Embed Size (px)
Citation preview
The Silk Road: An Online Marketplace
By Adam Cronin
Project Overview
• Main goal: Research The Silk Road and how it provides anonymity• Mechanisms for providing anonymity• Failures in anonymity
What is The Silk Road?
• An anonymous online marketplace created to
facilitate the online sales of both legal and
illegal items
• People around the world can trade with each
other without divulging their identity
• A means of circumventing buying and selling
restrictions that may be in effect due to
geographic location
Anonymity in a Marketplace
• Requirements for an anonymous online
marketplace
• Accessing the site
• Ability to post/advertise items for sale
• Ability to browse available items
• Transactions
• Sending item from seller to buyer
The Silk Road’s Solution
• Requirements for an anonymous online marketplace
• Accessing the site Tor
• Ability to post/advertise items for sale Register
Account
• Ability to browse available items Register
Account
• Transactions Bitcoin• Sending item from seller to buyer Still have to
give an address…
Tor
• The Tor browser is essentially a means of
anonymously sending network data
• Data is sent through a series of nodes
• Each node is a volunteer
• Each node only knows the previous node and
the next node so single compromised node isn’t
a huge issue
How Tor Works
• Tor installs an Onion Proxy onto the user’s
computer
• The OP creates a virtual circuit that defines the
path through the Tor nodes that leads to the user’s
end destination
• Tor downloads list of all potential Tor nodes in
the network
• Uses the list to choose an Entry node, an
Intermediate node, and an Exit node
How Tor Works (Cont’d)
• Creates a Transport Layer Security (TLS)
connection between itself and the Entry Node
• Uses encryption to prevent eavesdropping,
tampering, or message forgery
• Then starts the process of creating the virtual
circuit
• To create a VC, can send three commands:
create, extend, and delete
Tor
Onion Proxy
Destination Server
Create TLS Connection
Onion Proxy TLS,
K1
(Transport Layer Security)
Destination Server
Create Command on Entry Node
Onion Proxy
Destination Server
Create
Create Command on Intermediate Node
Onion Proxy
Destination Server
Extend
Create
Create Command on Exit Node
Onion Proxy
Destination Server
Extend
Create
Send Message
Onion Proxy
Destination Server
Extend
Create
Traditional Online Transactions• Traditional online transaction requires a middle
man
• Buyer Bank Seller
• Disadvantages of trusted third-party
• Access to user’s money
• Knowledge of all transactions and who with
• Transactions can be disputed and reversed
Bitcoin• A peer-to-peer electronic cash system
• Goal: move away from the traditional form of
cash exchange
• Remove trusted third-party (ex: banks)
• Instead of third-party, broadcast every
transaction to all nodes on the Bitcoin network
• Transactions can’t be reversed or disputed
Bitcoin• Each user holds their Bitcoins in a wallet which is
referenced during transactions
• Bitcoin characterized as a “chain of digital
signatures”• Each user has a public and private key so that
only the owner of a wallet can transfer Bitcoins• During a transaction, a signature is created
and added to the coin
• Private key used to generate signature
• Public key used to verify the signature
Failures in Anonymity
• Tor by itself doesn’t encrypt data leaving the exit
node or returning to the exit node
• A passive attacker who watches both the sender
and the receiver could link the two with high
probability
• Compromised TLS key for Onion Proxy could lead
to impersonation
• Receiver of package must still give an address
Failures in Anonymity
• The Silk Road has been shut down twice and the
people running the site were arrested
• A new clone is started up every time The Silk
Road gets shut down
References• [1] Christin, Nicolas. "Traveling the Silk Road: A Measurement
Analysis of a Large Anonymous Online Marketplace." (2012): n. pag. Carnegie Mellon, 30 July 2012. Web. 12 Oct. 2015. <https://www.cylab.cmu.edu/files/pdfs/tech_reports/CMUCyLab12018.pdf>.
• [2] Dingledine, Roger, Nick Mathewson, and Paul Syverson. "Tor: The Second-Generation Onion Router." (n.d.): n. pag. Web. 5 Oct. 2015. < https://svn.torproject.org/svn/projects/design-paper/tor-design.pdf>.
• [3] Dierks, T. & C. Allen. “The TLS Protocol Version 1.0.” January 1999. (6 November 2015)
• [4] Nakamoto, Satoshi. "Bitcoin: A Peer-to-Peer Electronic Cash System." (n.d.): n. pag. Web. 5 Oct. 2015. <https://bitcoin.org/bitcoin.pdf>.
• [5] Biryukov, Alex, and Ivan Pustogarov. "Bitcoin over Tor Isn't a Good Idea." 2015 IEEE Symposium on Security and Privacy (2015): n. pag. 8 Jan. 2015. Web.
