Your SlideShare is downloading. ×
BitGo Presents Multi-Sig Bitcoin Security at Inside Bitcoins NYC
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

BitGo Presents Multi-Sig Bitcoin Security at Inside Bitcoins NYC

543
views

Published on

How to Stop Bitcoin Theft: Multi-Sig Wallets Make Bitcoin Secure and Useful for New Industries

How to Stop Bitcoin Theft: Multi-Sig Wallets Make Bitcoin Secure and Useful for New Industries

Published in: Technology

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
543
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
24
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. How to Stop Bitcoin Theft: 
 Multi-Sig Wallets Make Bitcoin Secure and Useful for New Industries
 Will O’Brien CEO & Co-Founder, BitGo will@bitgo.com April 8, 2014
  • 2. Today’s Talk •  Landscape of Bitcoin security •  Introduction to multi-sig •  Multi-sig for the enterprise •  Multi-sig for new industries COPYRIGHT © 2014 BITGO, INC. 2
  • 3. Who Am I? •  Will O’Brien •  CEO & Co-Founder of BitGo •  Computer Science, Harvard •  FinTech, trading platforms and capital markets •  MBA, MIT Sloan •  Startups and mid-size companies in consumer, payments, video games, and media •  Obsessed with Bitcoin since 2012 COPYRIGHT © 2014 BITGO, INC. 3
  • 4. BitGo: Multi-Sig Security-as-a-Services •  First  multi-­‐sig  wallet   •  Monitor  holdings  of  any   other  wallet  or  address   •  BitGo  Enterprise   •  BitGo  API   COPYRIGHT © 2014 BITGO, INC. 4
  • 5. Q: What is the biggest threat to Bitcoin adoption?
  • 6. Threats to Bitcoin Adoption COPYRIGHT © 2014 BITGO, INC. 6 Regulation   Price  volatility   Security   Liquidity  
  • 7. Security a Fundamental Threat “An  Australian  bitcoin  bank  has  been  hacked,  the  service’s  operator  only  known  as  ‘Tradefortress’   refused  to  give  his  name  to  the  press,  stressing  he  was  not  much  older  than  18.”   Over $40,000 has been stolen from Bitcoin wallet provider Coinbase. ”  “ The Bloomberg reporter opened up his paper wallet to show the private key, and, not too surprisingly, the funds were quickly stolen. “ ”   $1.2M hack shows why you should never store Bitcoins on the Internet COPYRIGHT © 2014 BITGO, INC. 7
  • 8. Market analog: IT security now a primary concern for CXOs and BoDs 22%   54%   2007   2012   %  of  Enterprises   Sources:  Cisco,  Forrester,  Gartner,  IDC,  IBM,  Ponemon  Institute,  analyst  reports,  Bain  analysis   SECURITY  ISSUES  FREQUENTLY  DISCUSSED   WITH  BOD  ON  QUARTERLY  BASIS   HIGHER  PROFILE  OF  SECURITY  IS  DUE  TO  FREQUENCY,   SCALE  &  IMPACT  OF  ATTACKS   •  Cost  of  cybercrimes  rose  to  a  median  $5.9M  per   organization  in  2011,  a  56%  increase     •  Security  vulnerability  disclosures  grew  to  ~9K  in   2012,  a  29%  increase     •  Symantec  blocked  more  than  5.5B  malware  attacks   in  2011,  an  81%  increase   •  Web  based  attacks  rose  to  4.5K  per  day  in  2011,  a   36%  increase   •  Mobile  malware  grew  by  400%,  with  Android   attacks  growing  by  2577%  in  2013   •  DDoS  attacks  increased  by  27%,  with  the  largest   attack  measuring  at  100.84  Gbps  and  lasting  20   minutes  in  2013   SIGNIFICANT  %  OF  CSOS  (SECURITY)  NOW   REPORT  TO  TOP  LEADERSHIP   •  54%  report  to  C-­‐level  execs  (including  CIOs)   •  30%  report  to  CEO,  BoD,  or  enterprise  risk   team   COPYRIGHT © 2014 BITGO, INC. 8
