Category Archives: Bitcoin

The Evolution of Security Thinking

In design sometimes we refer to the strategies used during the design process as Design thinking.  The application of these strategies helps ensure you are solving the right problems and doing so in a repeatable way. You can attribute much of the massive improvements in usability in software and devices over the two decades to these strategies.

If we look at how we have evolved thinking around building secure systems over the last two decades we can see that we have evolved similar strategies to help ensure positive security outcomes.

If we go back to the late 80s we see systems that were largely designed for a world of honest actors. There was little real business happening on the Internet at the time and the hard problems to be solved were all related to how do we enable a global network of interconnected systems so thats where efforts were put. These efforts led us to the Internet of today but it also gave us systems vulnerable to trivial attacks such as the Morris Worm.

By the 90s the modern “security industry” was born and products designed to protect these insecure systems from the internet started to come to market. One of the most impactful examples of this was the TIS Firewall Toolkit, other examples of this way of thinking include Antivirus products and other agents that promised to keep our applications and operating systems safe from “attackers”.

By the late 90s and early 2000s, it was clear that these agents were never going to be effective at keeping the bad guys out and that we needed to be building systems that were Secure by Default, Secure by Design and Private by Design. This shift in thinking meant that solution developers needed to develop their own strategies and tooling to ensure systems could be built to be inherently resilient to the risks they were exposed to. The concept of Threat Modeling is probably the most concrete example of this, believe it or not, this basic concept was essentially absent from software development up until this point.

By this time the technical debt in deployed systems was so great we spent most of a decade just trying to rectify the mistakes of the past. Windows XP SP2 and the Microsoft Security Stand Down is probably the most visible example of the industry making this shift, it also leads to the Security Development Lifecycle that largely informs how we as an industry, approach building secure systems today.

During this timeline, cryptography was treated as something that you sprinkled on top of existing systems with the hope to make them more confidential and secure. As an industry, we largely relied on the US Government to define the algorithms we used and to tell us how to use them securely. As a general rule only products designed for government use or for the small group of “cypherpunks” even considered the inclusion of cryptography due to the complexity of “getting it right”.

Things are changing again, we see the IETF via the CFRG working to standardize on international and independently created and cryptographic algorithms in lieu of relying exclusively on governments to do this standardization. We also see the concept of Formal Verification being applied to cryptographic systems (Galois is doing great work here with Cryptol as are other great projects in the verifiable computing space) which is leading us to have frameworks we can apply to build these concepts into other products securely (check out the Noise Protocol Framework as an example).

I think the Signal Protocol, Rough time, Certificate Transparency and even Blockchain Technologies are examples of the next phase of evolution in our thinking about how we build secure systems. Not because of “decentralization” or some anti-government bent in technologists, instead, these systems were designed with a more-complete understanding of security risks associated with their use.

Trust is a necessary component of human existence. It can give us peace of mind but It can also give us broken hearts. The same is true in the context of system design. Trust cautiously.

These systems, by design, go to great length to limit the need for “trust” for a system to work as intended. They do this by minimizing the dependencies that a system takes in its design, this is because each of those dependencies represents an attack vector as we advance technology our attackers become more advanced as well. They also make extensive use of cryptography to make that possible.

This focus on dependency reduction is why we see Blockchain enthusiasts taking the maximalist position of “Decentralize all the Things”. In my opinion, centralization is not always a bad thing, over-centralization maybe, but centralization can provide value to users and that value is what we should be focused on as solution developers.

My personal take is that when we look back on the next decade we will the say the trend was not “blockchain” but instead this is when we evolved our security thinking and tooling to better utilize cryptography. Specifically that this is when we started to use cryptography to make transparency, confidentiality and verifiability part of the core of the solutions we build instead of thinking of it as a layer we apply once we are done.

Smart cards, PC/SC and Chrome

Smart cards have been around since 1974 and as a technology while they have expanded their capabilities they still work in very much the same way they did back then.

These cards expose a protocol represented in Application Data Units (APDUs), the devices themselves are typically connected to computers via smart card readers (either embedded or external) that communicate via PC/SC.

Shortly after PC/SC was defined a class interface for USB PC/SC devices was defined called CCID with devices that conform to this specification one does not need vendor specific drivers to interact with the PC/SC device.

Since Chrome 26 Google has supported an interface that allows plug-ins to interact with USB devices. While I have not looked at this interface in detail I do know that the Google Gnubby (aka FIDO U2F) uses this interface to interact with their devices. I also understand that the U2F devices are in simple JCOP cards with a Gnubby applet on them.

Based on the above it seems rational to believe a third-party (aka someone other than Google) should also be able to create a Chrome plug-in (which is nothing more than Javascript) that allows a web-page to interact with smart-cards.

This would when paired with a reasonable card-edge that supports secp256k1 enable Multi-signature Bitcoin transactions leveraging smart cards without the need for a “fat” client.

Smart cards, PIV, Bitcoin and secp256k1

I am thrilled to see Multi-sig (P2SH) getting adopted across Bitcoin industry it has the potential to significantly reduce the risks involve with storing Bitcoin online. With that said it is still dependent on software keys, which can be trivially stolen via malware and other attack vectors.

One way to address this risk is to move the keys off of the host and into a isolated computing environment like a smart card.

Hardware devices like the Trezor do this by creating a Bitcoin specific computing environment, which has a many benefits (like being able to enforce policy on the card and get trusted implementations of the whole Bitcoin stack) but they turn into single use devices as a result of this approach also.

An alternate or really complimentary approach would be to have a smart card (or USB token) that supports the same cryptography used in Bitcoin as well as other more commonly used algorithms.

The thing to understand about smart cards is that for the most part every one you see is a proprietary non-interoperable mess. This is a function card industry attempting fend off the race to the bottom by differentiating at the card protocol layer which resulted in devices that are based on “standards” yet are totally non-interoperable.

Where they do “interoperate” it is because middleware has been written to mask these cross-vendor idiosyncrasies. The largest case where this has not happened is in the PIV card-edge, which was defined by the US government as their standard for logical and physical access control.

This card-edge explicitly supports only two ECC curves ansip256r1 and ansip384r1. That said the mechanism the caller has to specify which curve to use is via numbers in IDs specified in SP800-78 that map to the algorithm to be used (see table 6-2 for those algorithms) one could squat on un-used IDs and have a card that could also support secp256k1. This means it is possible to extend a standard PIV applet to support storing and protecting Bitcoin keys also.

PIV has other limitations that make it not ideal for these scenarios, specifically the default ACL set for the cards are such that users can not create keys themselves. GoldKey a smart card vendor who’s product uses the PIV card-edge works around this by adjusting those ACLs and embedding an administrative key within their “driver” that enables key generation to happen when their driver is used.

The net of all of this is that one can reasonably create a smart card that supported all of the rich capabilities that are available to users of a PIV device and also support protecting Bitcoin wallet keys.

Two Factor Authentication with BitGo and Coinbase

Online wallets such as BitGo and Coinbase make Bitcoin much more approachable. That said neither seem to prioritize enabling two-factor authentication. This is surely an artifact of them trying to minimize account setup friction.

The net of this decision is that users have to know setting up two-factor authentication is a good idea and go spelunking for the setting in the account settings.

For technical users this maybe fine but for the less technical often times they either don’t know such an option even exists or don’t have the patience to find where this is done.

It might seem like an unfair criticism to suggest this is a bad approach since most banks and e-commerce sites don’t go make this experience much better but I think Bitcoin companies can and should do more.

If LinkedIn, Facebook and Twitter can remind us to improve our social profiles these high-tech financial institutions can remind us to improve our account safety.

UPDATE 07/28/14: Mike Belshe of BitGo points out that it may not be directly obvious but BitGo does actually require two factor authentication once you add a wallet to the account but since I did not attempt to create a wallet until the account was adequately secured I never observed this enforcement. This approach represents a decent trade-off for reduction of account sign-up friction and account security.

UPDATE 07/29/14: I should also point out that Coinbase does require you to use multi-factor if you use their vault feature. I personally think that they should still be encouraging non-vault users to use multi-factor though.

I would add that while these new wallet services are much easier to use than their predecessors I think there is still plenty of room for improvement and I am looking forward to seeing what they and the newer entrants to this space will bring to the table for users.

