A report that describes the potentially quite dangerous altcoin DDosCoin, has recently been published. This coins uses a principle similar to Proof-of-Work – “proof-of-DDoD” for coin mining, so miners must actually participate in DDoS-attacks on a specific webserver target.
According to the report by Eric Wustrow, University of Colorado Boulder, and graduate student at University of Michigan, Benjamin VanderSloot, titled “DDoSCoin: Cryptocurrency with a Malicious Proof-of- Work”, the malicious “proof-of-DDoS” operates by having miners create a large number of TLS connections to a target webserver, and using the server’s signed responses as proof of connection.
However, Eric Wustrow and Benjamin VanderSloot also offer some precautions to limit the malicious nature of DDoSCoin. For example, in order to defend themselves, webmasters of victim websites can disable TLS 1.2 entirely, and only support earlier versions such as TLS 1.0 and TLS 1.1.
“The downside of disabling support for TLS 1.2 is losing the ability to negotiate authenticated encryption cipher modes with clients, which may decrease performance of implementations that have hardware acceleration for such modes,” said Eric Wustrow and Benjamin VanderSloot in the report.
They also stated in the report:
“We believe it is important to fully disclose potential attacks, even those that require the development of an altcoin to execute. This is especially important in the face of the impending commitment to the design of TLS 1.3, and compounded by how long TLS/SSL protocol versions stay in active use.”
“I am glad that technically competent people are developing their ideas, but I’m not always pleased about its direction. Let me remind you that in many jurisdictions, attacks aimed to disable information systems are considered as a crime and punishable by law. I recommend not to participate in these systems, except for research purposes in their own networks. And I do not think that this way of Proof of Work will be widely used in cryptocurrency. Only as one of the tools for intruders. But cryptocurrencies doesn’t need such a proof is not needed for its work. Moreover, there are many alternatives which do not violate the laws of Proof-of-something, like Proof of Activity, Proof of Burn, Proof of Capacity, etc.”