Your Node Vs. The Digital Wilderness


More than 50 years after the first Internet message, peer networks are still rare animals in the Internet jungle. Bitcoin’s ability to provide an open currency depends on its peer-to-peer architecture, and across the board it’s under attack that the social network—the way peers find and connect with each other—is the most vulnerable. There are two places where problems can occur: the Bitcoin protocol itself, and the internet protocols that the Bitcoin protocol relies on. In this analysis the Core has the dual responsibility of preventing Denial of Service (DOS) vectors that can be exploited between nodes, and enabling nodes to communicate securely in hostile Internet environments.

P2P

“Governments are good at cutting the heads of state-controlled networks like Napster, but P2P networks like Gnutella and Tor seem to be doing their own thing.”

– Satoshi, Nov 7, 2008 (1)

The P2P protocol involves how nodes exchange information about events, blocks, and other peers. This exchange of information is necessary before any action or confirmation of the agreement, therefore it is very important.

There have been several bugs in the area over the years. In 2017, for example, a malicious SOCKS server vulnerability was linked and disclosed (2). This “buffer overflow” vulnerability can lead to various attacks: hacking a node, injecting malicious payloads, or changing information on a node. In 2020, a number of threats were reported and modified where a remote partner can block addresses, increasing the blocked list quadratically, thus with DOS at point (3). The threat was not revealed until 2024. The problem is correctly described as a “high risk” since the attack is easy to carry out, the result leads to the loss of work of the node, and it has few requirements to be successful. This is the kind of bug that keeps Core developers up at night, and why it’s recommended to update your node to keep it cached (old versions of Core are not cached/updated).

This network that we call Bitcoin remains small: the number of clearnet nodes hovers around 20k nodes, and even if we only take 100k TOR nodes, we still have a small network, easy to monitor. Recently, Daniela Brozzoni and Naiyoma showed (4) that if a node runs with clearnet and Tor, it is difficult to map IPv4 and Tor addresses. It is possible that this has already been done by information agencies and chainalysis companies. It is easy to identify which nodes publish the transaction first, and remove the original IP of the transaction, as well as the location. Although this is not a mistake, since the point is not valid or wrong, it can be considered as a risk, because it provides a way to bind the IP address given to the commercial.

How best to avoid this is an open question.

Bad Web Sites

“We build our computers like we build our cities. Over time, without plan, on top of ruins.” – Ellen Ullman (5)

Bitcoin runs on the Internet, and its ability to remain a distributed and decentralized system depends on the content of the Internet. Unfortunately, the architecture of the Internet as we know it today is still vulnerable, with known attacks being used frequently. Most of these attacks go unnoticed until the damage is done, and this is not to mention the authorities that enter the Internet today.

A common and useful problem that you need to be concerned about is called an eclipse attack, where the peers are malicious, and they feed the actual form of the chain or network to the affected node. This attack group is very important in distributed systems, if you control the peers of a node, you control its detection in the network. Ethan Heilman and his colleagues presented one of the first eclipse events on Bitcoin at USENIX 2015 (6), and in 2018, an Erebus presentation paper describes a “nonsense” eclipse attack through a malicious Autonomous System (AS) (7).

These attacks exploit weaknesses in the way networks communicate with each other, such as ASs routing topology or through a protocol called Border Gateway Protocol (BGP). Although there are advanced security measures for the BGP-BGPsec protocol, RPKI-all have limitations that are well understood, leaving network administrators looking for stronger solutions. Until then, the internet will remain in the west.

A recent analysis by cedarctic at Chaincode Labs found that Bitcoin nodes reside within 4551 ASs, the subset of networks that make up the Internet. He describes the threats that can cause damage to the eclipse by disrupting the upper AS where the nodes work (8). The small distribution of nodes between ASs and the specific relationships between ASs creates a unique attack vector. Despite the update, it is not clear whether this vector was already understood by bitcoiners or their enemies.

