Security Research
Showing results for 
Search instead for 
Do you mean 

Bitcoin and security (part 1 of 3)

John_Park on ‎06-09-2014 04:32 AM

The fascination with Bitcoin has very likely reached a real-world business near you. But even as cash machines, Web sites, and brick-and-mortar retailers move to accept the cryptocurrency, security folk have questions – about the technology, about its potential vulnerabilities, about how the underlying system might be used for good or evil, and even about whether it’s really a form of money at all. It’s too much to cover in a single blog post, so over the next month I’ll be tackling these questions in a series of essays.

 

We’ll start with the basics – a look at the system, community, protocol, data, and unit of money that, when combined, make up Bitcoin. We’ll also examine Bitcoin from the basic security approach of C-I-A – confidentiality, integrity, and availability. Finally, we’ll briefly look inside an ATM provisioned to buy and sell Bitcoin.

 

First, though, we need to settle the most basic Bitcoin question of all: Is it really, truly a currency? And if it isn’t, what is it?

 

 

What’s in a name – and why security folk should care

 

There isn’t clear consensus yet about what Bitcoin is. Some say it is currency, some say it is property, some say it is just bits of data. In fact, it’s a leading form of cryptocurrency, a term that entered the Oxford Dictionaries Online just last month. (“Bitcoin” was added last summer.) A cryptocurrency uses encryption technique(s) to generate funds and regulate their transfer. You have probably heard this process referred to as Bitcoin “mining.”

 

Of course, it’s never simple to define bleeding-edge technologies. Cases can be made for thinking of Bitcoin as a currency, a foreign currency in need of exchange, an instrument of barter, a form of digital property, or even a commodity. The system has similarities to all those media of exchange, but in truth Bitcoin’s a little bit of everything.

 

That aspect of Bitcoin adds complexity to the problem of understanding what it is and how to secure it. A medium of financial exchange is useless if an attacker can interfere with how it stores value. In order to secure Bitcoin, we need to know what we need to protect -- where the value is held in the Bitcoin system -- since the attacker will go where the value is stored.

 

 

Bitcoin under the hood: System, community, protocol, data, and value unit

 

If you’re trying to squeeze Bitcoin into an existing financial category, it looks like a platypus. However, if you take a look at the technology behind it, it looks like an intricate rocket engine. As if it is not confusing enough, the word "Bitcoin" is being used to describe the system, community, protocol, data, and unit of money.

 

Bitcoin, in its largest sense, is the system of users and machines and data. Since data is virtual, it can be easily copied and shared, and it defies any legal jurisdiction. Users and machines are the physical components of the system. Unlike data, they have to follow the rules of the nation in which they reside.

 

Bitcoin, in a more specific sense, is the data -- the "block chain" that contains all the transaction records. That is the core of the Bitcoin, and as long as the records are maintained, the Bitcoin system can live on.

 

Bitcoin, in a theoretical sense, is the protocol. It is the rule set of how bits should be encrypted, and how data should be moving on the Internet.

 

Finally, “bitcoin” (lower-case B) is the unit of Bitcoin numeration; one might speak of five bitcoins, or five hundred. It’s usually denoted by the abbreviation “BTC.”

 

For the balance of this blog post, we’ll primarily be talking about Bitcoin’s system and protocol. We’re examining how the system is constructed and which security measures and principles have been applied to ensure that pure data, without any collateral guarantee, can be used as a currency that can be trusted. We’ll conduct the examination through the familiar security triad of confidentiality, integrity, and availability.

 

 

Security qualities of Bitcoin: Integrity

 

We’ll deviate slightly from C-I-A and start our inquiry with integrity. Bitcoin adheres to some fairly basic integrity-related premises:

 

- There is a limited supply of bitcoins (The current implementation has a hard limit of 21 million BTC, and this number is totally arbitrary).

- It is easy to verify that the bitcoins that I have are real, and it is difficult to create counterfeit bitcoins.

- The bitcoins that I have cannot be taken away from me without my permission.

 

These are all integrity issues. Bitcoin system solves these issues by being totally open, and in the process providing Traceability and Non-Repudiation.

 

To understand how integrity is maintained, imagine an island nation we’ll call Bitcoinia. There are 21 million acres of land in the country of Bitcoinia, and everyone can see them. Approximately 13 million acres of the territory have been developed, and owners live on that land. The remaining 8 million acres are being still developed by the government, and will be distributed to new citizens of Bitcoinia. The citizens of Bitcoinia can trade existing lands, but they cannot make more land. Everyone can see all the bitcoins in the circulation, or to be issued, so there is no worry that unauthorized bitcoin can be created.

