Advertisement

The Other Side of the Coin: User Experiences with Bitcoin Security and Privacy

  • Katharina KrombholzEmail author
  • Aljosha Judmayer
  • Matthias Gusenbauer
  • Edgar Weippl
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9603)

Abstract

We present the first large-scale survey to investigate how users experience the Bitcoin ecosystem in terms of security, privacy and anonymity. We surveyed 990 Bitcoin users to determine Bitcoin management strategies and identified how users deploy security measures to protect their keys and bitcoins. We found that about 46% of our participants use web-hosted solutions to manage at least some of their bitcoins, and about half of them use exclusively such solutions. We also found that many users do not use all security capabilities of their selected Bitcoin management tool and have significant misconceptions on how to remain anonymous and protect their privacy in the Bitcoin network. Also, 22% of our participants have already lost money due to security breaches or self-induced errors. To get a deeper understanding, we conducted qualitative interviews to explain some of the observed phenomena.

Keywords

Online Survey Qualitative Interview Security Breach Risk Scenario MITM Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Notes

Acknowledgements

This research was funded by COMET K1, FFG – Austrian Research Promotion Agency and by FFG Bridge Early Stage 846573 A2Bit. We would also like to thank Martin Mulazzani, Artemios G. Voyiatzis and Matthew Smith for their useful comments and feedback. Furthermore, we would like to thank Elizabeth Stobert for her valuable feedback and for her help in recruiting participants.

Supplementary material

References

  1. 1.
    Biryukov, A., Khovratovich, D., Pustogarov, I.: Deanonymisation of clients in Bitcoin P2P network. CoRR, abs/1405.7418 (2014)Google Scholar
  2. 2.
    Baur, A.W., Bühler, J., Bick, M., Bonorden, C.S.: Cryptocurrencies as a disruption? Empirical findings on user adoption and future potential of bitcoin and co. In: Janssen, M., Mäntymäki, M., Hidders, J., Klievink, B., Lamersdorf, W., Loenen, B., Zuiderwijk, A. (eds.) I3E 2015. LNCS, vol. 9373, pp. 63–80. Springer, Cham (2015). doi: 10.1007/978-3-319-25013-7_6 CrossRefGoogle Scholar
  3. 3.
    Biryukov, A., Pustogarov, I.: Bitcoin over Tor isn’t a good idea. arXiv preprint arXiv:1410.6079 (2014)
  4. 4.
    Bitcoin Community: Bitcoin developer guide, October 2014. Accessed 14 Oct 2014Google Scholar
  5. 5.
    Bitcoin Community: Bitcoin protocol specification, October 2014. Accessed 14 Oct 2014Google Scholar
  6. 6.
    Blockchain.info: Bitcoin currency statistics, April 2014. Accessed 05 Apr 2014Google Scholar
  7. 7.
    Bonneau, J., Miller, A., Clark, J., Narayanan, A., Kroll, J.A., Felten, E.W.: SoK: research perspectives and challenges for Bitcoin and cryptocurrencies (2015)Google Scholar
  8. 8.
    Eskandari, S., Barrera, D., Stobert, E., Clark, J.: A first look at the usability of Bitcoin key management. In: Workshop on Usable Security (USEC) (2015)Google Scholar
  9. 9.
    Reid, F., Harrigan, M.: An analysis of anonymity in the Bitcoin system. In: 2011 IEEE International Conference on Privacy, Security, Risk, and Trust, and IEEE International Conference on Social Computing (2011)Google Scholar
  10. 10.
    Garay, J., Kiayias, A., Leonardos, N.: The Bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46803-6_10 Google Scholar
  11. 11.
    Garfinkel, S.L., Margrave, D., Schiller, J.I., Nordlander, E., Miller, R.C.: How to make secure email easier to use. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 701–710. ACM (2005)Google Scholar
  12. 12.
    Garfinkel, S.L., Miller, R.C.: Johnny 2: a user test of key continuity management with S/MIME and outlook express. In: Proceedings of the 2005 Symposium on Usable Privacy and Security, pp. 13–24. ACM (2005)Google Scholar
  13. 13.
    Gaw, S., Felten, E.W., Fernandez-Kelly, P.: Secrecy, flagging, and paranoia: adoption criteria in encrypted email. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 591–600. ACM (2006)Google Scholar
  14. 14.
    Gervais, A., Ritzdorf, H., Karame, G.O., Capkun, S.: Tampering with the delivery of blocks and transactions in Bitcoin. Technical report, Cryptology ePrint Archive, Report 2015/578 (2015). http://eprint.iacr.org
  15. 15.
    Goldfeder, S., Gennaro, R., Kalodner, H., Bonneau, J., Kroll, J., Felten, E.W., Narayanan, A.: Securing Bitcoin wallets via a new DSA/ECDSA threshold signature scheme. Accessed 09 June 2015Google Scholar
  16. 16.
    Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on Bitcoin’s peer-to-peer network. In: 24th USENIX Security Symposium (USENIX Security 15), Washington, D.C., pp. 129–144. USENIX Association, August 2015Google Scholar
  17. 17.
    Okupski, K.: Bitcoin protocol specification, October 2014. Accessed 14 Oct 2014Google Scholar
  18. 18.
    Lazar, J., Feng, J.H., Hochheiser, H.: Research Methods in Human-Computer Interaction. Wiley, Hoboken (2010)Google Scholar
  19. 19.
    Moore, T., Christin, N.: Beware the middleman: empirical analysis of Bitcoin-exchange risk. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 25–33. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-39884-1_3 CrossRefGoogle Scholar
  20. 20.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system, December 2008Google Scholar
  21. 21.
    NIST: FIPS 180–4: Secure Hash Standard (SHS), March 2012Google Scholar
  22. 22.
    Sheng, S., Broderick, L., Koranda, C.A., Hyland, J.J.: Why Johnny still can’t encrypt: evaluating the usability of email encryption software. In: Symposium on Usable Privacy and Security (2006)Google Scholar
  23. 23.
    Wharton, C., Rieman, J., Lewis, C., Polson, P.: The cognitive walkthrough method: a practitioner’s guide. In: Usability Inspection Methods, pp. 105–140. Wiley (1994)Google Scholar
  24. 24.
    Whitten, A., Tygar, J.D.: Why Johnny can’t encrypt: a usability evaluation of PGP 5.0. In: Usenix Security, vol. 1999 (1999)Google Scholar

Copyright information

© International Financial Cryptography Association 2017

Authors and Affiliations

  • Katharina Krombholz
    • 1
    Email author
  • Aljosha Judmayer
    • 1
  • Matthias Gusenbauer
    • 1
  • Edgar Weippl
    • 1
  1. 1.SBA ResearchViennaAustria

Personalised recommendations