-
Towards Better Understanding of Bitcoin Unreachable Peers
Authors:
Liang Wang,
Ivan Pustogarov
Abstract:
The bitcoin peer-to-peer network has drawn significant attention from researchers, but so far has mostly focused on publicly visible portions of the network, i.e., publicly reachable peers. This mostly ignores the hidden parts of the network: unreachable Bitcoin peers behind NATs and firewalls. In this paper, we characterize Bitcoin peers that might be behind NATs or firewalls from different persp…
▽ More
The bitcoin peer-to-peer network has drawn significant attention from researchers, but so far has mostly focused on publicly visible portions of the network, i.e., publicly reachable peers. This mostly ignores the hidden parts of the network: unreachable Bitcoin peers behind NATs and firewalls. In this paper, we characterize Bitcoin peers that might be behind NATs or firewalls from different perspectives. Using a special-purpose measurement tool we conduct a large scale measurement study of the Bitcoin network, and discover several previously unreported usage patterns: a small number of peers are involved in the propagation of 89% of all bitcoin transactions, public cloud services are being used for Bitcoin network probing and crawling, a large amount of transactions are generated from only two mobile applications. We also empirically evaluate a method that uses timing information to re-identify the peer that created a transaction against unreachable peers. We find this method very accurate for peers that use the latest version of the Bitcoin Core client.
△ Less
Submitted 20 September, 2017;
originally announced September 2017.
-
Bitcoin over Tor isn't a good idea
Authors:
Alex Biryukov,
Ivan Pustogarov
Abstract:
Bitcoin is a decentralized P2P digital currency in which coins are generated by a distributed set of miners and transaction are broadcasted via a peer-to-peer network. While Bitcoin provides some level of anonymity (or rather pseudonymity) by encouraging the users to have any number of random-looking Bitcoin addresses, recent research shows that this level of anonymity is rather low. This encourag…
▽ More
Bitcoin is a decentralized P2P digital currency in which coins are generated by a distributed set of miners and transaction are broadcasted via a peer-to-peer network. While Bitcoin provides some level of anonymity (or rather pseudonymity) by encouraging the users to have any number of random-looking Bitcoin addresses, recent research shows that this level of anonymity is rather low. This encourages users to connect to the Bitcoin network through anonymizers like Tor and motivates development of default Tor functionality for popular mobile SPV clients. In this paper we show that combining Tor and Bitcoin creates an attack vector for the deterministic and stealthy man-in-the-middle attacks. A low-resource attacker can gain full control of information flows between all users who chose to use Bitcoin over Tor. In particular the attacker can link together user's transactions regardless of pseudonyms used, control which Bitcoin blocks and transactions are relayed to the user and can \ delay or discard user's transactions and blocks. In collusion with a powerful miner double-spending attacks become possible and a totally virtual Bitcoin reality can be created for such set of users. Moreover, we show how an attacker can fingerprint users and then recognize them and learn their IP address when they decide to connect to the Bitcoin network directly.
△ Less
Submitted 7 January, 2015; v1 submitted 22 October, 2014;
originally announced October 2014.
-
Deanonymisation of clients in Bitcoin P2P network
Authors:
Alex Biryukov,
Dmitry Khovratovich,
Ivan Pustogarov
Abstract:
Bitcoin is a digital currency which relies on a distributed set of miners to mint coins and on a peer-to-peer network to broadcast transactions. The identities of Bitcoin users are hidden behind pseudonyms (public keys) which are recommended to be changed frequently in order to increase transaction unlinkability.
We present an efficient method to deanonymize Bitcoin users, which allows to link u…
▽ More
Bitcoin is a digital currency which relies on a distributed set of miners to mint coins and on a peer-to-peer network to broadcast transactions. The identities of Bitcoin users are hidden behind pseudonyms (public keys) which are recommended to be changed frequently in order to increase transaction unlinkability.
We present an efficient method to deanonymize Bitcoin users, which allows to link user pseudonyms to the IP addresses where the transactions are generated. Our techniques work for the most common and the most challenging scenario when users are behind NATs or firewalls of their ISPs. They allow to link transactions of a user behind a NAT and to distinguish connections and transactions of different users behind the same NAT. We also show that a natural countermeasure of using Tor or other anonymity services can be cut-off by abusing anti-DoS countermeasures of the bitcoin network. Our attacks require only a few machines and have been experimentally verified. We propose several countermeasures to mitigate these new attacks.
△ Less
Submitted 5 July, 2014; v1 submitted 28 May, 2014;
originally announced May 2014.
-
Content and popularity analysis of Tor hidden services
Authors:
Alex Biryukov,
Ivan Pustogarov,
Fabrice Thill,
Ralf-Philipp Weinmann
Abstract:
Tor hidden services allow running Internet services while protecting the location of the servers. Their main purpose is to enable freedom of speech even in situations in which powerful adversaries try to suppress it. However, providing location privacy and client anonymity also makes Tor hidden services an attractive platform for every kind of imaginable shady service. The ease with which Tor hidd…
▽ More
Tor hidden services allow running Internet services while protecting the location of the servers. Their main purpose is to enable freedom of speech even in situations in which powerful adversaries try to suppress it. However, providing location privacy and client anonymity also makes Tor hidden services an attractive platform for every kind of imaginable shady service. The ease with which Tor hidden services can be set up has spurred a huge growth of anonymously provided Internet services of both types. In this paper we analyse the landscape of Tor hidden services. We have studied Tor hidden services after collecting 39824 hidden service descriptors on 4th of Feb 2013 by exploiting protocol and implementation flaws in Tor: we scanned them for open ports; in the case of HTTP services, we analysed and classified their content. We also estimated the popularity of hidden services by looking at the request rate for hidden service descriptors by clients. We found that while the content of Tor hidden services is rather varied, the most popular hidden services are related to botnets.
△ Less
Submitted 17 November, 2014; v1 submitted 30 August, 2013;
originally announced August 2013.
