Pub Date : 2018-04-27DOI: 10.1109/EuroSPW.2018.00020
Antoine Vastel, Walter Rudametkin, Romain Rouvoy
Despite recent regulations and growing user awareness, undesired browser tracking is increasing. In addition to cookies, browser fingerprinting is a stateless technique that exploits a device's configuration for tracking purposes. In particular, browser fingerprinting builds on attributes made available from Javascript and HTTP headers to create a unique and stable fingerprint. For example, browser plugins have been heavily exploited by state-of-the-art browser fingerprinters as a rich source of entropy. However, as browser vendors abandon plugins in favor of extensions, fingerprinters will adapt. We present FP-TESTER, an approach to automatically test the effectiveness of browser fingerprinting countermeasure extensions. We implement a testing toolkit to be used by developers to reduce browser fingerprintability. While countermeasures aim to hinder tracking by changing or blocking attributes, they may easily introduce subtle side-effects that make browsers more identifiable, rendering the extensions counterproductive. FP-TESTER reports on the side-effects introduced by the countermeasure, as well as how they impact tracking duration from a fingerprinter's point-of-view. To the best of our knowledge, FP-TESTER is the first tool to assist developers in fighting browser fingerprinting and reducing the exposure of end-users to such privacy leaks.
{"title":"FP -TESTER : Automated Testing of Browser Fingerprint Resilience","authors":"Antoine Vastel, Walter Rudametkin, Romain Rouvoy","doi":"10.1109/EuroSPW.2018.00020","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00020","url":null,"abstract":"Despite recent regulations and growing user awareness, undesired browser tracking is increasing. In addition to cookies, browser fingerprinting is a stateless technique that exploits a device's configuration for tracking purposes. In particular, browser fingerprinting builds on attributes made available from Javascript and HTTP headers to create a unique and stable fingerprint. For example, browser plugins have been heavily exploited by state-of-the-art browser fingerprinters as a rich source of entropy. However, as browser vendors abandon plugins in favor of extensions, fingerprinters will adapt. We present FP-TESTER, an approach to automatically test the effectiveness of browser fingerprinting countermeasure extensions. We implement a testing toolkit to be used by developers to reduce browser fingerprintability. While countermeasures aim to hinder tracking by changing or blocking attributes, they may easily introduce subtle side-effects that make browsers more identifiable, rendering the extensions counterproductive. FP-TESTER reports on the side-effects introduced by the countermeasure, as well as how they impact tracking duration from a fingerprinter's point-of-view. To the best of our knowledge, FP-TESTER is the first tool to assist developers in fighting browser fingerprinting and reducing the exposure of end-users to such privacy leaks.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130792939","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/EuroSPW.2018.00012
Alishah Chator, M. Green
Several popular cryptocurrencies incorporate privacy features that "mix" real transactions with cover traffic in order to obfuscate the public transaction graph. The underlying protocols, which include CryptoNote and Monero's RingCT, work by first identifying a real transaction output (TXO), sampling a number of cover outputs, and transmitting the entire resulting set to verifiers, along with a zero knowledge (or WI) proof that hides the identity of the real transaction. Unfortunately, many of these schemes suffer from a practical limitation: the description of the combined input set grows linearly with size of the anonymity set. In this work we propose a simple technique for efficiently sampling cover traffic from a finite (and public) set of known values, while deriving a compact description of the resulting transaction set. This technique, which is based on programmable hash functions, allows us to dramatically reduce transaction bandwidth when large cover sets are used.We refer to our construction as a recoverable sampling scheme, and note that it may be of independent interest for other privacy applications. We present formal security definitions; prove our constructions secure; and show how these constructions can be integrated with various currencies and different cover sampling distributions.
{"title":"How to Squeeze a Crowd: Reducing Bandwidth in Mixing Cryptocurrencies","authors":"Alishah Chator, M. Green","doi":"10.1109/EuroSPW.2018.00012","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00012","url":null,"abstract":"Several popular cryptocurrencies incorporate privacy features that \"mix\" real transactions with cover traffic in order to obfuscate the public transaction graph. The underlying protocols, which include CryptoNote and Monero's RingCT, work by first identifying a real transaction output (TXO), sampling a number of cover outputs, and transmitting the entire resulting set to verifiers, along with a zero knowledge (or WI) proof that hides the identity of the real transaction. Unfortunately, many of these schemes suffer from a practical limitation: the description of the combined input set grows linearly with size of the anonymity set. In this work we propose a simple technique for efficiently sampling cover traffic from a finite (and public) set of known values, while deriving a compact description of the resulting transaction set. This technique, which is based on programmable hash functions, allows us to dramatically reduce transaction bandwidth when large cover sets are used.We refer to our construction as a recoverable sampling scheme, and note that it may be of independent interest for other privacy applications. We present formal security definitions; prove our constructions secure; and show how these constructions can be integrated with various currencies and different cover sampling distributions.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123612758","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/EuroSPW.2018.00019
S. De, D. Métayer
The work described in this paper is a contribution to enhancing individual control over personal data which is promoted, inter alia, by the new EU General Data Protection Regulation. We propose a method to enable better informed choices of privacy settings. The method relies on a privacy risk analysis parameterized by privacy settings. The user can express his choices, visualize their impact on the privacy risks through a user-friendly interface and, if needed, decide to revise them to reduce risks to an acceptable level.
