A first look at the usability of bitcoin key management

@article{Eskandari2018AFL,
  title={A first look at the usability of bitcoin key management},
  author={Shayan Eskandari and Jeremy Clark and David Barrera and Elizabeth Stobert},
  journal={ArXiv},
  year={2018},
  volume={abs/1802.04351}
}
Bitcoin users are directly or indirectly forced to deal with public key cryptography, which has a number of security and usability challenges that differ from the password-based authentication underlying most online banking services. Users must ensure that keys are simultaneously accessible, resistant to digital theft and resilient to loss. In this paper, we contribute an evaluation framework for comparing Bitcoin key management approaches, and conduct a broad usability evaluation of six… 

Figures and Tables from this paper

How do Bitcoin users manage their private keys?
TLDR
The results showed that users employed technologies to enhance the protection of their Bitcoin private keys, such as encryption and multi-signature, however, a proportion of users employed less secure approaches.
Recommendations for implementing a Bitcoin wallet using smart card
TLDR
This work dived into the project of hardware wallets, discussing different requirements and ways to construct one, and implemented its own open source prototype, showing the architecture of the project, its components, the requirements, the APDU communication protocol and the results.
The Other Side of the Coin: User Experiences with Bitcoin Security and Privacy
TLDR
The first large-scale survey to investigate how users experience the Bitcoin ecosystem in terms of security, privacy and anonymity found that many users do not use all security capabilities of their selected Bitcoin management tool and have significant misconceptions on how to remain anonymous and protect their privacy in the Bitcoin network.
Efficient Bitcoin Password-protected Wallet Scheme with Key-dependent Message Security
TLDR
This paper proposes a new password-protected wallet scheme that uses a KDM secure scheme to encrypt wallet files and proves that the scheme is KDM-CCA secure and the semi-trust cloud server cannot get any information of the backup files.
Strengthening the bitcoin safety: a graded span based key partitioning mechanism
TLDR
A private key safety model is proposed for safely keeping the sub elements of the private key under different spans that introduce syntactic, semantic and cognitive safety control to minimize the complete key loss.
Improving Malware Mitigation For Online Bitcoin Wallets
TLDR
Users such as the online shops need to protect their bitcoins against attackers who attempt to steal them and they need to keep their private key safe because stealing a Bitcoin private key permits attackers to steal the money.
User perception of Bitcoin usability and security across novice users
Secure hierarchical Bitcoin wallet scheme against privilege escalation attacks
TLDR
A novel HD wallet scheme that gives out a signature with trapdoor hash functions instead of directly giving private keys for signing to achieve user anonymity, public key derivation, and high scalability.
Identifying Key Leakage of Bitcoin Users
TLDR
This work systematically outline how an attacker can use duplicate r values to leak nonces and secret keys, which goes beyond the simple case where the same nonce and the same key have been used in conjunction more than once.
Bitcoin Covenants
TLDR
It is shown how covenants enable vaults, which disincentivize key theft by preventing an attacker from gaining full access to stolen funds, and how Bitcoin-NG can be implemented progressively as an overlay on top of the Bitcoin blockchain.
...
...

References

SHOWING 1-10 OF 31 REFERENCES
Zerocoin: Anonymous Distributed E-Cash from Bitcoin
TLDR
Zerocoin is proposed, a cryptographic extension to Bitcoin that augments the protocol to allow for fully anonymous currency transactions and uses standard cryptographic assumptions and does not introduce new trusted parties or otherwise change the security model of Bitcoin.
How to make secure email easier to use
TLDR
It is argued that the vast majority of Internet users can start enjoying digitally signed email today and software vendors must make minor changes to the way that mail clients store email before unsophisticated users can safely handle mail that is sealed with encryption.
Johnny 2: a user test of key continuity management with S/MIME and Outlook Express
TLDR
The first user study of KCM-secured email is presented, conducted on naïve users who had no previous experience with secure email, and concludes that KCM is a workable model for improving email security today, but work is needed to alert users to "phishing" attacks.
Bitter to Better - How to Make Bitcoin a Better Currency
TLDR
An in-depth investigation is performed to understand what made Bitcoin so successful, while decades of research on cryptographic e-cash has not lead to a large-scale deployment.
On the privacy provisions of Bloom filters in lightweight bitcoin clients
TLDR
An efficient countermeasure is proposed to enhance the privacy of users which rely on SPV clients which can be directly integrated within existing SPV client implementations.
Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0
TLDR
It is concluded that PGP 5.0 is not usable enough to provide effective security for most computer users, despite its attractive graphical user interface, supporting the hypothesis that user interface design for effective security remains an open problem.
A Research Agenda Acknowledging the Persistence of Passwords
TLDR
It is argued that no silver bullet will meet all requirements-not only will passwords be with us for some time, but in many instances, they're the solution that best fits the scenario of use.
The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes
TLDR
It is concluded that many academic proposals to replace text passwords for general-purpose user authentication on the web have failed to gain traction because researchers rarely consider a sufficiently wide range of real-world constraints.
Is Everything We Know about Password Stealing Wrong?
US Federal Reserve Regulation E guarantees that consumers are made whole when their bank passwords are stolen. The implications lead to several interesting conclusions. First, emptying accounts is
Secrecy, flagging, and paranoia: adoption criteria in encrypted email
TLDR
It is argued that understanding social factors is necessary to guide the design of encryption technologies that can be more widely adopted, and decisions about encryption were driven not just by technical issues such as usability, but also by social factors.
...
...