Tikuna: An Ethereum Blockchain Network Security Monitoring System

Blockchain security is becoming increasingly relevant in today's cyberspace as it extends its influence in many industries. This paper focuses on protecting the lowest level layer in the blockchain, particularly the P2P network that allows the nodes to communicate and share information. The P2P network layer may be vulnerable to several families of attacks, such as Distributed Denial of Service (DDoS), eclipse attacks, or Sybil attacks. This layer is prone to threats inherited from traditional P2P networks, and it must be analyzed and understood by collecting data and extracting insights from the network behavior to reduce those risks. We introduce Tikuna, an open-source tool for monitoring and detecting potential attacks on the Ethereum blockchain P2P network, at an early stage. Tikuna employs an unsupervised Long Short-Term Memory (LSTM) method based on Recurrent Neural Network (RNN) to detect attacks and alert users. Empirical results indicate that the proposed approach significantly improves detection performance, with the ability to detect and classify attacks, including eclipse attacks, Covert Flash attacks, and others that target the Ethereum blockchain P2P network layer, with high accuracy. Our research findings demonstrate that Tikuna is a valuable security tool for assisting operators to efficiently monitor and safeguard the status of Ethereum validators and the wider P2P networkComment: 15 pages, 2 figures, submitted to ISPEC 2023 Conferenc

Beyond the Hype: On Using Blockchains in Trust Management for Authentication

Trust Management (TM) systems for authentication are vital to the security of online interactions, which are ubiquitous in our everyday lives. Various systems, like the Web PKI (X.509) and PGP's Web of Trust are used to manage trust in this setting. In recent years, blockchain technology has been introduced as a panacea to our security problems, including that of authentication, without sufficient reasoning, as to its merits.In this work, we investigate the merits of using open distributed ledgers (ODLs), such as the one implemented by blockchain technology, for securing TM systems for authentication. We formally model such systems, and explore how blockchain can help mitigate attacks against them. After formal argumentation, we conclude that in the context of Trust Management for authentication, blockchain technology, and ODLs in general, can offer considerable advantages compared to previous approaches. Our analysis is, to the best of our knowledge, the first to formally model and argue about the security of TM systems for authentication, based on blockchain technology. To achieve this result, we first provide an abstract model for TM systems for authentication. Then, we show how this model can be conceptually encoded in a blockchain, by expressing it as a series of state transitions. As a next step, we examine five prevalent attacks on TM systems, and provide evidence that blockchain-based solutions can be beneficial to the security of such systems, by mitigating, or completely negating such attacks.Comment: A version of this paper was published in IEEE Trustcom. http://ieeexplore.ieee.org/document/8029486

Contour: A Practical System for Binary Transparency

Transparency is crucial in security-critical applications that rely on authoritative information, as it provides a robust mechanism for holding these authorities accountable for their actions. A number of solutions have emerged in recent years that provide transparency in the setting of certificate issuance, and Bitcoin provides an example of how to enforce transparency in a financial setting. In this work we shift to a new setting, the distribution of software package binaries, and present a system for so-called "binary transparency." Our solution, Contour, uses proactive methods for providing transparency, privacy, and availability, even in the face of persistent man-in-the-middle attacks. We also demonstrate, via benchmarks and a test deployment for the Debian software repository, that Contour is the only system for binary transparency that satisfies the efficiency and coordination requirements that would make it possible to deploy today.Comment: International Workshop on Cryptocurrencies and Blockchain Technology (CBT), 201

On the Activity Privacy of Blockchain for IoT

Security is one of the fundamental challenges in the Internet of Things (IoT) due to the heterogeneity and resource constraints of the IoT devices. Device classification methods are employed to enhance the security of IoT by detecting unregistered devices or traffic patterns. In recent years, blockchain has received tremendous attention as a distributed trustless platform to enhance the security of IoT. Conventional device identification methods are not directly applicable in blockchain-based IoT as network layer packets are not stored in the blockchain. Moreover, the transactions are broadcast and thus have no destination IP address and contain a public key as the user identity, and are stored permanently in blockchain which can be read by any entity in the network. We show that device identification in blockchain introduces privacy risks as the malicious nodes can identify users' activity pattern by analyzing the temporal pattern of their transactions in the blockchain. We study the likelihood of classifying IoT devices by analyzing their information stored in the blockchain, which to the best of our knowledge, is the first work of its kind. We use a smart home as a representative IoT scenario. First, a blockchain is populated according to a real-world smart home traffic dataset. We then apply machine learning algorithms on the data stored in the blockchain to analyze the success rate of device classification, modeling both an informed and a blind attacker. Our results demonstrate success rates over 90\% in classifying devices. We propose three timestamp obfuscation methods, namely combining multiple packets into a single transaction, merging ledgers of multiple devices, and randomly delaying transactions, to reduce the success rate in classifying devices. The proposed timestamp obfuscation methods can reduce the classification success rates to as low as 20%