{"title":"Privacy Risk Analysis to Enable Informed Privacy Settings","authors":"S. De, D. Métayer","doi":"10.1109/EuroSPW.2018.00019","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00019","url":null,"abstract":"The work described in this paper is a contribution to enhancing individual control over personal data which is promoted, inter alia, by the new EU General Data Protection Regulation. We propose a method to enable better informed choices of privacy settings. The method relies on a privacy risk analysis parameterized by privacy settings. The user can express his choices, visualize their impact on the privacy risks through a user-friendly interface and, if needed, decide to revise them to reduce risks to an acceptable level.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128271654","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/EuroSPW.2018.00011
Oded Leiba, Yechiav Yitzchak, Ron Bitton, Asaf Nadler, A. Shabtai
The Internet of Things (IoT) network of connected devices currently contains more than 11 billion devices and is estimated to double in size within the next four years. The prevalence of these devices makes them an ideal target for attackers. To reduce the risk of attacks vendors routinely deliver security updates (patches) for their devices. The delivery of security updates becomes challenging due to the issue of scalability as the number of devices may grow much quicker than vendors' distribution systems. Previous studies have suggested a permissionless and decentralized blockchainbased network in which nodes can host and deliver security updates, thus the addition of new nodes scales out the network. However, these studies do not provide an incentive for nodes to join the network, making it unlikely for nodes to freely contribute their hosting space, bandwidth, and computation resources. In this paper, we propose a novel decentralized IoT software update delivery network in which participating nodes (referred to as distributors) are compensated by vendors with digital currency for delivering updates to devices. Upon the release of a new security update, a vendor will make a commitment to provide digital currency to distributors that deliver the update; the commitment will be made with the use of smart contracts, and hence will be public, binding, and irreversible. The smart contract promises compensation to any distributor that provides proof-of-distribution, which is unforgeable proof that a single update was delivered to a single device. A distributor acquires the proof-of-distribution by exchanging a security update for a device signature using the Zero-Knowledge Contingent Payment (ZKCP) trustless data exchange protocol. Eliminating the need for trust between the security update distributor and the security consumer (IoT device) by providing fair compensation, can significantly increase the number of distributors, thus facilitating rapid scale out.
{"title":"Incentivized Delivery Network of IoT Software Updates Based on Trustless Proof-of-Distribution","authors":"Oded Leiba, Yechiav Yitzchak, Ron Bitton, Asaf Nadler, A. Shabtai","doi":"10.1109/EuroSPW.2018.00011","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00011","url":null,"abstract":"The Internet of Things (IoT) network of connected devices currently contains more than 11 billion devices and is estimated to double in size within the next four years. The prevalence of these devices makes them an ideal target for attackers. To reduce the risk of attacks vendors routinely deliver security updates (patches) for their devices. The delivery of security updates becomes challenging due to the issue of scalability as the number of devices may grow much quicker than vendors' distribution systems. Previous studies have suggested a permissionless and decentralized blockchainbased network in which nodes can host and deliver security updates, thus the addition of new nodes scales out the network. However, these studies do not provide an incentive for nodes to join the network, making it unlikely for nodes to freely contribute their hosting space, bandwidth, and computation resources. In this paper, we propose a novel decentralized IoT software update delivery network in which participating nodes (referred to as distributors) are compensated by vendors with digital currency for delivering updates to devices. Upon the release of a new security update, a vendor will make a commitment to provide digital currency to distributors that deliver the update; the commitment will be made with the use of smart contracts, and hence will be public, binding, and irreversible. The smart contract promises compensation to any distributor that provides proof-of-distribution, which is unforgeable proof that a single update was delivered to a single device. A distributor acquires the proof-of-distribution by exchanging a security update for a device signature using the Zero-Knowledge Contingent Payment (ZKCP) trustless data exchange protocol. Eliminating the need for trust between the security update distributor and the security consumer (IoT device) by providing fair compensation, can significantly increase the number of distributors, thus facilitating rapid scale out.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132312893","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/EuroSPW.2018.00016
Paul Dunphy, L. Garratt, F. Petitcolas
Distributed Ledger Technology (DLT) has been proposed as a new way to incorporate decentralization into a wide range of digital infrastructures. Applications of DLT to digital identity are increasing in prevalence, with a recent survey reporting that 55% of DLT technologies in development track digital identity. However, while proofs of concept, open source software, and new ideas are readily available, it is still unclear the extent to which DLT can play a role to underpin new forms of digital identity. In this position paper, we situate this fast-moving application domain into the broader challenges faced in digital identity, with the aim to highlight the socio-technical nature of the challenge at hand, and to propose directions for future research.
