Abstract
Bitcoin and similar blockchain-based currencies are significant to consumers and industry because of their applications in electronic commerce and other trust-based distributed systems. Therefore, it is of paramount importance to the consumers and industry to maintain reliable access to their Bitcoin assets. In this paper, we investigate the resilience of Bitcoin to blocking by the powerful network entities such as ISPs and governments. By characterizing Bitcoin’s communication patterns, we design classifiers that can distinguish (and therefore block) Bitcoin traffic even if it is tunneled through an encrypted channel like Tor and even if Bitcoin traffic is being mixed with background traffic, e.g., due to browsing websites. We perform extensive experiments to demonstrate the reliability of our classifiers in identifying Bitcoin traffic even despite using obfuscation protocols like Tor Pluggable Ttransports. We conclude that standard obfuscation mechanisms are not enough to ensure blocking-resilient access to Bitcoin (and similar cryptocurrencies), therefore cryptocurrency operators should deploy tailored traffic obfuscation mechanisms.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Abadi, M., et al.: TensorFlow: large-scale machine learning on heterogeneous systems (2015). http://www.tensorflow.org
Androulaki, E., Karame, G.O., Roeschlin, M., Scherer, T., Capkun, S.: Evaluating user privacy in bitcoin. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 34–51. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39884-1_4
Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, L.: Secure multiparty computations on bitcoin. In: S & P (2014)
Apostolaki, M., Zohar, A., Vanbever, L.: Hijacking bitcoin: routing attacks on cryptocurrencies. In: 2017 IEEE Symposium on Security and Privacy
Bar-Yanai, R., Langberg, M., Peleg, D., Roditty, L.: Realtime classification for encrypted traffic. In: Festa, P. (ed.) SEA 2010. LNCS, vol. 6049, pp. 373–385. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13193-6_32
Biryukov, A., Khovratovich, D., Pustogarov, I.: Deanonymisation of clients in bitcoin P2P network. In: CCS (2014)
Cai, X., Zhang, X., Joshi, B., Johnson, R.: Touching from a distance: website fingerprinting attacks and defenses. In: CCS (2012)
Cao, J., Fang, Z., Qu, G., Sun, H., Zhang, D.: An accurate traffic classification model based on support vector machines. Int. J. Network Manage. 12, 301 (2017)
Choi, T., et al.: Content-aware internet application traffic measurement and analysis. In: Managing Next Generation Convergence Networks and Services, IEEE/IFIP Network Operations and Management Symposium, NOMS (2004)
Chollet, F.: keras. https://github.com/fchollet/keras (2015)
Crotti, M., Dusi, M., Gringoli, F., Salgarelli, L.: Traffic classification through simple statistical fingerprinting. Comput. Commun. Rev. 37(1), 5–16 (2007)
Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: USENIX Security (2004)
Durrett, R.: Probability: Theory and Examples. Cambridge University Press, Cambridge (2010)
Dyer, K., Coull, S., Ristenpart, T., Shrimpton, T.: Protocol misidentification made easy with format-transforming encryption. In: CCS (2013)
Erman, J., Mahanti, A., Arlitt, M.F., Cohen, I., Williamson, C.L.: Offline/realtime traffic classification using semi-supervised learning. Perform. Eval. 64, 1194–1213 (2007)
Erman, J., Mahanti, A., Arlitt, M.F., Williamson, C.L.: Identifying and discriminating between web and peer-to-peer traffic in the network core. In: WWW (2007)
Eyal, I., Sirer, E.G.: Majority is not enough: bitcoin mining is vulnerable. ACM Commun. 61, 95–102 (2018)
Fifield, D., Lan, C., Hynes, R., Wegmann, P., Paxson, V.: Blocking-resistant communication through domain fronting. In: PETS (2015)
Goodfellow, I., Bengio, Y., Courville, A.: Deep Learning. MIT Press, Cambridge (2016)
Haffner, P., Sen, S., Spatscheck, O., Wang, D.: ACAS: automated construction of application signatures. In: MineNet (2005)
Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on bitcoin’s peer-to-peer network. In: USENIX (2015)
