While encrypting stored data is one of the most effective ways to thwart such attacks, in our experience it is hard to do it right – securely, efficiently and effectively.
If you look at the industry, thieves are not brute forcing private keys, but are instead relying on indirect attacks:
Exposing your private key: you rely on an insecure keystore that the attacker is able to access (e.g., compromised laptop)
Impersonating a recipient: you approve a payment whose destination account belongs to the attacker (e.g., clipboard attack)
Corrupting a transaction before it is signed: you approve a payment which does not correspond to what the application displays (e.g., wallet software attack)
Stealing credentials to a storage service: you leak your password to the storage service securing your funds (e.g., phishing, keylogging)
Exploiting weaknesses of a third-party storage platform: your custodian is compromised and risks its client’s funds independent of any your actions (e.g., identity management failure, accounting mismatch, key leakage)
The real issue at hand is the need for strong protection strategies around protecting digital assets to prevent exposure to theft end-to-end. While most investors choose to buy, store and transfer their currency with a service like Coinbase or a ‘secure’ wallet platform, these services largely suffer from similar problems - even when they move beyond software-only security to Hardware Security Modules (HSMs) to provide trusted storage and execution for wallet security applications.
Why? Hardware security strategies are inadequate on their own to secure cryptocurrency holdings because they are raw technology that must be implemented correctly in context of an overall and enterprise/cloud/mobile security application design. We are simply not seeing this being done by the exchanges nor the secure holding storage companies.
In today’s environment, one has to factor where critical information is not only stored, but also where it flows and the third parties who have resultant exposure. HSM’s are only one piece of a complex countermeasure strategy that has to weigh a number of factors - including not just the holdings themselves, but holistically, how user and third-party application and authentication services will be interacting ultimately with these holdings.
You need a platform that considers these issues end-to-end – its design must realize the hard work of a formal counter-measure assessment looking at attack vectors, dependencies, user and third party interactions.
We’ve done this hard work and taken our proven Black Lantern technology to the next level as a partnership between Guardtime and Metaco and created SILO; a cryptocurrency custody platform designed specifically for banks and other financial institutions wanting to participate securely in cryptocurrency holding, trading, and transfer operations. https://metaco.com
SILO is a ‘security-by-design’ platform. SILO builds on Black Lantern’s NIAP accreditation as an Anti-Tamper enabled appliance to provide an end-to-end, multi-account wallet management system with secure transaction processing and policy enforcement. Over and above a traditional HSM, SILO offers the following:
- Secure execution environment that only executes pre-authorized, signed and authenticated applications. There is no way for a malicious user to load or execute any arbitrary software. The cryptographic primitives and key management APIs are only exposed internally to the signed and authenticated application. This prevents API level attacks to gain insight into cryptocurrency secrets.
- True application separation. Each application's memory and execution is segregated from all others. This means that even if an application connected to an outward facing interface was compromised, the attacker would not be able to access other internal applications. Like an onion, there are many layers, each one more difficult and painful to penetrate.
- Memory protection at the hardware and OS levels. Executable memory is protected, and applications cannot access or overwrite into each other's memory. This stops buffer overflow and code injection attacks. Executable memory is subject to real-time, constant monitoring: if executable memory is modified or corrupted for any reason, it is detected in real time and appropriate actions are taken.
- NIAP Certified Platform layer. It provides services to applications in a secure, robust and reliable way. Services include management, secure configuration, cryptography functions, key management functions, etc. This provides applications a secure and easy to use method to perform these kinds of management tasks and trust that they have been certified secure.
- Separation of vendor and customer keys/information to prevent third party disclosure. Customer keys, secrets and data are generated completely at the customer site with a hardware true random number generator, and protected by keys specific to that appliance that are never available outside of the appliance. This removes any dependencies or ability for customer data to be compromised by the vendor.
- Hierarchical deterministic derivation for wallet keys. After initial backup, the master key, in combination with user keys, may be used to recover all wallets. This removes any risk of hardware failure preventing access to some of the wallets.
- Fully integrated identity, wallet and order management systems maintained by the secure execution environment. Every critical operation is processed with end-to-end security assuming the worst-case scenario and possible attack vectors. Man-in-the-middle and insider attacks always under control.
- Unified, multi-level security model for hot and cold wallets to facilitate transfers between highly available wallets and highly secure wallets, and minimize the risk associated to automatized and connected reserves. Every wallet has its own purpose, its specific access policies favoring segregation of responsibilities, a strict set of loss limitation policies mitigating black swan events, and flexible multi-signature settings to remove single points of trust,
SILO Hard- and Software
SILO software is digitally signed and encrypted at rest with NIST certified encryption algorithms. The hardware is incapable of executing unsigned code - it will not boot if the software and hardware runtime environment is not authentic.
SILO uses advanced ASICs with customized tamper protection features and escalation reaction monitors for added security given a variety of physical attack vectors.
The hardware is also resistant to cryptanalysis attacks, such as statistical power analysis on invasive attacks. All of the executable software is monitored during run-time; it’s monitored by both, software and hardware. This mitigates threats relating to the use of “mod chips” for the purposes of altering data streams in and out of the Security Appliance. End-to-End protection and resilience is afforded to guarantee delivery of your services.
In addition to the active monitoring of executable code during run-time, the architecture prohibits the introduction of executable code after the software has been authenticated, decrypted and executed. All executable code is read-only, through custom processor enforcement with hardware-based tamper reactions.
Latency for Incident Response becomes sub millisecond due to hardware adaptation and acceleration of your application code.
- SILO cannot be manipulated to attack other systems in your network infrastructure.
- PPC based real-time operating environment
- Secondary x86 based operating environment,monitored by real-time integrity hooks over the PCIe bus
- Hardware encryption SoC
- Real-time, high-precision networking with multiple 10G fiber and 1G interfaces
Multi-currency (incl. bitcoin, litecoin, ethereum and altcoins) and multi-wallet
Per wallet security policies (multi-signature, velocity limits, whitelisting)
Cold and hot settings
High-availability of the platform
Identity management service
HTTP API for integration
- Pre-integration with core banking platforms (Avaloq, Temenos)
SILO Protects Assets Against:
- Advanced Persistent Threats (APT-s)
- Privileged Unlawful Access (Insider Threat)
- Distributed Denial of Service (DDOS)
- Side Channel Attacks
- Introduction of Executable Code
- Boot Code, Service and Operating System Modification
- Physical Access to Hardware
- Low-Level Reverse Engineering
- Cryptanalysis Attacks
- Zero-day Exploits
SILO is Resilient
SILO defends itself from denial of service attack by policing traffic at the data-link layer (OSI layer 2). The SILO’s layer 2 is content-aware - meaning it can identify specific traffic and de-prioritize everything else. This ensures that SILO can recover its performance while it is the target of a Denial of Service attack.
- It is also possible to throttle traffic from a single client node in the event that single device attempts to flood the SILO with requests. Since SILO’s network stack is content-aware at the hardware level, we can rapidly identify and report any traffic that might indicate the presence of a rogue device in an infrastructure. This means that services run by SILO will remain uninterrupted under the harshest of conditions.