This is second shutdown event of Bitcoin service provider after recent online exchange Mt. Gox bankruptcy caused by the flaw in Bitcoin transaction processing design. According to the message on Flexcoin website, they are closing their business but still going to publish the details of the attack as soon as they are available.
0 Comments
There are several interesting observations that I made based on recent Bitcoin events (I mean recent attacks on Bitcoin exchanges and Silk Road 2). First of all, I did not know until yesterday that there is Silk Road 2! Very little time has passed since the disappearance of Silk Road 1. That was fast! Second, now I can create a new category called "Bitcoin Breaches" so the existing Card Data Breaches section can relax a bit (it's overloaded and worked too hard since December last year) . And finally, it turns out that the bug, which caused all recent Bitcoin breaches, is not new, and the attack vector was described almost 3 years ago! The following post is dated May 15, 2011. So you can sit on the network, watch for transactions, and echo them with the signatures slightly tweeked, but still valid. These new transactions will have different hashes, and will compete with the original transactions for inclusion in a block. When a cloned transaction beats out the original for block inclusion, it will leave the original in the owners wallet unconfirmable forever, resulting in inconvenience and unspendable coins. Quick echoing and network latency gives this a finite chance of happening. You can also find a decent explanation, which (hopefully) does not require a deep technical understanding of the Bitcoin implementation, of transaction malleability (that's how this bug was eventually named - beautiful name!) here. This is interesting, not just for Bitcoin but as a product for retail in general. BitTag is a physical price tag that creates a seamless integration between Bitcoin (or any another cryptocurrency) transactions and "bricks and mortar" retail stores. Bitcoin payments will face big challenges heading to brick-and-mortar (but it’ll get there)2/3/2014 Recent developments associated with Bitcoin, its silver-like sister Litecoin, and other crypto-currencies forced many merchants to start thinking seriously about accepting these digital alternatives to cash and plastic cards. In fact, some businesses already accept Bitcoin. E-commerce merchants were first to accept Bitcoin; however, just as life once emerged from the ocean to the land, Bitcoin is slowly but surely creeping out of its virtual cradle to the real world of brick-and-mortar merchants. The benefits of crypto-currency for consumers are well known. They provide:
There are also some downsides. Unlike credit cards, Bitcoin transaction fees are paid by senders. Fraudulent transactions cannot be disputed or reversed. Bitcoin wallets can be hacked. But the million-dollar (oh, I’m sorry — thousand-Bitcoin) question is, can Bitcoin technology meet the picky requirements and withstand the tough conditions of real retailers? An uncertain mechanism of calculating the transaction fee is one of the factors that could negatively affect mainstream acceptance of crypto-currencies. In the world of traditional retail payments, buyers do not deal with transaction fees at all: They’re handled by the seller. Even though the average fee for a Bitcoin transaction (0.0001 BTC) is much lower than credit or debit card processing fees (up to 3%), the average buyer may ask, why should I use Bitcoins if I can pay by credit card and spend less? This is especially important for micropayments, where the amount of the fee is comparable to the transaction amount. On a related point, not all Bitcoin transactions are created equal, so the fee also affects the transaction processing time (as I’ll discuss below). The lower the fee, which can be set either automatically by the software or manually by the buyer, the lower the transaction priority in the Bitcoin processing network. Imagine a cashier in a grocery store asking you for tips in order to cut the checkout line. Besides the transaction fee issues, there are security concerns that should be clarified and resolved before implementing Bitcoin payments in brick-and-mortar stores on a large scale. First, let’s understand which area is mostly problematic. As is well known in theory of information security, there are three security domains: confidentiality, integrity, and availability. When those domains are applied to the security of traditional electronic payments, the first one is most famous (card data breaches), the second one is also often cited (counterfeit cards and fraudulent transactions), while the third one is sometimes overlooked or simply discarded into a non-security category, although it is no less important than the other two. Just think about issues such as payment network downtime, backup of transaction records, or transaction processing time — they are all subjects of availability! Ironically, this domain — availability — is the only one that is mostly kept under control in the payment card industry. If you compare the security of the Bitcoin ecosystem with credit cards, it is pretty obvious that the designer (or designers — we still don’t know) of the digital currency had a different order of priorities. Integrity is mainly taken care of (thanks to modern cryptography); confidentiality is still problematic but manageable; but availability is out of scope. Perhaps, that’s due to a lack of experience with retail payment processing systems. Or maybe the Internet was the only target? Transaction processing time is one of the main differences between online and brick-and-mortar cultures. While it is acceptable in most cases to wait several minutes, hours, or sometimes days for shipment and delivery of goods purchased online, the customer in a brick-and-mortar store gives up very quickly if there are delays. Tough competition forces the point-of sale hardware and software vendors along with the payment processors to fight on milliseconds. This situation is aggravated by the fact that a single ecommerce website can process multiple transactions simultaneously, while a single point of sale machine — either attended or unattended — can handle only one customer at a time. Large chains save a lot of money on employees’ salaries and POS hardware/software fees by cutting transaction processing time (which includes payment processing time) just by a few milliseconds. Now let’s look at the Bitcoin timing. The average time of first confirmation (analog of pre-authorization in the payment card industry) is 10 minutes. That’s a huge delay compared to the several hundred milliseconds required for the average online credit card approval. Yes, the initial validation of a Bitcoin transaction can be done by client software and also received from other nodes of the network within seconds. But the fact that the transaction record is valid does not guarantee that the payment will be accepted by the entire network. Such behavior is determined by Bitcoin design. Each transaction is recorded in a special registry called the blockchain, which is visible and accessible to anyone on the Internet. The blockchain consists of transaction blocks that are created every 10 minutes on average. Even though a transaction cannot be reversed once it’s transmitted to the network, it can be rejected by the network before or after it’s added to the new block. The reason for rejection can be another transaction with the same source address (if someone tries to send the same money at different addresses simultaneously). A Bitcoin transaction is considered finally confirmed only after five blocks are added to the blockchain on top of the block containing the transaction and accepted by the majority of the network nodes. This mechanism prevents double-spending (remember the integrity domain?) and works pretty well, but there is a price for it: A one-hour waiting time for final confirmation. Such a delay is obviously not acceptable in a regular merchant environment where a customer usually walks away right after the payment is done (think about fast food restaurants, grocery stores, or gas stations). The first solution that comes to mind to this problem of confirmation delay is introducing some kind of intermediary that would guarantee a merchant that the transaction is valid without having to wait an hour (in the credit card world this function is performed by the issuing bank). The customer can be asked to make an initial deposit to a special account (similar to a debit card), or provide identification so her previous purchase history can be analyzed (just like with a credit card). Of course the problem with this solution is that it nullifies the fundamental properties of crypto-currency: anonymity, independence from financial institutions, and decentralization. So why should consumers bother using the Bitcoin wallet if it behaves exactly as a credit or debit card? Litecoin and other altcoins partially resolve this issue by reducing the time between the blocks. The Litecoin network creates block every 2.5 minutes, while recently created Worldcoin has the lowest interval, one minute, which — as the creators claim — enables Worldcoin acceptance in the brick-and-mortar merchant environment without design changes. It’s fair to say, however, that the slow processing is a less important issue for some groups of retailers whose typical transaction amount is too small or too big. When the amount of payment is small (a cup of coffee), the probability of attack, and therefore the risk of losing money, is low. When the transaction amount is big (buying a car), a one-hour wait time could be acceptable for the buyer (compare that to the time needed for a bank check validation or the time required to withdraw and count cash). Another factor that affects transaction processing time (and therefore the overall availability of the system) is scalability – the ability of the payment network to absorb successfully a very large number of transactions simultaneously. Visa processes on average 1,500 transactions per second (tps) in the US alone. The figure is much higher during rush hours and holiday seasons, so the maximum total capability of Visa’s network is more than 10,000 tps. If we add to this number all the transactions handled by other brands — MasterCard, American Express, Discover, and JCB, plus private label, stored value, and fleet card processors — we get a very serious load that is supported by pretty sophisticated infrastructure. Now imagine that customers and merchants suddenly decide to abandon traditional payment cards and rush to spend and accept a crypto-currency. Is the Bitcoin network scalable enough to process an equivalent volume of transactions without significant delays and failures? Let’s take a look again at the Bitcoin design to review those two threats. The size of a typical Bitcoin transaction record is 500 bytes, while the maximum block size is (artificially) set to 250,000 bytes, which means that, on average, a maximum of 500 transactions can be added to a single block. That gives us a maximum current capacity of less than 1 tps on the Bitcoin network. The initial confirmation of any over-the-limit payments will be delayed. In addition, the size of the blockchain will grow significantly, which will demand more computing power from processing nodes. Obviously, serious design changes as well as software updates and hardware upgrades are required in order to provide the scalability required for big retailers. One of the natural solutions to this problem would be using multiple parallel networks in the form of accepting alternative crypto-currencies (“altcoins”) such as Litecoin and Worldcoin. Currently, there are more than 80 types of altcoins, and many of them are actively traded online and have significant market capitalization. Each altcoin has an independent blockchain and network of transaction processing nodes. Another option is changing the design of the Bitcoin blockchain; for example, expanding the block size, reducing the time between the blocks, or maybe even adding parallel blockchains that would be able to absorb more transactions simultaneously. The risk of failure is less obvious but more dangerous. The networks of Visa and other card payment brands are supported by thousands of paid professionals who continuously design, develop, test, and maintain their systems. The Bitcoin network is supported by a community of crypto-currency enthusiasts who do not report to any private company or state, meaning there is no accountability (another security feature) if something goes wrong. We don’t know how the mechanism of making decisions on code changes exactly works, or how secure the Bitcoin software development lifecycle is. A single bug or virus in a Bitcoin client application can bring down the entire system as well as significantly affect the Bitcoin value. Perhaps, this is another reason for merchants to preserve diversity of payment methods and accept multiple crypto-currencies. With that said, I like Bitcoin for its brilliant idea, comprehensive design, cutting-edge technology, and taste of freedom. I believe that all the problems eventually will be resolved in one way or another. Zerocoin is supposed to solve the problem with Bitcoin anonymity, or pseudonymity. Initially, it was designed as an extension for Bitcoin network. Now the authors plan to create and release the Zerocoin as a new separate crypto-currency with the infrastructure independent from the Bitcoin network. Here is a good explanation of the Bitcoin anonymity problem. The Bitcoin payment network offers a highly decentralized mechanism for creating and transferring electronic cash around the world. Unfortunately, Bitcoin suffers from a major limitation: since transactions are stored in a public ledger (called the “block chain”) it may be possible to trace the history of any given payment — even years after the fact. Worse, since the Bitcoin ledger is public, any party can recover this information and data mine to identify users and patterns in the transactions. In other words: Bitcoin transactions are conducted in public.The Bitcoin protocol and clients address this in two ways: (1) all Bitcoin transactions are conducted using public keys as identifiers, and these public keys are not linked to individual names. And (2) Bitcoin clients are capable of generating many public keys (“identities”) to help users resist tracking. Unfortunately, a growing body of research indicates that these protections are insufficient. This information may allow data miners to link individual transactions, identify related payments, and otherwise trace the activities of Bitcoin users. My article about Bitcoin security and brick-and-mortar payments, which was published last Sunday by VentureBeat, received 35 comments, 323 tweets, and was shared 458 times on Facebook. Obviously, Bitcoin security is popular topic! VentureBeat just published my article about Bitcoin security: “Bitcoin payments will face big challenges heading to brick-and-mortar (but it’ll get there)”. I discuss the problematic areas of Bitcoin system design which large retailers must take into account if they decide to accept the Bitcoin payments. There are interesting relationships between traditional and emerging payment technologies. The online marketplace for counterfeit credit cards has been accepting Bitcoin as a payment method. Some people think this is because Bitcoin is anonymous. I would say this is because Bitcoin is secure - at least, more secure than the originals of the products offered on this website. At one time the website accepted Liberty Reserve online currency, but shortly after federal charges against Liberty Reserve were made public in the Southern District of New York in May 2013, the fakeplastic website stopped accepting that currency and began accepting Bitcoin, a cryptographic-based digital currency. As set forth on the site’s “news” section, Bitcoin was viewed as a “safe” and “anonymous” method of payment for contraband. The site is still up and running. Don't waste your time if you want to spend your Bitcoins on this website: the registration is by invitation (from FBI?) only. Litecoin miners and owners, welcome to the club! Litecoin users join the real hacking world which is the day-to-day reality of traditional card payments for a very long time. As value and market capitalization of altcoins such as Litecoin grow, they become a desirable target for hackers just the same way as card payment system and Bitcoin network. Here is what actually happened. Give Me Coins (give-me-coins.com) is one of the largest Litecoin mining pools (about 14% of the Litecoin network). The LTC Payment Address parameter in pool user accounts settings has been reset by hackers. The parameter defines the user wallet's address to send the accumulated earnings from the mining. The earnings have been withdrawn from some accounts. The pool operators stated that they temporary disabled all the payouts, and the pool will compensate for any stolen Litecoins. The are two companies working on producing the smart cards with biometric (fingerprint) sensor. Epic One plans to transform the existing magnetic stripe data card into a smart payment card with built-in second factor authentication using fingerprint sensor. The card will also generate the one time code instead of storing the original credit card's track data. The main benefit of Epic One card (besides its obvious security features, of course) is that its acceptance does not require any changes in existing merchant payment infrastructure. However, as always, there is a price of convenience. First, the Epic One cards are more expensive than regular EMV smart cards (not to mention magnetic stripe cards which cost just several cents to issuing banks). Second, the credit card issuers will have to modify their authorization systems (both hardware and software changes) in order to process the Epic One card transactions. And finally, the Epic One card cannot be accepted offline - when network connection between the merchant store and payment processor (or payment processor and acquirer, or acquirer and issuer) is down for any reason - because the card does not carry the actual credit card's PAN (Primary Account Number) information but instead generates a temporary time-sensitive token which must be sent in real time to the issuer for validation in order to authorize the purchase. Another company, SmartMetric, in addition to traditional EMV contact and contactless smart card with biometric authentication, plans to create offline bitcoin wallet on biometric smart card. The only missing piece is point of sale equipment (both hardware and software) that should be purchased, installed, and maintained by every merchant in order to accept such card and process the payment transaction through the bitcoin network. Both ideas are interesting but time will tell if biometric authentication is going to be an important part of next generation payment technology or just another fancy gadget for geeks. There were already failed attempts to introduce biometrics in retail payments industry. Maybe this time they will be successful after Apple introduced the iPhone 5S Touch ID into the mainstream. |
Books
Recent Posts
Categories
All
Archives
March 2023
|