One of the greatest features in blockchain systems is the enhancement in security and privacy that is unseen by centralized systems. We have decided to create a series dedicated to simplifying and educating the general public about blockchain security. In this article, we will focus on network security in blockchain by introducing four major attacks: Denial of Service (DoS), Sybil, Eclipse and Routing Attacks.

Denial of Service (DoS) Attacks:

We have all probably heard of the famous example of DoS attacks where attackers attempt to flood our email inboxes by sending excessive emails to it. A similar scenario is possible in a peer-to-peer network. Imagine an honest node connected to some other nodes where some may be honest while others may be malicious. Now, think of the malicious nodes as those spammers trying to spam your email folder. In this scenario, they are simply trying to spam the honest nodes by sending bogus traffic their way. This could end up in congesting the network and denying certain nodes access to some data flowing. The question is, will this really affect the process of maintaining the blockchain? Well, it depends. In contrast to centralized systems, the attackers here are dealing with a large number of nodes that all have the current state of the blockchain. So, basically, it can be concluded that DoS attacks are very hard to be performed over a peer-to-peer network in order to compromise the security of the entire network and the blockchain.

In a peer-to-peer network, a node may connect to other nodes in two different ways, namely, outgoing and incoming connections. Outgoing connections are those a node initiates itself, requesting connections from other nodes. Think of it as if you are reaching out yourself to someone you trust (or don’t) asking to establish a connection. On the contrary, incoming connections are those received from the other nodes requesting a connection themselves. This time, people are reaching out to you, instead. In many cases, those nodes reaching out to you are completely random. This helps create a dynamic topology that makes a DoS attack more complex.

There are ways to limit the probability of success of DoS attacks but we cannot completely eliminate it. For example, changing certain network parameters such as the size of the blocks containing transactions. However, block size is inversely proportional to the scalability of the blockchain. The larger it is, the more transactions it can hold and the fewer transaction fees required. On the contrary, the smaller it becomes, the less number of transactions it can hold and the transaction fees rise. From a security perspective, it is better to decrease in size to make transaction fees higher, hence, make DoS attacks more expensive since attackers have to pay for each transaction they send out to the network. There is no obvious right or wrong solution here. In fact, a lot of protocols are changing these parameters in a trial and error manner because they themselves don’t know how to optimally set them. Essentially, when we have a network that is constantly changing, where nodes are joining while others are leaving, it becomes very hard to set these parameters. This means we need instantaneous parameter changing to satisfy the network needs as it changes. In summary, DoS attacks are inevitable, but with a fair diversification of our incoming and outgoing connections, we can absolutely reduce the probability of success and make these attacks infeasible.