{"title":"Decentralizing Digital Identity: Open Challenges for Distributed Ledgers","authors":"Paul Dunphy, L. Garratt, F. Petitcolas","doi":"10.1109/EuroSPW.2018.00016","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00016","url":null,"abstract":"Distributed Ledger Technology (DLT) has been proposed as a new way to incorporate decentralization into a wide range of digital infrastructures. Applications of DLT to digital identity are increasing in prevalence, with a recent survey reporting that 55% of DLT technologies in development track digital identity. However, while proofs of concept, open source software, and new ideas are readily available, it is still unclear the extent to which DLT can play a role to underpin new forms of digital identity. In this position paper, we situate this fast-moving application domain into the broader challenges faced in digital identity, with the aim to highlight the socio-technical nature of the challenge at hand, and to propose directions for future research.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123518206","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/EuroSPW.2018.00008
Wesley van der Lee, S. Verwer
Although the importance of mobile applications grows every day, recent vulnerability reports argue the application's deficiency to meet modern security standards. Testing strategies alleviate the problem by identifying security violations in software implementations. This paper proposes a novel testing methodology that applies state machine learning of mobile Android applications in combination with algorithms that discover attack paths in the learned state machine. The presence of an attack path evidences the existence of a vulnerability in the mobile application. We apply our methods to real-life apps and show that the novel methodology is capable of identifying vulnerabilities.
{"title":"Vulnerability Detection on Mobile Applications Using State Machine Inference","authors":"Wesley van der Lee, S. Verwer","doi":"10.1109/EuroSPW.2018.00008","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00008","url":null,"abstract":"Although the importance of mobile applications grows every day, recent vulnerability reports argue the application's deficiency to meet modern security standards. Testing strategies alleviate the problem by identifying security violations in software implementations. This paper proposes a novel testing methodology that applies state machine learning of mobile Android applications in combination with algorithms that discover attack paths in the learned state machine. The presence of an attack path evidences the existence of a vulnerability in the mobile application. We apply our methods to real-life apps and show that the novel methodology is capable of identifying vulnerabilities.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125974975","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/EuroSPW.2018.00025
G. Primiero, Agostino Martorana, J. Tagliabue
From a security standpoint, VANETs (Vehicular ad hoc Networks) are vulnerable to attacks by malicious users, due to the decentralized and open nature of the wireless system. For many of these kinds of attacks detection is unfeasible, thus making it hard to produce security. Despite their characterization as dynamically reconfigurable networks, it is nonetheless essential to identify topology and population properties that can optimise mitigation protocols' deployment. In this paper, we provide an algorithmic definition and simulation of a trust and mitigation based protocol to contain a Black Hole style attack on a VANET. We experimentally show its optimal working conditions: total connectivity, followed by a random network; connection to external networks; early deployment of the protocol and ranking of the message. We compare results with those of existing protocols and future work shall focus on repeated broadcasting, opportunistic message forwarding and testing on real data.
{"title":"Simulation of a Trust and Reputation Based Mitigation Protocol for a Black Hole Style Attack on VANETs","authors":"G. Primiero, Agostino Martorana, J. Tagliabue","doi":"10.1109/EuroSPW.2018.00025","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00025","url":null,"abstract":"From a security standpoint, VANETs (Vehicular ad hoc Networks) are vulnerable to attacks by malicious users, due to the decentralized and open nature of the wireless system. For many of these kinds of attacks detection is unfeasible, thus making it hard to produce security. Despite their characterization as dynamically reconfigurable networks, it is nonetheless essential to identify topology and population properties that can optimise mitigation protocols' deployment. In this paper, we provide an algorithmic definition and simulation of a trust and mitigation based protocol to contain a Black Hole style attack on a VANET. We experimentally show its optimal working conditions: total connectivity, followed by a random network; connection to external networks; early deployment of the protocol and ranking of the message. We compare results with those of existing protocols and future work shall focus on repeated broadcasting, opportunistic message forwarding and testing on real data.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121172773","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/EuroSPW.2018.00028
R. Derbyshire, B. Green, D. Prince, A. Mauthe, D. Hutchison
Taxonomies have been developed as a mechanism for cyber attack categorisation. However, when one considers the recent and rapid evolution of attacker techniques and targets, the applicability and effectiveness of these taxonomies should be questioned. This paper applies two approaches to the evaluation of seven taxonomies. The first employs a criteria set, derived through analysis of existing works in which critical components to the creation of taxonomies are defined. The second applies historical attack data to each taxonomy under review, more specifically, attacks in which industrial control systems have been targeted. This combined approach allows for a more in-depth understanding of existing taxonomies to be developed, from both a theoretical and practical perspective.
{"title":"An Analysis of Cyber Security Attack Taxonomies","authors":"R. Derbyshire, B. Green, D. Prince, A. Mauthe, D. Hutchison","doi":"10.1109/EuroSPW.2018.00028","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00028","url":null,"abstract":"Taxonomies have been developed as a mechanism for cyber attack categorisation. However, when one considers the recent and rapid evolution of attacker techniques and targets, the applicability and effectiveness of these taxonomies should be questioned. This paper applies two approaches to the evaluation of seven taxonomies. The first employs a criteria set, derived through analysis of existing works in which critical components to the creation of taxonomies are defined. The second applies historical attack data to each taxonomy under review, more specifically, attacks in which industrial control systems have been targeted. This combined approach allows for a more in-depth understanding of existing taxonomies to be developed, from both a theoretical and practical perspective.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123434902","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/EuroSPW.2018.00009
Lesly-Ann Daniel, E. Poll, Joeri de Ruiter
The reliability of a security protocol is of the utmost importance but can easily be compromised by a vulnerability in the implementation. A crucial aspect of an implementation is the protocol's state machine. The state machine of an implementation can be inferred by black box testing using regular inference. These inferred state machines provide a good insight into implementations and can be used to detect any spurious behavior. We apply this technique to different implementations of OpenVPN: the standard OpenVPN and the OpenVPN-NL implementations. Although OpenVPN is a widely used TLS-based VPN solution, there is no official specification of the protocol, which makes it a particularly interesting target to analyze. We infer state machines of the server-side implementation and focus on particular phases of the protocol. Finally we analyze those state machines, show that they can reveal a lot of information about the implementation which is missing from the documentation, and discuss the possibility to include state machines in a formal specification.
{"title":"Inferring OpenVPN State Machines Using Protocol State Fuzzing","authors":"Lesly-Ann Daniel, E. Poll, Joeri de Ruiter","doi":"10.1109/EuroSPW.2018.00009","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00009","url":null,"abstract":"The reliability of a security protocol is of the utmost importance but can easily be compromised by a vulnerability in the implementation. A crucial aspect of an implementation is the protocol's state machine. The state machine of an implementation can be inferred by black box testing using regular inference. These inferred state machines provide a good insight into implementations and can be used to detect any spurious behavior. We apply this technique to different implementations of OpenVPN: the standard OpenVPN and the OpenVPN-NL implementations. Although OpenVPN is a widely used TLS-based VPN solution, there is no official specification of the protocol, which makes it a particularly interesting target to analyze. We infer state machines of the server-side implementation and focus on particular phases of the protocol. Finally we analyze those state machines, show that they can reveal a lot of information about the implementation which is missing from the documentation, and discuss the possibility to include state machines in a formal specification.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121041221","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/EuroSPW.2018.00010
Kevin Lee, Andrew K. Miller
Monero, a leading privacy-oriented cryptocurrency, supports a client/server operating mode that allows lightweight clients to avoid storing the entire blockchain, instead relying on a remote node to provide necessary information about the blockchain. However, a weakness of Monero's current blockchain data structure is that lightweight clients cannot authenticate the responses returned from a remote node. In this paper, we show that malicious responses from a remote node can lead to reduced privacy for the client. We discuss several lightweight mitigations that reduce the attack's effectiveness. To fully eliminate this class of attack, we also show how to augment Monero's blockchain data structure with an additional index that clients can use to authenticate responses from remote nodes. Our proposed solution could be implemented as a hard fork, or alternatively through a "Refereed Delegation" approach without needing any fork. We developed a prototype implementation to demonstrate the feasibility of our proposal.
{"title":"Authenticated Data Structures for Privacy-Preserving Monero Light Clients","authors":"Kevin Lee, Andrew K. Miller","doi":"10.1109/EuroSPW.2018.00010","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00010","url":null,"abstract":"Monero, a leading privacy-oriented cryptocurrency, supports a client/server operating mode that allows lightweight clients to avoid storing the entire blockchain, instead relying on a remote node to provide necessary information about the blockchain. However, a weakness of Monero's current blockchain data structure is that lightweight clients cannot authenticate the responses returned from a remote node. In this paper, we show that malicious responses from a remote node can lead to reduced privacy for the client. We discuss several lightweight mitigations that reduce the attack's effectiveness. To fully eliminate this class of attack, we also show how to augment Monero's blockchain data structure with an additional index that clients can use to authenticate responses from remote nodes. Our proposed solution could be implemented as a hard fork, or alternatively through a \"Refereed Delegation\" approach without needing any fork. We developed a prototype implementation to demonstrate the feasibility of our proposal.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122349979","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}