Skip to main content
SpringerLink
Log in

Bijack: Breaking Bitcoin Network with TCP Vulnerabilities

  • Conference paper
  • First Online:
Computer Security – ESORICS 2023 (ESORICS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14346))

Included in the following conference series:

  • 601 Accesses

Abstract

Recent studies have shown that compromising Bitcoin’s peer-to-peer network is an effective way to disrupt the Bitcoin service. While many attack vectors have been uncovered such as BGP hijacking in the network layer and eclipse attack in the application layer, one significant attack vector that resides in the transport layer is largely overlooked. In this paper, we investigate the TCP vulnerabilities of the Bitcoin system and their consequences. We present Bijack, an off-path TCP hijacking attack on the Bitcoin network that is able to terminate Bitcoin connections or inject malicious data into the connections with only a few prior requirements and a limited amount of knowledge. This results in the Bitcoin network topology leakage, and the Bitcoin nodes isolation.

We measured the real Bitcoin network and discovered that more than 1700 (27%) of the reachable Bitcoin nodes are vulnerable to our attack whose physical locations are spread across the world. We evaluated the efficiency and impacts of the Bijack attack in real-world settings, and the results show that Bijack successfully realizes several fatal Bitcoin attacks without too much effort.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Alexander, G., Espinoza, A.M., Crandall, J.R.: Detecting TCP/IP connections via IPID hash collisions. Proc. Priv. Enhancing Technol. 2019, 4 (2019)

    Google Scholar 

  2. Apostolaki, M., Maire, C., Vanbever, L.: Perimeter: a network-layer attack on the anonymity of cryptocurrencies. In: Borisov, N., Diaz, C. (eds.) FC 2021, Part I 25. LNCS, vol. 12674, pp. 147–166. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-662-64322-8_7

    Chapter  Google Scholar 

  3. Apostolaki, M., Zohar, A., Vanbever, L. Hijacking bitcoin: routing attacks on cryptocurrencies. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 375–392. IEEE (2017)

    Google Scholar 

  4. Armknecht, F., Karame, G.O., Mandal, A., Youssef, F., Zenner, E.: Ripple: overview and outlook. In: Conti, M., Schunter, M., Askoxylakis, I. (eds.) Trust 2015. LNCS, vol. 9229, pp. 163–180. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22846-4_10

    Chapter  Google Scholar 

  5. Biryukov, A., Khovratovich, D., Pustogarov, I.: Deanonymisation of clients in bitcoin P2P network. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 15–29 (2014)

    Google Scholar 

  6. Borman, D., Braden, B., Jacobson, V.: RFC 7323: TCP extensions for high performance (2014)

    Google Scholar 

  7. Boverman, A.: Timejacking & Bitcoin. Culubas Blog (2011)

    Google Scholar 

  8. Buterin, V., et al.: A next-generation smart contract and decentralized application platform. White Paper 3, 37, 2–1 (2014)

    Google Scholar 

  9. Cao, Y., Qian, Z., Wang, Z., Dao, T., Krishnamurthy, S.V., Marvel, L.M.: Off-path TCP exploits: global rate limit considered dangerous. In: USENIX Security Symposium, pp. 209–225 (2016)

    Google Scholar 

  10. Cao, Y., Qian, Z., Wang, Z., Dao, T., Krishnamurthy, S.V., Marvel, L.M.: Off-path TCP exploits of the challenge ack global rate limit. IEEE/ACM Trans. Netw. 26(2), 765–778 (2018)

    Article  Google Scholar 

  11. BitcoinCore: CVE-2018-17144. https://bitcoincore.org/en/2018/09/20/notice/. Accessed May 2023

  12. Delgado-Segura, S., Bakshi, S., Pérez-Solà, C., Litton, J., Pachulski, A., Miller, A., Bhattacharjee, B.: TxProbe: discovering bitcoin’s network topology using orphan transactions. In: Goldberg, I., Moore, T. (eds.) FC 2019. LNCS, vol. 11598, pp. 550–566. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32101-7_32

