Bitcoin Forum
May 08, 2024, 02:27:31 PM
Welcome,
Guest
. Please
login
or
register
.
News
: Latest Bitcoin Core release:
27.0
[
Torrent
]
Home
Help
Search
Login
Register
More
Bitcoin Forum
>
Local
>
中文 (Chinese)
>
媒体
>
研究者揭露比特币区块链安全漏洞,起因是节点过于集中
Pages: [
1
]
« previous topic
next topic »
Print
Author
Topic: 研究者揭露比特币区块链安全漏洞,起因是节点过于集中 (Read 146 times)
bornanke
(OP)
Member
Offline
Activity: 63
Merit: 10
研究者揭露比特币区块链安全漏洞,起因是节点过于集中
April 16, 2017, 06:04:52 PM
#1
在第38届电气与电子工程师协会(IEEE)安全与隐私讨论会中,希伯来大学的Aviv Zohar将分享一篇报告(币文库全文下载),详细解释如何通过互联网的路由架构对比特币区块链进行攻击。在报告中,Zohar和他的研究伙伴Maria Apostolaki及Laurent Vanbever展示了边界网关协议(BGP)能够攻击比特币的两种方式——分区攻击(partition attack)和延迟攻击(delayed attack)。
在分区攻击情况中,如果某网络服务供应商(ISP)是比特币网络中的重要部分唯一路径,就可能会有黑洞(网络木马)阻止双方(区块链和网络路由)的通讯。在这两座“孤岛”各自处理交易和挖比特币的同时,一旦入侵者再次对双方进行连接,那么除了舍弃已挖出的比特币、交易和挖矿收入就没有别的选择了。
研究者表示,从某种程度上来说,延迟攻击被认为是最坏的情况。因为和分区攻击不同,这种攻击是无法检测到的。商户在遭受这种攻击之后很容易进行双花(double-spending);矿工的交易处理能力也将被浪费,普通的节点也无法在区块链中正常传播。
对比特币开发者来说,这类问题很让他们头大,因为他们无法控制攻击向量(attack vector)以及BGP协议(这一协议决定数据包在网络中的传播路径)。
BGP是这个时代出现的简化产物,用于对接收信息的信任。某载体或者ISP网络中的一次有意或无意的错误都会对BGP路由信息产生不良影响,危及大部分网络流量。
这两种类型的攻击要想成功都需要一个内部知情人士提供ISP信息。尽管如此,它们仍然有着对比特币网络造成重大攻击的可能,很容易被忽略。比特币节点有聚集在一小部分ISP中的倾向。据估计,30%的比特币网络存在在13个主机中,60%的比特币流量在3个ISP中可见。
研究者曾提到,单单在2015年11月,BGP攻击就已经对百来个比特币节点造成了影响,占到了当时全网节点(447个节点)的8%。不过,报告中也提出了一些应对措施,其中大部分都能即刻进行部署,比如说确保节点连接的多样化,在选择节点的同时考虑路由条件以及“对比特币连接进行加密或者采用信息认证码(MAC)验证每条信息内容的真实性,这样就能加大延迟攻击的难度。”
加密货币资产交易所Shapeshift的首席信息安全官Michael Perklin说,比特币的设计初衷就是抵御攻击,就像互联网一样,它存在的理由是为了抵挡城市中的核攻击;通过节点的去中心化来确保单方面的失败是不存在的。Perklin表示,比特币区块链记录中包含的是每笔交易的细节。因此,一旦区块链和ISP的攻击被阻断,就会产生两种不同的记录。支付的撤销以及新币的销毁会造成共识的失败,这会对经济带来灾难性的影响。
Perklin总结道:
所幸ISP已经意识到了BGP在节点连接中的重要性,他们会定期采取措施防止相关攻击的出现。虽然这类攻击从理论上来说是行得通的(就像用蛮力算出私钥),我们还是可以放心,这些攻击在实际案例中是很难实施的,因为前提是攻击者有优先访问那些受到高度保护的设备的权限。
Pages: [
1
]
Print
Bitcoin Forum
>
Local
>
中文 (Chinese)
>
媒体
>
研究者揭露比特币区块链安全漏洞,起因是节点过于集中
« previous topic
next topic »
Jump to:
Please select a destination:
-----------------------------
Bitcoin
-----------------------------
=> Bitcoin Discussion
===> Legal
===> Press
===> Meetups
===> Important Announcements
=> Development & Technical Discussion
===> Wallet software
=====> Electrum
=====> Bitcoin Wallet for Android
=====> BitcoinJ
=====> Armory
=====> Mycelium
=====> Hardware wallets
=> Mining
===> Mining support
===> Pools
===> Mining software (miners)
===> Hardware
=====> Group buys
===> Mining speculation
=> Bitcoin Technical Support
=> Project Development
-----------------------------
Economy
-----------------------------
=> Economics
===> Speculation
=> Marketplace
===> Goods
=====> Computer hardware
=====> Digital goods
=======> Invites & Accounts
=====> Collectibles
===> Services
