SABRE: Protecting Bitcoin against Routing Attacks

by   Maria Apostolaki, et al.

Routing attacks remain practically effective in the Internet today as existing countermeasures either fail to provide protection guarantees or are not easily deployable. Blockchain systems are particularly vulnerable to such attacks as they rely on Internet-wide communication to reach consensus. In particular, Bitcoin -the most widely-used cryptocurrency- can be split in half by any AS-level adversary using BGP hijacking. In this paper, we present SABRE, a secure and scalable Bitcoin relay network which relays blocks worldwide through a set of connections that are resilient to routing attacks. SABRE runs alongside the existing peer-to-peer network and is easily deployable. As a critical system, SABRE design is highly resilient and can efficiently handle high bandwidth loads, including Denial of Service attacks. We built SABRE around two key technical insights. First, we leverage fundamental properties of inter-domain routing (BGP) policies to host relay nodes: (i) in locations that are inherently protected against routing attacks; and (ii) on paths that are economically preferred by the majority of Bitcoin clients. These properties are generic and can be used to protect other Blockchain-based systems. Second, we leverage the fact that relaying blocks is communication-heavy, not computation-heavy. This enables us to offload most of the relay operations to programmable network hardware (using the P4 programming language). Thanks to this hardware/software co-design, SABRE nodes operate seamlessly under high load while mitigating the effects of malicious clients. We present a complete implementation of SABRE together with an extensive evaluation. Our results demonstrate that SABRE is effective at securing Bitcoin against routing attacks, even with deployments as small as 6 nodes.


page 1

page 2

page 3

page 4


Decentralized Lightweight Detection of Eclipse Attacks on Bitcoin Clients

Clients of permissionless blockchain systems, like Bitcoin, rely on an u...

Attacking with bitcoin: Using Bitcoin to Build Resilient Botnet Armies

We focus on the problem of botnet orchestration and discuss how attacker...

Tithonus: A Bitcoin Based Censorship Resilient System

Providing reliable and surreptitious communications is difficult in the ...

Securing Internet Applications from Routing Attacks

Attacks on Internet routing are typically viewed through the lens of ava...

Bandwidth-Efficient Transaction Relay for Bitcoin

Bitcoin is a top-ranked cryptocurrency that has experienced huge growth ...

D-LNBot: A Scalable, Cost-Free and Covert Hybrid Botnet on Bitcoin's Lightning Network

While various covert botnets were proposed in the past, they still lack ...

Exploring Spatial, Temporal, and Logical Attacks on the Bitcoin Network

In this paper, we explore the partitioning attacks on the Bitcoin networ...

Please sign up or login with your details

Forgot password? Click here to reset