Share this page!

Christopher Allen Profile picture
Twitter logo
1 Jun 20, 49 tweets, 20 min read
#SmartCustody is an ongoing project of @BlockchainComns, a blockchain infrastructure support organization. In it we share the best practices for the use of advanced cryptographic tools in improving the care, maintenance, control, and protection of your digital assets. (1/14) Image
In the 1st edition of #SmartCustody we detail best practices & default storage scenarios, offer an exercise for you to learn how to model digital asset flows, create a risk model, do an adversarial analysis, and use these tools to modify your personal storage scenario. (2/14)
These resources, paid for by your fellow patrons in the Bitcoin and cryptocurrency digital-asset community, are available for free in the PDF bit.ly/SmartCustodyBo… and at cost in a print-on-demand book bit.ly/SmartCustodyBo… (3/14)
In the year since the release of our #SmartCustody digital-asset checklists, resources, and risk modeling there have been many changes to our ecosystem. For example, last year's edition could only safely recommend single-signature cold storage approaches for self-custody. (4/14)
However, a number of wallets' architectures have since become more mature. So we now feel that multi-sig solutions are feasible for use by regular people. (5/14)
As @BlockchainComns begins work on a major new release of a 2nd edition #SmartCustody, I thought I’d share with you personally some of my own thoughts on how I think about digital asset security, risk modeling, and adversarial analysis. (6/14)
The first thing I'd like to share is particularly unique to how I approach the risk-modelling of digital assets: Adversarial Analaysis. I believe you may find it useful, so I'll be sharing my thoughts about these Adversaries throughout the month of June. (7/14)
Classic risk-modeling techniques can be overwhelming, so the #SmartCustody book offers a different approach that helps users to protect their digital assets by figuring out what endangers them. I do this using a unique method: exposing ADVERSARIES. (8/14)
Classic risk-modeling indentifies vulnerabilities and turns those vulnerabilities into risks based on likelihoods and consequences. You'll still find all of that in #SmartCustody. It's only after we've identified these initial risks that we bring in our adversaries. (9/14)
So what's an adversary? It's an anthropomorphized problem. Each one can encompass many different risks and have many different solutions. Losing your funds due to incapacitation is a potential risk, but DEATH, that's an adversary. (10/14)
Why adversaries? Because they flip the script. We go from discussing somewhat vague and abstract vulnerabilities to considering something more concrete. In the abstract, we might fall prey to our own biases; when things are made concrete, we hew closer to reality. (11/14)
We can look at the motives of Death or Institutional Theft or Blackmail. We can consider what they want, even in situations when they're not thinking beings. By better considering motives, we can better understand if an adversary is actually a threat to *US*. (12/14)
Risk modeling is all about making informed decisions rather than emotional ones. I believe that adversaries help us to do so. I'll be talking more about them in coming days, as I highlight the 27 adversaries in #SmartCustody. (13/14)
What do you think of adversaries? Are they useful for modeling risks? Let us know! And please consider supporting the #SmartCustodywork that this topic is drawn from. We're need support for our 2nd edition, with multi-sigs and other expansions: …tcustody.btcpay.blockchaincommons.com (14/14)
Adversary category "Loss by Actions of God" https://t.co/gxkcQmoNVd
