College

College of Engineering and Computer Science

Department

Computer Science

Degree Program

Computer Science

Format

application/pdf

Identifier

CFE0008525; DP0024201

URL

https://purls.library.ucf.edu/go/DP0024201

Language

English

Release Date

May 2021

Length of Campus-only Access

None

Access Status

Doctoral Dissertation (Open Access)

Download

Share

COinS