Bitcoin and security (part 1 of 3)

The fascination with Bitcoin has very likely reached a real-world business near you. But even as cash machines, Web sites, and brick-and-mortar retailers move to accept the cryptocurrency, security folk have questions – about the technology, about its potential vulnerabilities, about how the underlying system might be used for good or evil, and even about whether it’s really a form of money at all. It’s too much to cover in a single blog post, so over the next month I’ll be tackling these questions in a series of essays.

 

We’ll start with the basics – a look at the system, community, protocol, data, and unit of money that, when combined, make up Bitcoin. We’ll also examine Bitcoin from the basic security approach of C-I-A – confidentiality, integrity, and availability. Finally, we’ll briefly look inside an ATM provisioned to buy and sell Bitcoin.

 

First, though, we need to settle the most basic Bitcoin question of all: Is it really, truly a currency? And if it isn’t, what is it?

 

 

What’s in a name – and why security folk should care

 

There isn’t clear consensus yet about what Bitcoin is. Some say it is currency, some say it is property, some say it is just bits of data. In fact, it’s a leading form of cryptocurrency, a term that entered the Oxford Dictionaries Online just last month. (“Bitcoin” was added last summer.) A cryptocurrency uses encryption technique(s) to generate funds and regulate their transfer. You have probably heard this process referred to as Bitcoin “mining.”

 

Of course, it’s never simple to define bleeding-edge technologies. Cases can be made for thinking of Bitcoin as a currency, a foreign currency in need of exchange, an instrument of barter, a form of digital property, or even a commodity. The system has similarities to all those media of exchange, but in truth Bitcoin’s a little bit of everything.

 

That aspect of Bitcoin adds complexity to the problem of understanding what it is and how to secure it. A medium of financial exchange is useless if an attacker can interfere with how it stores value. In order to secure Bitcoin, we need to know what we need to protect -- where the value is held in the Bitcoin system -- since the attacker will go where the value is stored.

 

 

Bitcoin under the hood: System, community, protocol, data, and value unit

 

If you’re trying to squeeze Bitcoin into an existing financial category, it looks like a platypus. However, if you take a look at the technology behind it, it looks like an intricate rocket engine. As if it is not confusing enough, the word "Bitcoin" is being used to describe the system, community, protocol, data, and unit of money.

 

Bitcoin, in its largest sense, is the system of users and machines and data. Since data is virtual, it can be easily copied and shared, and it defies any legal jurisdiction. Users and machines are the physical components of the system. Unlike data, they have to follow the rules of the nation in which they reside.

 

Bitcoin, in a more specific sense, is the data -- the "block chain" that contains all the transaction records. That is the core of the Bitcoin, and as long as the records are maintained, the Bitcoin system can live on.

 

Bitcoin, in a theoretical sense, is the protocol. It is the rule set of how bits should be encrypted, and how data should be moving on the Internet.

 

Finally, “bitcoin” (lower-case B) is the unit of Bitcoin numeration; one might speak of five bitcoins, or five hundred. It’s usually denoted by the abbreviation “BTC.”

 

For the balance of this blog post, we’ll primarily be talking about Bitcoin’s system and protocol. We’re examining how the system is constructed and which security measures and principles have been applied to ensure that pure data, without any collateral guarantee, can be used as a currency that can be trusted. We’ll conduct the examination through the familiar security triad of confidentiality, integrity, and availability.

 

 

Security qualities of Bitcoin: Integrity

 

We’ll deviate slightly from C-I-A and start our inquiry with integrity. Bitcoin adheres to some fairly basic integrity-related premises:

 

- There is a limited supply of bitcoins (The current implementation has a hard limit of 21 million BTC, and this number is totally arbitrary).

- It is easy to verify that the bitcoins that I have are real, and it is difficult to create counterfeit bitcoins.

- The bitcoins that I have cannot be taken away from me without my permission.

 

These are all integrity issues. Bitcoin system solves these issues by being totally open, and in the process providing Traceability and Non-Repudiation.

 

To understand how integrity is maintained, imagine an island nation we’ll call Bitcoinia. There are 21 million acres of land in the country of Bitcoinia, and everyone can see them. Approximately 13 million acres of the territory have been developed, and owners live on that land. The remaining 8 million acres are being still developed by the government, and will be distributed to new citizens of Bitcoinia. The citizens of Bitcoinia can trade existing lands, but they cannot make more land. Everyone can see all the bitcoins in the circulation, or to be issued, so there is no worry that unauthorized bitcoin can be created.

