Distributed denial of service (DDoS) attacks are one of the most critical challenges faced today by security experts. Thanks to the ever-growing number of insecure digital devices and cheap internet of things (IoT) technologies, hackers can quickly spread malicious software to millions of computers and recruit huge numbers of botnets with very little effort.
Security, on the other hand, lacks the flexibility to cope with these attacks without slowing things down and burdening users with additional hassles. However, blockchain technology promises to provide a new potential solution to mitigate the DDoS risk while keeping up with the market’s demand for ease of use and quick load times.
DDoS Attacks and Their Effects
A DDoS is an attack in which large numbers of infected computers recruited within a botnet will flood a target with an overwhelming amount of traffic. The target can be any network resource, a website, a server, or even a bank, and is thus slowed down or crashed by an excess of incoming connection requests, packets or spam messages.
By spreading malicious software through various sources (social media posts, spam emails, IoT devices, etc.), hackers can recruit vast botnets which can then be used as an army to launch an attack and cause a denial of service. (Learn more about staying safe online with Internet Browsing and Security – Is Online Privacy Just a Myth?)
Today, most firms use centralized content delivery networks (CDNs) that leverage a network of proxy servers to deliver their content in every region of the world at the highest speed possible. Even the modern IoT ecosystem is based on central servers to identify and authenticate individual devices. However, centralization makes servers inherently vulnerable to brute force attacks. If a centralized resource is compromised, every service attached to it will be equally affected.
DDoS Attacks in Gaming
Data theft is a challenge faced by all firms who are frequently being hit by DDoS attacks. But one of the fields that has experienced the most severe damage caused by this form of attacks is the competitive gaming environment.
As eSports tournaments have started to receive mainstream media attention, competitive gaming has progressively transformed into a real sport where top-level players and streamers might generate a lot of money. DDoS attacks represent an easy tool to manipulate the results of official, high-level competitions (and the profits as well). But major eSports teams such as those involved in "League of Legends," "Dota 2," and "Counter-Strike: Global Offensive" are not the only ones who have fallen victim to hackers in the last few years.
Casual gamers often have to suffer the grievous consequences of a server crash or a personal DDoS attack. Although they represent an additional monetary burden to the average user, secure VPNs have always been promoted as the safest form of protection against hacking. Sadly, that’s not entirely true. Data and DNS leaks might, and will, occur if the network is not configured correctly or when a transparent DNS is detected. In one way or another, a determined cybercriminal can still spot a potential vulnerability in any centralized server.
Why Blockchain Protocols can Save the Day
Bitcoin and Ethereum networks rely on miners using their computers to calculate the hash values needed to solve blocks. Whenever a correct hash is found, the miner collects a reward, and the block is appended at the end of the blockchain, validating all the previous transactions. This means that every validation makes the peer-to-peer-based network (known as the Bitcoin Protocol) even more resistant to any disruption attempt.
Every transaction is also cryptographically verified and stored in everyone’s copy of the blockchain; its nodes run on a consensus algorithm that will keep the others running even if some are taken offline by a DDoS attack. Whenever nodes are brought back, everything is synced back to ensure consistency, making the protocol practically unassailable and the risk of data loss close to nothing.
Some enterprises have recently begun putting this potential to use by devising some amazing solutions. For example, Otoy is currently planning a way to harness the processing power of millions of users in the blockchain network to render holographic 3-D, virtual reality graphics, videos and other visual effects. Filecoin collected a $257 million investment to design a blockchain-based technology that would fully exploit people’s unused data storage capabilities.
But which other unused resources could be tapped to mitigate the damage of DDoS attacks by taking advantage of the Ethereum or Bitcoin protocol? The answer is rather simple: bandwidth. Let’s have a look.
How Blockchain Tech Might Help: The Decentralized Cloudflare
The most groundbreaking approach to address the DDoS issue is the one proposed by Gladius.io. Their decentralized Cloudflare allows users to rent out their underutilized bandwidth (and get paid for it) and then send it to pools/nodes around the world that provide it to websites under DDoS attacks. These users will also serve content and act as mini CDN nodes, caching and serving content everywhere.
Participants of the collaborative defense will start by creating an Ethereum smart contract that will be included in a pool maintained in a larger database on the blockchain. The pool can deny the contract request if the address has been previously blacklisted, has a bad reputation or does not have enough bandwidth to prove beneficial.
Pools will then distribute the traffic to the nodes via a DNS service that will distribute the load over multiple name servers. The resources provided by the pools will then be distributed to fit the needs of the specific customers who will rent the service, in order to maximize scalability and provide effective mitigation to any malicious attack. Any user can join the nearest node and rent his bandwidth through the system to earn “tokens” and take part in the marketplace.
By effectively utilizing others' company resources through a peer-to-peer network, the burden of the mitigation can be shared. On top of that, it may allow many users to make some money in the process, making it a very universal and "democratic" technology on its own. Everyone who is paying for a (mostly unused) high-speed connection will now put it to good use – doubling its benefits on the environment too. The carbon footprint generated by inefficient equipment used in data centers to stream data, in fact, significantly contributes to global pollution.
Is it possible that this simple turnaround might solve this problem for the time being? It’s hard to tell, but it would be more than a welcome novelty to both small and large businesses, and casual users as well. Instead of paying up to $5,000 a month on DDoS protection services, or even just an expensive VPN (let’s think about the gamers, once again), this technology can give birth to a marketplace where users are actually paid for their unused bandwidth.
How Blockchain Technology Could Promote a Secure IoT
Blockchain tech can also mitigate the damage caused by botnets such as Mirai that use an army of infected IoT devices. The so-called "zombie" devices are recruited by installing malware after remotely accessing them with easily guessable login credentials. (For more on IoT security, check out The Key Risks Associated With IoT – And How to Mitigate Them.)
Public key cryptography could substitute default login credentials, making the key un-hackable, meaning only manufacturers would be able to install firmware on a device. The identity/public key pairs would then be stored on the blockchain.
Once again, decentralization is the answer, since the cybercriminals' command & control server will not be able to gain access to the secure P2P network that now forms the new IoT environment.
This same form of decentralization could also be used by implementing a similar blockchain-based access control on the DNS servers. Only those showing the correct name/value pair can prove to be the legitimate owners of the respective private key, which will be then stored on the blockchain and then copied across all nodes. This way, no longer will a single point of failure make the network vulnerable to DDoS attacks.