区块链中攻击方式的研究

A Survey on Attacking Strategies in Blockchain

随着以数字加密货币为代表的区块链1.0技术和以以太坊为代表的区块链2.0技术的发展,区块链技术的安全性成为了研究热点问题,区块链系统的数据层、网络层、共识层、激励层、合约层与应用层均存在可被攻击者利用的漏洞,本文通过分析比特币、以太坊等平台中常见的攻击方式,提出了全新的区块链中攻击方式的分类方法,本文提出的攻击分类方法体现出不同攻击方式间的差异性与关联性,并从多个角度归纳了各类攻击的特点,最后,本文根据各类攻击特点总结了区块链中攻击方式的预防措施和检测方法,并指出了区块链中攻击问题的未来研究方向.

The blockchain technology is the basis of digital cryptocurrencies like Bitcoin and Ethereum.With the development of blockchain technology,the security of the blockchain technology has been seen as the top priority and been widely concerned by the public.Generally speaking,a blockchain consists of six layers:the data layer,the network layer,the consensus layer,the incentive layer,the contract layer,and the application layer.In recent years,researchers have proposed many attacking strategies in all six layers of the blockchain.The data layer is threatened by exposure of nodes’ identity and disclosure of private data.The network layer,the consensus layer,and the incentive layer face many well-known attacking strategies,including eclipse attack,routing attack,selfish mining,stubborn mining,and block withholding attack.The smart contract layer is threatened by the code vulnerability in smart contracts and is vulnerable to attacks like ‘The Dao’attack.The application layer faces the problems brought by the vulnerability in decentralized applications.There are both correlations and differences among those attacks in the blockchain.For example,selfish mining and block withholding attack relate to the same layers of the blockchain,but there are some significant differences between them.Meanwhile,an effective way to optimize an attack in the blockchain is to combine it with another attack.For instance,selfish mining attack can be combined with block withholding attack,and the combination of selfish mining attack and block withholding attack is named as fork after withholding attack.Analyzing the attacks independently cannot help to reveal the correlations and differences among attacks in the blockchain.In our work,we analyze well-known attacks in the blockchain and propose a novel method to classify attacks in the blockchain.Our attack classification method preserves the correlations and reveals the differences between different attacks in the blockchain.Our attack classification method first classifies attacks into four types:attacks in the data layer,attacks in the network layer,the consensus layer and the incentive layer,attacks in the contract layer,and attacks in the application layer.Attacks in each type can be further classified according to some principles.For example,attacks in the data layer can be further classified according to the attackers’ aim.The attack classification method proposed by our work helps to summarize the characteristics of the attacks.With these characteristics,the preventive measures and detecting measures of each attack can be concluded.For example,some attacks in the network layer,the consensus layer and the incentive layer including selfish mining and block withholding attack can be prevented by designing reasonable parameters of the blockchain.These attacks can also be detected via monitoring the valid computational power in the blockchain system.Some attacks in the contract layer can be prevented by some smart contract security analysis tools such as OYENTE and can be detected via graph analysis of the blockchain network.Our work also points out that optimizing attacking strategies in the blockchain,developing efficient smart contract security analysis tools,and regulating the blockchain through anonymization are three promising fields in blockchain research.