Threats to Corporate Bitcoin Storage февраля 11, 2017 Получить ссылку Facebook X Pinterest Электронная почта Другие приложения A breakdown of the external and internal threats posed to a company’s bitcoin holdings This is the first in a series of articles produced from content published in the Cerberus Appendix, covering general principles around secure bitcoin storage.We have more articles in this series coming up soon, so make sure you give us a follow, or add our Twitter over at @clavestone_. Categories of Threats to Bitcoin HoldingsCorporate bitcoin storage faces a variety of threats that could result in partial or total loss of the bitcoin. The first set of threats are external and are almost identical in nature to those threats faced by personal bitcoin storage. The second set of threats are internal, a subset of which are unique to corporate bitcoin storage. We have tried to categorise the threats here, but note that it is not exhaustive and many of the categories have some overlap:1. External ThreatsExternal threats are posed by individuals or groups external to the owning organisation. For links, see the original table (Cerberus Protocol)An important distinction to note on external threats for corporate bitcoin holders is that, unlike with personal holders, threats are posed to signatories of the holder rather than the holder itself (which is just a legal, virtual entity). This results in two unique problems: Signatories must take on personal liability and personal risk on behalf of the organisation: Successful hacks or social engineering may lead to accusations of negligence. Physical theft, kidnapping, blackmail, and state interventions may pose physical risks to a signatory even though they do not directly own the funds. Agents are less incentivised to protect the funds than their own personal holdings: At best, a signatory will have indirect, partial ownership of the bitcoin held by the organisation (e.g. a shareholder). There are many factors at play (e.g. relative ownership values), but in many cases, it is likely that a signatory would go to fewer lengths to protect their organisation’s bitcoin keys than they would to protect their own personal bitcoin keys — regardless of the individual’s integrity or how committed they are to their organisation. On first glance, the immediate conclusion might be that custodians would solve these issues. They do not. In many ways, they make the problem worse by expanding the number of agents to the organisation that are under threat. See section 2.6. Self-Storage Versus Custodial for details.2. Internal ThreatsInternal threats are posed by individuals working for the owning organisation. For links, see the original table (Cerberus Protocol)Internal threats that faced by both personal and corporate bitcoin storage: Internal threats that faced by corporate bitcoin storage only: Of all the internal threats, inside jobs are particularly pernicious because they can be impossible to distinguish from a successful external attack. An employee secretly sending his organisation’s bitcoin holdings to an address he controls can claim that he was hacked and it is difficult to impossible for any anyone else to tell otherwise (unless he turns up to work in a Lamborgini the next day!). Inside jobs in corporate bitcoin storage come with signficant plausible deniability. 3. People RiskBy far the biggest threat to bitcoin storage security (or information security in general) is people. In contrast to the mechanical nature of software and hardware, people are complex, unpredictable, and have many vulnerabilities. The “wetware” is where most things go wrong. This can be seen in the above threats, of which only hacks, supply chain attacks, and state interventions fall outside of the “human risk” category. Broadly, we’re talking about: people being tricked people being attacked people acting maliciously No amount of hardware or software can fully resolve these threats. Although they can sometimes make them easier to resolve, for instance, through user-friendly dedicated hardware and multisig. Instead, properly reducing people risk requires fighting fire with fire: real world, meatspace, human processes. This means strict rituals and checklists which… …ensure each signatory knows what they should be doing, when they should be doing it …reduce the chances of signatories making mistakes …ensure no one person is a single point of failure …require confirmations from multiple signatories for any actions …require sufficient review for others to spot any mistakes or malicious data before they go into a broadcast transaction …encourage signatories to regularly pay attention to their own physical security Комментарии
Комментарии
Отправить комментарий