Dapeng Huang,Chen,Aowei Luo,Kai Wang,Weili Han

2024-01-01

Journal of information science and engineering

Abstract:Cryptocurrencies, such as Bitcoin, have emerged as a popular means for illicit activities due to their decentralized and anonymous nature, allowing them to circumvent governmental oversight effectively. To combat crimes associated with Bitcoin, it is crucial to address the issue of deanonymizing Bitcoin transactions. Accordingly, this paper presents a novel methodology for Bitcoin transaction traceability, based on Bitcoin network traffic analysis. Specifically, we analyze network traffic data obtained at the physical convergence point of the local Bitcoin network to trace the input address of Bitcoin transactions. The proposed scheme is tested in a distributed Bitcoin network environment, yielding a promising recall rate of 45% and precision rate of 66.67%, with the exception of nodes linked through VPN, Tor, and similar tools. This traceability mechanism holds significant practical implications for regulatory and judicial investigation departments.

Dimaz Ankaa Wijaya,Joseph K. Liu,Ron Steinfeld,Shi-Feng Sun,Xinyi Huang

DOI: https://doi.org/10.1007/978-3-319-49151-6_19

2016-01-01

Abstract:Bitcoin is a new online decentralised payment system equipped by a cryptographic system which runs in a peer-to-peer network. While it denies any central authority, it can still verify and validate the transactions by its protocol. To make the transactions accountable, Bitcoin uses an open database which can be seen and checked by anyone. Despite no direct relationship between the Bitcoin transactions and the identity of the users, the information about the users can still be gathered by analysing the information contained in the transactions. We propose a protocol which minimises the relationship between the transactions to protect the information of the payer from the curious payee.

Meni Rosenfeld

DOI: https://doi.org/10.48550/arXiv.1402.2009

2014-02-09

Cryptography and Security

Abstract:Bitcoin is the world's first decentralized digital currency. Its main technical innovation is the use of a blockchain and hash-based proof of work to synchronize transactions and prevent double-spending the currency. While the qualitative nature of this system is well understood, there is widespread confusion about its quantitative aspects and how they relate to attack vectors and their countermeasures. In this paper we take a look at the stochastic processes underlying typical attacks and their resulting probabilities of success.

Yu-Jing Lin,Po-Wei Wu,Cheng-Han Hsu,I-Ping Tu,Shih-wei Liao

DOI: https://doi.org/10.48550/arXiv.1903.07994

2019-03-19

Abstract:Bitcoin is a cryptocurrency that features a distributed, decentralized and trustworthy mechanism, which has made Bitcoin a popular global transaction platform. The transaction efficiency among nations and the privacy benefiting from address anonymity of the Bitcoin network have attracted many activities such as payments, investments, gambling, and even money laundering in the past decade. Unfortunately, some criminal behaviors which took advantage of this platform were not identified. This has discouraged many governments to support cryptocurrency. Thus, the capability to identify criminal addresses becomes an important issue in the cryptocurrency network. In this paper, we propose new features in addition to those commonly used in the literature to build a classification model for detecting abnormality of Bitcoin network addresses. These features include various high orders of moments of transaction time (represented by block height) which summarizes the transaction history in an efficient way. The extracted features are trained by supervised machine learning methods on a labeling category data set. The experimental evaluation shows that these features have improved the performance of Bitcoin address classification significantly. We evaluate the results under eight classifiers and achieve the highest Micro-F1/Macro-F1 of 87%/86% with LightGBM.

Cryptography and Security,Machine Learning

Subodh Gangan

DOI: https://doi.org/10.48550/arXiv.1504.02115

2015-04-08

Cryptography and Security

Abstract:This paper presents a survey of man-in-the-middle (MIM) attacks in communication networks and methods of protection against them. In real time communication, the attack can in many situations be discovered by the use of timing information. The most common attacks occur due to Address Resolution Protocol (ARP) cache poisoning, DNS spoofing, session hijacking, and SSL hijacking.

