Pedro Moreno-Sanchez, "Mind Your Credit: Assessing the Health of the Ripple Credit Network"
CERIAS Weekly Security Seminar - Purdue University
English - March 21, 2018 20:30 - 232 MB Video - ★★★★ - 6 ratingsTechnology Education Courses infosec security video seminar cerias purdue information sfs research education Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
The Ripple credit network has emerged as the payment backbone
with
indisputable advantages for financial institutions and the
remittance
industry. Ripple’s market capitalization is currently third only
to
Bitcoin and Ethereum. Its path-based IOweYou (IOU) settlements
across
different currencies conceptually distinguishes the Ripple
blockchain
from the cryptocurrencies (such as Bitcoin) and makes it highly
suitable
to an orthogonal yet vast set of applications in the remittance
world
and beyond.
In this talk, I present our recent study of the structure and
evolution
of the Ripple network since its inception, and our research
results
regarding its vulnerability to attacks that harm the IOU credit of
its
wallets. We find that about 13M USD are at risk in the current
Ripple
network due to inappropriate configuration of the rippling flag
on
credit links that paves the way to undesired redistribution of
credit
across those links. Although the Ripple network has grown around a
few
highly connected hub (gateway) wallets that make the core of the
network
and provide high liquidity to users, such credit link
distribution
results in a user base of around 112,000 wallets that can be
financially
alienated by as few as 10 highly connected gateway wallets.
Indeed,
today about 4.9M USD cannot be withdrawn by their owners from the
Ripple
network due to PayRoutes, a gateway tagged as faulty by the
Ripple
community. Finally, we observe that stale exchange offers pose a
real
problem, and exchanges (market makers) have not always been
vigilant
about periodically updating their exchange offers according to
current
real-world exchange rates. For example, stale offers were used by
84
Ripple wallets to gain more than 4.5M USD from mid-July to
mid-August
2017. Our findings should prompt the Ripple community to improve
the
health of the network by educating its users on increasing
their
connectivity, and by appropriately maintaining the credit
limits,
rippling flags, and exchange offers on their IOU credit links.