Bitcoin private keys often find themselves residing in devices populating the Internet of Things. The number of these devices continues to grow exponentially. Today, billions of devices are seamlessly interconnected in the Internet of Things cloud, collecting and sharing data all over the world. They are also performing a variety of tasks, including financial transactions. The Internet of Things is omnipresent in our homes, places of work and cities, offering us enormous benefits and new opportunities. However, the Internet of Things also presents us with tremendous security risks. Indeed, inventorying these devices and accounting for the security of the data they contain presents a colossal challenge.
Security in the Internet of Things
Billions upon billions of devices are being interconnected all over the world. The number of these devices is expected to reach the astronomic number of 30 billion by the year 2020, according to McKinsey & Co. These devices are becoming increasingly smarter, capable of collecting and exchanging ever-greater amounts of data and performing ever more complex tasks. Certainly, the risks associated with the Internet of Things are of great concern.
Just the sheer number of interconnected devices in the workplace poses huge security challenges. For example, ISACA reported that one in two cybersecurity experts believes that, in any given enterprise, the IT department is not aware of all the organization’s connected devices. According to the same report, 63 percent of the security experts believe the use of Internet of Things devices has reduced employee privacy. And, 72 percent of the experts believe that Internet of Things device manufacturers do not implement sufficient security.
The Internet of Things and Government’s Concerns
The US government is concerned about the security challenges of the Internet of Things. Early this year, Federal Trade Commission Chairwoman Edith Ramirez addressed her agency’s concerns over privacy in the Internet of Things. Specifically, these concerns are related to widespread data collection, and the potential for unexpected uses of consumer data that could have adverse consequences and heightened security risks. As a result, these risks might eventually undermine consumer trust, says Ramirez. To enhance consumer privacy and security, and thereby build consumer trust in the devices of the Internet of Things, Ramirez proposed the following steps to the Consumer Electronic Association:
- Adopting “security by design”
- Engaging in data minimization
- Increasing transparency and providing consumers with notice and choice for unexpected data uses.
Across the Atlantic, the European Union has also highlighted these concerns. In effect, discrepancies exist between the EU and the US regarding personal data protection “adequacy” standards. As a result, the US Department of Commerce established the Safe Harbor program. This program’s objective was to allow US companies to satisfy the “adequacy” requirements and allow them to transfer personal data from the EU. The EU approved the Safe Harbor program in November 2000. However, in early October 2015, the European Court of Justice declared the Safe Harbor agreement between the EU and the US invalid. The effect of this ruling could be particularly negative for US companies like Facebook, Apple, Google, Microsoft and Amazon, as European courts might order suspending the transfer of data from Europe to servers in the United States.
Bitcoin’s Hardware and the Internet of Things
Bitcoin and the blockchain technology behind it are present in many of the devices populating the Internet of Things. For example, many of the Bitcoin digital wallets reside in tablets, mobile smartphones, and other wearables. Wearables are electronic devices that can be worn on the body, either as accessories or as part of the material used in clothing.
Your bitcoins are protected by your private key. Bitcoin and the blockchain transactions are encrypted using the SHA-256 algorithm. However, most likely, your private key resides in one of your devices, which are connected to the Internet of Things. Remember that the Internet is unsecured. And, if you lose your private key, you lose your bitcoins.
Fortunately, new products are entering the market to improve the security of Bitcoin hardware. For example, KeepKey is a USB device that allows you to protect your private key and keep it offline. You can connect KeepKey to the Internet only when you need to perform a financial transaction. Then, you disconnect KeepKey from the Internet and store it offline. In this way, you can keep your private key secure from malware, viruses, and other malicious attacks. Additionally, access to the KeepKey is PIN protected, which renders it useless if it is stolen.
To enhance the security of your bitcoins, Xapo has developed a new security standard, which is integrated in the Xapo Vault. The Xapo Vault offers to reduce security risks by using three layers of sophisticated cryptographic security. “These processes include multi-factor authentication and private key segmentation, between others.”
Xapo maintains a global, redundant network of vaults. This network is made up of vaults that are housed in high-security installations; one such vault is actually located deep within a decommissioned Swiss military bunker. When you move your bitcoins from a Xapo vault to your electronic wallet, several security steps are executed over the course of 48 hours. Xapo also states that it uses a satellite to continually monitor and validate the system-wide security of the terrestrial network. Interestingly, bitcoins stored in the Xapo Vault are insured by third-party insurance companies.
So by using Bitcoin, you get the benefit of financial pseudonymity. This characteristic, when combined with other technologies, particularly with anonymous communications and offline storage of your private key, could help minimize the security risks inherent to the Internet of Things.
What are your thoughts on the security of storing your Bitcoin private key offline? Let us know in the comments below!
Images courtesy of Pixabay.