QingChun ShenTu,JianPing Yu

DOI: https://doi.org/10.48550/arXiv.1510.07782

2015-10-27

Abstract:The Bitcoin system is an anonymous, decentralized crypto-currency. There are some deanonymizating techniques to cluster Bitcoin addresses and to map them to users' identifications in the two research directions of Analysis of Transaction Chain (ATC) and Analysis of Bitcoin Protocol and Network (ABPN). Nowadays, there are also some anonymization methods such as coin-mixing and transaction remote release (TRR) to cover the relationship between Bitcoin address and the user. This paper studies anonymization and de-anonymization technologies and proposes some directions for further research.

Cryptography and Security

Yan Wu,Fang Tao,Lu Liu,Jiayan Gu,John Panneerselvam,Rongbo Zhu,Mohammad Nasir Shahzad

DOI: https://doi.org/10.1109/tnse.2020.2970113

IF: 6.6

2021-04-01

IEEE Transactions on Network Science and Engineering

Abstract:Popular Blockchain-based cryptocurrencies, like Bitcoin, are increasingly being used maliciously for illegal trades. In order to trace and analyze suspected Bitcoin transactions and addresses, address clustering methods and Bitcoin flow analysis methods are gaining attention recently. However, existing methods only focus on Bitcoin addresses and flow, and neglect other important information, such as transaction structure and behavior features. In order to exploit all useful features of transactions, this paper proposes a Bitcoin transaction network analytic method for facilitating Blockchain forensic investigation based on an extended safe Petri Net. The structural features and dynamic semantics of Petri net are used in our proposed model to define the static and dynamic features of Bitcoin transactions. Nineteen features have been identified to define Bitcoin transaction patterns for analyzing and finding suspected addresses. Bitcoin gene has been embedded into the Petri net transitions to trace and analyze Bitcoin flow accurately. Finally, marginal distribution analysis of Bitcoin transaction features and data visualization techniques are used to eliminate some false positive samples further and to improve the accuracy of identifying suspected addresses. The proposed Bitcoin transaction network analytic method provides a reliable forensic investigation model along with a prototype platform which is beneficial for financial security. The efficiency of our proposed method is empirically verified based on a real-life case study analysis.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Nasser Alsalami,Bingsheng Zhang

DOI: https://doi.org/10.1109/iwqos49365.2020.9213064

2020-01-01

Abstract:Public blockchains can be abused to covertly store and disseminate potentially harmful digital content which poses a serious regulatory issue. In this work, we show the severity of the problem by demonstrating that blockchains can be exploited to surreptitiously distribute arbitrary content. More specifically, all major blockchain systems use randomized cryptographic primitives, such as digital signatures and non-interactive zero-knowledge proofs; we illustrate how the uncontrolled randomness in such primitives can be maliciously manipulated to enable covert communication and hidden persistent storage. To clarify the potential risk, we design, implement and evaluate our technique against the widely-used ECDSA signature scheme, the CryptoNote's ring signature scheme, and Monero's ring confidential transactions. Importantly, the significance of the demonstrated attacks stems from their undetectability, their adverse effect on the future of decentralized blockchains, and their serious repercussions on users' privacy and crypto funds. Finally, we present a generic framework to immunize blockchains against these attacks.

Congcong Ye,Guoqiang Li,Hongming Cai,Yonggen Gu,Akira Fukuda

DOI: https://doi.org/10.1109/dsa.2018.00015

2018-01-01

Abstract:Recently, the global outbreak of a blackmail virus WannaCry, makes the blockchain a hot topic. The security of blockchain is always the focus of people's attention, and it is also the main reason why the blockchain has not been widely used all over the world. Many researches use mathematical derivation method to analyse the 51%- Attacks influence of blockchain, which is very stiff and difficult to understand. In this paper, we propose a method to simulate blockchain's process and discover the rule between attacking method, attacking power and security of blockchain. We take 51%-Attacks as an example and use Java to simulate the running process. By adjusting the value of attacking power, we can get most states of blockchain and analyze the probability that honest state becomes attacking state. We use various forms to analyze and show the experimental result, which verify our method is correct and feasible. This method can also be implemented as a middleware software of blockchain to detect the security of blockchain.