 

The reason your bitcoin cannot be stolen away from you is that to transfer bitcoin from one user to another user, the owner releasing the funds has to sign the "transfer slip" with the owner's private key. If that "transfer slip" is not signed, the system will not authorize the transfer.

 

For end users, as long as there is a limited supply of bitcoins, and no way for someone to take other people’s bitcoins without authorization, that’s all the security information they need. Other than these issues, there isn't anything else that would affect their assets value in the system.

 

 

Security qualities of Bitcoin: Availability

 

For Bitcoin to be used as a currency -- a basic utility -- it has to be available all the time. The designers of Bitcoin chose to build on peer-to-peer protocols, so the currency exists everywhere and nowhere, and it is always available somewhere. There is no physical server that could be a single point of failure.

 

The concept of availability for peer-to-peer networks is little different from a normal server situation. It is not about whether the server is maintaining 99.999% uptime but, rather, measured by how close the local copy is to the master copy. If there is a big gap in the Internet connection, the local copy might become outdated from the master copy, but it would always be available somewhere in some form.

 

Since Bitcoin is completely decentralized, it is less susceptible to distributed denial-of-service (DDoS) attacks. DDoS attacks work by focusing massive traffic into one vulnerable spot. With peer-to-peer networks, there is no single server to bring down, no single point to which attackers can send focused traffic. The selection of peer-to-peer networking as the underpinning of Bitcoin means that availability is baked into the system.

 

 

Security qualities of Bitcoin: Confidentiality

 

Bitcoin’s system is interesting because it locks down some information completely, and makes other information completely open for public scrutiny. For example, Bitcoin transaction records are totally open, and everyone can see every transaction. (It’s hard to imagine that being the case in the offline banking world, but Bitcoin adheres to the Net’s philosophy that everything should be open unless there is a great harm in making it open.)

 

While every transaction is open, the Bitcoin system designers wished to protect privacy at the end points of transactions. This is very similar to how the Internet is architected, in that encryption is taken care of at the end points while the transit layer is built to be open. Though Bitcoin lays bare the transactions themselves, it keeps confidential the identities of the offline-world people (or entities) who have the accounts at either end of the transaction. There is no verification process to create an account; you simply create an account number. You don't need to worry about some other person having the same account number, as account numbers are not some 10-digit sequence, but a number drawn from a very large space [2^160]. And to transfer the money out from that account, you need the private key generated at the time of the account creation. This crypto-based account creation allows the Bitcoin system to create accounts anonymously without a centralized authority, which could be the biggest weakness in keeping confidentiality.

 

That’s the theory. In current practice, a Bitcoin wallet is not totally anonymous, as most of the Bitcoin exchanges are required by governments to provide real-world identification when trying to cash out from the system. This measure is designed to prevent money laundering and is applied to many exchange systems, not just Bitcoin.

 

For example, this is a Bitcoin ATM. It was recently set up near where I live, so I stopped by to try it out. It requires government-issued ID, takes a photo of my face and palm print, and does phone verification via SMS. So, Even though confidentiality is maintained within the Bitcoin system, when it touches the real world, it is not 100% confidential -- for now.

 


 

 

 

Inside a Bitcoin ATM

 

To wrap up this introduction, let’s move from the theoretical to the concrete, with a return visit to the new ATM in my neighborhood.

 

The day after my initial visit, I stopped by to check back with the SMS authentication code sent by the verification system the day before. When I arrived, ATM technicians were doing some system administration remotely, and so I was lucky enough to sneak a few peeks at some of the internals of the Bitcoin ATM. This ATM was running Win7. Most security folk will recognize Task Manager; the third image shows a remote-desktop tool called “teamviewer,” with certain details of the session obfuscated.

 

 


 

 


 

 


 

 

Like any security person would, I enjoyed getting a look behind the curtain – but it was a strong reminder that no matter how carefully the developer(s) of Bitcoin have architected their system, there’s always the potential for failure.

 

In my next post, I will look at how Bitcoin’s architecture handles the processes of maintaining trust in the network without a centralized authority. We’ll also examine how the Bitcoin-mining process balances the twin “big bet” issues of distribution and valuation. In later posts, we’ll turn our attention from assets to attackers and ask how cybercriminals would adapt to Bitcoin.

 

 

 

0 Kudos
About the Author

John_Park

Labels
Events
Aug 29 - Sep 1
Boston, MA
HPE Big Data Conference 2016
Attend HPE’s Big Data Conference on August 29 - September 1, 2016 to learn from peers in every industry and hear from Big Data experts and thought lea...
Read more
Sep 13-16
National Harbor, MD
HPE Protect 2016
Protect 2016 is our annual conference on September 13 - 16, 2016, and is the place to meet the world’s top information security talent, discuss new pr...
Read more
View all