The Eclipse Attack or Eclipse Attack is another of the known attacks in the world of cryptocurrencies. This consists of isolating and eclipsing the victims' network connection by flooding them with false data about the blockchain network of which they are part.
Unumber of attacks that can be carried out against networks blockchain it is the Eclipse Attack or Eclipse Attack. This is a type of attack that seeks to isolate and attack a specific user that is part of the network. All with the aim of being able to manipulate the data that the target receives from the network. In this way, any kind of malicious activity against the victim can be carried out.
Certainly the peer-to-peer networks (P2P) and blockchain technology are very secure, but absolute security does not exist. That is why in this new chapter of Bit2Me Academy we will explain everything about this type of attack, also knowing the means that exist to avoid it and protect yourself from it.
Anatomy of an Eclipse Attack
As we mentioned at the beginning, an Eclipse Attack, or Eclipse Attack, seeks to disconnect the victim from the valid data flow from the network. This in order for the victim to receive manipulated data from the attacker. Sounds pretty scary from a security standpoint, and it certainly is. But you may wonder why is it possible to carry out such an attack? Can they be avoided in any way?
Well, Firstly, these types of attacks are possible due to the structure and limitations of the peer-to-peer communication protocol that a blockchain uses.. More specifically it is due to the limitation in the number of connections and the safe selection of nodes.. For example, on the net Bitcoin the limit of outgoing connections (which you can establish with other remote nodes) is 8 connections. This means that each Bitcoin node is capable of maintaining bidirectional connections with 8 nodes at the same time. The cycle is repeated at each node, because this behavior is part of the protocol described in Bitcoin Core.
Now this represents both an advantage and a disadvantage. On the one hand, the advantage it presents is that, as there are few connections, little computing power and bandwidth are required. This opens the doors for anyone from anywhere in the world to have a Bitcoin node. With this decentralize the network and added security.
But the limitation of connections also has a disadvantage, and it is that it is relatively easy to hijack these connections. The effort required to accomplish this varies depending on the protections, the secure node selection process, and the size of the network. But basically all you need is a botnet under your control and detect the IP addresses from the rest of the network nodes. So when these nodes restart their connection to the network, the malicious nodes can intervene the connection and take control of the victim.
Consequences of this type of attack
The consequences of the Eclipse Attack or Eclipse Attack are varied and among them we can mention:
Exploit connections to control the network
Once a malicious actor has taken some control of the network, nothing stops him from further increasing that control. In fact, with each new node under your control, increasing your presence on the network becomes easier and easier. Once you have node management you can manipulate block commits as you please and even sabotage and trace network connections.
In the end, the attacker can even gain the power to manipulate the growth of the network by altering the blockchain ledger versions as they please.
Perform block race engineering
This is a highly specialized type of attack that can be performed on networks using the Proof of Work Protocol (PoW). This type of attack was pointed out in 2015 by researchers Ethan Heilman, Alison Kendler, Aviv Zohar, and Sharon Goldberg, in their work "Eclipse Attack on Bitcoin's Peer-to-Peer Network".
The explanation for the attack is that if two mineros they discover a block simultaneously; an attacker could use an eclipse attack for eclipsed miners to waste mining effort on orphan blocks. That would give the attacker the ability to mine his own blocks. In the end, the attacker ensures that his block is processed by the network under his control and receives the reward.
Another possibility is to divide the mining power of the network. In this way, the attacker could facilitate the launch of a 51% attack to help you rewrite the blockchain or ledger.
Finally, it also opens up the possibility of attacks by double-spending confirmation N. This means that an attacker can control a certain group of miners and from there report that the transaction has received a number of confirmations. This attack would, for example, allow a merchant to be deceived into thinking that the transaction for a service has been confirmed by the network. But in reality, it has been the victim of an elaborate eclipse attack.
Attacks on second layer protocols
Another consequence of this type of attack is that of making attacks on second layer protocols. That is, make vulnerable to protocols like Lightning Network, Omni Layer o RSK in Bitcoin. Or even to creations derived from smart contracts like all those executed on Ethereum, EOS o TRON.
This would be possible because an Eclipse Attack would trick its victim into seeing an unreal state of the network. For example, a Lightning payment channel would show as open to the victim, while the attacker has closed the channel, taking the funds with them. In the case of smart contracts, users would see inconsistent states of the blockchain.
Give rise to new and more dangerous Attack vectors
The Eclipse Attack is also the source of a more dangerous and far-reaching type of attack, the Erebus Attack. This attack is capable of executing a large-scale Eclipse Attack on the network, resulting in its partitioning. As a result, whoever performs an Erebus Attack is able to split the network and manage it as they wish, even being able to do a Denial of Services (DoS), perform a 51% Attack or create a blockchain hard fork.
