Underline: students advised by Dr. Tang
Kai Li, Yibo Wang, Yuzhe Tang. “DETER: Denial of Ethereum Txpool sERvices”, ACM CCS 2021, [pdf], [slides] blockchain design flaws DoS
Summary: This work examines the design security of Ethereum's txpool (or memory pool) which is a buffer storing unconfirmed transactions prior to mining. By modeling transaction operations in txpool, we discover a series of denial-of-service attacks, named DETER attacks that can disable a remote Ethereum node's txpool and deny critical services in mining and transaction relay. DETER attacks incur zero or low Ether cost. We propose amplification of DETER attacks to result in global impacts/disruption on an Ethereum network. To fix the problem, we propose practical mitigation schemes that reduce a DETER attack's success rate down to zero while effectively preserving the miners' revenue.
Kai Li, Yuzhe Tang, Jiaqi Chen, Yibo Wang, Xianghong Liu. “TopoShot: Uncovering Ethereum's Network Topology Leveraging Replacement Transactions”, ACM IMC 2021, AR=28% [pdf], [slides] network measurement blockchain overlay network
Summary: Measuring Ethereum networks' topology is known to be a difficult problem and has remained open as of 2021 (By contrast, measuring Bitcoin's topology has been solved as early as in 2015). This paper addresses the challenges of measuring Ethereum network topology and inferring the routing-table information hidden in blackbox Ethereum nodes in an operational network. We propose TopoShot, a novel method uniquely repurposing Ethereum's transaction replacement/eviction policies for topology measurement/inference. We propose parallel measurement schedule for large-scale networks. We take extensive care to reduce the impacts on the tested nodes. Through systematic measurement studies, our work induces new knowledge including the full-network topology in major testnets (Ropsten, Rinkeby and Goerli) and critical sub-network topology in the mainnet, which reveal interesting graph-theoretic properties and connectivity centralization in real Ethereum networks.
Kai Li, Jiaqi Chen, Xianghong Liu, Yuzhe Tang, XiaoFeng Wang, Xiapu Luo. “As Strong As Its Weakest Link: How to Break (and Fix) Blockchain DApps at RPC Service”, ISOC NDSS 2021, AR=15.2% [pdf], [slides] software security DoS blockchain
Summary: This work presents a measurement study examining the security of Ethereum remote procedural call (RPC) services. The key RPC API is "eth_call", which supports free execution of smart contracts. Misusing this API leads to a zero-cost denial-of-service attack, which we call Denial of Ethereum Rpc Service (DoERS). Novel measurement methods are proposed to uncover the load balancing, rate limiting, Gas limits, and other service internal behaviors that would otherwise be hidden inside the blackbox services. The results show that at the time of measurement, most services are vulnerable to the DoERS attacks -- a DoERS attacker investing zero Ether/USD can cause severe service interruption with significant response time increase.
Yibo Wang, Qi Zhang, Kai Li, Yuzhe Tang, Jiaqi Chen, Xiapu Luo, Ting Chen. “iBatch: Saving Ethereum Fees via Secure and Cost-Effective Batching of Smart-Contract Invocations” ESEC/FSE 2021, AR=24.5% [pdf (ACM)], [preprint], [html], [slides] blockchain cost-efficiency
Summary: Today, blockchains' transaction fees are skyrocketing and have scared away some big customers (e.g., Binance as an institutional customer in Ethereum). This work tackles this pressing problem on Ethereum and presents iBatch, a security protocol to batch-process multiple smart-contract invocations in a single transaction, hence amortizing its high fees. To ensure the security (invocation integrity) while saving costs, we propose a novel nonce-maintenance method to defend against replay attacks. We design a middleware system supporting a range of batching policies from the conservative to the more aggressive batching. By replaying real Ethereum transactions, we evaluate iBatch's cost. The result shows iBatch saves 14.6%-59.1% Gas cost per invocation with a moderate 2-minute delay and 19.06%-31.52% Ether cost per invocation with a minimal delay of 0.26-1.66 blocks.
