Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
162 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Adversary-Augmented Simulation to evaluate fairness on HyperLedger Fabric (2403.14342v2)

Published 21 Mar 2024 in cs.CR, cs.DC, and cs.MA

Abstract: This paper presents a novel adversary model specifically tailored to distributed systems, aiming to assess the security of blockchain networks. Building upon concepts such as adversarial assumptions, goals, and capabilities, our proposed adversary model classifies and constrains the use of adversarial actions based on classical distributed system models, defined by both failure and communication models. The objective is to study the effects of these allowed actions on the properties of distributed protocols under various system models. A significant aspect of our research involves integrating this adversary model into the Multi-Agent eXperimenter (MAX) framework. This integration enables fine-grained simulations of adversarial attacks on blockchain networks. In this paper, we particularly study four distinct fairness properties on Hyperledger Fabric with the Byzantine Fault Tolerant Tendermint consensus algorithm being selected for its ordering service. We define novel attacks that combine adversarial actions on both protocols, with the aim of violating a specific client-fairness property. Simulations confirm our ability to violate this property and allow us to evaluate the impact of these attacks on several order-fairness properties that relate orders of transaction reception and delivery.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (67)
  1. S. S. Al-Riyami, K. G. Paterson et al., “Certificateless public key cryptography,” in Asiacrypt, vol. 2894.   Springer, 2003, pp. 452–473.
  2. A. Albshri, A. Alzubaidi, B. Awaji, and E. Solaiman, “Blockchain simulators: a systematic mapping study,” in 2022 IEEE International Conference on Services Computing (SCC).   IEEE, 2022, pp. 284–294.
  3. B. Alpern and F. B. Schneider, “Recognizing safety and liveness,” Distrib. Comput., vol. 2, no. 3, p. 117–126, sep 1987.
  4. Y. Amoussou-Guenou, A. D. Pozzo, M. Potop-Butucaru, and S. Tucci Piergiovanni, “Dissecting tendermint,” in Networked Systems - 7th International Conference, NETYS 2019, Marrakech, Morocco, June 19-21, 2019, Revised Selected Papers, ser. Lecture Notes in Computer Science, M. F. Atig and A. A. Schwarzmann, Eds., vol. 11704.   Springer, 2019, pp. 166–182.
  5. N. Andola, M. Gogoi, S. Venkatesan, S. Verma et al., “Vulnerabilities on hyperledger fabric,” Pervasive and Mobile Computing, vol. 59, p. 101050, 2019.
  6. E. Androulaki, A. Barger, V. Bortnikov, C. Cachin, K. Christidis, A. Caro, D. Enyeart, C. Ferris, G. Laventman, Y. Manevich, S. Muralidharan, C. Murthy, B. Nguyen, M. Sethi, G. Singh, K. Smith, A. Sorniotti, C. Stathakopoulou, M. Vukolic, and J. Yellick, “Hyperledger fabric: A distributed operating system for permissioned blockchains,” 01 2018.
  7. S. D. Angelis, G. Zanfino, L. Aniello, F. Lombardi, and V. Sassone, “Evaluating blockchain systems: A comprehensive study of security and dependability attributes,” in Proceedings of the 4th Workshop on Distributed Ledger Technology co-located with the Italian Conference on Cybersecurity 2022 (ITASEC 2022), Rome, Italy, June 20, 2022, ser. CEUR Workshop Proceedings, M. Pizzonia and A. Vitaletti, Eds., vol. 3166.   CEUR-WS.org, 2022, pp. 18–32. [Online]. Available: https://ceur-ws.org/Vol-3166/paper02.pdf
  8. A. Azfar, K.-K. R. Choo, and L. Liu, “An android social app forensics adversary model,” in 2016 49th Hawaii International Conference on System Sciences (HICSS).   IEEE, 2016, pp. 5597–5606.
  9. J. Barwise, “An introduction to first-order logic,” in HANDBOOK OF MATHEMATICAL LOGIC, ser. Studies in Logic and the Foundations of Mathematics, J. Barwise, Ed.   Elsevier, 1977, vol. 90, pp. 5–46.
  10. M. Bellare and P. Rogaway, “Entity authentication and key distribution,” in Annual international cryptology conference.   Springer, 1993, pp. 232–249.
  11. B. Bloessl, C. Sommer, F. Dressler, and D. Eckhoff, “The scrambler attack: A robust physical layer attack on location privacy in vehicular networks,” in 2015 International Conference on Computing, Networking and Communications (ICNC), 2015, pp. 395–400.
