Gangwal Ankit

Computer Science and Innovation for Societal Challenges, XXXII series
Grant sponsor

Mauro Conti
Anna Spagnolli

Security and Privacy Implications of Cryptocurrencies.
Full text of the dissertation book can be downloaded from:

Abstract: Cryptocurrencies are cryptography-based digital currencies. In contrast to the traditional fiat currencies that are issued by centralized banking systems, cryptocurrencies are decentralized and maintained through distributed consensus mechanisms. The first truly functional cryptocurrency, i.e., Bitcoin, was introduced in November 2008 by Satoshi Nakamoto. Within a few years of its quiet launch, Bitcoin flourished to make a billion-dollar economy. After the massive success of Bitcoin, several other cryptocurrencies have been introduced to the market. As of September 2019, there are over 2500 active cryptocurrencies with more than 250 billion dollars total market capitalization and nearly 50 billion dollars daily volume.
Different cryptocurrencies work differently and aim to achieve different goals, e.g., some cryptocurrencies focus on limiting transaction throughput while others concentrate on performance. However, each cryptocurrency ensures a certain level of user anonymity. At the lowest level, users remain pseudo-anonymous, i.e., the real identities of payer and payee remain obscure. Consequently, cybercriminals have exploited the anonymity offered by cryptocurrencies in various crimes, including money laundering and terror financing. Moreover, cryptocurrencies bring several other severe concerns.
This thesis investigates the security and privacy implications of cryptocurrencies. This thesis is composed of three logical parts that focus on recently thriving, prominent, and severe concerns related to: (i) Bitcoin; (ii) Algorand; and(iii) Cryptominers.
In the first part of this thesis, we investigate two issues related to Bitcoin that hold significant importance in this era of cryptocurrencies. In particular, we focus on alarmingly increasing ransomware campaigns and the privacy concerns related to smartphone-based Bitcoin wallet apps. For the former, we present our comprehensive and longitudinal study on the recent ransomware attacks and report the economic impact of such ransomware from the Bitcoin payment perspective. For the latter, we present our work on identifying sensitive user activities on Bitcoin wallet apps that are commonly used for sending, receiving, and trading Bitcoin.
The second part of this thesis focuses on Algorand. Algorand is a truly democratic blockchain consensus protocol that has the potential to shape the future of blockchain technology. To the best of our knowledge, it is the first formal study on Algorand. In our security analysis, we propose a practically feasible attack on Algorand and its possible countermeasures.
In the third part of this thesis, we explore covert cryptomining. The demand for cryptomining has increased drastically with the increasing popularity of cryptocurrencies. In parallel to legitimate cryptomining demands, covert cryptomining has emerged as a utility for malicious actors to gain financial incentives. Cryptocurrencies, such as Monero, have further aggravated the situation by enabling even naive users to mine via a browser application. Considering the severity of the issue, we propose two efficient solutions to detect covert cryptomining under different real-world scenarios.