[en] Recently, blockchains have been gathering a lot of interest. Many applications can benefit from the advantages of blockchains. Nevertheless, applications with more restricted privacy or participation requirements cannot rely on public blockchains. First, the whole blockchain can be downloaded at any time, thus making the data available to the public. Second, anyone can deploy a node, join the blockchain network and take part in the consensus building process. Private and consortium blockchains promise to combine the advantages of blockchains with stricter requirements on the participating entities. This is also the reason for the comparably small number of nodes that store and extend those blockchains. However, by targeting specific nodes, an attacker can influence how consensuses are reached and possibly even halt the blockchain operation. To provide additional security to the blockchain nodes, ChainGuard utilizes SDN functionalities to filter network traffic, thus implementing a firewall for blockchain applications. ChainGuard communicates with the blockchain nodes it guards to determine which origin of the traffic is legitimate. Packets from illegitimate sources are intercepted and thus cannot have an effect on the blockchain. As is shown with experiments, ChainGuard provides access control functionality and can effectively mitigate flooding attacks from several sources at once.
Disciplines :
Sciences informatiques
Auteur, co-auteur :
STEICHEN, Mathis ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
HOMMES, Stefan ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
STATE, Radu ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Co-auteurs externes :
no
Langue du document :
Anglais
Titre :
ChainGuard - A Firewall for Blockchain Applications using SDN with OpenFlow
Date de publication/diffusion :
2017
Nom de la manifestation :
2017 Principles, Systems and Applications of IP Telecommunications (IPTComm)
Date de la manifestation :
from 25-09-2017 to 28-09-2017
Manifestation à portée :
International
Titre de l'ouvrage principal :
ChainGuard - A Firewall for Blockchain Applications using SDN with OpenFlow
S. Nakamoto, "Bitcoin: A peer-To-peer electronic cash system," 2008.
Ethereum web site. Ethereum Foundation. [Online]. Available: https://www.ethereum.org/ (2017)
Bigchaindb web site. BigchainDB GMBH. [Online]. Available: https://www.bigchaindb.com/ (2017)
T. McConaghy, R. Marques, A. Mller, D. De Jonghe, T. T. Mc-Conaghy, G. McMullen, R. Henderson, S. Bellemare, and A. Granzotto, "Bigchaindb: A scalable blockchain database," 2017.
N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner, "Openflow: Enabling innovation in campus networks," SIGCOMM Comput. Commun. Rev., vol. 38, no. 2, pp. 69-74, Mar. 2008. [Online]. Available: http://doi.acm.org/10.1145/1355734.1355746
Y. Gu, A. McCallum, and D. Towsley, "Detecting anomalies in network traffic using maximum entropy estimation," in Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement (IMC?05). Berkeley, CA, USA: USENIX Association, 2005, pp. 32-32.
B. Pfaff, J. Pettit, T. Koponen, E. J. Jackson, A. Zhou, J. Rajahalme, J. Gross, A. Wang, J. Stringer, P. Shelar, K. Amidon, and M. Casado, "The design and implementation of open vswitch," in Proceedings of the 12th USENIX Conference on Networked Systems Design and Implementation, ser. NSDI?15. Berkeley, CA, USA: USENIX Association, 2015, pp. 117-130. [Online]. Available: http://dl.acm.org/citation.cfm?id=2789770.2789779
Open vswitch. Linux Foundation. [Online]. Available: http://openvswitch.org/ (2017)
S. A. Mehdi, J. Khalid, and S. A. Khayam, "Revisiting traffic anomaly detection using software defined networking," in Proceedings of the 14th International Conference on Recent Advances in Intrusion Detection (RAID?11). Berlin, Heidelberg: Springer-Verlag, 2011, pp. 161-180.
S. Schechter, J. Jung, and A. Berger, "Fast detection of scanning worm infections," in Recent Advances in Intrusion Detection (RAID?04), ser. Lecture Notes in Computer Science, E. Jonsson, A. Valdes, and M. Almgren, Eds. Springer Berlin Heidelberg, 2004, vol. 3224, pp. 59-81.
J. Twycross and M. M. Williamson, "Implementing and testing a virus throttle," in Proceedings of the 12th USENIX Security Symposium (SSYM?03), vol. 12. Berkeley, CA, USA: USENIX Association, 2003, pp. 20-20.
M. V. Mahoney, "Network traffic anomaly detection based on packet bytes," in Proceedings of the ACM Symposium on Applied Computing (SAC?03). New York, NY, USA: ACM, 2003, pp. 346-350.
Y. Wang, Y. Zhang, V. Singh, C. Lumezanu, and G. Jiang, "Netfuse: Short-circuiting traffic surges in the cloud," in IEEE International Conference on Communications (ICC), 2013.
C. Yu, C. Lumezanu, Y. Zhang, V. Singh, G. Jiang, and H. V. Madhyastha, "Flowsense: monitoring network utilization with zero measurement cost," in Proceedings of the 14th International Conference on Passive and Active Measurement (PAM?13). Berlin, Heidelberg: Springer-Verlag, 2013, pp. 31-41.
L. Jose, M. Yu, and J. Rexford, "Online measurement of large traffic aggregates on commodity switches," in Proceedings of the 11th USENIX Conference on Hot topics in Management of Internet, Cloud, and Enterprise Networks and Services (Hot-ICE?11). Berkeley, CA, USA: USENIX Association, 2011, pp. 13-13.
R. Braga, E. Mota, and A. Passito, "Lightweight DDoS flooding attack detection using NOX/OpenFlow," in 35th Conference on Local Computer Networks (LCN?10), Oct. 2010, pp. 408-415.
