Wednesday, January 31, 2018

Cryptocurrency Exchange Security Measures Check list.

When it comes to running an online Cryptocurrency Exchange Business, the main factor to consider is the security of the Exchange. Everything else that you can think of are just features and can take the back seat. If the security of the Cryptocurrency is at stake, the entire business is at stake. So in this article lets look at a checklist of security measures any Online Cryptocurrency Exchange should implement.

On the Technology / Code front:

Be sure that you are dealing with the right vendor to develop your Cryptocurrency Exchange Software. Make sure the people who develop your software not only know technology but also understand security very well. Check if the vendor has implemented at least these basic steps:

- Use Https everywhere. Any information transferred between your server pages to the clients system should be over a secure line.
- All the passwords stored in the Exchange should be Hashed using an effective irreversible hashing technique. The BitExchange Cryptocurrency exchange software uses advanced Bcrypt hash to store sensitive information ( advantage of Bcrypt is that there is no salt required. It is taken care )
- Make sure after each logout the session identifier is destroyed. This can be a single larget security threat if not taken care ( most developers may give a light eye to this, but not in the case of an Exchange software )
- Time the entire session management. Like in Banking websites, monitor for in-activity and and timeout sessions when required. If multiple sessions are detected, destroy all active sessions. Upon the customer or user resetting the password, again destroy all active sessions. Make a list of all the resource pages in your Bitcoin Exchange software ( like Transaction history, Trade, Withdrawal / Deposits etc.) and always make it a point that the ownership of the resource is that of the logged in user using the session id.
This may sound like a pain during development. But such granular session management can help in the long run of security. Be merciless in this.
- Across the Bitcoin Exchange Script, Make it a practice to use the State parameter in OAuth2 effectively. As a common practice developers would place the redirection URL in the Redirect_URI parameter. This can open up a nasty security vulnerability, that allows the attacker to insert arbitrary strings and bypass the pattern matching to the extent of disabling fragment processing in the browser. The next step the attacker would do is intercept the response and pass on un-wanted commands to your exchange to execute! ( this was one of the security vulnerability that the hackers used in the famous MTGOX hack )
- While you are at it, also see that there is NO OPEN redirects done in the system post a successful login by the user. Also make sure that you are parsing the login and signup inputs effectively & sanitize for javascript://, data://, CRLF characters.
- Cookies management and processing is something you need give extra attention to in your Cryptocurrency Exchange Software. Always see that the developer sets only secure & http only cookies.
- Try employing Jason Web Tokens where possible for representing claims between 2 parties.
- OTP ( One time password ) is secure but has become an age old technique that hackers know a lot of loop holes in. For starters, please ask your Cryptocurrency Developer to stop sending the One-Time-Password in the response ( in the event of him trying to call the API for OTP generate -or- Resend OTP ). Build modules that listen to and watch if a particular user is doing to many attempts for generating, re-sending OTPs and limit their access programmatically. There are still a lot of best practices here to follow, which we will discuss in the dedicated post on this specific topic.
- Prediction in the pattern of reset password token is a common loophole used by Hackers. In a Cryptocurrency Exchange software, check see that there is a random effect in the reset password token that is generated via. email. Also manage the expiration of such tokens in a very strict limit ( As there are highly sophisticated Hacker tools we know of that can actually predict your randomness algorithm inself! )
- Get out of the practice of using the resource id series Ex: xuser/84026/trade etc. Instead use in a manner to self produce the authorization token like: myself/trade etc.
Also as a best practice use RFC complaint UDIDs for User_id etc. ( instead of an integer ) 
- Like in banking systems any edit in the personal contact details of the users like their mobile number, email, address etc. should be done via. a SMS verification to the owner. Or hackers an employ social engineering hacking techniques to get past this security checks.
- During KYC document uploads be very careful of how you allow the users to upload and the type of files that are allowed. Always do a strict mime check on the file types and the filenames for patterns. As a best practice have the uploaded documents sit in an external Amazon instance etc. rather than inside the server. Hackers may use the shell technique to gain access to your Cryptocurrency Exchange server.

On the Headers and related configurations:

- Data injection attacks can tear your Online Cryptocurrency Exchange apart. Employing Content Security Policy headers help your Software fight Cross Site Scripting and Data injection attacks.
You would also need to implement CSFR headers to defend the cross site forgery attacks.
- Also beware of the growing Secure Sockets Layer stripping attacks. Take time to implement a good Http Strict Transport Security practice across the exchange to avoid the strip attack. Also add your domain to the preload list.
- Take steps to protect your site from cickjacking and cross site attacks by making effective use of X Frame and X-XSS securing.
- Hackers will for sure try various phising techniques to trick your users from the original site. You would need to update Domain Name System records to add Sender Policy Framework.

Cryptocurrency Exchange Security

On the Exchange front:

Multi Signature: It is a good practice to use more than one private key to validate every transaction in your cryptocurrency exchange.  Employing the Multisig technology instantly adds another layer of security to the transactions in your exchange.

Time-locked Transactions: One of the techniques hackers seemed to have used in the Coincheck hack was with drawing alt-coins from various users accounts in a serial manner. The Time Lock technique can defend such types of attacks. If implemented correctly, any transaction would be executed on a specific time lock and across several steps ( based on the configuration of the time-lock ). If there is a mismatch in the different keys used in the different steps, the transaction will be immediately rolled back, making it near impossible for the hacker to withdraw bitcoins.

Cold Wallet - Warm Wallet balance: This is one of the steps that can make it impossible for hackers to lay hands on the majority of your Exchanges cryptocurrency reserve. A Cold storage wallet is totally un-plugged from your servers either physically or by a near to impossible firewall. Your Cryptocurrency Exchange script should have intelligent algorithms to transact back & forth bitcoins to your Cold wallet and warm wallet based on the predicted liquidity required for the hour. So in the rarest of the cases when your exchanged is hacked beyond all the security measures only the coins in the warm wallet present during that transaction is lost.

