[E-Lang] Security Breach: Nominee for the Stock Exchange Prize

Ralph Hartley hartley@aic.nrl.navy.mil
Fri, 20 Apr 2001 09:33:47 -0400 

I know it's too late to claim the prize, but it seems to me that there 
is another, far more damaging, attack possible.

This attack is stictly worse, in the sense that if the previously 
described attack works, it always will, and it allows the Man In the 
Middle to steal cash.

I don't know if your specification actually covers this attack (I admit 
I haven't even read it) but if not, it is broken too. Any real stock 
market system needs to resist this attack.

Here it is:

> Suppose the market price for IBM is $100/share. The attacker (Eve) 
> buys 100 shares and makes an offer to sell 100 shares, both at that price.
>
> If she can determine that a message from Bob (to the brokerage Alice) 
> is an order to accept that offer, she delays the message as long as 
> possible. Lets say 1 day (even minutes might be enough).
>
> If one day latter IBM is worth LESS than $100, she lets the message be 
> delivered. Bob buys her shares at $100, and takes the loss that Eve 
> would have taken.
>
> If IBM is worth MORE than $100, she deep sixes the message, and 
> cancels her offer (If you can't cancel offers, buyers could cheat 
> sellers, anyway she can presumably  block all other attempts to accept 
> it). Eve can now keep the profit on her shares, and makes the gain 
> that Bob was entitled to.
>
> If IBM is worth EXACTLY $100 (rare), she also may discard the message, 
> and both Bob and Eve avoid paying any transaction fees that Alice may 
> charge. By picking a volitile stock, this possibility can be avoided, 
> also for larger transactions, fees are usually negligible anyway. 
> (This case might be the basis for an attack in which Bob and Eve 
> cooperate cheat Alice out of transaction fees, but that's another matter)

Heads Eve wins, tails Bob loses.

In either case, Bob may never know he has been robbed, but he has.

It looks at first sight like Bob is getting exactly what he asked for, 
"100 shares of IBM at $100/share", but that is NOT what he is getting. 
He is getting "100 shares of IBM at $100/share IF IBM is worth less than 
$100/share", which is very different. No rational person would accept 
the latter as a substitute for the former.

This attack works on any system in which messages can be selectively 
delayed, and still have effect when eventually delivered, and the value 
of a message can vary with time. The obvious fixes are to use a protocol 
that doesn't allow messages to be selectively delayed (hard, but maybe 
doable), or to have each buy order contain a short deadline. Orders not 
recieved within a few seconds of when they were sent (as recorded in the 
message), are rejected.

Of course that opens up the posibility of cheating by Alice, she could 
selectively claim that some messages were recieved late, but I think 
some trust in (or at least auditability of) the broker is required 
anyway. Correct me if you aren't assuming this, things are much worse if 
you aren't.

Ralph Hartley