Crypto Intro: Denial of Service Attacks
Note: This is Part 4 in the Crypto Intro: Attack series, with Part 3 here. This article was produced for Radix and the original copy can be found here. If you enjoy this article please follow me @flatoutcrypto. I am on holiday this week but will return to a more normal schedule from next Wednesday onwards.
A frequently touted feature of distributed networks is resilience; if one Bitcoin node fails then there are thousands of other nodes left operating to ensure the continuation of the network. However, just like other network implementations, distributed networks are vulnerable to DoS (Denial of Service) attacks.
These attacks are at first glance perhaps not as dangerous as attacks we’ve previously covered, such as Sybil or Double Spend attacks, as they are rarely used to steal funds or alter transaction history (although a DoS attack can be used to weaken the network as a precursor to other attacks). However, they are a constant danger in their own right.
What is a DoS attack on a distributed network?
A DoS attack is an attack on a network or machine that aims to either temporarily or permanently remove the network’s ability to operate. This attack on a distributed permissionless network (permissioned networks can simply remove offenders) is achieved by flooding the network in one of a number of ways:
- Large numbers of ‘useless’ transactions designed solely to fill the network with large numbers of transactions
- Splitting up a small number of transactions into a large number in order to occupy additional space in a block (for example, each Bitcoin block is limited to 1MB)
- Sending lots of transactions containing large amounts of data
A sufficient amount of these extra or harder to process blocks leads to a buildup of pending blocks (and transactions) as miners struggle to keep pace.
How do DoS attacks impact a distributed network?
DoS attacks disrupt or bring to a halt service delivery, which can erode trust and ultimately prevent users from accessing and using the network. Executed on a sufficient scale an attack will lead to longer processing times combined with higher fees (as users pay more to get their transactions confirmed quicker than spam transactions).
These attacks can have a significant impact. For example, a DoS attack from June to September 2015 flooded the Bitcoin network with hundreds of thousands of spam transactions which took up to 20 seconds to confirm per transaction. This was estimated by Baqer, Huang, McCoy and Weaver to have caused an increase in processing legitimate transactions from 0.33 to 2.67 hours while “average non-spam transaction fees also surged...51%”. The cost of the attack was estimated at just $49,000, highlighting the low resources required.
Other networks have also fallen prey, for example:
- Ethereum suffered from two exploits (known as EXTCODESIZE and SUICIDE) which were exposed by an attacker who clogged the network up with particular types of onerous yet very cheap transactions (free in the case of SUICIDE) that led to block processing times rising dramatically
- Monero fell victim to a spam attack in 2014 in which daily transactions increased from 1,750 to 3,255 ensuring transaction processing times slowed dramatically
DoS attacks also lead to longer synchronization times and increased resource requirements (such as wasted hard drive space) for nodes. Not all nodes can handle these increased resource requirements and are forced offline as a result. Nodes can also be targeted directly, a particularly problematic attack for networks with limited numbers of ‘full’ nodes. As a Delegated Proof of Stake (DPoS) system generally has a small amount of elected leaders (as little as 11), simultaneously taking out enough validators could cause severe disruption. A DoS attack could also be launched against elected leaders so they are forced offline, allowing the attacker to be elected instead.
A DoS attack could also target mining pools in a Proof of Work implementation. This could either be to reduce the total mining power available in order to make it easier for a malicious actor to mine the block reward themselves, or to decrease the total hashpower of the network to make 51% attacks an easier and cheaper proposition.
Finally, the wider ecosystem forms an additional attack vector. For example, a DoS attack against the Bitcoin network took on the form of ‘Transaction Malleability,’ which is where an attacker changes the transaction ID of a valid transaction and transmits that modified transaction. This causes difficulties for exchanges who are no longer able to be confident that a transaction is valid. This, as happened with Bitcoin, can cause exchanges to block transactions and bring the network to a halt.
How are DoS attacks prevented?
Most permissionless distributed networks such as Bitcoin have inbuilt mechanisms to counter DoS attacks. They charge fees for transactions, making it costly for would be bad actors to launch assaults via spam transactions. Most also have the ability to automatically kick suspected bad nodes, either by banning them from the network, or by refusing to accept a node’s connections. They might also limit the blocksize or ignore certain atypical transactions for which no honest actor would likely have a use for.
Networks can also plug holes following attacks. For example, Ethereum removed the specific transaction that allowed for the spate of cheap but complex spam transactions, while Monero increased the minimum transaction fee from 0.005 XMR to 0.1 to increase the cost of continuing the attack.
However, as with DDoS or DoS attacks against other forms of networks and machines, the attack tends to be cheap and easy to deploy, and preventing them can be difficult. Permissionless distributed networks are also often unable to discern between spam and legitimate transactions or take action given their censorship resistant nature.
As with 51% attacks, preventing DoS attacks completely may not be possible. Rather, the goal is to ensure would be attackers must expend sufficiently high amounts of resources to make attacks economically unviable.