Researchers create DDoSCoin with DDoS puzzle for miners
Eric Wustrow, assistant professor at the University of Colorado Boulder and Benjamin VanderSloot, PHD student at the University of Michigan have created a cryptocurrency that rewards people for taking part in DDoS (“Distributed” Denial of Service) attacks on TLS web servers. The currency only works when the user’s computer targets a TLS-enabled website. TLS stands for Transport Layer Security, a cryptographic protocol for secure Internet communication.
A cryptocurrency (or crypto currency) is a medium of exchange using cryptography to secure the transactions and to control the creation of additional units of the currency. Cryptocurrencies are a subset of alternative currencies, or specifically of digital currencies.
Both the researchers presented their paper at the Usenix 2016 security conference, “DDoSCoin: Cryptocurrency with a Malicious Proof-of-Work” that presents a proof-of-work DDoS currency that allows miners to prove their participation in DDoS attacks against target webservers in order to create more virtual money.
The researchers suggested that the miners with DDoSCoin blocks could then trade these for other currencies, including bitcoin.
“In modern versions of TLS, the server signs a client-provided parameter during the handshake, along with server-provided values used in the key exchange of the connection,” the researchers explain. “This allows the client to prove to others that it has communicated with the server.”
As a result, this malicious proof-of-work DDoS model used by DDoSCoin miners only works with sites that support TLS 1.2. According to Alexa, a resource on analytic tools, just 56 percent of the top 1 million sites support TLS. But that number is expected to increase as the encryption standard becomes more widespread, the researchers say.
If there is an agreement on which victims, the attackers want to target, proof-of-work DDoS can replace proof-of-work in a cryptocurrency setting. Such a consensus is provided by the conceptual altcoin using two mechanisms: 1) PAY_TO_DDOS, which allows a bounty to be set for targeting a certain domain, and 2) proof-of-stake updates to a list of valid victims.
The DDoSCoin proof of work incentivizes miners to send and receive large amounts of traffic to and from the target to produce a valid proof of work. The proofs can be verified easily, and the original miner can claim a reward that can be sold for other currencies. Botnet owners and other attacks can directly collect rewards for assisting in decentralized DDoS attacks.
While demonstrating their proof-of-concept and assessing their proof-of-DDoS code, the researchers only attacked websites they own. Further, they have not published a working altcoin that uses this proof-of-DDoS, but a conceptual description of one.
They wrote: “We believe it is important to fully disclose potential attacks, even those that require the development of an altcoin to execute. This is especially important in the face of the impending commitment to the design of TLS 1.3, and compounded by how long TLS/SSL protocol versions stay in active use.”
The researchers noted in their paper that bitcoin’s computationally intensive proof-of-work “does not contribute to any useful problems besides securing the currency from attack”. This distributed computation is a waste of CPU resources. Hence, researchers have proposed altcoins to provide more beneficial proofs of work providing capabilities beyond securing the underlying currency.
Anyone can set up PAY_TO_DDOS transactions, even the websites admins themselves. Researchers say that domain owners could flood the network with low reward PAY_TO_DDOS transactions that the miners would not want to compute in an effort to deter attacks on their servers.