If you’re not familiar with the user experiences these two services check out these presentations that show you how to setup accounts with them:

Bitcoin adoption in payments

If you talk to someone about using Bitcoin as a payment technology your surely going to hear about how governments are classifying it as an asset and not a currency and what the corresponding tax implications are.

While I think the current tax situation is unfortunate and hope this trend changes I don’t think this is the largest issue (just look at the sales online retailers are seeing despite this change as a proof point). In-fact there is so much slop in the payments system it might even be reasonable to cover the tax implications through the efficiency improvements Bitcoin can bring to the ecosystem.

I think the larger issues are in-fact that the incentive models for the incumbents are such that it’s not likely they will be the ones driving this change.

Just consider that we have been using technology known to be grossly insecure for card-present transactions for over twenty years and even though viable alternatives exist they have not been adopted.

That despite the massive shift to online sales these incumbents have not presented the market a payment solution designed to work well for the Internet.

The rational for not doing so makes sense; when you are the incumbent you resist change as it has potential to weaken your position and the costs of the security issues (as long as measurable) can simply be passed on to the merchant as long as the buyers keep buying.

Simply put they have little incentive to change.

Despite this change is on the horizon; as more and more goes online the relevance of card present transactions diminish (link to retail buying trends) the world also becomes a smaller place and these incumbents start to face competition from governments with their own payments infrastructure like in Singapore and other countries.

This means customers are starting to have choices and as such there is a prime opportunity to see a seismic shift in the way these incumbents look at their businesses.

This shift may provide the impetus to the incumbents to modernize and address these competitive risks. One way that modernization could manifest would be through their own adoption of a virtual currency like Bitcoin or acquire the new entrants with solutions in these space; for example:

  • Payment processors could go out and buy large private mining concerns as their role is in Bitcoin is essentially the same.
  • Card Networks or issuing banks might go out and buy online wallets like BitGo and Blockchain.
  • Acquiring banks could go and buy payment providers like CoinBase and BitPay.

Regardless of how such a migration happens the use of a virtual currency as a foundational payments technology has the potential to reduce the number of entities involved in each transaction making transactions more secure and cheaper. If embraced by the incumbents in the payment ecosystem this could even align with their logical view of the world.

Bitcoin and the credit card ecosystem

We use our credit cards every day yet most of us don’t really understand what happens when we swipe a credit card at a merchant. Did you know there are no less than six different players (above and beyond the consumer and the merchant) involved in a typical transaction?

Acquiring Banks – These are the retail banks that serve the merchant, you can think of them as the entity managing the bank account where deposits go for the merchant.

Payment Processors – These are actually the entities that really make credit cards work, they ensure everyone gets paid in accordance with the associated agreements. Some of the largest players here are FirstData, Heartland, Chase and Bank of America.

Issuing Banks – These are the banks that serve the consumer by providing them credit cards. They not only evangelize and sell the cards but own the customer relationship.

Service Providers – It used to be the only way to take credit cards was to work with your “acquiring bank” but now consultants handle this work for the banks.

Hardware Providers – Those clunky credit card terminals come from somewhere as to the point of sale terminals stationed in every retail establishment you visit. One of the largest is Verifon.

Credit Card Networks – This is Visa, Mastercard, American Express and Discover these guys don’t really clear transactions they instead establish the rules by which the system works and establish the technological standards the system uses.

Each one getting a piece of every transaction performed with that card, that cut can range from 2% to 3% of a transaction; if we assume the low end for a $100 transaction this looks something like this:

Merchant  $98.00
Issuing Bank  $1.50
Card Network  $0.15
Split between payment processor, Service Provider and Acquiring Bank  $0.35
 $100.00

This is of course before currency conversion fees, interest, card-fees, credit card rewards, charge backs and the numerous other variables at play in these transactions.

Some reports suggest in 2013 there were more than $4 trillion in these card-based transactions in the US alone. It’s also worth noting that in the US more than many other countries cards are being used for smaller and smaller transactions and this trend is likely to expand as cash becomes less convenient.

Startups like Square and Level-up are trying to disrupt these card-present transactions like Paypal has done for the card-not-present transactions and by doing so they are really going after a share of the that .35c that is currently split between the various players and the money the hardware providers get out of the merchant.

