Blockchain and Cryptocurrency Security from a New Layered Perspective and a Novel MITRE ATT&CK-based Approach for Understanding Cyberattacks and Mitigating Their Impacts
Blockchain and Cryptocurrency Security from a New Layered Perspective and a Novel MITRE ATT&CK-based Approach for Understanding Cyberattacks and Mitigating Their Impacts |
||
|
||
© 2024 by IJETT Journal | ||
Volume-72 Issue-4 |
||
Year of Publication : 2024 | ||
Author : Sara BARJ, Abdellah YOUJIL |
||
DOI : 10.14445/22315381/IJETT-V72I4P101 |
How to Cite?
Sara BARJ, Abdellah YOUJIL, "Blockchain and Cryptocurrency Security from a New Layered Perspective and a Novel MITRE ATT&CK-based Approach for Understanding Cyberattacks and Mitigating Their Impacts," International Journal of Engineering Trends and Technology, vol. 72, no. 4, pp. 1-14, 2024. Crossref, https://doi.org/10.14445/22315381/IJETT-V72I4P101
Abstract
This paper comprehensively examines cyberattacks targeting blockchain networks and systems, inspects attacks at different blockchain layers, and adapts MITRE ATT&CK concepts to the blockchain and cryptocurrency context. It identifies the most common attack methods used by cybercriminals. This research underscores that attacks can occur at various layers of the blockchain, including the Data, Consensus, Execution, and Application layers, which implies the importance of understanding the different layers of the blockchain and the potential security risks associated with each layer. The findings stress that no single layer is immune to cyberattacks, and each requires a distinctive approach to secure blockchain platforms. By defining prominent cyberattacks on the blockchain, this paper analyzes cyberattacks and their related recommendations for enhancing the security of the blockchain platform from a layered perspective and MITRE ATT&CK approach. These recommendations include robust consensus protocol selection, secure coding, regularly executing updates, using protection tools, and social engineering sensibilization. Furthermore, this paper highlights the pivotal role of developers and industry professionals in prioritizing the platform’s security throughout the entire development lifecycle to prevent potential security risks. Finally, this work’s recommendations aim to empower developers and industry professionals to secure their Blockchain systems against cyberattacks, thereby enhancing the security and reliability of blockchain technology.
Keywords
Blockchain technologies, Blockchain layers, Cyberattacks, Cybersecurity, DCEA framework, Distributed systems, MITRE ATT&CK framework, Security recommendations.
References
[1] ATT&CK Matrix for Enterprise, MITRE ATT&CK, 2023. [Online]. Available: https://attack.mitre.org/
[2] Badr Bellaj et al., “DCEA : A Reference Model for Distributed Ledger Technologies,” 2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), Sydney, Australia, pp. 1-2, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[3] Usman W. Chohan, “The Double Spending Problem and Cryptocurrencies,” SSRN Electronic Journal, pp. 1-11, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[4] Shubhani Aggarwal, and Neeraj Kumar, “Attacks on Blockchain,” Advances in Computers, vol. 121, pp. 399-410, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[5] Xintong Ling et al., “Practical Modeling and Analysis of Blockchain Radio Access Network,” IEEE Transactions on Communications, vol. 69, no. 2, pp. 1021-1037, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[6] Nidhee Rathod, and Dilip Motwani, “Security Threats on Blockchain and its Countermeasures,” International Research Journal of Engineering and Technology, vol. 5, no. 11, pp. 1636-1642, 2018.