2 Factor Authentication: This is one of the must follow bare-minimal security  checklist on your exchange. This can prevent malicious hacks to a great extent. Using the Google Authenticator module to achieve this.

Cloud Flare: Secure your Exchange and API from online cyber attacks ( including DDOS ) by implementing Cloud Flare.

HSM: Try to find server providers who use Hardware Security Modules ( HSM ) to protect their blades. Some of the HSM's are sophisticated enough to even wipe out all security keys incase it detects a breech has happened already. They can also manage keys and provide secure execution of certain sensitive code. Here is the architecture of this module in an exchange:

Cryptocurrency Exchange Security

Tuesday, January 30, 2018

How to Add Swaps to your Cryptocurrency Exchange?

In the world of Cryptocurrency "Swaps" is a concept or feature in the exchange that helps in Swapping one cryptocurrency to another. Some also call this as a Bitcoin escrow script. There is however a difference between the normal conversion of one Alt-coin to another within your account against the concept of Swapping.

Note: BitExchange is a ready-made Bitcoin Exchange Script with Swaps feature builtin

Lets understand it with an example: Jenny owns 8748 Ripple's and would like to convert it into Bitcoins. The normal way to do it is via. transferring it to an established exchange like Binance, Cex.io and inside your account selling the Ripple's and buying back Bitcoins instead. But here there is a trusted 3rd party involved and there is a commission for the transaction. The other way to do it is via. Swaps. Say on the other hand Thomas has 1 Bitcoin and wants to convert it to Ripple's. Seeing Jenny's request on a forum, he can contact Jenny for the transfer. This transfer directly happens between Jenny and Thomas without a middle tier. Just powered by technology.

To add Swaps or cross-chain trading in any exchange, it can be done using either of the two ways:
- Using a regular Escrow
- On-Chain  Atomic Swap.
- Off-Chain Atomic Swap.

Even before we speaking about how the above 2 ways can be implemented, lets look at a very important factor that needs to be considered when implementing Swaps in your online Bitcoin Exchange. Taking the same above example: when the swap happens between Jenny and Thomas, there needs to some mechanism to ensure that the transaction happens successfully and both parties get what they have expected. Or there is always a chance that one party may receive the Alt-coin and not initiate the transfer from his side, which is bad. So to achieve this type of concrete transaction, we need to implement a strong digital contract -or- a smart contract in place that oversees the entire transaction.

* Using On-Chain Atomic Swaps:

This is the most common method used. Also large amounts can be swapped using On-Chain Atomic Swaps. This is not dependent on a Lightning Network or Segregated Witness ( Segwit ). This type of Swaps can be easily programed using SCRIPT language. Here in, 2 parties A & B can swap the digital assets they have without a trusted 3rd party exchange in-between. A digital smart contract is created to execute the swap in just 1 transfer ( instead of the traditional 2 transfers happening ). The contract is constructed to roll back if all the pre-defined rules of the contract does not happen. The contract is also time bound and rolls back if the transaction does not happen within the time period. The programming logic the contract is bound in sends out the Private keys to both the parties. When one side of the transaction is executed, the public key is revealed on the other parties blockchain and the next transaction is also executed.

* Using Off-Chain Atomic Swaps:

Off Chain or Cross chain Atomic Swaps is the latest technology or technique to achieve a safe and reliable swap between 2 parties. This concept uses HTLCs ( Hash time-locked Contracts ) to execute the swap. HTLC is a form of a smart contract, wherein its programmed to check if all the conditions mentioned in the contract are executed successfully before the overall transaction is complete -or- everything gets rolled back to how it was. This entire process is achieved by the usage of a cryptographic hash from both the involved parties. Both Jenny and Thomas should initiate the transaction from blockchain's of their respective cryptocurrency ie. Ripple Blockchain & Bitcoin Blockchain. If any of the party does not confirm the unique cryptographic hash within the dealine of the contract....it gets rolled back.

While we use the Hash Time-locked Contract ( HTLC ) to execute the terms of the contract, we need to process the financial transaction using a Lightning Network. The initial trials of Atomic swaps required the downloading of the Blockchains of each Alt-coin, which made the entire process cumbersome. The recent advancement in servers and service providers allows any exchange to implement Atomic swaps by using existing servers like Electrum. Other exciting projcts like Lykke, Blocknet facilitate the usage of Atomic swaps with a use of a network of Blockchains that be easily called by the exchanges directly and quickly.One other thing to note is that though many altcoins and Bitcoin support swaps, some coins like Monero do not have atomic swapping capabilities yet.

* Escrow:

The less complicated way of achieving Swaps in your Bitcoin exchange script is via. using the good old Online Escrow mechanism. The process may not be as quick and seamless as the Atomic swap, but it serves the purpose.  Once both parties initiate a transfer, the coins get to a common wallet of the Exchange. Based on the pre-set terms and rules of the transaction, the admin of the exchange checks to see if the conditions are met. If all seems ok, the coins are swapped. Here the admin may also put a commission for the work done by him. 

What is a Bitcoin escrow script?

The word escrow inself means ther is a trusted 3rd party during a transaction, who validates the entire transaction and than approves it. Incase there is a discrepancy in the transaction the Escrow reverses the entire transaction. In a good bitcoin escrow script, the escrow is 100% taken care automatically by advanced technology. To achieve this level of automation, your bitcoin escrow script should employ atomic swaps. A bitcoin escrow script that runs using atomic swaps are very secure and lightning fast. There is a smart contract that governs the entire transaction and plays the role of the escrow.