From a9713362c7a817cde2beee76cb90b3c855301873 Mon Sep 17 00:00:00 2001 From: Tiana01 <40744535+Tiana01@users.noreply.github.com> Date: Thu, 25 Feb 2021 09:42:48 +0100 Subject: [PATCH 1/5] docs(security): add wallet security --- security/Wallet Security.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 security/Wallet Security.md diff --git a/security/Wallet Security.md b/security/Wallet Security.md new file mode 100644 index 0000000..8239083 --- /dev/null +++ b/security/Wallet Security.md @@ -0,0 +1,12 @@ +# Wallet security + +## Intro + +If you make use of wallets, you probably have heard of private keys and private key management. A private key is a number, usually encrypted, that allows bitcoin to be spent. Private keys are sensitive information that need to be properly secured because if they fall into the wrong hands, all your bitcoin could be stolen. Hence, we could say that ensuring security in wallets is majorly about securing your private key. + +This chapter focuses however not on private key management, but on security in the general sense. It looks at existing mechanisms and also best practices that improve and ensure security in wallets. + +**Possible headings** + + + From 905e0f0905756b0ac1eeef204379ae2ea5036e62 Mon Sep 17 00:00:00 2001 From: Tiana01 <40744535+Tiana01@users.noreply.github.com> Date: Thu, 25 Feb 2021 10:24:46 +0100 Subject: [PATCH 2/5] Update Wallet Security.md --- security/Wallet Security.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/security/Wallet Security.md b/security/Wallet Security.md index 8239083..d61442c 100644 --- a/security/Wallet Security.md +++ b/security/Wallet Security.md @@ -6,7 +6,16 @@ If you make use of wallets, you probably have heard of private keys and private This chapter focuses however not on private key management, but on security in the general sense. It looks at existing mechanisms and also best practices that improve and ensure security in wallets. -**Possible headings** +**Why it is important** + +- talk about risk of loss and theft + +**Existing Mechanisms** + +- Signing Messages +- Encryption (messages, passcode) +- PIN code +- cold or offline storage From 47efa29d920fa304d1ffd355c76115f0ffb4b577 Mon Sep 17 00:00:00 2001 From: Tiana01 <40744535+Tiana01@users.noreply.github.com> Date: Mon, 1 Mar 2021 17:03:06 +0100 Subject: [PATCH 3/5] docs(security): add Wallet Security --- payments/Dust attacks.md | 5 +++ security/Wallet Security.md | 62 ++++++++++++++++++++++++++++++++----- 2 files changed, 60 insertions(+), 7 deletions(-) create mode 100644 payments/Dust attacks.md diff --git a/payments/Dust attacks.md b/payments/Dust attacks.md new file mode 100644 index 0000000..c6fce8f --- /dev/null +++ b/payments/Dust attacks.md @@ -0,0 +1,5 @@ +# Dust Attacks + +- what are they +- mechanisms put in place to solve them +- how they can be avoided by design \ No newline at end of file diff --git a/security/Wallet Security.md b/security/Wallet Security.md index d61442c..d728659 100644 --- a/security/Wallet Security.md +++ b/security/Wallet Security.md @@ -2,20 +2,68 @@ ## Intro -If you make use of wallets, you probably have heard of private keys and private key management. A private key is a number, usually encrypted, that allows bitcoin to be spent. Private keys are sensitive information that need to be properly secured because if they fall into the wrong hands, all your bitcoin could be stolen. Hence, we could say that ensuring security in wallets is majorly about securing your private key. +If you make use of wallets, then you probably have heard of private keys and private key management. A private key is a number, usually encrypted, that allows bitcoin to be spent. Private keys are sensitive information that need to be properly secured because if they fall into the wrong hands, all your bitcoin could be stolen. Hence, we could say that ensuring security in wallets is majorly about securing your private key. -This chapter focuses however not on private key management, but on security in the general sense. It looks at existing mechanisms and also best practices that improve and ensure security in wallets. +This chapter focuses however not on private key management, but on information security in the general sense. It looks at the importance, existing mechanisms and also best practices that improve and ensure security in wallets. It also considers the roles designers play in ensuring this security through design. -**Why it is important** +## Why it is important - talk about risk of loss and theft -**Existing Mechanisms** + + +## Existing Mechanisms + +### Signing Messages -verifying your identity, proving ownership of fund + +This is an bitcoin functionality that allows you sign messages to prove that you are in control of some funds belonging to a particular bitcoin address. + + + +#### How it works + +- Put in message and address that transaction was made on + +- A message signature is produced + +- Send this to whoever is requesting + +- On their end they will copy the info and paste it in their wallet to verify + + + +#### Scenarios where it can it be used + +1. Let’s say you need a refund from a merchant you made payment to. Because of the lack of identification on bitcoin transactions, the merchant is going to need to confirm that you made that transaction. Hence they will request a signed message with the address from which the payment was made + +2. Let’s say you make a payment for some goods on the internet with bitcoin. The merchant would require some proof of payment from you... it could also contain the address for delivery so that the merchant makes sure they are sending it to the right customer + + + +#### What effect does this have on security + +Being that Bitcoin addresses aren't tied to identities there is really no way to know if a network