Novel MITM attack scheme based on built-in negotiation for blockchain-based digital twins

Liu Xin; Zhou Rui; Shimizu Shohei; Chong Rui; Zhou Qingguo; Zhou Xiaokang

doi:10.1016/j.dcan.2023.11.011

›› 2025, Vol. 11 ›› Issue (1) : 256 -267. DOI: 10.1016/j.dcan.2023.11.011

Original article

Novel MITM attack scheme based on built-in negotiation for blockchain-based digital twins

Author information +

History +

PDF

Abstract

As smart contracts, represented by Solidity, become deeply integrated into the manufacturing industry, blockchain-based Digital Twins (DT) has gained momentum in recent years. Most of the blockchain infrastructures in widespread use today are based on the Proof-of-Work (PoW) mechanism, and the process of creating blocks is known as “mining”. Mining becomes increasingly difficult as the blockchain grows in size and the number of on-chain business systems increases. To lower the threshold of participation in the mining process, “mining pools” have been created. Miners can cooperate and share the mining rewards according to the hashrate they contributed to the pool. Stratum is the most widely used communication protocol between miners and mining pools. Its security is essential for the participants. In this paper, we propose two novel Man-In-The-Middle (MITM) attack schemes against Stratum, which allow attackers to steal miners' hashrate to any mining pool using hijacked TCP connections. Compared with existing attacks, our work is more secretive, more suitable for the real-world environment, and more harmful. The Proof-of-Concept (PoC) shows that our schemes work perfectly on most mining softwares and pools. Furthermore, we present a lightweight AI-driven approach based on protocol-level feature analysis to detect Stratum MITM for blockchain-based DTs. Its detection model consists of three layers: feature extraction layer, vectorization layer, and detection layer. Experiments prove that our detection approach can effectively detect Stratum MITM traffic with 98% accuracy. Our work alerts the communities and provides possible mitigation against these more hidden and profitable attack schemes.

Keywords

Digital twins / MITM / Blockchain / Stratum / Anomaly detection

Cite this article

Download citation ▾

Liu Xin, Zhou Rui, Shimizu Shohei, Chong Rui, Zhou Qingguo, Zhou Xiaokang. Novel MITM attack scheme based on built-in negotiation for blockchain-based digital twins. , 2025, 11(1): 256-267 DOI:10.1016/j.dcan.2023.11.011

登录浏览全文

4963

注册一个新账户忘记密码

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

References

Publishing order | Descend order by publishing year | Descend order by cited within

[1]	M. Grieves, J. Vickers, Digital twin: mitigating unpredictable, undesirable emergent behavior in complex systems,in: Transdisciplinary Perspectives on Complex Sys-tems, Springer, 2017, pp. 85-113.

[2]	D. Yaga, P. Mell, N. Roby, et al., Blockchain technology overview, arXiv preprint, arXiv : 1906.11078.

[3]	J. Sidhu, Syscoin: a peer-to-peer electronic cash system with blockchain-based ser-vices for e-business,in: 2017 26th International Conference on Computer Commu-nication and Networks (ICCCN), 2017.

[4]	D. Chirtoaca, J. Ellul, G. Azzopardi, A framework for creating deployable smart contracts for non-fungible tokens on the Ethereum blockchain, in: 2020 IEEE In-ternational Conference on Decentralized Applications and Infrastructures (DAPPS), IEEE, 2020, pp. 100-105.

[5]	S. Suhail, R. Hussain, R. Jurdak, A. Oracevic, K. Salah, C.S. Hong, R. Matuleviˇcius, Blockchain-based digital twins: research trends, issues, and future challenges, ACM Comput. Surv. (CSUR) 54 (11s) (2022) 1-34.

[6]	I. Yaqoob, K. Salah, M. Uddin, R. Jayaraman, M. Omar, M. Imran, Blockchain for digital twins: recent advances and future research challenges, IEEE Netw. 34 (5) (2020) 290-298.

[7]	M. Vukoli´c, The quest for scalable blockchain fabric: proof-of-work vs. BFT repli-cation, in:International Workshop on Open Problems in Network Security, 2016, pp. 112-125.

[8]	J. Bonneau, A. Miller, J. Clark, et al., Sok: research perspectives and challenges for bitcoin and cryptocurrencies, IEEE Comput. Soc. (2015) 104-121.

[9]	G. Wood, et al., Ethereum: a secure decentralised generalised transaction ledger, Ethereum Project Yellow Paper 151 (2014) 1-32.

[10]	Braiins, Stratum v. 1 docs, https://braiins.com/stratum-v1/docs. (Accessed 1 Octo-ber 2023).

