Using the Deep Secure iX to protect Crypto Custodians and Asset Exchanges
Over the past 5 years or so, the legitimatisation of the Cryptocurrency market has become ever more prominent. As the market has ‘hit the mainstream’, multiple Banks, financial institutions and crypto exchanges have increased their interest and capital in crypto.
As the market slowly matures, so does the need for better and more effective security solutions. Whilst banks and financial institutions have had multiple decades to refine their cyber security posture, the cryptocurrency market has not had that luxury. Unlike the traditional financial markets, once private keys have been compromised the attackers can drain all assets from the wallet/exchange.
Crypto Wallets, Exchanges and Custodians
A crypto wallet is a device or application which stores the public and private keys for transactions on the cryptocurrency markets. A cryptocurrency exchange is defined as a place where people can exchange cryptocurrencies to other cryptocurrencies or conventional fiat money. Finally, a crypto custodian is defined as an organisation that acts on behalf of others to store their private keys and provide security for vast sums of assets.
Hot vs cold wallets
Within the cryptocurrency world, there is a general consensus that for exchanges and custodians, a hot wallet is a must. The reason being that if the customers wallet is ‘cold’ (disconnected from the internet) then there is a transition period in which the private keys for the customer need to be sent from the cold wallet to an exchange. For a custodian or asset exchange, this multiple second delay for the transition from the cold wallet to the exchange is unacceptable, because in a fast moving industry like crypto prices can fluctuate hugely on a second-by-second basis.
For this reason a ‘hot wallet’ is essential, even though this means the custodian or exchange must communicate regularly to the internet for transaction verification. Fortunately, there are a few solutions in the market for securing the communication to the secure enclave.
The solutions
Diode
The humble data diode is a solution that was developed originally for government agencies and critical national infrastructure. A diode is a one way only data flow enforced by hardware. Whilst this is a reasonable solution, it does not address the ultimate concern, which is that to properly support a custodian or asset exchange, there must be a two way flow of information. This means using a diode is relatively pointless from a security perspective, as you would need two diodes next to each other to send the responses. At this point, there is native two way communication and any attack which involves application data (rather than the protocol) would be immune to the disruption caused by placing two diodes inbound and outbound.
Placing two diodes inbound and outbound also increases the overheard of integrating between the insecure network and the secure enclave. This is because they can no longer ‘talk’ in a native protocol such as HTTP REST or TCP, but now must communicate in a protocol that is supported by the diode.
XML/JSON Gateway
There are a number of solutions that present as an XML or JSON Gateway. These solutions are applicable in regard to crypto custodians and asset exchanges because they are often deployed in conjunction with data diode solutions. However, JSON and XML gateways do not have anything to defend themselves from attacks within the data sent to them, meaning that the software inside the appliances are susceptible to attacks (by nature) and handling the complex data means that an attacker could compromise the machine itself. The gateways will also sit on some kind of O/S which presents a further attack surface for compromise.
Threat Removal
This is where Threat Removal differentiates itself to the rest of the market. By using Deep Secure, any communication inbound or outbound goes via a custom designed and implemented Deep Secure FPGA.
The process using Threat Removal is that an initial HTTP or TCP request comes to the Deep Secure iX appliance. The low side appliance ‘breaks down’ the request into it’s core components (headers and content of the request itself). This is represented in a Deep Secure internal format and a first schema check is applied. If this schema check is successful then the internal format is verified in hardware by the Deep Secure FPGA. This ensures the data coming from the ‘untrusted’ network is not harmful and only contains the expected data in the correct format. By introducing hardware logic, the FPGA provides an independent check on the data and can be trusted because it cannot be modified by an attacker, unlike susceptible software implementations.
The ‘simple format’ is then rebuilt on the high side to a reliable, known good state to be transferred to the high side application for transaction validation.
This process is entirely transparent to the low side application, and the insecure application simply believes it has communicated directly to the server within the secure enclave.
Conclusion
In conclusion, there is no one size fits all solution in the world of crypto custodians and asset exchanges, but a using Threat Removal gives all the operational benefits of a hot wallet without the limitations that a diode or gateway gives you. Using a reliable and established solution such as Threat Removal increases customer trust in your custodian or exchange.
If you would like to learn more about the Deep Secure iX’s application for crypto custodians and asset exchanges, please contact either Deep Secure via their contact form or my personal LinkedIn profile.