IOTA is a new type of distributed ledger designed for allowing fee-less and rate-scalable micropayments in Internet of Things applications. Security research on IOTA has focused mainly on attacks involving its cryptographic operations or its consensus algorithm. In this paper, we present a preliminary analysis of the IOTA security with respect to malicious Autonomous Systems (ASes), which can intercept IOTA connections by manipulating routing advertisements (BGP hijacking) or by naturally intercepting traffic. We make the simplifying assumption that the malicious AS can intercept routes between hosts without causing side effects, or without these side effects being noticed by the intercepted hosts. We identify three notable attacks that can lead to permanent money freeze, and to local or global interruptions of the consensus mechanisms. We then analyze the vulnerability of IOTA against malicious ASes on the real Internet topology, and we show that IOTA cryptocurrency is, at the time of writing, pretty susceptible of these attacks because quite centralized from the point of view of BGP routing. We then study the routing-level security of the next version of IOTA (post-coordicide), which has been proposed by the IOTA Foundations to make the cryptocurrency fully distributed.
An Analysis of Routing Attacks Against IOTA Cryptocurrency
Pericle Perazzo
Co-primo
;Antonio Arena
Co-primo
;Gianluca Dini
2020-01-01
Abstract
IOTA is a new type of distributed ledger designed for allowing fee-less and rate-scalable micropayments in Internet of Things applications. Security research on IOTA has focused mainly on attacks involving its cryptographic operations or its consensus algorithm. In this paper, we present a preliminary analysis of the IOTA security with respect to malicious Autonomous Systems (ASes), which can intercept IOTA connections by manipulating routing advertisements (BGP hijacking) or by naturally intercepting traffic. We make the simplifying assumption that the malicious AS can intercept routes between hosts without causing side effects, or without these side effects being noticed by the intercepted hosts. We identify three notable attacks that can lead to permanent money freeze, and to local or global interruptions of the consensus mechanisms. We then analyze the vulnerability of IOTA against malicious ASes on the real Internet topology, and we show that IOTA cryptocurrency is, at the time of writing, pretty susceptible of these attacks because quite centralized from the point of view of BGP routing. We then study the routing-level security of the next version of IOTA (post-coordicide), which has been proposed by the IOTA Foundations to make the cryptocurrency fully distributed.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