Jona Harris, A.Z.: Flood & loot: a systemic attack on the lightning network (2020)
Karagiannis, T., Broido, A., Brownlee, N., Claffy, KC., Faloutsos, M.: Is P2P dying or just hiding? [P2P traffic measurement]. In: GLOBECOM (2004)
Karagiannis, T., Broido, A., Faloutsos, M., Claffy, K.C.: Transport layer identification of P2P traffic. In: IMC (2004)
Karagiannis, T., Papagiannaki, K., Faloutsos, M.: BLINC: multilevel traffic classification in the dark. In: Proceedings of the 2005 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (2005)
Karame, G., Androulaki, E., Capkun, S.: Double-spending fast payments in bitcoin. In: CCS (2012)
Kim, H., Claffy, K.C., Fomenkov, M., Barman, D., Faloutsos, M., Lee, K.: Internet traffic classification demystified: myths, caveats, and the best practices. In: CoNEXT (2008)
Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. CoRR (2014)
Kwon, Y., Kim, D., Son, Y., Vasserman, E.Y., Kim, Y.: Be selfish and avoid dilemmas: Fork after withholding (FAW) attacks on bitcoin. CoRR (2017)
Madhukar, A., Williamson, C.L.: A longitudinal study of P2P traffic classification. In: MASCOTS (2006)
Meek Pluggable Transport. https://trac.torproject.org/projects/tor/wiki/doc/meek
Miller, A., Juels, A., Shi, E., Parno, B., Katz, J.: Permacoin: repurposing bitcoin work for data preservation. In: S&P (2014)
Mirkin, M., Ji, Y., Pang, J., Klages-Mundt, A., Eyal, I., Jules, A.: BDoS: blockchain denial of service. arXiv preprint arXiv:1912.07497 (2019)
Moore, A.W., Papagiannaki, K.: Toward the accurate identification of network applications. In: PAM (2005)
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)
Nasr, M., Bahramali, A., Houmansadr, A.: Deepcorr: strong flow correlation attacks on tor using deep learning. In: CCS (2018)
Negy, K.A., Rizun, P.R., Sirer, E.G.: Selfish mining re-examined. In: Bonneau, J., Heninger, N. (eds.) FC 2020. LNCS, vol. 12059, pp. 61–78. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-51280-4_5
Nguyen, T.T., Armitage, G.: A survey of techniques for internet traffic classification using machine learning. IEEE Commun. Surv. Tutorials 10(4), 56–76 (2008)
A Simple Obfuscating Proxy. https://www.torproject.org/projects/obfsproxy.html.en
Tor: Pluggable Transports. https://www.torproject.org/docs/pluggable-transports.html.en
Reid, F., Harrigan, M.: An analysis of anonymity in the bitcoin system. In: SocialCom/PASSAT (2011)
Sen, S., Spatscheck, O., Wang, D.: Accurate, scalable in-network identification of p2p traffic using application signatures. In: WWW (2004)
Tsabary, I., Yechieli, M., Eyal, I.: MAD-HTLC: because HTLC is crazy-cheap to attack. arXiv preprint arXiv:2006.12031 (2020)
Winter, P., Pulls, T., Fuss, J.: Scramblesuit: a polymorphic network protocol to circumvent censorship. In: Proceedings of the 12th ACM Workshop on Privacy in the Electronic Society. ACM (2013)
Winzer, F., Herd, B., Faust, S.: Temporary censorship attacks in the presence of rational miners. IACR Cryptol. ePrint Arch. (2019)
Wright, C., Ballard, L., Monrose, F., Masson, G.: Language identification of encrypted VoIP traffic: Alejandra y Roberto or Alice and Bob? In: USENIX Security (2007)
Yawning. Obfsproxy4 (2015). https://github.com/Yawning/obfs4/blob/ master/doc/obfs4-spec.txt
Yuan, R., Li, Z., Guan, X., Xu, L.: An svm-based machine learning method for accurate internet traffic classification. Information Systems Frontiers (2010)
Acknowledgement
The work was supported by the NSF CAREER grant CNS-1553301 and BSF.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Rezaei, F., Naseri, S., Eyal, I., Houmansadr, A. (2020). The Bitcoin Hunter: Detecting Bitcoin Traffic over Encrypted Channels. In: Park, N., Sun, K., Foresti, S., Butler, K., Saxena, N. (eds) Security and Privacy in Communication Networks. SecureComm 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 335. Springer, Cham. https://doi.org/10.1007/978-3-030-63086-7_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-63086-7_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-63085-0
Online ISBN: 978-3-030-63086-7
eBook Packages: Computer ScienceComputer Science (R0)