and computing needs to a cloud services provider with a known track record for top-notch security 25 . 2. Cold storage Cold storage involves placing the majority of an institution’s private keys in offline media, either disconnected computer memory such as a thumb- drive, paper, or as memorised passphrases – a so-called “brain bank”. If keys are not stored on internet-connected servers, then they can only be accessed by compromising either the individual with access to the key or the physical security surrounding the key. The attack surface could thus be minimised by limiting the number of employees with knowledge of or access to offline key storage, and storing the offline drives or slips of paper in safe deposit boxes or guarded premises. Cold storage necessarily makes transactions slower because keys must be recovered from their off-network storage location before any transaction can be signed. The bulk of an institution’s funds, however, can be kept in cold storage addresses, while sufficient funds for day-to-day liquidity can be kept in a handful of vulnerable but small online “hot” wallets. 3. Multi-sig and control persons Multi-signature wallets involve assigning bitcoins to public addresses that are linked to multiple private keys, each separately stored, some majority of which are needed to effectuate any transfer. Think of it like the keys to a hypothetical safe deposit box at a bank: you have one key, your banker has the other, and both are required to open the box. Bitcoin addresses can be mathematically linked so that some number (M) of the total linked keys (N) are required to move funds out of an address. This is what is referred to as “M of N transactions” 26 or, more simply, “Multi-sig”. Different officers in a company could retain keys to these addresses so that a majority of control persons would need to approve any transfer out of a wallet. If one control person was compromised, either because her devices had been hacked or she, herself, was no longer trustworthy, then her key alone would not be sufficient to move funds. Institutions may also rely on a vendor that specialises in protecting funds using multi-signature technology combined with external transaction monitoring and policy rules. One such service is BitGo, recently chosen by Bitstamp to help secure its funds in the aftermath of the January 2015 hack 27 . BitGo’s co-founder and Chief Product Officer describes how BitGo monitors a multi-sig wallet that they have created for a client and what motivates their decision to sign off or refuse to sign off on a requested transfer: Before deciding to co-sign, BitGo applies security policy checks on the wallet, such as enforcing velocity limits, address target whitelists, IP restrictions, and so on. If the transaction passes the security checks, BitGo issues the second signature on the transaction using its key, and submits it to the network. If not, then BitGo may either reject the transaction, or hold it for additional approval from another administrator on the wallet.
You've reached the end of your free preview.
Want to read all 30 pages?
- One '13
- Public-key cryptography, Emerging Risk Report