اشترك بالحزمة الذهبية واحصل على وصول غير محدود شمرا أكاديميا
تسجيل مستخدم جديدAn Empirical Analysis of Monero Cross-Chain Traceability
414
0
0.0
(
0
)
نشر من قبل
Abraham Hinteregger BSc MSc MSc
تاريخ النشر
2018
مجال البحث
الهندسة المعلوماتية
والبحث باللغة
English
اسأل ChatGPT حول البحث
ﻻ يوجد ملخص باللغة العربية
Monero is a privacy-centric cryptocurrency that makes payments untraceable by adding decoys to every real input spent in a transaction. Two studies from 2017 found methods to distinguish decoys from real inputs, which enabled traceability for a majority of transactions. Since then, a number protocol changes have been introduced, but their effectiveness has not yet been reassessed. Furthermore, little is known about traceability of Monero transactions across hard fork chains. We formalize a new method for tracing Monero transactions, which is based on analyzing currency hard forks. We use that method to perform a (passive) traceability analysis on data from the Monero, MoneroV and Monero Original blockchains and find that only a small amount of inputs are traceable. We then use the results to estimate the effectiveness of known heuristics for recent transactions and find that they do not significantly outperform random guessing. Our findings suggest that Monero is currently mostly immune to known passive attack vectors and resistant to tracking and tracing methods applied to other cryptocurrencies.
قيم البحث
اقرأ أيضاً
Monero is a privacy-centric cryptocurrency that allows users to obscure their transactions by including chaff coins, called mixins, along with the actual coins they spend. In this paper, we empirically evaluate two weaknesses in Moneros mixin samplin
g strategy. First, about 62% of transaction inputs with one or more mixins are vulnerable to chain-reaction analysis -- that is, the real input can be deduced by elimination. Second, Monero mixins are sampled in such a way that they can be easily distinguished from the real coins by their age distribution; in short, the real input is usually the newest input. We estimate that this heuristic can be used to guess the real input with 80% accuracy over all transactions with 1 or more mixins. Next, we turn to the Monero ecosystem and study the importance of mining pools and the former anonymous marketplace AlphaBay on the transaction volume. We find that after removing mining pool activity, there remains a large amount of potentially privacy-sensitive transactions that are affected by these weaknesses. We propose and evaluate two countermeasures that can improve the privacy of future transactions.
A variety of innovative software solutions, addressing product anti-counterfeiting and record provenance of the wider supply chain industry, have been implemented. However, these solutions have been developed with centralized system architecture whic
h could be susceptible to malicious modifications on states of product records and various potential security attacks leading to system failure and downtime. Blockchain technology has been enabling decentralized trust with a network of distributed peer nodes to maintain consistent shared states via a decentralized consensus reached, with which an idea of developing decentralized and reliable solutions has been basing on. A Decentralized NFC-Enabled Anti-Counterfeiting System (dNAS) was therefore proposed and developed, decentralizing a legacy anti-counterfeiting system of supply chain industry utilizing enterprise blockchain protocols and enterprise consortium, to facilitate trustworthy data provenance retrieval, verification and management, as well as strengthening capability of product anti-counterfeiting and traceability in supply chain industry. The adoption of enterprise blockchain protocols and implementations has been surging in supply chain industry given its advantages in scalability, governance and compatibility with existing supply chain systems and networks, but development and adoption of decentralized solutions could also impose additional implications to supply chain integrity, in terms of security, privacy and confidentiality. In this research, an empirical analysis performed against decentralized solutions, including dNAS, summarizes the effectiveness, limitations and future opportunities of developing decentralized solutions built around existing enterprise blockchain protocols and implementations for supply chain anti-counterfeiting and traceability.
Miners play a key role in cryptocurrencies such as Bitcoin: they invest substantial computational resources in processing transactions and minting new currency units. It is well known that an attacker controlling more than half of the networks mining
power could manipulate the state of the system at will. While the influence of large mining pools appears evenly split, the actual distribution of mining power within these pools and their economic relationships with other actors remain undisclosed. To this end, we conduct the first in-depth analysis of mining reward distribution within three of the four largest Bitcoin mining pools and examine their cross-pool economic relationships. Our results suggest that individual miners are simultaneously operating across all three pools and that in each analyzed pool a small number of actors (<= 20) receives over 50% of all BTC payouts. While the extent of an operators control over the resources of a mining pool remains an open debate, our findings are in line with previous research, pointing out centralization tendencies in large mining pools and cryptocurrencies in general.
Third-party security apps are an integral part of the Android app ecosystem. Many users install them as an extra layer of protection for their devices. There are hundreds of such security apps, both free and paid in Google Play Store and some of them
are downloaded millions of times. By installing security apps, the smartphone users place a significant amount of trust towards the security companies who developed these apps, because a fully functional mobile security app requires access to many smartphone resources such as the storage, text messages and email, browser history, and information about other installed applications. Often these resources contain highly sensitive personal information. As such, it is essential to understand the mobile security apps ecosystem to assess whether is it indeed beneficial to install them. To this end, in this paper, we present the first empirical study of Android security apps. We analyse 100 Android security apps from multiple aspects such as metadata, static analysis, and dynamic analysis and presents insights to their operations and behaviours. Our results show that 20% of the security apps we studied potentially resell the data they collect from smartphones to third parties; in some cases, even without the user consent. Also, our experiments show that around 50% of the security apps fail to identify malware installed on a smartphone.
Logistics Information System (LIS) is an interactive system that provides information for logistics managers to monitor and track logistics business. In recent years, with the rise of online shopping, LIS is becoming increasingly important. However,
since the lack of effective protection of personal information, privacy protection issue has become the most problem concerned by users. Some data breach events in LIS released users personal information, including address, phone number, transaction details, etc. In this paper, to protect users privacy in LIS, a privacy-preserving LIS with traceability (PPLIST) is proposed by combining multi-signature with pseudonym. In our PPLIST scheme, to protect privacy, each user can generate and use different pseudonyms in different logistics services. The processing of one logistics is recorded and unforgeable. Additionally, if the logistics information is abnormal, a trace party can de-anonymize users, and find their real identities. Therefore, our PPLIST efficiently balances the relationship between privacy and traceability.
سجل دخول لتتمكن من نشر تعليقات
التعليقات
جاري جلب التعليقات
سجل دخول لتتمكن من متابعة معايير البحث التي قمت باختيارها