[11]	Getwork protocol, https://en.bitcoin.it/wiki/Getwork, 2015. (Accessed 1 October 2023).

[12]	L.H. Sun, D.F. Ye, S.W. Lu, D.G. Feng, Security analysis and improvement of TLS, J. Softw. 14 (3) (2003) 518-523.

[13]	Domain name server (DNS) hijacking, https://www.imperva.com/learn/application-security/dns-hijacking-redirection/, 2023. (Accessed 1 October 2023).

[14]	X. Zhou, X. Xu, W. Liang, Z. Zeng, Z. Yan, Deep-learning-enhanced multitarget de-tection for end-edge-cloud surveillance in smart IoT, IEEE Int. Things J. 8 (16) (2021) 12588-12596.

[15]	Q. Wang, R. Li, Q. Wang, S. Chen, Non-fungible token (NFT): overview, evaluation, opportunities and challenges, arXiv preprint, arXiv : 2105.07447.

[16]	C.S. Götz, P. Karlsson, I. Yitmen, Exploring applicability, interoperability and inte-grability of blockchain-based digital twins for asset life cycle management, Smart Sustain. Built Environ. 11 (3) (2022) 532-558.

[17]	B. Yong, J. Shen, X. Liu, F. Li, H. Chen, Q. Zhou, An intelligent blockchain-based system for safe vaccine supply and supervision, Int. J. Inf. Manag. 52 (2020) 102024, https://doi.org/10.1016/j.ijinfomgt.2019.10.009, https://www.sciencedirect.com/science/article/pii/S0268401219304505.

[18]	H.R. Hasan, K. Salah, R. Jayaraman, M. Omar, I. Yaqoob, S. Pesic, T. Taylor, D. Boscovic, A blockchain-based approach for the creation of digital twins, IEEE Access 8 (2020) 34113-34126.

[19]	P.F. Borowski, Digitization, digital twins, blockchain, and industry 4.0 as el-ements of management process in enterprises in the energy sector, Ener-gies 14 (7) ( 2021), https://doi.org/10.3390/en14071885, https://www.mdpi.com/1996-1073/14/7/1885.

[20]	B. Putz, M. Dietz, P. Empl, G. Pernul, Ethertwin: blockchain-based secure digital twin information management, Inf. Process. Manag. 58 (1) ( 2021) 102425, https://doi.org/10.1016/j.ipm.2020.102425, https://www.sciencedirect.com/science/article/pii/S0306457320309195.

[21]	S. Suhail, C.S. Hong, A. Khan, Orchestrating product provenance story: when iota ecosystem meets the electronics supply chain space, Comput. Ind. 123 (2020) 103334.

[22]	S. Suhail, R. Hussain, R. Jurdak, C.S. Hong, Trustworthy digital twins in the indus-trial Internet of things with blockchain, IEEE Internet Comput. 26 (2022) 58-67.

[23]	M. Dietz, G. Pernul, Unleashing the digital twin’s potential for ICS security, IEEE Secur. Priv. 18 (2020) 20-27.

[24]	R. Langner, To kill a centrifuge a technical analysis of what Stuxnet’s creators tried to achieve, 2013.

[25]	I. Eyal, E.G. Sirer, Majority is not enough: bitcoin mining is vulnerable, in: Computer Science, vol. 8437, 2013, pp. 436-454.

[26]	E. Heilman, A. Kendler, A. Zohar, et al., Eclipse attacks on bitcoin’s peer-to-peer network, USENIX Assoc. 24 (2015) 129-144.

[27]	G.O. Karame, E. Androulaki, S. Capkun,Double-spending fast payments in bitcoin, in:Proceedings of the 2012 ACM Conference on Computer and Communications Security, vol. 12, Association for Computing Machinery, New York, NY, USA, 2012, pp. 906-917.

[28]	A. Alkhalifah, A. Ng, P.A. Watters, et al., A mechanism to detect and prevent Ethereum blockchain smart contract reentrancy attacks, Front. Comput. Sci. 3 ( 2021) 1, https://www.frontiersin.org/article/10.3389/fcomp.2021.598780.

[29]	Ethereum smart contract call injection attack, https://blog.csdn.net/u011721501/article/details/80757811, 2018. (Accessed 1 October 2023).

[30]	M. Saad, J. Spaulding, L. Njilla, C. Kamhoua, S. Shetty, D. Nyang, A. Mohaisen, Ex-ploring the attack surface of blockchain: a systematic overview, arXiv :1904.03487, 2019.

