UPDATED 16:17 EDT / AUGUST 15 2016

NEWS

DDoSCoin rewards attackers with a cryptocurrency for blasting a website

Two researchers at the University of Colorado Boulder and the University of Michigan released a white paper [PDF] describing a new type of cryptocurrency. It’s called DDoSCoin and it would pay people who run nodes in a Distributed Denial of Service (DDoS) attack for participation. The cryptocurrency does this by using the cryptographic handshake from an encrypted connection to a webserver (using the Transport Layer Security or TLS protocol) to provide proof-of-work.

According to a study conducted by Kaspersky Lab and B2B International released in 2015, a single DDoS attack can cost a business $52,000 to $444,000 depending on the size of the company. As a part of the murky cybercrime market, DDoS acts as a sort of low-level crime with high-level consequences used by groups from hactivists and pranksters to part of organized crime. It also presents an interesting puzzle when it comes to recruiting and holding the interest of participants (in the case when large botnets of compromised devices are not used) providing a marketplace of interested participants who could receive payment for an action.

“In this paper, we present DDoSCoin, which is a cryptocurrency with a malicious proof-of-work,” the researchers, Eric Wustrow and Benjamin VanderSloot, wrote in the paper’s abstract. “DDoSCoin allows miners to prove that they have contributed to a distributed denial of service attack against specific target servers.”

This is only a proof-of-concept work and it does not exist in reality (yet); however, the concept behind DDoSCoin, if implemented, could provide insights into how future systems could work that could deliver cryptocurrency for particular verifiable activities.

How DDoSCoin works: Using website encryption against itself

As outlined in the whitepaper this proof-of-work style of DDoS attack only works on websites running TLS version 1.2 and as of April 2016 an estimated 56 percent of Alexa’s top million websites support that protocol. That said, the researchers do expect that number to increase with time as more websites adopt TLS support.

“In modern versions of TLS, the server signs a client-provided parameter during the handshake, along with server-provided values used in the key exchange of the connection,” the researchers explain. “This allows the client to prove to others that it has communicated with the server.”

To select targets a bounty can be scripted into the network using a PAY_TO_DDOS transaction, which identifies a target, a payment amount, and a difficulty (e.g. the number of connections necessary to receive payment). Attackers get the bounty by becoming the first to prove that they hit the target the number of times requested (using the TLS proof-of-work part of DDoSCoin) and “mine” a block with that bounty transaction.

In a traditional cryptocurrency, such as Bitcoin or Ethereum, miners discover (or “mine”) blocks by adding transactions on the network to the blockchain. When this is done a reward is given in cryptocurrency and the miners receive the fees from those transactions. In DDoSCoin the attackers are miners who add the PAY_TO_DDOS bounty transactions to the blockchain and receive the bounty as a result.

internet of things iot connected devices junk old technology keyboard calculator cell phone keys wires motherboard chip camera lens

Work on “proof-of-resource” with blockchain-based cryptocurrencies may shed light on machine-to-machine transactions within the Internet of Things ecosystem. photo credit: TGIMBOEJ: Added via photopin (license)

Implications outside of malicious proof-of-work: Not just DDoSCoin

The concept behind DDoSCoin may be malicious but the underlying proof-of-work using encrypted connections allows a wide variety of mechanisms for proof-of-work for distributing a cryptocurrency token. And, depending on how the proof-of-work is implemented, the receipt of the reward is tied into the very code that distributes and produces the cryptocurrency: the reward is intrinsically connected to participation.

For DDoSCoin providing proof that a number of connections occurred as proof-of-work is a step towards providing a method the researchers call “proof-of-resource.”

“Cryptocurrency innovation continues to produce new and useful proof-of-work replacements. Still, proving access to arbitrary resources remains a difficult challenge,” the researchers wrote in the white paper’s conclusion. “In this direction, DDoSCoin delivers a novel technique for proving the use of bandwidth to a (potentially unwilling) target domain. We hope that this work encourages others to discover and innovate on novel proof-of-resource puzzles.”

Blockchain-based cryptocurrencies such as Bitcoin and Ethereum have been seen as a potential currency for the Internet of Things (IoT) where devices receive payment for services rendered. Such as a standalone weather station being paid by researchers in microtransactions for temperature, pressure, humidity and other sensor readings. And, at the same time, the device paying for its own bandwidth and electricity use to other devices using microtransactions from its own pool.

This entire industry will be built on devices having access to resources that can be doled out. The proof-of-work involved in DDoSCoin asks an attacker to participate in an action that can be verified through cryptographic proof. This same proof-of-work through cryptography could be tied to IoT cloud storage, where cryptographic key exchange to access/modify stored data could be used to prove activity.

Featured image credit: via Pixabay https://pixabay.com/en/lightning-city-night-sky-night-1082080/.

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU