Maria Apostolaki
PhD Student
I am a third year PhD student, advised by Prof. Laurent Vanbever. My research focuses on Internet routing and its implications on performance and security.
I am currently a visiting researcher at MIT working with Prof. Ghobadi at the CSAIL. I have spent the last two summers, working on analyzing data center traffic at Microsoft Research, Redmond (2018) and Google, Mountain View (2017).
Prior to joining ETH, I earned my diploma in Electrical and Computer Engineering at the National Technical University of Athens, Greece.
Recent Publications
Blink: Fast Connectivity Recovery Entirely in the Data Plane
USENIX NSDI 2019. Boston, Massachusetts, USA (February 2019).
@inproceedings {227629,
title = {Blink: Fast Connectivity Recovery Entirely in the Data Plane},
booktitle = {16th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 19)},
year = {2019},
address = {Boston, MA},
url = {https://www.usenix.org/conference/nsdi19/presentation/holterbach},
publisher = {{USENIX} Association},
}
<div></div>
<div>We present Blink, a data-driven system that leverages TCP-induced signals to detect failures directly in the data plane. The key intuition behind Blink is that a TCP flow exhibits a predictable behavior upon disruption: retransmitting the same packet over and over, at epochs exponentially spaced in time. When compounded over multiple flows, this behavior creates a strong and characteristic failure signal. Blink efficiently analyzes TCP flows to: (i) select which ones to track; (ii) reliably and quickly detect major traffic disruptions; and (iii) recover connectivity---all this, completely in the data plane. We present an implementation of Blink in P4 together with an extensive evaluation on real and synthetic traffic traces. Our results indicate that Blink: (i) achieves sub-second rerouting for large fractions of Internet traffic; and (ii) prevents unnecessary traffic shifts even in the presence of noise. We further show the feasibility of Blink by running it on an actual Tofino switch.</div>
SABRE: Protecting Bitcoin against Routing Attacks
NDSS Symposium 2019. San Diego, CA, USA (February 2019).
Nowadays Internet routing attacks remain practically effective as existing countermeasures either fail to provide protection guarantees or are not easily deployable. Blockchain systems are particularly vulnerable to such attacks as they rely on Internet-wide communications to reach consensus. In particular, Bitcoin---the most widely-used cryptocurrency---can be split in half by any AS-level adversary using BGP hijacking. <br /><br />In this paper, we present SABRE, a secure and scalable Bitcoin relay network which relays blocks worldwide through a set of connections that are resilient to routing attacks. SABRE runs alongside the existing peer-to-peer network and is easily deployable. As a critical system, SABRE design is highly resilient and can efficiently handle high bandwidth loads, including Denial of Service attacks. <br /><br />We built SABRE around two key technical insights. First, we leverage fundamental properties of inter-domain routing (BGP) policies to host relay nodes: (i) in networks that are inherently protected against routing attacks; and (ii) on paths that are economically-preferred by the majority of Bitcoin clients. These properties are generic and can be used to protect other Blockchain-based systems. Second, we leverage the fact that relaying blocks is communication-heavy, not computation-heavy. This enables us to offload most of the relay operations to programmable network hardware (using the P4 programming language). Thanks to this hardware/software co-design, SABRE nodes operate seamlessly under high load while mitigating the effects of malicious clients. <br /><br />We present a complete implementation of SABRE together with an extensive evaluation. Our results demonstrate that SABRE is effective at securing Bitcoin against routing attacks, even with deployments of as few as 6 nodes.
Hijacking Bitcoin: Routing Attacks on Cryptocurrencies.
IEEE Symposium on Security and Privacy 2017. San Jose, CA, USA (May 2017).
@inproceedings{apostolaki2017hijacking,
title={Hijacking Bitcoin: Routing Attacks on Cryptocurrencies},
author={Apostolaki, Maria and Zohar, Aviv and Vanbever, Laurent},
booktitle={Security and Privacy (SP), 2017 IEEE Symposium on},
pages={375--392},
year={2017},
organization={IEEE}
}
As the most successful cryptocurrency to date, Bitcoin constitutes a target of choice for attackers. While many attack vectors have already been uncovered, one important vector has been left out though: attacking the currency via the Internet routing infrastructure itself. Indeed, by manipulating routing advertisements (BGP hijacks) or by naturally intercepting traffic, Autonomous Systems (ASes) can intercept and manipulate a large fraction of Bitcoin traffic.
This paper presents the first taxonomy of routing attacks and their impact on Bitcoin, considering both small-scale attacks, targeting individual nodes, and large-scale attacks, targeting the network as a whole. While challenging, we show that two key properties make routing attacks practical: (i) the efficiency of routing manipulation; and (ii) the significant centralization of Bitcoin in terms of mining and routing. Specifically, we find that any network attacker can hijack few (<100) BGP prefixes to isolate 50% of the mining power—even when considering that mining pools are heavily multi-homed. We also show that on-path network attackers can considerably slow down block propagation by interfering with few key Bitcoin messages.
We demonstrate the feasibility of each attack against the deployed Bitcoin software. We also quantify their effectiveness on the current Bitcoin topology using data collected from a Bitcoin supernode combined with BGP routing data.
The potential damage to Bitcoin is worrying. By isolating parts of the network or delaying block propagation, attackers can cause a significant amount of mining power to be wasted, leading to revenue losses and enabling a wide range of exploits such as double spending. To prevent such effects in practice, we provide both short and long-term countermeasures, some of which can be deployed immediately.
Lectures
Advanced Topics in Communication Networks
Autumn 2018
Discrete Event Systems
Autumn 2018
Discrete Event Systems
Autumn 2017
Discrete Event Systems
Autumn 2016