===> Currency exchange
===> Gambling
=====> Games and rounds
=====> Investor-based games
=====> Gambling discussion
===> Lending
=====> Long-term offers
===> Securities
===> Auctions
===> Service Announcements
=====> Micro Earnings
===> Service Discussion
=====> Web Wallets
=====> Exchanges
=> Trading Discussion
===> Scam Accusations
===> Reputation
-----------------------------
Other
-----------------------------
=> Meta
===> New forum software
===> Bitcoin Wiki
=> Politics & Society
=> Beginners & Help
=> Off-topic
=> Serious discussion
===> Ivory Tower
=> Archival
===> Корзина
===> CPU/GPU Bitcoin mining hardware
===> Chinese students
===> Obsolete (buying)
===> Obsolete (selling)
===> MultiBit
-----------------------------
Alternate cryptocurrencies
-----------------------------
=> Altcoin Discussion
=> Announcements (Altcoins)
===> Tokens (Altcoins)
=> Mining (Altcoins)
===> Pools (Altcoins)
=> Marketplace (Altcoins)
===> Service Announcements (Altcoins)
===> Service Discussion (Altcoins)
===> Bounties (Altcoins)
=> Speculation (Altcoins)
-----------------------------
Local
-----------------------------
=> العربية (Arabic)
===> العملات البديلة (Altcoins)
=====> النقاشات
===> إستفسارات و أسئلة المبتدئين
===> التعدين
===> النقاشات الأخرى
===> منصات التبادل
=> Bahasa Indonesia (Indonesian)
===> Marketplace (Bahasa Indonesia)
===> Mining (Bahasa Indonesia)
===> Altcoins (Bahasa Indonesia)
===> Trading dan Spekulasi
===> Ekonomi, Politik, dan Budaya
===> Topik Lainnya
=> Español (Spanish)
===> Mercado y Economía
=====> Servicios
=====> Trading y especulación
===> Hardware y Minería
===> Esquina Libre
===> Mercadillo
=====> Mexico
=====> Argentina
=====> España
=====> Centroamerica y Caribe
===> Primeros pasos y ayuda
===> Altcoins (criptomonedas alternativas)
=====> Minería de altcoins
=====> Servicios
=====> Tokens (Español)
=> 中文 (Chinese)
===> 跳蚤市场
===> 山寨币
===> 媒体
===> 挖矿
===> 离题万里
=> Hrvatski (Croatian)
===> Trgovina
===> Altcoins (Hrvatski)
=====> Announcements (Hrvatski)
===> Off-topic (Hrvatski)
=> Deutsch (German)
===> Anfänger und Hilfe
===> Mining (Deutsch)
===> Trading und Spekulation
===> Projektentwicklung
===> Off-Topic (Deutsch)
===> Treffen
===> Presse
===> Altcoins (Deutsch)
=====> Announcements (Deutsch)
===> Marktplatz
=====> Auktionen
=====> Suche
=====> Biete
=> Ελληνικά (Greek)
===> Αγορά
===> Mining Discussion (Ελληνικά)
===> Altcoins (Ελληνικά)
=====> Altcoin Announcements (Ελληνικά)
=====> Altcoin Mining (Ελληνικά)
=> עברית (Hebrew)
=> Français
===> Actualité et News
===> Débutants
===> Discussions générales et utilisation du Bitcoin
===> Mining et Hardware
===> Économie et spéculation
