By Henry Birge-Lee, Liang Wang, Grace Cimaszewski, Jennifer Rexford and Prateek Mittal
Security, BGP, KLAYswap, PKI, Public Key Infrastructure, CA, Certificate Authorities, CryptocurrencyOn February 3, 2022, attackers launched a highly effective attack against the Korean cryptocurrency exchange KLAYswap. We discussed the details of this attack in our earlier blog post “Attackers exploit fundamental flaw in the web’s security to steal $2 million in cryptocurrency.” However, in that post we only scratched the surface of potential countermeasures that could prevent such attacks. In this new post, we will discuss how we can defend the web ecosystem against attacks like these. This attack was composed of multiple exploits at different layers of the network stack. We term attacks like this, “cross-layer attacks,” and offer our perspective on why they are so effective. Furthermore, we propose a practical defense strategy against them that we call “cross-layer security.”
As we discuss below, cross-layer security involves security technologies at different layers of the network stack working in harmony to defend vulnerabilities that are difficult to catch at a single layer alone.
At a high level, the adversary’s attack affected many layers of the networking stack:
The network layer is responsible for providing reachability between hosts on the Internet. The first part of the adversary’s attack involved targeting the network layer with a Border Gateway Protocol (BGP) attack that manipulated routes to hijack traffic intended for the victim.The session layer is responsible for secure end-to-end communication over the network. To attack the session layer,