BlackHat2014: Deanonymize Tor for $3000

[Odinn Cyberguerrilla]

This sort of conversation has been going on for at least a year.  I don't
feel as though it's fresh or new.

Mid-June of 2014 I responded to this same sort of thing when it was
mentioned with respect to possible effects on Darkwallet on another list
that I'm on.

This is more or less the substance of my response, I've copied it here:

> http://www.coindesk.com/eavesdropping-attack-can-unmask-60-bitcoin-clients/
>
> Is this something DW can protect against?
> _______________________________________________
> unSYSTEM mailing list: http://unsystem.net
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/unsystem
>
>

Technically, what the attack really will do is unmask certain IPs and
ISPs, bitcoin isn't anonymous, hence, darkwallet, bytecoin, zerocash, etc.
 The question becomes is darkwallet and / or anyone using stealth a-la
http://sx.dyne.org/stealth.html identifiable (or at least is either their
client identifiable even if other information may not be) through said
attacks as described at:

http://arxiv.org/pdf/1405.7418v2.pdf

In this article, partially what is described is the following:

"the attack requires establishing 1008 connections and sending a few
MBytes in data.  This can be repeated for all Bitcoin servers, thus
prohibiting all Tor connections for 24 hours at the cost of a million
connections and less than 1 GByte of trac."

The reference to "servers" is presumably indicating servers which are
running Tor and through which something of the Bitcoin network is also
transiting through or about.  It seems as though if someone wanted to they
could target personal computers or servers, although the likelihood of
finding much useful information is unlikely, unless someone already knows
something about who they are going after and is interested in additional,
related information.  This was covered in a previous study, here:

http://fc14.ifca.ai/papers/fc14_submission_11.pdf
See originally posted content which appeared _before_ fincrypto14 at:
http://miki.it/pdf/thesis.pdf
and
http://www.dis.uniroma1.it/~baldoni/ssd2013/lezioneseminari_diluna.pdf
and
http://indigo.uic.edu/bitstream/handle/10027/10144/Spagnuolo_Michele.pdf?sequence=1

"The goal of the Clusterizer
is to nd groups of addresses that belong to
the same user. It incrementally reads the blockchain DB and
generates-updates clusters of addresses using two heuristics, detailed in
3.2. The first heuristic exploits transactions with multiple inputs, while
the second leverages the concept
of \change" in transactions"
(from the BitIodine paper)
And so on and so forth.  Standard clustering and correlation methods infer
usernames associated with addresses.  Etc.

(My suggestion upon thinking about this further was to suggest that
Darkwallet development collaborate closely with Tor developers and the
Zerocash developers on this issue to find logical solutions.  It seemed to
be an issue but not one that is insurmountable.  Further, it seemed to me
that what would be key to the attack referenced in the coindesk article is
the following:)

"Whenever a peer receives a malformed
message, it increases the penalty score of the IP address
from which the message came (if a client uses Tor, than the
message will obviously come from on of the Tor exit nodes).
When this score exceeds 100, the sender's IP is banned for 24
hours."

Knowing this and other things about the attack, solutions can be crafted
to make such attacks more difficult, not just adding "random delays after
transactions" as the paper's authors suggested, assuming DW collaboration
with Tor developers and perhaps use of zero knowledge proofs.  See also
the following:

https://bitcointalk.org/index.php?topic=309073.msg7303979#msg7303979  (has
something about libsnark and zero knowledge proofs)

https://docs.google.com/file/d/0B7r4osQgWVqKTHdxTlowUVpsVmJRcjF3Y3dtcTVscFhEaW5F/view?sle=true
 (TorPath to TorCoin)

https://github.com/bitcoin/bitcoin/issues/4079 (my issue in bitcoin/bitcoin)


> Dnia sobota, 5 lipca 2014 01:54:26 Juan pisze:
>> "BlackHat2014: Deanonymize Tor for $3000"
>>
>> Oh, come on. That is 'FUD"! A conspiracy theory!! Those guys didn't
>> create tor,  so they shouldn't be hacking it!!! FUCK THEM.
>>
>> Tor is a project of the US government, the most righteous and clever
>> organization on the planet, and the invincible defenders of free speech.
>>
>> Their anonymity network is simply unassailable. $3000? Please.
>>
>> Look, their own site says
>>
>> "Protect your privacy. Defend yourself against network surveillance and
>> traffic analysis."[1]
>>
>>
>> See? Using tor you can defend yourself against TRAFFIC ANALYSIS! There
>> you have it. How on earth can tor be vulnerable to trivial traffic
>> analysis when their site says just the opposite?
>>
>> HA! I bet you are so crazy as to think that the tor guys are stupid
>> liars! You freedom hating commies!
>>
>>
>> and so on and so forth...
>
> See, the thing is: the fact that somebody submitted such a talk doesn't
> mean
> it holds any water yet. I will gladly have a look at the documents and the
> talk to see, what the problem is. Once we know that, we'll see if the Tor
> guys
> can fix it, or not.
>
> There have been several "deanonimize Tor" talks over the years. Some where
> pure bull, some held some water and caused changes to Tor. That's the
> normal
> lifecycle of any complicated project.
>
> But ah, why am I feeding the trolls? :)
>
>> (yes! Now I feel like a real phd who wrote an email with a [] numbered
>> footnote)
>
> Good for you. :)
>
> --
> Pozdr
> rysiek