Conference proceeding
Deanonymizing Ethereum Users behind Third-Party RPC Services
IEEE INFOCOM 2024 - IEEE Conference on Computer Communications, pp 1701-1710
20 May 2024
Abstract
Third-party RPC services have become the mainstream way for users to access Ethereum. In this paper, we present a novel deanonymization attack that can link an Ethereum address to a real-world identity such as IP address of a user who accesses Ethereum via a third-party RPC service. We find that RPC API calls result in distinguishable sizes of encrypted TCP packets. An attacker can then find when a user sends a transaction to an RPC provider and immediately send a beacon transaction after the user transaction. By exploiting the differences in the distributions of inter-arrival time intervals of normal transactions and two simultaneously initiated transactions, the attacker can identify the victim transaction in the Ethereum network. This enables the attacker to correlate the Ethereum address of the victim transaction's initiator with the source IP address of TCP packets from a victim user. We model the attack through empirical measurements and conduct extensive real-world experiments to validate the effectiveness of our attack. With three optimization strategies, the correlation accuracy can reach to 98.70% and 96.60% respectively in Ethereum testnet and mainnet. We are the first to study the deanonymization of Ethereum users behind third-party RPC services.
Metrics
18 Record Views
Details
- Title
- Deanonymizing Ethereum Users behind Third-Party RPC Services
- Creators
- Shan Wang - Southeast UniversityMing Yang - Southeast UniversityWenxuan Dai - Southeast UniversityYu Liu - Southeast UniversityYue Zhang - Drexel UniversityXinwen Fu - University of Massachusetts Lowell
- Publication Details
- IEEE INFOCOM 2024 - IEEE Conference on Computer Communications, pp 1701-1710
- Publisher
- IEEE; NEW YORK
- Number of pages
- 10
- Grant note
- National Natural Science Foundation of China (10.13039/501100001809) Ministry of Education (10.13039/100010002) National Science Foundation (10.13039/100000001)
- Resource Type
- Conference proceeding
- Language
- English
- Academic Unit
- Computer Science (Computing)
- Web of Science ID
- WOS:001296261600171
- Scopus ID
- 2-s2.0-85201814305
- Other Identifier
- 991021898164404721
InCites Highlights
Data related to this publication, from InCites Benchmarking & Analytics tool:
- Collaboration types
- Domestic collaboration
- International collaboration
- Web of Science research areas
- Computer Science, Hardware & Architecture
- Engineering, Electrical & Electronic
- Telecommunications