  • 9. Global IT security market growing to $92B with strong consolidation trend COPYRIGHT © 2014 BITGO, INC. 9 43   60   16   23   5   8   2012   2016F   Enterprise   SMB   Consumer   9%   10%   14%   CAGR   12-­‐16   Note:  Excludes  MPLS  VPN   Sources:  IDC,  Gartner,  analyst  reports,  Bain  analysis,  company  financials   25   35   $0B   $10B   $20B   $30B   $40B   $50B   $60B   $70B   $80B   $90B   $100B   2012   2016F   ROW   US   10%   9%   CAGR   12-­‐16   $64B   $92B   $64B   $92B   Global  IT  security     market   GLOBAL  IT  SECURITY  MARKET   Identity  theft  protection   $7.68B  (acquired  by  Intel  in  2010)   $14.5B  (NASDAQ:SYMC)   $1.29B  (acq.  by  Symantec  in  2010)   $1.97B  (NYSE:LOCK)   $17.5B  (LON:EXPN)   Private  ($130m  revenue)   Anti-­‐virus  and  corporate  security   Identity  and  authentication   LEADING  COMPANIES  AND  EXITS  
  • 10. Quick Primer: Bitcoin Keys COPYRIGHT © 2014 BITGO, INC. 10 SECRET!   SAFE  
  • 11. Bitcoin Storage: A Costly Trade-Off COPYRIGHT © 2014 BITGO, INC. 11 Security   Accessibility   low   low   high   high   If  all  systems  can  be   hacked,  where  do  you   store  your  private  key?  
  • 12. Private  key  storage   local  computer   Security  threats   malware   key  logging   hard  drive  failure   forgotten  password   Examples   Bitcoin Storage: Desktop Wallets COPYRIGHT © 2014 BITGO, INC. 12 Security   Accessibility   desktop   wallets   low   low   high   high   Bitcoin-­‐QT   Android   wallet   Note:  some  of  these  wallets  are  exploring  multi-­‐sig    
  • 13. Private  key  storage   online   Security  threats   server  hacking   denial  of  service   phishing   key  logging   insider  theft   Examples   Bitcoin Storage: Hosted Wallets COPYRIGHT © 2014 BITGO, INC. 13 Security   Accessibility   desktop   wallets   low   low   high   high   hosted  wallets   Note:  Blockchain  does  not  store  your  keys  
  • 14. Private  key  storage   online   Security  threats   server  hacking   denial  of  service   phishing   key  logging   insider  theft   regulatory  action   Examples   Bitcoin Storage: Exchanges COPYRIGHT © 2014 BITGO, INC. 14 Security   Accessibility   desktop   wallets   low   low   high   high   hosted  wallets   &  exchanges   Note:  for  illustration  purposes  only  
  • 15. Private  key  storage   offline   Security  threats   physical  loss   physical  theft   coercion   forgotten  password   Examples   Bitcoin Storage: Offline COPYRIGHT © 2014 BITGO, INC. 15 Security   Accessibility   desktop   wallets   low   low   high   high   hosted  wallets   &  exchanges   cold  storage  paper  wallets   cold   storage   paper   wallets   brain   wallets   physical   tokens   brain  wallets  
  • 16. Private  key  storage   (multi-­‐signature)   3  keys  distributed   -­‐  hosted  key   -­‐  user  key   -­‐  backup  (offline)   Security  threats   server  hacking   malware   key  logging   insider  theft   coercion   forgotten  password   Increased  security   measures   fraud  detection   spending  limits   corporate  treasury   cold  keys   Bitcoin Storage: Multi-Sig COPYRIGHT © 2014 BITGO, INC. 16 Security   Accessibility   desktop   wallets   low   low   high   high   hosted  wallets   &  exchanges   cold  storage  paper  wallets  brain  wallets  
  • 17. Comparing Bitcoin Wallet Architectures COPYRIGHT © 2014 BITGO, INC. 17
  • 18. With Multi-Sig You Hold Your Own Bitcoin, 100% on Blockchain COPYRIGHT © 2014 BITGO, INC. 18
  • 19. Multi-Sig for the Enterprise COPYRIGHT © 2014 BITGO, INC. 19
  • 20. Evolution of Bitcoin Corporate Adoption COPYRIGHT © 2014 BITGO, INC. 20 Lower  costs,   reduce  fraud   PR  and  sales   increase   Accept  Bitcoin   Asset   investment   Digital   currency   trading   Hold  Bitcoin   Supply  chain   Payroll   Promotions   Use  Bitcoin   -­‐  Big  Fish  Games   -­‐  Overstock.com   -­‐  Square   -­‐  TigerDirect   -­‐  Zynga   -­‐  30K+  merchants   -­‐  Bitcoin  Investment  Trust   -­‐  Fortress/  Pantera   -­‐  Sator  Square   -­‐  BitPay   -­‐  Gyft   -­‐  Lamassu  ATM  
