building your own bank
play

Building Your Own Bank or... Constructing Crypto Castles Jameson - PowerPoint PPT Presentation

Feb 16, 2024 •97 likes •346 views

Building Your Own Bank or... Constructing Crypto Castles Jameson Lopp Jameson@team.casa Infrastructure Engineer https://keys.casa https://lopp.net asa @lopp A History Rife with Failure An estimated 4,000,000+ BTC lost. An estimated

  1. Building Your Own Bank or... Constructing Crypto Castles Jameson Lopp Jameson@team.casa Infrastructure Engineer https://keys.casa https://lopp.net asa @lopp

  2. A History Rife with Failure An estimated 4,000,000+ BTC lost. An estimated 2,000,000+ BTC stolen.

  3. Issues of Personal Responsibility ● Few folks think about self defense because they aren’t big targets ● Few folks have much more protecting them at home than a few walls and doors that are easily breached by a motivated attacker ● No way to reverse theft of bearer assets means more motivated attackers ● If everyone fails at securing their assets, they won’t be worth much

  4. Attacks Defenses Physical Theft Safes, hidden storage, guards Digital Theft Offline storage Physical disaster Redundant storage Social Engineering Education, Paranoia Collusion Trust Minimization

  5. Key Holding Risks User holds key OR Service holds key ● Malware ● Malware ● Weak password ● Hacks ● Coercion ● Insider theft ● Death of owner ● Fractional reserve ● Data loss ● Government seizure ● Forgotten password ● Data loss ● Phishing ● Frozen by service ● Phishing

  6. Key Holding Risks User holds key AND Service holds key (2-of-2) ● Malware ● Malware ● Weak password ● Hacks ● Coercion ● Insider theft ● Death of owner ● Fractional reserve ● Data loss ● Government seizure ● Forgotten password ● Data loss ● Phishing ● Frozen by service ● Phishing

  7. Key Holding Risks User holds multiple keys AND Service holds key (2-of-3, 3-of-5…) ● Malware ● Malware ● Weak password ● Hacks ● Coercion ● Insider theft ● Death of owner ● Fractional reserve ● Data loss ● Government seizure ● Forgotten password ● Data loss ● Phishing ● Frozen by service ● Phishing

  8. Security Engineering Objectives 1. Protect users from trusted third parties. 2. Protect users from attackers. 3. Protect users from themselves. It’s preferable for a user to temporarily lose access to their funds than for an attacker to temporarily gain access.

  9. Security Engineering Objectives 1. Protect users from trusted third parties. 2. Protect users from themselves. 3. Protect users from attackers. If we push security out to the edges of the network, users are more likely to experience loss due to negligence rather than attack.

  10. How to Build a Bitcoin Bank Step 1: Write down this 24 word seed phrase and keep it safe.

  11. How to Build a Bitcoin Bank Step 1: Write down this 24 word seed phrase and keep it safe.

  12. Users Shouldn’t Handle Seeds

  13. Seedless Recovery

  14. Paper Wallets are Prone to Failure ● Hard to generate private keys securely ● Loss to physical attackers if unencrypted ● Loss due to environmental factors ● Loss due to improper transaction construction / single key sweeping

  15. Metal Wallets are Prone to Failure ● Loss to physical attackers if unencrypted ● Loss due to environmental factors ● Loss due to improper transaction construction / single key sweeping

  16. Add Redundancy: Eliminate SPoF Multi-signature Multi-device Multi-location

  17. My Personal (pre-Casa) Solution 1. Create encrypted file container on airgapped machine with VeraCrypt 2. Encrypt container with a randomly generated long passphrase that you generate via rolling dice 3. Use ssss to split the decryption passphrase into your preferred setup. This mainly depends upon how many trusted friends and family you’re willing to store the encrypted data and decryption shards with. You also want enough redundancy that your M of N scheme doesn’t become useless if a member or two loses their data or dies / is no longer able to participate in a recovery ceremony. 4. Copy file onto N USB drives and place one ssss shard on each drive 5. Hand out USB drives in faraday bags to will executors. 6. Update annually to protect against bitrot. 7. Write down what you have done and provide detailed step-by-step instructions for how to recover the data if you’re no longer around. 8. MAKE SURE YOU TEST YOUR INSTRUCTIONS .

