Total Eclipse of the Enclave: Detecting Eclipse Attacks From Inside TEEs

Enclave applications that rely on blockchains for integrity and availability are vulnerable to eclipse attacks. In this paper, we present an approach for reliably detecting extended eclipse attacks, even when the adversary controls all network connectivity. By monitoring changes to the difficulty parameter in Proof-of-Work (PoW) protocols, our algorithm detects suppression of new blocks, as well as difficulty-lowering attacks that attempt to force an enclave client onto a malicious fork mined solely by an attacker. We present analysis that attackers have negligible probability of evading our block monitoring algorithm, and demonstrate its robustness to most historical fluctuations in difficulty on the Ethereum blockchain, resulting in a very low false-positive rate.