Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

Risky business
SECURITY SHELF

Risky business 

From technical, social, and economic perspectives, Bitcoin is a very interesting phenomenon. Invented in 2008, it is the world’s first peer-to-peer cash transfer system. Payments are sent directly from one party to another and there is no central authority; it is fully decentralized.

From a user’s perspective, Bitcoin is simple. Electronic currency is stored in a wallet application and can be sent to any Bitcoin address. To receive money, the wallet creates a Bitcoin address to send to the recipient. Bitcoin addresses are a series of modified hex digits (easily confused characters are not used) and can be sent via email, posted on a web site, printed on paper, or encoded in a QR Code for easy mobile transactions.

At the time of writing, coindesk.com values one bitcoin at approximately CDN $257. A bitcoin can be divided down to 8 decimal places, enabling a wide range of payment values; from millions of dollars to fractions of pennies. Significant caution should be exercised as Bitcoin is not backed or regulated by any government or financial institution; volatility or sudden collapse of the currency remains a very real possibility.

A number of factors make Bitcoin attractive. The absence of bank and government involvement and the peer-to-peer nature of the system allows anyone with Internet access to participate. There are no credit checks or accounts to open as one simply downloads a wallet application and joins the peer-to-peer network.

While not totally anonymous, the use of Bitcoin addresses makes it more difficult to identify individuals, especially if they supply a different address to each person sending them funds. As a result, Bitcoin has become a currency of choice for underground transactions as well as some legitimate businesses.

While the number of vendors accepting Bitcoin appears to be on the rise, there are obvious risks, especially to retailers of physical products. It takes time to confirm a Bitcoin transaction, making it unsuitable for anything other than small purchases at the cash register.

Online merchants may be able to reduce fraud by delaying shipping by 24 to 48 hours at which time the transaction should be confirmed by the distributed Bitcoin network and any double-spend attempts should be visible. However, unless the merchant can rapidly exchange Bitcoin for their primary currency they will be left to manage exchange rate risks.

Bitcoin uses elliptic curve cryptography to prove ownership of units of currency. In a simple transaction, one user transfers value to another (i.e. spends Bitcoin) by digitally signing a transaction that assigns the value to the new user’s Bitcoin address. Transactions can also handle more complex use cases such as multiple signature requirements.

In summary, transactions are validated and relayed throughout the distributed system. A “mining”process adds new transactions to data blocks that form a public ledger of all Bitcoin transactions. Each block added to the ledger serves as evidence that previous blocks have been accepted by consensus. To help secure the system, miners perform a large number of cryptographic operations in competition with each other and receive bitcoin as a reward should their computer generate a new block that meets stringent requirements.

Bitcoin has a well-developed security model and open source reference software is readily available. Businesses must ensure that they fully understand the model and several significant areas of risk prior to participation.

Nobody really knows who designed Bitcoin. The original paper and reference client were published under the name Satoshi Nakamoto. Many theories have emerged, several cryptographers have been suggested as suspects, and it is possible that a group or government agency was really behind the design. A large sum of early bitcoin —currently valued at over US $1 billion—has never been spent, fuelling speculation that Satoshi may be not want to be found.

Bitcoin relies on a NIST elliptic curve standard (secp256k1) and a NIST cryptographic hash standard (SHA256). Given the current cloud of uncertainty over NIST cryptographic standards it is possible that a backdoor may exist and that Bitcoin could be subject to covert manipulation.

Since Bitcoin wallets are collections of private cryptographic keys, if they are lost or stolen the associated value cannot be recovered. Bitcoin wallets are therefore a high value target for hackers and malware creators.

The Bitcoin mining process has a pre-defined schedule that limits the total number of bitcoins so that they gradually approach a total of 21 million. Since the overall system does not have a way to account for lost wallets, once the 21 million is reached the total number of bitcoins actually available will begin to decrease. It is therefore difficult to predict the long-term viability and stability of the currency.

Although Bitcoin may be suitable for micropayments and the purchase of low value products and services, the risks involved make it unsuitable for most Canadian business purposes. Major retailers currently do not accept Bitcoin, but it is possible to purchase gift cards through third-party services such as Gyft, which boasts enabling purchases at over 200 retailers including Amazon, Best Buy, Starbucks, and Home Depot. Retailers are wise to insulate themselves through the use of third parties.

Related posts