  12. N. Borisov, I. Goldberg, and D. Wagner, “Intercepting mobile communications: The insecurity of 802.11,” in Proceedings of the 7th Annual International Conference on Mobile Computing and Networking, ser. MobiCom ’01.   New York, NY, USA: Association for Computing Machinery, 2001, p. 180–189.
  13. C. Boyd and K. Viswanathan, “Towards a formal specification of the bellare-rogaway model for protocol analysis,” in Formal Aspects of Security, A. E. Abdallah, P. Ryan, and S. Schneider, Eds.   Berlin, Heidelberg: Springer Berlin Heidelberg, 2003, pp. 49–61.
  14. S. Brotsis, N. Kolokotronis, K. Limniotis, G. Bendiab, and S. Shiaeles, “On the security and privacy of hyperledger fabric: Challenges and open issues,” in 2020 IEEE World Congress on Services (SERVICES).   IEEE, 2020, pp. 197–204.
  15. R. Canetti and H. Krawczyk, “Analysis of key-exchange protocols and their use for building secure channels,” in Advances in Cryptology—EUROCRYPT 2001: International Conference on the Theory and Application of Cryptographic Techniques Innsbruck, Austria, May 6–10, 2001 Proceedings 20.   Springer, 2001, pp. 453–474.
  16. ——, “Universally composable notions of key exchange and secure channels,” in Advances in Cryptology — EUROCRYPT 2002, L. R. Knudsen, Ed.   Berlin, Heidelberg: Springer Berlin Heidelberg, 2002, pp. 337–351.
  17. CEA LICIA, “Multi-Agent eXperimenter (MAX),” https://cea-licia.gitlab.io/max/max.gitlab.io/, 2022.
  18. S. Chen and Q. Song, “Perimeter-based defense against high bandwidth ddos attacks,” IEEE Transactions on Parallel and Distributed Systems, vol. 16, no. 6, pp. 526–537, 2005.
  19. L. Cleghorn, “Network defense methodology: A comparison of defense in depth and defense in breadth,” 2013.
  20. R. Cramer, I. Damgrd, S. Dziembowski, M. Hirt, and T. Rabin, “Efficient multiparty computations secure against an adaptive adversary,” in Advances in Cryptology — EUROCRYPT ’99, J. Stern, Ed.   Berlin, Heidelberg: Springer Berlin Heidelberg, 1999, pp. 311–326.
  21. A. Dabholkar and V. Saraswat, “Ripping the fabric: Attacks and mitigations on hyperledger fabric,” in Applications and Techniques in Information Security: 10th International Conference, ATIS 2019, Thanjavur, India, November 22–24, 2019, Proceedings 10.   Springer, 2019, pp. 300–311.
  22. G. De Giacomo and M. Y. Vardi, “Linear temporal logic and linear dynamic logic on finite traces,” in Proceedings of the Twenty-Third International Joint Conference on Artificial Intelligence, ser. IJCAI ’13.   AAAI Press, 2013, p. 854–860.
  23. A. De Santis, Y. Desmedt, Y. Frankel, and M. Yung, “How to share a function securely,” in Proceedings of the Twenty-Sixth Annual ACM Symposium on Theory of Computing, ser. STOC ’94.   New York, NY, USA: Association for Computing Machinery, 1994, p. 522–533.
  24. A. Deshpande, P. Nasirifard, and H.-A. Jacobsen, “evibes: configurable and interactive ethereum blockchain simulation framework,” in Proceedings of the 19th International Middleware Conference (Posters), 2018, pp. 11–12.
  25. Q. Do, B. Martini, and K.-K. R. Choo, “Exfiltrating data from android devices,” Computers & Security, vol. 48, pp. 74–91, 2015.
  26. ——, “A data exfiltration and remote exploitation attack on consumer 3d printers,” IEEE Transactions on Information Forensics and Security, vol. 11, no. 10, pp. 2174–2186, 2016.
  27. ——, “Is the data on your wearable device secure? an android wear smartwatch case study,” Software: Practice and Experience, vol. 47, no. 3, pp. 391–403, 2017.
  28. ——, “The role of the adversary model in applied security research,” Computers and Security, vol. 81, pp. 156–181, 2019.
  29. D. Dolev and A. Yao, “On the security of public key protocols,” IEEE Transactions on information theory, vol. 29, no. 2, pp. 198–208, 1983.
