Blockchains enable secure asset exchange in a distributed system, thereby facilitating innovative applications such as cryptocurrencies and smart contracts. Although the cryptographic constructs of blockchains are highly secure, however, their practical deployments are vulnerable to various attacks due to their application-specific policies, and their peer-to-peer (P2P) network intricacies. In this work, we take a top-down approach towards exploring those attacks, starting with the application-specific abuse of blockchain-based cryptocurrencies and concluding with the network conditions that violate the blockchain consistency. In the top-down approach, we first analyze the application-specific abuse of blockchain-based cryptocurrencies by uncovering (1) covert cryptocurrency mining in the web browsers, and (2) artificially inflating the transaction fee by attacking the blockchain memory pools. For both attacks, we show how the application policies are exploited to affect benign users. After exploring the application-specific attacks, we proceed towards a systematic analysis of inconsistencies in the blockchain P2P network. For this analysis, we focus on Bitcoin which is the most dominant blockchain system. Our analysis reveals that the biased distribution of resources in the Bitcoin network can be exploited to launch various partitioning attacks. Furthermore, through a root cause analysis, we discover that (1) the Bitcoin network is asynchronous in the real world, and (2) its security model does not embrace the risks associated with network churn. The last two components in the dissertation consolidate our attack surface analysis by analyzing the impact of network asynchrony and network churn on the blockchain consistency property. We conduct theoretical analysis and measurements to show how various network characteristics can be exploited to reduce the cost of launching notable attacks that violate consistency. Our top-down approach uncovers various novel attacks that have not been studied in the prior works. For each attack, we also propose countermeasures to harden the blockchain security.
If this is your thesis or dissertation, and want to learn how to access it or for more information about readership statistics, contact us at STARS@ucf.edu.
Doctor of Philosophy (Ph.D.)
College of Engineering and Computer Science
Length of Campus-only Access
Doctoral Dissertation (Open Access)
Saad, Muhammad, "Analyzing the Blockchain Attack Surface: A Top-down Approach" (2021). Electronic Theses and Dissertations, 2020-. 554.