Mind your wallet's privacy: identifying Bitcoin wallet apps and user's actions through network traffic analysis

With the surge in popularity of cryptocurrencies, Bitcoin has emerged as one of the most promising means for remittance, payments, and trading. Supplemented by the convenience offered by the smartphones, an increasing number of users are adopting Bitcoin wallet apps for different purposes. In this paper, we focus on identifying user activities on smart-phone-based Bitcoin wallet apps that are commonly used for sending, receiving, and trading Bitcoin. To accomplish our goal, we performed network traffic analysis using machine learning techniques. Since we focus on apps of the same type/functionality, it makes our classification problem even more difficult compared to classifying apps tailored for discrete purposes. Moreover, our goal is to identify user activities even in the presence of encryption. In our experiments, we considered the worldwide most downloaded Bitcoin wallet apps on both Google Play Store and Apple's App Store. For collecting network traffic traces, we used only physical hardware and omitted any emulator to build our experiment scenario as close to the real environment as possible. We process the traffic traces in several phases before extracting the features that are utilized to train our supervised learning algorithms. We deal with the classification problem in multiple stages in a hierarchical fashion. We ran a thorough set of experiments to assess the performance of our system and attained nearly 95% accuracy in user activity identification.

[1]  Deborah Estrin,et al.  A first look at traffic on smartphones , 2010, IMC '10.

[2]  Kensuke Fukuda,et al.  Combining Communication Patterns & Traffic Patterns to Enhance Mobile Traffic Identification Performance , 2016, Journal of Information Processing.

[3]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[4]  Nino Vincenzo Verde,et al.  Analyzing Android Encrypted Network Traffic to Identify User Actions , 2016, IEEE Transactions on Information Forensics and Security.

[5]  Nello Cristianini,et al.  Kernel Methods for Pattern Analysis , 2004 .

[6]  Grenville J. Armitage,et al.  A survey of techniques for internet traffic classification using machine learning , 2008, IEEE Communications Surveys & Tutorials.

[7]  Brian Neil Levine,et al.  Inferring the source of encrypted HTTP connections , 2006, CCS '06.

[8]  Ivan Martinovic,et al.  Who do you sync you are?: smartphone fingerprinting via application behaviour , 2013, WiSec '13.

[9]  Andrew Hintz,et al.  Fingerprinting Websites Using Traffic Analysis , 2002, Privacy Enhancing Technologies.

[10]  Hannes Federrath,et al.  Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier , 2009, CCSW '09.

[11]  Mauro Conti,et al.  On the Economic Significance of Ransomware Campaigns: A Bitcoin Transactions Perspective , 2018, Comput. Secur..

[12]  Qi Zhang,et al.  Eavesdropping on Fine-Grained User Activities Within Smartphone Apps Over Encrypted Network Traffic , 2016, WOOT.

[13]  Jean-François Raymond,et al.  Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[14]  Tao Jin,et al.  Application-awareness in SDN , 2013, SIGCOMM.

[15]  Mauro Conti,et al.  Robust Smartphone App Identification via Encrypted Network Traffic Analysis , 2017, IEEE Transactions on Information Forensics and Security.

[16]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[17]  Thomas Engel,et al.  Website fingerprinting in onion routing based anonymization networks , 2011, WPES.

[18]  Mi-Jung Choi,et al.  Applicaion-level traffic analysis of smartphone users using embedded agents , 2012, 2012 14th Asia-Pacific Network Operations and Management Symposium (APNOMS).

[19]  Vladimir N. Vapnik,et al.  The Nature of Statistical Learning Theory , 2000, Statistics for Engineering and Information Science.

[20]  Wenbo He,et al.  I know what you did on your smartphone: Inferring app usage over encrypted data traffic , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[21]  Nitesh V. Chawla,et al.  SMOTE: Synthetic Minority Over-sampling Technique , 2002, J. Artif. Intell. Res..

[22]  Xinyu Zhang,et al.  Analysis of smartphone traffic with MapReduce , 2013, 2013 22nd Wireless and Optical Communication Conference.

[23]  Brijesh Joshi,et al.  Touching from a distance: website fingerprinting attacks and defenses , 2012, CCS.

[24]  Chih-Jen Lin,et al.  A Practical Guide to Support Vector Classication , 2008 .

[25]  Nino Vincenzo Verde,et al.  No Place to Hide that Bytes Won't Reveal: Sniffing Location-Based Encrypted Traffic to Track a User's Position , 2015, NSS.

[26]  Dawn Xiaodong Song,et al.  NetworkProfiler: Towards automatic fingerprinting of Android apps , 2013, 2013 Proceedings IEEE INFOCOM.

[27]  Klara Nahrstedt,et al.  Identity, location, disease and more: inferring your secrets from android public resources , 2013, CCS.

[28]  Jasleen Kaur,et al.  Can Android Applications Be Identified Using Only TCP/IP Headers of Their Launch Time Traffic? , 2016, WISEC.

[29]  Scott E. Coull,et al.  Traffic Analysis of Encrypted Messaging Services: Apple iMessage and Beyond , 2014, CCRV.