【Author】
Wijaya, Dimaz Ankaa; Liu, Joseph K.; Steinfeld, Ron; Liu, Dongxi
【Source】INFORMATION SECURITY AND PRIVACY, ACISP 2019
【Abstract】In a cryptocurrency system, the protocol incorporated in the node application runs without human intervention. Cryptographic techniques are implemented to determine the ownership of the coins; they enable the owners to transfer the ownership of the coins to other users. Consensus protocols are employed to determine the source of the truth of the information contained in the public ledger called blockchain. When the protocol needs to be updated, all nodes need to replace the application with the newest release. We explore an event where an asynchronous protocol update opens a vulnerability in Monero nodes which have not yet updated to the newest software version. We show that a Denial of Service attack can be launched against the nodes running the outdated protocol, where the attack significantly reduces the system' performance. We also show that an attacker, given a sufficient access to cryptocurrency services, is able to utilise the Denial of Service attack to launch a traceability attack.
【Keywords】Monero; Transaction pool; Traceability; Denial of Service
【标题】不同步更新协议的风险:对Monero协议的攻击
【摘要】在加密货币系统中,节点应用程序中包含的协议在没有人为干预的情况下运行。加密技术用于确定币的所有权;它们使所有者能够将硬币的所有权转移给其他用户。共识协议用于确定公共分类账(称为区块链)中所含信息的真实来源。当需要更新协议时,所有节点都需要用最新版本替换应用程序。我们探讨了异步协议更新在尚未更新到最新软件版本的Monero节点中打开漏洞的事件。我们表明,可以对运行过时协议的节点发起拒绝服务攻击,攻击会显著降低系统的性能。我们还表明,如果攻击者能够充分访问加密货币服务,则能够利用拒绝服务攻击发起可追溯性攻击。
【关键词】门罗币;交易池;可追踪性;拒绝服务攻击(Dos)
评论