An increased number of financial institutions started offering investment services in the crypto asset space. The offering of such investment solutions requires institutions to build a secure crypto infrastructure. However, as with every new technology, there is a high likelihood for things to go wrong, and the industry is currently learning from hacks and inefficient procedures. The objective of this article is to provide inputs on essential controls and security aspects which need to be present in a secure crypto infrastructure.
The basis for these inputs is the CryptoCurrency Security Standard (CCSS) developed by the CryptoCurrency Certification Consortium organization (reference). This standard can be used to certify the level of security of a crypto asset infrastructure. The idea of this article is to reverse this standard to provide some recommendations to build a secure crypto infrastructure — these recommendations also benefit from our experience gained in securing crypto asset infrasctrures.
To assess the security of a crypto asset information system, the CCSS examines in detail 10 security aspects. Each aspect brings up topics related to the technology side but also the operational side. In the first part of these 3-part series of articles, we focus on cryptographic asset management aspects: seed generation, wallet creation, and key storage. Before starting to explore each of these security aspects in detail, it should be made clear that the security recommendations made in this article should be applied on top of existing IT security standards such as ISO 27001.
1. Seed generation
Two major points should be considered: the use of a suitable random number generator for seed generation and the safekeeping of the generated seed.
The recommendation for the generation of the seed is to use a deterministic random bit generator in conformity with SP 800-90A standards from NIST. Alternatively, a non-deterministic random bit generator or a true random number that conforms with industry standards might be used.
The seed should be ideally generated in the device storing it: for example, a Hardware Security Module (HSM). It is also recommended that this generation is done by an operator not involved in the business side. Moreover, the seed generation time should be the only time when it could be possible to extract the seed for back up purpose.
2. Wallet creation
An important aspect to consider when creating a new wallet is the multi-signature process. Indeed, it is essential for organizations to have a multi-signature process to spend funds from the wallet. For example, 2 people might be required to sign the transaction before it is issued on the Blockchain. This reduces the risk of fraud and operational errors considerably. Moreover, a system of redundant keys should be set. Typically, 2 out of 3 possible signatures is used.
3. Key storage
An essential topic for key storage is the necessity to have backups of the private keys.
First, it is crucial to store these backup keys in a different geographic location than the primary business location. In case, the primary business location is destroyed, the organization has still access to the crypto assets. Additionally, the backed-up keys need to be encrypted and split so that a single person has no access to it.
This completes the first part of this set of articles. In part 2, we will elaborate on 3 other aspects of cryptographic asset management: key usage, key compromise protocol, and keyholder policies and procedures.
About the contributor
Coumar is currently the lead architect on the bank side for the crypto initiative at Gazprombank (Switzerland) Ltd. Throughout his 12-year FinTech career working with and for top financial institutions, Sivacoumar Tendayoudabany designed and led the development of secure solutions architecture.