Skip to content

Latest commit

 

History

History
171 lines (121 loc) · 8.61 KB

mitigations.md

File metadata and controls

171 lines (121 loc) · 8.61 KB

Mitigation Strategies Analysis for lightningnetwork/lnd

Mitigation Strategy: Minimum Channel Size Enforcement

Mitigation Strategy: Enforce a minimum channel size.

Description:

  1. Identify a suitable minimum: Analyze your node's purpose, expected transaction volume, and acceptable risk.
  2. Configure lnd.conf: Open your lnd.conf file.
  3. Set minchansize: Add or modify the minchansize parameter under [Application Options]. Set it to your chosen minimum in satoshis (e.g., minchansize=1000000 for 0.01 BTC).
  4. Restart lnd: Restart for changes to take effect.
  5. Monitor: Observe channel opening attempts. lnd will reject attempts below the minimum.

Threats Mitigated:

  • Dust Exposure: (Severity: Medium)
  • Channel Jamming (DoS): (Severity: Medium)

Impact:

  • Dust Exposure: Significantly reduces risk.
  • Channel Jamming (DoS): Reduces effectiveness; attacker cost increases.

Currently Implemented: Yes, core lnd feature (minchansize option).

Missing Implementation: Not missing in lnd. User configuration is key.

Mitigation Strategy: HTLC Limits

Mitigation Strategy: Set limits on the number and value of outstanding HTLCs.

Description:

  1. Assess Node Capacity: Determine your node's HTLC capacity.
  2. Configure lnd.conf: Open your lnd.conf file.
  3. Set max_pending_htlcs: Under [Application Options], set max_pending_htlcs (maximum unresolved HTLCs per channel).
  4. Set max_htlc_value_in_flight_msat: Set max_htlc_value_in_flight_msat (maximum total value in millisatoshis of unresolved HTLCs per channel).
  5. Restart lnd: Restart your node.
  6. Monitor: Use lncli getinfo to track pending HTLCs.

Threats Mitigated:

  • Channel Jamming (DoS): (Severity: High)
  • Liquidity Depletion: (Severity: Medium)

Impact:

  • Channel Jamming (DoS): Significantly reduces impact.
  • Liquidity Depletion: Strong protection.

Currently Implemented: Yes, core lnd features (max_pending_htlcs, max_htlc_value_in_flight_msat).

Missing Implementation: Not missing in lnd. User configuration is crucial.

Mitigation Strategy: Watchtower Implementation (using lnd's built-in features)

Mitigation Strategy: Utilize lnd's built-in watchtower client and (optionally) server.

Description:

  1. Self-Hosted (Optional): If running your own watchtower, enable the watchtower server in lnd.conf.
  2. Client Configuration: Enable the watchtower client in lnd.conf (wtclient.active=1).
  3. Configure Server Address (if using a separate instance): If using a separate lnd instance as a watchtower, configure the wtclient.watchtower-addrs setting.
  4. Redundancy (Recommended): Ideally, use multiple watchtower instances (either multiple self-hosted or by connecting to external services in addition to your own). This requires external configuration, but the client functionality is within lnd.
  5. Testing: Test by simulating a breach (controlled environment!).
  6. Monitor: Check watchtower logs and status.

Threats Mitigated:

  • Channel Force-Closure Attacks (Cheating): (Severity: High)

Impact:

  • Channel Force-Closure Attacks: Very strong protection if functioning correctly.

Currently Implemented: Yes, lnd has built-in watchtower client and server functionality.

Missing Implementation: The core functionality is present. The main challenge is user adoption, proper configuration, and ensuring redundancy (which often involves external services, but the client connection is managed within lnd).

Mitigation Strategy: Dynamic Fee Policies (using lnd's estimator)

Mitigation Strategy: Use lnd's built-in fee estimator for dynamic fee policies.

