Were you not able to attend the event? You can find all of the summit sessions in our library. Here is the place to watch.

The management of large amounts of Cryptocurrencies is a part of institutional custody. Billions of dollars is the total value managed. Hardware security modules, which are highly secure and can be managed inside, can't be used to interact with an application that uses anAPI keys.

The Secret Zero Problem

Heavy losses could be seen if the application is compromised or the key is stolen. While most of the secrets can be protected inside secure environments, there is at least one secret that can be considered less secure.

Figure 1: An illustration of the Secret Zero Problem.

The typical way custodial wallet service providers address this issue is by giving a second factor. The user is asked to input a pin number or a time-based one-time password when they initiate a transaction. Duo is a popular authenticator app.

I wonder if this approach is more secure and if it can solve the secret zero problem.

2FA isn’t helpful in insecure environments

Second-factor systems are often used in secure environments. They are usually deployed in the same environment as the application that manages the keys. Heavy losses to the custodial wallet provider and their customers are possible if the environment is compromised by an attacker or malicious insider.

Figure 2: Second-factor authentication systems are often deployed in insecure environments.

There are events that make headlines when a second-factor system is compromised. A well-known exchange's second-factor authentication system was recently compromised and over 400 users lost between $30 million to $40 million in Cryptocurrencies. Users were compensated by the exchange for the loss on their own account. The reputation of businesses that try to maintain the highest standards of security is hurt by such events.

2FA is important, but the problem isn't with it. There is a problem with the implementation and deployment of second-factor authentication systems. There is no improvement in the security of the system if a second-factor system is deployed in the same environment as the back-end app.

A better way to 2FA

We could do better. If we deploy the second-factor system inside the secure HSM environment, what would it look like? If the code is frozen, a rogue administrator shouldn't be able to change the code.

Figure 3: An illustration of how TOTP works

TOTP is a popular choice for a second factor. The current time is used to generate a one-time password, called TOTP.

A token is generated and shared with the user when they register. The token is often presented in a way that the user can use to find it. Most computer systems are synchronized with each other.

After every 30 seconds, the authenticator app creates a new TOTP by taking the shared token and the current time. The authenticator gets the TOTP value when the authenticate wants to access something. The authenticator checks to see if the TOTP value supplied by the authenticate matches the local TOTP value. The protectedFunctionality is granted to the authenticated if the values match.

The security of custodial wallet could be greatly improved by using code inside the HSM boundary that implements secure TOTP, secure key management and secure transaction signing. Even if the wallet is compromised, the HSM will not sign a transaction. Transactions must be signed with the user in mind.

Figure 4: Transaction signing with 2FA.

The transaction is signed only after the TOTP is validation, and after the user gives the TOTP.

Figure 5: New architecture with 2FA service deployed as a DSM SaaS plugin.

Figure 5 shows the new architecture. The second-factor service is deployed inside the secure environment. Transactions can't be signed unless the user is part of the loop.

The Secret Zero Problem is a difficult problem to solve. When dealing with assets that are bearer in nature, it shows up in it's worst form. Assets can't be retrieved with human intervention once they're transferred.

Second-factor systems are not as secure as they look. Loss of reputation is a consequence of a compromised 2FA system. There is a need for a strong solution. A solution that requires a user to be in the loop is proposed by me.

Pralhad is an architect at Fortanix.

The VentureBeat community welcomes you.

Data decision makers can share data related insights and innovation.

Join us at DataDecisionMakers to read about cutting-edge ideas and up-to-date information.

You could possibly contribute an article of your own.

Data decision makers have more to say.