Sunday, 11 August 2013

Inside Bitfrore Part 4 - Minimal Attack Surface

Please support our Indiegogo campaign to make the Bitfrore - Bitcoin Paper Wallet a reality.

http://www.indiegogo.com/projects/bitfrore-bitcoin-cold-paper-wallet-printer



This is part 4 in a series of posts on the Bitfrore technology.
Click here to view the previous posts.


Every piece of software has an attack surface. Hackers explore this surface looking for a way in. When developing security sensitive software it's considered best practice to minimize the attack surface as much as possible1.

Before Bitfrore the safest way to generate a Paper Wallet was to take something with a large attack surface like a Desktop PC and try to minimize the attack surface as much as possible. This was done by disconnecting the PC from the internet and using an operating system like Linux that is currently not a major target for hackers.
This subtractive approach leaves the risk that anything that isn't subtracted is still a potential attack vector.

We live in a world where a malicious USB charger can infect your iPhone2. You're not even safe on the toilet anymore3. If there is a monetary incentive to attack a system Hackers will find a way. What better monetary incentive could a hacker have than to steal your Bitcoins.

Bitfrore takes the opposite "additive" approach to the attack surface problem. Bitfrore starts with nothing and adds only the minimum components needed to print a paper wallet.

At its heart Bitfrore is based on a microcontroller rather than a desktop CPU this means the there is no complex operating system that requires constant updates4. The Bitfrore software is open source and easy to audit due to its small size. Bitfrore has no external ports for a malicious device to be connected to. The hardware design is open and contains only the minimum hardware components to print a  paper wallet.

This minimal attack surface design principle provides the safest most secure way to generate a Bitcoin Paper Wallet.

References:
  1. http://en.wikipedia.org/wiki/Attack_surface
  2. http://www.macobserver.com/tmo/article/researchers-to-show-how-to-hack-iphone-with-usb-charger
  3. http://mashable.com/2013/08/03/smart-toilet-hack-threat/
  4. http://www.debian.org/security/#DSAS

1 comment:

  1. Exchanges are investing heavily at the safety along with efficiency of an get free bitcoins system. Entrepreneurs are carrying their prospects along with building great businesses around the actual idea.

    ReplyDelete