论文信息 - A First Look at Browser-Based Cryptojacking

A First Look at Browser-Based Cryptojacking

In this paper, we examine the recent trend to- wards in-browser mining of cryptocurrencies; in particular, the mining of Monero through Coinhive and similar code- bases. In this model, a user visiting a website will download a JavaScript code that executes client-side in her browser, mines a cryptocurrency—typically without her consent or knowledge—and pays out the seigniorage to the website. Websites may consciously employ this as an alternative or to supplement advertisement revenue, may offer premium content in exchange for mining, or may be unwittingly serving the code as a result of a breach (in which case the seigniorage is collected by the attacker). The cryptocurrency Monero is preferred seemingly for its unfriendliness to large-scale ASIC mining that would drive browser-based efforts out of the market, as well as for its purported privacy features. In this paper, we survey this landscape, conduct some measurements to establish its prevalence and profitability, outline an ethical framework for considering whether it should be classified as an attack or business opportunity, and make suggestions for the detection, mitigation and/or prevention of browser-based mining for non- consenting users.

[1] Kevin Lee,et al. An Empirical Analysis of Linkability in the Monero Blockchain , 2017, ArXiv.

[2] Meni Rosenfeld,et al. Analysis of Bitcoin Pooled Mining Reward Systems , 2011, ArXiv.

[3] Ethan Heilman,et al. An Empirical Analysis of Traceability in the Monero Blockchain , 2017, Proc. Priv. Enhancing Technol..

[4] Kirstie Hawkey,et al. On the challenges in usable security lab studies: lessons learned from replicating a study on SSL warnings , 2011, SOUPS.

[5] Stefan Savage,et al. Botcoin: Monetizing Stolen Cycles , 2014, NDSS.

[6] Arvind Narayanan,et al. Bitcoin and Cryptocurrency Technologies - A Comprehensive Introduction , 2016 .

[7] Dan Boneh,et al. Busting frame busting a study of clickjacking vulnerabilities on popular sites , 2010 .

[8] J. Moor. What Is Computer Ethics?* , 1985, The Ethics of Information Technologies.

[9] Adrienne Porter Felt,et al. Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors , 2017, CCS.

[10] Lorrie Faith Cranor,et al. Crying Wolf: An Empirical Study of SSL Warning Effectiveness , 2009, USENIX Security Symposium.

[11] Nikita Borisov,et al. Mining on Someone Else's Dime: Mitigating Covert Mining Operations in Clouds and Enterprises , 2017, RAID.

[12] J. Alex Halderman,et al. A Search Engine Backed by Internet-Wide Scanning , 2015, CCS.