Bitcoin Forum
December 08, 2016, 12:30:49 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Proposal for Security Standards for Bitcoin Exchanges  (Read 2418 times)
fellowtraveler
Sr. Member
****
Offline Offline

Activity: 440


View Profile
July 26, 2012, 05:01:03 AM
 #1

Someday, enough money will be stolen that the Bitcoin community will consider using public key cryptography that was invented back in the 70s.


Proposal for Security Standards for Bitcoin Exchanges (and any other "centralized" storage of people's money)

Everyone: please add your own security proposals to this thread.  :-)

-- NO passwords should be stored on server OR client side.

-- No client-side passwords should be used on the server side at all (hashed or not.)

-- ALL transaction requests must be digitally signed on the client side.

-- All transaction receipts must be server-signed (and must contain a copy of the original client-signed request.) This prevents the server from forging any of your transactions.

-- Receipt should prove the current balance, and the newest receipt is always the winner in any dispute. (Meaning the receipt IS the account.) This prevents the server from changing your balance without permission.

-- Receipt should also prove which instruments are valid and which transactions have cleared. (Meaning the receipt IS the transaction history.) This prevents any instruments you haven't authorized from impacting your account.

-- All recurring transactions (such as trades processing over time from a specific market offer) should result in a server-signed receipt in the user's inbox.

-- All market trades should contain a copy of the user's original signed offer, as well as details on how many trades have processed from the offer.

-- All server requests must contain a request number that increments with each message. This prevents attackers from intercepting messages and sending them again.

-- All server requests must contain the server ID that the message is intended for. This prevents attackers from intercepting messages and sending them to other servers.

-- All transactions must contain a transaction number that was previously issued (and signed for). These numbers must be listed on every receipt until signed as closed. (Server can prove entire transaction history without having to store it.)

-- All transactions must contain a signed balance agreement. All incoming receipts must be verifiable against the last signed balance agreement.

-- All source code must be publicly available for audit.

-- All source code must be subjected to an automated code scanner. (Static AND dynamic analysis.)

-- All Bitcoins must be bailed into a system such that individual servers cannot steal bitcoins from their own users, or be hacked and have hackers steal bitcoins from their users. (This is technically possible in Bitcoin...)

-- All currencies issued on the server, including Bitcoins, must have reserves that are publicly auditable.

Also preferable:
-- Users should sign all transactions on a crypto-card.
-- An additional authentication layer should be provided via crypto-tokens with passwords that change every 90 seconds.

These are the standards I demand for anyone who is going to hold my money.

How about you?




co-founder, Monetas
creator, Open-Transactions
Make sure you back up your wallet regularly! With Bitcoin-Qt, it needs to be backed up at least as often as every 100 transactions (both sends and receipts) or new addresses.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481157049
Hero Member
*
Offline Offline

Posts: 1481157049

View Profile Personal Message (Offline)

Ignore
1481157049
Reply with quote  #2

1481157049
Report to moderator
1481157049
Hero Member
*
Offline Offline

Posts: 1481157049

View Profile Personal Message (Offline)

Ignore
1481157049
Reply with quote  #2

1481157049
Report to moderator
1481157049
Hero Member
*
Offline Offline

Posts: 1481157049

View Profile Personal Message (Offline)

Ignore
1481157049
Reply with quote  #2

1481157049
Report to moderator
da2ce7
Legendary
*
Offline Offline

Activity: 1218


Live and Let Live


View Profile
July 26, 2012, 06:09:12 AM
 #2

Sounds Like an exchange that I'd like to use.  Roll Eyes

One off NP-Hard.
koin
Legendary
*
Offline Offline

Activity: 874


View Profile
July 26, 2012, 10:36:49 PM
 #3

These are the standards I demand for anyone who is going to hold my money.

since none are even close to following these, you probably don't have anyone holding your money then?
Vladimir
Hero Member
*****
Offline Offline

Activity: 812


-


View Profile
July 26, 2012, 10:41:22 PM
 #4

ISO 27001

-
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
July 26, 2012, 10:41:36 PM
 #5

When designing a standard the repetitive use of the words ALL and MUST are well, repetitive, especially when used in every bullet point. If you are designing a standard it is implicit that ALL x MUST do y if you just say x do y.   As an example Bitcoin standard doesn't say things like ALL transactions MUST be signed by the private key.  It is understood when someone says transactions are signed by the private key of the input that it i applies to ALL txs and the signing MUST occur each time (not sometimes and not optionally).

Quote
User authentication is handled by Public Key Cryptography.  No passwords are used by the exchange.

Transactions are digitally signed by the client.
Transactions will imlement an incrementing nonce to prevent a replay attack.
Transactions will implement a unique server id (server public key ? ) to prevent redirection attack.

Server will return a transaction receipt for each transaction made by the client.

