- External reference: https://konubinix.eu/ipfs/QmZThS8X9PWq1RRiMmNouSYMLUM7ewvNtEhigeyNJtgbmk
- External reference: https://www.fireblocks.com/
It let the user manipulate vault accounts, assets as well as FIAT accounts. It is connected to exchanges.
Today, institutions in the digital asset space are securing private keys using MPC (multi-party computation). MPC represents a powerful next step in private key security because it removes the single point of compromise, and it’s even more effective if it’s secured in hardware.
That’s why, at Fireblocks, we’ve designed a security system that layers the strongest software and hardware defenses to make breaking in highly expensive and nearly impossible – creating a truly secure environment for storing, transferring, and issuing digital assets.
At the same time, Fireblocks is designed to support the operational needs of a digital asset business. We mitigate the top threats to digital assets, while delivering the necessary speed, flexibility, and tools to meet your business objectives.
Multi-layer security is an approach to cybersecurity in which multiple defensive mechanisms are deployed in tandem to protect data and information. A methodology of this sort — in which one layer of security being compromised doesn’t break the entire system — is able to address a variety of attack vectors at once and decrease the likelihood of a successful breach.
In cybersecurity, experts often refer to this type of security as the “castle approach” due to its structural similarity to a medieval castle. To penetrate a castle, attackers must get through several layers of security, namely the moat, ramparts, drawbridge, towers, battlements, etc.
Hackers and other malicious actors (such as rogue employees) may attempt to compromise a victim’s private keys in order to access their wallet, which controls the funds they have stored on the blockchain. This enables the attacker to transfer the funds from the victim’s wallet to anywhere – i.e. into their own wallet. One
adequate. However, if the assets are being transferred between trading venues, liquidity providers, customer accounts, and other counterparties, it’s necessary to also secure deposit addresses and API credentials.
It is mostly about making sure there is no man in the middle changing the deposit address.
Whitelisting asks a number of professionals within an organization to devote time to a manual procedure. While it can be a powerful security measure, whitelisting ultimately cannot prevent internal fraud, as a rogue employee can go into the organization’s spreadsheet or database and swap out the deposit address of a certain whitelisted counterparty for their own. In addition, whitelisting cannot stop human errors (such as a simple fat-fingers error entering a deposit address into the whitelist, or a counterparty rotating a deposit address without the correct re-entry procedure).
cryptocurrency, so the concept of creating a security technology that would work across multiple blockchains was irrelevant. In today’s digital asset landscape, multisig-based solutions are outdated for the following reasons:
access the HSM. While HSMs do introduce a powerful layer of security, they are vulnerable to internal attackers when they are utilized alone. If an entire private key is stored on an HSM and multiple parties within an organization have access to it, there’s nothing to stop a rogue employee from signing a fraudulent transaction using a
Fireblocks’ Multi-layer Philosophy for Securing Digital Assets
Fireblocks developed the MPC-CMP protocol that applies this concept to blockchain-based ECDSA and EdDSA signatures (used by all blockchains). MPC- CMP removes the concept of a single private key; such a key is never gathered as a whole, neither during the first creation of the wallet nor during the actual signature. MPC-CMP follows a set of steps to guarantee that there is never a single point of compromise of the private key: 1 Individual secrets are randomized by each of the several (always more than 3)
The Fireblocks R&D team created a multi-layer security matrix that layers MPC, Intel SGX, our signature Policy Engine, and a deposit address authentication network to build the most impenetrable system on the market. This ensures that our customers’ assets are protected from cyberattacks, internal colluders, and
Layer 2: SGX from API credentials. The Fireblocks HMAC-MPC algorithm also enables For the hardware layer of our security solution, we selected SGX storing the API key over a traditional HSM. Using SGX enclaves on a minimum of 3 to shares within an HSM-like 5 machines (each of which on a segregated network), we distribute environment, sealed using a private keys with an extremely high level of security.
Until now, this meant utilizing technologies like multisig, or HSMs. Many custody providers relied on one of these technologies in isolation (or even a newer technology, like first-gen MPC) to safeguard assets.
However, in today’s market, these technologies are not sufficient enough to both withstand attacks and support evolving business operations. In order to turn a profit with digital assets, operational flexibility and efficiency are of the utmost importance. Last-gen tech is simply too slow and cumbersome to support today’s rapidly changing market – and when it’s used in isolation, it’s also far too weak to protect assets from today’s complex attacks.
Fireblocks utilizes the latest security technologies – including MPC-CMP, Intel SGX, Workflow Authorization, and an institutional asset transfer network – in a battle-tested, layered implementation. This is our “multi-layer” security philosophy: by utilizing multiple security controls that aren’t reliant on each other, we ensure that your entire business does not rely on one layer of security. The Fireblocks platform is designed to provide the necessary speed, flexibility, and
securely build, run and scale digital asset operations through the Fireblocks Network and MPC-based Wallet Infrastructure. The company has secured the transfer of over $150 billion in digital assets and offers a unique insurance policy
Notes linking here
- Introduction – Fireblocks API Reference
- Pushing MPC Wallet Signing Speeds 8X with MPC-CMP - Fireblocks