Any attack that relies on disrupting one or more ASs requires resources, communications, and expertise to execute. Although no successful attacks of this type have been reported on Bitcoin, such attacks have been successfully launched against miners (9), wallets (10), exchange platforms (11), and bridges (12). Although we do not maintain the Internet, we may have the tools to work in these difficult environments.

Network Armory

Below are some of the features and functions that Bitcoin Core has developed or integrated resources to help users overcome the problem of the Internet:

TOR (The Onion Channel) it is the oldest privacy-focused network integrated into Bitcoin Core. It creates hops between peer-to-peer networks to disrupt traffic.

v2 transport (13) it hides peer-to-peer communications, hiding traffic from censors. Its purpose is to prevent network eavesdroppers from monitoring your communications with other nodes.

I2P (Invisible Internet Project (14)) is an optional part of Core that supports an additional, private, hidden layer for personal connections. It is an anonymous Tor network that relies on peers to intercept traffic between clients and servers.

ASmap (15) is another optional Core feature that helps mitigate the Erebus attack that the authors previously described in the paper, and it also applies to all AS attacks. By informing the Bitcoin system to know the AS that the peers are from in order to ensure the difference between the peers, the eclipse is very difficult, because the attacker has to compromise many AS, which is suspicious and impossible without detection. Bitcoin Core supports the mapping of IP networks to their AS (AS map) since Core 20.0, and the Kartograf project enables any user to easily create an ASmap.

Since the Internet will continue to be more vulnerable, one of the things we can do is look at what our friends are doing in an attempt to identify the worst. This is the motivation behind it peer review activity and 0xb10c (16). It provides a complete eBPF logging system (a way to see the smallest details in a program running on an operating system) to see what’s going on, including peer behavior. It also gives you everything you need to build your own logging machine.

Bitcoin Should Be Stronger

Having the ability to connect with your friends and exchange messages is a key factor that keeps Bitcoin alive.

Bitcoin operates in a multi-modal adversarial environment, in which many threats are based on the limitations of the network architecture itself. If Bitcoin is to survive and prosper, developers and users must learn to navigate these strange waters.

The price of an open network is to be forever vigilant.

Get your copy of The Core Issue today!

Don’t miss your chance to join them Core Story – featuring articles written by many Core Developers explaining their own DIY projects!

This piece is a Letter from the Editor that was recently featured Print it issue of Bitcoin Magazine, The Core Issue. We share it here as a preliminary look at the ideas explored throughout the article.

(0) https://web.mit.edu/gtmarx/www/connect.html

(1) https://satoshi.nakamotoinstitute.org/emails/cryptography/4/

(2) https://bitcoincore.org/en/2019/11/08/CVE-2017-18350/

(3) https://bitcoincore.org/en/2024/07/03/disclose-unbounded-banlist/

(4) https://delvingbitcoin.org/t/fingerprinting-nodes-via-addr-requests/1786/

(5) https://en.wikiquote.org/wiki/Ellen_Ullman

(6) https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-heilman.pdf

(7) https://ihchoi12.github.io/assets/tran2020stealthier.pdf

(8) https://delvingbitcoin.org/t/eclipsing-bitcoin-nodes-with-bgp-interception-attacks/1965

(9) https://www.theregister.com/2014/08/07/bgp_bitcoin_mining_heist/

(10) https://www.theverge.com/2018/4/24/17275982/myetherwallet-hack-bgp-dns-hijacking-stolen-ethereum

(11) https://medium.com/s2wblog/post-mortem-of-klayswap-incident-through-bgp-hijacking-en-3ed7e33de600

(12) www.coinbase.com/blog/celer-bridge-incident-analysis

(13) https://bitcoinops.org/en/topics/v2-p2p-transport/

(14) https://geti2p.net/en/

(15) https://asmap.org

(16) https://peer.observer

(13) https://github.com/asmap/kartograf



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending now

Breez SDK Implements Passkey Login For Seedless Bitcoin Wallets
XRP So Tired That Price Is About To Jump, Here’s The Goal
The S&P 500 is continuously indexed on Hyperliquid, bringing 24/7 exposure to the chain
Aster Expands WLFI Partnership, Launches USD1 Perpetual Trading