[tor-talk] "Bitcoin Over Tor Isn't a Good Idea" by Ivan Pustogarov
Kristov Atlas
kristovatlas.lists at gmail.com
Sun Sep 13 14:35:54 UTC 2015
Ivan Pustogarov, a PhD student at CryptoLUX (
https://www.cryptolux.org/index.php/Ivan_Pustogarov), presented research at
the 36th IEEE Symposium on Security and Privacy in a talk he entitled,
"Bitcoin Over Tor Isn't a Good Idea."
I assume he means that it is not *currently* a good idea.
https://www.reddit.com/r/Bitcoin/comments/3kqcxq/ivan_pustogarov_bitcoin_over_tor_isnt_a_good_idea/
Reddit user /u/SwagPokerz commented with the following summary:
-
A Tor exit node will be banned by Bitcoin's automatic anti-DoS
algorithms, which means regular users will find it difficult to access
Bitcoin via Tor.
-
An attacker can exploit this fact by banning all good Tor exit nodes,
and not banning all its own bad Tor exit nodes; thus, Bitcoin users who
connect via Tor will almost always connect through an attacker's node. This
allows an attacker to fake the state of the Bitcoin network, thereby
allowing the attacker to perform all sorts of attacks, like
delaying/dropping blocks and transacions, de-anonymization, finding the
entry node, linking bitcoin addresses (all supposedly).
-
Bitcoin's ADDR/GETADDR protocol messages allow for fingerprinting users
with a kind of cookie by sending users junk IP addresses and reading them
back. Woops!
This is backed by research on actual data; within 10 sessions, they were
able to maintain 36% of a fingerprint, and thereby de-anonymize the user; a
fingerprint survives restarts, lasts many hours (even more than a day).
-
An old attack is to fill up all the good nodes' connection slots, so
that new nodes can connect only to an attacker's nodes. A novel attack is
to broadcast the IP addresses of legiitimate Bitcoin nodes, but provide
fake port numbers, so that any broadcast of those same IP addresses with
the real port numbers is rejected because a Bitcoin client, stupidly, only
considers the IP address, which it thinks it already knows.
The point is that you can more easily force people to connect to
attacker peers.
-
With hidden services, it's really easy to create a sybil attack.
I am interested in thoughts from the list on this research.
I suspect that resource exhaustion attacks directing users to malicious,
Tor-connecting Bitcoin nodes are something that we can detect with simple
monitoring tools.
-Kristov
More information about the tor-talk
mailing list