Ethics of Bitcoin and Tor security research
November 10, 2014  

Ethics in computer security is in the news again following “Operation Onymous”, the government seizure of the Silk Road 2.0 marketplace and several dozen other web sites. The sites were made available as Tor hidden services, and they accepted payments using Bitcoin.

Some security experts think that this shows that the US government has managed to break the anonymity of Tor and/or Bitcoin. The Tor Project itself points to two recent academic research projects into Tor deanonymization which could provide clues as to how this is possible.

The first is a paper by Biryukov and Pustogarov, “Bitcoin over Tor isn’t a good idea.” It describes several attacks that can deanonymize Bitcoin clients making transactions over Tor.

The second is the work by CERT researchers that was pulled from the Black Hat conference, which I discuss here. They had apparently conducted a deanonymization attack on the actual Tor network, and speculation at the time was that the talk was cancelled by CERT or CMU for ethical reasons. In light of the Silk Road takedown, however, Nicholas Weaver has estimated that their attack would cost around $50,000, too much for two academic researchers to spend, but well within the reach of the FBI. So the speculation is that the research was done for the FBI.

I've already discussed why I feel that the CERT research is well within the wide range of ethics used in academic security research, so let's look more closely at the Biryukov and Pustogarov paper. The same authors, along with Dmitry Khovratovich, have just published a related paper in the ACM Computer and Communications Security Conference: “Deanonymisation of clients in Bitcoin P2P network” (preprint).

What's interesting about this paper is that it contains the following statement:

Ethical considerations. All vulnerabilities described in this paper were reported to bitcoin core developers. When possible we carried out experiments in the Bitcoin test network. To protect user privacy, we restricted from performing a full-scale deanonymization in the real network. However, gathering some statistics required us conducting experiments on the main network, which did not cause disruption or exposure of the main network.

However, the first Biryukov and Pustogarov paper linked above, about deanonymization involving both Tor and Bitcoin, does not contain any such statement. Moreover, it is clear that they conducted experiments not on test networks but on the actual Tor and Bitcoin networks. For example, they say

We implemented this part of the attack: while the Tor consensus indicated that our relays allowed exiting on ports 80, 443, and 8333 for any IP address, the real exit policy of our relays was accepting port 8333 for a couple of IP addresses.

and

We validated this part of the attack by forcing about 7500 running Bitcoin peers to ban our Exit node. To do this we implemented a rudimentary Bitcoin client which is capable of sending different custom-built Bitcoin messages.

I wasn't on the CCS committee, but I have to wonder whether this means that the authors added the statement on ethical considerations to their CCS paper at the request of the committee.

I hope so. That would mean that the academic community is waking up to the fact that computer security research now has consequences beyond the Ivory Tower. There is no mention of any requirement for ethics in the CCS Call for Papers, but I'd like to see one for next year's conference.