Biblio

Selfish mining is a well-known mining attack strategy discovered by Eyal and Sirer in 2014. After that, the attackers' strategy has been further discussed by many other works, which analyze the strategy and behavior of a single attacker. The extension of the strategy research is greatly restricted by the assumption that there is only one attacker in the blockchain network, since, in many cases, a proof of work blockchain has multiple attackers. The attackers can be independent of others instead of sharing information and attacking the blockchain as a whole. In this paper, we will establish a new model to analyze the miners' behavior in a proof of work blockchain with multiple attackers. Based on our model, we extend the attackers' strategy by proposing a new strategy set publish-n. Meanwhile, we will also review other attacking strategies such as selfish mining and stubborn mining in our model to explore whether these strategies work or not when there are multiple attackers. The performances of different strategies are compared using relative stale block rate of the attackers. In a proof of work blockchain model with two attackers, strategy publish-n can beat selfish mining by up to 26.3%.

In this study, we present WindTalker, a novel and practical keystroke inference framework that allows an attacker to infer the sensitive keystrokes on a mobile device through WiFi-based side-channel information. WindTalker is motivated from the observation that keystrokes on mobile devices will lead to different hand coverage and the finger motions, which will introduce a unique interference to the multi-path signals and can be reflected by the channel state information (CSI). The adversary can exploit the strong correlation between the CSI fluctuation and the keystrokes to infer the user's number input. WindTalker presents a novel approach to collect the target's CSI data by deploying a public WiFi hotspot. Compared with the previous keystroke inference approach, WindTalker neither deploys external devices close to the target device nor compromises the target device. Instead, it utilizes the public WiFi to collect user's CSI data, which is easy-to-deploy and difficult-to-detect. In addition, it jointly analyzes the traffic and the CSI to launch the keystroke inference only for the sensitive period where password entering occurs. WindTalker can be launched without the requirement of visually seeing the smart phone user's input process, backside motion, or installing any malware on the tablet. We implemented Windtalker on several mobile phones and performed a detailed case study to evaluate the practicality of the password inference towards Alipay, the largest mobile payment platform in the world. The evaluation results show that the attacker can recover the key with a high successful rate.