Muhammad Saad,Jeffrey Spaulding,Laurent Njilla,Charles Kamhoua,Sachin Shetty,DaeHun Nyang,Aziz Mohaisen

DOI: https://doi.org/10.48550/arXiv.1904.03487

2019-04-07

Abstract:In this paper, we systematically explore the attack surface of the Blockchain technology, with an emphasis on public Blockchains. Towards this goal, we attribute attack viability in the attack surface to 1) the Blockchain cryptographic constructs, 2) the distributed architecture of the systems using Blockchain, and 3) the Blockchain application context. To each of those contributing factors, we outline several attacks, including selfish mining, the 51% attack, Domain Name System (DNS) attacks, distributed denial-of-service (DDoS) attacks, consensus delay (due to selfish behavior or distributed denial-of-service attacks), Blockchain forks, orphaned and stale blocks, block ingestion, wallet thefts, smart contract attacks, and privacy attacks. We also explore the causal relationships between these attacks to demonstrate how various attack vectors are connected to one another. A secondary contribution of this work is outlining effective defense measures taken by the Blockchain technology or proposed by researchers to mitigate the effects of these attacks and patch associated vulnerabilities

Cryptography and Security

Muteeb Bin Muzammil,Muhammad Bilal,Sahar Ajmal,Sandile C. Shongwe,Yazeed Y. Ghadi

DOI: https://doi.org/10.1109/access.2024.3350444

IF: 3.9

2024-01-01

IEEE Access

Abstract:The current era extensively utilizes the Internet, which uses data. Due to the apparent open-access Internet service, this data is highly vulnerable to attacks. Data privacy is affected by Web-based attacks. This Systematic Literature Review (SLR) focuses on two Web-based attacks: Man-In-The-Middle and session hijacking. It reviews about 30 studies from the years 2016–2023 that have been selected utilizing a proper study selection procedure. This SLR comprises three research questions. The first describes the overall trends in Man-In-The-Middle attacks and session hijacking studies. It shows that 7 articles were published in 2018, and the trend is decreasing to 4 articles by 2021. Moreover, 73% articles are published in conference venues, and India is the top contributor in this domain. Lastly, this question elaborated that IEEE is the top contributor as a publisher. The second addresses the sorts of attacks used by Man-In-The-Middle attacks and session hijacking on Transmission Control Protocol / Internet Protocol (TCP/IP). This demonstrates that Man-In-The-Middle attacks invade all layers and session hijacking attacks on only two, that is, the application and network layer. The third research question discusses the solutions provided by different studies to deal with Man-In-The-Middle attacks and session hijacking. In conclusion, this analysis highlights the need for stronger cybersecurity measures against Man-in-the-Middle and session hijacking assaults in the Internet era by revealing evolving trends, contributors, and solutions in data privacy.

computer science, information systems,telecommunications,engineering, electrical & electronic

Kevin Benton,Ty Bross

DOI: https://doi.org/10.48550/arXiv.1308.3559

2013-08-16

Abstract:Man in the middle attacks are a significant threat to modern e-commerce and online communications, even when such transactions are protected by TLS. We intend to show that it is possible to detect man-in-the-middle attacks on SSL and TLS by detecting timing differences between a standard SSL session and an attack we created.

Cryptography and Security

Joydip Das,Syed Ashraf Al Tasin,Md. Forhad Rabbi,Md Sadek Ferdous

2024-09-16

Abstract:Blockchain is a growing decentralized system built for transparency and immutability. There have been several major attacks on blockchain-based systems, leaving a gap in the trustability of this system. This article presents a comprehensive study of 23 attacks on blockchain systems and categorizes them using a layer-based approach. This approach provides an in-depth analysis of the feasibility and motivation of these attacks. In addition, a framework is proposed that enables a systematic analysis of the impact and interconnection of these attacks, thereby providing a means of identifying potential attack vectors and designing appropriate countermeasures to strengthen any blockchain system.

