Secure second factor authentication for storage wallets

Could not attend Remodel 2022? Try all of the summit periods in our on-demand library now! Look right here.

Institutional custody typically entails the administration of considerable quantities of cryptocurrency, typically owned by a number of customers. The overall worth managed is usually within the billions. Whereas cryptocurrency keys could be managed inside {hardware} safety modules (HSMs), that are extremely safe, the appliance interacting with the HSM utilizing an API secret is typically in a a lot much less safe atmosphere.

The Hidden Zero Downside

If this utility misbehaves or is compromised and its API secret is stolen, a custodian can undergo heavy losses. That is an instance of the well-known Hidden Zero Downside; Whereas most secrets and techniques could be protected in safe environments, there may be at the very least one remaining secret in a much less safe atmosphere.

Determine 1: A drawing of the Hidden Zero Downside.

The standard method storage pockets service suppliers handle this concern is to offer a second-factor authentication system. When a consumer initiates a cryptocurrency switch, the consumer is prompted to enter a pin quantity or a time-based one-time password (TOTP) generated by an authentication app put in on their telephone. Google Authenticator and Duo are broadly used authentication apps.

On this submit, I query whether or not this strategy is definitely safer and whether or not this strategy solves the Hidden Zero Downside.

2FA will not assist in unsafe environments

In actuality, second-factor authentication methods are sometimes deployed in insecure environments. That’s, they’re sometimes deployed in the identical atmosphere because the backend utility that manages the HSM API keys. If this unsafe atmosphere is breached by an attacker or insider malicious, HSM-managed cryptocurrency keys can be utilized to signal transactions, leading to heavy losses for the custody pockets supplier and its prospects.

Determine 2: Second issue authentication methods are sometimes deployed in insecure environments.

Such incidents make headlines when second-factor authentication methods are compromised. For instance, the second-factor authentication system of a well known trade was lately compromised, with over 400 customers shedding someplace between $30 million and $40 million in cryptocurrencies. The trade took the loss by itself account and compensated customers. However such incidents harm the status of companies that goal to keep up the very best safety requirements.

The issue is just not with second issue authentication; 2FA is essential. The issue is how second issue authentication methods are applied and deployed. If a second-factor authentication system is deployed in the identical insecure atmosphere as the key zero-checking backend utility, there is no such thing as a qualitative enchancment within the safety of the system as a complete.

A greater method for 2FA

What if we may do higher? What if we put the second issue authentication system within the safe HSM atmosphere as a substitute of inserting it in an unsecured atmosphere? This strategy has legs, particularly if deployed code could be “frozen”; i.e. a faux admin should not have the ability to change the second issue authentication code.

Back1 of 3