Wednesday, January 31, 2018

Cryptocurrency Exchange Security Measures Check list.

When it comes to running an online Cryptocurrency Exchange Business, the main factor to consider is the security of the Exchange. Everything else that you can think of are just features and can take the back seat. If the security of the Cryptocurrency is at stake, the entire business is at stake. So in this article lets look at a checklist of security measures any Online Cryptocurrency Exchange should implement.

On the Technology / Code front:

Be sure that you are dealing with the right vendor to develop your Cryptocurrency Exchange Software. Make sure the people who develop your software not only know technology but also understand security very well. Check if the vendor has implemented at least these basic steps:

- Use Https everywhere. Any information transferred between your server pages to the clients system should be over a secure line.
- All the passwords stored in the Exchange should be Hashed using an effective irreversible hashing technique. The BitExchange Cryptocurrency exchange software uses advanced Bcrypt hash to store sensitive information ( advantage of Bcrypt is that there is no salt required. It is taken care )
- Make sure after each logout the session identifier is destroyed. This can be a single larget security threat if not taken care ( most developers may give a light eye to this, but not in the case of an Exchange software )
- Time the entire session management. Like in Banking websites, monitor for in-activity and and timeout sessions when required. If multiple sessions are detected, destroy all active sessions. Upon the customer or user resetting the password, again destroy all active sessions. Make a list of all the resource pages in your Bitcoin Exchange software ( like Transaction history, Trade, Withdrawal / Deposits etc.) and always make it a point that the ownership of the resource is that of the logged in user using the session id.
This may sound like a pain during development. But such granular session management can help in the long run of security. Be merciless in this.
- Across the Bitcoin Exchange Script, Make it a practice to use the State parameter in OAuth2 effectively. As a common practice developers would place the redirection URL in the Redirect_URI parameter. This can open up a nasty security vulnerability, that allows the attacker to insert arbitrary strings and bypass the pattern matching to the extent of disabling fragment processing in the browser. The next step the attacker would do is intercept the response and pass on un-wanted commands to your exchange to execute! ( this was one of the security vulnerability that the hackers used in the famous MTGOX hack )
- While you are at it, also see that there is NO OPEN redirects done in the system post a successful login by the user. Also make sure that you are parsing the login and signup inputs effectively & sanitize for javascript://, data://, CRLF characters.
- Cookies management and processing is something you need give extra attention to in your Cryptocurrency Exchange Software. Always see that the developer sets only secure & http only cookies.
- Try employing Jason Web Tokens where possible for representing claims between 2 parties.
- OTP ( One time password ) is secure but has become an age old technique that hackers know a lot of loop holes in. For starters, please ask your Cryptocurrency Developer to stop sending the One-Time-Password in the response ( in the event of him trying to call the API for OTP generate -or- Resend OTP ). Build modules that listen to and watch if a particular user is doing to many attempts for generating, re-sending OTPs and limit their access programmatically. There are still a lot of best practices here to follow, which we will discuss in the dedicated post on this specific topic.
- Prediction in the pattern of reset password token is a common loophole used by Hackers. In a Cryptocurrency Exchange software, check see that there is a random effect in the reset password token that is generated via. email. Also manage the expiration of such tokens in a very strict limit ( As there are highly sophisticated Hacker tools we know of that can actually predict your randomness algorithm inself! )
- Get out of the practice of using the resource id series Ex: xuser/84026/trade etc. Instead use in a manner to self produce the authorization token like: myself/trade etc.
Also as a best practice use RFC complaint UDIDs for User_id etc. ( instead of an integer ) 
- Like in banking systems any edit in the personal contact details of the users like their mobile number, email, address etc. should be done via. a SMS verification to the owner. Or hackers an employ social engineering hacking techniques to get past this security checks.
- During KYC document uploads be very careful of how you allow the users to upload and the type of files that are allowed. Always do a strict mime check on the file types and the filenames for patterns. As a best practice have the uploaded documents sit in an external Amazon instance etc. rather than inside the server. Hackers may use the shell technique to gain access to your Cryptocurrency Exchange server.

On the Headers and related configurations:

- Data injection attacks can tear your Online Cryptocurrency Exchange apart. Employing Content Security Policy headers help your Software fight Cross Site Scripting and Data injection attacks.
You would also need to implement CSFR headers to defend the cross site forgery attacks.
- Also beware of the growing Secure Sockets Layer stripping attacks. Take time to implement a good Http Strict Transport Security practice across the exchange to avoid the strip attack. Also add your domain to the preload list.
- Take steps to protect your site from cickjacking and cross site attacks by making effective use of X Frame and X-XSS securing.
- Hackers will for sure try various phising techniques to trick your users from the original site. You would need to update Domain Name System records to add Sender Policy Framework.

Cryptocurrency Exchange Security

On the Exchange front:

Multi Signature: It is a good practice to use more than one private key to validate every transaction in your cryptocurrency exchange.  Employing the Multisig technology instantly adds another layer of security to the transactions in your exchange.

Time-locked Transactions: One of the techniques hackers seemed to have used in the Coincheck hack was with drawing alt-coins from various users accounts in a serial manner. The Time Lock technique can defend such types of attacks. If implemented correctly, any transaction would be executed on a specific time lock and across several steps ( based on the configuration of the time-lock ). If there is a mismatch in the different keys used in the different steps, the transaction will be immediately rolled back, making it near impossible for the hacker to withdraw bitcoins.

Cold Wallet - Warm Wallet balance: This is one of the steps that can make it impossible for hackers to lay hands on the majority of your Exchanges cryptocurrency reserve. A Cold storage wallet is totally un-plugged from your servers either physically or by a near to impossible firewall. Your Cryptocurrency Exchange script should have intelligent algorithms to transact back & forth bitcoins to your Cold wallet and warm wallet based on the predicted liquidity required for the hour. So in the rarest of the cases when your exchanged is hacked beyond all the security measures only the coins in the warm wallet present during that transaction is lost.

2 Factor Authentication: This is one of the must follow bare-minimal security  checklist on your exchange. This can prevent malicious hacks to a great extent. Using the Google Authenticator module to achieve this.

Cloud Flare: Secure your Exchange and API from online cyber attacks ( including DDOS ) by implementing Cloud Flare.

HSM: Try to find server providers who use Hardware Security Modules ( HSM ) to protect their blades. Some of the HSM's are sophisticated enough to even wipe out all security keys incase it detects a breech has happened already. They can also manage keys and provide secure execution of certain sensitive code. Here is the architecture of this module in an exchange:

Cryptocurrency Exchange Security

No comments:

Post a Comment