Deanonymization techniques for Tor and Bitcoin

Ivan Pustogarov


Buying online while staying anonymous is hard. Selling something online while hiding your identity and physical location from clients is even harder. There are two reasons for this. First, Internet communications are traceable. Second, conventional online payment system (as credit cards or PayPal) are normally tied to the holder's identity. The most common solutions are: Tor Hidden Services for anonymous communications and Bitcoin for payments.

In this paper we summarise our recent results on deanonymising operators and clients of Tor hidden services and Bitcoin wallet owners.

First we describe a method to opportunistically reveal IP addresses of Tor Hidden Service operators and estimate the costs for targeted deanonymization. Second we show how to deanonymise clients of Tor Hidden Services. The success rate depends on the popularity of the hidden service. We applied our finding to find IP addresses of Mevade infected computers. Finally, we present a method for revealing IP addresses of Bitcoin wallet owners with success rate between 11\% and 60\%. This method requires an attacker to run about 50 servers and costs less than 2000 USD per month. Moreover we show how to fingerprint and link different Bitcoin addresses of a user even if the user is behind a VPN.

Slides:  [ svg (arrow keys to scroll) ]

Time and Place

Friday, November 7, 3:30pm
Gates 463A