Create a framework to simulate attacks on PoCR network

[guenoledc]

In GitLab by @sjehanfinaxys on Apr 26, 2022, 15:29

Using a programmable HAProxy on Minikube, simulate network attack.
Link the network attack with malicious actions from sealers (type 2 and 3 attacks)

[guenoledc]

In GitLab by @sjehanfinaxys on Apr 26, 2022, 15:30

unassigned @sjehanfinaxys

[guenoledc]

In GitLab by @sjehanfinaxys on May 5, 2022, 14:54

@EricPradeau
This task will spread on 3 sprints until we get a framework to simulate all possible attacks on the network. In this first sprint, we identified the correct technologies and we also tested those bricks on basis use cases (toxiproxy on each sealing node).

Ethereum_node_networking.pdf

@guenoledc
The first part of the network simulation was to create a P2P infrastructure where we can simulate
a) Network outage (BGP attack)
b) Direct DEVP2P attack - malicious geth code
c) Fraudulous block/transaction attack.

In this framework, we don't deal with Solidity attack that can be handled by
https://mythx-cli.readthedocs.io/en/latest/readme.html#what-is-mythx

The best attack (less manageable for the defense) would combine the 3 in an unpredictable manner.

To automate we have (after a deep investigation of the network stack of ethereum) found toxiproxy to be put as a proxy on every single POCR node.

Then, Apache Airflow is used to automate distributed tests.
An example of an apache airflow DAG that want malicious node3 to mine 6 consecutive blocks:

1. Run the 3 nodes network
2. Isolate node1 for 5 blocktime (don't wait till completion)
3. Run node3 as malicious node and replace node1
4. Isolate node2 for 5 blocktime (don't wait till completion)
5. Run node3 as malicious node and replace node2
6. Mine block at node3
7. Redo once from 2

A list of attacks to be tested in Apache Airflow DAGs need to be defined. THose are

a) Pure network attack
a1) isolate a node through simulate BGP attack
a2) Kamelia DHT false friend attack: DoS on numerous false friend request with generated private keys for each friend targetting a single victim node
a3) PING (node discovery protocol) with fake values to create an exception
a4) Network segmentation: cut the network in 2.

b) Geth attack - ETH protocol
b1) LES "get headers" attack with the Skip parameter = -1
b2) block annoucement attack with fake parameters to provoke an out of memory exception

All a) and b) attacks are here to isolate / put down a node.

Some pure Devops mitigation have to be designed:
i. restart procedure on a failed geth
ii. Log network packets and keep those when the node fails to seal or is crashing.
Share the packet logs in a common shared database among nodes for audit.

c) CLique attack
c1) Change clique "duration" when primary sealing nodes fails to be elected as the default backup proxy (done in branch attacker)

d) Block minining attack
d1) When the network is segmented, send fraudulous transaction (highly hypothetic in our business context).

We also want to configure Wireshard Ethereum dissectors https://media.consensys.net/releasing-wireshark-dissectors-for-ethereum-%C3%B0%CE%BEvp2p-protocols-215c9656dd9c in order to audit packets - DEVP2P creates its own packet formats. Unforunately this is not maintained by Consensys anymore.

This attack list, automated, needs to be accepted first before we get fully automating it.

[guenoledc]

Hi @sjehanfinaxys

I am impressed, ... and lost on this subject and I really need a presentation. I have left these subject on the side for long now. Can we schedule an afternoon work on this, possibly with @vincent_fin also.

can you try to schedule this a Friday afternoon (via @EricPradeau ) where I have more time generally

1. Understand the attack types
2. Understand the attack silumation scheme
3. Understand the possible countermeasure