Our first adversary in the category “Loss by Actions of God” — Death/Incapacitation:
https://t.co/uyidASDMsm
The second #SmartCustody adversary in the category of “Loss by Actions of God” — Denial of Access: https://t.co/l1mAZsJIc2
Our third #SmartCustody adversary, our last in the category of “Loss by Actions of God" — Disaster: https://t.co/Q58DjE9kG2
Our second major #SmartCustody adversary category is “Loss by Computer Error”: https://t.co/Rhf9nn5wsW
Our first #SmartCustody adversary in the category "Loss by Computer Error" is Bitrot:
Our second and last #SmartCustody adversary in the category “Loss by Computer Error" is Systemic Key Compromise: https://t.co/QMPsikuTMT
Our next category of adversaries are “Loss by Crime, Theft”: https://t.co/wWDNj2piS1
Our first #SmartCustody adversary in the category of “Loss by Crime, Theft" is INSTITUTIONAL THEFT: https://t.co/t2ZbIqbdQC
Our next #SmartCustody adversary in the category of “Loss by Crime, Theft" is INTERNAL THEMFT: https://t.co/xY8xFXfC83
The PERSONAL NETWORK ATTACK is our next adversary in the “Loss by Crime, Theft” category:
https://t.co/o8JINmjiqk
The SYSTEMIC NETWORK ATTACK is our next adversary in the "Loss by Crime, Theft" category:
CASUAL PHYSICAL THEFT is the next #SmartCustody adversary in the category of "Loss by Crime, Theft":
Our next #SmartCustody adversary in the category "Loss by Crime, Theft" is SOPHISTICATED PHYSICAL THEFT:
Today's #SmartCustody adversary in the category "Loss by Crime, Theft" is SOCIAL ENGINEERING
Our last #SmartCustody adversary in the category "Loss by Crime, Theft" is SUPPLY-CHAIN THEFT:
Our next category of #SmartCustody adversaries is "Loss by Crime, Other":
Our first #SmartCustody adversary in the category of "Loss by Crime, Other" is BLACKMAIL:
The next #SmartCustody adversary in the category of "Loss by Crime, Other" is COERCION:
Another #SmartCustody adversary in the category of "Loss by Crime, Other" is the NON-FINANCIALLY MOTIVATED ATTACKER:
Our last #SmartCustody adversary in the category of "Loss by Crime, Other" is TERRORISM / MOB:
Our next category of #SmartCustody adversaries is "Loss by Government":
The first #SmartCustody adversary in category “Loss by Government" is LEGAL FORFEITURE: https://t.co/sP6vJeZnTA
Our last #SmartCustody adversary in the category "Loss by Government" is NATION-STATE ACTOR:
Our next category of #SmartCustody adversaries is “Loss by Mistakes”: https://t.co/Vqa4bH7fMN
Our first #SmartCustody adversary in the category of "Loss by Mistakes" is CONVENIENCE: https://t.co/uNaoB6JWxU
Our next #SmartCustody adversary in the category of “Loss by Mistakes” is KEY FRAGILITY: https://t.co/GMOH9v0tKx
Our next #SmartCustody adversary in the category of "Loss by Mistakes" is PROCESS FATIGUE: https://t.co/oQZiP4052l
Another #SmartCustody adversary in the category of "Loss by Mistakes" is TRANSACTION ERROR: https://t.co/ckp4jjRE4x
Our last #SmartCustody adversary in the category of “Loss by Mistakes" is USER ERROR: https://t.co/qcfbWLSDuN
Our last category of #SmartCustody adversaries (and our last week of this series) is Privacy-Related Problems: https://t.co/91u2b40OZ9
Our first #SmartCustody adversary in the category of “Privacy-Related Problems" is CORRELATION: https://t.co/V1nbmo6DKB
Our next #SmartCustody adversary in the category of “Privacy-Related Problems" is CENSORSHIP: https://t.co/PTj0hellul
Our last #SmartCustody adversary in the cateogy for “Privacy-Related Problems" is LOSS OF FUNGIBILITY: https://t.co/3vcoi1RwmY
We conclude this series of tweet storms to ask for your help in making V2 of #SmartCustody possible, and to help in our broader mission to support open blockchain infrastructure, internet security, the open web, digital civil liberties, and more. https://t.co/pw38HVNb9B

