Issue Details

Number

28760

Title

Evicting and filling attack for linking multiple network addresses

Description

I've [discovered a paper](https://cybersecurity.springeropen.com/articles/10.1186/s42400-023-00182-9) published earlier this month. I haven't found any discussion in the repo, so I will summarize the relevant parts here and share my thoughts. Let's say we have a node that operates both over ipv4 and TOR. We don't want an observer to link these two addresses to the same node. For example, ADDR caching (#18991) was implemented for this reason. The paper suggests the following attack: 1. Fill all (115?) victim's inbound slots in `networkA.` 2. Make sure these connections are candidates for eviction (higher latency, etc.). 3. Make connection to the presumably-victim's node in `networkB` 4. Observe whether `networkA` connections from (1) are dropped as you add connections in networkB. I haven't verified the experiments, but even understanding the attack assures me the problem exists. Authors claim to reach high precision at a very low cost (optimized by inspecting`VERSION` data and block relay data). They suggest the following countermeasures: 1. Have separate connection pools (for the sake of eviction) for each network (say TOR and ipv4). 2. Make eviction unpredictable (e.g. after a random delay)

URL

https://github.com/bitcoin/bitcoin/issue/28760

Closed by

Notes

Attention of

Kill Factor (1-10)

Save

Back to List