Part I. Introduction
Commerce on the internet relies nearly entirely on real-world financial institutions to serve as third parties to process electronic payments. The non-physical nature of the internet makes it nearly impossible for a truly secure payment mechanism to function for products or services rendered or procured over the internet. Although the entrenched methods work with reasonable security and reliability, they also present risks that some might consider unnecessary. Financial fraud stemming from online transactions is nothing new, it is growing with the increasing size and pervasiveness of the internet and is unlikely to go away. It is thus vital for a payment mechanism to be produced and utilized that is engineered to meet the demands of e-commerce. One such solution is the recently famous Bitcoin which has taken the world by storm and has the real possibility of being the first widely accepted virtual, non-centralized currency. The question necessarily arises however: is a system like Bitcoin secure? The answer, although complex, is a tentative “Yes”. This article will first elucidate, in considerable detail, the computational and network mechanisms by which Bitcoin operates. Secondarily, the programatic and computational vulnerabilities will be discussed. Lastly, the article will address the primary vulnerabilities of any virtual currency – the distribution and trading channels, market dynamics, and government involvement.
Regarding the current approach to online transactions, an inherent “Achilles Heal” is that it relies quite significantly on a ‘trust-based’ model, one which obviously, can have considerable faults. The necessary evil of mediation by third-party financial institutions inevitably increases the overall transaction costs for everybody, in terms of both monetary and efficiency. Bitcoin seeks to solve this issue, as do other equivalent virtual currencies. The risks inherent to an online transaction also limit the desirability and security of conducting smaller, more casual transactions (as we might do in the real-world with cash.) This becomes a bigger issue online where it is not so comfortable to render a non-reversible payment for a non-reversible service, as is the case with media or expendable/consumable items. This dynamic creates an unspoken ‘stand-off’ between buyers and sellers. The result of the inherent risk in the system of online payments is that online retailers and merchants are effectively requiredto ask for more information from their customers than would be otherwise necessary, this acts as their “insurance” of sorts. Such information would be unnecessary to exchange in a cash-transaction situation. The unnecessary collection of data itself poses a risk which is often exploited by identity-thieves. Bitcoin seeks to fix these issues and act as a bespoke currency, specifically aimed at solving the internet’s requirements.
Part II. The Technological Basis and Architecture of Bitcoin
Bitcoin was engineered as a payment system “…based on cryptographic proof instead of trust…” (Satoshi, 2008) such that it would enable consenting individuals or organizations to transact directly, without the requirement of a trustworthy third-party to act as mediator. In essence, Bitcoin’s appeal comes from the fact that it is a transaction that it computationally (very) impractical to reverse, therefore acting as deterrent for fraud and thus protecting both parties.
Bitcoin is a means to solving the problems of traditional online payments, rooted in third-party institutions and requiring a faulty “trust-based” system. Bitcoin does this by using a peer-to-peer, highly distributed timestamp server network to actually generate true computational proof regarding the chronological order of transactions. The system effectively relies on high-level cryptography and enormously impractical levels of computational power to generate virtual currency that is practically impossible to crack. The creation of Bitcoins quite literally involves the solving of enormously complicated puzzles by the computer, this is the basis of the creation of Bitcoins.
The notion of Bitcoin is a difficult one to grasp, as it is a currency without any physical representation or manifestation. A Bitcoin is defined as a chain of digital signatures – whereby each owner transfers the “money” to another by placing their digital signature in a hash of the prior transaction, and within the public log of the secondary owner. These signatures are added to the “end” of the digital representation of this coin, to effectively give it a continuously evolving and entirely unique digital fingerprint. This signature is then cross-referenced and validated across the entire network, where it is then logged separately. The recipient of a Bitcoin can then verify the transaction by approving these “signatures” to confirm this ownership chain. This is represented by the below graph, which demonstrates the chain of transaction for a coin. (see Figure 1)
What might be observed within this system however is that the payment recipient cannot verify that the previous owner has not “double-spent” the Bitcoin. This is important, as Bitcoin has no physical representation, there is a possibility of the value represented by the Bitcoin being “given” to multiple recipients in a fraudulent fashion. It is critical that each Bitcoin retain a precise value that is represented with 100% consistency. Of course, a solution to this potential for double-spending could be addressed through a more traditional approach, such as a more central authority, a “virtual mint” if you will. However, the aforementioned approach then means that the entire currency system would rely too heavily on this “central” authority – it would become an abstracted version of the current third-party mediators, which Bitcoin seeks to do away with. Bitcoin addresses this by using a vast network of voluntarily opted-in “timestamp servers” which function by taking a hash of items that need to be timestamped and then publishes the hash across an enormous quantity of virtual locations. The network relies on individual machines to form consensus-based logs, in return, the machines also generate Bitcoin. What this all accomplishes is that the published timestamp provides proof-of-existence of the data, ensuring a reliable and falsifiable record system. As transactions and exchanges continue, the previous timestamps are stored and cross-referenced, eventually forming a chain of improbable combination, ensuring a verified and reliable transaction history that is non-identifying, and anonymous enough to provide true “cash-like” behavior. The chains which determine the “signature” of the Bitcoin are constantly evolving, absurdly complicated, continuously stored and verified in a log; they require the consensus of an enormous quantity of distributed servers to be validated. What this inevitably dictates is that “honest” nodes of the network determine the chains, their collective CPU power is then orders of magnitude more powerful than a malevolent “attacker” would likely have. To counterfeit a Bitcoin would require the attacker to redo the “proof-of-work” of everything for a block of Bitcoins, catch-up to the present state, and then overtake the logging and verifying of the “honest” nodes. Logically, as additional components are added to the chain, the likelihood of the presumably slower “attacker” catching up to accomplish the feat of “hijacking” a block of coins becomes exponentially smaller. This is due to the simple fact that the validity of a Bitcoin is established through the collective consensus of a hugely distributed network of servers that can deliver a level of assurance through computational power that would be practically impossible for an individual to surpass.
From a network perspective, Bitcoin operates by delivering all transactions to every server node available. Each server node then collects the new transactions into a specific matched “block”. The server nodes then work to obtain the “proof-of-work” for the aforementioned block. Once the prior step is accomplished, the server node then broadcasts the “proof-of-work” to all the other network participants. The “proof-of-work” that defines the block is then only accepted if the transaction history is valid, and that the Bitcoin has not been spent already. Finally, the server nodes indicate approval of a Bitcoin by developing and generating the next component of the chain, using the hash of the previously accepted coin as the “previous” hash in the next sequence. To ensure speed of transaction in creating a validated coin (i.e. making sure the target of computation is the most ‘up-to-date), the server nodes will always designate the longest chain as the valid one, and will thus keep working on that one. If in the instance of two server nodes delivering two or more different versions of the same coin simultaneously, the nodes work on the first one received, however they will save other versions in the case that one of them becomes longer as the result of other network nodes’ work. Once, the valid version has been established, all nodes then shift to exclusively operating with the consensus-verified coin. The powerful result of this is that a transaction does not need to be delivered to all server nodes, provided that it is received by a sufficient number the transaction will be logged, verified, and passed.
It should be apparent that to make the network process possible, that a large number of computers are necessary. While the computers involved in the process are logging and verifying, the possibility arises for a new “block” to be produced, which “starts” a new Bitcoin, which is logically owned by the creator (owner of the computer/server). As Satoshi himself said “The steady addition of a constant amount of new coins is analogous to gold miners expending resources to add gold to circulation.” (Satoshi, 2008) As would be expected, the resources that are employed to “mine” come in the form of CPU power/time and the electricity required to support the system. This is a particularly ingenious construct, as it effectively directs that the computational power involved in being an “honest” node and logging/mining is considerably less than the power required to try to fraud the system. In a nutshell, Bitcoin incentivizes honesty in an indirect fashion, compensating the honest participants to act as the necessary network, by making the “honest” behavior more profitable.
Bitcoin’s network dynamics are engineered to act as a cryptographically and computationally complex means of establishing reliability. The aforementioned reliability is secure so long as the networks themselves are secure – (i.e. controlled by the “honest” nodes). Because of this reason, it is likely that an enterprise that receives high-volume/frequent payments in the form of virtual currency would find it necessary to operate their own server-nodes as a means of more independent, expedient, and secure verification. It is interesting to consider that if many enterprises and organizations were to use their own server-nodes for this purpose, that the result would be an even larger and more secure network.
Before fully understanding it, the public logging methodology employed by Bitcoin might be of some privacy concern to some. To the contrary, Bitcoin’s methods ensure a very high level of anonymity and privacy. To compare Bitcoin to traditional financial systems; consider that the privacy provided by banks comes in the form of information secrecy and limitation. These existing third-party intermediates are the trusted “mediator”. In contrast to this, Bitcoin requires all transactions to be announced publicly, tied to the “coin” that represents the value – despite the logging and “public” declaration, there are zero identifying components to any of this. A real-world equivalent would be the stock markets, in which the trades are compiled into a gross data log, without disclosing the specifics of involved parties. You can “hide in the noise”. To further secure the privacy of Bitcoin, a new key (similar to an SSH Key) is generated for each transaction, to prevent any identifiable pattern attributable to an individual from being formed. The most significant security consideration regarding privacy is that if the key owner’s identity were ever revealed, the use of linking prior transactions might reveal prior activity conducted by that individual, if the same key were ever used. This key system also prevents fraudulent behavior, as the recipient of a transaction must generate a “pair” whereby the public key is given to the paying party just prior to the transaction, thus leaving very limited availability for the payee to preemptively engineer a fraudulent transaction to trick the recipient.
So why is all the aforementioned significant? Bitcoin is a fully-virtual electronic transaction system that has absolutely no requirement for inter-party trust. The highly complicated digital “fingerprint” that designates the identity and ownership of a coin is backed up by a network to make double-spending an impossibility, an issue that might otherwise arise due to the non-physical representation of value. Furthermore, the network is engineered to create a computationally complex means of verifying and validating transactions and coin-creation, making the likelihood of an individual attacker finding success in counterfeit or fraud extremely low. Just as an individual gold ‘speculator’ would be unable to mine enormous quantities of gold and flood the markets, so too, an individual component of the network cannot effectively influence or manipulate the system.
Part III. Exploits and Malware, Applied to Bitcoin
As the previous section illustrates, Bitcoin’s system architecture makes it an exceedingly difficult target to directly “crack” or exploit. The very nature of Bitcoin’s composition requires that an attacker must computationally overpower an enormous and distributed network – something that is effectively impossible. As in all things cyber, the “black-hats” figure out methods to exploit the system, and Bitcoin is no different. In recent times, “heists” have been conducted and exploits developed and deployed.
An interesting example of Bitcoin-specific exploits is found in the “Blackhole Exploit Kit” which is still in use, the exploit distributes and delivers a payload that is effectively a variant of the “Fareit Trojan”, an information-stealing exploit, that targets Windows machines (Leyden, J., 2013). This exploit takes information from the compromised targets and delivers them to a remote server. More specific to Bitcoin however, is that the exploit it used to “hijack” computers to use as Bitcoin “miners”. In essence, a Trojan exploit, repurposed to drop a Bitcoin “slave”-miner as the payload. Clearly, such an exploit, when deployed en-masse and without rapid detection could prove quite lucrative. In fact, because of Bitcoin’s appeal to criminals and criminal organizations, Bitcoin-mining attacks have become quite popular as a cybercrime-vector. More specifically, the malware for this particular strategy is being attributed most frequently to Russian porn sites which themselves are often controlled by organized-crime groups (ThreatTrack Security; Kirk, J., 2013.) This presents an interesting complication, as this criminal activity has the potential to produce results that are (somewhat) readily liquidated and monetized, and that are also difficult to track.
One approach to exploiting Bitcoin comes in the form of fraudulent “minting”, the other primary approach is simple theft. A recent technique involves phishing attacks which subsequently use spoofed “Adobe” updates or Java exploits to deliver malware. A recent and successful attack came from targeting the premier Bitcoin exchange “Mt. Gox”. In this attack, a website that utilized stolen code to spoof the actual webpage directed the targets to update in order to continue. The malware payload in this case was “DarkComet”, which is a key-logger and remote administration tool. This particular attack then stole all the related credentials for Bitcoin ownership and trading from the compromised systems. After assessing this successful attack however, it is fairly clear that the use of a two-factor authentication system would have prevented the breach on individuals.
More specific exploits have been deployed to search for Bitcoin “wallets”, many of which have been successful. The “wallet”-targeting malware specifically searches for the presence of Bitcoins on a machine connected to the internet, when Bitcoins are detected, the malware removes the virtual representation of these coins and deposits them in a remote server. This technique can be thwarted by depositing Bitcoins into an external hard drive that is then kept separate from the machine (acting as a “safe” of sorts), once the cache is cleared on the internet-facing machine, the Bitcoins are then secured from the risk of an “overnight” theft.
Although more sophisticated methods can be used to exploit Bitcoin, such as botnet-mining and account theft, the trading platforms have also proven vulnerable to blunt-force DDOS attacks. Recently, Mt. Gox was the target of DDOS attacks that slowed the service down, and in at least one case, crashed it (Gallagher, S., 2013). The result of such attacks has been speculator panic, resulting in crash sales that have dropped prices, only to see them increase again as opportunistic buyers come in. This has caused the price of Bitcoin to be unstable, while also making the trading platforms less reliable in terms of performance. *To accommodate this, Mt. Gox recently closed trading for a twelve hour period to install new server systems – all in the hope of handling more intense volumes, whether from genuine traffic or DDOS (Mt. Gox Support Desk, April 11, 2013)
Part IV. Market Dynamics, Platform Instability, and Regulatory Threats
Perhaps the most significant threat to Bitcoin security is found in something that can be less readily defended: market dynamics. Because Bitcoin is entirelymarket driven, with its price depending on basic supply and demand, the real-world value of a single coin can fluctuate wildly as demand changes. This can be seen clearly on the recent price changes (See Figure 2.)
In essence, Bitcoin carries the same types of risk typically associated with other financial securities, such as gold or stocks. However, Bitcoin’s vulnerability to extreme movement is greatly increased when compared to other financial securities, as its value is entirely separate from any external “fixing mechanism” and is driven exclusively by the market forces. These extreme effects might dissipate as more Bitcoins are traded, and as more buyers and sellers enter the marketplace, at such a point, the behavior might obey the “law of big numbers” and subsequently fall into a more reliable range.
When the market effects are considered, it is clear to see that one of the greatest threats to Bitcoin as a stable and secure financial/transaction option comes in the form of indirect vulnerabilities. When exploits and schemes are employed to act as destabilizing agents, the markets become even more volatile. In a very real way, the most significant component in Bitcoin security comes not from the currency itself, but from the distribution and trading platforms that it relies on.
In the future, it is just about inevitable that governments will attempt to regulate and control the exchange of virtual currencies. In some ways, this is the most significant single threat to Bitcoin users. The U.S. government for instance, has a long history of overly heavy-handed legislation when it has attempted to regulate new technology that it does not understand properly. What could easily happen is that a country attempts to completely ban the use of virtual currencies by using a “Great Firewall of China” style intervention to block associated web-properties, this could potentially leave untold sums of money stranded in financial ‘purgatory’. Another possibility, that could yield beneficial results for Bitcoin users is that it becomes more stable and subsequently attracts significant sums of money as a universal, virtual tax-haven. At least in the current state however, the possibility of Bitcoin becoming a tax-haven is very low, given the extreme volatility acting as a certain deterrent to serious investment.
An interesting consideration, that warrants the attention of serious economic research, would be to determine the inflation-proof qualities of Bitcoin. Due to the mathematically prescribed limits placed on the absolute number, as well as the controlled and consistent rate of release, Bitcoin cannot be manipulated with “Quantitative Easing” and the other similar tactics. In this regard, Bitcoin could become an increasingly attractive option if more significant global economic instability came about. However the likelihood of government intervention/regulation impeding such activity beforehand is far too likely.
Government regulation, combined with platform instability, and fast-paced market forces present the most substantial threats to the stability and reliability of Bitcoin. What is most concerning at these factors are very difficult to control and predict. They are vulnerabilities that have no “patch” available.
Part V: Conclusion
A. Back, “Hashcash – a denial of service counter-measure,”
D. Bayer, S. Haber, W.S. Stornetta, “Improving the efficiency and reliability of digital time-stamping,” In Sequences II: Methods in Communication, Security and Computer Science, pages 329-334, 1993.
W. Dai, “b-money,” http://www.weidai.com/bmoney.txt, 1998.
Feller, “An introduction to probability theory and its applications,” 1957.
Gallagher, Sean., “Hide your kids, hide your BTC: Bitcoin-stealing malware emerges” April 11th, 2013, Risk Assessment/ Security & Hactivism
Haber, W.S. Stornetta, “How to time-stamp a digital document,” In Journal of Cryptology, vol 3, no 2, pages 99-111, 1991.
S. Haber, W.S. Stornetta, “Secure names for bit-strings,” In Proceedings of the 4th ACM Conference on Computer and Communications Security, pages 28-35, April 1997.
Kirk, Jeremy., “Russian malware mines bitcoins via botnet, security firm warns” April 19th, 2013. IDG News Service, Information via “ThreatTrack Security”
Leyden, John., “Cyberthugs put your PC to work as Bitcoin-mining slave” April 18th, 2013, Security White Paper
H. Massias, X.S. Avila, and J.-J. Quisquater, “Design of a secure timestamping service with minimal trust requirements,” In 20th Symposium on Information Theory in the Benelux, May 1999.
R.C. Merkle, “Protocols for public key cryptosystems,” In Proc. 1980 Symposium on Security and Privacy, IEEE Computer Society, pages 122-133, April 1980.
Nakamoto, Satoshi “Bitcoin: A peer-to-peer electronic cash system” (2008) Bitcoin.org