Risk of asynchronous protocol update

attacks to Monero protocols

Dimaz Ankaa Wijaya, Joseph K. Liu, Ron Steinfeld, Dongxi Liu

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

Abstract

In a cryptocurrency system, the protocol incorporated in the node application runs without human intervention. Cryptographic techniques are implemented to determine the ownership of the coins; they enable the owners to transfer the ownership of the coins to other users. Consensus protocols are employed to determine the source of the truth of the information contained in the public ledger called blockchain. When the protocol needs to be updated, all nodes need to replace the application with the newest release. We explore an event where an asynchronous protocol update opens a vulnerability in Monero nodes which have not yet updated to the newest software version. We show that a Denial of Service attack can be launched against the nodes running the outdated protocol, where the attack significantly reduces the system’ performance. We also show that an attacker, given a sufficient access to cryptocurrency services, is able to utilise the Denial of Service attack to launch a traceability attack.

Original languageEnglish
Title of host publicationInformation Security and Privacy
Subtitle of host publication24th Australasian Conference, ACISP 2019 Christchurch, New Zealand, July 3–5, 2019 Proceedings
EditorsJulian Jang-Jaccard, Fuchun Guo
Place of PublicationCham Switzerland
PublisherSpringer
Pages307-321
Number of pages15
ISBN (Electronic)9783030215484
ISBN (Print)9783030215477
DOIs
Publication statusPublished - 2019
EventAustralasian Conference on Information Security and Privacy 2019 - Christchurch, New Zealand
Duration: 3 Jul 20195 Jul 2019
Conference number: 24th
https://acisp19.canterbury.ac.nz/

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume11547
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceAustralasian Conference on Information Security and Privacy 2019
Abbreviated titleACISP 2019
CountryNew Zealand
CityChristchurch
Period3/07/195/07/19
Internet address

Keywords

  • Denial of Service
  • Monero
  • Traceability
  • Transaction pool

Cite this

Wijaya, D. A., Liu, J. K., Steinfeld, R., & Liu, D. (2019). Risk of asynchronous protocol update: attacks to Monero protocols. In J. Jang-Jaccard, & F. Guo (Eds.), Information Security and Privacy: 24th Australasian Conference, ACISP 2019 Christchurch, New Zealand, July 3–5, 2019 Proceedings (pp. 307-321). (Lecture Notes in Computer Science ; Vol. 11547 ). Cham Switzerland: Springer. https://doi.org/10.1007/978-3-030-21548-4_17
Wijaya, Dimaz Ankaa ; Liu, Joseph K. ; Steinfeld, Ron ; Liu, Dongxi. / Risk of asynchronous protocol update : attacks to Monero protocols. Information Security and Privacy: 24th Australasian Conference, ACISP 2019 Christchurch, New Zealand, July 3–5, 2019 Proceedings. editor / Julian Jang-Jaccard ; Fuchun Guo. Cham Switzerland : Springer, 2019. pp. 307-321 (Lecture Notes in Computer Science ).
@inproceedings{40e38842e4f049bd83045cdb1a2e7b9f,
title = "Risk of asynchronous protocol update: attacks to Monero protocols",
abstract = "In a cryptocurrency system, the protocol incorporated in the node application runs without human intervention. Cryptographic techniques are implemented to determine the ownership of the coins; they enable the owners to transfer the ownership of the coins to other users. Consensus protocols are employed to determine the source of the truth of the information contained in the public ledger called blockchain. When the protocol needs to be updated, all nodes need to replace the application with the newest release. We explore an event where an asynchronous protocol update opens a vulnerability in Monero nodes which have not yet updated to the newest software version. We show that a Denial of Service attack can be launched against the nodes running the outdated protocol, where the attack significantly reduces the system’ performance. We also show that an attacker, given a sufficient access to cryptocurrency services, is able to utilise the Denial of Service attack to launch a traceability attack.",
keywords = "Denial of Service, Monero, Traceability, Transaction pool",
author = "Wijaya, {Dimaz Ankaa} and Liu, {Joseph K.} and Ron Steinfeld and Dongxi Liu",
year = "2019",
doi = "10.1007/978-3-030-21548-4_17",
language = "English",
isbn = "9783030215477",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "307--321",
editor = "Julian Jang-Jaccard and Fuchun Guo",
booktitle = "Information Security and Privacy",

