|
|
posted: December 8, 2024
tl;dr: A security system is only as secure as the keys that give access to it...
Suppose you have some valuable objects to protect against theft. You decide to build one of the world’s most secure vaults. It is a room in the shape of a cube buried fifty feet underground, with six feet of concrete on all sides. The access is through a well-balanced two-foot thick steel door that weighs two tons and can barely be moved by a human, with multiple steel rods that secure the door when it is closed and locked. The lock is mechanical, so that it works without need of electricity. You place your valuables in the vault, close and lock the door, and walk away with your key, secure in the belief that your valuables are well protected. But are they?
You may or may not realize it, but you now have another problem: how do you secure the key? Anyone who possesses the key and knows where your vault is can get to your valuables. You could build a second equally secure vault to store the key, but that second vault will also have a key that needs to be secured. The key, or the key to the key, needs to exist in the physical world outside of your vault(s), and it also needs to be secured.
Do you keep the key in your possession at all times? Bury it in the backyard? Tell a handful of trusted people where the key and the vault are in case something happens to you? How do you know these people can really be trusted? Do you trust no one, and allow your key and vault location to perish with you, meaning your valuables may be lost to humanity for thousands of years, only (perhaps) to be uncovered in the future by dedicated archaeologists?
A similar problem, only worse, exists in computer security. The “valuable” could be anything from a personal email account to a Bitcoin wallet that holds Bitcoin worth millions of dollars. The vault could be a basic login system that requires a password, perhaps with multi-factor authentication, to the highly encrypted Bitcoin network protocol, which requires a private key to access a wallet. But passwords, access tokens, secrets, and private keys are really all the same thing: they are the key in the vault example above, in that anyone who possesses it can gain access to the valuables stored in the vault.
This vault seems secure, but what about the key that provides access to it?
There are so many ways to steal a computer key:
Brute force
You can program a computer to try different guesses, hoping eventually to get lucky and gain access. This is why many login systems limit attempts to a small number per time period. But not all systems have limits.
Social engineering
This is the most prevalent method these days: the attacker does something to get the keyholder to either disclose the key or enough information about the key to make it easier to guess what the key is using a small amount of brute force. This is the whole aim of phishing attacks, for example sending the keyholder a nefarious email containing a link that goes to an attacker’s website where the keyholder discloses the key or information about it. Some keys are very long strings of letters, numbers, and characters, so often keyholders will use an easier-to-remember seed phrase which, when run through a well-known algorithm, generates the key. If the attacker can learn some information about the keyholder, such as his/her family members’ names or favorite sports teams or the street where he/she grew up, the attacker may be able to come up with a set of seed phrases and keys to try in a brute force attack. If the keyholder has disclosed the key to a trusted individual, it may be possible to do social engineering on that trusted individual.
Surveillance
This is also a popular method: the attacker monitors the computer systems that the keyholder uses, hoping to capture the key amidst all the other activity the keyholder performs. A hidden program that captures and relays keystrokes as the keyholder types on his/her computer or smartphone can do this. Some keyholders make the mistake of sending the key via email, which is insecure. Surveillance can also take the form of cameras in public spaces that watch users type on their devices, hoping that they will type a key that can then be captured.
Key reuse
Some keyholders make the mistake of reusing the key or the seed phrase on a second computer system that can be or has been hacked. When these other computer systems are hacked, the keys often end up on the dark web. Users can often see if their keys have been compromised on Have I been pwned? but few bother doing so. An attacker can then try these keys on the system of interest to see if the keyholder made the mistake of reusing a key.
Attacks on computer systems where the user has placed the key
Some keyholders place their keys on computer systems that store and perhaps use the keys. Break into one of these systems, either via an external attack or an inside job, and an attacker can gain access to the keys.
Physical attacks
These can also take many forms. The places where the keyholder lives and works can be ransacked, looking for the key. The keyholder or an individual the keyholder has trusted with the key or its location can be threatened with violence to disclose the key.
Quantum computers
One of the primary aims of quantum computers is to break the encryption used to secure network traffic and render the original messages in plaintext. If historical encrypted messages are captured and logged, quantum computers can potentially be used to look back in time to see if the keyholder ever disclosed the key over a communication system thought to be secure at the time.
Given the many ways that keys can be stolen, it should be no surprise to learn that individuals and organizations have had their Bitcoin stolen by attackers gaining access to private keys. This problem will continue to happen to Bitcoin users and to users of all computer systems protected by some form of key or secret.
Related post: Why I’m not a Bitcoin HODLer
Related post: Why I’m not a Bitcoin HODLer, part two
Related post: Attention China: How to destroy the U.S.A.’s Strategic Bitcoin Reserve
Related post: The fallout from the Great Bitcoin Hack