Amazon Granted Patent for Proof-of-Work System to Fight DDoS Attacks

E-commerce giant Amazon has recently been granted a patent for a proof-of-work (PoW) system that could reportedly be used to mitigate distributed denial of service (DDoS) attacks computer networks are often targeted with.

The patent, first filed back in December of 2016, was granted by the U.S. Patent and Trademark Office (USPTO) this week, and essentially outlines how Merkle trees can be generated as a solution to proof-of-work challenges,  including preventing DDoS attacks.

The e-commerce giant’s proposal is to use Merkle trees to present a proof-of-work challenge to attackers, making it too expensive to use a series of machines to perform such an attack. Merkle trees essentially allow for the verification of data sent between computers.

Amazon also suggested the use of a proof-of-work (PoW) system, that would see machines create Merkle trees as the “work” involved. PoW is an algorithm used to protect networks, by asking participants to do “work that often involves computing power.

Amazon’s patent explains:

A proof-of-work system where a first party (e.g., a client computer system) may request access to a computing resource. A second party (e.g., a service provider) may determine a challenge that may be provided to the first party. A valid solution to the challenge may be generated and provided for the request to be fulfilled.

These challenges, Amazon notes, could include “a message and a seed, such that the seed may be used at least in part to cryptographically derive information that may be used to generate a solution to the challenge.” Adding to this, it suggests the creation of Merkle trees.

A similar system is used on the Bitcoin blockchain, with Merkle trees being used to ensure that blocks mined on the network aren’t falsified. On it, proof-of-work sees miners solve complex mathematical puzzles to secure the network, and sees them get rewarded in BTC for it.

Using a proof-of-work algorithm, the firm adds that preventing DDoS attacks could be accomplished. The patent reads:

Requiring a valid proof-of-work may mitigate a DOS [denial-of-service] or DDOS attack by causing the participants of the DOS or DDOS attack to generate a valid proof-of-work solution, which may require the use of computational resources on the attacking systems and dramatically reduce the rate at which entities participating in the attack may send requests.

This system would essentially make DDoS attacks economically unfeasible. Elsewhere in its patent, Amazon mentions other cryptocurrency-related terms like “public signing key” and “digital signature,” but doesn’t refer to blockchains or cryptocurrencies directly.

The move shows so far the e-commerce giant is more invested in blockchain technology than in cryptocurrencies per se. Although cryptocurrency users would like to see the company accept crypto payments, so far it hasn’t done so. A survey has earlier this year shown 13% of its customers would be interested in purchasing crypto from it.

Changpeng Zhao, the CEO of cryptocurrency exchange Binance, revealed he believes that Amazon will, “sooner or later,” have to issue its own currency. So far the company has only used blockchain technology, and has registered domains like amazoncryptocurrency.com, in a move believed to have been made to protect its brand.

P2P Token Trading Platform AirSwap Discloses ‘Critical Vulnerability’

  • Peer-to-peer trading platform AirSwap claims to have identified a "critical vulnerability" in one of its smart contracts. 
  • Ten addresses have been identified so far as being at risk of exploitation. 

Peer-to-peer token trading network AirSwap has disclosed a “critical vulnerability” in a newly released smart contract. 

AirSwap's Critical Vulnerability

According to the disclosure, which was published on Sept. 13, AirSwap’s internal security team identified a potential exploit in a newly released mainnet smart contract. The vulnerability would allow an attacker to “perform a swap without requiring a signature from a counterparty.” 

AirSwap claims that the offending code was only present for twenty-four hours on the network before being identified and removed. However, users of AirSwap Instant between Sept. 11 and Sept. 12 may have been affected by the vulnerability, with the report claiming that 10 accounts have been recognized so far as being at risk. 

AirSwap has published the addresses to the vulnerable accounts, telling all other users that no further action is required. The report also outlines the step-by-step actions taken by the exchange in the aftermath of discovering the vulnerability, including an apology to its client base, 

We would like to deeply apologize to our affected users for any inconvenience these vulnerabilities may have caused, and hope that the important lessons we continue to learn throughout these processes form the basis for a more open, secure, and efficient trading environment.

Featured Image Credit: Photo via Pixabay.com