  18. Complexity is the Enemy of Security We aren’t just engineering financial applications for motivated, enthusiastic users. We’re also engineering them for the less savvy heirs who may have to execute a recovery.

  19. How to Build a Bitcoin Bank / Crypto Castle Use the basic building blocks: ● Air gaps are the moat ● Strong crypto / multisig are the stone walls ● Hardware key managers are the portcullis ● Wallet software is the gatehouse ● Automated alerts are the watchtowers ● A simple duress kill switch is the drawbridge

  20. Trust Minimization Low Trust High Trust Low Convenience High Convenience Push security to the edges Simple full node integration is preferable

  21. User Friendliness Software should bake in best practices to educate & guide the user. Visual representations of security make it more real.

  22. Ignorance Protection Some users will get tricked or otherwise compromised. It’s hard to stop social engineering. Solutions: Remind user to verify address out of band with counterparty. OP_CHECKLOCKTIMEVERIFY Malware blacklists Reputation features & covenants

  23. Begin Building Your Crypto Castle Today!

  24. Questions? Jameson Lopp Jameson@team.casa Infrastructure Engineer https://keys.casa https://lopp.net asa @lopp

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Building Africa s global bank s global bank Building Africa Victor Osadolor Group

Building Africa s global bank s global bank Building Africa Victor Osadolor Group

Building Africa s global bank s global bank Building Africa Victor Osadolor Group Chief Finance Officer Merrill Lynch EEMEA Banks Investor Forum 10-11 September 2008 Forward looking statements Presentation and subsequent discussion

530 views • 50 slides
Western NY necessary rail infrastructure to support the advancement of a regional excursion train

Western NY necessary rail infrastructure to support the advancement of a regional excursion train

Project Name Project Description Award Redevelop the Key Bank building into a mixed-used building with office, retail and residentialuses. Transform a mostly abandoned bank building in the center of downtown Jamestown into a mixed-use downtown

401 views • 25 slides
Progress towards building a truly customer-centric bank Ross McEwan, Chief Executive Bank of

Progress towards building a truly customer-centric bank Ross McEwan, Chief Executive Bank of

Progress towards building a truly customer-centric bank Ross McEwan, Chief Executive Bank of America Merrill Lynch Banking & Insurance CEO Conference 30 th September 2014 Our blueprint 1 Contents 1 Our ambition 2 Our purpose 3 Our

732 views • 34 slides
Superior & Exclusive Financial Services The Third Millennium Bank Bank Pasargad Building, No.

Superior & Exclusive Financial Services The Third Millennium Bank Bank Pasargad Building, No.

Superior & Exclusive Financial Services The Third Millennium Bank Bank Pasargad Building, No. 430 Mirdamad Blvd., Tehran 1969774511, Iran, Tel: (+9821) 82891575; Fax: (+9821) 88649521 - website: www.en.bpi.ir - SWIFT: BKBPIRTH Milestones

793 views • 36 slides
and focussing on customer experience, we are building the bank of the future. Performance

and focussing on customer experience, we are building the bank of the future. Performance

By investing in technology and focussing on customer experience, we are building the bank of the future. Performance Highlights The Economy Transaction Overview Benefits At A Glance About Kina Bank What You Can Expect To See Performance

416 views • 13 slides
Building franchise value in an uncertain world Stephen Hester, CEO, The Royal Bank of Scotland

Building franchise value in an uncertain world Stephen Hester, CEO, The Royal Bank of Scotland

Building franchise value in an uncertain world Stephen Hester, CEO, The Royal Bank of Scotland Group Bank of America Merrill Lynch - Banking & Insurance CEO Conference 25 th September 2012 Important Information Certain sections in this

948 views • 30 slides
We have been building a digital ecosystem around MKB for the last 12 months and now we are

We have been building a digital ecosystem around MKB for the last 12 months and now we are

We have been building a digital ecosystem around MKB for the last 12 months and now we are here Were transforming into an open, a state-owned innovative, agile bank built on bank with digital classical values transformation.