}

Wijaya, DA, Liu, JK, Steinfeld, R & Liu, D 2019, Risk of asynchronous protocol update: attacks to Monero protocols. in J Jang-Jaccard & F Guo (eds), Information Security and Privacy: 24th Australasian Conference, ACISP 2019 Christchurch, New Zealand, July 3–5, 2019 Proceedings. Lecture Notes in Computer Science , vol. 11547 , Springer, Cham Switzerland, pp. 307-321, Australasian Conference on Information Security and Privacy 2019, Christchurch, New Zealand, 3/07/19. https://doi.org/10.1007/978-3-030-21548-4_17

Risk of asynchronous protocol update : attacks to Monero protocols. / Wijaya, Dimaz Ankaa; Liu, Joseph K.; Steinfeld, Ron; Liu, Dongxi.

Information Security and Privacy: 24th Australasian Conference, ACISP 2019 Christchurch, New Zealand, July 3–5, 2019 Proceedings. ed. / Julian Jang-Jaccard; Fuchun Guo. Cham Switzerland : Springer, 2019. p. 307-321 (Lecture Notes in Computer Science ; Vol. 11547 ).

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

TY - GEN

T1 - Risk of asynchronous protocol update

T2 - attacks to Monero protocols

AU - Wijaya, Dimaz Ankaa

AU - Liu, Joseph K.

AU - Steinfeld, Ron

AU - Liu, Dongxi

PY - 2019

Y1 - 2019

N2 - In a cryptocurrency system, the protocol incorporated in the node application runs without human intervention. Cryptographic techniques are implemented to determine the ownership of the coins; they enable the owners to transfer the ownership of the coins to other users. Consensus protocols are employed to determine the source of the truth of the information contained in the public ledger called blockchain. When the protocol needs to be updated, all nodes need to replace the application with the newest release. We explore an event where an asynchronous protocol update opens a vulnerability in Monero nodes which have not yet updated to the newest software version. We show that a Denial of Service attack can be launched against the nodes running the outdated protocol, where the attack significantly reduces the system’ performance. We also show that an attacker, given a sufficient access to cryptocurrency services, is able to utilise the Denial of Service attack to launch a traceability attack.

AB - In a cryptocurrency system, the protocol incorporated in the node application runs without human intervention. Cryptographic techniques are implemented to determine the ownership of the coins; they enable the owners to transfer the ownership of the coins to other users. Consensus protocols are employed to determine the source of the truth of the information contained in the public ledger called blockchain. When the protocol needs to be updated, all nodes need to replace the application with the newest release. We explore an event where an asynchronous protocol update opens a vulnerability in Monero nodes which have not yet updated to the newest software version. We show that a Denial of Service attack can be launched against the nodes running the outdated protocol, where the attack significantly reduces the system’ performance. We also show that an attacker, given a sufficient access to cryptocurrency services, is able to utilise the Denial of Service attack to launch a traceability attack.

KW - Denial of Service

KW - Monero

KW - Traceability

KW - Transaction pool

UR - http://www.scopus.com/inward/record.url?scp=85068672569&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-21548-4_17

DO - 10.1007/978-3-030-21548-4_17

M3 - Conference Paper

SN - 9783030215477

T3 - Lecture Notes in Computer Science

SP - 307

EP - 321

BT - Information Security and Privacy

A2 - Jang-Jaccard, Julian

A2 - Guo, Fuchun

PB - Springer

CY - Cham Switzerland

ER -

Wijaya DA, Liu JK, Steinfeld R, Liu D. Risk of asynchronous protocol update: attacks to Monero protocols. In Jang-Jaccard J, Guo F, editors, Information Security and Privacy: 24th Australasian Conference, ACISP 2019 Christchurch, New Zealand, July 3–5, 2019 Proceedings. Cham Switzerland: Springer. 2019. p. 307-321. (Lecture Notes in Computer Science ). https://doi.org/10.1007/978-3-030-21548-4_17