[Google Scholar] [Publisher Link]
[7] Patrick McCorry, Siamak F. Shahandashti, and Feng Hao, “Refund Attacks on Bitcoin’s Payment Protocol,” International Conference on Financial Cryptography and Data Security, 20th International Conference, FC 2016, Christ Church, Barbados, pp. 581-599, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[8] Suhyeon Lee, and Seungjoo Kim, “Countering Block Withholding Attack Efficiently,” IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Paris, France, pp. 330-335, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[9] Leonard Lys et al., “Defending Against the Nothing-At-Stake Problem in Multi-Threaded Blockchains,” Arxiv, pp. 1-15, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[10] Alireza Hedayati, and Hourieh Hosseini, “A Survey on Blockchain: Challenges, Attacks, Security, and Privacy,” International Journal of Smart Electrical Engineering, vol. 10, no. 3, pp. 141-168, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[11] Lukas Konig et al., “The Risks of the Blockchain a Review on Current Vulnerabilities and Attacks,” Journal of Internet Services and Information Security, vol. 10, no. 3, pp. 110-127, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[12] Blockchain Attack Vectors: Vulnerabilities of the Most Secure Technology, Apriorit, 2021. [Online]. Available: https://www.apriorit.com/dev-blog/578-blockchain-attack-vectors
[13] Joanna Moubarak, Eric Filiol, and Maroun Chamoun, “On Blockchain Security and Relevant Attacks,” 2018 IEEE Middle East and North Africa Communications Conference (MENACOMM), Jounieh, Lebanon, pp. 1-6, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[14] Sarwar Sayeed, Hector Marco-Gisbert, and Tom Caira, “Smart Contract: Attacks and Protections,” IEEE Access, vol. 8, pp. 24416- 24427, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[15] Xinming Wang et al., “ContractGuard: Defend Ethereum Smart Contracts with Embedded Intrusion Detection,” IEEE Transactions on Services Computing, vol. 13, no. 2, pp. 314-328, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[16] Charles McFarland et al., “Blockchain Threat Report,” McAfee: Cryptojacking, 2018.
[Google Scholar] [Publisher Link]
[17] Dahhak Hajar, Imane Hilal, and Nadia Afifi, "Blockchain Security Attacks: A Review Study, Lecture Notes in Networks and Systems," Springer, Cham, vol. 669, pp. 191-199, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[18] On the Parity Multi-Sig Wallet Attack, Medium, Medium, 2017. [Online]. Available: https://medium.com/blockcat/on-the-parity-multi-sig-wallet-attack-83fb5e7f4b8c
[19] A. Begum et al., “Blockchain Attacks, Analysis and a Model to Solve Double Spending Attack,” International Journal of Machine Learning, vol. 10, no. 2, pp. 352-357, 2020.
[Google Scholar] [Publisher Link]
[20] Sarwar Sayeed, and Hector Marco-Gisbert, “Assessing Blockchain Consensus and Security Mechanisms Against the 51% Attack,” Applied Sciences, vol. 9, no. 9, pp. 1-17, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[21] Christopher Natoli, and Vincent Gramoli, “The Balance Attack or Why Forkable Blockchains are Ill-Suited for Consortium,” 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Denver, CO, USA, pp. 579-590, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[22] Meryem Cherkaoui Semmouni, Abderrahmane Nitaj, and Mostafa Belkasmi, "Bitcoin Security with Post Quantum Cryptography," Lecture Notes in Computer Science, Springer, Cham, pp. 281-288, vol. 11704, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[23] Koichi Nakayama, Yutaka Moriyama, and Chika Oshima, “An Algorithm that Prevents SPAM Attacks Using Blockchain,” International Journal of Advanced Computer Science and Applications, vol. 9, no. 7, pp. 204-208, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[24] Aafaf Ouaddah, “A Blockchain Based Access Control Framework for the Security and Privacy of IoT with Strong Anonymity Unlinkability and Intractability Guarantees,” Advances in Computers, vol. 115, pp. 211-258, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[25] Eko Arip Winanto et al., “Designing Consensus Algorithm for Collaborative Signature-Based Intrusion Detection System,” Indonesian Journal of Electrical Engineering and Computer Science, vol. 22, no. 1, pp. 485-496, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[26] Azeem ud din Siddiqi, and Zulfikar Ali, “The Sybil Attack Prevention Algorithm: Makes Blockchain Network More Secure,” International Journal of Advanced Sciences and Computing, vol. 1, no. 1, pp. 18-26, 2023.
[Google Scholar] [Publisher Link]
[27] Dhanasak Bhumichai, and Ryan Benton, “Detection of Ethereum Eclipse Attack Based on Hybrid Method and Dynamic Weighted Entropy,” SoutheastCon 2023, Orlando, FL, USA, pp. 779-786, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[28] Dominic Deuber, and Dominique Schröder, "CoinJoin in the Wild: An Empirical Analysis in Dash," Lecture Notes in Computer Science, Springer, Cham, vol. 12973, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[29] Hyunjae Lee et al., “Recipient-Oriented Transaction for Preventing Double Spending Attacks in Private Blockchain,” 2018 15th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON), Hong Kong, China, pp. 1-2, 2018.
[CrossRef] [Google Scholar] [Publisher Link]