    Chapter  Google Scholar 

  13. Dierks, T., Allen, C.: RFC 2246: the TLS protocol version 1.0 (1999)

    Google Scholar 

  14. Eyal, I., Sirer, E.G.: Majority is not enough: bitcoin mining is vulnerable. Commun. ACM 61(7), 95–102 (2018)

    Article  Google Scholar 

  15. Fan, W., Chang, S.-Y., Zhou, X., Xu, S.: ConMan: a connection manipulation-based attack against bitcoin networking. In: 2021 IEEE Conference on Communications and Network Security (CNS), pp. 101–109. IEEE (2021)

    Google Scholar 

  16. Fan, W., Wuthier, S., Hong, H.-J., Zhou, X., Bai, Y., Chang, S.-Y.: The security investigation of ban score and misbehavior tracking in bitcoin network. In: 2022 IEEE 42nd International Conference on Distributed Computing Systems (ICDCS), pp. 191–201. IEEE (2022)

    Google Scholar 

  17. Feng, X., Fu, C., Li, Q., Sun, K., Xu, K.: Off-path TCP exploits of the mixed IPID assignment. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pp. 1323–1335 (2020)

    Google Scholar 

  18. Feng, X., Li, Q., Sun, K., Fu, C., Xu, K.: Off-path TCP hijacking attacks via the side channel of downgraded IPID. IEEE/ACM Trans. Netw. 30(1), 409–422 (2021)

    Article  Google Scholar 

  19. Franzoni, F., Daza, V.: SoK: network-level attacks on the bitcoin P2P network. IEEE Access 10, 94924–94962 (2022)

    Article  Google Scholar 

  20. Gervais, A., Karame, G.O., Capkun, V., Capkun, S.: Is bitcoin a decentralized currency? IEEE Secur. Priv. 12(3), 54–60 (2014)

    Article  Google Scholar 

  21. Gervais, A., Karame, G.O., Wüst, K., Glykantzis, V., Ritzdorf, H., Capkun, S.: On the security and performance of proof of work blockchains. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 3–16 (2016)

    Google Scholar 

  22. Gervais, A., Ritzdorf, H., Karame, G.O., Capkun, S.: Tampering with the delivery of blocks and transactions in bitcoin. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 692–705 (2015)

    Google Scholar 

  23. Gilad, Y., Herzberg, A.: Off-path attacking the web. In: WOOT, pp. 41–52 (2012)

    Google Scholar 

  24. Gilad, Y., Herzberg, A.: Spying in the dark: TCP and Tor traffic analysis. In: Fischer-Hübner, S., Wright, M. (eds.) PETS 2012. LNCS, vol. 7384, pp. 100–119. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31680-7_6

    Chapter  Google Scholar 

  25. Gilad, Y., Herzberg, A.: Off-path TCP injection attacks. ACM Trans. Inf. Syst. Secur. (TISSEC) 16(4), 1–32 (2014)

    Article  Google Scholar 

  26. Gilad, Y., Herzberg, A., Shulman, H.: Off-path hacking: the illusion of challenge-response authentication. IEEE Secur. Priv. 12(5), 68–77 (2013)

    Article  Google Scholar 

  27. Goode, B.: Voice over internet protocol (VoIP). Proc. IEEE 90(9), 1495–1517 (2002)

    Article  Google Scholar 

  28. Grundmann, M., Neudecker, T., Hartenstein, H.: Exploiting transaction accumulation and double spends for topology inference in bitcoin. In: Zohar, A., et al. (eds.) FC 2018. LNCS, vol. 10958, pp. 113–126. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-662-58820-8_9

    Chapter  Google Scholar 

  29. Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on bitcoin’s peer-to-peer network. In: 24th \(\{\)USENIX\(\}\) Security Symposium, \(\{\)USENIX\(\}\) Security 2015, pp. 129–144 (2015)

    Google Scholar 

  30. John, P.: Transmission control protocol. RFC 793 (1981)

    Google Scholar 

  31. Luckie, M., Beverly, R., Koga, R., Keys, K., Kroll, J.A., Claffy, K.: Network hygiene, incentives, and regulation: deployment of source address validation in the internet. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 465–480 (2019)