601 views • 19 slides
Building a truly customer centric bank Ross McEwan, Chief Executive Morgan Stanley Financial

Building a truly customer centric bank Ross McEwan, Chief Executive Morgan Stanley Financial

Building a truly customer centric bank Ross McEwan, Chief Executive Morgan Stanley Financial Services Conference London 25 th March 2014 Agenda 1 Strategy outline 2 Building capital strength 3 Driving sustainable returns 4 Growing

740 views • 35 slides
Bank On Financial Education Standards Financial Education Barriers ? The Power of Collaboration:

Bank On Financial Education Standards Financial Education Barriers ? The Power of Collaboration:

Bank On Cowlitz Bank On Kitsap Bank On North Sound Bank On Pierce County Bank On Seattle-King County Bank On Spokane Bank On Thurston Bank On Yakima Bank On Financial Education Standards Financial Education

482 views • 8 slides
Eco Building. BY RYAN GORDON. Building plan area 15m 27m Entrance. Front Office. Food

Eco Building. BY RYAN GORDON. Building plan area 15m 27m Entrance. Front Office. Food

Eco Building. BY RYAN GORDON. Building plan area 15m 27m Entrance. Front Office. Food Bank. Toilet. Hall. Cafe. Eco building concepts. I'm going to share facts, information and ideas to enhance and build of my Eco building here are my

268 views • 12 slides
Disrupting the Banking Experience: Building a Mobile-only Bank Yann Del Rey Teresa Ng Easy

Disrupting the Banking Experience: Building a Mobile-only Bank Yann Del Rey Teresa Ng Easy

Disrupting the Banking Experience: Building a Mobile-only Bank Yann Del Rey Teresa Ng Easy on-boarding Zero Fees Instant Notifications Public API - Open to all third party developers Starling Marketplace Insurance Investment FX A

818 views • 46 slides
Building a Reliable Cloud Bank in Java March 2018 @jasonmaude 18th June 2012 19th June 2012

Building a Reliable Cloud Bank in Java March 2018 @jasonmaude 18th June 2012 19th June 2012

Building a Reliable Cloud Bank in Java March 2018 @jasonmaude 18th June 2012 19th June 2012 20th June 2012 10th July 2012 How did this happen? The people accepted the possibility of failure The software didnt We built a bank in a year

874 views • 39 slides
Building a Stronger Organization Murilo Ferreira, Vale CEO Bank of America / Merrill Lynch

Building a Stronger Organization Murilo Ferreira, Vale CEO Bank of America / Merrill Lynch

0 Building a Stronger Organization Murilo Ferreira, Vale CEO Bank of America / Merrill Lynch Global Metals, Mining & Steels CEO Conference Barcelona, May 12, 2015 Disclaimer 1 This presentation may include statements that present

176 views • 17 slides
Successful Acquisition of Wing Hang Bank Building a well-entrenched Greater China presence 18

Successful Acquisition of Wing Hang Bank Building a well-entrenched Greater China presence 18

Successful Acquisition of Wing Hang Bank Building a well-entrenched Greater China presence 18 August 2014 Agenda Closing of Wing Hang Bank Acquisition Funding of Acquisition Financial Highlights Corporate Strategy Greater China Strategy

227 views • 22 slides
Building a Strong, Innovative and Relationship-Based Bank Q3 2016 S eptember 2016 2

Building a Strong, Innovative and Relationship-Based Bank Q3 2016 S eptember 2016 2

Building a Strong, Innovative and Relationship-Based Bank Q3 2016 S eptember 2016 2 Forward-Looking Statements From t ime t o t ime, we make writ t en or oral forward-looking st at ement s wit hin t he meaning of cert ain securit ies laws,