  30. C. D’Orazio and K.-K. R. Choo, “An adversary model to evaluate drm protection of video contents on ios devices,” Computers & Security, vol. 56, pp. 94–110, 2016.
  31. C. Dwork, N. Lynch, and L. Stockmeyer, “Consensus in the presence of partial synchrony,” J. ACM, vol. 35, no. 2, p. 288–323, apr 1988.
  32. N. Elisa, L. Yang, F. Chao, N. Naik, and T. Boongoen, “A secure and privacy-preserving e-government framework using blockchain and artificial immunity,” IEEE Access, vol. 11, pp. 8773–8789, 2023.
  33. C. Faria and M. Correia, “Blocksim: blockchain simulator,” in 2019 IEEE International Conference on Blockchain (Blockchain).   IEEE, 2019, pp. 439–446.
  34. S. M. Fattahi, A. Makanju, and A. M. Fard, “Simba: An efficient simulator for blockchain applications,” in 2020 50th Annual IEEE-IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S).   IEEE, 2020, pp. 51–52.
  35. J. Ferber and O. Gutknecht, “Operational semantics of multi-agent organizations,” in Intelligent Agents VI. Agent Theories, Architectures, and Languages, N. R. Jennings and Y. Lespérance, Eds.   Berlin, Heidelberg: Springer Berlin Heidelberg, 2000, pp. 205–217.
  36. J. Ferber, O. Gutknecht, and F. Michel, “From agents to organizations: An organizational view of multi-agent systems,” in Agent-Oriented Software Engineering IV, P. Giorgini, J. P. Müller, and J. Odell, Eds.   Berlin, Heidelberg: Springer Berlin Heidelberg, 2004, pp. 214–230.
  37. M. J. Fischer, N. A. Lynch, and M. S. Paterson, “Impossibility of distributed consensus with one faulty process,” J. ACM, vol. 32, no. 2, pp. 374–382, Apr. 1985.
  38. V. J. Gawron, T. W. Dennison, and M. A. Biferno, “Mock-ups, models, simulations, and embedded testing,” Handbook of Human Factors Testing and Evaluation, 2019. [Online]. Available: https://api.semanticscholar.org/CorpusID:213064024
  39. T. Guggenberger, J. Sedlmeir, G. Fridgen, and A. Luckow, “An in-depth investigation of the performance characteristics of hyperledger fabric,” Computers & Industrial Engineering, vol. 173, p. 108716, 2022.
  40. Ö. Gürcan, “On using agent-based modeling and simulation for studying blockchain systems,” in JFMS 2020-Journées Francophones de la Modélisation et de la Simulation.   Cepaduès, 2020-isbn: 9782364937574, 2020.
  41. A. Hussain, J. Heidemann, and C. Papadopoulos, “A framework for classifying denial of service attacks,” in Proceedings of the 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, ser. SIGCOMM ’03.   New York, NY, USA: Association for Computing Machinery, 2003, p. 99–110.
  42. L. Lamport, “The part-time parliament,” ACM Trans. Comput. Syst., vol. 16, no. 2, p. 133–169, may 1998.
  43. C. M. Linn, M. Rajagopalan, S. Baker, C. Collberg, S. K. Debray, and J. H. Hartman, “Protecting against unexpected system calls,” in Proceedings of the 14th Conference on USENIX Security Symposium - Volume 14, ser. SSYM’05.   USA: USENIX Association, 2005, p. 16.
  44. LIRMM, “The multi-agent development kit (madkit),” https://www.madkit.net/madkit/index.php, 2022.
  45. E. Mahe, “Experiments on client fairness attacks over hyperledger fabric and tendermint,” https://gitlab.com/cea-licia/max/models/experiments/max.model.experiment.fabric_tendermint_client_fairness_attack, 03 2024.
  46. ——, “Implementation of an adversarial model in a peer to peer layer for max,” https://gitlab.com/cea-licia/max/models/networks/max.model.network.stochastic_adversarial_p2p, 01 2024.
  47. ——, “Simple hyperledger fabric model in max,” https://gitlab.com/cea-licia/max/models/ledgers/max.model.ledger.simplefabric, 03 2024.
  48. ——, “Simple tendermint model in max,” https://gitlab.com/cea-licia/max/models/ledgers/max.model.ledger.simplemint, 03 2024.
  49. A. Miller and R. Jansen, “{{\{{Shadow-Bitcoin}}\}}: Scalable simulation via direct execution of {{\{{Multi-Threaded}}\}} applications,” in 8th Workshop on Cyber Security Experimentation and Test (CSET 15), 2015.
