ChainGuard - A Firewall for Blockchain Applications using SDN with OpenFlow

Steichen, Mathis; Hommes, Stefan; State, Radu

Request a copy

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

ChainGuard - A Firewall for Blockchain Applications using SDN with OpenFlow

Steichen, Mathis; Hommes, Stefan; State, Radu

2017 • In ChainGuard - A Firewall for Blockchain Applications using SDN with OpenFlow

Peer reviewed

Permalink
https://hdl.handle.net/10993/36864

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

ieee_xplore_version_08169748.pdf

Publisher postprint (571.16 kB)

Request a copy

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Abstract :

[en] Recently, blockchains have been gathering a lot of interest. Many applications can benefit from the advantages of blockchains. Nevertheless, applications with more restricted privacy or participation requirements cannot rely on public blockchains. First, the whole blockchain can be downloaded at any time, thus making the data available to the public. Second, anyone can deploy a node, join the blockchain network and take part in the consensus building process. Private and consortium blockchains promise to combine the advantages of blockchains with stricter requirements on the participating entities. This is also the reason for the comparably small number of nodes that store and extend those blockchains. However, by targeting specific nodes, an attacker can influence how consensuses are reached and possibly even halt the blockchain operation. To provide additional security to the blockchain nodes, ChainGuard utilizes SDN functionalities to filter network traffic, thus implementing a firewall for blockchain applications. ChainGuard communicates with the blockchain nodes it guards to determine which origin of the traffic is legitimate. Packets from illegitimate sources are intercepted and thus cannot have an effect on the blockchain. As is shown with experiments, ChainGuard provides access control functionality and can effectively mitigate flooding attacks from several sources at once.

Disciplines :

Computer science

Author, co-author :

Steichen, Mathis ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Hommes, Stefan ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

State, Radu ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

External co-authors :

Language :

English

Title :

ChainGuard - A Firewall for Blockchain Applications using SDN with OpenFlow

Publication date :

2017

Event name :

2017 Principles, Systems and Applications of IP Telecommunications (IPTComm)

Event date :

from 25-09-2017 to 28-09-2017

Audience :

International

Main work title :

ChainGuard - A Firewall for Blockchain Applications using SDN with OpenFlow

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

Available on ORBilu :

since 08 October 2018

Statistics

Number of views

152 (12 by Unilu)

Number of downloads

8 (6 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

WoS citations^™

Bibliography

S. Nakamoto, "Bitcoin: A peer-To-peer electronic cash system," 2008.
Ethereum web site. Ethereum Foundation. [Online]. Available: https://www.ethereum.org/ (2017)
Bigchaindb web site. BigchainDB GMBH. [Online]. Available: https://www.bigchaindb.com/ (2017)
T. McConaghy, R. Marques, A. Mller, D. De Jonghe, T. T. Mc-Conaghy, G. McMullen, R. Henderson, S. Bellemare, and A. Granzotto, "Bigchaindb: A scalable blockchain database," 2017.
N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner, "Openflow: Enabling innovation in campus networks," SIGCOMM Comput. Commun. Rev., vol. 38, no. 2, pp. 69-74, Mar. 2008. [Online]. Available: http://doi.acm.org/10.1145/1355734.1355746
Y. Gu, A. McCallum, and D. Towsley, "Detecting anomalies in network traffic using maximum entropy estimation," in Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement (IMC?05). Berkeley, CA, USA: USENIX Association, 2005, pp. 32-32.
B. Pfaff, J. Pettit, T. Koponen, E. J. Jackson, A. Zhou, J. Rajahalme, J. Gross, A. Wang, J. Stringer, P. Shelar, K. Amidon, and M. Casado, "The design and implementation of open vswitch," in Proceedings of the 12th USENIX Conference on Networked Systems Design and Implementation, ser. NSDI?15. Berkeley, CA, USA: USENIX Association, 2015, pp. 117-130. [Online]. Available: http://dl.acm.org/citation.cfm?id=2789770.2789779
Open vswitch. Linux Foundation. [Online]. Available: http://openvswitch.org/ (2017)
S. A. Mehdi, J. Khalid, and S. A. Khayam, "Revisiting traffic anomaly detection using software defined networking," in Proceedings of the 14th International Conference on Recent Advances in Intrusion Detection (RAID?11). Berlin, Heidelberg: Springer-Verlag, 2011, pp. 161-180.
S. Schechter, J. Jung, and A. Berger, "Fast detection of scanning worm infections," in Recent Advances in Intrusion Detection (RAID?04), ser. Lecture Notes in Computer Science, E. Jonsson, A. Valdes, and M. Almgren, Eds. Springer Berlin Heidelberg, 2004, vol. 3224, pp. 59-81.
J. Twycross and M. M. Williamson, "Implementing and testing a virus throttle," in Proceedings of the 12th USENIX Security Symposium (SSYM?03), vol. 12. Berkeley, CA, USA: USENIX Association, 2003, pp. 20-20.
M. V. Mahoney, "Network traffic anomaly detection based on packet bytes," in Proceedings of the ACM Symposium on Applied Computing (SAC?03). New York, NY, USA: ACM, 2003, pp. 346-350.
Y. Wang, Y. Zhang, V. Singh, C. Lumezanu, and G. Jiang, "Netfuse: Short-circuiting traffic surges in the cloud," in IEEE International Conference on Communications (ICC), 2013.
C. Yu, C. Lumezanu, Y. Zhang, V. Singh, G. Jiang, and H. V. Madhyastha, "Flowsense: monitoring network utilization with zero measurement cost," in Proceedings of the 14th International Conference on Passive and Active Measurement (PAM?13). Berlin, Heidelberg: Springer-Verlag, 2013, pp. 31-41.
L. Jose, M. Yu, and J. Rexford, "Online measurement of large traffic aggregates on commodity switches," in Proceedings of the 11th USENIX Conference on Hot topics in Management of Internet, Cloud, and Enterprise Networks and Services (Hot-ICE?11). Berkeley, CA, USA: USENIX Association, 2011, pp. 13-13.
R. Braga, E. Mota, and A. Passito, "Lightweight DDoS flooding attack detection using NOX/OpenFlow," in 35th Conference on Local Computer Networks (LCN?10), Oct. 2010, pp. 408-415.
Floodlight openflow controller. Project Floodlight. [Online]. Available: http://www.projectfloodlight.org/floodlight/ (2017)
OpenFlow Switch Specification Version 1.3.4 (Protocol version 0x04), Open Networking Foundation, 3 2014.
Multichain web site. Coin Sciences Ltd. [Online]. Available: http://www.multichain.com/ (2017)