Le criptovalute sono valute digitali basate sulla crittografia. A differenza delle tradizionali valute legali emesse da sistemi bancari centralizzati, le criptovalute sono decentralizzate e mantenute attraverso meccanismi di consenso distribuito. Nel novembre 2008 Satoshi Nakamoto ha introdotto la prima criptovaluta veramente funzionale: il Bitcoin. Dopo alcuni anni passati nell’ombra, Bitcoin guadagnò rapidamente notorietà, creando un'economia da miliardi di dollari. Sull’onda del successo di Bitcoin il mercato ha visto nascere diverse altre criptovalute. A settembre 2019 si sono registrate più di 2500 criptovalute attive per un mercato di oltre 250 miliardi di Dollari e quasi 50 miliardi di Dollari di volume giornaliero. Ogni criptovaluta ha un funzionamento peculiare a seconda del proprio obiettivo: alcune si focalizzano sulla limitazione del numero di transazioni, altre sulle prestazioni. Ogni criptovaluta garantisce un certo livello di anonimato dell'utente. Al livello più basso, gli utenti rimangono pseudo-anonimi, ovvero le identità reali del pagatore e del beneficiario rimangono nascoste. I criminali informatici hanno sfruttato l'anonimato offerto dalle criptovalute per perpetrare vari reati, come il riciclaggio di denaro e il finanziamento del terrorismo. Questa tesi indaga sulle implicazioni di sicurezza e privacy delle criptovalute e si compone di tre parti che trattano di recenti ed importanti problematiche relative a: (i) Bitcoin; (ii) Algorand; e (iii) Cryptominers. Nella prima parte di questa tesi, studiamo due questioni relative al Bitcoin che rivestono un'importanza significativa in questa era di criptovalute. In particolare, ci concentriamo sull’aumento allarmante delle campagne ransomware e sui problemi di privacy relativi alle app di Bitcoin wallet per smartphone. Abbiamo quindi condotto uno studio completo e longitudinale sui recenti attacchi di ransomware e riportando l'impatto economico riscontrato sui pagamenti in Bitcoin. Abbiamo inoltre condotto un lavoro per l’identificazione di attività sensibili sulle app di Bitcoin wallet. Queste app sono comunemente utilizzate per l'invio, la ricezione e il trading di Bitcoin. La seconda parte di questa tesi si concentra su Algorand. Algorand è un protocollo di consenso blockchain democratico che ha il potenziale ridisegnare il futuro della tecnologia blockchain. Questo è il primo studio formale proposto per Algorand. Nella nostra analisi di sicurezza, presentiamo un attacco realmente attuabile su Algorand nonché possibili contromisure. Nella terza parte di questa tesi, esploriamo il covert cryptomining. La richiesta di cryptomining è aumentata drasticamente con la crescente popolarità delle criptovalute. Parallelamente alle legittime richieste di crittografia, la covert cryptomining è emersa come un mezzo per gli attori malintenzionati per ottenere incentivi finanziari. Le criptovalute come Monero hanno ulteriormente aggravato la situazione, consentendo anche agli utenti ingenui di effettuare cryptomining tramite un'applicazione browser. Considerando la gravità del problema, proponiamo due soluzioni efficienti per rilevare la covert cryptomining in diversi scenari realistici.
