Bitcoin Meta Apps

Bitvisor; my First Bitcoin Meta App

This article will show that bitcoin is so much more than a currency, making things possible that are impossible with traditional fiat currencies. Therefore, those who say that bitcoin has no intrinsic value will be proven wrong (again.) Bitcoin, the technology as well as the currency, are two things that are inseparable; you can't have one without the other. This is because the reward to miners who verify transactions at lowest possible cost makes the Bitcoin network grow. The size of the network makes it safe which we can take advantage of by building applications on top of the Bitcoin blockchain. These applications are called "meta apps".

Unless you're into servers and computers, SSH is most likely something you never have heard of. SSL is slightly more familiar due to the recent "Heartbleed" bug. SSH means "Secure SHell" and is one of the most dominant applications for system administrators to remotely control their (Linux) servers. SSH uses SSL under the hood to setup a secure communcation channel, so that's the relation between the two pieces of software.

Anyone who has a server knows (or should know) that it constantly gets attacked by malicious strangers. Despite this fact, I, and many others, keep a door open so we can remotely access our servers via SSH (using user name and password.) Yes, there's the option of using certificates to strengthen your security further, but certificates are cumbersome to install and sometimes you don't want to install certificates on a random computer to gain access to your server.

So this got me into thinking. What if every hacking attempt had some cost associated with it? In that case these bulk attempts in trying to break into my server are going to be expensive (for them) and at the same time accrue me some money.

It is with great pleasure I can show a proof-of-concept app called Bitvisor that is a PAM (Pluggable Authentication Module) service that I've written in C++ for Linux. Any application that supports PAM (SSH is being one of them) will then be compatible with Bitvisor. For those who are PAM experts, the module is "an account module", which serves as additional security layer beyond the authentication module which usually consists of the combination of username and password.

How does Bitvisor work? The easiest way to explain it is the work flow:

  1. Send an amount of BTC to a specified Bitcoin address.
  2. Wait 60 seconds.
  3. After 60 seconds elapsed, the visor of that account opens.
  4. The visor stays open for the next 3 minutes; now you can login using your standard username and password.
  5. Repeat from step (1) if I want to login into the servers at a later time.

From this we'll draw some observations:

  1. I make sure that I am the account owner so I'm just transferring money to myself. Therefore, it won't cost me a thing.
  2. Why the 60 second wait? Well, that's the design to infer risk for an attacker to lose money. Many hacking attempts in bulk would accrue to a substantial money loss.
  3. We don't care about confirmed transactions. The attacker may try to double spend (after 60 seconds), but as seen in step (2) there's always a risk that his/her funds will be lost in this process.
  4. The attacker probably has no idea which of all transactions on the Blockchain is the one that is associated with my SSH account, so item (3) above only applies if the attacker has figured out which bitcoin account is associated with what username and server.
  5. I always carry my phone with me, and with my phone I can make the desired transaction at any time I want to login into my servers from a random computer.
  6. This solution implies changes to the server side only; current SSH clients are backward compatible, so this technology can be used today without any modifications on the client side.

Try it Yourself!

I've setup my server with a sandbox environment. You can go ahead and create a dummy account on my server for which you are granted access using the above procedure. These accounts are just dummy accounts, so you don't have to choose a strong password (although I am not storing your password in plain text; they are hashed.)
 
Username:
Password:
Confirm :
Bitcoin address (that you own):
Minimum BTC Amount:

Test SSH Login

  1. Send (at least your specified minimum) funds to your chosen address.
  2. Wait 60 seconds
  3. Open up your favorite SSH client and login at:
    ssh your-user-name@datavetaren.se -p 8443
    (Or use a free SSH online service: serFISH.com
    Note that port number is 8443 and not 22.)
  4. The accepted login window stays open for the next 3 minutes.
Any questions can be sent to my email account:
datavetaren@datavetaren.se

Conclusion

From now on I hope you look at Bitcoin in a different way. It's truly revolutionary and as Andreas Antonopoulos says "Currency is just the first app". What I've shown here is just the beginning. Nobody thought about Twitter or Facebook when Internet was born. So I'll end with my own ridiculous remix of an old Kennedy quote:
 
"Ask not what Bitcoin can do for you — ask what you can do for Bitcoin."
 
Datavetaren
 

For Developers Only

The GIT repositoiry for the Bitvisor implementation is accessible through here:
git clone git://datavetaren.se/bitvisor
You need the following packages installed:
  • apt-get install libpam0g-dev (for PAM header files)
  • apt-get install libboost-dev libboost-system-dev libboost-filesystem-dev libboost-date-time-dev (C++ Boost libraries)
  • apt-get install libssl-dev (for SSL library)
Then you should be able to compile using 'make' and 'make install' to copy the binary pam_bitvisor.so to the right location. Finally you need to make the following changes to your environment:
 
  1. In file /etc/pam.d/sshd.conf, add the line:
    account    required     pam_bitvisor.so dir=/etc/bitvisor.d/
    This will add support for querying Bitvisor after the user has been validated. If you don't know how PAM works, it could be a good idea to read the system administrator's manual:
    http://www.linux-pam.org/Linux-PAM-html/Linux-PAM_SAG.html
    Also make sure that you have enabled PAM for SSH, i.e. /etc/ssh/sshd_config should have the line 'UsePAM yes'.
     
    Then we need to setup a Bitvisor DB for the users for forwarded Bitvisor queries:
  2. Create the directory /etc/bitvisor.d/
  3. Create a file /etc/bitvisor.db with your favorite editor. Each line in this file consists of three columns:
    username : bitcoin address : minimum bitcoin amount
    For example,
    myuser:13gRyzrNoEi1AbAJ6LXZCJytg9L8YmE7Kb:0.002
    ...means that login access is granted for user 'myuser' whenever at least 0.002 BTC is sent to address 13gRyzrNoEi1AbAJ6LXZCJytg9L8YmE7Kb.