Attack and Defence of Ethereum Remote APIs

Wang, X; Zha, X; Yu, G; Ni, W; Liu, RP; Guo, YJ; Niu, X; Zheng, K

Attack and Defence of Ethereum Remote APIs

Wang, X

Zha, X Yu, G Ni, W

Liu, RP

Guo, YJ

Niu, X Zheng, K

Permalink

Publication Type:: Conference Proceeding
Citation:: 2018 IEEE Globecom Workshops, GC Wkshps 2018 - Proceedings, 2019
Issue Date:: 2019-02-19

Open Access

Copyright Clearance Process

Recently Added
In Progress
Open Access

This item is open access.

Adobe PDF

Download Published versionAdobe PDF (3.71 MB)

View on publisher's site

View statistics

Full metadata record

Field	Value	Language
dc.contributor.author	Wang, X https://orcid.org/0000-0001-9439-6437	en_US
dc.contributor.author	Zha, X	en_US
dc.contributor.author	Yu, G	en_US
dc.contributor.author	Ni, W https://orcid.org/0000-0002-4933-594X	en_US
dc.contributor.author	Liu, RP https://orcid.org/0000-0001-7001-6305	en_US
dc.contributor.author	Guo, YJ https://orcid.org/0000-0001-6008-9682	en_US
dc.contributor.author	Niu, X	en_US
dc.contributor.author	Zheng, K	en_US
dc.date.available	2020-12-13T18:03:03Z
dc.date.issued	2019-02-19	en_US
dc.identifier.citation	2018 IEEE Globecom Workshops, GC Wkshps 2018 - Proceedings, 2019	en_US
dc.identifier.isbn	9781538649206	en_US
dc.identifier.uri	http://hdl.handle.net/10453/131802
dc.description.abstract	© 2018 IEEE. Ethereum, as the first Turing-complete blockchain platform, provides various application program interfaces for developers. Although blockchain has highly improved security, faulty configuration and usage can result in serious vulnerabilities. In this paper, we focus on the security vulnerabilities of the official Go-version Ethereum client (geth). The vulnerabilities are because of the insecure API design and the specific Ethereum wallet mechanism. We demonstrate attacks exploiting these vulnerabilities in an Ethereum testbed. The vulnerabilities are confirmed by the scanning results on the public Internet. Finally, corresponding countermeasures against attacks are provided to enhance the security of the Ethereum platform.	en_US
dc.relation.ispartof	2018 IEEE Globecom Workshops, GC Wkshps 2018 - Proceedings	en_US
dc.relation.isbasedon	10.1109/GLOCOMW.2018.8644498	en_US
dc.rights	info:eu-repo/semantics/openAccess
dc.title	Attack and Defence of Ethereum Remote APIs	en_US
dc.type	Conference Proceeding
utslib.for	0805 Distributed Computing	en_US
pubs.embargo.period	Not known	en_US
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Electrical and Data Engineering
pubs.organisational-group	/University of Technology Sydney/Strength - GBDTC - Global Big Data Technologies
utslib.copyright.status	open_access	*
pubs.publication-status	Published	en_US

Abstract:

© 2018 IEEE. Ethereum, as the first Turing-complete blockchain platform, provides various application program interfaces for developers. Although blockchain has highly improved security, faulty configuration and usage can result in serious vulnerabilities. In this paper, we focus on the security vulnerabilities of the official Go-version Ethereum client (geth). The vulnerabilities are because of the insecure API design and the specific Ethereum wallet mechanism. We demonstrate attacks exploiting these vulnerabilities in an Ethereum testbed. The vulnerabilities are confirmed by the scanning results on the public Internet. Finally, corresponding countermeasures against attacks are provided to enhance the security of the Ethereum platform.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/131802