Wednesday, October 29, 2014

Even Double Protection of "Bitcoin over Tor" Anonymity Can be Busted in Three Minutes for $2,500

In a paper titled, Bitcoin Over Tor Isn't A Good Idea, written by Ivan Pustogarov, a doctoral student at CryptoLUX, the University of Luxembourg's cryptology research group, and Alex Biryukov, an associate professor who leads the group, the authors write:
The problem here is with anonymity. When people are connecting through Tor, they are expecting to have a higher level of anonymity ... it does provide some level of anonymity, but it is not that hard to break this....A low-resource attacker can gain full control of information flows between all users who chose to use bitcoin over Tor. In particular the attacker can link together user's transactions regardless of pseudonyms used..
Coindesk has more:
 The sort of manipulation described by the authors is known as a 'man-in-the-middle' attack (MitM) and, if successful, could reveal a user's IP address, which can be used to locate the user, and allow an attacker to 'glue', or correlate, the transactions performed by that user from different bitcoin addresses...

As a result, a victim would also be at the attacker's mercy regarding information about his transactions, since they would be able to delay or discard a victim's transactions or blocks.

In an extreme scenario, a bad actor could even dupe a victim into thinking they had received bitcoin when in fact they had not (a so-called 'double-spending attack'), Pustogarov said...
[A] smart attacker could set up a number of bitcoin servers and Tor exit nodes before exploiting the DoS protection system to ban other Tor exit nodes from the bitcoin network.

When a victim uses Tor to connect to the bitcoin network, he will be left with only the attacker's bitcoin servers to connect to, since he has been banned by all other servers. The attacker is now in control of all the information relayed to the user.

Pustogarov and Biryukov estimate that the attack can be mounted for between $2,500 and $7,200 a month. This range would be required to guarantee sufficient bandwidth and/or multiple IP addresses for the attacks.

At the lower limit, an attacker could control a significant portion of Tor exit node bandwidth, allowing him to direct a victim to a malicious bitcoin server. With this amount of bandwidth, a victim would take under three minutes, on average, before connecting to a bitcoin server controlled by an attacker, Pustogarov said.


No comments:

Post a Comment