Security & Wallets - Part 2.c : Account Management & Security Assessments
Kei Brousmiche
Welcome to the third and final installment of our series on blockchain wallet security for businesses. Having previously explored the foundational key management architecture and its supplementary security layers and authentication methods, we now turn our attention to account management, recovery, and comprehensive security assessments. These elements play a crucial role in ensuring a holistic and robust security framework for blockchain wallets.
Account Management Safeguards
In blockchain wallet security, beyond safeguarding transaction-signing secrets, account management protections are crucial. Many of these safeguards, originally designed for institutional setups, have been adapted for the wider audience. As blockchain evolves, these advanced methods are now more accessible to the public.
Payment Limits: Enhancing Financial Security
Payment limits, similar to credit card caps, set a maximum transaction amount over a defined period, like daily or monthly. This curtails potential losses if unauthorized access occurs.
There are two main ways to implement these limits:
1. Off-chain: Managed by the wallet provider's infrastructure, it checks the set limits before transaction approval. While straightforward, it's dependent on the provider's system.
2. On-chain with Account Abstraction*: The wallet, represented as a blockchain smart contract, enforces limits directly. This method offers greater security as rules are immutable on the blockchain.
For transactions exceeding set limits, users might undergo enhanced authentication, adding another security layer. Payment limits, whether off-chain or on-chain, bolster financial security in mass-market wallet solutions.
*While Account Abstraction is frequently perceived as a standalone solution for wallets, it's essential to understand that AA inherently requires a key management service to handle the associated private key. For a deeper dive into this topic, check out our article on MPC and AA.
Receiver Whitelists: Secure Transaction Destinations
Whitelisting in wallets restricts transactions solely to pre-approved addresses. Before adding an address to this list, users must undergo stringent authentication. This approach not only enhances security by limiting potential transfers to malicious addresses but also empowers users by granting them clear control over their transaction destinations. This whitelisting mechanism can be implemented either on-chain or off-chain, depending on the wallet's architecture and design.
Destination Analysis for Trust
To enhance transaction trust, some wallet services use AI and analytics to assess the behavior of destination addresses on-chain. By examining transaction histories and patterns, these systems assign a trust score to each address, that could be a wallet or a smart contract. This proactive measure informs users about potential risks, helping them make safer transaction decisions with unfamiliar addresses.
Time Windows for Wallet Access
Implementing time windows is a strategic approach to enhance wallet security. By restricting wallet usage to specific time frames, potential unauthorized access is confined to limited periods. This means that even if malicious actors attempt to breach the wallet, their window of opportunity is significantly narrowed.
Disaster Recovery
In the unpredictable world of digital assets, preparing for the unexpected is not just wise but essential. Whether it's the end user misplacing their secrets, the platform facing unforeseen challenges, or the wallet provider going offline, a rigorous disaster recovery plan is a non-negotiable. The ability for a user to retrieve their funds, even in the face of adversity, is paramount. Yet, it's alarming how few wallet providers have comprehensive measures in place. Understanding a solution's disaster recovery mechanisms can also shed light on its custodial nature. If a provider can recover wallets without user intervention, it inherently operates as a custodial solution. We'll delve deeper into the custodial vs. non-custodial debate in our next article. For now, let's explore some prevalent disaster recovery methods:
Seed Phrase Recovery
A seed phrase, typically a list of human-readable words, acts as the genesis for a wallet's private key. This method is pertinent for architectures that utilize a plain private key, excluding those based on Threshold Signature Schemes (TSS). The onus is on the end user to securely store this seed phrase. Its strength lies in its universality; the private key can be regenerated using this seed phrase on virtually any wallet platform, ensuring resilience against a myriad of disasters.
Social Recovery
Pioneered by smart contract-based wallets and later incorporated into Account Abstraction, social recovery hinges on the concept of "guardians." Users pre-select these guardian addresses (i.e. typically their friends or relatives). In scenarios where users lose access to their primary private key, a consensus among these guardians can facilitate a change in the wallet's ownership to a new private key. This method offers a blend of security and flexibility, ensuring users aren't entirely reliant on a singular access point.
Recovery Kit with a Notary
This method involves an encrypted data set held by the user, decipherable only by a designated notary. This encrypted data, once unlocked, provides all the necessary information to regain wallet access. In the event of a disaster on the wallet provider's side, the notary releases the decryption key, enabling users to recover their assets.
Recovery Kit with the Wallet Integrator Business
Similar to the notary-based approach, this method entrusts the decryption capability to the integrating business. It's a valuable recovery method not only for disasters on the wallet provider's side but also when businesses wish to transition between wallet providers.
Backups of Secrets by the Wallet Provider
Redundancy is a tried-and-tested method in disaster recovery. By maintaining multiple backups of user secrets, wallet providers ensure that the loss of a few servers doesn't jeopardize user assets. Some providers elevate this method's security by cryptographically verifying backup integrity. However, this approach is only effective against partial disasters on the wallet provider's end.
Summary
In conclusion, while the architecture and security layers of a wallet solution are crucial, the disaster recovery mechanisms are equally vital. They act as the final safety net, ensuring that unforeseen challenges don't result in irreversible losses.
Security Assessments
Regular and rigorous security audits play a pivotal role in identifying vulnerabilities and ensuring the robustness of the system.
Penetration Testing
Penetration testing, often termed as "pen testing," involves simulating cyberattacks on the wallet system to identify vulnerabilities before malicious hackers can exploit them. By actively trying to breach the system's defenses, experts can gauge the resilience of the wallet and recommend necessary countermeasures.
Cryptographic Code Audit
If a wallet employs a custom signature scheme, it's crucial to conduct a thorough code audit specifically on the cryptographic components. This ensures that the custom algorithms and implementations are sound, free from vulnerabilities, and adhere to cryptographic best practices.
Bug Bounty Programs in Blockchain Wallets
Bug bounty programs are essential for blockchain wallets, offering external experts incentives to find and report vulnerabilities. Such initiatives enhance security, continuously stress-test the system, and demonstrate a proactive approach to potential threats.
GDPR
The General Data Protection Regulation (GDPR) plays a pivotal role in shaping the data handling practices of blockchain wallets. Ensuring compliance is crucial, as wallets often manage sensitive user data. Adhering to GDPR not only fulfills legal obligations but also fosters trust among users.
SOC 1 and SOC 2
Service Organization Control (SOC) reports are essential for assessing the internal controls of service providers.
- SOC 1: Focuses on controls related to financial reporting.
- SOC 2: Assesses controls relevant to security, availability, processing integrity, confidentiality, or privacy. For wallet providers, SOC 2 is particularly pertinent as it evaluates the operational effectiveness of systems ensuring data security.
ISO/IEC 27001
ISO/IEC 27001 is an international standard for information security management. Achieving this certification indicates that the wallet provider has implemented a rigorous information security management system (ISMS) and has taken necessary measures to protect sensitive information against unauthorized access and breaches.
Conclusion
Selecting the right wallet solution for a business is a nuanced process, encompassing various architectures, security layers, disaster recovery and security assessments strategies. Throughout this guide, we've aimed to provide a comprehensive overview to assist in informed decision-making. For those curious about different security approaches, you might find Eniblock's security page informative. As you evaluate your options, consider the unique needs and objectives of your platform. We look forward to sharing more insights in our next article, focusing on integration challenges and the pivotal legal aspects of wallet solutions.
.svg){kind=logo}