Why Security Issues May Chronically Hinder Bitcoin Adoption

Tuesday, December 03, 2013

Tripwire Inc


By Will Weisser

This article is mostly inspired by Jeff Garzik’s post, “‘Solution’ to bitcoin volatility,” in which Jeff, a Bitcoin core developer, discusses the price volatility which many feel is holding back Bitcoin from being a usable currency.

The main thrust of Jeff’s argument is that the volatility of Bitcoin will decrease as its adoption grows, and he outlines several engineering projects which he anticipates will help Bitcoin evolve into a currency which could be widely used to make day-to-day purchases.

However, one challenge which he does not address, and which needs to be looked at carefully by the Bitcoin community, are the ongoing systemic security issues related to storing digital currency. I’m not talking about specific bugs or security breaches (plenty of attention is always being paid to the latest big heist or scam), but rather how the concept of digital currency can be made secure enough to be useful to a general audience.

Before we go further, let me say that I am personally bullish about Bitcoin’s future. I love the idea of a currency controlled by its users, and I know that the core idea is brilliant and the implementation technically sound. I believe that if security controls are implemented properly, Bitcoin is far more secure against theft or forgery than any other currency on Earth.

Given the enthusiasm of its existing users, it’s likely Bitcoin will eventually find some niche in which to operate, or enable the creation of new types of financial products, even if it fails to gain the widespread adoption Jeff talks about–similar to the way Linux has flourished despite the Linux community’s failure to realize the dream of Linux on the desktop.

But, if we are going to take seriously the potential of Bitcoin (or any other crypto-currency), we must understand its relationship to more familiar payment systems. To begin with, even though at first glance Bitcoin can appear similar to other methods of electronic payments, under the hood it’s fundamentally different. Bitcoins are balances assigned to “addresses” (short strings of random numbers and letters) in a globally distributed ledger.

Each address has a corresponding “private key” (a slightly longer string of random numbers and letters) which allows balances to be “spent” from that address to another address chosen by the sender. To spend Bitcoins, a private key must be loaded on some computational device so that the proper “unlocking” computations (called a digital signature) can be applied and the ledger permanently updated to reflect the new balances.

The main point to take away from all this is that your security in this system is entirely dependent on the secrecy of your private key. As long as it really remains private, your funds are safe, but if a bad actor ever gets a hold of that simple string of alphanumerics, they can spend your Bitcoins to another address associated with their own private key, and your chance of recovering them are typically low.

Compare this situation to say, a credit card, where the information needed to spend funds is hardly secret at all. Any time a card is swiped at a merchant or entered into a website, bad guys can (and often do) run up charges in your name. But that is the key to a card’s security: a charge is not really the same thing as a spend. Rather, all the bad guy has done is change a database where a balance is associated with your identity. If you approach your bank and prove your identity to them, then they can fix the database and reverse the charges on your behalf, usually leaving the poor merchant holding the tab.

In this sense, Bitcoin more closely resembles traditional cash than other forms of e-spending, and this ability to marry cash-like properties with instant electronic payments is often highly (and rightly) touted by Bitcoin enthusiasts as a boon to various actors, merchants included. But if one could say that Bitcoin combines the “best of both worlds” from a feature perspective, from a security perspective this confluence of cash and computers could hardly be worse.

Cash is difficult to trace and/or recover if it is stolen, which is one of the reasons civilization has avoided storing personal funds in cash for much of recent history. But at least cash has the advantage that it must be physically removed in order to be spent; a Bitcoin key, on the other hand, is pure information, and for all the recent advances in the InfoSec industry, the problem of keeping information secret on general-purpose consumer devices remains stubbornly difficult. To make things worse, users are conditioned to treat all forms of e-payment the same, i.e. as not requiring adherence to strict security protocols.

A currency which is vulnerable to large-scale theft can never be widely adopted for everyday purchases, and thus it follows that if Bitcoin is to become a true alternative to existing payment systems, we must find some way to make it secure for the average consumer.

