2,370 research outputs found
Bitcoin over Tor isn't a good idea
Bitcoin is a decentralized P2P digital currency in which coins are generated
by a distributed set of miners and transaction are broadcasted via a
peer-to-peer network. While Bitcoin provides some level of anonymity (or rather
pseudonymity) by encouraging the users to have any number of random-looking
Bitcoin addresses, recent research shows that this level of anonymity is rather
low. This encourages users to connect to the Bitcoin network through
anonymizers like Tor and motivates development of default Tor functionality for
popular mobile SPV clients. In this paper we show that combining Tor and
Bitcoin creates an attack vector for the deterministic and stealthy
man-in-the-middle attacks. A low-resource attacker can gain full control of
information flows between all users who chose to use Bitcoin over Tor. In
particular the attacker can link together user's transactions regardless of
pseudonyms used, control which Bitcoin blocks and transactions are relayed to
the user and can \ delay or discard user's transactions and blocks. In
collusion with a powerful miner double-spending attacks become possible and a
totally virtual Bitcoin reality can be created for such set of users. Moreover,
we show how an attacker can fingerprint users and then recognize them and learn
their IP address when they decide to connect to the Bitcoin network directly.Comment: 11 pages, 4 figures, 4 table
Contour: A Practical System for Binary Transparency
Transparency is crucial in security-critical applications that rely on
authoritative information, as it provides a robust mechanism for holding these
authorities accountable for their actions. A number of solutions have emerged
in recent years that provide transparency in the setting of certificate
issuance, and Bitcoin provides an example of how to enforce transparency in a
financial setting. In this work we shift to a new setting, the distribution of
software package binaries, and present a system for so-called "binary
transparency." Our solution, Contour, uses proactive methods for providing
transparency, privacy, and availability, even in the face of persistent
man-in-the-middle attacks. We also demonstrate, via benchmarks and a test
deployment for the Debian software repository, that Contour is the only system
for binary transparency that satisfies the efficiency and coordination
requirements that would make it possible to deploy today.Comment: International Workshop on Cryptocurrencies and Blockchain Technology
(CBT), 201
Key exchange with the help of a public ledger
Blockchains and other public ledger structures promise a new way to create
globally consistent event logs and other records. We make use of this
consistency property to detect and prevent man-in-the-middle attacks in a key
exchange such as Diffie-Hellman or ECDH. Essentially, the MitM attack creates
an inconsistency in the world views of the two honest parties, and they can
detect it with the help of the ledger. Thus, there is no need for prior
knowledge or trusted third parties apart from the distributed ledger. To
prevent impersonation attacks, we require user interaction. It appears that, in
some applications, the required user interaction is reduced in comparison to
other user-assisted key-exchange protocols
- …