[E-Lang] Security Breach: Nominee for the Stock Exchange Prize
Fri, 20 Apr 2001 09:33:47 -0400
I know it's too late to claim the prize, but it seems to me that there
is another, far more damaging, attack possible.
This attack is stictly worse, in the sense that if the previously
described attack works, it always will, and it allows the Man In the
Middle to steal cash.
I don't know if your specification actually covers this attack (I admit
I haven't even read it) but if not, it is broken too. Any real stock
market system needs to resist this attack.
Here it is:
> Suppose the market price for IBM is $100/share. The attacker (Eve)
> buys 100 shares and makes an offer to sell 100 shares, both at that price.
> If she can determine that a message from Bob (to the brokerage Alice)
> is an order to accept that offer, she delays the message as long as
> possible. Lets say 1 day (even minutes might be enough).
> If one day latter IBM is worth LESS than $100, she lets the message be
> delivered. Bob buys her shares at $100, and takes the loss that Eve
> would have taken.
> If IBM is worth MORE than $100, she deep sixes the message, and
> cancels her offer (If you can't cancel offers, buyers could cheat
> sellers, anyway she can presumably block all other attempts to accept
> it). Eve can now keep the profit on her shares, and makes the gain
> that Bob was entitled to.
> If IBM is worth EXACTLY $100 (rare), she also may discard the message,
> and both Bob and Eve avoid paying any transaction fees that Alice may
> charge. By picking a volitile stock, this possibility can be avoided,
> also for larger transactions, fees are usually negligible anyway.
> (This case might be the basis for an attack in which Bob and Eve
> cooperate cheat Alice out of transaction fees, but that's another matter)
Heads Eve wins, tails Bob loses.
In either case, Bob may never know he has been robbed, but he has.
It looks at first sight like Bob is getting exactly what he asked for,
"100 shares of IBM at $100/share", but that is NOT what he is getting.
He is getting "100 shares of IBM at $100/share IF IBM is worth less than
$100/share", which is very different. No rational person would accept
the latter as a substitute for the former.
This attack works on any system in which messages can be selectively
delayed, and still have effect when eventually delivered, and the value
of a message can vary with time. The obvious fixes are to use a protocol
that doesn't allow messages to be selectively delayed (hard, but maybe
doable), or to have each buy order contain a short deadline. Orders not
recieved within a few seconds of when they were sent (as recorded in the
message), are rejected.
Of course that opens up the posibility of cheating by Alice, she could
selectively claim that some messages were recieved late, but I think
some trust in (or at least auditability of) the broker is required
anyway. Correct me if you aren't assuming this, things are much worse if