区块链中区块截留攻击的研究与分析

区块截留攻击又称扣块攻击,是存在于区块链中的一种攻击方式,攻击者通过渗透进目标矿池中进行消极挖矿以达成破坏目标矿池的目的.简要介绍了挖矿机制和区块截留攻击的工作原理,总结了区块截留攻击的几种模型,并对现有的区块截留攻击模型的攻击方式和收益进行了研究,分析出其攻击效果.构造了一个在提升收益率的同时提升收益速度的区块截留攻...     

基于自适应零行列式策略的区块链矿池合作演化方法

矿工加入矿池是目前比特币挖矿最常见的方式。然而，比特币系统中存在矿池互相渗透攻击的现象，这将导致被攻击矿池的矿工收益减少，发起攻击的矿池算力降低，从而造成比特币系统的整体算力减小。针对矿池之间互相攻击，不合作挖矿的问题，提出自适应零行列式策略（AZD），采取"比较预期合作收益与背叛收益，选择促进高收益的策略"的思想促进矿池合作。首先，通过结合时序差分增强算法与零行列式策略的方法预测下一轮合作收益与背叛收益；其次，通过决策过程（DMP）选择策略进一步改变下一轮的合作概率和背叛概率；最后，通过迭代执行自适应零行列式策略，达到网络中矿池均互相合作、积极挖矿的目的。实验模拟表明，AZD策略与自适应策略相比，合作概率收敛为1的速度提高了36.54%；与零行列式策略相比，稳定度提高了50%。这个结果表明AZD策略能够有效促进矿工合作，提高合作收敛速率，保证矿池的稳定收益。     

采用工作量证明共识机制的区块链中挖矿攻击者间的“鲶鱼效应”

近年来,采用工作量证明共识机制(Proof of Work,PoW)的区块链被广泛地应用于以比特币为代表的数字加密货币中.自私挖矿攻击(Selfish mining)等挖矿攻击(Mining attack)策略威胁了采用工作量证明共识机制的区块链的安全性.在自私挖矿攻击策略被提出之后,研究者们进一步优化了单个攻击者的挖矿攻击策略.在前人工作的基础上,本文提出了新颖的两阶段挖矿攻击模型,该模型包含拥有单攻击者的传统自私挖矿系统与拥有两个攻击者的多攻击者系统.本文的模型同时提供了理论分析与仿真量化分析,并将两个攻击者区分为内部攻击者与外部攻击者.通过引入内部攻击者与外部攻击者的概念,本文指出传统自私挖矿系统转化为多攻击者系统的条件.本文进一步揭示了在多攻击者系统中两个攻击者将产生竞争并面临着“矿工困境”问题.攻击者间的竞争可被总结为“鲶鱼效应”:外部攻击者的出现导致内部攻击者的相对收益下降至多67.4%,因此内部攻击者需要优化攻击策略.本文提出了名为部分主动发布策略的全新挖矿攻击策略,相较于自私挖矿策略,该策略是半诚实的攻击策略.在特定场景下,部分主动发布策略可以提高攻击者的相对收益并破解攻击者面临的“矿工困境”问题.     

基于交易记录特征的自私挖矿检测方案

自私挖矿攻击是一种挖矿策略,存在基于工作量证明（PoW,proof of work）机制的区块链中。自私矿工通过延迟区块广播的时机来截取其他矿工的挖矿奖励,以此获得比正常情况下更多的收益。这种攻击对工作量证明机制的激励相容性造成了破坏。近年来,自私挖矿这一攻击行为被研究者从许多角度进行了研究和分析。然而这一挖矿策略利用了工作量证明机制区块链在网络延迟方面存在的缺陷,使得采用这一挖矿策略的矿工在行为上与正常挖矿行为没有明显的区别,导致当前缺少可以有效检测出自私挖矿行为的方案。因此,提出了一种自私挖矿的检测方案,该检测方案创新性地利用了区块链中区块的高度和区块中的交易记录特征,可以做到对网络中的自私挖矿行为进行实时检测,有一定的实用价值。所提检测方案为生成的新区块定义了一个状态值,这个状态值与区块中包含的交易数量、支付给矿工的交易费用等数据有关。根据这些特征值间的数学关系,可以判断出该区块是否来自自私矿工。通过仿真实验测试了攻击者在不同算力下,该检测方案的检测情况。结果表明,所提检测方案在判断区块是否来自自私挖矿时,有86.02%以上的检测准确率,可以有效地对自私挖矿产生的区块进行检测。     

