An eclipse attack is a network-level attack on a blockchain, where an attacker essentially takes control of the peer-to-peer network, obscuring a node’s view of the blockchain.
In a new paper titled “Low-Resource Eclipse Attacks on Ethereum’s Peer-to-Peer Network,” Sharon Goldberg, an associate professor at Boston University; Ethan Heilman, a Ph.D. candidate at Boston University; and Yuval Marcus, a researcher at the University of Pittsburgh, describe a way to carry out an eclipse attack on the Ethereum network.
(The researchers disclosed their attacks to Ethereum on January 9, 2018, and Ethereum developers have already issued a patch — Geth v1.8.1 — to fix the network.)
In speaking with Bitcoin Magazine, Goldberg explained the research, how it compares to Bitcoin eclipse attacks and why she thinks the work is important.
First, she emphasized that working with Ethereum developers to fix the vulnerability was a smooth process. “It was a very functional, easy disclosure,” she said.
In an email to Bitcoin Magazine, Martin Holst Swende, security lead at Ethereum Foundation — the nonprofit that oversees the development of Ethereum — explained that the recent Geth patch contains several modifications to the peer-to-peer layer and does not affect consensus-critical code. Users need not be concerned because “an eclipse-attack is a targeted attack against a specific victim,” he wrote, adding, “Nevertheless, we recommend all users to upgrade to 1.8.1.”
Splitting the Network
As in Bitcoin, a node on the Ethereum network relies on connections to its peers to get a full view of the network. In an eclipse attack, an attacker takes control of all the connections going to and from a targeted victim’s node. This way, an attacker prevents that victim from obtaining full information about other parts of the network.
People often think of an eclipse attack as a way to co-opt the mining power of the network around consensus, but an eclipse attack is particularly useful in a double-spend attack. A payee can send coins for a transaction and use the eclipse attack to prevent the receiver from learning that those same coins were used in another transaction in another part of the network.
Goldberg and Heilman, along with two other researchers, published the first paper on eclipse attacks on the Bitcoin network three years ago. Working with a new intern (Marcus), they wanted to explore the same type of attacks on Ethereum. “We were curious how it compared to Bitcoin,” Goldberg said.
Goldberg described launching an eclipse attack on Ethereum as “totally different” to launching one on Bitcoin. To pull off an eclipse attack on Bitcoin, an adversary needs to control a large number of IP addresses (machines) to monopolize the connections going to and from a victim’s node. This makes it a very costly attack in Bitcoin.
In contrast, researchers were able to launch similar attacks in Ethereum using just one or two machines, making eclipse attacks on Ethereum a lot stronger than those on Bitcoin. “That part surprised me a little bit,” she said.
So how big of a deal is this? “It is hard to know,” Goldberg said in explaining that what keeps the bar high in launching this type of attack in Ethereum is not the difficulty of the attack but rather the lack of understanding around how the Ethereum peer-to-peer network works. As Goldberg noted, the Ethereum network is “largely undocumented.”
Just as in the earlier work on the Bitcoin network, in working on Ethereum, the researchers had to reverse engineer the protocol based on the code and write their own parsers from packets, so everything was done from scratch. “It is difficult to do that work, and it takes a while,” said Goldberg.
At first glance, Ethereum appears to be more resilient to eclipse attacks. While Bitcoin nodes make only eight outgoing TCP connections to form the gossip network that propagates transactions and blocks, Ethereum nodes make 13. And while Ethereum’s peer-to-peer network uses a secure encrypted channel, Bitcoin’s network does not.
But, as it turns out, Ethereum was actually easier to attack mainly because while Bitcoin relies on an unstructured network where nodes form random connections with each other, Ethereum relies on a structured network based on a protocol called Kademlia, which is designed to allow nodes to connect to other nodes more efficiently.
Nodes in Ethereum’s peer-to-peer network are identified by their public key. Remarkably, Ethereum versions (prior to Geth v1.8.1) allowed a user to run an unlimited number of nodes, each with a different public key, from the same machine with the same IP address.
By using a key generation algorithm, an attacker could create an unlimited number of node IDs (identifiers on the peer-to-peer network) very quickly. Worse, an attacker could even create node IDs in a way that made them more attractive to the victim than a random node ID, basically drawing the victim to them.
“You see that a lot in Kademlia attacks,” said Goldberg.
More Work Ahead
Goldberg says she is not clear why Ethereum chose a Kademlia network in the first place. A structured peer-to-peer network is generally used to take some content, like a movie, break it into pieces and send those pieces to different peers and download pieces from each peer, similar to how BitTorrent, a peer-to-peer file sharing protocol, works.
But on Ethereum, the content is the Ethereum blockchain, and nodes store the entire blockchain locally. There is no requirement to break the blockchain up and have each node store only a few pieces of it. “I think it was an interesting design decision because I always think that an unstructured network would be safer for a blockchain system,” Goldberg said.
Goldberg indicated she would like to see more researchers dig down into the guts of the blockchain to get a better understanding how the “less sexy” parts work.
“We build sophisticated systems on top of this infrastructure and it is important people make sure that the infrastructure itself is secure,” she said.
Researchers like Goldberg, Heilman and Marcus play an important role in the Ethereum ecosystem. The researchers submitted their finding via Ethereum’s bug bounty program, a program that rewards individuals for submitting bugs.
“Goldberg et. al. have responsibly shared the paper with us prior to public release and have graciously been of assistance evaluating the patches to Geth,” Ethereum Foundation’s Holst Swende confirmed.