Cryptography and Security,Emerging Technologies

Igor Makarov,Antoinette Schoar

DOI: https://doi.org/10.2139/ssrn.3942181

2021-01-01

SSRN Electronic Journal

Abstract:In this paper, we provide detailed analyses of the Bitcoin network and its main participants. We build a novel database using a large number of public and proprietary sources to link Bitcoin addresses to real entities and develop an extensive suite of algorithms to extract information about the behavior of the main market participants. We conduct three major pieces of analysis of the Bitcoin eco-system. First, we analyze the transaction volume and network structure of the main participants on the blockchain. Second, we document the concentration and regional composition of the miners which are the backbone of the verification protocol and ensure the integrity of the blockchain ledger. Finally, we analyze the ownership concentration of the largest holders of Bitcoin.

Haaroon Yousaf

DOI: https://doi.org/10.48550/arXiv.2203.14684

2022-03-28

Abstract:This thesis presents techniques to investigate transactions in uncharted cryptocurrencies and services. Cryptocurrencies are used to securely send payments online. Payments via the first cryptocurrency, Bitcoin, use pseudonymous addresses that have limited privacy and anonymity guarantees. Research has shown that this pseudonymity can be broken, allowing users to be tracked using clustering and tagging heuristics. Such tracking allows crimes to be investigated. If a user has coins stolen, investigators can track addresses to identify the destination of the coins. This, combined with an explosion in the popularity of blockchain, has led to a vast increase in new coins and services. These offer new features ranging from coins focused on increased anonymity to scams shrouded as smart contracts. In this study, we investigated the extent to which transaction privacy has improved and whether users can still be tracked in these new ecosystems. We began by analysing the privacy-focused coin Zcash, a Bitcoin-forked cryptocurrency, that is considered to have strong anonymity properties due to its background in cryptographic research. We revealed that the user anonymity set can be considerably reduced using heuristics based on usage patterns. Next, we analysed cross-chain transactions collected from the exchange ShapeShift, revealing that users can be tracked as they move across different ledgers. Finally, we present a measurement study on the smart-contract pyramid scheme Forsage, a scam that cycled $267 million USD (of Ethereum) within its first year, showing that at least 88% of the participants in the scheme suffered a loss. The significance of this study is the revelation that users can be tracked in newer cryptocurrencies and services by using our new heuristics, which informs those conducting investigations and developing these technologies.

Cryptography and Security

Kai Wang,Weili Han,Chen Chen,Haoran Chen,Dapeng Huang

DOI: https://doi.org/10.1109/NaNA56854.2022.00037

2022-12-01

Abstract:Cryptocurrencies like Bitcoin have become a popular weapon for illegal activities. They have the characteristics of decentralization and anonymity, which can effectively avoid the supervision of government departments. How to de-anonymize Bitcoin transactions is a crucial issue for regulatory and judicial investigation departments to supervise and combat crimes involving Bitcoin effectively. This paper aims to de-anonymize Bitcoin transactions and present a Bitcoin transaction traceability method based on Bitcoin network traffic analysis. According to the characteristics of the physical network that the Bitcoin network relies on, the Bitcoin network traffic is obtained at the physical convergence point of the local Bitcoin network. By analyzing the collected network traffic data, we realize the traceability of the input address of Bitcoin transactions and test the scheme in the distributed Bitcoin network environment. The experimental results show that this traceability mechanism is suitable for nodes connected to the Bitcoin network (except for VPN, Tor, etc.), and can obtain 47.5% recall rate and 70.4% precision rate, which are promising in practice.

Computer Science

Lei Wu,Yufeng Hu,Yajin Zhou,Haoyu Wang,Xiaopu Luo,Zhi Wang,Fan Zhang,Kui Ren

DOI: https://doi.org/10.1145/3442381.3449880

2021-01-01

Abstract:ABSTRACT One reason for the popularity of Bitcoin is due to its anonymity. Although several heuristics have been used to break the anonymity, new approaches are proposed to enhance its anonymity at the same time. One of them is the mixing service. Unfortunately, mixing services have been abused to facilitate criminal activities, e.g., money laundering. As such, there is an urgent need to systematically understand Bitcoin mixing services. In this paper, we take the first step to understand state-of-the-art Bitcoin mixing services. Specifically, we propose a generic abstraction model for mixing services and observe that there are two mixing mechanisms in the wild, i.e. swapping and obfuscating. Based on this model, we conduct a transaction-based analysis and successfully reveal the mixing mechanisms of four representative services. Besides, we propose a method to identify mixing transactions that leverage the obfuscating mechanism. The proposed approach is able to identify over 92% of the mixing transactions. Based on identified transactions, we then estimate the profit of mixing services and provide a case study of tracing the money flow of stolen Bitcoins.