基于策略梯度算法的工作量证明中挖矿困境研究

针对区块链中工作量证明（PoW）共识机制下区块截留攻击导致的挖矿困境问题，将矿池间的博弈行为视作迭代的囚徒困境（IPD）模型，采用深度强化学习的策略梯度算法研究IPD的策略选择。利用该算法将每个矿池视为独立的智能体（Agent），将矿工的潜入率量化为强化学习中的行为分布，通过策略梯度算法中的策略网络对Agent的行为进行预测和优化，最大化矿工的人均收益，并通过模拟实验验证了策略梯度算法的有效性。实验发现，前期矿池处于相互攻击状态，平均收益小于1，出现了纳什均衡的问题；经过policy gradient算法的自我调整后，矿池由相互攻击转变为相互合作，每个矿池的潜入率趋于0，人均收益趋于1。实验结果表明，policy gradient算法可以解决挖矿困境的纳什均衡问题，最大化矿池人均收益。     

区块链中矿池选择策略的研究与分析

在基于工作量证明（proof of work,PoW）的区块链网络中,矿工通常选择加入矿池。由于存在多个矿池并且不同的矿池拥有的算力不同以及可能采取不同的奖励机制,所以矿工可以在不同的矿池中获得不同的收益。针对矿工面临的矿池选择问题,建立了一个基于风险决策准则的矿池选择模型,研究了矿池算力和奖励机制对矿工最优选择策略的影响。首先计算了矿工在不同矿池中的收益,给出收益矩阵;其次分别利用最大可能性准则和期望值准则得出最优选择策略;最后通过仿真实验,对提出的策略进行了验证分析。实验结果表明,提出的策略与简单策略相比,在绝大多数情况下能为矿工带来更高的收益。     

区块链多矿池恶意攻击模型研究

区块链中针对交易的双花攻击是区块链安全的研究重点,矿池作为大的算力集合有潜在的作恶行为,其中多个矿池结合起来可通过不同攻击形式对交易进行双花攻击,给区块链带来巨大的安全隐患。基于多矿池的恶意攻击组合方式,提出两种多矿池恶意攻击模型。首先,在多矿池集中攻击模型中,多个矿池算力聚合为一个恶意算力集,集中对区块链双花攻击。其次,多矿池分散攻击模型中,每个矿池为独立恶意算力集,分散同步对区块链算力攻击;此外结合矿池数量、算力占比等参量,模拟推导两种多矿池模型内部运行机制;基于该机制,构建两种攻击模型的安全性约束。实验验证了两种矿池攻击模型的有效性,数据化呈现两种多矿池攻击模型异同以及攻击规律。最后,结合理论模型和实验结果分析给出防控策略。     

区块链中的自私挖掘研究与分析

自私挖掘是区块链中的一种挖掘策略,通过选择性地公布挖到的区块以“增加”自己的收益。针对目前区块链挖掘中的自私挖掘行为破坏正常挖掘过程、浪费算力的问题,给出了基于概率的SAPV决策模型。首先总结了针对区块链的典型攻击,详细分析自私挖掘的过程,得到自私挖掘过程中出现的不同状态,计算了自私挖掘在不同状态下的概率分布。为增大自私挖掘的相对收益份额,给出了通过求解自私与诚实挖掘概率大小的方法来决定是否公布隐藏的区块。实验模拟了不同算力下自私挖掘池的相对收益,分析了不同算力对矿池收益的影响,最后给出了保证系统诚实节点安全运行的算力阈值,为区块链安全的进一步研究提供参考价值。     

