TY - JOUR
T1 - Exploring the Attack Surface of Blockchain
T2 - A Comprehensive Survey
AU - Saad, Muhammad
AU - Spaulding, Jeffrey
AU - Njilla, Laurent
AU - Kamhoua, Charles
AU - Shetty, Sachin
AU - Nyang, Dae Hun
AU - Mohaisen, David
N1 - Publisher Copyright:
© 1998-2012 IEEE.
PY - 2020/7/1
Y1 - 2020/7/1
N2 - In this paper, we systematically explore the attack surface of the Blockchain technology, with an emphasis on public Blockchains. Towards this goal, we attribute attack viability in the attack surface to 1) the Blockchain cryptographic constructs, 2) the distributed architecture of the systems using Blockchain, and 3) the Blockchain application context. To each of those contributing factors, we outline several attacks, including selfish mining, the 51% attack, DNS attacks, distributed denial-of-service (DDoS) attacks, consensus delay (due to selfish behavior or distributed denial-of-service attacks), Blockchain forks, orphaned and stale blocks, block ingestion, wallet thefts, smart contract attacks, and privacy attacks. We also explore the causal relationships between these attacks to demonstrate how various attack vectors are connected to one another. A secondary contribution of this work is outlining effective defense measures taken by the Blockchain technology or proposed by researchers to mitigate the effects of these attacks and patch associated vulnerabilities.
AB - In this paper, we systematically explore the attack surface of the Blockchain technology, with an emphasis on public Blockchains. Towards this goal, we attribute attack viability in the attack surface to 1) the Blockchain cryptographic constructs, 2) the distributed architecture of the systems using Blockchain, and 3) the Blockchain application context. To each of those contributing factors, we outline several attacks, including selfish mining, the 51% attack, DNS attacks, distributed denial-of-service (DDoS) attacks, consensus delay (due to selfish behavior or distributed denial-of-service attacks), Blockchain forks, orphaned and stale blocks, block ingestion, wallet thefts, smart contract attacks, and privacy attacks. We also explore the causal relationships between these attacks to demonstrate how various attack vectors are connected to one another. A secondary contribution of this work is outlining effective defense measures taken by the Blockchain technology or proposed by researchers to mitigate the effects of these attacks and patch associated vulnerabilities.
KW - Blockchain
KW - applications
KW - attack surface
KW - peer-to-peer systems
KW - security
UR - http://www.scopus.com/inward/record.url?scp=85087333111&partnerID=8YFLogxK
U2 - 10.1109/COMST.2020.2975999
DO - 10.1109/COMST.2020.2975999
M3 - Article
AN - SCOPUS:85087333111
SN - 1553-877X
VL - 22
SP - 1977
EP - 2008
JO - IEEE Communications Surveys and Tutorials
JF - IEEE Communications Surveys and Tutorials
IS - 3
M1 - 9019870
ER -