Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security and Privacy in Communication Systems

SecureComm 2020: Security and Privacy in Communication Networks pp 152–171Cite as

The Bitcoin Hunter: Detecting Bitcoin Traffic over Encrypted Channels

  • Conference paper
  • First Online:

Abstract

Bitcoin and similar blockchain-based currencies are significant to consumers and industry because of their applications in electronic commerce and other trust-based distributed systems. Therefore, it is of paramount importance to the consumers and industry to maintain reliable access to their Bitcoin assets. In this paper, we investigate the resilience of Bitcoin to blocking by the powerful network entities such as ISPs and governments. By characterizing Bitcoin’s communication patterns, we design classifiers that can distinguish (and therefore block) Bitcoin traffic even if it is tunneled through an encrypted channel like Tor and even if Bitcoin traffic is being mixed with background traffic, e.g., due to browsing websites. We perform extensive experiments to demonstrate the reliability of our classifiers in identifying Bitcoin traffic even despite using obfuscation protocols like Tor Pluggable Ttransports. We conclude that standard obfuscation mechanisms are not enough to ensure blocking-resilient access to Bitcoin (and similar cryptocurrencies), therefore cryptocurrency operators should deploy tailored traffic obfuscation mechanisms.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    https://bitcoin.org/en/bitcoin-core/.

  2. 2.

    http://www.seleniumhq.org.

  3. 3.

    https://www.caida.org/data/monitors/passive-equinix-nyc.xml.

References

  1. Abadi, M., et al.: TensorFlow: large-scale machine learning on heterogeneous systems (2015). http://www.tensorflow.org

  2. Androulaki, E., Karame, G.O., Roeschlin, M., Scherer, T., Capkun, S.: Evaluating user privacy in bitcoin. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 34–51. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39884-1_4

    Chapter  Google Scholar 

  3. Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, L.: Secure multiparty computations on bitcoin. In: S & P (2014)

    Google Scholar 

  4. Apostolaki, M., Zohar, A., Vanbever, L.: Hijacking bitcoin: routing attacks on cryptocurrencies. In: 2017 IEEE Symposium on Security and Privacy

    Google Scholar 

  5. Bar-Yanai, R., Langberg, M., Peleg, D., Roditty, L.: Realtime classification for encrypted traffic. In: Festa, P. (ed.) SEA 2010. LNCS, vol. 6049, pp. 373–385. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13193-6_32

    Chapter  Google Scholar 

  6. Biryukov, A., Khovratovich, D., Pustogarov, I.: Deanonymisation of clients in bitcoin P2P network. In: CCS (2014)

    Google Scholar 

  7. Cai, X., Zhang, X., Joshi, B., Johnson, R.: Touching from a distance: website fingerprinting attacks and defenses. In: CCS (2012)

    Google Scholar 

  8. Cao, J., Fang, Z., Qu, G., Sun, H., Zhang, D.: An accurate traffic classification model based on support vector machines. Int. J. Network Manage. 12, 301 (2017)

    Google Scholar 

  9. Choi, T., et al.: Content-aware internet application traffic measurement and analysis. In: Managing Next Generation Convergence Networks and Services, IEEE/IFIP Network Operations and Management Symposium, NOMS (2004)

    Google Scholar 

  10. Chollet, F.: keras. https://github.com/fchollet/keras (2015)

  11. Crotti, M., Dusi, M., Gringoli, F., Salgarelli, L.: Traffic classification through simple statistical fingerprinting. Comput. Commun. Rev. 37(1), 5–16 (2007)

    Google Scholar 

  12. Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: USENIX Security (2004)

    Google Scholar 

  13. Durrett, R.: Probability: Theory and Examples. Cambridge University Press, Cambridge (2010)

    Google Scholar 

  14. Dyer, K., Coull, S., Ristenpart, T., Shrimpton, T.: Protocol misidentification made easy with format-transforming encryption. In: CCS (2013)

    Google Scholar 

  15. Erman, J., Mahanti, A., Arlitt, M.F., Cohen, I., Williamson, C.L.: Offline/realtime traffic classification using semi-supervised learning. Perform. Eval. 64, 1194–1213 (2007)

    Article  Google Scholar 

  16. Erman, J., Mahanti, A., Arlitt, M.F., Williamson, C.L.: Identifying and discriminating between web and peer-to-peer traffic in the network core. In: WWW (2007)

    Google Scholar 

  17. Eyal, I., Sirer, E.G.: Majority is not enough: bitcoin mining is vulnerable. ACM Commun. 61, 95–102 (2018)

    Article  Google Scholar 

  18. Fifield, D., Lan, C., Hynes, R., Wegmann, P., Paxson, V.: Blocking-resistant communication through domain fronting. In: PETS (2015)

    Google Scholar 

  19. Goodfellow, I., Bengio, Y., Courville, A.: Deep Learning. MIT Press, Cambridge (2016)

    Google Scholar 

  20. Haffner, P., Sen, S., Spatscheck, O., Wang, D.: ACAS: automated construction of application signatures. In: MineNet (2005)

    Google Scholar 

  21. Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on bitcoin’s peer-to-peer network. In: USENIX (2015)

    Google Scholar 

  22. Jona Harris, A.Z.: Flood & loot: a systemic attack on the lightning network (2020)

    Google Scholar 

  23. Karagiannis, T., Broido, A., Brownlee, N., Claffy, KC., Faloutsos, M.: Is P2P dying or just hiding? [P2P traffic measurement]. In: GLOBECOM (2004)

    Google Scholar 

  24. Karagiannis, T., Broido, A., Faloutsos, M., Claffy, K.C.: Transport layer identification of P2P traffic. In: IMC (2004)