虚拟货币挖矿木马行为监测技术研究与应用

近年来,在利益驱动下通过传播挖矿木马程序,利用受害者主机算力进行挖矿获取虚拟货币的行为愈演愈烈。从攻击者视角分析了挖矿木马的暴力爆破、漏洞利用、木马植入、横向传播等典型攻击路径,基于挖矿协议的流量识别、威胁情报匹配、攻击链模型关联分析、AI基因模型监测等开展技术研究,结合研究成果进行了实际网络流量监测应用,为挖矿木马的防范和治理提供思考与借鉴。     

基于网络流量的挖矿行为检测识别技术研究

针对国内现有挖矿行为检测识别技术的准确性不高、缺少具体挖矿行为证据等问题,提出了一种基于网络流量的挖矿行为检测识别模型和多维度挖矿指纹特征提取方法,该模型通过对Stratum、Getwork等矿池协议的指令特征提取分析,能够高效准确地实现对挖矿行为的自动检测识别,并提炼出多维度的挖矿指纹特征,包括挖矿指令、矿池币种、软件型号、挖矿账号、算力、能耗等信息。实验结果表明,该模型能够准确识别相关挖矿行为并分析得出其多维度挖矿指纹特征,算力特征识别的准确性为95%左右,总体的挖矿行为检测识别的准确性为91.73%,为虚拟货币挖矿检测提供一种精准有效的解决方案。     

Optimal mixed block withholding attacks based on reinforcement learning

The vulnerabilities in cryptographic currencies facilitate the adversarial attacks. Therefore, the attackers have incentives to increase their rewards by strategic behaviors. Block withholding attacks (BWH) are such behaviors that attackers withhold blocks in the target pools to subvert the blockchain ecosystem. Furthermore, BWH attacks may dwarf the countermeasures by combining with selfish mining attacks or other strategic behaviors, for example, fork after withholding (FAW) attacks and power adaptive withholding (PAW) attacks. That is, the attackers may be intelligent enough such that they can dynamically gear their behaviors to optimal attacking strategies. In this paper, we propose mixed-BWH attacks with respect to intelligent attackers, who leverage reinforcement learning to pin down optimal strategic behaviors to maximize their rewards. More specifically, the intelligent attackers strategically toggle among BWH, FAW, and PAW attacks. Their main target is to fine-tune the optimal behaviors, which incur maximal rewards. The attackers pinpoint the optimal attacking actions with reinforcement learning, which is formalized into a Markov decision process. The simulation results show that the rewards of the mixed strategy are much higher than that of honest strategy for the attackers. Therefore, the attackers have enough incentives to adopt the mixed strategy.     

Aydos等基于椭圆曲线密码学无线认证协议的安全性

最近,Aydos等人提出了基于椭圆曲线密码学的无线认证协议．该协议使用了椭圆曲线数字签名算法和Diffie—Hellman密钥交换方案提供相互认证并协商会话密钥用于随后的通信。Mangipudi等人指出该协议对于来自系统内部攻击者的中间人攻击是脆弱的．进一步证明Aydos等人的协议对于来自任何攻击者的中间人攻击都是脆弱的,而不仅限于内部攻击者．最后,分析了Aydos等人的协议受到攻击的原因和其他一些安全缺陷．     

