Author: Antoine Riard 2022-09-02 00:47:20
Published on: 2022-09-02T00:47:20+00:00
A proposal has been made to separate the peer communication of large Lightning Network Deployments (LND) into a separate process to reduce the attack area of the main node process. The proposal aims to move LN implementation architecture from a single, monolithic process towards a collection of processes that replicate and distribute critical components of the LN active defense security model. This includes guaranteeing redundant access to the chain view, enforcing sandboxing access between processes, and monitoring data flow to react on anomalies. This would make it easier for infrastructure to survive strong attacks. The proposal comes in response to a scenario where an adversary targets high-value "LiFi" infrastructure, such as a nation-state sponsored hacking-group with strong capabilities. They could launch various attacks, including time-dilation attacks, pinning attacks, and targeting pre-0.24 Bitcoin Core full-nodes. These are only a subset of the attack surface of a Lightning node. To address this, the LDK-side has been working on many security/safety hardening, including external signing, replicated chain monitoring, dynamic fee-bumping of time-sensitive transactions, and various attack vectors mitigations. They are also looking forward to collaborating with the wider Lightning community on reusable security modules across implementations and wished for "fix-the-annoying-holes" changes in Bitcoin Core. The proposal is currently being considered by NYDIG, and feedback on the general direction of this is welcome. A draft PR has been created on Github, demonstrating the core of the idea. Inbound connections from external untrusted peers must be verified before enforcing any potential key-based allow lists. This is currently done in the same process as the node's other critical tasks, such as monitoring the chain. Separating peer communication into a separate process would reduce the attack area of the main node process.
Updated on: 2023-06-03T09:45:19.956330+00:00