ch10 additions

ch10.asciidoc

@@ -1,11 +1,25 @@
 [[ch10]]
 == Bitcoin Security
 
-Bitcoin allows anyone to be their own bank. If that sounds to you like a scenario for chaos, you're probably right. Even  banks are barely able to keep accounts secure. 
 Securing bitcoin is challenging because bitcoin is not an abstract reference to value, like a balance in a bank account. Bitcoin is very much like digital cash or gold. You've probably heard the expression "Possession is nine tenths of the law". Well, in bitcoin, possession is ten tenths of the law. Possession of the keys to unlock the bitcoin, is entirely equivalent to possession of a chunk of precious metal. You can lose it, misplace it, have it stolen or accidentally send the wrong amount to someone. In every one of those cases, the end-user would have as much recourse as if they dropped cash on the sidewalk. 
 
 However, bitcoin has capabilities that cash, gold and bank accounts do not. A bitcoin wallet, containing your keys, can be backed up like any file. It can be stored in multiple copies, even printed on paper for hard-copy backup. You can't "backup" cash, gold or bank accounts. Bitcoin is different enough from anything that has come before that we need to think about bitcoin security in a novel way too. 
 
+=== Security principles
+
+The core principle in bitcoin is de-centralization and it has important implications for security. A centralized model, such as a traditional bank or payment network, depends on access control and vetting to keep bad actors out of the system. By comparison, a de-centralized system like bitcoin pushes the responsibility and control to the end-users. Since security of the network is based on Proof-of-Work, not access control, the network can be open and no encryption is required for bitcoin traffic. 
+
+On a traditional payment network, such a credit card system, the "payment" is really open-ended because it contains the user's private identifier (the credit card number). Thus, the payment network has to be secured end-to-end with encryption and must ensure that no eavesdroppers or intermediaries can compromise the payment traffic, in transit or when it is stored (at rest). If a bad actor gains access to the system, they can compromise current transactions _and_ payment tokens that can be used to create new transactions. Worse, access to the user identifiers can facilitate identity theft. When customer data is compromised, the customers are exposed to identity theft and must take action to prevent fraudulent use of the compromised accounts.
+
+Bitcoin is dramatically different. A bitcoin transaction authorizes only a specific value to a specific recipient and cannot be forged or modified. It does not reveal any private information, such as the identities of the parties and cannot be used to authorize additional payments. Therefore, a bitcoin payment network does not need to be encrypted or protected from eavesdropping. In fact, you can broadcast bitcoin transactions over an open public channel, such as unsecured Wifi or Bluetooth, with no loss of security.
+
+Bitcoin's de-centralized security model puts a lot of power in the hands of the end-users. With that power comes responsibility for maintaining the secrecy of the keys. For most users that is not easy to do, especially on general purpose computing devices, such as Internet-connected smartphones or laptops. Whereas bitcoin's de-centralized model prevents the type of mass compromise seen with credit cards, many end-users are not able to adequately secure their keys and get hacked one by one. 
+
+
+
+
+{For those who do not understand, or fully appreciate, the benefits of de-centralization, there is a temptation to emulate traditional payment }
+
 === Physical vs. Digital Security
 
 Humans have used physical security controls for thousands of years. By comparison, our experience with digital security is less than fifty years old.