Secure Dynamic Identity-Based Authentication Scheme Using Smart Cards

ABSTRACT

In 2004, Das et al. proposed a dynamic identity-based remote user authentication scheme using smart cards. This scheme allows users to choose and change their passwords freely, and the server does not maintain any verification table. Das et al. claimed that their scheme is secure against stolen verifier attack, replay attack, forgery attack, dictionary attack, insider attack and identity theft. However, many researchers have demonstrated that Das et al.'s scheme is susceptible to various attacks. Furthermore, this scheme does not achieve mutual authentication and thus cannot resist malicious server attack. In 2009, Wang et al. argued that Das et al.'s scheme is susceptible to stolen smart card attack. If an attacker obtains the smart card of the user and chooses any random password, the attacker gets through the authentication process to get access of the remote server. Therefore, Wang et al. suggested an improved scheme to preclude the weaknesses of Das et al.'s scheme. However, we found that Wang et al.'s scheme is susceptible to impersonation attack, stolen smart card attack, offline password guessing attack, denial of service attack and fails to preserve the user anonymity. This paper improves Wang et al.'s scheme to resolve the aforementioned problems, while keeping the merits of different dynamic identity based smart card authentication schemes.     

Keyword guessing attacks on secure searchable public key encryption schemes with a designated tester

The first searchable public key encryption scheme with designated testers (dPEKS) known to be secure against keyword guessing attacks was due to Rhee et al. [H.S. Rhee, W. Susilo, and H.J. Kim, Secure searchable public key encryption scheme against keyword guessing attacks, IEICE Electron. Express 6(5) (2009), pp. 237–243]. Recently, some dPEKS schemes, including the Rhee et al. scheme, were found to be vulnerable to keyword guessing attacks by a malicious server. However, the Rhee et al. dPEKS scheme and its improved variants are still known to be secure against keyword guessing attack by the outsider attacker to date. In this paper, we present a keyword guessing attack by the outsider attacker on the existing dPEKS schemes. We first describe the attack scenario which is possible in the current nature of the Internet and public key encryption with keyword search applications, e.g. email routing. We then demonstrate the detailed attack steps on the Rhee et al. scheme as an attack instance. We emphasize that our attack is generic and it equally applies to all existing dPEKS schemes that claim to be secure against keyword guessing attacks by the outsider attacker.     

Improved preimage attack on one-block MD4

MD4 is a hash function designed by Rivest in 1990. The design philosophy of many important hash functions, such as MD5, SHA-1 and SHA-2, originated from that of MD4. We propose an improved preimage attack on one-block MD4 with the time complexity 2⁹⁵ MD4 compression function operations, as compared to the 2^{107 1} complexity of the previous attack by Aoki et al. (SAC 2008). The attack is based on previous methods, but introduces new techniques. We also use the same techniques to improve the pseudo-preimage and preimage attacks on Extended MD4 with 2^25.2 and 2^12.6 improvement factor, as compared to previous attacks by Sasaki et al. (ACISP 2009).     

对两种无需证书的数字签名方案的分析及改进

指出樊睿等人的基于无证书的代理签名方案和明洋等人的基于无证书的广义指定验证者签名方案都无法抵抗替换公钥攻击,同时樊睿等人的方案也无法抵抗原始签名人改变攻击,攻击者可以伪造一个他授权代理签名人对相同消息的代理签名,此外,还指出明洋等人在安全性证明中将重放技术直接应用在无证书环境中是不正确的。通过将代理授权证书和用户的公钥作为密码哈希函数的输入,使攻击者无法替换用户的公钥及更改代理授权证书,改进方案有效提高了原方案的安全性,同时保留了原方案的其他优点。     

Difficulty control for blockchain-based consensus systems

Crypto-currencies like Bitcoin have recently attracted a lot of interest. A crucial ingredient into such systems is the “mining” of a Nakamoto blockchain. We model mining as a Poisson process with time-dependent intensity and use this model to derive predictions about block times for various hash-rate scenarios (exponentially rising hash rate being the most important). We also analyse Bitcoin’s method to update the “network difficulty” as a mechanism to keep block times stable. Since it yields systematically too fast blocks for exponential hash-rate growth, we propose a new method to update difficulty. Our proposed method performs much better at ensuring stable average block times over longer periods of time, which we verify both in simulations of artificial growth scenarios and with real-world data. Besides Bitcoin itself, this has practical benefits particularly for systems like Namecoin. It can be used to make name expiration times more predictable, preventing accidental loss of names.