White Paper: Securing Digital Assets on the Blockchain

Moving financial assets is a complex process requiring strict procedural compliance and each service falls under different regulatory bodies. Transferring assets through multiple channels dilutes liquidity by requiring intermediaries to create a secure exchange for each channel. Third parties increase the risk of exposing sensitive data and creating information spillage.

Bitcoin and other distributed ledger technologies facilitate the transfer of digital financial assets within cryptographically secured, immutable environments. Case acts as a secure signing device that streamlines this process without increasing the risk of compromising sensitive data. Digital Financial Assets encompass:

  • Assets that are traded with an agreed present or future value (ex. Public Equities)
  • Debt and associated coupon payments (ex. Bonds)
  • Establishing or reassigning ownership of assets (ex. Titles/Deeds)
  • Distributing private securities (ex. Pre-IPO shares)
  • Redistribution of funds between accounts (ex. Payment Processors)
  • Loyalty Programs (ex. Reward Point Programs)

In-person cash transactions are the quickest way to transfer ownership of funds. Money leaves your possession and the person receiving the cash immediately becomes the owner of the settled amount. The exchange results in no transaction fees. On the other hand, financial assets typically involve significant amounts of currency and distant or cross-border counterparties so exchanging the documents representing those assets for cash in-person is not practical. Electronic payments make this process easier but have also complicated the process by creating a dependency on numerous intermediaries. The blockchain transforms payment channels and transfers value securely without the need for a third entity.

The rusting infrastructure supporting the trading of traditional financial assets is the dependence on clearing houses, escrow services, and other third parties. Intermediaries are needed to ensure assets are adequately handled, thereby acting as a trusted party. These services cost time, expend resources, and require additional legal considerations. The blockchain offers a more efficient alternative to these outdated methods. Transactions recorded on a blockchain are validated by a distributed network of trusted or anonymous nodes, settled in gross within minutes or hours, and require no third parties.

However, as we move away from traditional financial asset distribution methods, we must re-imagine current security models.

MULTI-SIGNATURE AND MULTI-FACTOR AUTHENTICATION SECURITY

Maintaining a high level of internal controls is vital to ensuring the integrity of issued financial assets. Enterprises currently take the unnecessary risk of information spillage by using processes that inherently have single points of failure, and multiple hops where such a failure can occur. Case eliminates single points of failure by facilitating direct exchange between parties within a fully auditable cryptographically secured system, therein increasing Information Governance. The Information Systems Audit and Controls Association highlights five factors that are critical for efficient information governance:

  1. Audit and Assurance
  2. Risk Management
  3. Information Security
  4. Regulation and Compliance
  5. Governance of Enterprise IT

Compliance with these guidelines is a critical component for proper distribution of financial assets. The Federal Financial Institutions Examination Council, the inter-regulatory body for the FDICOCCFRB, and the NCUA, distributes supplemental instruction for developing secure internal and external authentication systems. This guidance explains that one-dimensional authentication systems are no longer effective. Synchronized token systems with multi-factor authentication are one recommended security method for effective internal controls. However, these tokens only facilitate access control and can’t be used to sign and broadcast cryptographic transactions on distributed ledgers. Case supports up to four factors of authentication for securing financial asset or access control transactions:

  1. Who you are – Biometric verification
  2. What you have – The key embedded on the device
  3. What you know – Verification of pin or other security information
  4. Where you are – Geo-fencing based on device location

Requiring multiple authentication methods to sign transactions strengthens security measures by applying additional layers of security. The multi-signature Bitcoin protocol (BIP-11) outlines a higher tier of bitcoin wallet security that requires M-of-N keys to sign transactions. M represents the number of keys needed to verify a transaction and N designates the total number of authorized keys. 2-of-3 is the most common security measure for multi-signature bitcoin wallets and is more secure than a single private key. Requiring multiple keys that are each secured by a different authentication factor increases security by eliminating single points of failure for any one authorized individual. Requiring multiple individuals to sign a transaction in this way creates secure channels for the the digital transfer of financial assets on a trusted distributed ledger.

REDUCING THE RISK OF CURRENT AUTHENTICATION METHODS

A study on the effectiveness of two-factor authentication banking services at University College London found biometric authentication to be the highest recommended authentication method among participants. Man-in-the-middle (MITM) or phishing attacks befall consumers who rely on one-factor password authentication and access sensitive services through general computing devices such as PCs and smartphones. Case is a secure dedicated hardware signing device with single purpose firmware and a dedicated GSM connection for outbound communication with blockchain network nodes. This protects end users from MITM or phishing attacks by moving the authentication and authorization process entirely out-of-band from the insecure general computing device. Enterprises can take advantage of securing internal and external accounts with devices that are easy to use and significantly decrease security risks. A user can operate our device to execute transactions in three steps.

  1. Press the “On” button to enable the device
  2. Scan a QR Code containing the transaction details
  3. Verify transaction details on-screen and swipe your finger to authorize

Distributed consensus ledgers facilitate transactions on a large scale without settlement or counterparty risk since the transaction settles in gross in real time and assets exchange hands as described by the transaction details. Disputes can be resolved quickly by referencing the blockchain. The efficiency of a distributed digital ledger broadens when transmitting assets between accounts. The architecture of Case ensures a secure environment when interacting with blockchain technology. Case’s additional protocols offer secure channels for sending funds or exchanging data to remote destinations.

