IOTA is a new type of distributed ledger designed for allowing fee-less and rate-scalable micropayments in Internet of Things applications. Security research on IOTA has focused mainly on attacks involving its cryptographic operations or its consensus algorithm. In this paper, we present a preliminary analysis of the IOTA security with respect to malicious Autonomous Systems (ASes), which can intercept IOTA connections by manipulating routing advertisements (BGP hijacking) or by naturally intercepting traffic. We make the simplifying assumption that the malicious AS can intercept routes between hosts without causing side effects, or without these side effects being noticed by the intercepted hosts. We identify three notable attacks that can lead to permanent money freeze, and to local or global interruptions of the consensus mechanisms. We then analyze the vulnerability of IOTA against malicious ASes on the real Internet topology, and we show that IOTA cryptocurrency is, at the time of writing, pretty susceptible of these attacks because quite centralized from the point of view of BGP routing. We then study the routing-level security of the next version of IOTA (post-coordicide), which has been proposed by the IOTA Foundations to make the cryptocurrency fully distributed.

An Analysis of Routing Attacks Against IOTA Cryptocurrency

Pericle Perazzo
Co-primo
;
Antonio Arena
Co-primo
;
Gianluca Dini
2020-01-01

Abstract

IOTA is a new type of distributed ledger designed for allowing fee-less and rate-scalable micropayments in Internet of Things applications. Security research on IOTA has focused mainly on attacks involving its cryptographic operations or its consensus algorithm. In this paper, we present a preliminary analysis of the IOTA security with respect to malicious Autonomous Systems (ASes), which can intercept IOTA connections by manipulating routing advertisements (BGP hijacking) or by naturally intercepting traffic. We make the simplifying assumption that the malicious AS can intercept routes between hosts without causing side effects, or without these side effects being noticed by the intercepted hosts. We identify three notable attacks that can lead to permanent money freeze, and to local or global interruptions of the consensus mechanisms. We then analyze the vulnerability of IOTA against malicious ASes on the real Internet topology, and we show that IOTA cryptocurrency is, at the time of writing, pretty susceptible of these attacks because quite centralized from the point of view of BGP routing. We then study the routing-level security of the next version of IOTA (post-coordicide), which has been proposed by the IOTA Foundations to make the cryptocurrency fully distributed.
2020
978-0-7381-0495-9
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11568/1068902
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 13
  • ???jsp.display-item.citation.isi??? 7
social impact