  • 21. Company   Profile   Businesses  accepting  and   spending  Bitcoin   Family  office  investors  and   financial  institutions   Key  Needs   •  Accountant-­‐friendly  UI   •  Enterprise  security   •  Spending  limits  and   transaction  approvals  for   various  users  in  the  org   •  Regular  financial  reports   •  Trader-­‐friendly  UI   •  Enterprise  security  for  large   Bitcoin  holdings   •  Fund  administration  that   meets  corporate  governance   requirements   •  Robust  audit  trail  and   financial  reporting   Multi-­‐Sig   Setup   •  2-­‐of-­‐3  key  wallets   •  Access  by  multiple  users   with  different  rights   •  M-­‐of-­‐N  key  wallets   •  Secondary  approval  for  large   transactions   Organizational Needs for Multi-Sig BITGO, INC. CONFIDENTIAL 21
  • 22. How an Organization Uses Multi-Sig COPYRIGHT © 2014 BITGO, INC. 22 Person   Spending  limit   Creates  wallets   Approves  spending   Views  holdings   CEO   $100,000   ✓   ✓   ✓   CFO   $100,000   ✓   ✓   ✓   VP  finance   $50,000   ✓   ✓   Director  accounting   $25,000   ✓   Financial  analyst   $0   ✓   Auditor   n/a   ✓   Enterprise  security  features   •  Network  fraud  detection   •  Spending  and  velocity  limits   •  Approval  chains   •  Time-­‐delayed  transactions  
  • 23. Corporate Dashboard COPYRIGHT © 2014 BITGO, INC. 23
  • 24. Wallet-Based Security and Permissions COPYRIGHT © 2014 BITGO, INC. 24
  • 25. Spending Limits in Action COPYRIGHT © 2014 BITGO, INC. 25
  • 26. Security and Approval Flow COPYRIGHT © 2014 BITGO, INC. 26
  • 27. Multi-Sig for
 New Industries COPYRIGHT © 2014 BITGO, INC. 27
  • 28. Multi-Sig Custodial Accounts •  Escrow •  Gifts •  Auctions •  Real estate COPYRIGHT © 2014 BITGO, INC. 28
  • 29. Exchanges: Preventing the Next MtGox COPYRIGHT © 2014 BITGO, INC. 29 Risks  of  “pooled  holdings”  exchange   •  Theft  or  loss  of  all  funds   •  Government  seizure  of  funds   •  Limited  independent  auditing   •  No  insurance   •  No  notification  of  account  breach   POOLED  EXCHANGE  MODEL  
  • 30. Exchange Powered by Multi-Sig COPYRIGHT © 2014 BITGO, INC. 30
  • 31. Five Parties Model COPYRIGHT © 2014 BITGO, INC. 31 http://www.systemics.com/docs/ricardo/issuer/faq_governance.html#5PM   http://bitcoinmagazine.com/10639/five-­‐parties-­‐model/  
  • 32. Get Started with Multi-Sig •  Individual: 
 Use a multi-sig secure wallet •  Merchant or financial institution: 
 Use a multi-sig, multi-signer wallet •  Bitcoin exchange or business:
 Bake multi-sig in to your transaction model using custodial accounts COPYRIGHT © 2014 BITGO, INC. 32 API  
  • 33. Build on the BitGo API •  Exchanges,  trading  platforms,  funds,  marketplaces,  escrow   services,  and  beyond  can  build  systems  on  the  BitGo  API   •  The  BitGo  API  enables  the  following  operations:   –  Creation  of  M-­‐of-­‐N  P2SH  (multi-­‐sig)  addresses   –  Hierarchical  Deterministic  Wallet  management  (BIP32)   –  Transaction  creation   –  Transaction  signing   –  Spending  limits   –  Multi-­‐signer  address  flow   COPYRIGHT © 2014 BITGO, INC. 33
  • 34. Industry Goals for Multi-Sig •  Secure the majority of Bitcoin holdings with multi-sig by the end of 2014 •  Embrace standards and industry best practices like BIP32 (HD wallets) •  Innovate on new models based on multi-sig Make 2014 the Year of Multi-Sig! COPYRIGHT © 2014 BITGO, INC. 34
  • 35. Thank you COPYRIGHT © 2014 BITGO, INC. 35 https://www.bitgo.com   will@bitgo.com   @BitGoInc