has been intercepted by some malicious third-party which you end up sending your bitcoin to. Signing messages allows you to verify that the persons receiving or sending bitcoins is who they say they are. + + + +### Encryption - messages, passcode + +Every device that is connected to the internet is vulnerable to some form of cyber attack. Wallet encryption require you to create password that would subsequently be required when a transaction is to be made. It is an extra layer of security ( usually optional ) that prevents anyone who isn't you from processing a transaction. + + + +### PIN code and Biometric Authentication + +This is required to unlock the app. This adds and extra layer of privacy and security as no one will be able to get access to your phone. -- Signing Messages -- Encryption (messages, passcode) -- PIN code - cold or offline storage + + +## What role do designers play in ensuring security + +- Safety by design (talk about privacy by design here) +- Adversarial Thinking + From c3942741f0460e0cc03cbc314b1a28bddc6bb57c Mon Sep 17 00:00:00 2001 From: Tiana01 <40744535+Tiana01@users.noreply.github.com> Date: Mon, 1 Mar 2021 17:09:09 +0100 Subject: [PATCH 4/5] Delete Dust attacks.md --- payments/Dust attacks.md | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 payments/Dust attacks.md diff --git a/payments/Dust attacks.md b/payments/Dust attacks.md deleted file mode 100644 index c6fce8f..0000000 --- a/payments/Dust attacks.md +++ /dev/null @@ -1,5 +0,0 @@ -# Dust Attacks - -- what are they -- mechanisms put in place to solve them -- how they can be avoided by design \ No newline at end of file From 07520954bc55318ff9280c92b878effb4bc51999 Mon Sep 17 00:00:00 2001 From: Tiana01 <40744535+Tiana01@users.noreply.github.com> Date: Tue, 2 Mar 2021 12:43:50 +0100 Subject: [PATCH 5/5] Update Wallet Security.md --- security/Wallet Security.md | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/security/Wallet Security.md b/security/Wallet Security.md index d728659..8c16925 100644 --- a/security/Wallet Security.md +++ b/security/Wallet Security.md @@ -2,9 +2,11 @@ ## Intro -If you make use of wallets, then you probably have heard of private keys and private key management. A private key is a number, usually encrypted, that allows bitcoin to be spent. Private keys are sensitive information that need to be properly secured because if they fall into the wrong hands, all your bitcoin could be stolen. Hence, we could say that ensuring security in wallets is majorly about securing your private key. +Wallet security is a term that is used to describe the mechanisms, processes or actions that ensure security of users wallet against physical and digital attackers. This information needs to be properly secured because if they fall into the wrong hands, all your bitcoin could be stolen. + +This chapter focuses therefore on information security in the general sense. It looks at the importance, existing mechanisms and also best practices that improve and ensure security in wallets. It also considers the roles designers play in ensuring this security through design. + -This chapter focuses however not on private key management, but on information security in the general sense. It looks at the importance, existing mechanisms and also best practices that improve and ensure security in wallets. It also considers the roles designers play in ensuring this security through design. ## Why it is important @@ -14,7 +16,7 @@ This chapter focuses however not on private key management, but on information s ## Existing Mechanisms -### Signing Messages -verifying your identity, proving ownership of fund +### Signing Messages - verifying your identity, proving ownership of fund This is an bitcoin functionality that allows you sign messages to prove that you are in control of some funds belonging to a particular bitcoin address. @@ -54,13 +56,23 @@ Every device that is connected to the internet is vulnerable to some form of cyb ### PIN code and Biometric Authentication -This is required to unlock the app. This adds and extra layer of privacy and security as no one will be able to get access to your phone. +In some wallets, the user is required to create lock for the wallet. This could come in form of a PIN code or a form of biometric authentication like fingerprint lock or face ID. This adds and extra layer of privacy and security as no one will be able to get access to your wallet. -- cold or offline storage - -## What role do designers play in ensuring security +### Cold or offline storage + +Hot and cold describe a wallet in terms of being connected to the internet. Where a hot wallet is connected to the internet, a cold wallet is not. The idea is that a cold wallet is less susceptible to third-party theft over the internet as a transaction can only be confirmed by an action on the hardware wallet. This makes it extremely difficult, if not impossible, for hackers or cyber criminals to have access to your bitcoins. + +#### Types of cold storage + +1. **Paper wallets:** This is a document that has the public and private keys written on it. It also has a QR code that can be scanned to make a transaction. To keep your bitcoins secured, this wallet has to be stored in safe place. +2. **Hardware wallets**: These are wallets that store your private keys on hardware devices which can be connected to a computer to carryout transactions. It should be protected against damage and theft. Some hardware wallets include Ledger, Trezor, etc +3. **Offline software**: These are software wallets that do not need to be connected to the internet for transactions to be carried out. Electrum is an example of such a wallet + +#### + +## What role do designers play in ensuring security - Safety by design (talk about privacy by design here) - Adversarial Thinking