Transaction receipts contain the original client signed transaction and are digitally signed by the server.
Transaction receipts should contain account current balance(s).
Transaction receipts will contain a transaction ID as well as the prior transaction's transaction ID.
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
July 26, 2012, 10:49:57 PM
 #6

Someday, enough money will be stolen that the Bitcoin community will consider using public key cryptography that was invented back in the 70s.

Proposal for Security Standards for Bitcoin Exchanges (and any other "centralized" storage of people's money)

Everyone: please add your own security proposals to this thread.  :-)

[...]

These are the standards I demand for anyone who is going to hold my money.

How about you?
Good job describing OT (which is a very cool project). But by no means a one-size-fits all solution to all security issues.

davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
July 26, 2012, 10:50:45 PM
 #7

Sounds Like an exchange that I'd like to use.  Roll Eyes
I bet you would Cheesy

glub0x
Hero Member
*****
Offline Offline

Activity: 768



View Profile
July 27, 2012, 02:16:38 AM
 #8

Other things that i do like
--> the no link in e mail policy (phishing)
--> the fake javascript on screen keyboard used in baking online systems . (keylogers)
--> a "evident" login history (always visible, with the login ip, time, AND flags for suspect logins)


The cost of mediation increases transaction costs, limiting the
minimum practical transaction size and cutting off the possibility for small casual transactions

Satoshi Nakamoto : https://bitcoin.org/bitcoin.pdf
fellowtraveler
Sr. Member
****
Offline Offline

Activity: 440


View Profile
July 27, 2012, 06:25:57 AM
 #9

When designing a standard the repetitive use of the words ALL and MUST are well, repetitive, especially when used in every bullet point. If you are designing a standard it is implicit that ALL x MUST do y if you just say x do y.   As an example Bitcoin standard doesn't say things like ALL transactions MUST be signed by the private key.  It is understood when someone says transactions are signed by the private key of the input that it i applies to ALL txs and the signing MUST occur each time (not sometimes and not optionally).

Quote
User authentication is handled by Public Key Cryptography.  No passwords are used by the exchange.

Transactions are digitally signed by the client.
Transactions will imlement an incrementing nonce to prevent a replay attack.
Transactions will implement a unique server id (server public key ? ) to prevent redirection attack.

Server will return a transaction receipt for each transaction made by the client.

Transaction receipts contain the original client signed transaction and are digitally signed by the server.
Transaction receipts should contain account current balance(s).
Transaction receipts will contain a transaction ID as well as the prior transaction's transaction ID.

Great feedback! Thanks.

co-founder, Monetas
creator, Open-Transactions
fellowtraveler
Sr. Member
****
Offline Offline

Activity: 440


View Profile
July 27, 2012, 06:29:21 AM
 #10

Someday, enough money will be stolen that the Bitcoin community will consider using public key cryptography that was invented back in the 70s.

Proposal for Security Standards for Bitcoin Exchanges (and any other "centralized" storage of people's money)

Everyone: please add your own security proposals to this thread.  :-)

[...]

These are the standards I demand for anyone who is going to hold my money.

How about you?
Good job describing OT (which is a very cool project). But by no means a one-size-fits all solution to all security issues.

I'm not trying to just describe OT as a "one size fits all" solution.

Rather, I'm trying to get everyone to add their own security proposals to this thread.

First, so I can steal all their ideas.

Second, because clearly, people in this community are not talking about security mechanisms enough, and are not implementing security mechanisms enough -- they are not thinking about security mechanisms enough.

And as I said a long time ago, people in this community are going to continue to "get screwed" until they do.

(At this point, I can basically set my watch by the regularity of high-profile thefts that occur in this community.)

co-founder, Monetas
creator, Open-Transactions
DarkEmi
Full Member
***
Offline Offline

Activity: 215


View Profile
July 27, 2012, 06:56:41 AM
 #11

- Have all owners and employees declare all btc accounts they own and use and all their accounts at every exchange (not publicly), if they ever are caught using an undeclared accounts that might mean something is fishy

=> This is required in the banking industrie

- Have operators & CTO not brag about their hacking skills on chats and posting youtubes video in place of official statements

OP : your proposals are good

speculate on the mtgox price - http://www.btcoracle.com/
buy Mastercoin - http://masterxchange.com
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
July 27, 2012, 09:17:23 AM
 #12

First, so I can steal all their ideas.

Second, because clearly, people in this community are not talking about security mechanisms enough, and are not implementing security mechanisms enough -- they are not thinking about security mechanisms enough.
I see, I'd add : "use the minimum necessary privileges for API access tokens" but it seems like a no-brainer.
Also you're forgetting the whole human side of the equation, in the last high-profile thefts the lack of access segregation + lack of auditing probably allowed the weakest link to easily break.
So I'd also add : "know who has access to what, exactly"

Stephen Gornick
Legendary
*
Offline Offline

Activity: 2002



View Profile
September 05, 2012, 06:31:55 AM
 #13

(At this point, I can basically set my watch by the regularity of high-profile thefts that occur in this community.)

Yup, BitFloor's was right on time!

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!