Papers Scrutinize Bitcoin and Ethereum Usage For Covert Communication – Trustnodes

Papers Scrutinize Bitcoin and Ethereum Usage For Covert Communication


Ethereum covert communication, Dec 2020

A number of papers have come out from academia describing how bitcoin and ethereum can be used for covert communication.

Authors at the Centre for Cyber Security Research and Innovation in Australia have gone as far as to prototype such blockchain covert systems, saying:

“The foundation of our demo includes, how to produce dynamic shell sessions, write arbitrary data to the blockchain, and how to emulate full nodes in order to read arbitrary data from the blockchain.”

Their aim is to look at weaknesses of such potential method of communication, while another paper looks at how it can be strengthened.

“Most traditional data embedding schemes either design by heuristic or empirical algorithms or use a fixed field to embed data in the transactions,” they say before adding:

“Therefore, the covert data can be recognized once the algorithm is leaked or the pattern is explored. In this article, we first propose a Hash Chain-based Covert Data Embedding (HC-CDE) Scheme. The embedded transactions are difficult to be discovered.

We further propose an Elliptic Curve Diffie-Hellman Chain-based Covert Data Embedding (ECDHC-CDE) Scheme to enhance the security of the HC-CDE scheme. Experimental analysis on the Bitcoin Testnet verifies the security and the efficiency of the proposed schemes.”

We couldn’t locate this testnet address in time for publishing, but interestingly a third paper looks at how ethereum can be used and here we quote at some length:

“The traditional covert communication that relies on a central node is vulnerable to detection and attack. Applying blockchain to covert communication can improve the channel’s anti‐interference and anti-tampering.

Whisper is the communication protocol of Ethereum, which mainly relies on payload to store information and padding to expand. These two fields can store a large amount of information, creating conditions for the realization of covert communication.

In this paper, we propose a covert communication method based on the whisper protocol to covertly transfer information in the blockchain. To implement this method, we use payload to store the carrier information, matching it with the secret message.

The generated index is recorded in the padding field. To improve the concealment of communication, we simulate the default filling rules of the protocol to maintain the message size.”

The latter paper (pictured) stands out for the thoroughness of addressing the subject, even proposing some algos, with the authors concluding:

“We used the structure of whisper protocol to design a feasible information hiding method and devised a message filling mechanism to imitate the default filling rules of the protocol, which increased the concealment of communication and protected the meta information.

To improve the security of communication, we proposed a new topic–key pair interaction method. Theoretical proof and experiments were conducted to verify the characteristics of anti‐interference, antitampering, and antidetection of the proposed method.

Experiment results showed that the information embedding and transmission efficiency of the proposed method is higher than that of traditional time‐based covert communication, and the new topic‐key pair interaction mode also reduces the system cost. This method is theoretical and idealized.”

This scrutiny comes after this summer researchers at Sophos Labs found that hijacking code was using bitcoin’s blockchain to communicate with the command and control center.

There haven’t been any further instances since then as far as we are aware, but this has clearly caught academic attention including in China with the third paper cited above sponsored by the Natural Science Foundation of Heilongjiang Province of China.

This research may well assist in trying to prevent any abuse of global public blockchains, but there may also be productive use cases for this sort of covert communication that go above just time-stamping especially as they appear to be less fragile than single node systems.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>