1.1k views • 26 slides
Tutorial on ETF: the Eiffel Testing Framework Building a Bank System Abstract Customers need not

Tutorial on ETF: the Eiffel Testing Framework Building a Bank System Abstract Customers need not

Tutorial on ETF: the Eiffel Testing Framework Building a Bank System Abstract Customers need not know details of your design of classes and features. Instead, there is an agreed interface for customers to specify the way by which they interact

286 views • 27 slides
Enhancing Mobile Malware: an Android RAT Case Study BSIDES VIENNA 2014 November 22 About Marco

Enhancing Mobile Malware: an Android RAT Case Study BSIDES VIENNA 2014 November 22 About Marco

Enhancing Mobile Malware: an Android RAT Case Study BSIDES VIENNA 2014 November 22 About Marco Lancini Security Consultant, CEFRIEL @lancinimarco Roberto Puricelli Security Consultant, CEFRIEL @robywankenoby 2 Introduction Intro

870 views • 35 slides
Security and Usability: The Gap in Real-World Online Banking Mohammad Mannan and P . C. van

Security and Usability: The Gap in Real-World Online Banking Mohammad Mannan and P . C. van

Security and Usability Gap in Online Banking NSPW Presentation - Sep 19, 2007 Security and Usability: The Gap in Real-World Online Banking Mohammad Mannan and P . C. van Oorschot Carleton University Mohammad Mannan Sep 19, 2007 1 Security

544 views • 22 slides
Improving Cyber Resiliency using Intelligence-led Attack Simulations Vincent Yiu Who am I?

Improving Cyber Resiliency using Intelligence-led Attack Simulations Vincent Yiu Who am I?

Improving Cyber Resiliency using Intelligence-led Attack Simulations Vincent Yiu Who am I? @vysecurity Vincent Yiu vincent.yiu@syonsecurity.com Founder of SYON Security Offensive Operations including Adversary Simulaton and Penetration

344 views • 33 slides
Collaborative Verification of Information Flow for a High-Assurance App Store Michael D. Ernst,

Collaborative Verification of Information Flow for a High-Assurance App Store Michael D. Ernst,

Collaborative Verification of Information Flow for a High-Assurance App Store Michael D. Ernst, Ren Just , Suzanne Millstein, Werner Dietl*, Stuart Pernsteiner, Franziska Roesner, Karl Koscher, Paulo Barros, Ravi Bhoraskar, Seungyeop Han, Paul

1.24k views • 84 slides
The Fruitridge Finger Final Design Portfolio The Issue The Fruitridge Finger is an area of

The Fruitridge Finger Final Design Portfolio The Issue The Fruitridge Finger is an area of

The Fruitridge Finger Final Design Portfolio The Issue The Fruitridge Finger is an area of unincorporated Sacramento County almost completely surrounded by the City of Sacramento. As not part of the City of Sacramento, the Finger does

474 views • 20 slides
Chord

Chord

What is Chord? What does it do? Chord

325 views • 7 slides
Finger Search Searching in a sorted array 2 3 5 7 8 11 13 14 15 17 18 20 24 25 26

Finger Search Searching in a sorted array 2 3 5 7 8 11 13 14 15 17 18 20 24 25 26

Finger Search Searching in a sorted array 2 3 5 7 8 11 13 14 15 17 18 20 24 25 26 28 29 31 33 34 time O(log n ) Finger Binary search(13) d 2 3 5 7 8 11 13 14 15 17 18 20 24 25 26 28 29 31 33 34 time

217 views • 7 slides
Unicamp MC714 Distributed Systems Slides by Maarten van Steen, adapted from Distributed Systems,

Unicamp MC714 Distributed Systems Slides by Maarten van Steen, adapted from Distributed Systems,

Unicamp MC714 Distributed Systems Slides by Maarten van Steen, adapted from Distributed Systems, 3rd edition Chapter 09: P2P Chord: Distributed hash tables Illustrative: Chord Consider the organization of many nodes into a logical ring Each

984 views • 11 slides

More recommend