SABRE: Protecting Bitcoin against Routing Attacks

Maria Apostolaki, Gian Marti, Jan Müller, Laurent Vanbever

Research output: Chapter in Book/Report/Conference proceedingConference contribution

32 Scopus citations

Abstract

Nowadays Internet routing attacks remain practically effective as existing countermeasures either fail to provide protection guarantees or are not easily deployable. Blockchain systems are particularly vulnerable to such attacks as they rely on Internet-wide communications to reach consensus. In particular, Bitcoin—the most widely-used cryptocurrency—can be split in half by any AS-level adversary using BGP hijacking. In this paper, we present SABRE, a secure and scalable Bitcoin relay network which relays blocks worldwide through a set of connections that are resilient to routing attacks. SABRE runs alongside the existing peer-to-peer network and is easily deployable. As a critical system, SABRE design is highly resilient and can efficiently handle high bandwidth loads, including Denial of Service attacks. We built SABRE around two key technical insights. First, we leverage fundamental properties of inter-domain routing (BGP) policies to host relay nodes: (i) in networks that are inherently protected against routing attacks; and (ii) on paths that are economically-preferred by the majority of Bitcoin clients. These properties are generic and can be used to protect other Blockchain-based systems. Second, we leverage the fact that relaying blocks is communication-heavy, not computation-heavy. This enables us to offload most of the relay operations to programmable network hardware (using the P4 programming language). Thanks to this hardware/software co-design, SABRE nodes operate seamlessly under high load while mitigating the effects of malicious clients. We present a complete implementation of SABRE together with an extensive evaluation. Our results demonstrate that SABRE is effective at securing Bitcoin against routing attacks, even with deployments of as few as 6 nodes.

Original languageEnglish (US)
Title of host publication26th Annual Network and Distributed System Security Symposium, NDSS 2019
PublisherThe Internet Society
ISBN (Electronic)189156255X, 9781891562556
DOIs
StatePublished - 2019
Externally publishedYes
Event26th Annual Network and Distributed System Security Symposium, NDSS 2019 - San Diego, United States
Duration: Feb 24 2019Feb 27 2019

Publication series

Name26th Annual Network and Distributed System Security Symposium, NDSS 2019

Conference

Conference26th Annual Network and Distributed System Security Symposium, NDSS 2019
Country/TerritoryUnited States
CitySan Diego
Period2/24/192/27/19

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Control and Systems Engineering
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'SABRE: Protecting Bitcoin against Routing Attacks'. Together they form a unique fingerprint.

Cite this