A Prevention and a Traction System for Ransomware Attacks

Over the past three years, especially following WannaCry malware, ransomware has become one of the biggest concerns for private businesses, state, and local government agencies. According to Homeland Security statistics, 1.5 million ransomware attacks have occurred per year since 2016. Cybercriminals often use creative methods to inject their malware into the target machines and use sophisticated cryptographic techniques to hold hostage victims' files and programs unless a certain amount of equivalent Bitcoin is paid. The return to the cybercriminals is so high (estimated \$1 billion in 2019) without any cost because of the advanced anonymity provided by cryptocurrencies, especially Bitcoin \cite{Paquet-Clouston2019}. Given this context, this study first discusses the current state of ransomware, detection, and prevention systems. Second, we propose a global ransomware center to better manage our concerted efforts against cybercriminals. The policy implications of the proposed study are discussed in the conclusion section

BlockTag: Design and applications of a tagging system for blockchain analysis

Annotating blockchains with auxiliary data is useful for many applications. For example, e-crime investigations of illegal Tor hidden services, such as Silk Road, often involve linking Bitcoin addresses, from which money is sent or received, to user accounts and related online activities. We present BlockTag, an open-source tagging system for blockchains that facilitates such tasks. We describe BlockTag's design and present three analyses that illustrate its capabilities in the context of privacy research and law enforcement

Peer-to-Peer EnergyTrade: A Distributed Private Energy Trading Platform

Blockchain is increasingly being used as a distributed, anonymous, trustless framework for energy trading in smart grids. However, most of the existing solutions suffer from reliance on Trusted Third Parties (TTP), lack of privacy, and traffic and processing overheads. In our previous work, we have proposed a Secure Private Blockchain-based framework (SPB) for energy trading to address the aforementioned challenges. In this paper, we present a proof-on-concept implementation of SPB on the Ethereum private network to demonstrates SPB's applicability for energy trading. We benchmark SPB's performance against the relevant state-of-the-art. The implementation results demonstrate that SPB incurs lower overheads and monetary cost for end users to trade energy compared to existing solutions

The Internet of Money between Anonymity and Publicity: Legal Challenges of Distributed Ledger Technologies in the Crypto Financial Landscape

This research project focuses on the impacts exerted by the tech schemes behind virtual currencies on the EU framework to prevent the misuse of the financial system and it aims to explore legal challenges posed in the IoM landscape by the double-edged nature of DLTs as both transparency and privacy-oriented. On the one hand, it plans to identify effective legislative and regulatory measures to ensure crypto accountability from an AML/CFT standpoint, as well as to assess the relevant role of pseudonymity. On the other hand, it pursues to discover innovative legal approaches to secure AML/CFT active cooperation in the crypto ecosystem(s), to the end of mitigating anonymity and traceability concerns while respecting both the value of publicity and transparency in the law and the conceptual origin of the crypto economy

Data mining for detecting Bitcoin Ponzi schemes

Soon after its introduction in 2009, Bitcoin has been adopted by cyber-criminals, which rely on its pseudonymity to implement virtually untraceable scams. One of the typical scams that operate on Bitcoin are the so-called Ponzi schemes. These are fraudulent investments which repay users with the funds invested by new users that join the scheme, and implode when it is no longer possible to find new investments. Despite being illegal in many countries, Ponzi schemes are now proliferating on Bitcoin, and they keep alluring new victims, who are plundered of millions of dollars. We apply data mining techniques to detect Bitcoin addresses related to Ponzi schemes. Our starting point is a dataset of features of real-world Ponzi schemes, that we construct by analysing, on the Bitcoin blockchain, the transactions used to perform the scams. We use this dataset to experiment with various machine learning algorithms, and we assess their effectiveness through standard validation protocols and performance metrics. The best of the classifiers we have experimented can identify most of the Ponzi schemes in the dataset, with a low number of false positives

Deanonymizing tor hidden service users through bitcoin transactions analysis

With the rapid increase of threats on the Internet, people are continuously seeking privacy and anonymity. Services such as Bitcoin and Tor were introduced to provide anonymity for online transactions and Web browsing. Due to its pseudonymity model, Bitcoin lacks retroactive operational security, which means historical pieces of information could be used to identify a certain user. We investigate the feasibility of deanonymizing users of Tor hidden services who rely on Bitcoin as a method of payment. In particular, we correlate the public Bitcoin addresses of users and services with their corresponding transactions in the Blockchain. In other words, we establish a provable link between a Tor hidden service and its user by simply showing a transaction between their two corresponding addresses. This subtle information leakage breaks the anonymity of users and may have serious privacy consequences, depending on the sensitivity of the use case. To demonstrate how an adversary can deanonymize hidden service users by exploiting leaked information from Bitcoin over Tor, we carried out a real-world experiment as a proof-of-concept. First, we collected public Bitcoin addresses of Tor hidden services from their .onion landing pages. Out of 1.5K hidden services we crawled, we found 88 unique Bitcoin addresses that have a healthy economic activity in 2017. Next, we collected public Bitcoin addresses from two channels of online social networks, namely, Twitter and the BitcoinTalk forum. Out of 5B tweets and 1M forum pages, we found 4.2K and 41K unique online identities, respectively, along with their public personal information and Bitcoin addresses. We then expanded the lists of Bitcoin addresses using closure analysis, where a Bitcoin address is used to identify a set of other addresses that are highly likely to be controlled by the same user. This allowed us to collect thousands more Bitcoin addresses for the users. By analyzing the transactions in the Blockchain, we were able to link up to 125 unique users to various hidden services, including sensitive ones, such as The Pirate Bay, Silk Road, and WikiLeaks. Finally, we traced concrete case studies to demonstrate the privacy implications of information leakage and user deanonymization. In particular, we show that Bitcoin addresses should always be assumed as compromised and can be used to deanonymize users

Reputation and Reward : Two Sides of the Same Bitcoin

In Mobile Crowd Sensing (MCS), the power of the crowd, jointly with the sensing capabilities of the smartphones they wear, provides a new paradigm for data sensing. Scenarios involving user behavior or those that rely on user mobility are examples where standard sensor networks may not be suitable, and MCS provides an interesting solution. However, including human participation in sensing tasks presents numerous and unique research challenges. In this paper, we analyze three of the most important: user participation, data sensing quality and user anonymity. We tackle the three as a whole, since all of them are strongly correlated. As a result, we present PaySense, a general framework that incentivizes user participation and provides a mechanism to validate the quality of collected data based on the users' reputation. All such features are performed in a privacy-preserving way by using the Bitcoin cryptocurrency. Rather than a theoretical one, our framework has been implemented, and it is ready to be deployed and complement any existint MCS system

Identify Multiple Types of Social Influences on Smart Contract Adoption in Blockchain User Network: An Empirical Examination of CryptoKitties in Ethereum

Smart contract brings more versatile functions in blockchain technology. However, its adoption rate is not as high as expected. Currently, there is no thorough study addressing such problem. To fill such gap, we propose to use peer influence to explain smart contract adoption in blockchain user network. We explore whether and how multiple types of peer influence including direct pee influence and indirect peer influence, simultaneously affect individual adoption decisions of smart contracts. Our hypotheses are examined in the context of CryptoKitties adoption in the Ethereum network using the public dataset of Ethereum including 350 million transactions from over 20 million distinct accounts. Our results suggest that the adoption of the software is positively affected by direct peer influence and indirect peer influence. Moreover, we find that users who have higher social status in the blockchain network are less susceptible to peer influence. The results provide strong evidence of peer influence on smart contract adoption through various mechanisms