Na Ruan,Hanyi Sun,Zenan Lou,Jie Li

DOI: https://doi.org/10.1109/tnet.2022.3201493

2023-01-01

IEEE/ACM Transactions on Networking

Abstract:Decentralized cryptocurrency systems have become primary targets for attackers due to substantial profit gain and economic rewards. A number of attack models have been proposed during last few years. However, the evaluation and comparison of those attack models remain problematic due to the lack of systematic framework to analyze them. In this work, we propose a general quantitative analysis framework for attack models in the network and consensus layer of blockchain. We identify the problem statement and evolution process. And we show how to apply our general framework in previous attacks such as selfish mining and bribery attack. We also explained that the framework is suitable for other attacks in blockchain. For further exploration, we simulate the success rate and benefits of different attacks through experiments. We provide several defensive strategies, and study how these strategies against previous attack models.

Geng Hong,Zhemin Yang,Sen Yang,Lei Zhang,Yuhong Nan,Zhibo Zhang,Min Yang,Yuan Zhang,Zhiyun Qian,Hai-Xin Duan

DOI: https://doi.org/10.1145/3243734.3243840

2018-01-01

Abstract:As a new mechanism to monetize web content, cryptocurrency mining is becoming increasingly popular. The idea is simple: a webpage delivers extra workload (JavaScript) that consumes computational resources on the client machine to solve cryptographic puzzles, typically without notifying users or having explicit user consent. This new mechanism, often heavily abused and thus considered a threat termed "cryptojacking", is estimated to affect over 10 million web users every month; however, only a few anecdotal reports exist so far and little is known about its severeness, infrastructure, and technical characteristics behind the scene. This is likely due to the lack of effective approaches to detect cryptojacking at a large-scale (e.g., VirusTotal). In this paper, we take a first step towards an in-depth study over cryptojacking. By leveraging a set of inherent characteristics of cryptojacking scripts, we build CMTracker, a behavior-based detector with two runtime profilers for automatically tracking Cryptocurrency Mining scripts and their related domains. Surprisingly, our approach successfully discovered 2,770 unique cryptojacking samples from 853,936 popular web pages, including 868 among top 100K in Alexa list. Leveraging these samples, we gain a more comprehensive picture of the cryptojacking attacks, including their impact, distribution mechanisms, obfuscation, and attempts to evade detection. For instance, a diverse set of organizations benefit from cryptojacking based on the unique wallet ids. In addition, to stay under the radar, they frequently update their attack domains (fastflux) on the order of days. Many attackers also apply evasion techniques, including limiting the CPU usage, obfuscating the code, etc.

Muneer Alwazzeh,Sameer Karaman,Mohammad Nur Shamma

DOI: https://doi.org/10.13052/jcsm2245-1439.933

2020-07-01

Journal of Cyber Security and Mobility

Abstract:Network security and related issues have been discussed thoroughly in this paper, especially at transport layer security network protocol, which concern with confidentiality, integrity, availability, authentication, and accountability. To mitigate and defeat Man-in-the-middle-attacks, we have proposed a new model which consists of sender and receiver systems and utilizes a combination of blowfish (BF) and Advanced Encryption Standard (AES) algorithms, symmetric key agreement to distribute public keys, Elliptic Curve Cryptography (ECC) to create secret key, and then Diffe Hellman (DH) for key exchange. Both SHA-256 hashing and Elliptic Curve Digital Signature Algorithm (ECDSA) have been applied for integrity, and authentication, respectively.