The Erebus Attack is an attack described in 2019 by Muoi Tran, Inho Choi, Gi Jun Moon, Anh V.Vu and Min Suk Kang, from the National University of Singapore.
How can Eclipse Attacks or Eclipse Attacks be prevented on blockchain networks?
This attack has been known for a long time, in fact, they have been known since the very creation of the first peer-to-peer networks. For example, him Kademlia protocol he was susceptible to such attacks. However, this protocol implemented a series of measures to avoid them. Some of these measures are still being implemented today with some improvements. Among these measures we can mention:
Peer identification system
This system seeks that the peers in the network have a unique and unrepeatable ID. This is a way to create an ID tree that lets you know who's who on the network. In blockchain this is possible thanks to the use of asymmetric cryptography. However, this measure is insufficient since it is possible to run multiple nodes that use the same IP. For example, an attacker can create multiple nodes to control them and continue to apply their attack to the network.
Hence, this measure is complemented by a limitation of identities by IP, thus preventing this vector from being exploited.
Peer selection process
Another important point to avoid eclipse attacks is to have a reliable peer selection process for the network. For example, in Ethereum this process uses a protocol based on Kademlia. This allows Ethereum each item to be associated with a key and stored only in those peers whose node ID is "close" to its associated key. This "closeness" is defined as the Hamming binary distance between the key and the node ID.
In this way, the network ensures that it has a series of well-identified and related nodes.
Control incoming and outgoing connections
Another control measure applied in blockchain to control Eclipse Attacks is to control incoming and outgoing connections. For this, communication limits are established with the nodes of the network so that in the event of an attack on a node, it cannot affect a large part of the network. This prevents the area of action of a node from being too large and the attacker must control multiple nodes to carry out a successful attack. Additionally, the measure is being strengthened with the decentralization and expansion of the network.
These three protections in total are the most basic that all blockchain networks apply to their protocols. Their purpose is clear: to make an Eclipse Attack highly expensive. The application of all these mitigations implies that the attacker must make an enormous effort to control the network and carry out his attack. In fact, the larger the network to attack the more difficult it is to carry out this attack. Hence, the promoters of a blockchain always ask that complete nodes be installed to strengthen the network.
How much do you know, cryptonuta?
Are Eclipse Attacks easy to carry out?FALSE!
Bitcoin and the rest of blockchain networks are very clear about the risks of Eclipse Attacks on their networks. For this reason, they always look for mechanisms that help counteract these failures while maintaining the highest level of security possible.
Eclipse Attack vs Sybil Attack, differences between these attacks
Now there is a certain relationship between what is a Sybil attack and an Eclipse Attack, which we will explain below.
An Eclipse Attack takes place when the majority (if not all) of its peers are malicious and basically prevent it from being well connected to the network to obtain information about the transactions that take place on it. This is useful when an attacker wants to manipulate a transaction to make him believe that it has been successfully executed, when it has actually been manipulated.
In this way, the attacker will make a double expense and his victim will think that the transaction has been confirmed. In the end, when the attack ends and the victim contacts trusted nodes, they realize the attack and that the funds were never sent. While a Sybil Attack, on the other hand, is when a malicious actor tries to send spam to the network with nodes it controls trying to subvert the network's reputation system.
To summarize, an Eclipse Attack is aimed at only one party; while a Sybil Attack is targeted at the entire network.
How to avoid being victims of the Eclipse Attack or Eclipse Attack?
The best way to protect yourself from this type of attack is to take into account a series of recommendations. Among these we can highlight:
- Be sure to use a payment system and Wallets with good reputation. If possible, try to install a node of your own and use it to verify your transactions. In this way, you will not only help to secure the network but will also create a security measure to protect yourself from this type of attack.
- In any case, avoid accepting 0-conf payments or without confirmations. Remember that in this state, transactions can be manipulated in many ways and the eclipse attack is one of them.
- If you have a node own be sure to shield the same. The easiest way is to limit the number of incoming connections, a firewall that prevents these connections is a good way to start.
- You can also periodically review your node or wallet connections and create a list of trusted nodes for you to use at all times. This will avoid bitter surprises in the event that your node is connected to a malicious node that releases this type of attack on you or any other user on the network.
- Keep your wallets and nodes updated. Developers are aware of eclipse attacks and are always looking for ways to strengthen connection protocols. An update in this regard may provide them with a better defense against such attacks.
With these simple recommendations you can be better protected against these types of attacks and thus take care of your money and privacy.