CrySP Speaker Series on Privacy

This speaker series is made possible by an anonymous charitable donation in memory of cypherpunks and privacy advocates Len Sassaman, Hugh Daniel, Hal Finney, and Caspar Bowden.

View the list of past and upcoming speakers


When A Small Leak Sinks A Great Ship: Deanonymizing Tor Hidden Service Users Through Bitcoin Transactions Analysis

Aiman Erbad, Qatar University

[Download (MP4)] [View on Youtube]

August 9, 2018 3:00pm, in DC 1304

Abstract

With the rapid increase of threats on the Internet, people are continuously seeking privacy and anonymity. Services such as Bitcoin and Tor were introduced to provide anonymity for online transactions and Web browsing. Due to its pseudonymity model, Bitcoin lacks retroactive operational security, which means historical pieces of information could be used to identify a certain user. We investigate the feasibility of deanonymizing users of Tor hidden services who rely on Bitcoin as a payment method by exploiting public information leaked from online social networks, the Blockchain, and onion websites. This allows an adversary to link a user with @alice Twitter address to a Tor hidden service with a private.onion address by finding at least one past transaction in the Blockchain that involves their publicly declared Bitcoin addresses.

To demonstrate the feasibility of this deanonymization method, we carried out a real-world experiment simulating a passive, limited adversary. We crawled 1.5K hidden services and collected 88 unique Bitcoin addresses. We then crawled 5B tweets and 1M BitcoinTalk forum pages and collected 4.2K and 41K Bitcoin addresses, respectively. Each user address was associated with an online identity along with its public profile information. By analyzing the transactions in the Blockchain, we were able to link 125 unique users to 20 hidden services, including sensitive ones, such as The Pirate Bay and Silk Road. We also analyzed two case studies in detail to demonstrate the implications of the information leakage on users anonymity. In particular, we confirm that Bitcoin addresses should be considered exploitable, as they can be used to deanonymize users retroactively. This is especially important for Tor hidden service users who actively seek and expect privacy and anonymity.

Bio

Aiman Erbad is an Assistant Professor at Computer Science and Engineering department at Qatar University, Qatar. Dr Erbad serves as the Director of Research Planning and Development in Qatar University. He received his PhD from British Columbia University, Canada. He regularly serves as a technical program committee member in international conferences related to multimedia systems and networking (ACM Multimedia, ACM Multimedia Systems, NOSSDAV). He is a graduate from the Qatar Leadership Center which is a program established to train leaders with high potential in different sectors of the Qatari government. He received the Platinum award from H.H. The Emir of Qatar Sheikh Tamim bin Hamad Al Thani at the Education Excellence Day (PhD Category) in 2013. Dr. Erbad regularly consults local government agencies and research labs in issues related to networking, cloud computing, and the effects of technology on society.