    Google Scholar 

  32. Miller, A., et al.: Discovering bitcoin’s public topology and influential nodes (2015)

    Google Scholar 

  33. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Decentralized Bus. Rev., 21260 (2008)

    Google Scholar 

  34. Naumenko, G.: Pr 18991: cache responses to Getaddr 3420 to prevent topology leaks. https://github.com/bitcoin/bitcoin/pull/18991. Accessed May 2020

  35. Nayak, K., Kumar, S., Miller, A., Shi, E.: Stubborn mining: generalizing selfish mining and combining with an eclipse attack. In: 2016 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 305–320. IEEE (2016)

    Google Scholar 

  36. Neudecker, T., Andelfinger, P., Hartenstein, H.: Timing analysis for inferring the topology of the bitcoin peer-to-peer network. In: 2016 International IEEE Conferences on Ubiquitous Intelligence & Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Cloud and Big Data Computing, Internet of People, and Smart World Congress (UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld), pp. 358–367. IEEE (2016)

    Google Scholar 

  37. National Institute of Standards and Technology: CVE-2020-36516. https://nvd.nist.gov/vuln/detail/CVE-2020-36516. Accessed May 2023

  38. Postel, J.: Internet control protocol. RFC 792 (1981)

    Google Scholar 

  39. Litecoin Project: Litecoin. https://litecoin.org. Accessed May 2023

  40. Raikwar, M., Gligoroski, D.: DoS attacks on blockchain ecosystem. In: Chaves, R., et al. (eds.) Euro-Par 2021: Parallel Processing Workshops, Euro-Par 2021. LNCS, vol. 13098, pp. 230–242. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-06156-1_19

  41. Ramaiah, A., Stewart, R., Dalal, M.: RFC 5961: improving TCP’s robustness to blind in-window attacks (2010)

    Google Scholar 

  42. Schuba, C.L., Krsul, I.V., Kuhn, M.G., Spafford, E.H., Sundaram, A., Zamboni, D.: Analysis of a denial of service attack on TCP. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy (Cat. No. 97CB36097), pp. 208–223. IEEE (1997)

    Google Scholar 

  43. Tran, M., Choi, I., Moon, G.J., Vu, A.V., Kang, M.S.: A stealthier partitioning attack against bitcoin peer-to-peer network. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 894–909. IEEE (2020)

    Google Scholar 

  44. Vasek, M., Thornton, M., Moore, T.: Empirical analysis of denial-of-service attacks in the bitcoin ecosystem. In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds.) FC 2014. LNCS, vol. 8438, pp. 57–71. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44774-1_5

    Chapter  Google Scholar 

  45. Walck, M., Wang, K., Kim, H.S.: TendrilStaller: block delay attack in bitcoin. In: 2019 IEEE International Conference on Blockchain (Blockchain), pp. 1–9. IEEE (2019)

    Google Scholar 

  46. Xiao, Y., Zhang, N., Lou, W., Hou, Y.T.: A survey of distributed consensus protocols for blockchain networks. IEEE Commun. Surv. Tut. 22(2), 1432–1465 (2020)

    Article  Google Scholar 

  47. Yeow, A. Bitnodes. https://bitnodes.io/nodes/#network-snapshot. Accessed April 2023

Download references

Acknowledgement

This work was supported in part by the US National Science Foundation under grants 2247560, 2154929, 1916902, and 2247561.

Author information

Authors and Affiliations

  1. Virginia Polytechnic Institute and State University, Blacksburg, VA, USA

    Shaoyu Li, Shanghao Shi, Chaoyu Zhang, Y. Thomas Hou & Wenjing Lou

  2. University of Kentucky, Lexington, KY, USA

    Yang Xiao

Authors
  1. Shaoyu Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shanghao Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yang Xiao
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chaoyu Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Y. Thomas Hou
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Wenjing Lou
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shaoyu Li .

