A pair of researchers has developed a cryptocurrency called DDoSCoin that rewards users for participating in distributed denial of service (DDoS) attacks. The currency only works when the user’s computer targets a TLS-enabled website. TLS stands for Transport Layer Security, a cryptographic protocol for secure Internet communication.
Researchers Eric Wustrow at the University of Colorado Boulder and Benjamin VanderSloot at the University of Michigan published a paper, “DDoSCoin: Cryptocurrency with a Malicious Proof-of-Work” that presents a proof-of-work DDoS currency that allows miners to prove their participation in sending requests to a targeted webserver.
The authors said they were not publishing a working altcoin that uses the proof-of-DDoS, but rather a conceptual description of one.
Cryptocurrency continuously provides proof-of-work replacements, the paper noted. Providing access to arbitrary resources, however, remains challenging. DDoSCoin provides a way to prove the use of bandwidth to a target domain.
The authors noted they hope this concept encourages others to innovate proof-of-resource puzzles.
DDoSCoin demonstrates maliciousness inherent to a cryptocurrency’s design, turning the notion of what constitutes a “useful” proof-of-work around.
Proof-of-work DDoS can replace proof-of-work in a cryptocurrency setting if there is a consensus on what victims the attackers want to target. The conceptual altcoin provides such a consensus using two mechanisms: 1) PAY_TO_DDOS, which allows a bounty to be set for targeting a certain domain, and 2) proof-of-stake updates to a list of valid victims.
The DDoSCoin proof of work incentivizes miners to send and receive large amounts of traffic to and from the target to produce a valid proof of work. The proofs can be verified easily, and the original miner can claim a reward that can be sold for other currencies. Botnet owners and other attacks can directly collect rewards for assisting in decentralized DDoS attacks.
Miners create a large number of TLS connections to a target webserver. They use the server’s signed responses as proof of a connection.
In modern TLS versions, the server signs a client-provided parameter at the time of the handshake, in addition to server-provided values from the connection’s key exchange. This allows the client to prove its connection to the server. The signed value the server returns is not predictable to the client and is distributed randomly.
DDoSCoin rewards those who launch DDoS attacks exclusively on TLS-enabled hosts. Only 56 percent of the top 1 million sites support TLS, according to Alexa, a resource on analytic tools. The number of websites that support TLS is expected to increase.
DDoSCoin allows miners to choose victim servers by consensus using a proof-of-stake protocol. Instead of specifying a single website or a static list DDoSCoin that the miners target, selecting them by consensus enables the choice target to be made collectively by DDoSCoin participants.
Because DDoSCoin uses transactions similar to bitcoin, trustless cross-chain transactions can allow DDoSCoins to be traded for bitcoins without requiring a trusted third party intermediary. Hence, even outlawing DDoSCoins from exchanges would not prevent a black market from getting around sanctions.
The authors acknowledged their work introduces an idea that could incentivize malicious behavior. They noted they have taken precautions to limit any possible harm.
First, in demonstrating their proof-of-concept and evaluating their proof-of-DDoS code, they only attacked websites they own. Furthermore, they have not published a working altcoin that uses this proof-of-DDoS, but a conceptual description of one.
We believe it is important to fully disclose potential attacks, even those that require the development of an altcoin to execute. This is especially important in the face of the impending commitment to the design of TLS 1.3, and compounded by how long TLS/SSL protocol versions stay in active use.
With bitcoin, the amount of miners’ collective computational effort provides no useful problems other than securing the currency from the attack, the authors noted. This distributed computation is a waste of CPU resources. Hence, researchers have proposed altcoins to provide more beneficial proofs of work providing capabilities beyond securing the underlying currency.
DDoSCoin is not compatible with versions of TLS before 1.2 (including SSL) since the server’s key exchange signature does not include the client_random or any client-provided values. In earlier versions, the only value provably coming from the server (i.e., signed by a key tied to the victim’s identity) does not have any commitments from the client about the previous block, or the transactions that should be included in the block.
If DDoSCoin accepted blocks where only a server signature met a target difficulty, a miner could steal another miner’s found block (and the block reward) by changing the transactions and forwarding the block.
To allow victims to be temporarily selected for DDoS, DDoSCoin allows bounties for targeting specific servers. To do this, DDoSCoin introduces a new payment opcode, PAY_TO_DDOS, to be used in transactions subject to certain constraints. This opcode takes two arguments in an output script: a string representing a domain name the payer wants to have attacked, and a target difficulty corresponding to the number of connections the payer wishes to be made.
Once this transaction is stored in a valid block, anyone can collect its reward by creating a connection to the specified victim server and getting a response meeting the given target difficulty. These connections are made in a way similar to the way miners connect to victim servers to create blocks.
The authors tested their proof-of-DDoS function against a quad-core TLS server under their control, running nginx (an HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server) serving the default page, and connected to their attacker over a local Gigabit Ethernet network.
When running their miner, the CPU consumption of the server quickly reached 100% utilization on all four cores, while the attacker only required approximately 30% on a single core.
This produced more than 3,000 TLS connections per second and slowed response times of the webserver significantly. The authors used Apache benchmark with 1,000 connections with a concurrency of 50 to quantify this. They tested the server under normal conditions (with no miner running) and under DoS (miner running).
The average server response time increased by more than a factor of six when the miner was running.
The paper noted that victim websites can use several methods to defend against DDoSCoin miners. Websites can simply disable TLS 1.2 entirely, and only support earlier versions of TLS 1.0 and TLS 1.1. While older versions of TLS 1.0 clients can still be vulnerable to a certain attack, most modern clients have mitigations for this attack.
The downside of disabling support for TLS 1.2 is losing the means to negotiate authenticated encryption cipher modes with clients, which could undermine the performance of implementations that have hardware acceleration for such modes.
While significantly changing existing deployed versions of TLS is unrealistic, it could be possible to influence the design of the TLS 1.3 standard to make it incompatible with DDoSCoin.
Websites could thwart DDoSCoin by participating in the mining themselves. Since the victim website will have local access to its private key, the victim will have an advantage over remote clients. The victim could mine enough DDoSCoins to mint a proof-of-stake block that removes itself from the list, or increase the difficulty of mining a block high enough that a remote miner has a small chance of succeeding.
Finally, websites could take legal actions against mining operations. Publishing a proof-of-DDoS block in the DDoSCoin blockchain could reveal a miner’s intent to attack a service for financial profit. If the victim can log their traffic, they can find the IP address of the party given a published proof-of-DDoS block.
The paper noted that many altcoins have alternate proof of work innovations, and it explores some of them in detail.
Featured image from Shutterstock. Story image from Facebook via Nerdcore.