This is a great business but the sheer number of players involved in the system makes it hard to make ends meet. These players try to game the system by building additional products based purchasing behavior and batching transactions but the current system is so complicated with and has so many players its simply hard to get the slop out.

More over the standards set by the credit card networks are weak, the technologies these systems are based on are easily compromised and even their more secure counterparts based on chip-and-pin don’t live up to their security promises.

Then there is the question of usability of these systems which are far from optimum, we have all tried swiping our cards or entering the pin finding the readers unable to work with the cards or seen someone swipe the card the wrong way.

NFC has long been touted as the solution to some of these problems but despite being over 10 years old, has its own security issues, has hardly been deployed and at best is just a new hardware layer on the already overly complicated system.

One way to address these problems is to setup a separate system that runs along side this existing framework. This system would be designed to be more secure, easier to use and have fewer moving parts. Such a system if done right could get the slop out of the payments system, merchants could get paid quicker, keep more of their profits, consumers and merchants alike could experience less fraud and we could even have a more usable system.

Bitcoin has the potential to be the catalyst and foundation to make this happen; I don’t think we will see card-present transactions based on efficient models of bitcoin use in the near future but I do think it will happen.

If this approach can simply half the current cost structure of the payments that would put 1%-1.5% back in the merchants pockets, if along the way it reduces charge backs, currency conversion fees, and the other miscellaneous charges that infect this system it can foundationally change the way we look at commerce.

Bitcoin has this potential and I for one am excited to see what the next few years have in-store.

Proving assets under management is important but it is not an audit

Recently Bitstamp did a public display of assets under management and while I think its important they and others (like Kraken and the Vault of Satoshi) do this it does not an audit make.

Just look this video where Roger Ver attests things look good at Mt. Gox or what happened with Neo&Bee.

Don’t get me wrong what Bitstamp, Kraken and Vault of Satoshi are doing is great but they are not “audits” at least useful ones.

au-dit : an official inspection of an individual’s or organization’s accounts, typically by an independent body.

What kind of litmus test must be passed for me to consider something a useful “audit”?

  1. Does it look at evidence in balance? For example if someone has a million dollars in the bank but has signed first right debt agreements for two-million your still likely out of luck in the event they go under.
  1. Does it look at the complete picture? Its entirely possible an entity has all of its assets under its control and is debt free but the principals have unobstructed access to the funds or that the security and engineering practices are so lax that at any given moment a system can be compromised without detection.
  1. Does it measure practices to a standard? Audits are performed to some standard, for example the Sarbanes Oxley audits use a standard set of criteria that help assure financials are being tracked published accurately. While the WebTrust for CA audits ensures that certificate authorities are following common minimum standards for securing their operations.
  1. Is the standard relevant to the business in question? The risks in each system are different even if only subtly; there are many things in a WebTrust for CA audit that might be relevant to a bitcoin exchange but there are just as many things that are not the same is true for a SOX report. For an audit to be valuable it has to be one that was designed to prove something relevant.
  1. Is it performed by an independent third-party? Conflicts of interest are abound and when money is involved people often do the wrong thing. While the use of celebrity people from the community in a pinch is fine (and no disrespect intended) these individuals have a vested interest in the success of bitcoin.
  1. Is it performed by a qualified individual or group? Often times the “low bid” auditor wins but these are the same auditors who ask for stupid things.

So to-date has there been a single usfull bitcoin audit? I think its safe to say no. I would go so far to say that the practices of most Bitcoin entities are not actually audit-able because one has to design processes and procedures to ensure that they are and this slows down the “innovation train”.

In Coindesk post about Bitstamp’s “audit” Mike Hearn was quoted as saying “It’s a bit early to be setting standards yet” I would respond by asking the question if not now when? In my opinion this is exactly the right time to be tackling this problem.

These standards take time to be developed and have impacts on the way businesses operate and starting now not only ensures that the rapid growth in the Bitcoin ecosystem takes into consideration meeting some shared requirements on liquidity, solvency, audibility, transparency and security but by doing it now the requirements end-up being defined by the Bitcoin community instead of thrust upon it.

Regardless we need to be honest about what’s being shown when these events occur, they do little more than prove an entity has an amount of Bitcoin but nothing more.

