Author: Alex Kotenko 2014-03-20 18:50:02
Published on: 2014-03-20T18:50:02+00:00
The conversation is about implementing security measures for face-to-face transactions using Bluetooth. The concern is over radio MITM attacks and the lack of well-developed SSL over Bluetooth. One suggestion is to use PKI inside the PoS for the merchant to provide a signed payment request with a human recognizable merchant identity name. However, it is noted that this only provides authenticity and confidentiality, not encryption, which is also necessary for security. To solve this problem, the idea is proposed to add an encryption/auth layer on top of RFCOMM sockets, which requires proof of owning the Bitcoin key in the address part of the URI.The authentication could be done through signing of the session public key with the Bitcoin key or by rolling a custom lightweight protocol that involves basic ECDH, but it would require review by people familiar with such things. The community is invited to volunteer and help develop these security measures.
Updated on: 2023-06-08T00:58:10.642459+00:00