INCREASING MOBILE SECURITY AND USABILITY

Mobile security is inadequate to properly facilitate transmitting financial assets. With the expanding market of mobile devices, maintaining security controls is a growing liability and slows liquidity. The Open Web Application Security Project (OWASP) publishes an annual report of Top 10 Mobile Risks. The 2014 list includes:

  • Insufficient Transport Layer Protection
  • Poor Authorization and Authentication
  • Broken Cryptography

Operating systems (OS) within enclosed systems are targets for malicious attacks. If the OS is on a mobile phone, each device must have the most up to date software and be operated in a safe manner to reduce exposure to malware. This past July, 950 million Android devices were exposed to a malicious exploit delivered through opening a single text message. The enclosed design of Case ensures no external party or software is allowed to interfere with the operation of the device.

Multiple layers of security in the framework of Case’s transmission process ensure that each transfer is secure. When the device initiates a transaction, the request is encrypted and transmitted through GSM. Each operating network uses an International Mobile Subscriber Identity to verify the SIM card unique to each device. Once that process is complete our SSL encrypted servers verify the user with encrypted data in the User Data Encryption Key created during initial set-up. This model is how we ensure each device is natively secure while operating in 109 countries on over 150 carriers.

ADMINISTRATIVE CONTROLS WITH HD WALLETS

Case allows secure distribution of private keys by taking advantage of the Hierarchical Deterministic protocol outlined in BIP-32. HD wallets use parent keys to create root trees that distribute multiple child keys. This system creates a network of devices that are used to facilitate multiple channels while managing risk. This also produces an additional layer of security by consistently creating new addresses to protect the identity of authorizing agents. Multiple authorizing agents can also be assigned from the same parent key without increasing the risk of information spillage. Transferring assets without exposing the parent key to third party entities increases the strength of internal controls. Other uses of HD wallets include:

  • Access controls behind a QR code that individual devices are required to scan to gain administrative access. (ex. Databases)
  • Auditing performed by distributing public keys to an auditor and recalling all transactions on the blockchain
  • Exchanging assets internationally is a streamlined process when sent between trusted parties not reliant on verifying transactions (ex. NASDAQ Private Market)

Businesses and consumers now have the assurance of multiple layers of protection securing their financial assets. Case functions as a signing device to facilitate moving these financial assets. Biometric authentication, possession of the device, and a distributed key system all facilitate these transactions with no single point of failure. Our 2-of-3 signing model is designed to ease the process of signing transactions without compromising security – the function of those signed transactions is up to each user.

REANALYZING FINANCIAL ASSET DISTRIBUTION

The blockchain provides the distributed medium to facilitate fast and secure transactions when transferring financial assets. Distributing financial assets on a public or semi-public ledger applies new auditing tools to old services. NASDAQ recently announced the first private market to assign pre-IPO shares using the blockchain. This future market uses bitcoin transactions for companies raising capital from private investors before offering shares to the public. Transactions on the bitcoin blockchain are recorded with enough space to contain 40 bytes of metadata. This embedded metadata can direct to locations of applicable documents or provide additional administrative controls outside of exchanging bitcoin. Other distributed ledger systems have their own methods for recording transaction metadata.

The security and ease of use of your transaction signing device is the most critical component of using any blockchain. Without proper usage and protection of private keys, your blockchain assets are not secure and risk dramatically increases. We have structured Case to manage your private keys without the pitfalls of single point of failure systems.

USING CASE ON DISTRIBUTED LEDGERS

The framework of Case’s chain-agnostic software allows integration with nearly any cryptocurrency or distributed ledger. As financial organizations research how they will integrate distributed ledger technology, it is important to note that that they are exploring a variety of different technologies and blockchains. Due to this, Case has been designed to be agnostic in that it will interface with any technology and is capable of signing any type of ECDSA transaction.

The Elliptic Curve Digital Signature Algorithm is centric to distributed ledger architecture. A triplet of ECDSA public keys are used to create the address. Ultimately, administrative controls are determined by possession of the ECDSA private key established during initial setup. Ownership of each private key in our multi-signature model is clearly established and additional control of the recovery key is also possible. This process not only protects the user from malicious external attacks, but also ensures strict internal controls without additional procedures.

LOOKING FORWARD

Using Case, a company headquartered anywhere in the world can send digital assets abroad without relying on third parties. Assets distributed on the blockchain can be recalled, transferred, or liquidated very efficiently. The costs expended on external components such as custody and clearing, along with internal components such as trade processing, resolution, and reporting become unnecessary when properly leveraging this exciting new technology.

Our mission at Case is to facilitate secure transactions for the end user while remaining extremely fast and easy to use. We accomplish this through our multi-signature architecture where each key in the system is protected by a different layer of authentication, ensuring that there is no central or single point of failure. On top of every implementation of distributed ledger technology, Case should be used to ensure the integrity and security of transactions. The combination of highly efficient distributed ledger technology and highly secure key management technology will create a network of direct and immediate transaction channels between participants in order to streamline settlement, eliminate risk, and reduce dependence on third parties.

Feel free to get in touch.

White Paper: Securing Digital Assets on the Blockchain