    Google Scholar 

  25. Karagiannis, T., Papagiannaki, K., Faloutsos, M.: BLINC: multilevel traffic classification in the dark. In: Proceedings of the 2005 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (2005)

    Google Scholar 

  26. Karame, G., Androulaki, E., Capkun, S.: Double-spending fast payments in bitcoin. In: CCS (2012)

    Google Scholar 

  27. Kim, H., Claffy, K.C., Fomenkov, M., Barman, D., Faloutsos, M., Lee, K.: Internet traffic classification demystified: myths, caveats, and the best practices. In: CoNEXT (2008)

    Google Scholar 

  28. Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. CoRR (2014)

    Google Scholar 

  29. Kwon, Y., Kim, D., Son, Y., Vasserman, E.Y., Kim, Y.: Be selfish and avoid dilemmas: Fork after withholding (FAW) attacks on bitcoin. CoRR (2017)

    Google Scholar 

  30. Madhukar, A., Williamson, C.L.: A longitudinal study of P2P traffic classification. In: MASCOTS (2006)

    Google Scholar 

  31. Meek Pluggable Transport. https://trac.torproject.org/projects/tor/wiki/doc/meek

  32. Miller, A., Juels, A., Shi, E., Parno, B., Katz, J.: Permacoin: repurposing bitcoin work for data preservation. In: S&P (2014)

    Google Scholar 

  33. Mirkin, M., Ji, Y., Pang, J., Klages-Mundt, A., Eyal, I., Jules, A.: BDoS: blockchain denial of service. arXiv preprint arXiv:1912.07497 (2019)

  34. Moore, A.W., Papagiannaki, K.: Toward the accurate identification of network applications. In: PAM (2005)

    Google Scholar 

  35. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)

    Google Scholar 

  36. Nasr, M., Bahramali, A., Houmansadr, A.: Deepcorr: strong flow correlation attacks on tor using deep learning. In: CCS (2018)

    Google Scholar 

  37. Negy, K.A., Rizun, P.R., Sirer, E.G.: Selfish mining re-examined. In: Bonneau, J., Heninger, N. (eds.) FC 2020. LNCS, vol. 12059, pp. 61–78. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-51280-4_5

    Chapter  Google Scholar 

  38. Nguyen, T.T., Armitage, G.: A survey of techniques for internet traffic classification using machine learning. IEEE Commun. Surv. Tutorials 10(4), 56–76 (2008)

    Article  Google Scholar 

  39. A Simple Obfuscating Proxy. https://www.torproject.org/projects/obfsproxy.html.en

  40. Tor: Pluggable Transports. https://www.torproject.org/docs/pluggable-transports.html.en

  41. Reid, F., Harrigan, M.: An analysis of anonymity in the bitcoin system. In: SocialCom/PASSAT (2011)

    Google Scholar 

  42. Sen, S., Spatscheck, O., Wang, D.: Accurate, scalable in-network identification of p2p traffic using application signatures. In: WWW (2004)

    Google Scholar 

  43. Tsabary, I., Yechieli, M., Eyal, I.: MAD-HTLC: because HTLC is crazy-cheap to attack. arXiv preprint arXiv:2006.12031 (2020)

  44. Winter, P., Pulls, T., Fuss, J.: Scramblesuit: a polymorphic network protocol to circumvent censorship. In: Proceedings of the 12th ACM Workshop on Privacy in the Electronic Society. ACM (2013)

    Google Scholar 

  45. Winzer, F., Herd, B., Faust, S.: Temporary censorship attacks in the presence of rational miners. IACR Cryptol. ePrint Arch. (2019)

    Google Scholar 

  46. Wright, C., Ballard, L., Monrose, F., Masson, G.: Language identification of encrypted VoIP traffic: Alejandra y Roberto or Alice and Bob? In: USENIX Security (2007)

    Google Scholar 

  47. Yawning. Obfsproxy4 (2015). https://github.com/Yawning/obfs4/blob/ master/doc/obfs4-spec.txt

  48. Yuan, R., Li, Z., Guan, X., Xu, L.: An svm-based machine learning method for accurate internet traffic classification. Information Systems Frontiers (2010)

    Google Scholar 

Download references

Acknowledgement

The work was supported by the NSF CAREER grant CNS-1553301 and BSF.

Author information

Authors and Affiliations

  1. University of Massachusetts Amherst, Amherst, USA

    Fatemeh Rezaei, Shahrzad Naseri & Amir Houmansadr

  2. Technion, Haifa, Israel

    Ittay Eyal

Authors
  1. Fatemeh Rezaei
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shahrzad Naseri
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ittay Eyal
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Amir Houmansadr
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fatemeh Rezaei .

Editor information

Editors and Affiliations

  1. Yonsei University, Seoul, Korea (Republic of)

    Noseong Park

  2. George Mason University, Fairfax, VA, USA

    Kun Sun

  3. Dipartimento di Informatica, Universita degli Studi, Milan, Milano, Italy

    Sara Foresti

  4. University of Florida, Gainesville, FL, USA

    Kevin Butler

  5. Division of Nephrology, University of Alabama, Birmingham, AL, USA

    Nitesh Saxena

Rights and permissions

Reprints and permissions

Copyright information

© 2020 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Rezaei, F., Naseri, S., Eyal, I., Houmansadr, A. (2020). The Bitcoin Hunter: Detecting Bitcoin Traffic over Encrypted Channels. In: Park, N., Sun, K., Foresti, S., Butler, K., Saxena, N. (eds) Security and Privacy in Communication Networks. SecureComm 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 335. Springer, Cham. https://doi.org/10.1007/978-3-030-63086-7_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-63086-7_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-63085-0

  • Online ISBN: 978-3-030-63086-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation