Skip to main content
SpringerLink
Log in
Book cover

Australasian Conference on Information Security and Privacy

ACISP 2019: Information Security and Privacy pp 307–321Cite as

Risk of Asynchronous Protocol Update: Attacks to Monero Protocols

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11547))

Abstract

In a cryptocurrency system, the protocol incorporated in the node application runs without human intervention. Cryptographic techniques are implemented to determine the ownership of the coins; they enable the owners to transfer the ownership of the coins to other users. Consensus protocols are employed to determine the source of the truth of the information contained in the public ledger called blockchain. When the protocol needs to be updated, all nodes need to replace the application with the newest release. We explore an event where an asynchronous protocol update opens a vulnerability in Monero nodes which have not yet updated to the newest software version. We show that a Denial of Service attack can be launched against the nodes running the outdated protocol, where the attack significantly reduces the system’ performance. We also show that an attacker, given a sufficient access to cryptocurrency services, is able to utilise the Denial of Service attack to launch a traceability attack.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Based on Coinmarketcap.com as of 4 February 2019.

  2. 2.

    https://monero-original.org.

  3. 3.

    http://monero-classic.org.

  4. 4.

    https://monero0.org.

  5. 5.

    As of 12 February 2019, no cryptocurrency exchange trades XMO. However, the market price history provided by Coinmarketcap.com shows that XMO were traded until 1 February 2019. Based on Coinmarketcap.com, XMC is currently available in Gate.io, HitBTC, and TradeOgre.

  6. 6.

    According to Monero0.org, the Monero0 nodes are: 159.65.227.38, 167.99.96.174, 159.65.113.142. Based on our investigation, all of these nodes were no longer accessible as of early February 2019.

  7. 7.

    https://github.com/monero-project/monero/pull/3205.

  8. 8.

    The open source software is available in Monero’s Github page https://github.com/monero-project/monero.

  9. 9.

    https://github.com/moneroexamples/onion-monero-blockchain-explorer.

  10. 10.

    https://github.com/shoupn/moneropy.

References

  1. Baqer, K., Huang, D.Y., McCoy, D., Weaver, N.: Stressing out: bitcoin “stress testing”. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 3–18. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4_1

    Chapter  Google Scholar 

  2. Bonneau, J., Miller, A., Clark, J., Narayanan, A., Kroll, J.A., Felten, E.W.: Sok: research perspectives and challenges for bitcoin and cryptocurrencies. In: 2015 IEEE Symposium on Security and Privacy, pp. 104–121. IEEE (2015)

    Google Scholar 

  3. Bradbury, D.: The problem with bitcoin. Comput. Fraud Secur. 11, 5–8 (2013)

    Article  Google Scholar 

  4. Monero Classic. Upgrade announcement of xmc (2018). http://monero-classic.org/open/notice_en.html

  5. cmaves. 0-conf possible attack using large transactions (2018). https://github.com/amiuhle/kasisto/issues/33

  6. cmaves. Possible mempool spam attack (2018). https://github.com/monero-project/monero/issues/3189

  7. dEBRYUNE. Pow change and key reuse (2018). https://ww.getmonero.org/2018/02/11/PoW-change-and-key-reuse.html

  8. Hinteregger, A., Haslhofer, B.: An empirical analysis of monero cross-chain traceability (2018). arXiv preprint arXiv:1812.02808

  9. jtgrassie. Why are there transactions in the mempool that are invalid or over 50 hours old? (2018). https://monero.stackexchange.com/a/8513

  10. Kumar, A., Fischer, C., Tople, S., Saxena, P.: A traceability analysis of monero’s blockchain. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 153–173. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_9

    Chapter  Google Scholar 

  11. Liu, J.K., Au, M.H., Susilo, W., Zhou, J.: Linkable ring signature with unconditional anonymity. IEEE Trans. Knowl. Data Eng. 26(1), 157–165 (2014)

    Article  Google Scholar 

  12. Liu, J.K., Wei, V.K., Wong, D.S.: Linkable spontaneous anonymous group signature for ad hoc groups. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 325–335. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-27800-9_28

    Chapter  Google Scholar 

  13. Monero. Monero XMR forks & hard forks. https://monero.org/forks/. Accessed 4 February 2019

  14. Monero. Monero project github page (2018). https://github.com/monero-project/monero. Accessed 4 February 2019

  15. Möser, M., et al.: An empirical analysis of traceability in the monero blockchain. Proc. Priv. Enhancing Technol. 2018(3), 143–163 (2018)

    Article  Google Scholar 

  16. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008). http://bitcoin.org/bitcoin.pdf

  17. Sun, S.-F., Au, M.H., Liu, J.K., Yuen, T.H.: RingCT 2.0: a compact accumulator-based (linkable ring signature) protocol for blockchain cryptocurrency monero. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 456–474. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_25

    Chapter  Google Scholar 

  18. Nicolas van Saberhagen. Cryptonote v 2.0 (2013) (2018). https://cryptonote.org/whitepaper.pdf

  19. Vasek, M., Thornton, M., Moore, T.: Empirical analysis of denial-of-service attacks in the bitcoin ecosystem. In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds.) FC 2014. LNCS, vol. 8438, pp. 57–71. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44774-1_5

    Chapter  Google Scholar 

  20. Wijaya, D.A., Liu, J., Steinfeld, R., Liu, D.: Monero ring attack: recreating zero mixin transaction effect. In: 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), pp. 1196–1201. IEEE (2018)

    Google Scholar 

  21. Wijaya, D.A., Liu, J., Steinfeld, R., Liu, D., Yuen, T.H.: Anonymity reduction attacks to monero. In: Guo, F., Huang, X., Yung, M. (eds.) Inscrypt 2018. LNCS, vol. 11449, pp. 86–100. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-14234-6_5

    Chapter  Google Scholar 

  22. Yu, Z., Au, M.H., Yu, J., Yang, R., Xu, Q., Lau, W.F.: New empirical traceability analysis of cryptonote-style blockchains (2019)

    Google Scholar 

  23. Zamyatin, A., Stifter, N., Judmayer, A., Schindler, P., Weippl, E., Knottenbelt, W.J.: A wild velvet fork appears! inclusive blockchain protocol changes in practice. In: Zohar, A., Eyal, I., Teague, V., Clark, J., Bracciali, A., Pintore, F., Sala, M. (eds.) FC 2018. LNCS, vol. 10958, pp. 31–42. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-662-58820-8_3

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Monash University, Melbourne, Australia

    Dimaz Ankaa Wijaya, Joseph K. Liu & Ron Steinfeld

  2. Data61, CSIRO, Sydney, Australia

    Dongxi Liu

Authors
  1. Dimaz Ankaa Wijaya
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Joseph K. Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ron Steinfeld
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dongxi Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dimaz Ankaa Wijaya .

Editor information

Editors and Affiliations

  1. Massey University, Palmerston North, New Zealand

    Julian Jang-Jaccard

  2. University of Wollongong, Wollongong, NSW, Australia

    Fuchun Guo

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wijaya, D.A., Liu, J.K., Steinfeld, R., Liu, D. (2019). Risk of Asynchronous Protocol Update: Attacks to Monero Protocols. In: Jang-Jaccard, J., Guo, F. (eds) Information Security and Privacy. ACISP 2019. Lecture Notes in Computer Science(), vol 11547. Springer, Cham. https://doi.org/10.1007/978-3-030-21548-4_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-21548-4_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-21547-7

  • Online ISBN: 978-3-030-21548-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation