Sanghwan Ahn (h2spice)
LINE / Security Strategy Team
BITBOX is a trusted platform where users can exchange cryptocurrencies.
It is necessary to make this platform secure since attackers have been targeting cryptocurrency exchanges to steal funds residing in user wallets. Many cryptocurrency exchanges have already been attacked in the past.
We have studied cryptocurrency exchange hacks in order to make BITBOX user assets safe against cyber attacks using two security strategies: one is layered security and the other one is defense in depth.
Layered security is the combination of a series of security counter-measures, each layer protects against a different attack vector. This way, each counter-measure can cover gaps of the others.
Defense in depth, on the other hand, assumes a broader range of scenarios which can not all be covered using technological means or new security threats that are not traditionally recognized such as disaster recovery, malicious insider threat, sophisticated(or zero-day) attack, etc.
In this talk, he will share LINE's security strategies and a cryptocurrency exchange security architecture focused on protecting user assets even when the adversary gain full control of the system.
How AI, OpenAI, and ChatGPT impact business and software.
BITBOX: How to Secure Cryptocurrency Exchange
1. BITBOX: HOW TO SECURE A
CRYPTOCURRENCY EXCHANGE
SANGHWAN AHN(H2SPICE), SECURITY STRATEGY TEAM
2. ● Senior Security Engineer
Security Strategy Team, LINE Corporation
● Mentor
Best of the Best, Korea Information Technology Research Institute
● Speaker
SECUINSIDE, KIMCHICON, LINE and Intertrust Security Summit,
PacSec, CODEBLUE, HITCON
● Application Security, Trusted Computing
AHN SANGHWAN (H2SPICE)
3.
4. CRYPTOCURRENCY EXCHANGE HACKS
Coinrail: $37,000,000 (in various tokens), 2018.06
BitGrail: $195,000,000 (17,000,000 NANO), 2018.02
CoinSecure: $3,300,000 (438 BTC), 2018.04
Coincheck: $534,800,000 (523,000,000 NEM), 2018.01
Zaif: $60,000,000 (5,966 BTC), 2018.09
Bithumb: $32,000,000 (in various tokens), 2018.06
Bitstamp: $5,000,000 (18,000BTC), 2018.06
15. BITBOX SECURITY DESIGN PRINCIPLES
● No such thing as perfect security
● The adversary is already inside
● User assets must be protected under any circumstance.
● Trust no one, make no one knows secret key and prove that.
(Also, all critical operation such as ‘key ceremony’ should be done with supervision)
● Least privilege, role separation
16. Contents Delivery Network(CDN)
DDos Protection
Firewall , IDS
Internal firewall, IDS
B.B network, segmented
BITBOX NETWORK ARCHITECTURE
Office network
Client
SIEM
Network
Access
Control
Server
Access
Control
Client Client Client…
ACL
Server
Server
Host IDS
Monitor
Host IDS
Monitor
ACL
Server
Server
Host IDS
Monitor
Host IDS
Monitor
17. BITBOX SERVICE ARCHITECTURE
External networkB.B Network, Segmented
Third-party
cosigner
BlockChain
Network
offline
Internal Network
Security Room
High Security Room
half-signed tx
signed tx
signed tx
upload
half-signed tx
half-signed tx
(sdcard)
Exchange Core
Key Management Service(KMS)
Hardware Security Module(HSM)
B.B
Service
APIs
Trade MemberWallet
APIs
*Accessible only wallet engine in the whitelist, No internet access allowed
Wallet Core
APIs
unsigned tx
half-signed tx
sign
KYC Service
KYT Service
Sanction
list DB
Black
wallet DB
Hot/warm wallet operation flow
Cold wallet operation flow
18. WALLET SECURITY
Cold, Warm, Hot wallet
Personal wallet address
Warm wallet
(online with whitelist)
Deposit
Cold wallet
(offline)
Hot wallet
(online)
External wallets
Withdrawal
● User’s funds will be deposited in
warm wallet
● Funds transfer is restricted to
only cold or hot wallet which are
registered in the whitelist
● Withdrawal is only available from
hot wallet
● Funds transfer is restricted to
only warm wallet
● The vast majority of funds will be
stored
19. WALLET SECURITY
Approval system
Personal wallet address
Warm wallet
(online with whitelist)
Deposit
Cold wallet
(offline)
Hot wallet
(online)
External wallets
Withdrawal
Admin{1..n}
Approval Approval
Approval
Admin{1..n}
Admin{1..n}
20. WALLET SECURITY
Multi-signature wallet
Third-party
Cosigner
BITBOX Key Cosigner KeyBackupKey
encrypted
2-of-3 MultiSig Wallet
(requiring at least two keys to authorize a transaction)
Admin1
ShardKey1
*double encrypted
Admin2
ShardKey2
*double encrypted
ShardKeyn
*double encrypted
Adminn
* ’double encrypted' means that it is encrypted with the passphrase of the key owner, and again
encrypted with a white-box cryptographic key that generated with proper procedure, no body knows.
21. RISK MANAGEMENT SYSTEM
Transfer Monitoring : deposit, withdrawal
Personal wallet address
Warm wallet
(online with whitelist)
Deposit
Cold wallet
(offline)
Hot wallet
(online)
External wallets
Withdrawal
Monitoring Monitoring
Monitoring
Monitoring
22. RISK MANAGEMENT SYSTEM
AML(Anti Money Laundering)
Personal wallet address
Warm wallet
Deposit
Hot wallet
External wallets
Withdrawal
Monitoring
CriminalBlackMarket
Minor
unknown
unknown
unknown
Malicious Minor
unknown unknown
24.
Exchange Core
● Multiple transactions in a short term
● Multiple transactions have unequal variances
● Market that have a great deal more
transactions than usual
● Any transaction in which the amount or
frequency appears unusual
● Frequent exchanges into other
cryptocurrencies
● A large number of transactions across a
number of different regions
User A
User B
RISK MANAGEMENT SYSTEM
Exchange Monitoring : sell, buy
Transaction History
Previous orders
…
Matched order
…
Orderbook
Matching
Executor
Buy order by
UserB
Sell order by
UserA
25. TO SUM UP
● Security is embedded in every part of the BITBOX architecture
● Attackers cannot obtain raw wallet keys even if they have control over application/API servers.
● All transactions, trades are being monitored by risk management system
● We have multiple measures in place to protect users assets
● Wallet protection measures
● Risk management system
● Disaster recovery measures
● Wallet freeze
● Asset insurance