Analysis of Man-In-The-Middle of Attack on Bitcoin Address

In cryptocurrency systems such as Bitcoin, user use string-hashes from public keys, that look like random strings, to receive payments. Unfortunately, there is no authority to verify user identity. Normally a user cannot prove the address binds with her real identity. Technically, a victim could get a tampered address and pay coins to this tampered address. In this paper, we report on the large-scale of Bitcoin addresses, including secured and unsecured merchants websites, exchange platforms, online chat forums, social channels and blogs. We illustrate our data through a range of graphs based on transaction distribution. Our analysis consists of crawling many web pages related to cryptocurrency transactions. We scrap the web pages by persing 10,0045 bitcoin addresses related to merchants or individuals that receive bitcoin in their websites directly. We determine how many addresses are subject to Man-in-the-middle of attack in our analysis. We review some countermeasures from best practices of Bitcoin transactions.

[1]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[2]  Christof Paar,et al.  DROWN: Breaking TLS Using SSLv2 , 2016, USENIX Security Symposium.

[3]  Ghassan O. Karame,et al.  Ripple: Overview and Outlook , 2015, TRUST.

[4]  Benjamin Fabian,et al.  Analyzing the Bitcoin Network: The First Four Years , 2016, Future Internet.

[5]  Adi Shamir,et al.  Quantitative Analysis of the Full Bitcoin Transaction Graph , 2013, Financial Cryptography.

[6]  Michael S. Kester,et al.  Bitcoin Transaction Graph Analysis , 2015, ArXiv.

[7]  Meng Gao,et al.  Analysis and Research on HTTPS Hijacking Attacks , 2010, 2010 Second International Conference on Networks Security, Wireless Communications and Trusted Computing.

[8]  Kevin Lee,et al.  An Empirical Analysis of Linkability in the Monero Blockchain , 2017, ArXiv.

[9]  Anthony Cocciolo The rise and fall of text on the Web: a quantitative study of Web archives , 2015, Inf. Res..

[10]  Franco Callegati,et al.  Man-in-the-Middle Attack to the HTTPS Protocol , 2009, IEEE Security & Privacy Magazine.

[11]  Tyler Moore,et al.  Beware the Middleman: Empirical Analysis of Bitcoin-Exchange Risk , 2013, Financial Cryptography.

[12]  Laura Ricci,et al.  Data-driven analysis of Bitcoin properties: exploiting the users graph , 2018, International Journal of Data Science and Analytics.

[13]  Nicolas Christin,et al.  Measuring the Longitudinal Evolution of the Online Anonymous Marketplace Ecosystem , 2015, USENIX Security Symposium.

[14]  A Traceability Analysis of Monero ’ s Blockchain April 17 , 2017 , 2017 .

[15]  Massimo Bartoletti,et al.  An Analysis of Bitcoin OP_RETURN Metadata , 2017, Financial Cryptography Workshops.

[16]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[17]  Alex Biryukov,et al.  Bitcoin over Tor isn't a Good Idea , 2014, 2015 IEEE Symposium on Security and Privacy.

[18]  Patrick D. McDaniel,et al.  An Analysis of Anonymity in Bitcoin Using P2P Network Traffic , 2014, Financial Cryptography.

[19]  Giuseppe Ateniese,et al.  Certified Bitcoins , 2014, ACNS.

[20]  Mauro Conti,et al.  A Survey of Man In The Middle Attacks , 2016, IEEE Communications Surveys & Tutorials.

[21]  Ryan K. L. Ko,et al.  Taxonomy of Man-in-the-Middle Attacks on HTTPS , 2016, 2016 IEEE Trustcom/BigDataSE/ISPA.