Better security for the internet currency Bitcoin
The internet currency Bitcoin was created in 2009. It should offer the same advantages as cash. The new electronic currency has an increasing number of support¬ers. But ETH-researchers found out, that there is a securitiy problem. They also have a suggestion, how this problem could be solved.
More and more we use the internet for payments. But there are still some security problems to be solved. Scientists of the ETH Zurich from the System Security Group recently tested the security of the internet currency Bitcoin.
An uncomplicated, electronic payment system that offers the same advantages as cash – this is exactly what everyone has been dreaming of who has been fighting for more freedom on the internet and against the might of the banks. Precisely one such system was created in 2009: the internet currency Bitcoin. Despite all the prophecies of doom that the system would soon burst like a bubble, and despite all the warnings that Bitcoin promotes trading in illegal goods, the new electronic currency has an increasing number of supporters.
Modern encryption technology
The virtual money was made possible by modern encryption technology. Every Bitcoin is secured by a key; every transaction that the (anonymous) users perform is registered so that the same coin cannot be used twice. However, the verification of a payment usually takes ten whole minutes. Sometimes, the seller even has to wait for an hour before he can be sure that the money transferred is actually his. For online traders who sell books on the internet, this amount of time is not a problem. For quicker transactions, such as purchasing a hamburger at a snack bar, however, it is a major obstacle. If the buyer is not to wait unnecessarily long, the seller has to hand over the goods without any definitive confirmation.
Together with Ghassan Karame and Srdjan Capkun, Elli Androulaki, a postdoc at the Institute of Information Security, managed to demonstrate that there is actually a security loophole here, even if it has never been exploited in concrete daily life. With an elaborate configuration, the buyer can actually spend his electronic coins twice: first, he buys the goods he desires; then he transfers the same amount to his own account. As the transactions are verified via a complex process in the Bitcoin network and not by a central office, the buyer can perform an exchange manoeuvre: the seller sees that the Bitcoins have been transferred to his account, so he is willing to dispatch the goods. However, if the buyer is clever enough, the network only registers the second illegal transaction instead of the first legal one, and the buyer ends up with both: the goods and the money.
If Bitcoin is to establish itself as an everyday, viable alternative, this gap needs to be plugged, confirms Capkun, in whose group the study was conducted. “We are already in talks with the operators of the Bitcoin network and have proposed a concrete solution, which is now due to be implemented.”
Globe in the currend issue: “Safely into the networked world»
Further articles about IT-security are available at
the currend issue of Globe. The magazine
of ETH Zurich and ETH Alumni, shows some of their projects. With concrete
issues derived from practical experience at the heart of what they do,
scientists from ETH Zurich are working under high pressure with partners from
industry at the Zurich Information and Privacy Center (ZISC) to make
information systems more secureThe magazine is also available as a free iPad
The Globe iPad app is available for download in German and English from the iTunes store, with additional picture galleries and films on individual articles. As of next year, there will also be a version for Android devices.
Globe is also in the internet.