Cryptocurrencies are cryptography-based digital currencies. In contrast to the traditional fiat currencies that are issued by centralized banking systems, cryptocurrencies are decentralized and maintained through distributed consensus mechanisms. The first truly functional cryptocurrency, i.e., Bitcoin, was introduced in November 2008 by Satoshi Nakamoto. Within a few years of its quiet launch, Bitcoin flourished to make a billion-dollar economy. After the massive success of Bitcoin, several other cryptocurrencies have been introduced to the market. As of September 2019, there are over 2500 active cryptocurrencies with more than 250 billion dollars total market capitalization and nearly 50 billion dollars daily volume. Different cryptocurrencies work differently and aim to achieve different goals, e.g., some cryptocurrencies focus on limiting transaction throughput while others concentrate on performance. However, each cryptocurrency ensures a certain level of user anonymity. At the lowest level, users remain pseudo-anonymous, i.e., the real identities of payer and payee remain obscure. Consequently, cybercriminals have exploited the anonymity offered by cryptocurrencies in various crimes, including money laundering and terror financing. Moreover, cryptocurrencies bring several other severe concerns. This thesis investigates the security and privacy implications of cryptocurrencies. This thesis is composed of three logical parts that focus on recently thriving, prominent, and severe concerns related to: (i) Bitcoin; (ii) Algorand; and(iii) Cryptominers. In the first part of this thesis, we investigate two issues related to Bitcoin that hold significant importance in this era of cryptocurrencies. In particular, we focus on alarmingly increasing ransomware campaigns and the privacy concerns related to smartphone-based Bitcoin wallet apps. For the former, we present our comprehensive and longitudinal study on the recent ransomware attacks and report the economic impact of such ransomware from the Bitcoin payment perspective. For the latter, we present our work on identifying sensitive user activities on Bitcoin wallet apps that are commonly used for sending, receiving, and trading Bitcoin. The second part of this thesis focuses on Algorand. Algorand is a truly democratic blockchain consensus protocol that has the potential to shape the future of blockchain technology. To the best of our knowledge, it is the first formal study on Algorand. In our security analysis, we propose a practically feasible attack on Algorand and its possible countermeasures. In the third part of this thesis, we explore covert cryptomining. The demand for cryptomining has increased drastically with the increasing popularity of cryptocurrencies. In parallel to legitimate cryptomining demands, covert cryptomining has emerged as a utility for malicious actors to gain financial incentives. Cryptocurrencies, such as Monero, have further aggravated the situation by enabling even naive users to mine via a browser application. Considering the severity of the issue, we propose two efficient solutions to detect covert cryptomining under different real-world scenarios.
Security and Privacy Implications of Cryptocurrencies / Gangwal, Ankit. - (2019 Dec 21).
Security and Privacy Implications of Cryptocurrencies
Gangwal, Ankit
2019
Abstract
Cryptocurrencies are cryptography-based digital currencies. In contrast to the traditional fiat currencies that are issued by centralized banking systems, cryptocurrencies are decentralized and maintained through distributed consensus mechanisms. The first truly functional cryptocurrency, i.e., Bitcoin, was introduced in November 2008 by Satoshi Nakamoto. Within a few years of its quiet launch, Bitcoin flourished to make a billion-dollar economy. After the massive success of Bitcoin, several other cryptocurrencies have been introduced to the market. As of September 2019, there are over 2500 active cryptocurrencies with more than 250 billion dollars total market capitalization and nearly 50 billion dollars daily volume. Different cryptocurrencies work differently and aim to achieve different goals, e.g., some cryptocurrencies focus on limiting transaction throughput while others concentrate on performance. However, each cryptocurrency ensures a certain level of user anonymity. At the lowest level, users remain pseudo-anonymous, i.e., the real identities of payer and payee remain obscure. Consequently, cybercriminals have exploited the anonymity offered by cryptocurrencies in various crimes, including money laundering and terror financing. Moreover, cryptocurrencies bring several other severe concerns. This thesis investigates the security and privacy implications of cryptocurrencies. This thesis is composed of three logical parts that focus on recently thriving, prominent, and severe concerns related to: (i) Bitcoin; (ii) Algorand; and(iii) Cryptominers. In the first part of this thesis, we investigate two issues related to Bitcoin that hold significant importance in this era of cryptocurrencies. In particular, we focus on alarmingly increasing ransomware campaigns and the privacy concerns related to smartphone-based Bitcoin wallet apps. For the former, we present our comprehensive and longitudinal study on the recent ransomware attacks and report the economic impact of such ransomware from the Bitcoin payment perspective. For the latter, we present our work on identifying sensitive user activities on Bitcoin wallet apps that are commonly used for sending, receiving, and trading Bitcoin. The second part of this thesis focuses on Algorand. Algorand is a truly democratic blockchain consensus protocol that has the potential to shape the future of blockchain technology. To the best of our knowledge, it is the first formal study on Algorand. In our security analysis, we propose a practically feasible attack on Algorand and its possible countermeasures. In the third part of this thesis, we explore covert cryptomining. The demand for cryptomining has increased drastically with the increasing popularity of cryptocurrencies. In parallel to legitimate cryptomining demands, covert cryptomining has emerged as a utility for malicious actors to gain financial incentives. Cryptocurrencies, such as Monero, have further aggravated the situation by enabling even naive users to mine via a browser application. Considering the severity of the issue, we propose two efficient solutions to detect covert cryptomining under different real-world scenarios.File | Dimensione | Formato | |
---|---|---|---|
gangwal_ankit_thesis.pdf
accesso aperto
Tipologia:
Tesi di dottorato
Licenza:
Creative commons
Dimensione
4.39 MB
Formato
Adobe PDF
|
4.39 MB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.