  50. M. Q. Nguyen, D. Loghin, and T. T. A. Dinh, “Understanding the scalability of hyperledger fabric,” 2021.
  51. D. Ongaro and J. Ousterhout, “In search of an understandable consensus algorithm,” in Proceedings of the 2014 USENIX Conference on USENIX Annual Technical Conference, ser. USENIX ATC’14.   USA: USENIX Association, 2014, p. 305–320.
  52. R. Paulavičius, S. Grigaitis, and E. Filatovas, “A systematic review and empirical analysis of blockchain simulators,” IEEE access, vol. 9, pp. 38 010–38 028, 2021.
  53. R. Paulavičius, S. Grigaitis, and E. Filatovas, “A systematic review and empirical analysis of blockchain simulators,” IEEE Access, vol. 9, pp. 38 010–38 028, 2021.
  54. B. Podgorelec, V. Keršič, and M. Turkanović, “Analysis of fault tolerance in permissioned blockchain networks,” in 2019 XXVII International Conference on Information, Communication and Automation Technologies (ICAT), 2019, pp. 1–6.
  55. S. N. Premnath and Z. J. Haas, “Security and privacy in the internet-of-things under time-and-budget-limited adversary model,” IEEE Wireless Communications Letters, vol. 4, no. 3, pp. 277–280, 2015.
  56. S. B. B. Priyadarshini, A. B. Bagjadab, and B. K. Mishra, “Security in distributed operating system: A comprehensive study,” Cyber Security in Parallel and Distributed Computing: Concepts, Techniques, Applications and Case Studies, pp. 221–230, 2019.
  57. B. Putz and G. Pernul, “Detecting blockchain security threats,” in 2020 IEEE International Conference on Blockchain (Blockchain).   IEEE, 2020, pp. 313–320.
  58. D. Ray and J. Ligatti, “Defining code-injection attacks,” in Proceedings of the 39th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, ser. POPL ’12.   New York, NY, USA: Association for Computing Machinery, 2012, p. 179–190.
  59. M. Shimamura and K. Kono, “Yataglass: Network-level code emulation for analyzing memory-scanning attacks,” in Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, ser. DIMVA ’09.   Berlin, Heidelberg: Springer-Verlag, 2009, p. 68–87.
  60. R. Spreitzer, V. Moonsamy, T. Korak, and S. Mangard, “Systematic classification of side-channel attacks: A case study for mobile devices,” IEEE Communications Surveys & Tutorials, vol. 20, no. 1, pp. 465–488, 2018.
  61. L. Stoykov, K. Zhang, and H.-A. Jacobsen, “Vibes: fast blockchain simulations for large-scale peer-to-peer networks,” in Proceedings of the 18th ACM/IFIP/USENIX Middleware Conference: Posters and Demos, 2017, pp. 19–20.
  62. A. Teixeira, I. Shames, H. Sandberg, and K. H. Johansson, “A secure control framework for resource-limited adversaries,” Automatica, vol. 51, pp. 135–148, 2015.
  63. K. Wang and H. S. Kim, “Fastchain: Scaling blockchain system with informed neighbor selection,” in 2019 IEEE International Conference on Blockchain (Blockchain).   IEEE, 2019, pp. 376–383.
  64. S. Wang, M. Yang, Y. Zhang, Y. Luo, T. Ge, X. Fu, and W. Zhao, “On private data collection of hyperledger fabric,” in 2021 IEEE 41st International Conference on Distributed Computing Systems (ICDCS).   IEEE, 2021, pp. 819–829.
  65. M. Wazid, B. Bera, A. Mitra, A. K. Das, and R. Ali, “Private blockchain-envisioned security framework for ai-enabled iot-based drone-aided healthcare services,” in Proceedings of the 2nd ACM MobiCom workshop on drone assisted wireless communications for 5G and beyond, 2020, pp. 37–42.
  66. Y. Xiao, N. Zhang, W. Lou, and Y. T. Hou, “Modeling the impact of network connectivity on consensus security of proof-of-work blockchain,” in IEEE INFOCOM 2020-IEEE Conference on Computer Communications.   IEEE, 2020, pp. 1648–1657.
  67. R. Yasaweerasinghelage, M. Staples, and I. Weber, “Predicting latency of blockchain-based systems using architectural modelling and simulation,” in 2017 IEEE International Conference on Software Architecture (ICSA).   IEEE, 2017, pp. 253–256.
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now