[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] "Bitcoin Over Tor Isn't a Good Idea" by Ivan Pustogarov



Ivan Pustogarov, a PhD student at CryptoLUX (
https://www.cryptolux.org/index.php/Ivan_Pustogarov), presented research at
the 36th IEEE Symposium on Security and Privacy in a talk he entitled,
"Bitcoin Over Tor Isn't a Good Idea."

I assume he means that it is not *currently* a good idea.

https://www.reddit.com/r/Bitcoin/comments/3kqcxq/ivan_pustogarov_bitcoin_over_tor_isnt_a_good_idea/

Reddit user /u/SwagPokerz commented with the following summary:


   -

   A Tor exit node will be banned by Bitcoin's automatic anti-DoS
   algorithms, which means regular users will find it difficult to access
   Bitcoin via Tor.
   -

   An attacker can exploit this fact by banning all good Tor exit nodes,
   and not banning all its own bad Tor exit nodes; thus, Bitcoin users who
   connect via Tor will almost always connect through an attacker's node. This
   allows an attacker to fake the state of the Bitcoin network, thereby
   allowing the attacker to perform all sorts of attacks, like
   delaying/dropping blocks and transacions, de-anonymization, finding the
   entry node, linking bitcoin addresses (all supposedly).
   -

   Bitcoin's ADDR/GETADDR protocol messages allow for fingerprinting users
   with a kind of cookie by sending users junk IP addresses and reading them
   back. Woops!

   This is backed by research on actual data; within 10 sessions, they were
   able to maintain 36% of a fingerprint, and thereby de-anonymize the user; a
   fingerprint survives restarts, lasts many hours (even more than a day).
   -

   An old attack is to fill up all the good nodes' connection slots, so
   that new nodes can connect only to an attacker's nodes. A novel attack is
   to broadcast the IP addresses of legiitimate Bitcoin nodes, but provide
   fake port numbers, so that any broadcast of those same IP addresses with
   the real port numbers is rejected because a Bitcoin client, stupidly, only
   considers the IP address, which it thinks it already knows.

   The point is that you can more easily force people to connect to
   attacker peers.
   -

   With hidden services, it's really easy to create a sybil attack.

I am interested in thoughts from the list on this research.

I suspect that resource exhaustion attacks directing users to malicious,
Tor-connecting Bitcoin nodes are something that we can detect with simple
monitoring tools.

-Kristov
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk