bitgo presents multi-sig bitcoin security at inside bitcoins nyc
Post on 29-Jan-2015
114 Views
Preview:
DESCRIPTION
TRANSCRIPT
How to Stop Bitcoin Theft: Multi-Sig Wallets Make Bitcoin
Secure and Useful for New Industries
Will O’Brien
CEO & Co-Founder, BitGo will@bitgo.com
April 8, 2014
Today’s Talk
• Landscape of Bitcoin security • Introduction to multi-sig • Multi-sig for the enterprise • Multi-sig for new industries
COPYRIGHT © 2014 BITGO, INC. 2
Who Am I?
• Will O’Brien • CEO & Co-Founder of BitGo • Computer Science, Harvard • FinTech, trading platforms and capital markets • MBA, MIT Sloan • Startups and mid-size companies in consumer,
payments, video games, and media • Obsessed with Bitcoin since 2012
COPYRIGHT © 2014 BITGO, INC. 3
BitGo: Multi-Sig Security-as-a-Services
• First multi-‐sig wallet • Monitor holdings of any other wallet or address • BitGo Enterprise • BitGo API
COPYRIGHT © 2014 BITGO, INC. 4
Q: What is the biggest threat to Bitcoin adoption?
Threats to Bitcoin Adoption
COPYRIGHT © 2014 BITGO, INC. 6
Regulation
Price volatility
Security
Liquidity
Security a Fundamental Threat
“An Australian bitcoin bank has been hacked, the service’s operator only known as ‘Tradefortress’ refused to give his name to the press, stressing he was not much older than 18.”
Over $40,000 has been stolen from Bitcoin wallet provider Coinbase. ” “ The Bloomberg reporter opened up his paper wallet to show the private key, and, not too surprisingly, the funds were quickly stolen. “ ”
$1.2M hack shows why you should never store Bitcoins on the Internet
COPYRIGHT © 2014 BITGO, INC. 7
Market analog: IT security now a primary concern for CXOs and BoDs
22%
54%
2007 2012
% of
Ent
erpr
ises
Sources: Cisco, Forrester, Gartner, IDC, IBM, Ponemon Institute, analyst reports, Bain analysis
SECURITY ISSUES FREQUENTLY DISCUSSED WITH BOD ON QUARTERLY BASIS
HIGHER PROFILE OF SECURITY IS DUE TO FREQUENCY, SCALE & IMPACT OF ATTACKS
• Cost of cybercrimes rose to a median $5.9M per organization in 2011, a 56% increase
• Security vulnerability disclosures grew to ~9K in 2012, a 29% increase
• Symantec blocked more than 5.5B malware attacks in 2011, an 81% increase
• Web based attacks rose to 4.5K per day in 2011, a 36% increase
• Mobile malware grew by 400%, with Android attacks growing by 2577% in 2013
• DDoS attacks increased by 27%, with the largest attack measuring at 100.84 Gbps and lasting 20 minutes in 2013
SIGNIFICANT % OF CSOS (SECURITY) NOW REPORT TO TOP LEADERSHIP
• 54% report to C-‐level execs (including CIOs)
• 30% report to CEO, BoD, or enterprise risk team
COPYRIGHT © 2014 BITGO, INC. 8
Global IT security market growing to $92B with strong consolidation trend
COPYRIGHT © 2014 BITGO, INC. 9
43
60
16
23
5
8
2012 2016F Enterprise SMB Consumer
9%
10%
14%
CAGR 12-‐16
Note: Excludes MPLS VPN Sources: IDC, Gartner, analyst reports, Bain analysis, company financials
25
35
$0B
$10B
$20B
$30B
$40B
$50B
$60B
$70B
$80B
$90B
$100B
2012 2016F ROW US
10%
9%
CAGR 12-‐16
$64B
$92B
$64B
$92B
Global IT security market
GLOBAL IT SECURITY MARKET
Identity theft protection
$7.68B (acquired by Intel in 2010)
$14.5B (NASDAQ:SYMC)
$1.29B (acq. by Symantec in 2010)
$1.97B (NYSE:LOCK)
$17.5B (LON:EXPN)
Private ($130m revenue)
Anti-‐virus and corporate security
Identity and authentication
LEADING COMPANIES AND EXITS
Quick Primer: Bitcoin Keys
COPYRIGHT © 2014 BITGO, INC. 10
SECRET!
SAFE
Bitcoin Storage: A Costly Trade-Off
COPYRIGHT © 2014 BITGO, INC. 11
Security
Acce
ssibility
low
low
high
high
If all systems can be hacked, where do you store your private key?
Private key storage local computer
Security threats malware key logging hard drive failure forgotten password
Examples
Bitcoin Storage: Desktop Wallets
COPYRIGHT © 2014 BITGO, INC. 12
Security
Acce
ssibility
desktop wallets
low
low
high
high
Bitcoin-‐QT Android wallet
Note: some of these wallets are exploring multi-‐sig
Private key storage online
Security threats server hacking denial of service phishing key logging insider theft
Examples
Bitcoin Storage: Hosted Wallets
COPYRIGHT © 2014 BITGO, INC. 13
Security
Acce
ssibility
desktop wallets
low
low
high
high
hosted wallets
Note: Blockchain does not store your keys
Private key storage online
Security threats server hacking denial of service phishing key logging insider theft regulatory action
Examples
Bitcoin Storage: Exchanges
COPYRIGHT © 2014 BITGO, INC. 14
Security
Acce
ssibility
desktop wallets
low
low
high
high
hosted wallets & exchanges
Note: for illustration purposes only
Private key storage offline
Security threats physical loss physical theft coercion forgotten password
Examples
Bitcoin Storage: Offline
COPYRIGHT © 2014 BITGO, INC. 15
Security
Acce
ssibility
desktop wallets
low
low
high
high
hosted wallets & exchanges
cold storage paper wallets
cold storage
paper wallets
brain wallets
physical tokens
brain wallets
Private key storage (multi-‐signature)
3 keys distributed -‐ hosted key -‐ user key -‐ backup (offline)
Security threats server hacking malware key logging insider theft coercion forgotten password
Increased security measures
fraud detection spending limits corporate treasury cold keys
Bitcoin Storage: Multi-Sig
COPYRIGHT © 2014 BITGO, INC. 16
Security
Acce
ssibility
desktop wallets
low
low
high
high
hosted wallets & exchanges
cold storage paper wallets brain wallets
Comparing Bitcoin Wallet Architectures
COPYRIGHT © 2014 BITGO, INC. 17
With Multi-Sig You Hold Your Own Bitcoin, 100% on Blockchain
COPYRIGHT © 2014 BITGO, INC. 18
Multi-Sig for the Enterprise
COPYRIGHT © 2014 BITGO, INC. 19
Evolution of Bitcoin Corporate Adoption
COPYRIGHT © 2014 BITGO, INC. 20
Lower costs, reduce fraud PR and sales increase
Accept Bitcoin Asset investment Digital currency trading
Hold Bitcoin Supply chain Payroll Promotions
Use Bitcoin
-‐ Big Fish Games -‐ Overstock.com -‐ Square -‐ TigerDirect -‐ Zynga -‐ 30K+ merchants
-‐ Bitcoin Investment Trust -‐ Fortress/ Pantera -‐ Sator Square
-‐ BitPay -‐ Gyft -‐ Lamassu ATM
Company Profile
Businesses accepting and spending Bitcoin
Family office investors and financial institutions
Key Needs • Accountant-‐friendly UI • Enterprise security • Spending limits and transaction approvals for various users in the org • Regular financial reports
• Trader-‐friendly UI • Enterprise security for large Bitcoin holdings • Fund administration that meets corporate governance requirements • Robust audit trail and financial reporting
Multi-‐Sig Setup
• 2-‐of-‐3 key wallets • Access by multiple users with different rights
• M-‐of-‐N key wallets • Secondary approval for large transactions
Organizational Needs for Multi-Sig
BITGO, INC. CONFIDENTIAL 21
How an Organization Uses Multi-Sig
COPYRIGHT © 2014 BITGO, INC. 22
Person Spending limit Creates wallets Approves spending Views holdings
CEO $100,000 ✓ ✓ ✓
CFO $100,000 ✓ ✓ ✓
VP finance $50,000 ✓ ✓
Director accounting $25,000 ✓
Financial analyst $0 ✓
Auditor n/a ✓
Enterprise security features • Network fraud detection • Spending and velocity limits • Approval chains • Time-‐delayed transactions
Corporate Dashboard
COPYRIGHT © 2014 BITGO, INC. 23
Wallet-Based Security and Permissions
COPYRIGHT © 2014 BITGO, INC. 24
Spending Limits in Action
COPYRIGHT © 2014 BITGO, INC. 25
Security and Approval Flow
COPYRIGHT © 2014 BITGO, INC. 26
Multi-Sig forNew Industries
COPYRIGHT © 2014 BITGO, INC. 27
Multi-Sig Custodial Accounts
• Escrow • Gifts • Auctions • Real estate
COPYRIGHT © 2014 BITGO, INC. 28
Exchanges: Preventing the Next MtGox
COPYRIGHT © 2014 BITGO, INC. 29
Risks of “pooled holdings” exchange • Theft or loss of all funds • Government seizure of funds • Limited independent auditing • No insurance • No notification of account breach
POOLED EXCHANGE MODEL
Exchange Powered by Multi-Sig
COPYRIGHT © 2014 BITGO, INC. 30
Five Parties Model
COPYRIGHT © 2014 BITGO, INC. 31
http://www.systemics.com/docs/ricardo/issuer/faq_governance.html#5PM http://bitcoinmagazine.com/10639/five-‐parties-‐model/
Get Started with Multi-Sig
• Individual: Use a multi-sig secure wallet
• Merchant or financial institution: Use a multi-sig, multi-signer wallet
• Bitcoin exchange or business: Bake multi-sig in to your transaction model using custodial accounts
COPYRIGHT © 2014 BITGO, INC. 32
API
Build on the BitGo API
• Exchanges, trading platforms, funds, marketplaces, escrow services, and beyond can build systems on the BitGo API
• The BitGo API enables the following operations: – Creation of M-‐of-‐N P2SH (multi-‐sig) addresses
– Hierarchical Deterministic Wallet management (BIP32)
– Transaction creation
– Transaction signing – Spending limits
– Multi-‐signer address flow
COPYRIGHT © 2014 BITGO, INC. 33
Industry Goals for Multi-Sig
• Secure the majority of Bitcoin holdings with multi-sig by the end of 2014
• Embrace standards and industry best practices like BIP32 (HD wallets)
• Innovate on new models based on multi-sig
Make 2014 the Year of Multi-Sig!
COPYRIGHT © 2014 BITGO, INC. 34
Thank you
COPYRIGHT © 2014 BITGO, INC. 35
https://www.bitgo.com will@bitgo.com
@BitGoInc
top related