With cybercriminals looking to target the cryptocurrency market, Deep Secure Senior Solutions Architect Aaron Mulgrew looks at how best to protect crypto custodians and asset exchanges from attack.

Over the past 5 years or so, the Cryptocurrency market has ‘hit the mainstream’, with multiple Banks, financial institutions and crypto exchanges increasing their interest and capital in crypto. As the market slowly matures, so does the need for better and more effective security solutions.

Nowhere is this more apparent than in the need to protect private keys. These are highly prized. If they are compromised the attackers can drain all the assets from the wallet or exchange.

The Cryptocurrency Infrastructure


A crypto wallet is a device or application which stores the public and private keys for transactions on the cryptocurrency markets. Typically, transactions are conducted via a cryptocurrency exchange where people can trade cryptocurrencies for other cryptocurrencies or conventional fiat money (government-issued currency that is not backed by a commodity). Organisations known as crypto custodians act on behalf of others to store their private keys and provide security for the assets.

By far the biggest potential Achilles heel in this infrastructure is the wallet. From a technically purist standpoint, the safest wallet is a “cold” one, i.e. one that is disconnected from the Internet. However, the latency introduced when the private keys for a customer have to be sent from the cold wallet to the exchange will likely result in multiple second delays that are unacceptable in a fast moving industry like crypto where prices can fluctuate hugely on a second-by-second basis. For this reason a ‘hot wallet’ is essential, even though this means the custodian or exchange must communicate regularly between the secure enclave where the private keys are stored and the untrusted Internet for transaction verification.

The challenge is how best to secure this communication channel and protect the wallet(s) from cyberattack.

Data Diodes

 

 

A  data diode is a one way only data flow enforced by hardware. While it offers some measure of reassurance, it does not address the fundamental business requirement which is that to properly support a custodian or asset exchange, there must be a two way flow of information.  Indeed, using a diode is relatively pointless from a security perspective, as you would need two diodes next to each other to handle the necessary bi-directional traffic.

At this point, there is native two way communication and any attack which involves application data (rather than the protocol) would be immune to the disruption caused by placing two diodes inbound and outbound.

Deploying two diodes inbound and outbound also increases the overheard of integrating between the insecure network and the secure enclave. This is because the application(s) can no longer ‘talk’ in native protocols such as HTTP REST or TCP, but now must communicate in a protocol that is supported by the diode.

XML/JSON Gateways


XML or JSON Gateways can be combined with data diodes to secure the communication flow but here too there are important security concerns. JSON and XML gateways cannot defend themselves from attacks concealed within the data sent to them, meaning that the software inside the gateway is susceptible to attack and the attacker can potentially compromise the machine itself. Ultimately, these gateways are built on standard operating systems which presents a further attack surface for compromise.

Threat Removal for Crypto Security


Deep Secure’s
Threat Removal for Crypto Security addresses all the shortcomings of alternative solutions because any communication inbound or outbound goes via a custom designed and implemented Deep Secure FPGA.

An initial HTTP or TCP request arrives from the application at the Deep Secure iX appliance on the untrusted network. Here the request is ‘broken down’ into its core components (headers and content of the request itself). This is represented in a Deep Secure internal format and a first schema check is applied.

If this schema check is successful then the internal format is verified in hardware by the Deep Secure FPGA. This ensures the data coming from the ‘untrusted’ network is not harmful and only contains the expected data in the correct format. By introducing hardware logic, the FPGA provides an independent check on the data and can be trusted because it cannot be modified by an attacker, unlike susceptible software implementations.

The ‘simple format’ is then rebuilt to a reliable, known good state within the Deep Secure iX appliance on the secure enclave network, before being transferred to the application for transaction validation. This process is entirely transparent to the application on the untrusted network, which simply believes it has communicated directly with the server in the secure enclave.

 

Threat Removal for Crypto Security delivers all the operational benefits of a hot wallet without the limitations and limited security that a diode or gateway introduces. 

It also delivers the very highest levels of assurance that the communication channel between untrusted network and secure enclave cannot be exploited by the criminal.

Deep Secure is actively working with banks and financial institutions to help protect their cryptocurrency infrastructure from cyberattack. If you would like to know more about how we can help you, please contact us today.

 

Download 'Protecting Crypto Assets' Technical Paper.


View all posts