Another day goes by, another latest and greatest security breach affects the cryptocurrency world. The attacks range from phishing campaigns scamming prominent crypto personalities of their NFT (Non-fungible tokens) stashes to attackers exploiting crypto protocols and encryption algorithms to extract tokens out of various crypto ecosystems. What I have always been fascinated about is the breadth and depth of crypto attacks and exploits.
With this blog post, I would like to shed light on the components of cryptocurrency infrastructure and how to threat model these various elements. This way, attacks on the crypto attack surface can be better understood and hopefully predicted.
Cryptocurrency Fundamentals and the Underlying Blockchain Technologies
To understand the crypto attack surface let’s first review the blockchain technology this currency is based on. Blockchains make it possible to maintain distributed, decentralized, and immutable digital ledgers. Digital ledgers are also used by regular “fiat” banks to keep track of money going in and out of accounts.The main difference to a blockchain digital ledger is that it is decentralized – meaning that it is not maintained and kept by a central banking authority. This ledger is copied, distributed, and maintained by each “node” on a blockchain network.
The design of the blockchain offers certain promises that are fulfilled at various levels:
- Anonymity: Asset ownership and transaction creation are tied to a cryptographic address rather than to a real-world identity.
- Decentralization: The primary objective of blockchain technology is to create a distributed, decentralized digital ledger
- Fault tolerance: Blockchain systems are not based on the client-server architecture, but rather on the peer-to-peer architecture, which guarantees the decentralization of the system and its fault tolerance since no single node is essential to the network communication.
- Immutability: Each copy of the digital ledger is distributed and immutable once blocks and transactions are agreed upon.
- Transparency: All transactions and block creation is transparent to all the parties involved in the network, even though the parties involved are anonymous.
- Trustless: The blockchain systems do not require trust in a centralized authority. The blockchain nodes do not need to trust each other and the system is resistant against a certain number of “traitors” since each transaction is verified before adding it to the ledger.
The following are the essential components of a blockchain environment:
- Blockchain network: Blockchain systems use a peer-to-peer network topology of nodes. Transactions and blocks are propagated across the network via multiple redundant hops. Each node in the network can then store and process the transactions for inclusion in a new block or blocks it receives for inclusion in its copy of the distributed ledger.
- Blockchain node: Each node in the network is responsible for maintaining and updating a complete copy of the digital ledger, which consists of chains of blocks. Additionally, the node may be involved in the process of creating new blocks. Also, each node can be responsible for running “smart contracts” which are distributed “programs” that run on each node in the network inside “virtual machines” with instructions included in each new block added to the chain.
- Blockchain block: Blocks are the fundamental components of the blockchain. The block header is the portion of the block that actually is part of the blockchain. Each block header contains metadata about a block, including the root hash of the block’s “Merkle tree”. Block headers are then chained together using hash functions, with each block header containing the hash of the previous block. Hash functions are collision resistant, meaning that it is infeasible to find two inputs that produce the same hash output. By including the previous block hash in each block header, the blockchain makes it infeasible to change one block without also changing every block following it. That makes it much more difficult to forge blocks and attempt to rewrite the history of the distributed ledger. The body of a block contains a list of transactions within the block.
- Blockchain transactions: The transactions in a block body are organized into a Merkle tree; the leaf nodes of this tree contain the hashes of transactions and all internal nodes contain the hash of their two children. A transaction in the blockchain can include multiple transfers of value between different accounts. At a minimum, an input to a blockchain transaction must contain a source address, amount, and digital signature, which means that it was authorized by an account owner.
Leveraging the STRIDE Threat Model in Cryptocurrency
Maintaining a blockchain distributed digital ledger while not relying on a centralized authority, which is at the same time synced with the rest of the nodes of the network relies heavily on cryptographic primitives. These are hash functions and public key cryptography to ensure confidentiality, integrity, and availability of data.
Blockchain distributed ledger systems are defined as a set of protocols rather than specific implementations. The various software implementations of these protocols might contain security vulnerabilities.
Each node on a blockchain network independently maintains and updates its own copy of the digital ledger. For this to work, these nodes require the ability to synchronize their updates and reach consensus on the current state of the digital ledger. In other words, consensus algorithms are used by blockchains networks to select who is going to create and/or verify the next created block that will host transactions.
For our security threat modeling exercise – designed to help with identifying potential security threats to a system – we are going to use the STRIDE threat model to explore blockchain security threats. STRIDE – created by Microsoft – stands for:
- Spoofing – a malicious user masquerades as a legitimate user
- Tampering – deleting or changing stored data, such as transactions.
- Repudiation – the ability to accurately attribute actions to a particular user
- Information disclosure – the sharing/revealing of sensitive information
- Denial of Service – degrading and destroying a system’s ability to perform its function
- Elevation of Privilege – an attacker’s ability to gain access to protected functionality without proper authorization
In terms of the blockchain fundamental components’ threat modeling, we can start off with the threat modeling of cryptography primitives and algorithms, including hash functions and public key cryptography:
- Spoofing compromised private keys enables an attacker to masquerade as a user and generate blockchain transactions on their behalf.
- Tampering a hash function collision in the blocks’ chains, a Merkle tree, or digital signature can break the immutability of the distributed ledger. This depends on the protocol selection of the hash function, which might not be collision-resistant.
- Information Disclosure of a compromised private key could allow decryption of messages intended for the owner of a blockchain account.
- Elevation of privileges of a compromised private key provides unauthorized access to a user’s blockchain account.
The blockchain’s fundamental data structures are transactions and blocks, which might be under the attacker’s control, including:
- Spoofing: Exploitation of injection vulnerabilities in block explorers (websites designed to provide visibility into block contents and transactions) in terms of compromising private keys. These are then used to masquerade as the user and perform transactions on their behalf.
