Stopping Floods with Buckets: Attack and Countermeasure for IOTA Autopeering

Distributed Ledger Technology (DLT) is one of the most promising technology at present with applications in different domains, such as Cyber-Physical Systems (CPS) and Internet of Thing (IoT). IOTA is an example of Directed Acyclic Graph (DAG)-based DLTs applicable to IoT, addressing the issues of scalability, consensus complexity, and mining incentives of blockchains. In order to join the network and to later disseminate fresh information, nodes exploit IOTA's autopeering module. The security of this module is hence of fundamental importance for the network liveness, however this requirement has never been analyzed in the literature. In this paper, we provide the first security analysis of the autopeering module of the Coordicide, IOTA's main framework. We divide the contribution in two parts: i) we show that the peer-discovery process in the autopeering module is vulnerable to flooding attack, a type of Denial of Service (DoS), and ii) we propose Time Constrained Identity Match (TID), a novel protocol to mitigate the flooding attack. In particular, we compare two implementations of TID: leaky-TID based on leaky bucket, and token-Tid based on token bucket. We discuss their suitability to IOTA both in terms of effectiveness in mitigating the flooding attack and in terms of resource consumption (memory and CPU). Based on the results, we observe that leaky-TID shows the better performance in preventing flooding attacks, reducing the traffic under attack by 67% and reducing memory consumption by 12.5%.