Product Security
The Fordefi system is built to withstand the most sophisticated types of attacks, through a combination of cryptographic, hardware, and software security measures.
Secret sharing and MPC
The protection of users’ private keys is our biggest responsibility.
Storing a private key on any single device would put the private key at significant risk. Whoever has access to that device could steal the private key or use it to sign a malicious transaction. Alternatively, storing the key on the user’s mobile device, would make it accessible to the user of the mobile device or to an attacker that breaks into the device.
Cryptographic tools
With Secret Sharing, we allow a set of devices to collectively store the private key, while each device only stores a share of the key.
The main benefit of this approach is that, in isolation, each share does not provide any information about the secret key. Collectively, however, all shares encode the private key. This means that the holder of each share, or an attacker that manages to obtain a share, gains no information about the private key, and in particular, they cannot sign any transaction on behalf of that key.
In the Fordefi wallet, each private key is split between Fordefi and the customer. Fordefi stores its shares on dedicated machines on AWS cloud. Customers store their share on their mobile devices as part of the Fordefi mobile app. Therefore, if Fordefi’s servers are compromised, the attacker is not able to steal the private key. Similarly, if a customer’s device is compromised, the attacker will not be able to steal the private key, either.
Multi-party computation (MPC)
Secret-sharing protects keys at rest. However, signing transactions requires regular use of the private key. Naively, this would require first creating the secret key at a single point, then sharing it between several parties, and then reconstructing the key in its entirety every time a transaction needs to be signed. This method would re-introduce the risk of key theft at the device where the key is generated and at the device where the signature takes place.
To mitigate this risk, we use another cryptographic tool: Multi-Party Computation (MPC), a family of cryptographic protocols that allow a group of parties, each holding its own private input, to compute a function of these inputs, without having to reveal their inputs to each other. Practically, this means that the devices holding the shares of the key can compute a signature on a transaction, without the private key ever having to be reconstructed on a single device.
Authentication and authorization
Any action on the Fordefi platform requires authentication.
Web-authentication service
As a first layer of authentication, we use an identity provider and web authentication service. Each user authenticates using their email and password or using a social login and obtains an authentication token. Every request to Fordefi from any of the clients (web, browser extension, or mobile) needs to be authenticated using the token. Using a standard web-authentication service is considered best practice in the industry, and it provides strong security.
However, in Fordefi, we don’t rely solely on an external web-authentication service for the sensitive operations in our system. Specifically, we guarantee that even if the authentication provider is compromised, client funds remain safe.
Cryptographic authorization layer
To this end, we implement an additional cryptographic authorization layer. Each user of a client organization holds a private signature key on their mobile device. This key is used for authorization and is completely separate from the blockchain private key used to sign transactions.
Every sensitive operation (for example, signing a transaction, modifying the address book, or inviting another user to the organization) requires the client to sign the request to perform that operation using their private key, and the Fordefi system verifies the signature before performing the action.
Hardware enclaves
A hardware enclave is a specialized hardware device that protects the application it is running, or the key it is storing, from the untrusted environment. Once an application or a key is loaded into the enclave, an attacker cannot tamper with it, even if it manages to execute malicious code on the host system.
The most security-sensitive components of our system run on such hardware enclaves. Specifically, we store Fordefi’s share of each key on a secure enclave in the cloud, and the Fordefi mobile app stores the user’s shares on the secure enclave of the iPhone/Android device. The secure enclave of the mobile device further requires biometric authentication to access the share or any other key that is stored in the enclave.
Transaction enrichment
The security model of a wallet critically relies on the ability of users to verify the contents of a transaction. Particularly for institutional wallets, where a user might be asked to approve a transaction of another user, verifying the transaction is also critical, since it is what allows a meaningful review and approval process. The approver must be able to verify the transaction they are approving.
With DeFi transactions that are arbitrarily complex smart contracts, it is unclear what information about the transaction would be most useful to the user to help them decide if they want to approve it. So, we take a multi-pronged approach:
- First, we present the user with information about the smart contract that the transaction is about to call. We resolve the address of the contract into its verified human-readable contract name and the DeFi protocol it is part of.
- Next, we run a simulation of the transaction which predicts the expected side effects of this transaction on the user’s wallet (for example, which tokens will be received or sent, which approvals will be used, and so on). Fordefi identifies each token that appears in the simulation and displays whether it is a verified token.
- Finally, Fordefi’s risk engine scans each transaction for various risks (for example, interaction with bad contracts, phishing attempts, and more) and proactively warns the user if it identifies any such risk.
DeFi policy engine
Fordefi protects its users from the threat of a rogue user within an organization or an infection of a user’s device with malware.
The Fordefi Policy Engine allows each organization to define its own transaction policy, specifying the required approvers for each class of transactions. Fordefi’s Policy Engine is purposely built for DeFi and policy rules can specify transactions using attributes such as the user initiating the transaction, the type of the transaction, the destination contract/DApp of the transaction, and the total value of the assets the transaction affects, as predicted by Fordefi’s transaction simulation.
Admin Quorum
Whereas the transaction policy protects an organization from malicious transactions, there’s still a risk of a malicious administrator or malware on an administrator’s device. The risk is that the attacker would disable the transaction policy and grant him/herself full control over all assets. To protect against this threat, policy changes (and other sensitive administrative actions) require the approval of a quorum of admins. The quorum must be greater than two, thus eliminating any individual admin becoming a single point of failure.
Internal security
We further mitigate the risk of compromise to our infrastructure. Some of the measure we take include:
- Account separation: our production cloud environment is completely separate from development and testing environments. Access to the production environment is restricted and audited.
- Separate deployment processes for key components, such as the enclave and the mobile app, keeps the components that maintain each of the MPC shares as independent as possible.
- Code reviews: we enforce mandatory code reviews for all code changes. Our team includes experts in security and cryptography who review the code for any potential security issues.
SOC 2 Type II Certification
In March 2023, Fordefi earned SOC 2 Type II certification by Ernst & Young, in accordance with the American Institute of Certified Public Accountants (AICPA) standards for SOC (Service Organization Control). Fordefi is the first and only institutional DeFi wallet to be granted this standard of certification.
The SOC 2 designation represents a higher level of operational security and reports on controls at a service organization relevant to security, availability, processing integrity, confidentiality and privacy. An audit of this kind is performed by an accredited CPA firm and verifies that all the necessary safeguards are in place to protect customer data and that the safeguards are operational.
Updated 8 months ago