- Tampering: Transaction malleability can allow an attacker to change the hash and transaction ID of unconfirmed transactions, changing how they are recorded on the blockchain.
- Denial of Service: Malformed transactions or blocks can be used to crash vulnerable nodes.
- Elevation of Privileges: Theft of private keys through block explorer injection attacks can grant unauthorized access to user accounts.
Threat Modeling Blockchain Protocols
Blockchain protocols are designed to incentivize the nodes in the blockchain network to work in its best interests while assuming that a certain percentage of nodes are greedy and potentially malicious.
Each copy of the distributed digital ledger is maintained and synchronized by each node. This synchronization is accomplished through “consensus” algorithms. These algorithms formalize the process by which the creator of the next block in the blockchain is selected. Two kind of consensus algorithms are used in blockchain:
- Proof of Work – Algorithms designed to make it difficult to create a valid block but easy to validate one. A valid block is one whose header hashes to a value less than a certain threshold. Proof of Work valid block miners use a high quantity of computation power to perform more valid hash calculations which are valid within a certain range. The more hash calculations they are able to perform, the higher the probability that they are the one who finds a valid version of the current block. Miners are then rewarded with a certain amount of cryptocurrency to find a valid block. The threshold used to determine whether or not a block is valid is based on the current difficulty target. This can change over time as the total hash rate of the blockchain network (the total computational power) grows or shrinks. The goal is to set the difficulty target so that the network is able to create a new valid block at a set rate. As more computational power comes online by miners, the difficulty target is increased every two weeks so that it is more difficult to generate a valid block.
- Proof of Stake – Algorithms in which the next block creator is selecting a crypto owner that “stakes” or deposits more cryptocurrency. As long as that cryptocurrency remains staked, the user has the opportunity to be selected to create blocks. Proof of Stake works a lot like buying stocks in a company, which gives you the right to receive dividends payments as long as somebody keeps ownership of the stock. The Proof of Stake algorithms fall in two categories: randomized block selection, where the probability of being selected as a block creator is proportional to the cryptocurrency stake; or age-based selection, where the probability of being selected as a block creator is proportional to both the cryptocurrency stake and the time of the stake.
Most blockchain consensus attacks are designed to help an attacker achieve a 51% attack or otherwise increase their control over the digital ledger. Some of the impacts of these are attacks are:
- Tampering: 51% attacks allow the digital ledger to be rewritten, breaking blockchain immutability.
- Repudiation: 51% attacks permit double-spend attacks that allow an attacker to overwrite and repudiate past valid transactions.
- Denial of Service: An attacker can artificially raise the difficulty threshold of a Proof of Work blockchain, slowing block operation. A 51% attacker can refuse to add transactions to the blockchain, blocking them from being added to the digital ledger.
- Elevation of Privileges: 51%, long-range, selfish mining and SPV mining attacks are designed to provide an attacker with complete or elevated control over the state of the digital ledger.
Threat Modeling Blockchain Block Creation
Blockchain block creation is done in phases. The following are the phases to create a new block:
- Transaction Transmission
- Block Creator Selection
- Block Building
- Block Transmission
- Block Validation
Attacks against block creation using the STRIDE framework fall in the following categories:
- Tampering: Frontrunning attacks are designed to allow later transactions to be processed before earlier ones, changing the impacts of these transactions.
- Denial of Service: An attacker can perform a denial of service attack in various ways, slowing or stopping block creation and the addition of transactions to the digital ledger.
- Elevation of Privileges: SPV mining provides an attacker with an increased probability of creating blocks and greater control over the contents of the digital ledger.
Threat Modeling Blockchain Infrastructure
As we discussed earlier, the blockchain system is composed of the following components:
Attacks to blockchain nodes can be divided in the following categories:
- Spoofing: Blockchain malware can steal private keys or modify transactions to perform actions on behalf of a blockchain account.
- Tampering: Malware can be used to perform eclipse/routing attacks, which can enable 51% attacks and rewriting of the history of the distributed ledger.
- Information Disclosure: Theft of private keys by blockchain malware can allow the attacker to decrypt messages intended for the account owner.
- Denial of Service: Blockchain nodes can suffer DoS attacks in various ways, such as malware attacks or not being able to access the blockchain after a hard fork of the software due to a failure to apply updates.
- Elevation of Privileges: Blockchain malware can steal private keys, providing unauthorized access to a user’s account. Exploitation of injection vulnerabilities with malicious inputs could provide an attacker with access to or control over the underlying code.
Attacks to blockchain networks can be divided into the following categories:
- Tampering: Eclipse/routing attacks can help an attacker to perform a 51% attack, which rewrites the history of the distributed ledger.
- Repudiation: Eclipse/routing attacks can enable double-spends (conflicting transactions) and 51% attacks, allowing an attacker to repudiate past valid transactions.
- Denial of Service: Blockchain networks can fall victim to denial of service attacks in various ways.
- Elevation of Privileges: Eclipse/routing attacks can make a 51% attack achievable, granting the attacker control over the blockchain.
Other attacks and misconfigurations can be found in “Smart Contracts”, programs running in virtual machines in the network nodes in blockchains such as Ethereum.
This is just an overview of the blockchain structure and the corresponding threats affecting these components. There are more specific threat modeling topics for each component – such as vulnerability and threat modeling of smart contracts. Hopefully, this has provided you with an understanding of the sheer breadth of potential threats facing cryptocurrency and the infrastructure that supports it.
If you’re looking for more on cryptocurrency and vulnerability management, check out my article making a case for creating a crypto token to reward vulnerability remediation. I’m proposing that we incentivize organizations to maintain good vulnerability management habits as a way to increase organizational participation and buy-in.