===> Place de marché
=====> Échanges
=====> Produits et services
=====> Petites annonces
===> Le Bitcoin et la loi
===> Wiki, documentation et traduction
===> Développement et technique
===> Vos sites et projets
===> Hors-sujet
===> Altcoins (Français)
=====> Annonces
=> India
===> Mining (India)
===> Marketplace (India)
===> Regional Languages (India)
===> Press & News from India
===> Alt Coins (India)
===> Buyer/ Seller Reputations (India)
===> Off-Topic (India)
=> Italiano (Italian)
===> Guide (Italiano)
===> Progetti
===> Discussioni avanzate e sviluppo
===> Trading, analisi e speculazione
===> Mercato
=====> Mercato valute
=====> Beni
=====> Servizi
=====> Esercizi commerciali
=====> Hardware/Mining (Italiano)
=====> Gambling (Italiano)
===> Accuse scam/truffe
===> Mining (Italiano)
===> Alt-Currencies (Italiano)
=====> Annunci
===> Raduni/Meeting (Italiano)
===> Crittografia e decentralizzazione
===> Off-Topic (Italiano)
=> 日本語 (Japanese)
===> アルトコイン
=> Nederlands (Dutch)
===> Markt
===> Gokken/lotterijen
===> Mining (Nederlands)
===> Beurzen
===> Alt Coins (Nederlands)
===> Off-topic (Nederlands)
===> Meetings (Nederlands)
=> Nigeria (Naija)
===> Politics and society (Naija)
===> Off-topic (Naija)
=> 한국어 (Korean)
===> 대체코인 Alt Coins (한국어)
=> Pilipinas
===> Altcoins (Pilipinas)
=====> Altcoin Announcements (Pilipinas)
===> Pamilihan
===> Others (Pilipinas)
=> Polski
===> Tablica ogłoszeń
===> Alternatywne kryptowaluty
=====> Nowe kryptowaluty i tokeny
=====> Tablica ogłoszeń (altcoiny)
=> Português (Portuguese)
===> Primeiros Passos (Iniciantes)
===> Economia & Mercado
===> Mineração em Geral
===> Desenvolvimento & Discussões Técnicas
===> Criptomoedas Alternativas
===> Brasil
===> Portugal
=> Русский (Russian)
===> Новички
===> Бизнес
=====> Барахолка
=====> Обменники
===> Идеи
===> Кодеры
===> Майнеры
===> Политика
===> Трейдеры
===> Альтернативные криптовалюты
=====> Токены
=====> Бayнти и aиpдpoпы
===> Хайпы
===> Работа
===> Разное
===> Oбcyждeниe Bitcoin
=====> Новости
=====> Юристы
=> Română (Romanian)
===> Anunturi importante
===> Offtopic
===> Market
=====> Discutii Servicii
===> Minerit
===> Tutoriale
===> Bine ai venit!
===> Presa
===> Altcoins (Monede Alternative)
=====> Anunturi Monede Alternative
=> Skandinavisk
=> Türkçe (Turkish)
===> Bitcoin Haberleri
===> Pazar Alanı
===> Madencilik
===> Ekonomi
===> Servisler
=====> Fonlar
===> Proje Geliştirme
===> Alternatif Kripto-Paralar
=====> Madencilik (Alternatif Kripto-Paralar)
=====> Duyurular (Alternatif Kripto-Paralar)
===> Konu Dışı
===> Yeni Başlayanlar & Yardım
===> Buluşmalar
=> Other languages/locations
Loading...