Gaspard Anthoine, Research Engineer, IMDEA Software Institute
Proofs of Retrievability (PoRs) are protocols which allow a client to store data remotely and to efficiently ensure, via audits, that the entirety of that data is still intact. A dynamic PoR system also supports efficient retrieval and update of any small portion of the data. We will talk about a new kind of simple protocols for dynamic PoR based on linear algebra. This protocols are designed for practical efficiency, trading decreased persistent storage for increased server computation. Notably, ours is the first dynamic PoR which does not require any special encoding of the data stored on the server. I will also present a variant of the protocol that allows public verifiability, wherein any untrusted third party may conduct an audit.
Gibran Gomez, , IMDEA Software Institute
Cybercriminals often leverage Bitcoin for their illicit activities. In this work, we propose back-and-forth exploration, a novel automated Bitcoin transaction tracing technique to identify cybercrime financial relationships. Given seed addresses belonging to a cybercrime campaign, it outputs a transaction graph, and identifies paths corresponding to relationships between the campaign under study and external services and other cybercrime campaigns. Back-and-forth exploration provides two key contributions. First, it explores both forward and backwards, instead of only forward as done by prior work, enabling the discovery of more addresses and relationships. Second, it prevents graph explosion by combining a tagging database with a machine learning classifier for identifying addresses belonging to exchanges. We evaluate back-and-forth exploration on 30 malware families. We build classifiers for four families using Bitcoin for C&C and use them to demonstrate that back-and-forth exploration identifies 13 C&C signaling addresses missed by prior work. Our approach uncovers a wealth of services used by the malware including 43 exchanges, 11 gambling sites, 5 payment service providers, 4 underground markets, 4 mining pools, and 2 mixers. It also identifies relationships between the malware families and other cybercrime campaigns highlighting how some malware operators participate in a variety of cybercriminal activities.