Latest COVID-19 Information for Purdue University

The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Pedro Moreno-Sanchez - Purdue University

Students: Spring 2022, unless noted otherwise, sessions will be virtual on Zoom.

Mind Your Credit: Assessing the Health of the Ripple Credit Network

Mar 21, 2018

Download: Video Icon MP4 Video Size: 232.0MB  
Watch on Youtube Watch on YouTube


The Ripple credit network has emerged as the payment backbone with
indisputable advantages for financial institutions and the remittance
industry. Ripple’s market capitalization is currently third only to
Bitcoin and Ethereum. Its path-based IOweYou (IOU) settlements across
different currencies conceptually distinguishes the Ripple blockchain
from the cryptocurrencies (such as Bitcoin) and makes it highly suitable
to an orthogonal yet vast set of applications in the remittance world
and beyond.

In this talk, I present our recent study of the structure and evolution
of the Ripple network since its inception, and our research results
regarding its vulnerability to attacks that harm the IOU credit of its
wallets. We find that about 13M USD are at risk in the current Ripple
network due to inappropriate configuration of the rippling flag on
credit links that paves the way to undesired redistribution of credit
across those links. Although the Ripple network has grown around a few
highly connected hub (gateway) wallets that make the core of the network
and provide high liquidity to users, such credit link distribution
results in a user base of around 112,000 wallets that can be financially
alienated by as few as 10 highly connected gateway wallets. Indeed,
today about 4.9M USD cannot be withdrawn by their owners from the Ripple
network due to PayRoutes, a gateway tagged as faulty by the Ripple
community. Finally, we observe that stale exchange offers pose a real
problem, and exchanges (market makers) have not always been vigilant
about periodically updating their exchange offers according to current
real-world exchange rates. For example, stale offers were used by 84
Ripple wallets to gain more than 4.5M USD from mid-July to mid-August
2017. Our findings should prompt the Ripple community to improve the
health of the network by educating its users on increasing their
connectivity, and by appropriately maintaining the credit limits,
rippling flags, and exchange offers on their IOU credit links.

About the Speaker

Pedro Moreno-Sanchez is a PhD student in the Department of Computer
Science at Purdue University. His advisor is Prof. Aniket Kate. His
current research focuses on the areas of security, privacy and
reliability of credit network based systems such as Ripple. Previously,
he also worked on network access control in distributed scenarios such
as eduroam.

Before moving to Purdue University in August 2015, he started his PhD
studies at Saarland University in 2013 under the supervision of Prof.
Aniket Kate. Previously, he was an intern researcher at IBM Research -
Zurich (Switzerland) in 2017 under the supervision of Christian Cachin;
at Ripple (USA) in 2016 under the supervision of Stefan Thomas; and at
Philips Research Europe (The Netherlands) under the supervision of Oscar
Garcia-Morchon and Rafael Marin-Lopez. He received his bachelors and
masters from University of Murcia (Spain) in 2011 and 2013 respectively.

Ways to Watch


Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!