Kai Li, Yuzhe Tang, Jiaqi Chen, Zhehu Yuan, Cheng Xu, Jianliang Xu. “Cost-Effective Data Feeds to Blockchains via Workload-Adaptive Data Replication”, ACM/IFIP Middleware 2020, AR=25.2% [pdf (ACM)], [preprint], [video], [slides] blockchain cost-efficiency
Summary: This work presents a dynamic cost optimization scheme on Ethereum's data feeds. Data feeding, that is, providing physical world data to smart contracts running on blockchains, becomes a popular paradigm of designing decentralized finance (DeFi) applications and is a multi-million business today. This work presents GRuB, a workload-aware data replications scheme that dynamically adjusts the current data-feed flow between data pulling (i.e., smart contracts pull data to the blockchain on demand) and data pushing (i.e., off-chain data sources push data to the blockchain). The key idea is that static data pulling incurs expensive transactions per read and static data pushing incurs expensive on-chain storage updates per write. Thus, a workload-adaptive scheme can avoid the inefficiency when real-world DeFi workloads dynamically switch between read-intensive and write intensive patterns. Technically, we propose new online decision-making algorithms with proven asymptotic efficiency (i.e., bounded competitiveness). We build a system prototype of GRuB functional with Ethereum and off-chain Google LevelDB. We evaluate GRuB's concrete performance under YCSB workloads and real DeFi workloads (e.g., stablecoins and pegged tokens). The results show that GRuB achieves up to 55% saving in Gas compared with the baseline designs of statically pushed or pulled data feeds.
Ce Zhang, Cheng Xu, Jianliang Xu, Yuzhe Tang, Byron Choi. “GEM^2-Tree: A Gas-Efficient Structure for Authenticated Range Queries in Blockchain”, IEEE ICDE 2019, Full Paper, AR=26.8% [pdf] blockchain application outsourced databases data integrity
Summary: This work presents data outsourcing schemes built on top of untrusted clouds and trusted blockchain for authenticated range queries. The key design challenge tackled is the "Gas" efficiency, that is, the amount of computation done on expensive Ethereum blockchain is minimized. To do so, we propose a novel data authentication scheme that adaptively shape-shifts between a log-structured merge (LSM) tree and a B-tree. The key observation is to choose the most cost-effective data structures (i.e., LSM tree or B tree) based on data sizes. We implement a system prototype on Ethereum, conduct extensive cost analysis and evaluate the concrete monetary cost under YCSB, which shows the proposed scheme saves more than 30% costs compared with state-of-the-art approaches.
Yuzhe Tang, Kai Li, Qi Zhang, Jianliang Xu, Ju Chen. “Authenticated Key-Value Stores with Hardware Enclaves”, ACM/IFIP Middleware 2021 (Industrial track) [extended version] TEE, KV store data integrity
Summary: Authenticated data storage on an untrusted platform is an important computing paradigm for cloud applications ranging from big-data outsourcing, to cryptocurrency and certificate transparency log. These modern applications increasingly feature update-intensive workloads, whereas existing authenticated data structures (ADSs) designed with in-place updates are inefficient to handle such workloads. In this paper, we address this issue and propose a novel authenticated log-structured merge tree (eLSM) based key-value store by leveraging Intel SGX enclaves. We present a system design that runs the code of eLSM store inside enclave. To circumvent the limited enclave memory (128 MB with the latest Intel CPUs), we propose to place the memory buffer of the eLSM store outside the enclave and protect the buffer using a new authenticated data structure by digesting individual LSM-tree levels. We design protocols to support query authentication in data integrity, completeness (under range queries), and freshness. The proof in our protocol is made small by including only the Merkle proofs at selective levels. We implement eLSM on top of Google LevelDB and Facebook RocksDB with minimal code change and performance interference. We evaluate the performance of eLSM under the YCSB workload benchmark and show a performance advantage of up to 4.5X speedup.
Yuzhe Tang, Ling Liu, “Privacy-Preserving Multi-Keyword Search in Information Networks”. IEEE TKDE 2015 [pdf] privacy preservation
Summary: In this work, we build a federated keyword search service over multiple independent document sites. In this distributed system, a site-discovery service is crucial to connect a search to a potential target site. To prevent privacy leakage, the traffic going into the discovery service and coming out is obfuscated; in other words, the keyword-to-site indices maintained by the discovery service are injected with a proper amount of noises with balance between the search/discovery utility and privacy-preserving degree.
Yuzhe Tang, Ting Wang, Ling Liu, Xin Hu, Jiyong Jang. “Lightweight Authentication of Freshness in Outsourced Key-Value Stores”. ACSAC 2014, AR=19.9% [pdf], [slides] outsourced databases data integrity
Summary: This work tackles efficient authentication of outsourced data on untrusted cloud storage (e.g., Amazon S3 services). The key technique is a query authentication data structure with efficiency (i.e., short proofs) in both update and read operations. The idea is to use Bloom filters to encode data membership hierarchically in a Merkle tree, which results in incremental tree updates and efficient logarithmic query proofs. By building a prototype on HBase, we evaluate the system throughput under standard YCSB workloads. We confirm the proposed storage system offers higher throughput in an order of magnitude for data stream authentication than the existing work.
Dr. Tang's lab page: [link]