Editor information

Editors and Affiliations

  1. University of California, Irvine, CA, USA

    Gene Tsudik

  2. University of Padua, Padua, Italy

    Mauro Conti

  3. Delft University of Technology, Delft, The Netherlands

    Kaitai Liang

  4. Delft University of Technology, Delft, The Netherlands

    Georgios Smaragdakis

A Appendix

A Appendix

1.1 A.1 IPID Assignment

IPID Assignment. The identification field (IPID) in the Internet Protocol (IP) serves as a unique identifier for each IP packet and it occupies 16 bits in the IP packet. The IPID is assigned by the sender to aid in assembling the fragments of a datagram because IP datagrams may be fragmented into multiple fragments for transmission over the network during the transmission process. The generation of the IPID can employ different algorithms or strategies, but it must be unique within the sender’s context. In certain versions, Linux employs a mixed IPID assignment method for packets [1]. There are two fundamental IPID assignment policies: the per-socket-based IPID assignment method and the 2048-globally-hash-based IPID assignment method, the former being specific to socket-based protocols such as TCP and UDP.

Per-Socket-Based IPID Assignment. This policy is specifically used for socket-based protocols such as TCP and UDP. A unique random value is initialized for each connection, and the counter is incremented by 1 each time it is used for transmitting a packet. This random counter makes it difficult for off-path attackers to infer the IPID value.

Hash-Based IPID Assignment. It involves assigning the IPID based on a hash counter. Linux has a total of 2048 hash counters, and the IPID is selected from one of these counters based on the hash value of four variables: the source IP address, destination IP address, the protocol number of the packet, and a random value generated by the Linux system. After the IPID value is copied from the selected counter, the counter is incremented by a uniform distribution value between 1 and the number of system ticks that have elapsed since the last packet transmission using the same counter.

Linux uses the Don’t Fragment (DF) flag in the IP protocol to differentiate between the two methods. Normally the TCP and UDP use per-socket-based IPID assignment and the DF’s value is one. For other network protocols (like ICMP), the DF is set as 0. For TCP, DF is set as 1 for TCP non-RST segments, enabling the MTU discovery (PMTUD) mechanism and signaling the use of the per-socket-based IPID assignment method, which is considered more secure. The IP examines the DF flag value set by the TCP protocol. If DF is 0, the hash-based IPID assignment method is used. If DF is 1 and the packet is not for a TCP SYN/ACK segment with both SYN and ACK flags set to 1 (assigned IPID of 0), the IP assigns the IPID using the per-socket-based method.

1.2 A.2 Bitcoin Network Measurement Procedure

We first scan all connectable nodes in the network based on the method in [47]. Then, we establish Bitcoin connections with these nodes for further testing. To reduce the bandwidth load on our node, we test only one Bitcoin node at a time and establish a connection with only that one Bitcoin node. Initially, we send malicious ICMP “Fragmentation Needed” messages to attempt to clear the DF flag. As for hash collision, we first observe the average rate m at which the tested node sends Bitcoin information to our node and the average IPID increment k between each message. Then, our scanner node sends forged ICMP messages with different source IP addresses to the tested node. For each source IP address, we will send the forged packets at a rate of \(n*m\) for the time period of 1/m. If we found that the IPID of a received Bitcoin message increased by \(n*m+k\) compared to the most recent previous one, we considered the tested node collided. To minimize errors caused by network latency or the randomness of the IPID increment, when we observe the IPID increment value in the range of \(n*m+k\), we repeat the test with the source IP address used for the collision to verify whether the collision really occurred.

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Li, S., Shi, S., Xiao, Y., Zhang, C., Hou, Y.T., Lou, W. (2024). Bijack: Breaking Bitcoin Network with TCP Vulnerabilities. In: Tsudik, G., Conti, M., Liang, K., Smaragdakis, G. (eds) Computer Security – ESORICS 2023. ESORICS 2023. Lecture Notes in Computer Science, vol 14346. Springer, Cham. https://doi.org/10.1007/978-3-031-51479-1_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-51479-1_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-51478-4

  • Online ISBN: 978-3-031-51479-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation