Defense scheme for the world state based attack in Ethereum
Ethereum is taken as the representative platform of the second generation of blockchain system.Ethereum can support development of different distributed applications by running smart contracts.Local database is used to store the account state (named world state) for efficient validation of transacti...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2022-04-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2022013 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841529775058845696 |
|---|---|
| author | Zhen GAO Dongbin ZHANG Xiao TIAN |
| author_facet | Zhen GAO Dongbin ZHANG Xiao TIAN |
| author_sort | Zhen GAO |
| collection | DOAJ |
| description | Ethereum is taken as the representative platform of the second generation of blockchain system.Ethereum can support development of different distributed applications by running smart contracts.Local database is used to store the account state (named world state) for efficient validation of transactions, and the state root is stored in the block header to guarantee the integrity of the state.However, some researches revealed that the local database could be easily tempered with, and attackers can issue illegal transactions based on the modified account state to obtain illegitimate benefits.This world-state based security problem was introduced, and the preconditions for attack were analyzed.Compared with the two common security threats under the PoW (proof of work) consensus, it was found that when the attacker controls the same mining computing power, the world-state based attack brought higher risk, and the success rate approached 100%.In order to deal with this threat, a practical scheme for attack detection and defense was proposed accordingly.The secondary verification and data recovery process were added to the Ethereum source code.The feasibility and complexity of the proposed scheme was evaluated with single-machine multi-threading experiments.The proposed scheme improves Ethereum’s tolerance to malicious tampering of account state, and is applicable to other blockchain platforms applying local database for transaction validation, such as Hyperledger Fabric.In addition, the time and computational overhead brought by the proposed scheme are not prominent, so it has good applicability and induces acceptable impact on the performance of original system. |
| format | Article |
| id | doaj-art-2383bd826d3f4f748bec51826794f190 |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2022-04-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-2383bd826d3f4f748bec51826794f1902025-01-15T03:15:26ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2022-04-018647259570306Defense scheme for the world state based attack in EthereumZhen GAODongbin ZHANGXiao TIANEthereum is taken as the representative platform of the second generation of blockchain system.Ethereum can support development of different distributed applications by running smart contracts.Local database is used to store the account state (named world state) for efficient validation of transactions, and the state root is stored in the block header to guarantee the integrity of the state.However, some researches revealed that the local database could be easily tempered with, and attackers can issue illegal transactions based on the modified account state to obtain illegitimate benefits.This world-state based security problem was introduced, and the preconditions for attack were analyzed.Compared with the two common security threats under the PoW (proof of work) consensus, it was found that when the attacker controls the same mining computing power, the world-state based attack brought higher risk, and the success rate approached 100%.In order to deal with this threat, a practical scheme for attack detection and defense was proposed accordingly.The secondary verification and data recovery process were added to the Ethereum source code.The feasibility and complexity of the proposed scheme was evaluated with single-machine multi-threading experiments.The proposed scheme improves Ethereum’s tolerance to malicious tampering of account state, and is applicable to other blockchain platforms applying local database for transaction validation, such as Hyperledger Fabric.In addition, the time and computational overhead brought by the proposed scheme are not prominent, so it has good applicability and induces acceptable impact on the performance of original system.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2022013Ethereumworld statestate modificationinvalid transactionsattack detectionattack defensefault tolerance to state modification |
| spellingShingle | Zhen GAO Dongbin ZHANG Xiao TIAN Defense scheme for the world state based attack in Ethereum 网络与信息安全学报 Ethereum world state state modification invalid transactions attack detection attack defense fault tolerance to state modification |
| title | Defense scheme for the world state based attack in Ethereum |
| title_full | Defense scheme for the world state based attack in Ethereum |
| title_fullStr | Defense scheme for the world state based attack in Ethereum |
| title_full_unstemmed | Defense scheme for the world state based attack in Ethereum |
| title_short | Defense scheme for the world state based attack in Ethereum |
| title_sort | defense scheme for the world state based attack in ethereum |
| topic | Ethereum world state state modification invalid transactions attack detection attack defense fault tolerance to state modification |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2022013 |
| work_keys_str_mv | AT zhengao defenseschemefortheworldstatebasedattackinethereum AT dongbinzhang defenseschemefortheworldstatebasedattackinethereum AT xiaotian defenseschemefortheworldstatebasedattackinethereum |