Author

Topic: Methods to protect Bitcoin private keys, both in database and Electrum ? (Read 996 times)

sr. member
Activity: 433
Merit: 250
BTG CEO
newbie
Activity: 6
Merit: 0


Gentlemen,

I'm conducting automated, online transactions with a few dozen anonymous parties. They don't know me and I don't know them. There are occasions when my web application, or I as an individual, may hold Bitcoin in a custodial capacity for said parties. It's important that I protect the private keys corresponding to a large number of Bitcoin addresses which my application creates on-the-fly as needed.

I have a software development background and have read as much as I can about protecting sensitive data but am fairly new to the latter so I'd like to present you with an overview of my private key protection strategy and then ask what you, as experts, perceive to be possible vulnerabilities in my plan.

Here's my layout and plan:

My main work computer is a MacBook Pro running El Capitan. It's typically plugged into a multi-monitor setup in my home although I'll occasionally take it on the road with me, making it somewhat vulnerable to theft. The OS's built-in FileVault disk encryption is turned on.

My web application runs on a grid of Windows 2008 servers that live at Amazon Web Services (AWS). This grid of servers, plus my laptop, constitute the entirety of my network.

One of the servers in the grid is running SQL Server and in that database is a table, and in that table is a field called 'privateKey' which contains the private key for a single Bitcoin address. The table will contain many rows since there are many addresses to deal with. The 'privateKey' field is a binary stream containing (1) an initialization vector (length=16 bytes) and (2) an encrypted representation of the private key. My program uses the initialization vector and a secret password (length=32 bytes) as inputs into a symmetric encryption algorithm (.NET/RijndaelManaged) to decrypt and use the private key.

The secret password isn't stored in a file on the server. It's stored on my laptop in a human-readable document called 'specialFolder\myPasswords.txt'' in hex format. When the server app is started, a secondary helper app prompts for the secret password which I then copy/paste into the helper app's console over a Remote Desktop connection. The helper app's console is then closed and the secret password is then only held in RAM on the server, within the process of my application.

There are also Bitcoin private keys held outside of my application in "wallets" managed manually, by me, using a third party program called Electrum. Electrum runs on my laptop and uses one file to represent each wallet. (A 'wallet' is just a collection of Bitcoin addresses and their respective private keys). I've configured Electrum to store the wallet files in 'specialFolder\myWalletFolder' on the laptop. Electrum encrypts the wallet files such that the private keys contained therein can't be used without a strong password which is entered by me as needed at runtime.

Electrum uses a mechanism wherein the public/private keypairs it generates are created in a predetermined fashion using what the documentation refers to as a 'seed.' The seed is a long series of human words. If one knows the seed, the keys can be regenerated and the wallet restored. I keep backups of the wallet seeds in a file called 'specialFolder\myElectrumSeeds.txt' on my laptop.

If you've read this far, you may have noticed that I'm keeping a lot of sensitive information in plain text within 'specialFolder' on the laptop. But this really isn't a folder at all. It's actually a volume created and maintained using a program called VeraCrypt. I only 'mount' this encrypted volume when I need to access its contents and then I immediately 'unmount' it. The laptop is never left alone when 'specialFolder' is mounted. Mounting the volume requires a password. That password is known only to me and isn't stored on the laptop.

VeraCrypt stores and accesses the 'specialFolder' volume through a single file. That file is named 'veracryptFile.' veracryptFile lives on my laptop on a Dropbox-synchronized folder. Whenever the VeraCrypt volume (and thus 'veracryptFile') is modified, the changes are immediately propegated to (1) DropBox-owned servers and (2) a server in the grid at AWS, and (3) another private server at AWS that's in a different geographical location.

In addition, a physical printout of the contents of 'specialFolder\myPasswords.txt' and 'specialFolder\myElectrumSeeds' is kept in a safe deposit box at a local bank, to which only I have the key.

The parties with whom I do business may occasionally login to my app and execute  transactions which result in Bitcoin being sent to them. Password theft obviously weighs heavily on my mind.

The SQL Server discussed earlier contains a table of all of my users, and that table contains a field called 'password.' The 'password' field contains: (1) a random byte sequence (length=32 bytes) and (2) a hash of a concatenation of the user's password and the random byte sequence. My program uses the random byte sequence and the password the user supplies at login as inputs into a hashing algorithm (.NET/SHA256Managed). If the hashing algorithm's output matches the hash stored in the database, the user is considered authenticated.

A user must be authenticated prior to executing a transaction that would result in a Bitcoin disbursement. In addition, each user is required to have a BitMessage address. When the transaction is submitted online, my program creates a 10-digit random string and sends it to the user's BitMessage address. That string must be entered by the user in order to begin execution of his transaction.

This BitMessage confirmation protocol is also required if the user wants to: (1) change his password, or (2) specify a different BitMessage address in his profile.

Given the strategy outlined above, do you see any glaring vulnerabilities ? Here are the attack vectors I've considered thus far:

LAPTOP IS STOLEN: perp would have to defeat Apple's FileVault encryption (assuming laptop was powered off when stolen) plus the VeraCrypt encryption on 'SpecialFolder'. I could recover the lost files via DropBox or my AWS-hosted DropBox peers.

LAPTOP IS TARGETED BY ROGUE APPLE STORE TECH-SUPPORT EMPLOYEE WITH ADMIN ACCESS: perp would have to defeat VeraCrypt encryption on 'SpecialFolder'.

DROPBOX ACCOUNT IS HACKED: perp would have to defeat VeraCrypt encryption on 'SpecialFolder'.

AMAZON SERVER IS ATTACKED: perp would need physical access to machine and have a way to probe RAM to obtain 'secretPassword' since it's not stored on the hard drive.

USER PASSWORD(S) ARE STOLEN: perp would also need access to the user's BitMessage account in order to steal Bitcoin from the compromised user.

Are there other attack scenarios I've overlooked? For the sake of this forum post, I'd like to limit attack vectors to technical exploits, not those of the violent or gangster variety (extortion, blackmail, etc.).

Thank you for your thoughts.

Best,

Nostril
Jump to: