Open guenoledc opened 2 years ago
In GitLab by @sjehanfinaxys on Apr 26, 2022, 15:30
unassigned @sjehanfinaxys
In GitLab by @sjehanfinaxys on May 5, 2022, 14:54
@EricPRADEAU This task will spread on 3 sprints until we get a framework to simulate all possible attacks on the network. In this first sprint, we identified the correct technologies and we also tested those bricks on basis use cases (toxiproxy on each sealing node).
@guenoledc The first part of the network simulation was to create a P2P infrastructure where we can simulate a) Network outage (BGP attack) b) Direct DEVP2P attack - malicious geth code c) Fraudulous block/transaction attack.
In this framework, we don't deal with Solidity attack that can be handled by https://mythx-cli.readthedocs.io/en/latest/readme.html#what-is-mythx
The best attack (less manageable for the defense) would combine the 3 in an unpredictable manner.
To automate we have (after a deep investigation of the network stack of ethereum) found toxiproxy to be put as a proxy on every single POCR node.
Then, Apache Airflow is used to automate distributed tests. An example of an apache airflow DAG that want malicious node3 to mine 6 consecutive blocks:
A list of attacks to be tested in Apache Airflow DAGs need to be defined. THose are
a) Pure network attack a1) isolate a node through simulate BGP attack a2) Kamelia DHT false friend attack: DoS on numerous false friend request with generated private keys for each friend targetting a single victim node a3) PING (node discovery protocol) with fake values to create an exception a4) Network segmentation: cut the network in 2.
b) Geth attack - ETH protocol b1) LES "get headers" attack with the Skip parameter = -1 b2) block annoucement attack with fake parameters to provoke an out of memory exception
All a) and b) attacks are here to isolate / put down a node.
Some pure Devops mitigation have to be designed: i. restart procedure on a failed geth ii. Log network packets and keep those when the node fails to seal or is crashing. Share the packet logs in a common shared database among nodes for audit.
c) CLique attack c1) Change clique "duration" when primary sealing nodes fails to be elected as the default backup proxy (done in branch attacker)
d) Block minining attack d1) When the network is segmented, send fraudulous transaction (highly hypothetic in our business context).
We also want to configure Wireshard Ethereum dissectors https://media.consensys.net/releasing-wireshark-dissectors-for-ethereum-%C3%B0%CE%BEvp2p-protocols-215c9656dd9c in order to audit packets - DEVP2P creates its own packet formats. Unforunately this is not maintained by Consensys anymore.
This attack list, automated, needs to be accepted first before we get fully automating it.
Hi @sjehanfinaxys
I am impressed, ... and lost on this subject and I really need a presentation. I have left these subject on the side for long now. Can we schedule an afternoon work on this, possibly with @vincent_fin also.
can you try to schedule this a Friday afternoon (via @EricPRADEAU ) where I have more time generally
In GitLab by @sjehanfinaxys on Apr 26, 2022, 15:29
Using a programmable HAProxy on Minikube, simulate network attack. Link the network attack with malicious actions from sealers (type 2 and 3 attacks)