Liquidity risk and management in Bitcoin

In finance, liquidity risk is the risk that a given security or asset cannot be traded quickly enough in the market to prevent a loss (or make the required profit). 

This of course begs the question how liquid do you need to be? Surely the answer is at least partially tied to the volatility of the asset in question and what your individual exposure to the potential loss might be.

When it comes to Bitcoin, at least more so than with physical assets, the more liquid you are the more at risk you are in that liquidity also means that the corresponding wallet keys are easily accessible.  And the more accessible the corresponding keys are the more at risk they are.

One can manage these risks a number of ways the most simple being not keeping “all your eggs in one basket” by keeping only the funds that must be readily available “online” and then using schemes like P2SH and Shamir Secret Sharing to manage the associated keys.

The Bitcoin ecosystem has clearly embraced these things as concepts, at least in the abstract in that “cold wallet” and “hot wallet” are synonymous concepts in the ecosystem. With that said the strategies you use to mitigate risk when you hold $10,000 USD should be different than when you hold $100,000 USD and this is not something individuals have had to take responsibility for historically.

One of the most fundamental changes Bitcoin represents today is that you, the principal are now also principally responsible for keeping your funds safe. Despite this we are still faced with the problem people struggle to understand the risks they are exposed to on the digital realm.

This is why in Bitcoin’s short history we find case after case of individuals putting their assets in the hands of under funded practically anonymous entrepreneurs with no real experience in finance or computer security.

The recent influx of capitol into the Bitcoin ecosystem has the potential to change this but it will also change the nature of Bitcoin at least in-part. The technology has been painted as the Libertarian’s dream and in many respects it might be but for broad acceptance it needs to embrace some level of regulation if it’s to see adoption outside that niche.

Liquidity risk management is a great example; How much of their assets should an exchange keep online? How quickly do they need to settle transactions? Should they be required to have 100% of the funds associated with their internal ledgers? Should they keep their assets and liabilities private or make them public? Should they be mandated to have security and fraud-analytics in place so they can detect abuse and market manipulation? Should they be required to carry insurance to protect consumers from negligence?

It is my belief that requirements like the above would strengthen the Bitcoin ecosystem and make it a more viable means for the less technical and the financial ecosystem to adopt Bitcoin.

 

SWIFT, CHIPS, ACH, Fedwire and Bitcoin…

Bank transfers, especially international bank transfers, can be incredibly complicated with many players both directly and indirectly involved.

As you might imagine its actually even more complicated and nuanced than it looks on the surface; in fact banks often times maintain accounts with each others to accelerate transfers as well.

This on the surface makes lots of sense but when you consider that in the US alone there are around 6,800 federally insured financial institutions and that there are over 200 sovereign nations that this quickly becomes an unworkable approach.

This is why there are these clearing-house entities; they act as brokers of these relationships.

Something else that many don’t realize is that not all banks belong to these organizations. As a result there is a routing problem that’s not dissimilar to the routing problems on the internet — there are many ways those funds might get transferred from one location to another each with their own cost and performance penalties.

But if only some banks belong to these organizations and every bank doesn’t have an account with each other how do they facilitate the interbank transactions? Through intermediaries of course; often via larger banks just like how the smaller banks outsource credit cards to third-party card issuers.

Over the years numerous attempts have emerged to modernize the banking system but interests are entrenched and something as fundamental as banking doesn’t change overnight. The efforts that have been successful have either looked like new products for banks to sell or solve immediate and tactical cost structure issues in their businesses.

Unfortunately this often results in more transactional intermediaries and not less, this is why in 2014 when we have global internet connectivity can still take a week (or more) for interbank transfers to actually settle.

One of the reasons I like Bitcoin is it represents a model where this slop and inefficiency can be removed which can dramatically speed up the financial system at the same time it has the potential to significantly reduce costs to all the players in the ecosystem and in the process kick off a new wave of innovation.

The largest hurdles are certainly regulatory and resistance to adopt technologies not under their direct control but like the ban on export of strong cryptography from the United States any restrictions that are put in place will only last for a limited time because its impossible to stop to use of the associated concepts and when their critical mass represents a competitive disadvantage the financial ecosystem would jump in near unison to take advantage of them.