Christopher Natoli

Ralph Holz, Diego Perino, Matteo Varvello et al.

In late 2017, a sudden proliferation of malicious JavaScript was reported on the Web: browser-based mining exploited the CPU time of website visitors to mine the cryptocurrency Monero. Several studies measured the deployment of such code and developed defenses. However, previous work did not establish how many users were really exposed to the identified mining sites and whether there was a real risk given common user browsing behavior. In this paper, we present a retroactive analysis to close this research gap. We pool large-scale, longitudinal data from several vantage points, gathered during the prime time of illicit cryptomining, to measure the impact on web users. We leverage data from passive traffic monitoring of university networks and a large European ISP, with suspected mining sites identified in previous active scans. We corroborate our results with data from a browser extension with a large user base that tracks site visits. We also monitor open HTTP proxies and the Tor network for malicious injection of code. We find that the risk for most Web users was always very low, much lower than what deployment scans suggested. Any exposure period was also very brief. However, we also identify a previously unknown and exploited attack vector on mobile devices.

Tyler Crain, Christopher Natoli, Vincent Gramoli

In this paper, we present the most extensive evaluation of blockchain system to date. To achieve scalability across servers in more than 10 countries located on 4 different continents, we drastically revisited Byzantine fault tolerant blockchains and verification of signatures. The resulting blockchain, called the Red Belly Blockchain (RBBC), commits more than a hundred thousand transactions issued by permissionless nodes. These transactions are grouped into blocks within few seconds through a partially synchronous consensus run by permissioned nodes. It prevents double spending by guaranteeing that a unique block is decided at any given index of the chain in a deterministic way by all participants. We compared the performance of RBBC against traditional Byzantine fault tolerant alternatives and more recent randomized solutions. In the same geo-distributed environment with low-end machines, we noticed two interesting comparisons: (i) the RBBC throughput scales to hundreds of machines whereas the classic 3-step leader-based BFT state machine used by consortium blockchains cannot scale to 40 identically configured nodes; (ii) RBBC guarantees transaction finality in 3 seconds and experiences a third of the latency that randomized-based solutions like HoneyBadgerBFT can offer. This empirical evaluation demonstrates that blockchain scalability can be achieved without sacrificing security.

Christopher Natoli, Vincent Gramoli

In this paper, we identify a new form of attack, called the Balance attack, against proof-of-work blockchain systems. The novelty of this attack consists of delaying network communications between multiple subgroups of nodes with balanced mining power. Our theoretical analysis captures the precise tradeoff between the network delay and the mining power of the attacker needed to double spend in Ethereum with high probability. We quantify our probabilistic analysis with statistics taken from the R3 consortium, and show that a single machine needs 20 minutes to attack the consortium. Finally, we run an Ethereum private chain in a distributed system with similar settings as R3 to demonstrate the feasibility of the approach, and discuss the application of the Balance attack to Bitcoin. Our results clearly confirm that main proof-of-work blockchain protocols can be badly suited for consortium blockchains.