[31]	M. Rosenfeld,Analysis of bitcoin pooled mining reward systems, arXiv :1112.4980, 2011.

[32]	Vulnerability description, https://chiaforum.com/t/maxiopool-shut-down/11882?page=3, 2021. (Accessed 1 October 2023).

[33]	R. Recabarren, B. Carbunar,Hardening stratum, the bitcoin pool mining protocol, arXiv :1703.06545, 2017.

[34]	X. Zhou, X. Xu, W. Liang, Z. Zeng, S. Shimizu, L.T. Yang, Q. Jin, Intelligent small object detection for digital twin in smart manufacturing with industrial cyber-physical systems, IEEE Trans. Ind. Inform. 18 (2) (2022) 1377-1386, https://doi.org/10.1109/TII.2021.3061419.

[35]	X. Liu, W. Zhang, X. Zhou, Q. Zhou, Mecguard: GRU enhanced attack detection in mobile edge computing environment, Comput. Commun. 172 (2021) 1-9, https://doi.org/10.1016/j.comcom.2021.02.022, https://www.sciencedirect.com/science/article/pii/S0140366421000918.

[36]	W. Liang, Y. Hu, X. Zhou, Y. Pan, I. Kevin, K. Wang, Variational few-shot learning for microservice-oriented intrusion detection in distributed industrial IoT, IEEE Trans. Ind. Inform., https://doi.org/10.1109/TII.2021.3116085.

[37]	X. Zhou, X. Yang, J. Ma, I. Kevin, K. Wang, Energy efficient smart routing based on link correlation mining for wireless edge computing in IoT, IEEE Int. Things J.

[38]	J. Skaruz, F. Seredynski,Recurrent neural networks towards detection of SQL at-tacks, in: Parallel and Distributed Processing Symposium, 2007, IPDPS 2007, IEEE International, 2007.

[39]

X. Liu, Q. Yu, X. Zhou, Q. Zhou, Owleye: an advanced detection system of web attacks based on HMM, in: 2018 IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing, 16th Intl Conf on Pervasive Intelligence and Computing, 4th Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC/PiCom/DataCom/CyberSciTech), IEEE, 2018, pp. 200-207.

[40]	W. Wei, Y. Sheng, J. Wang, X. Zeng, Z. Ming, Hast-ids: learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection, IEEE Access 6 (99) (2018) 1792-1806.

[41]	X. Zhou, Y. Li, W. Liang, Cnn-rnn based intelligent recommendation for online med-ical pre-diagnosis support, IEEE/ACM Trans. Comput. Biol. Bioinform. 18 (3) (2021) 912-921.

[42]	J. Zhang, Y. Ling, X. Fu, X. Yang, G. Xiong, R. Zhang, Model of the intrusion detec-tion system based on the integration of spatial-temporal features, Comput. Secur. 89 (2020) 101681.

[43]	X. Zhou, W. Liang, W. Li, K. Yan, S. Shimizu, K.I.-K. Wang, Hierarchical adversarial attacks against graph neural network based IoT network intrusion detection system, IEEE Int. Things J. 9 (12) (2022) 9310-9319.

[44]	J. R. W. Group,Json-rpc 2.0 specification, https://www.jsonrpc.org/specification, 2007. (Accessed 1 October 2023).

[45]	P. Moravec, J. Capek, et al., Stratum v2 docs, https://braiins.com/stratum-v2/docs. (Accessed 1 October 2023).

[46]	B. Wiki, Stratum mining protocol, https://en.bitcoin.it/wiki/Stratum_mining_protocol. (Accessed 1 October 2023).

[47]	Y. Mao, X. Chen, X. Li, Max-min task scheduling algorithm for load balance in cloud computing, in: Proceedings of International Conference on Computer Science and Information Technology, Springer India, New Delhi, 2014, pp. 457-465.

[48]	D. Devi, V.R. Uthariaraj, Load balancing in cloud computing environment using improved weighted round Robin algorithm for nonpreemptive dependent tasks, Sci. World J. (2016).

[49]	S. Arora, Y. Liang, T. Ma,A simple but tough-to-beat baseline for sentence embed-dings, in:International Conference on Learning Representations, 2017.

[50]	N. Almarwani, H. Aldarmaki, M. Diab, Efficient sentence embedding using discrete cosine transform, arXiv preprint, arXiv : 1909.03104.

[51]	J. Mueller, A. Thyagarajan,Siamese recurrent architectures for learning sentence similarity, in:Proceedings of the AAAI Conference on Artificial Intelligence, vol. 30, 2016.