Description:

  1. Monitor Network Congestion: Use lncli feereport.
  2. Configure Fee Estimator: Ensure lnd's fee estimator is enabled (default behavior). You can fine-tune its behavior with options like চান in lnd.conf.
  3. Set Fee Limits (Optional): Define minimum/maximum fee rates in lnd.conf to prevent extremes.
  4. Test and Refine: Experiment and monitor effectiveness.

Threats Mitigated:

  • Channel Jamming (DoS): (Severity: Medium)
  • Probe Attacks: (Severity: Low)
  • Slow Payment Routing: (Severity: Low)

Impact:

  • Channel Jamming (DoS): Moderately reduces effectiveness.
  • Probe Attacks: Small mitigation.
  • Slow Payment Routing: Improves efficiency.

Currently Implemented: Yes, lnd has a built-in fee estimator.

Missing Implementation: Core functionality is present. More sophisticated, automated fee management within lnd could be beneficial.

Mitigation Strategy: Secure API Access (TLS and Macaroons within lnd)

Mitigation Strategy: Secure the lnd API using lnd's built-in TLS and macaroon features.

Description:

  1. TLS Configuration:
    • Generate Certificates: lnd auto-generates self-signed certificates. For production, consider trusted CA certificates (but the use of TLS is within lnd).
    • Verify Configuration: Ensure TLS is used for gRPC and REST (restlisten, rpclisten in lnd.conf).
  2. Macaroon Management:
    • Understand Types: Familiarize yourself with macaroon types (admin.macaroon, etc.).
    • Generate Custom Macaroons: Use lncli bakemacaroon to create macaroons with limited permissions.
    • Securely Store Macaroons: Protect them from unauthorized access.
    • Avoid admin.macaroon: Don't use it for routine operations.

Threats Mitigated:

  • Unauthorized API Access: (Severity: High)
  • Data Breaches: (Severity: High)

Impact:

  • Unauthorized API Access: Very strong protection.
  • Data Breaches: TLS protects data in transit.

Currently Implemented: Yes, lnd has built-in TLS and macaroon support.

Missing Implementation: More granular macaroon permissions (beyond current types) could be beneficial.

Mitigation Strategy: Run lnd over Tor (using lnd's configuration)

Mitigation Strategy: Configure lnd to use Tor via its built-in settings.

Description:

  1. Install Tor (Externally): Install the Tor service (this is external, but the configuration is within lnd).
  2. Configure lnd.conf:
    • tor.active=1: Enable Tor.
    • tor.v3=1: Use Tor v3 onion services.
    • tor.streamisolation=1: Use separate circuits.
    • listen=127.0.0.1:<port>: Bind to loopback.
    • externalip=<your_onion_address>: (Optional) Specify onion address.
  3. Configure Tor (Externally, if accepting connections): Configure Tor to forward connections (this is external).
  4. Restart lnd and Tor: Restart services.
  5. Verify: Use lncli getinfo to check Tor connection.

Threats Mitigated:

  • IP Address Leakage: (Severity: Medium)
  • Network Surveillance: (Severity: Medium)
  • Probe Attacks (Slightly): (Severity: Low)

Impact:

  • IP Address Leakage: Significantly reduces risk.
  • Network Surveillance: Good protection.
  • Probe Attacks: Minor improvement.

Currently Implemented: Yes, lnd has excellent Tor support.

Missing Implementation: Not missing in lnd. User configuration is key.

Mitigation Strategy: Channel Backup (using lnd's commands)

Mitigation Strategy: Create channel backups using lnd's built-in commands.

Description:

  1. Use lncli exportchanbackup: Regularly run this command.
  2. Automate Backups (Externally): Create a script/cron job (external, but the backup creation is within lnd).
  3. Secure Storage (Externally): Store channel.backup separately and securely (external).
  4. Test Restoration: Periodically test with lncli restorechanbackup.

Threats Mitigated:

  • Data Loss (Node Failure): (Severity: High)

Impact:

  • Data Loss: Critical safety net.

Currently Implemented: Yes, lnd provides exportchanbackup and restorechanbackup.

Missing Implementation: Not missing in lnd. User diligence is crucial. Automated backup solutions integrated within lnd could be beneficial.