So far, there is no viable solution to this problem. Requests on forums for the proper way to securely store Bitcoins are met with byzantine lists of instructions involving paper wallets, offline PCs, etc. I’m sorry folks, but if you expect the average Joe or Jane user to be printing off slips of paper, storing them securely (what if they get damaged?), and periodically refilling their online wallets from paper funds when they need to make a purchase, you’re going to be disappointed. Cold storage will likely always remain the best solution for storing very large amounts of digital cash, but for most users who wish to actually use small or medium amounts of Bitcoin, it’s far too cumbersome.

Meanwhile, having consumers use a wallet that runs on a PC or Mac is unworkable, due to the existence of malware which scans for Bitcoin wallets and removes the funds from them instantly. Simply encrypting a wallet on a hard disk will not prevent an attack like this, since malware can be written which waits for a user to enter their passwords, records their keystrokes, and then uses them to decrypt and access their coins. Web-based wallets, even when implemented securely, can only be used by accessing them from some general-purpose device, which makes them just as vulnerable to theft as the local kind in the best case.

What about storing a wallet locally on a smartphone? According to Kevin McNamee of Kindsight Security Labs, though it is growing, the mobile malware infection rate is only 0.6%, compared to 10% of residential machines. Additionally, Trend Micro reports that the infection rate is highly dependant on geography. This means that for the average consumer who relies entirely on well-known apps from a vendor’s app store, storing Bitcoin on their phone may make them less vulnerable to theft than using a PC.

Until recently, carrying more than a trivial amount of coins this way ran the risk of misplacing, smashing or having the phone stolen, thus losing the funds forever. But newer apps such as the Mycelium Bitcoin Wallet can back up of encrypted wallets to the cloud with one tap. By automating what was previously a cumbersome, manual process, the folks behind Mycelium have created perhaps the most secure method for a technology-averse user to store and use Bitcoin.

The system is not perfect; users can still lose the encryption key Mycelium generates for them, and Apple’s practice of removing all Bitcoin wallets from their app store means that iPhone users must jailbreak their phones to get similar functionality. But for now, the Bitcoin community might do well to encourage new users to adopt this system of keeping coins on phones and the cloud, especially since those users would then be able to easily make purchases at local merchants.

There’s a catch, however: though smartphones are generally better at fending off malware than PCs, they are by no means immune, especially because users have a tendency to go out of their way to infect themselves. If Bitcoin does indeed become more popular, and more users begin using their phones to store non-trivial amounts of it, then malware authors will be incentivized to target these devices with new attacks. Who wins the resulting battle of infection vs. prevention is anyone’s guess, but historically, the record of the good guys in such contests has been dismal.

What about law enforcement? Because all Bitcoin transactions are recorded in a publically available ledger, it follows that police might be able to easily trace the destination of stolen funds in some cases, but the global nature of Bitcoin means jurisdiction will always be an issue. Add in so-called “coin laundering” services and the lack of manpower to investigate a large number of small cases, and it seems unlikely that Bitcoin thieves will find the law to be a strong deterrent any time soon.

Perhaps more promising is dedicated hardware, some prototypes of which already exist. Questions remain about how cheaply these devices can be made, and how much (if anything) consumers would be willing to spend on them. Users paying for a payment device is hardly unprecedented (you might have heard of a little company called American Express), but in today’s marketplace, with competitors likePaypalDwolla, and LevelUp offering ways to pay from phones, something tells me that Bitcoin cannot afford to push costs onto the consumer.

Perhaps in the long term, what Bitcoin needs is a big player like Coinbase to step up and hand out free “BTC cards,” with the option to restore lost private keys from backup via conventional identity verification, for a modest fee.

Or better yet, perhaps there’s a better solution out there waiting to be found. After all, Bitcoin belongs to all of us, and its potential for success or failure lies entirely in our collective hands. So, what do you think?

Cross Posted from Tripwire's State of Security
Possibly Related Articles:
Security Bitcoin Jeff Garzik
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.