 

The reason your bitcoin cannot be stolen away from you is that to transfer bitcoin from one user to another user, the owner releasing the funds has to sign the "transfer slip" with the owner's private key. If that "transfer slip" is not signed, the system will not authorize the transfer.

 

For end users, as long as there is a limited supply of bitcoins, and no way for someone to take other people’s bitcoins without authorization, that’s all the security information they need. Other than these issues, there isn't anything else that would affect their assets value in the system.

 

 

Security qualities of Bitcoin: Availability

 

For Bitcoin to be used as a currency -- a basic utility -- it has to be available all the time. The designers of Bitcoin chose to build on peer-to-peer protocols, so the currency exists everywhere and nowhere, and it is always available somewhere. There is no physical server that could be a single point of failure.

 

The concept of availability for peer-to-peer networks is little different from a normal server situation. It is not about whether the server is maintaining 99.999% uptime but, rather, measured by how close the local copy is to the master copy. If there is a big gap in the Internet connection, the local copy might become outdated from the master copy, but it would always be available somewhere in some form.

 

Since Bitcoin is completely decentralized, it is less susceptible to distributed denial-of-service (DDoS) attacks. DDoS attacks work by focusing massive traffic into one vulnerable spot. With peer-to-peer networks, there is no single server to bring down, no single point to which attackers can send focused traffic. The selection of peer-to-peer networking as the underpinning of Bitcoin means that availability is baked into the system.

 

 

Security qualities of Bitcoin: Confidentiality

 

Bitcoin’s system is interesting because it locks down some information completely, and makes other information completely open for public scrutiny. For example, Bitcoin transaction records are totally open, and everyone can see every transaction. (It’s hard to imagine that being the case in the offline banking world, but Bitcoin adheres to the Net’s philosophy that everything should be open unless there is a great harm in making it open.)

 

While every transaction is open, the Bitcoin system designers wished to protect privacy at the end points of transactions. This is very similar to how the Internet is architected, in that encryption is taken care of at the end points while the transit layer is built to be open. Though Bitcoin lays bare the transactions themselves, it keeps confidential the identities of the offline-world people (or entities) who have the accounts at either end of the transaction. There is no verification process to create an account; you simply create an account number. You don't need to worry about some other person having the same account number, as account numbers are not some 10-digit sequence, but a number drawn from a very large space [2^160]. And to transfer the money out from that account, you need the private key generated at the time of the account creation. This crypto-based account creation allows the Bitcoin system to create accounts anonymously without a centralized authority, which could be the biggest weakness in keeping confidentiality.

 

That’s the theory. In current practice, a Bitcoin wallet is not totally anonymous, as most of the Bitcoin exchanges are required by governments to provide real-world identification when trying to cash out from the system. This measure is designed to prevent money laundering and is applied to many exchange systems, not just Bitcoin.

 

For example, this is a Bitcoin ATM. It was recently set up near where I live, so I stopped by to try it out. It requires government-issued ID, takes a photo of my face and palm print, and does phone verification via SMS. So, Even though confidentiality is maintained within the Bitcoin system, when it touches the real world, it is not 100% confidential -- for now.

 

BitcoinATM.JPG

 

 

 

Inside a Bitcoin ATM

 

To wrap up this introduction, let’s move from the theoretical to the concrete, with a return visit to the new ATM in my neighborhood.

 

The day after my initial visit, I stopped by to check back with the SMS authentication code sent by the verification system the day before. When I arrived, ATM technicians were doing some system administration remotely, and so I was lucky enough to sneak a few peeks at some of the internals of the Bitcoin ATM. This ATM was running Win7. Most security folk will recognize Task Manager; the third image shows a remote-desktop tool called “teamviewer,” with certain details of the session obfuscated.

 

 

BitATMWin7.JPG

 

 

ATMint2.JPG

 

 

teamvieweditted.jpg

 

 

Like any security person would, I enjoyed getting a look behind the curtain – but it was a strong reminder that no matter how carefully the developer(s) of Bitcoin have architected their system, there’s always the potential for failure.

 

In my next post, I will look at how Bitcoin’s architecture handles the processes of maintaining trust in the network without a centralized authority. We’ll also examine how the Bitcoin-mining process balances the twin “big bet” issues of distribution and valuation. In later posts, we’ll turn our attention from assets to attackers and ask how cybercriminals would adapt to Bitcoin.

 

 

 

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.