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Christopher Allen

Christopher Allen Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @ChristopherA

Christopher Allen Profile picture
27 Jan
Bitcoin has quadrupled in value in the last year, which makes #SmartCustody more important than ever. Your holdings might now be worth more than you think. How secure are your digital assets? [1/10]
You could choose to store your keys in hot wallets, which are directly connected to the internet, or in cold storage, which takes them offline. Each has its own advantages and limitations. [2/10]
The #SmartCustody process teaches you how to use cold storage safely and securely, so that you can protect your digital funds yourself. Though emerging tools are changing the landscape, this process remains today the best way to manage self-custody. [3/10] github.com/BlockchainComm…
Read 10 tweets
Christopher Allen Profile picture
21 Sep 20
Twenty years ago today I launched Castle Marrach to the public, my first multiplayer online game design. Unique in offering a #Bartle “socializer-dominant” interactive fiction experience, and a hybrid text & web interactive environment, it was novel for its time. [1/15] ImageImageImageImage
I had founded Skotos in 1999 with a goal of creating "multiplayer interactive fiction on the Internet". We wanted to make games that were more social, more dynamic, more interactive, more “real”, and in particular more story-focused than anything that had been seen before. [2/15]
I also become interested in experimenting with cross-media, and produced two comic books based on our games, Castle Marrach: Awakenings awakenings.marrach.com and Lovecraft Country: Return to Arkham lovecraftcountry.com. [3/15] ImageImage
Read 15 tweets
Christopher Allen Profile picture
6 Jul 20
#SmartCustody Adversary — Convenience

Our first adversay in category “Loss by Mistakes" is CONVENIENCE. It sounds, well, convenient, doesn't it? But it is a real adversary because focusing on it instead of safety or security can cause you to lose your digital assets. (1/8)
CONVENIENCE is an error that arises from your decision to ignore your normal security procedures. Yet that decision might be for entirely good and pragmatic reasons. (2/8)
If you're on the road, cold storage might not be accessible, or it might be vulnerable to theft. If you're frequently trading, you might need access to your cryptocurrency in a easy and quick manner. CONVENIENCE is important, but can be also dangerous. (3/8)
Read 8 tweets
Christopher Allen Profile picture
5 Jun 20
#SmartCustody Adversary — Disaster

DISASTER! Its motivation? "I want to destroy. I want to crumble and burn. I want to ruin with water, to blow things into the air. I am bombs, bullets, and explosions. I am sudden and unexpected but disastrous destruction." (1/9)
This is the third adversary in my #SmartCustody book about protecting your cryptocurrency and other digital assets. And the motivations certainly explain the ways that you could lose your private keys. A house fire, a flood, a tornado, a war. (2/9)
When researching for my book, I heard the story of someone who religiously printed his keys to paper wallets. Every quarter he'd reprint so the ink didn't fade (and would then shred the previous one). Unfortunately, he kept those keys in the basement. Which flooded. (3/9)
Read 9 tweets
Christopher Allen Profile picture
21 May 20
Last night @BlockchainComns tagged our first release of bc-seedtool-cli, a Mac & Linux command line tool for for some emerging standards for cryptographic seeds. github.com/BlockchainComm…
We believe this to be a stable and useful release. However, we have not done any formal security auditing — this release is intended for additional review by third-parties before requesting formal auditing.
Seedtool itself is is written in C++, but it uses a number of pure C libraries that we also have tagged as release 0.1. In particular, the bc-shamir, bc-slip39, and bc-bech32 libraries have functionality of broader interest to blockchain community for securing digital assets.
Read 11 tweets
Christopher Allen Profile picture
14 Apr 20
New collaborative white paper from #RebootingWebOfTrust on the topic “Five Mental Models of Identity”. Team led by @JoeAndrieu w/ Nathan George, @IDIMAndrew, @cmacintosh & Antoine Rondelet github.com/WebOfTrustInfo…
…”consider multiple mental models for better communication and better identity systems. Whatever your own goals, we believe you are more likely to achieve them if you can communicate clearly in terms others understand and can incorporate the needs of others into your own work.”
…”The question we are seeking to answer in this paper is the following: ‘When we are evaluating the evidence, what are we trying to determine?’. Each mental model approaches this differently.”
Read 11 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @ChristopherA has new unrolls!

Check out other threads from @ChristopherA!

Read all threads by @ChristopherA